SMC Networks 8124PL2 - annexe 1 Management Manual
  1. Manuals
  2. Brands
  3. SMC Networks Manuals
  4. Switch
  5. 8124PL2
  6. Management manual

SMC Networks 8124PL2 - annexe 1 Management Manual

10/100/1000 24-port managed switch with poe
Hide thumbs Also See for 8124PL2 - annexe 1:
1
2
3
4
5
6
Table Of Contents
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
Table of Contents

Advertisement

Quick Links

See also: Installation Manual

MANAGEMENT GUIDE

SMC8124PL2
TigerSwitch
TM
10/100/1000
24-Port Managed Switch with PoE

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 8124PL2 - annexe 1 and is the answer not in the manual?

Questions and answers

Related Manuals for SMC Networks 8124PL2 - annexe 1

Summary of Contents for SMC Networks 8124PL2 - annexe 1

  • Page 1: Management Guide

    MANAGEMENT GUIDE SMC8124PL2 TigerSwitch 10/100/1000 24-Port Managed Switch with PoE...
  • Page 3 TigerSwitch 10/100/1000 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 20 Mason May 2007 Irvine, CA 92618 Pub. # 149100034100A Phone: (949) 679-8000 E052007-DT-R01...
  • Page 4 No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

  • Page 5: Limited Warranty

    “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies.
  • Page 6 WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS. * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.

  • Page 7: Table Of Contents

    Contents Chapter 1: Introduction Key Features Description of Software Features System Defaults Chapter 2: Initial Configuration Connecting to the Switch Configuration Options Required Connections Remote Connections Basic Configuration Console Connection Setting Passwords Setting an IP Address Manual Configuration Dynamic Configuration Enabling SNMP Management Access Community Strings (for SNMP version 1 and 2c clients) Trap Receivers...
  • Page 8 Contents Managing Firmware 3-18 Downloading System Software from a Server 3-18 Saving or Restoring Configuration Settings 3-20 Downloading Configuration Settings from a Server 3-21 Console Port Settings 3-22 Telnet Settings 3-24 Configuring Event Logging 3-26 Displaying Log Messages 3-26 System Log Configuration 3-27 Remote Log Configuration 3-29...
  • Page 9 Contents Configuring an Extended IP ACL 3-74 Configuring a MAC ACL 3-77 Binding a Port to an Access Control List 3-78 Filtering Management Access 3-79 Port Configuration 3-81 Displaying Connection Status 3-81 Configuring Interface Connections 3-83 Creating Trunk Groups 3-85 Statically Configuring a Trunk 3-86 Enabling LACP on Selected Ports...
  • Page 10 Contents Configuring Private VLANs 3-135 Associating VLANs 3-136 Displaying Private VLAN Interface Information 3-136 Configuring Private VLAN Interfaces 3-137 Configuring Protocol VLANs 3-139 Configuring Protocol VLAN Basic Settings 3-139 Configuring Protocol VLAN System 3-140 LLDP 3-140 Configuring Basic LLDP Time Information 3-140 Configuring LLDP Port and Trunk Information 3-141...
  • Page 11 Contents IP Source Guard 3-180 IP Source Guard Port Configuration 3-180 Static IP Source Guard Binding Configuration 3-181 Dynamic IP Source Guard Binding Information 3-182 Switch Clustering 3-183 Cluster Configuration 3-184 Cluster Member Configuration 3-185 Cluster Member Information 3-185 Cluster Candidate Information 3-186 UPnP 3-187...
  • Page 12 Contents show line 4-18 General Commands 4-19 enable 4-19 disable 4-20 configure 4-20 show history 4-21 reload 4-21 4-22 exit 4-22 quit 4-23 System Management Commands 4-23 Device Designation Commands 4-24 prompt 4-24 hostname 4-25 User Access Commands 4-25 username 4-25 enable password 4-26...
  • Page 13 Contents logging trap 4-46 clear logging 4-46 show logging 4-47 show log 4-48 SMTP Alert Commands 4-49 logging sendmail host 4-49 logging sendmail level 4-50 logging sendmail source-email 4-51 logging sendmail destination-email 4-51 logging sendmail 4-52 show logging sendmail 4-52 Time Commands 4-53 sntp client...
  • Page 14 Contents tacacs-server host 4-76 tacacs-server port 4-76 tacacs-server key 4-77 show tacacs-server 4-77 Port Security Commands 4-78 port security 4-78 802.1X Port Authentication 4-80 dot1x system-auth-control 4-80 dot1x default 4-81 dot1x max-req 4-81 dot1x port-control 4-81 dot1x operation-mode 4-82 dot1x re-authenticate 4-83 dot1x re-authentication 4-83...
  • Page 15 Contents snmp-server user 4-109 show snmp user 4-110 Interface Commands 4-111 interface 4-111 description 4-112 speed-duplex 4-112 negotiation 4-113 capabilities 4-114 flowcontrol 4-115 shutdown 4-116 clear counters 4-116 show interfaces status 4-117 show interfaces counters 4-118 show interfaces switchport 4-119 Broadcast Commands 4-121 broadcast packet-rate...
  • Page 16 Contents spanning-tree spanning-disabled 4-145 spanning-tree cost 4-145 spanning-tree port-priority 4-146 spanning-tree edge-port 4-147 spanning-tree portfast 4-148 spanning-tree link-type 4-148 spanning-tree protocol-migration 4-149 show spanning-tree 4-150 VLAN Commands 4-152 Editing VLAN Groups 4-152 vlan database 4-152 vlan 4-153 Configuring VLAN Interfaces 4-154 interface vlan 4-154...
  • Page 17 Contents Priority Commands (Layer 3 and 4) 4-175 map ip dscp (Global Configuration) 4-175 map ip dscp (Interface Configuration) 4-176 show map ip dscp 4-177 Multicast Filtering Commands 4-178 IGMP Snooping Commands 4-178 ip igmp snooping 4-178 ip igmp snooping vlan static 4-179 ip igmp snooping version 4-179...
  • Page 18 Contents lldp basic-tlv system-capabilities 4-206 lldp basic-tlv system-description 4-206 lldp basic-tlv system-name 4-207 lldp notification 4-207 lldp dot1-tlv port-vlan-id 4-208 lldp dot1-tlv port-protocol-vlan-id 4-209 lldp dot1-tlv vlan-name 4-209 lldp dot1-tlv protocol-identity 4-210 lldp dot3-tlv mac-phy 4-210 lldp dot3-tlv link-aggregation 4-211 lldp dot3-tlv power-via-mdi 4-211 lldp dot3-tlv maximum-frame-size...
  • Page 19 Contents Switch Cluster Commands 4-235 cluster 4-235 cluster commander 4-236 cluster ip-pool 4-236 cluster member 4-237 rcommand 4-238 show cluster 4-238 show cluster members 4-239 show cluster candidates 4-239 Appendix A: Software Specifications Software Features Management Features Standards Management Information Bases Appendix B: Troubleshooting Problems Accessing the Management Interface Using System Logs...
  • Page 20 Contents...
  • Page 21 Tables Table 1-1 Key Features Table 1-2 System Defaults Table 3-1 Configuration Options Table 3-2 Main Menu Table 3-3 Logging Levels 3-27 Table 3-4 SNMPv3 Security Models and Levels 3-35 Table 3-5 Supported Notification Messages 3-45 Table 3-6 HTTPS Support 3-55 Table 3-7 802.1X Statistics...
  • Page 22 Tables Table 4-27. Authentication Commands 4-70 Table 4-28. Authentication Sequence 4-70 Table 4-29. RADIUS Client Commands 4-72 Table 4-30. TACACS+ Client Commands 4-76 Table 4-31. Port Security Commands 4-78 Table 4-32. 802.1X Port Authentication Commands 4-80 Table 4-33. Access Control List Commands 4-88 Table 4-34.
  • Page 23 Tables Table 4-72. show mvr interface - display description 4-198 Table 4-73. show mvr members - display description 4-199 Table 4-74. LLDP Commands 4-199 Table 4-75. UPnP Commands 4-216 Table 4-76. IP Interface Commands 4-219 Table 4-77. IP Source Guard Commands 4-224 Table 4-78.
  • Page 24 Figures Figure 3-1. Homepage Figure 3-2. Panel Display Figure 3-3. System Information 3-10 Figure 3-4. Switch Information 3-12 Figure 3-5. Bridge Extension Configuration 3-13 Figure 3-6. Manual IP Configuration 3-15 Figure 3-7. DHCP IP Configuration 3-16 Figure 3-8. Enabling Jumbo Frames 3-17 Figure 3-9.
  • Page 25 Figures Figure 3-43. Naming and Choosing ACLs 3-73 Figure 3-44. Configuring Standard IP ACLs 3-74 Figure 3-45. Configuring Extended IP ACLs 3-76 Figure 3-46. Configuring MAC ACLs 3-78 Figure 3-47. Mapping ACLs to Port Ingress Queues 3-79 Figure 3-48. Filtering Management Access 3-80 Figure 3-49.
  • Page 26 Figures Figure 3-88. LLDP Local Device Information 3-143 Figure 3-89. LLDP Remote Device Information 3-143 Figure 3-90. Port Priority Configuration 3-146 Figure 3-91. Configuring Class of Service 3-148 Figure 3-92. Enable Traffic Classes 3-149 Figure 3-93. Setting the Queue Mode 3-149 Figure 3-94.
  • Page 27 Figures xxiii...

  • Page 28: Chapter 1: Introduction

    Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.

  • Page 29: Description Of Software Features

    Introduction Table 1-1 Key Features (Continued) Feature Description Multicast Filtering Supports IGMP snooping and query Description of Software Features The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation.
  • Page 30 Description of Software Features Rate Limiting – This feature controls the maximum rate for traffic received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into the network. Packets that exceed the acceptable amount of traffic are dropped.
  • Page 31 Introduction older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices. Virtual LANs –...

  • Page 32: System Defaults

    System Defaults System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-20). The following table lists some of the basic system defaults. Table 1-2 System Defaults Function Parameter...
  • Page 33 Introduction Table 1-2 System Defaults (Continued) Function Parameter Default Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Rate Limiting Input limits Disabled Port Trunking Static Trunks None LACP (all ports) Disabled Broadcast Storm Status Enabled (all ports) Protection Broadcast Limit Rate 500 packets per second Spanning Tree...
  • Page 34 System Defaults Table 1-2 System Defaults (Continued) Function Parameter Default System Log Status Enabled Messages Logged Levels 0-6 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler Enabled (but no server defined) SNTP Clock Synchronization Disabled...
  • Page 35 Introduction...

  • Page 36: Chapter 2: Initial Configuration

    The switch’s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using network management software such as SMC EliteView. The switch’s Web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions: •...

  • Page 37: Required Connections

    Initial Configuration • Configure Spanning Tree parameters • Configure Class of Service (CoS) priority queuing • Configure up to 8 static or LACP trunks • Enable port mirroring • Set broadcast storm control on any port • Display system information and statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch.

  • Page 38: Remote Connections

    Basic Configuration For a description of how to use the CLI, see “Using the Command Line Interface” on page 44-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 44-8. Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a...

  • Page 39: Setting Passwords

    Initial Configuration The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level. Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names using the “username”...

  • Page 40: Manual Configuration

    Basic Configuration Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.

  • Page 41: Enabling Snmp Management Access

    Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as SMC EliteView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.

  • Page 42: Community Strings (For Snmp Version 1 And 2C Clients)

    Basic Configuration read/write access to the entire MIB tree. However, you may assign new views to version 1 or 2c community strings that suit your specific security requirements (see page 3-48). Community Strings (for SNMP version 1 and 2c clients) Community strings are used to control management access to SNMP version 1 and 2c stations, as well as to authorize SNMP stations to receive trap messages from the switch.

  • Page 43: Configuring Access For Snmp Version 3 Clients

    Initial Configuration that authentication, no authentication, or authentication and privacy is used for v3 clients. Then press <Enter>. For a more detailed description of these parameters, see “snmp-server host” on page 44-100. The following example creates a trap host for each type of SNMP client. Console(config)#snmp-server host 10.1.19.23 batman Console(config)#snmp-server host 10.1.19.98 robin version 2c Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth...

  • Page 44: Managing System Files

    Managing System Files Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming. \Write to FLASH finish. Success. Console# Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
  • Page 45 Initial Configuration 2-10...

  • Page 46: Chapter 3: Configuring The Switch

    Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).

  • Page 47: Navigating The Web Browser Interface

    Configuring the Switch Navigating the Web Browser Interface To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.” Home Page When your web browser connects with the switch’s web agent, the home page is displayed as shown below.

  • Page 48: Panel Display

    Panel Display configured as follows: Under the menu “Tools/Internet Options/General/ Temporary Internet Files/Settings,” the setting for item “Check for newer versions of stored pages” should be “Every visit to the page.” When using Internet Explorer 5.0, you may have to manually refresh the screen after making configuration changes by pressing the browser’s refresh button.
  • Page 49 Configuring the Switch Table 3-2 Main Menu (Continued) Menu Description Page Line 3-22 Console Sets console port connection parameters 3-22 Telnet Sets Telnet connection parameters 3-24 3-26 Logs Stores and displays error messages 3-26 System Logs Sends error messages to a logging process 3-27 Remote Logs Configures the logging of messages to a remote logging...
  • Page 50 Main Menu Table 3-2 Main Menu (Continued) Menu Description Page Port Security Configures per port security, including status, response for 3-63 security breach, and maximum allowed MAC addresses 802.1X 3-64 Information Displays global configuration settings 3-66 Configuration Configures protocol parameters 3-66 Port Configuration Sets the authentication mode for individual ports...
  • Page 51 Configuring the Switch Table 3-2 Main Menu (Continued) Menu Description Page Power Status Displays the status of global power parameters 3-105 Power Config Configures the power budget for the switch 3-106 Power Port Status Displays the status of port power parameters 3-106 Power Port Config Configures port power parameters...
  • Page 52 Main Menu Table 3-2 Main Menu (Continued) Menu Description Page Association Each community VLAN must be associated with a primary 3-136 VLAN Port Information Shows VLAN port type, and associated primary or secondary 3-136 VLANs Port Configuration Sets the private VLAN interface type, and associates the 3-137 interfaces with a private VLAN Trunk Information...
  • Page 53 Configuring the Switch Table 3-2 Main Menu (Continued) Menu Description Page IP DSCP Priority Sets IP Differentiated Services Code Point priority, mapping a 3-152 DSCP tag to a class-of-service value 3-153 DiffServ 3-153 Class Map Sets Class Maps 3-154 Policy Map Sets Policy Maps 3-157 Service Policy...
  • Page 54 Main Menu Table 3-2 Main Menu (Continued) Menu Description Page Port Configuration Selects the DHCP Snooping Information Option policy 3-178 Binding Information Displays the DHCP Snooping binding information 3-179 IP Source Guard 3-180 Port Configuration Enables IP source guard and selects filter type per port 3-180 Static Configuration Adds a static addresses to the source-guard binding table...

  • Page 55: Basic Configuration

    Configuring the Switch Basic Configuration Displaying System Information You can easily identify the system by displaying the device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. •...

  • Page 56: Displaying Switch Hardware/Software Versions

    Console(config)#snmp-server location WC 9 4-99 Console(config)#snmp-server contact Geoff 4-99 Console(config)#exit Console#show system 4-60 System Description: SMC Networks SMC8124PL2 System OID String: 1.3.6.1.4.1.259.6.10.94 System Information System Up Time: 0 days, 0 hours, 7 minutes, and 22.65 seconds System Name: R&D 5...

  • Page 57: Displaying Bridge Extension Capabilities

    Configuring the Switch Web – Click System, Switch Information. Figure 3-4. Switch Information CLI – Use the following command to display version information. Console#show version 4-62 Unit 1 Serial Number: Hardware Version: EPLD Version: 0.01 Number of Ports: Main Power Status: Redundant Power Status: Not present Agent (Master)

  • Page 58: Figure 3-5. Bridge Extension Configuration

    Basic Configuration • Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses. (Refer to “Setting Static Addresses” on page 3-108.) • VLAN Learning – This switch uses Independent VLAN Learning (IVL), where each port maintains its own filtering database. •...

  • Page 59: Setting The Switch's Ip Address

    Configuring the Switch Setting the Switch’s IP Address This section describes how to configure an initial IP interface for management access over the network. The IP address for this switch is unassigned by default. To manually configure an address, you need to change the switch’s default settings (IP address 0.0.0.0 and netmask 255.0.0.0) to values that are compatible with your network.

  • Page 60: Manual Configuration

    Basic Configuration Manual Configuration Web – Click System, IP Configuration. Select the VLAN through which the management station is attached, set the IP Address Mode to “Static,” enter the IP address, subnet mask and gateway, then click Apply. and specify a “Primary” interface, Figure 3-6.

  • Page 61: Using Dhcp/Bootp

    Configuring the Switch Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services. Web – Click System, IP Configuration. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes.

  • Page 62: Enabling Jumbo Frames

    Basic Configuration Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web interface. You can only restart DHCP service via the web interface if the current address is still available. CLI –...

  • Page 63: Managing Firmware

    Configuring the Switch Managing Firmware You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version.

  • Page 64: Figure 3-9. Copy Firmware

    Basic Configuration Figure 3-9. Copy Firmware If you download to a new destination file, go to the System, File Management, Set Start-Up menu, mark the operation code file used at startup, and click Apply. To start the new firmware, reboot the system via the System/Reset menu. Figure 3-10.

  • Page 65: Saving Or Restoring Configuration Settings

    Configuring the Switch CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file 4-64 TFTP server ip address: 10.1.0.19...

  • Page 66: Downloading Configuration Settings From A Server

    Basic Configuration Note: The maximum number of user-defined configuration files is limited only by available flash memory space. Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it.

  • Page 67: Console Port Settings

    Configuring the Switch CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config 4-64 TFTP server ip address: 192.168.1.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming.

  • Page 68: Figure 3-14. Console Port Setting

    Basic Configuration • Parity – Defines the generation of a parity bit. Communication protocols provided by some terminals can require a specific parity bit setting. Specify Even, Odd, or None. (Default: None) • Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal).

  • Page 69: Telnet Settings

    Configuring the Switch CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level. Console(config)#line console 4-10 Console(config-line)#login local 4-11 Console(config-line)#password 0 secret 4-12...

  • Page 70: Figure 3-15. Enabling Telnet

    Basic Configuration system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts) Available in CLI only: • Password – Specifies a password for the line connection. When a connection is started on a line with password protection, the system prompts for the password.

  • Page 71: Configuring Event Logging

    Configuring the Switch CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the current virtual terminal settings, use the show line command from the Normal Exec level. Console(config)#line vty 4-10 Console(config-line)#login local 4-11 Console(config-line)#password 0 secret...

  • Page 72: System Log Configuration

    Basic Configuration Web – Click System, Log, Logs. Figure 3-16. Displaying Logs CLI – This example shows the event message stored in RAM. Console#show log ram 4-48 [1] 00:01:37 2001-01-01 "DHCP request failed - will retry later." level: 4, module: 9, function: 0, and event no.: 10 [0] 00:00:35 2001-01-01 "System coldStart notification."...

  • Page 73: Figure 3-17. System Logs

    Configuring the Switch Table 3-3 Logging Levels (Continued) Level Severity Name Description Notice Normal but significant condition, such as cold start Warning Warning conditions (e.g., return false, unexpected return) Error Error conditions (e.g., invalid input, default used) Critical Critical conditions (e.g., memory allocation, or free memory error - resource exhausted) Alert Immediate action needed...

  • Page 74: Remote Log Configuration

    Basic Configuration Remote Log Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the error messages sent to only those messages below a specified level. Command Attributes •...

  • Page 75: Simple Mail Transfer Protocol

    Configuring the Switch CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap. Console(config)#logging host 192.168.1.15 4-45 Console(config)#logging facility 23 4-45 Console(config)#logging trap 4 4-46 Console(config)#end Console#show logging trap 4-47 Syslog logging: Enabled REMOTELOG status: Enabled...

  • Page 76: Figure 3-19. Enabling And Configuring Smtp

    Basic Configuration • Email Destination Address – This command specifies SMTP servers that may receive alert messages. Web – Click System, Log, SMTP. To add an IP address to the Server IP List, type the new IP address in the Server IP Address box, and then click Add. To delete an IP address, click the entry in the Server IP List, and then click Remove.

  • Page 77: Resetting The System

    Configuring the Switch Resetting the System Web – Click System, Reset. Click the Reset button to reboot the switch. When prompted, confirm that you want reset the switch. Figure 3-20. Resetting the System CLI – Use the reload command to restart the switch. When prompted, confirm that you want to reset the switch.

  • Page 78: Setting The Time Zone

    Basic Configuration Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply. Figure 3-21. SNTP Configuration CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings. Console(config)#sntp client 4-54 Console(config)#sntp poll 60...

  • Page 79: Simple Network Management Protocol

    This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports. A network management station can access this information using software such as SMC EliteView. Access to the onboard agent from clients using SNMP v1 and v2c is controlled by community strings. To communicate with the switch, the management station must first submit a valid community string for authentication.

  • Page 80: Table 3-4 Snmpv3 Security Models And Levels

    Simple Network Management Protocol The SNMPv3 security structure consists of security models, with each model having it’s own security levels. There are three security models defined, SNMPv1, SNMPv2c, and SNMPv3. Users are assigned to “groups” that are defined by a security model and specified security levels.

  • Page 81: Enabling The Snmp Agent

    Configuring the Switch Enabling the SNMP Agent Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attributes • SNMP Agent Status – Enables SNMP on the switch. Web – Click SNMP, Agent Status. Enable the SNMP Agent by marking the Enabled checkbox, and click Apply.

  • Page 82: Specifying Trap Managers And Trap Types

    Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as SMC EliteView). You can specify up to five management stations that will receive authentication failure messages and other notification messages from the switch.
  • Page 83 Configuring the Switch Enable the SNMP agent (page 3-36). Enable trap informs as described in the following pages. Create a view with the required notification messages (page 3-48). Create a group that includes the required notify view (page 3-45). • To send an inform to a SNMPv3 host, complete these steps: Enable the SNMP agent (page 3-36).

  • Page 84: Configuring Snmpv3 Management Access

    Simple Network Management Protocol the recipient does not acknowledge receipt. (Range: 0-255; Default: 3) • Enable Authentication Traps – Issues a notification message to specified IP trap managers whenever authentication of an SNMP request fails. (Default: Enabled) • Enable Link-up and Link-down Traps – Issues a notification message whenever a port link is established or broken.

  • Page 85: Setting The Local Engine Id

    Configuring the Switch Assign SNMP users to groups, along with their specific authentication and privacy passwords. Setting the Local Engine ID An SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protects against message replay, delay, and redirection. The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets.

  • Page 86: Configuring Snmpv3 Users

    Simple Network Management Protocol or informs to it. (See “Specifying Trap Managers and Trap Types” on page 3-37 and “Configuring Remote SNMPv3 Users” on page 3-43.) The engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are specified, trailing zeroes are added to the value.

  • Page 87: Figure 3-28. Configuring Snmpv3 Users

    Configuring the Switch • AuthPriv – SNMP communications use both authentication and encryption (only available for the SNMPv3 security model). • Authentication Protocol – The method used for user authentication. (Options: MD5, SHA; Default: MD5) • Authentication Password – A minimum of eight plain text characters is required. •...

  • Page 88: Configuring Remote Snmpv3 Users

    Simple Network Management Protocol CLI – Use the snmp-server user command to configure a new user name and assign it to a group. Console(config)#snmp-server user chris group r&d v3 auth md5 greenpeace priv des56 einstien 4-109 Console(config)#exit Console#show snmp user 4-110 EngineId: 80000034030001f488f5200000 User Name: chris...

  • Page 89: Figure 3-29. Configuring Remote Snmpv3 Users

    Configuring the Switch • Authentication Password – A minimum of eight plain text characters is required. • Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available. • Privacy Password – A minimum of eight plain text characters is required. Web –...

  • Page 90: Configuring Snmpv3 Groups

    Simple Network Management Protocol CLI – Use the snmp-server user command to configure a new user name and assign it to a group. Console(config)#snmp-server user mark group r&d remote 192.168.1.19 v3 auth md5 greenpeace priv des56 einstien 4-109 Console(config)#exit Console#show snmp user 4-110 No user exist.
  • Page 91 Configuring the Switch Table 3-5 Supported Notification Messages (Continued) Object Label Object ID Description topologyChange 1.3.6.1.2.1.17.0.2 A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Discarding state.

  • Page 92: Figure 3-30. Configuring Snmpv3 Groups

    Simple Network Management Protocol Table 3-5 Supported Notification Messages (Continued) Object Label Object ID Description Private Traps swPowerStatus 1.3.6.1.4.1.259.6.10.94.2.1. This trap is sent when the power state ChangeTrap changes. swIpFilterRejectTrap 1.3.6.1.4.1.259.6.10.94.2.1. This trap is sent when an incorrect IP address 0.40 is rejected by the IP Filter.

  • Page 93: Setting Snmpv3 Views

    Configuring the Switch CLI – Use the snmp-server group command to configure a new group, specifying the security model and level, and restricting MIB access to defined read and write views. Console(config)#snmp-server group secure-users v3 priv read defaultview write defaultview notify defaultview 4-106 Console(config)#exit Console#show snmp group...

  • Page 94: Figure 3-31. Configuring Snmpv3 Views

    Simple Network Management Protocol Figure 3-31. Configuring SNMPv3 Views CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the wildcard mask selects all index entries. Console(config)#snmp-server view ifEntry.a 1.3.6.1.2.1.2.2.1.1.* included 4-105 Console(config)#exit...

  • Page 95: User Authentication

    Configuring the Switch User Authentication You can restrict management access to this switch using the following options: • User Accounts – Manually configure access rights on the switch for specified users. • Authentication Settings – Use remote authentication to configure access rights. •...

  • Page 96: Configuring Local/Remote Logon Authentication

    User Authentication Web – Click Security, User Accounts. To configure a new user account, specify a user name, select the user’s access level, then enter a password and confirm it. Click Add to save the new user account and add it to the Account List. To change the password for a specific user, enter the user name and new password, confirm the password by entering it again, then click Apply.
  • Page 97 Configuring the Switch Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are logon authentication protocols that use software running on a central server to control access to RADIUS-aware or TACACS -aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user that requires management access to the switch.

  • Page 98: Figure 3-33. Authentication Settings

    User Authentication • Number of Server Transmits – Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2) • Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request.

  • Page 99: Configuring Https

    Configuring the Switch CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius 4-70 Console(config)#radius-server host 192.168.1.25 4-72 Console(config)#radius-server port 181 4-73 Console(config)#radius-server key green 4-74 Console(config)#radius-server retransmit 5 4-74 Console(config)#radius-server timeout 10 4-75 Console#show radius-server 4-75 Server IP address: 192.168.1.25 Communication key with radius server:...

  • Page 100: Table 3-6 Https Support

    User Authentication Table 3-6 HTTPS Support Web Browser Operating System Internet Explorer 5.0 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP Netscape Navigator 6.2 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP, Solaris 2.6 •...

  • Page 101: Replacing The Default Secure-Site Certificate

    Configuring the Switch CLI – This example enables the HTTP secure server and modifies the port number. Console(config)#ip http secure-server 4-30 Console(config)#ip http secure-port 441 4-31 Console(config)# Replacing the Default Secure-site Certificate When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL) certificate appears for the switch.
  • Page 102 User Authentication Notes: 1. You need to install an SSH client on the management station to access the switch for management via the SSH protocol. The switch supports both SSH Version 1.5 and 2.0. Command Usage The SSH server on this switch supports both password and public key authentication.

  • Page 103: Configuring The Ssh Settings

    Configuring the Switch Enable SSH Service – On the SSH Settings page, enable the SSH server on the switch. Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method.

  • Page 104: Generating The Host Key Pair

    User Authentication • The host key is shared with the SSH client, and is fixed at 1024 bits. Web – Click Security, SSH, Settings. Enable SSH and adjust the authentication parameters as required, then click Apply. Note that you must first generate the host key pair on the SSH Host-Key Settings page before you can enable the SSH server.

  • Page 105: Figure 3-36. Ssh Host-Key Settings

    Configuring the Switch Field Attributes • Public-Key of Host-Key – The public key for the host. • RSA: The first field indicates the size of the host key (e.g., 1024), the second field is the encoded public exponent (e.g., 65537), and the last string is the encoded modulus.

  • Page 106: Generating The User Public Key Pair

    User Authentication CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then displays the host’s public keys. Console#ip ssh crypto host-key generate 4-35 Console#ip ssh save host-key 4-35 Console#show public-key host 4-35...

  • Page 107: Figure 3-37. Ssh User Public-Key Settings

    Configuring the Switch • Delete – This button deletes the user public key process. Web – Click Security, SSH, SSH User-Key Settings. Select the user type and public-key type from the drop-down box, enter the TFTP server IP address, input the source file name, and then click Copy Public Key.

  • Page 108: Configuring Port Security

    User Authentication Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port.

  • Page 109: Configuring 802.1X Port Authentication

    Configuring the Switch Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, set the maximum number of MAC addresses allowed on a port, and click Apply. Figure 3-38. Configuring Port Security CLI –...
  • Page 110 User Authentication an EAPOL response to the switch, which it forwards to the RADIUS server. The RADIUS server verifies the client identity and sends an access challenge back to the client. The EAP packet from the RADIUS server contains not only the challenge, but the authentication method to be used.

  • Page 111: Displaying 802.1X Global Settings

    Configuring the Switch Displaying 802.1X Global Settings The 802.1X protocol provides client authentication. Command Attributes • 802.1X System Authentication Control – The global setting for 802.1X. Web – Click Security, 802.1X, Information. Figure 3-39. 802.1X Global Information CLI – This example shows the default global setting for 802.1X. Console#show dot1x 4-85 Global 802.1X Parameters...

  • Page 112: Configuring Port Settings For 802.1X

    User Authentication Web – Select Security, 802.1X, Configuration. Enable dot1x globally for the switch and click Apply. Figure 3-40. 802.1X Global Configuration CLI – This enables 802.1X globally for the switch Console(config)#dot1x system-auth-control 4-80 Console(config)# Configuring Port Settings for 802.1X When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the...

  • Page 113: Figure 3-41. 802.1X Port Configuration

    Configuring the Switch • Quiet Period – Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds) • Re-authen Period – Sets the time period after which a connected client must be re-authenticated.
  • Page 114 User Authentication Console(config)#interface ethernet 1/2 4-111 Console(config-if)#dot1x port-control auto 4-81 Console(config-if)#dot1x re-authentication 4-83 Console(config-if)#dot1x max-req 5 4-81 Console(config-if)#dot1x timeout quiet-period 30 4-83 Console(config-if)#dot1x timeout re-authperiod 1800 4-84 Console(config-if)#dot1x timeout tx-period 40 4-84 Console(config-if)#exit Console(config)#exit Console#show dot1x 4-85 Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name...

  • Page 115: Displaying 802.1X Statistics

    Configuring the Switch Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Statistical Values Table 3-7 802.1X Statistics Parameter Descripton Rx EXPOL Start The number of EAPOL Start frames that have been received by this Authenticator. Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator.

  • Page 116: Figure 3-42. Displaying 802.1X Port Statistics

    User Authentication Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. Figure 3-42. Displaying 802.1X Port Statistics CLI – This example displays the 802.1X statistics for port 4. Console#show dot1x statistics interface ethernet 1/4 4-85 Eth 1/4 Rx: EXPOL...

  • Page 117: Access Control Lists

    Configuring the Switch Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, and then bind the list to a specific port.

  • Page 118: Configuring A Standard Ip Acl

    Access Control Lists Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended, or MAC), and click Add to open the configuration page for the new list. Figure 3-43. Naming and Choosing ACLs CLI –...

  • Page 119: Configuring An Extended Ip Acl

    Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Then click Add. Figure 3-44.
  • Page 120 Access Control Lists • Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicates a specific protocol number (0-255). (Options: TCP, UDP, Others; Default: TCP) • Src/Dst Port – Source/destination port number for the specified protocol type. (Range: 0-65535) •...

  • Page 121: Figure 3-45. Configuring Extended Ip Acls

    Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.

  • Page 122: Configuring A Mac Acl

    Access Control Lists Configuring a MAC ACL Command Attributes • Action – An ACL can contain permit rules, deny rules, or a combination of both. (Default: Permit rules) • Source/Destination Address Type – Use "Any" to include all possible addresses, "Host"...

  • Page 123: Binding A Port To An Access Control List

    Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select "Host," enter a specific address (e.g., 11-22-33-44-55-66). If you select "MAC," enter a base address and a hexidecimal bitmask for an address range.

  • Page 124: Filtering Management Access

    Filtering Management Access • IN – ACL for ingress packets. • ACL Name – Name of the ACL. Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress traffic, select the required ACL from the drop-down list, then click Apply.

  • Page 125: Figure 3-48. Filtering Management Access

    Configuring the Switch • When entering addresses for the same group (i.e., SNMP, web or Telnet), the switch will not accept overlapping address ranges. When entering addresses for different groups, the switch will accept overlapping address ranges. • You cannot delete an individual address from a specified range. You must delete the entire range, and reenter the addresses.

  • Page 126: Port Configuration

    Port Configuration Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Field Attributes (Web) • Name – Interface label. •...
  • Page 127 Configuring the Switch Field Attributes (CLI) Basic information: • Port type – Indicates the port type. • (1000BASE-T, 1000BASE-SX, 1000BASE-LX or 100BASE-FX) • MAC address – The physical layer address for this port. (To access this item on the web, see “Setting the Switch’s IP Address” on page 3-14.) Configuration: •...

  • Page 128: Configuring Interface Connections

    Port Configuration CLI – This example shows the connection status for Port 5. Console#show interfaces status ethernet 1/5 4-117 Information of Eth 1/5 Basic information: Port type: 100TX Mac address: 00-30-f1-47-58-46 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full Broadcast storm: Enabled Broadcast storm limit: 500 packets/second Flow control: Disabled...

  • Page 129: Figure 3-50. Configuring Port Attributes

    Configuring the Switch (The current switch chip only supports symmetric pause frames.) • FC - Supports flow control • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.

  • Page 130: Creating Trunk Groups

    Port Configuration CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 4-111 Console(config-if)#description RD SW#13 4-112 Console(config-if)#shutdown 4-116 Console(config-if)#no shutdown Console(config-if)#no negotiation 4-113 Console(config-if)#speed-duplex 100half 4-112 Console(config-if)#flowcontrol 4-115 Console(config-if)#negotiation Console(config-if)#capabilities 100half 4-114 Console(config-if)#capabilities 100full Console(config-if)#capabilities flowcontrol Creating Trunk Groups You can create multiple links between devices that work as one virtual, aggregate link.

  • Page 131: Statically Configuring A Trunk

    Configuring the Switch • The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings. • All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN.

  • Page 132: Figure 3-51. Static Trunk Configuration

    Port Configuration Figure 3-51. Static Trunk Configuration CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 2 4-111 Console(config-if)#exit Console(config)#interface ethernet 1/1 4-111 Console(config-if)#channel-group 1...

  • Page 133: Enabling Lacp On Selected Ports

    Configuring the Switch Enabling LACP on Selected Ports Command Usage • To avoid creating a loop in the network, be sure dynamically you enable LACP before connecting the ports, enabled and also disconnect the ports before disabling LACP. active backup •...

  • Page 134: Configuring Lacp Parameters

    Port Configuration CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/1 4-111 Console(config-if)#lacp 4-127 Console(config-if)#exit Console(config)#interface ethernet 1/6 Console(config-if)#lacp Console(config-if)#end Console#show interfaces status port-channel 1 4-117...

  • Page 135: Figure 3-53. Lacp Aggregation Port Configuration

    Configuring the Switch • System Priority – LACP system priority is used to determine link aggregation group (LAG) membership, and to identify this device to other switches during LAG negotiations. (Range: 0-65535; Default: 32768) • Ports must be configured with the same system priority to join the same LAG. •...

  • Page 136: Displaying Lacp Port Counters

    Port Configuration CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; ports 5 and 6 are set to backup mode. Console(config)#interface ethernet 1/1 4-111 Console(config-if)#lacp actor system-priority 3 4-128 Console(config-if)#lacp actor admin-key 120 4-129...

  • Page 137: Displaying Lacp Settings And Status For The Local Side

    Configuring the Switch Web – Click Port, LACP, Port Counters Information. Select an interface port to display the corresponding information. Figure 3-54. Displaying LACP Port Counters Information CLI – The following example displays LACP counters for port channel 1. Console#show 1 lacp counters 4-131 Channel group : 1 -------------------------------------------------------------------...

  • Page 138: Figure 3-55. Displaying Lacp Port Information

    Port Configuration Table 3-9 LACP Settings Field Description LACP System Priority LACP system priority assigned to this port channel. LACP Port Priority LACP port priority assigned to this interface within the channel group. Admin State, Administrative or operational values of the actor’s state parameters: Oper State Expired –...

  • Page 139: Displaying Lacp Settings And Status For The Remote Side

    Configuring the Switch CLI – The following example displays the LACP configuration settings and operational state for the local side of port channel 1. Console#show 1 lacp internal 4-131 Channel group : 1 ------------------------------------------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ------------------------------------------------------------------- LACPDUs Internal : 30 sec...

  • Page 140: Figure 3-56. Displaying Remote Lacp Port Information

    Port Configuration Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information. Figure 3-56. Displaying Remote LACP Port Information CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. Console#show 1 lacp neighbors 4-131 Channel group 1 neighbors...

  • Page 141: Setting Broadcast Storm Thresholds

    Configuring the Switch Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.

  • Page 142: Configuring Port Mirroring

    Port Configuration Console(config)#interface ethernet 1/1 4-111 Console(config-if)#no switchport broadcast 4-121 Console(config-if)#exit Console(config)#broadcast packet-rate 500 4-121 Console(config)#exit Console#show interfaces switchport ethernet 1/2 4-119 Information of Eth 1/2 Broadcast threshold: Enabled, 500 packets/second Lacp status: Disabled Ingress rate limit: disable,1000M bits per second Egress rate limit: disable,1000M bits per second VLAN membership mode: Hybrid Ingress rule: Disabled...

  • Page 143: Configuring Rate Limits

    Configuring the Switch Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add. Figure 3-58. Configuring a Mirror Port CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port.

  • Page 144: Showing Port Statistics

    Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as SMC EliteView or HP OpenView. 3-99...

  • Page 145: Table 3-11 Port Statistics

    Configuring the Switch Statistical Values Table 3-11 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface, including framing characters. Received Unicast Packets The number of subnetwork-unicast packets delivered to a higher-layer protocol. Received Multicast Packets The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addressed to a multicast address at this...
  • Page 146 Port Configuration Table 3-11 Port Statistics (Continued) Parameter Description FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check. This count does not include frames received with frame-too-long or frame-too-short error.

  • Page 147: Figure 3-60. Displaying Port Statistics

    Configuring the Switch Table 3-11 Port Statistics (Continued) Parameter Description Oversize Frames The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed. Fragments The total number of frames received that were less than 64 octets in length (excluding framing bits, but including FCS octets) and had either an FCS or alignment error.

  • Page 148: Figure 3-61. Displaying Etherlike And Rmon Statistics

    Port Configuration Figure 3-61. Displaying Etherlike and RMON Statistics 3-103...

  • Page 149: Power Over Ethernet Settings

    Configuring the Switch CLI – This example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 4-118 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats:...

  • Page 150: Switch Power Status

    Power over Ethernet Settings power, if necessary by dropping power to ports set for a lower priority. If power is dropped to some low-priority ports and later the power demands on the switch fall back within its budget, the dropped power is automatically restored. Switch Power Status Displays the Power over Ethernet parameters for the switch.

  • Page 151: Setting A Switch Power Budget

    Configuring the Switch Setting a Switch Power Budget A maximum PoE power budget for the switch (power available to all switch ports) can be defined so that power can be centrally managed, preventing overload conditions at the power source. If the power demand from devices connected to the switch exceeds the power budget setting, the switch uses port power priority settings to limit the supplied power.

  • Page 152: Configuring Port Poe Power

    Power over Ethernet Settings Web – Click PoE, Power Port Status. Figure 3-64 Displaying Port PoE Status CLI – This example displays the PoE status and priority of port 1. Console#show power inline status 4-74 Interface Admin Oper Power(mWatt) Power(used) Priority ---------- ------- ---- ------------ ------------ -------- 1/ 1...

  • Page 153: Address Table Settings

    Configuring the Switch Command Attributes • Port – The port number on the switch. • Admin Status – Enables PoE power on the port. Power is automatically supplied when a device is detected on the port, providing that the power demanded does not exceed the switch or port power budget.

  • Page 154: Displaying The Address Table

    Address Table Settings Command Attributes • Static Address Counts* – The number of manually configured addresses. • Current Static Address Table – Lists all the static addresses. • Interface – Port or trunk associated with the device assigned a static address. •...

  • Page 155: Changing The Aging Time

    Configuring the Switch • VLAN – ID of configured VLAN (1-4093). • Address Table Sort Key – You can sort the information displayed based on MAC address, VLAN or interface (port or trunk). • Dynamic Address Counts – The number of addresses dynamically learned. •...

  • Page 156: Spanning Tree Algorithm Configuration

    Spanning Tree Algorithm Configuration Web – Click Address Table, Address Aging. Specify the new aging time, click Apply. Figure 3-68. Setting the Aging Time CLI – This example sets the aging time to 300 seconds. Console(config)#mac-address-table aging-time 300 4-138 Console(config)# Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.

  • Page 157: Displaying Global Settings

    Configuring the Switch Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
  • Page 158 Spanning Tree Algorithm Configuration • Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. • Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port.

  • Page 159: Configuring Global Settings

    Configuring the Switch Web – Click Spanning Tree, STA, Information. Figure 3-69. Displaying the Spanning Tree Algorithm CLI – This command displays global STA settings, followed by settings for each port. Console#show spanning-tree 4-150 Spanning-tree information --------------------------------------------------------------- Spanning tree mode: RSTP Spanning tree enabled/disabled: enabled...
  • Page 160 Spanning Tree Algorithm Configuration • RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: • STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
  • Page 161 Configuring the Switch • Maximum: The lower of 40 or [2 x (Forward Delay - 1)] • Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.

  • Page 162: Figure 3-70. Configuring The Spanning Tree Algorithm

    Spanning Tree Algorithm Configuration Web – Click Spanning Tree, STA, Configration. Modify the required attributes, and click Apply. Figure 3-70. Configuring the Spanning Tree Algorithm CLI – This example enables Spanning Tree Protocol and then configures the STA parameters. Console(config)#spanning-tree 4-139 Console(config)#spanning-tree mode 4-140...

  • Page 163: Displaying Interface Settings

    Configuring the Switch Displaying Interface Settings The STA Port Information and STA Trunk Information pages display the current status of ports and trunks in the Spanning Tree. Field Attributes • Spanning Tree – Shows if STA has been enabled on this interface. •...
  • Page 164 Spanning Tree Algorithm Configuration through the bridge to the root bridge (i.e., designated port)or is an alternate or backup port that may provide connectivity if other bridges, bridge ports, or LANs fail or are removed. The role is set to disabled (i.e., disabled port) if a port has no role within the spanning tree.

  • Page 165: Figure 3-71. Displaying Sta - Port Status Information

    Configuring the Switch such as workstations or servers, retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events, does not cause the spanning tree to reconfigure when the interface changes state, and also overcomes other STA-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device.

  • Page 166: Configuring Interface Settings

    Spanning Tree Algorithm Configuration Configuring Interface Settings You can configure RSTP attributes for specific interfaces, including port priority, path cost, link type, and edge port. You may use a different priority or path cost for ports of the same media type to indicate the preferred path, link type to indicate a point-to-point connection or shared-media connection, and edge port to indicate if the attached device can support fast forwarding.

  • Page 167: Figure 3-72. Configuring Spanning Tree Algorithm Per Port

    Configuring the Switch • Shared – A connection to two or more bridges. • Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media. (This is the default setting.) • Admin Edge Port (Fast Forwarding) – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node.

  • Page 168: Vlan Configuration

    VLAN Configuration VLAN Configuration Overview In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks.
  • Page 169 Configuring the Switch Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. tagged frames VA: VLAN Aware VU: VLAN Unaware tagged untagged...

  • Page 170: Forwarding Tagged/Untagged Frames

    VLAN Configuration these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine security boundaries in the network and disable GVRP on the boundary ports to prevent advertisements from being propagated, or forbid those ports from joining restricted VLANs. Note: If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports connected to these devices (as described in...

  • Page 171: Displaying Basic Vlan Information

    Configuring the Switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch. Field Attributes • VLAN Version Number* – The VLAN version used by this switch as specified in the IEEE 802.1Q standard.

  • Page 172: Figure 3-74. Displaying Vlan Information By Port Membership

    VLAN Configuration • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP. - Permanent: Added as a static entry. • Engress Ports – Shows the engress VLAN port members. • Untagged Ports – Shows the untagged VLAN port members. Web –...

  • Page 173: Creating Vlans

    Configuring the Switch CLI – Current VLAN information can be displayed with the following command. Console#show vlan id 1 4-159 VLAN Type Name Status Ports/Channel groups ---- ------- ----------- ------ ------------------------------------ Static DefaultVlan Active Eth1/1 Eth1/2 Eth1/3 Eth1/4 Eth1/5 Eth1/6 Eth1/7 Eth1/8 Eth1/9...

  • Page 174: Adding Static Members To Vlans (Vlan Index)

    VLAN Configuration Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add. Figure 3-75. Creating Virtual LANs CLI – This example creates a new VLAN. Console(config)#vlan database 4-152 Console(config-vlan)#vlan 2 name R&D media ethernet state active...

  • Page 175: Figure 3-76. Configuring Vlan Port Attributes

    Configuring the Switch Command Attributes • VLAN – ID of configured VLAN (1-4093, no leading zeroes). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. • Enable: VLAN is operational. •...

  • Page 176: Adding Static Members To Vlans (Port Index)

    VLAN Configuration CLI – The following example adds tagged and untagged ports to VLAN 2. Console(config)#interface ethernet 1/1 4-111 Console(config-if)#switchport allowed vlan add 2 tagged 4-157 Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#switchport allowed vlan add 2 untagged Console(config-if)#exit Console(config)#interface ethernet 1/13 Console(config-if)#switchport allowed vlan add 2 tagged Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by Port menu to assign VLAN groups to the...

  • Page 177: Configuring Vlan Behavior For Interfaces

    Configuring the Switch Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, and ingress filtering. Command Attributes • PVID – VLAN ID assigned to untagged frames received on the interface. (Default: 1) •...

  • Page 178: Configuring Private Vlans

    VLAN Configuration Web – Click VLAN, 802.1Q VLAN, Port Configuration or Trunk Configuration. Fill in the required settings for each interface, click Apply. Figure 3-78. Configuring VLAN Ports CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, and then sets the switchport mode to hybrid.

  • Page 179: Displaying Current Private Vlans

    Configuring the Switch To configure primary/secondary associated groups, follow these steps: Use the Private VLAN Configuration menu to designate one or more community VLANs, and the primary VLAN that will channel traffic outside of the VLAN groups. Use the Private VLAN Association menu to map the secondary (i.e., community) VLAN(s) to the primary VLAN.

  • Page 180: Configuring Private Vlans

    VLAN Configuration CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have been configured as a host ports and are associated with VLAN 6.

  • Page 181: Associating Vlans

    Configuring the Switch CLI – This example configures VLAN 5 as a primary VLAN, and VLAN 6 as a community VLAN. Console(config)#vlan database Console(config-vlan)#private-vlan 5 primary Console(config-vlan)#private-vlan 6 community Console(config-vlan)# Associating VLANs Each community VLAN must be associated with a primary VLAN. Command Attributes •...

  • Page 182: Configuring Private Vlan Interfaces

    VLAN Configuration • Normal – The port is not configured in a private VLAN. • Host – The port is a community port and can only communicate with other ports in its own community VLAN, and with the designated promiscuous port(s). •...

  • Page 183: Figure 3-83. Private Vlan Port Configuration

    Configuring the Switch Command Attributes • Port/Trunk - The switch interface. • PVLAN Port Type - Sets private VLAN port types. • Normal – The port is not assigned in a private VLAN. • Host – The port is a community port. A community port can communicate with other ports in its own community VLAN and with designated promiscuous port(s).

  • Page 184: Configuring Protocol Vlans

    VLAN Configuration CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have been configured as a host ports and associated with VLAN 6.

  • Page 185: Configuring Protocol Vlan System

    Configuring the Switch Configuring Protocol VLAN System Use the Protocol VLAN System Configuration menu to set the protocol VLAN settings for the switch. Command Attributes • Protocol Group ID - Protocol Group ID assigned to the Protocol VLAN Group. (Range: 1-2147483647) •...

  • Page 186: Configuring Lldp Port And Trunk Information

    LLDP • Delay Interval - Configures a delay time between the successive transmission of advertisements initiated by a change in local LLDP MIB variables. (Range: 0-8192 seconds) • Reinitialisation Delay - Configures the delay before attempting to re-initialize after LLDP ports are disabled or the link goes down. (Range: 0-10 seconds) •...

  • Page 187: Figure 3-87. Lldp Port Configuration

    Configuring the Switch • Trunk - Specifies if the port is a member of a trunk. Web – Click LLDP, Port Configuration. Figure 3-87. LLDP Port Configuration CLI – This example shows the administration status of the specified port being set to transmit and recieve.

  • Page 188: Displaying Lldp Local And Remote Device Information

    LLDP Displaying LLDP Local and Remote Device Information This displays information about the switch, such as its MAC address, chassis ID, management IP address, aswell as port information. Web – Click LLDP, Local Information for local device information. Or click LLDP, Remote Port or Trunk Information for remote device port or trunk information.
  • Page 189 Configuring the Switch CLI – This example shows LLDP configuration settings for all ports. Console#show lldp config 4-212 LLDP Global Configuation LLDP Transmit interval : 30 LLDP Hold Time Multiplier : 4 LLDP Delay Interval : 2 LLDP Reinit Delay : 2 LLDP Notification Interval : 5 LLDP Port Configuration Port AdminStatus NotificationEnabled...

  • Page 190: Class Of Service Configuration

    Class of Service Configuration CLI – This example shows LLDP global and interface-specific configuration settings for remote devices attached to an LLDP-enabled port. switch#show lldp info remote-device 4-214 LLDP Remote Devices Information Interface | ChassisId PortId SysName --------- + ----------------- ----------------- ------------ please provide sample data switch#show lldp info remote-device detail LLDP Remote Devices Information...

  • Page 191: Setting The Default Priority For Interfaces

    Configuring the Switch Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch. All untagged packets entering the switch are tagged with the specified default port priority, and then sorted into the appropriate priority queue at the output port. Command Usage •...

  • Page 192: Mapping Cos Values To Egress Queues

    Class of Service Configuration CLI – This example assigns a default priority of 5 to port 3. Console(config)#interface ethernet 1/3 4-111 Console(config-if)#switchport priority default 5 4-170 Console(config-if)#end Console#show interfaces switchport ethernet 1/3 4-119 Information of Eth 1/3 Broadcast threshold: Enabled, 500 packets/second LACP status: Disabled Ingress rate limit: enable, K bits per second: 25...

  • Page 193: Figure 3-91. Configuring Class Of Service

    Configuring the Switch Table 3-13 CoS Priority Levels Priority Level Traffic Type Voice, less than 10 milliseconds latency and jitter Network Control Command Attributes • Interface – Select port or trunk identifier. • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) •...

  • Page 194: Enabling Cos

    Class of Service Configuration Note: Mapping specific values for CoS priorities is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch. Enabling CoS Enable or disable Class of Service (CoS). Command Attributes. Command Attributes •...

  • Page 195: Setting The Service Weight For Traffic Classes

    Configuring the Switch CLI – The following sets the queue mode to strict priority service mode. Console(config)#queue mode strict 4-173 Console(config)#exit Console#show queue mode 4-173 Queue mode: strict Console# Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue.

  • Page 196: Mapping Layer 3/4 Priorities To Cos Values

    Class of Service Configuration CLI – The following example shows how to assign WRR weights to each of the priority queues. Console(config)#queue bandwidth 1 2 4 8 4-172 Console(config)#exit Console#show queue bandwidth 4-174 Information of Eth 1/1 Queue ID Weight -------- ------ Information of Eth 1/2...

  • Page 197: Mapping Dscp Priority

    Configuring the Switch Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP retains backward compatibility with the three precedence bits so that non-DSCP compliant will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.

  • Page 198: Quality Of Service

    Quality of Service CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings. Console(config)#map ip dscp 4-175 Console(config)#interface ethernet 1/1 4-111 Console(config-if)#map ip dscp 1 cos 0 4-176...

  • Page 199: Configuring Quality Of Service Parameters

    Configuring the Switch Notes: 1. You can configure up to 16 rules per Class Map. You can also include multiple classes in a Policy Map. You should create a Class Map before creating a Policy Map. Otherwise, you will not be able to select a Class Map from the Policy Rule Settings screen. Configuring Quality of Service Parameters To create a service policy for a specific category or ingress traffic, follow these steps: Use the “Class Map”...
  • Page 200 Quality of Service • Edit Rules – Opens the “Match Class Settings” page for the selected class entry. Modify the criteria used to classify ingress traffic on this page. • Add Class – Opens the “Class Configuration” page. Enter a class name and description on this page, and click Add to open the “Match Class Settings”...

  • Page 201: Figure 3-97. Configuring Class Maps

    Configuring the Switch Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing class. Figure 3-97. Configuring Class Maps CLI – This example creates a class map call “rd-class,” and sets it to match packets marked for DSCP service value 3.

  • Page 202: Creating Qos Policies

    Quality of Service Creating QoS Policies This function creates a policy map that can be attached to multiple interfaces. Command Usage • To configure a Policy Map, follow these steps: • Create a Class Map as described on 3-154. • Open the Policy Map page, and click Add Policy. •...
  • Page 203 Configuring the Switch • Description – A brief description of a policy map. (Range: 1-64 characters) • Add – Adds the specified policy. • Back – Returns to previous page without making any changes. Policy Rule Settings - Class Settings - •...

  • Page 204: Figure 3-98. Configuring Policy Maps

    Quality of Service Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. To configure the policy rule settings click Edit Classes. Figure 3-98. Configuring Policy Maps 3-159...

  • Page 205: Attaching A Policy Map To Ingress Queues

    Configuring the Switch CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps, and the response to reduce the DSCP value for violating packets to 0. Console(config)#policy-map rd_policy#3 Console(config-pmap)#class rd_class#3 Console(config-pmap-c)#set ip dscp 4 Console(config-pmap-c)#police 100000 1522 exceed-action...

  • Page 206: Multicast Filtering

    Multicast Filtering CLI – This example applies a service policy to an ingress interface. Console(config)#interface ethernet 1/5 Console(config-if)#service-policy input rd_policy#3 Console(config-if)# Multicast Filtering Multicasting is used to support real-time Unicast applications such as videoconferencing or Flow streaming audio. A multicast server does not have to establish a separate connection with each client.

  • Page 207: Layer 2 Igmp (Snooping And Query)

    Configuring the Switch A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/switch on the LAN performing IP multicasting, one of these devices is elected “querier” and assumes the role of querying the LAN for group members.
  • Page 208 Multicast Filtering packets passing through it, picks out the group registration information, and configures the multicast filters accordingly. • IGMP Querier — A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/switch on the LAN performing IP multicasting, one of these devices is elected “querier”...

  • Page 209: Displaying Interfaces Attached To A Multicast Router

    Configuring the Switch Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) Figure 3-100. Configuring Internet Group Management Protocol CLI – This example modifies the settings for multicast filtering, and then displays the current status.

  • Page 210: Specifying Static Interfaces For A Multicast Router

    Multicast Filtering Command Attributes • VLAN ID – ID of configured VLAN (1-4093). • Multicast Router List – Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch. Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to display the associated multicast routers.

  • Page 211: Displaying Port Members Of Multicast Services

    Configuring the Switch Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add. After you have finished adding interfaces to the list, click Apply.

  • Page 212: Assigning Ports To Multicast Services

    Multicast Filtering Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service. Figure 3-103.

  • Page 213: Multicast Vlan Registration

    Configuring the Switch Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast service, specify the multicast IP address, and click Add.

  • Page 214: Configuring Global Mvr Settings

    Multicast VLAN Registration Multicast Router Satellite Services Service Network Multicast Server Layer 2 Switch Source Port Receiver Ports Set-top Box Set-top Box General Configuration Guidelines for MVR Enable MVR globally on the switch, select the MVR VLAN, and add the multicast groups that will stream traffic to attached hosts (see “Configuring Global MVR Settings”...

  • Page 215: Displaying Mvr Interface Status

    Configuring the Switch • MVR Running Status – Indicates whether or not all necessary conditions in the MVR environment are satisfied. • MVR VLAN – Identifier of the VLAN that serves as the channel for streaming multicast services using MVR. (Range: 1-4093; Default: 1) •...

  • Page 216: Displaying Port Members Of Multicast Groups

    Multicast VLAN Registration only if there are subscribers receiving multicast traffic from one of the MVR groups, or a multicast group has been statically assigned to an interface. • Immediate Leave – Shows if immediate leave is enabled or disabled. •...

  • Page 217: Configuring Mvr Interface Status

    Configuring the Switch Web – Click MVR, Group IP Information. Figure 3-107. MVR Group IP Information CLI – This example following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN. Console#show mvr interface 4-197 MVR Group IP Status Members ---------------- -------- -------...

  • Page 218: Figure 3-108. Mvr Port Configuration

    Multicast VLAN Registration or receiver port (see “Assigning Static Multicast Groups to Interfaces” on page 3-174). • Immediate leave applies only to receiver ports. When enabled, the receiver port is immediately removed from the multicast group identified in the leave message. When immediate leave is disabled, the switch follows the standard rules by sending a group-specific query to the receiver port and waiting for a response to determine if there are any remaining subscribers for that multicast group before...

  • Page 219: Assigning Static Multicast Groups To Interfaces

    Configuring the Switch CLI – This example configures an MVR source port and receiver port, and then enables immediate leave on the receiver port. Console(config)#interface ethernet 1/1 Console(config-if)#mvr type source 4-195 Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#mvr type receiver 4-195 Console(config-if)#mvr immediate 4-195 Console(config-if)# Assigning Static Multicast Groups to Interfaces...

  • Page 220: Dhcp Snooping

    DHCP Snooping CLI – This example statically assigns a multicast group to a receiver port. Console(config)#interface ethernet 1/2 Console(config-if)#mvr group 228.1.23.1 4-195 Console(config-if)# DHCP Snooping DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port-related information to a DHCP server. This information can be useful in tracking an IP address back to a physical port.

  • Page 221: Dhcp Snooping Configuration

    Configuring the Switch If the DHCP snooping is globally disabled, all dynamic bindings are removed from the binding table. Additional considerations when the switch itself is a DHCP client – The port(s) through which the switch submits a client request to the DHCP server must be configured as trusted.

  • Page 222: Dhcp Snooping Information Option Configuration

    DHCP Snooping Web – Click DHCP Snooping, VLAN Configuration. Figure 3-111. DHCP Snooping VLAN Configuration CLI – This example first enables DHCP Snooping for VLAN 1. Console(config)#ip dhcp snooping vlan 1 4-230 Console(config)# DHCP Snooping Information Option Configuration DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server.

  • Page 223: Dhcp Snooping Port Configuration

    Configuring the Switch • Drop – Discards the Option 82 information in a packet and then floods it to the entire VLAN. Web – Click DHCP Snooping, Information Option Configuration. Figure 3-112. DHCP Snooping Information Option Configuration CLI – This example enables DHCP Snooping Information Option, and sets the policy as replace Console(config)#ip dhcp snooping information option 4-232...

  • Page 224: Dhcp Snooping Binding Information

    DHCP Snooping CLI – This example shows how to enable the DHCP Snooping Trust Status for ports Console(config)#interface ethernet 1/5 Console(config-if)#ip dhcp snooping trust 4-230 Console(config-if)# DHCP Snooping Binding Information Displays the DHCP snooping binding information. Command Attributes • No. – Entry number for DHCP snooping binding information. •...

  • Page 225: Ip Source Guard

    Configuring the Switch IP Source Guard IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or static and dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping” on page 3-175).

  • Page 226: Static Ip Source Guard Binding Configuration

    IP Source Guard CLI – This example shows how to enable IP source guard on port 5 Console(config)#interface ethernet 1/5 Console(config-if)#ip source-guard sip 4-224 Console(config-if)#end Console#show ip source-guard 4-227 Interface Filter-type --------- ----------- Eth 1/1 DISABLED Eth 1/2 DISABLED Eth 1/3 DISABLED Eth 1/4 DISABLED...

  • Page 227: Dynamic Ip Source Guard Binding Information

    Configuring the Switch Web – Click IP Source Guard, Static Configuration. Figure 3-116. Static IP Source Guard Binding Configuration CLI – This example shows how to configure a static source-guard binding on port 5 Console(config)#ip source-guard binding 11-22-33-44-55-66 vlan 1 192.168.0.99 interface ethernet 1/5 4-225 Console(config)#...

  • Page 228: Switch Clustering

    Switch Clustering Web – Click IP Source Guard, Dynamic Information. Figure 3-117. Dynamic IP Source Guard Binding Information CLI – This example shows how to configure a static source-guard binding on port 5 Console#show ip source-guard binding 4-227 MacAddress IpAddress Lease(sec) Type VLAN Interface...

  • Page 229: Cluster Configuration

    Configuring the Switch switches only become cluster Members when manually selected by the administrator through the management station. Note: Cluster Member switches can be managed through only using a Telnet connection to the Commander. From the Commander CLI prompt, use the “rcommand” command (see page 4-238) to connect to the Member switch.

  • Page 230: Cluster Member Configuration

    Switch Clustering CLI – This example first enables clustering on the switch, sets the switch as the cluster Commander, and then configures the cluster IP pool. Console(config)#cluster 4-235 Console(config)#cluster commander 4-236 Console(config)#cluster ip-pool 10.2.3.4 4-236 Console(config)# Cluster Member Configuration Adds Candidate switches to the cluster as Members. Command Attributes •...

  • Page 231: Cluster Candidate Information

    Configuring the Switch • Description – The system description string of the Member switch. Web – Click Cluster, Member Information. Figure 3-120. Cluster Member Information CLI – This example shows information about cluster Member switches. Console#show cluster members 4-239 Cluster Members: Role: Active member IP Address:...

  • Page 232: Upnp

    UPnP CLI – This example shows information about cluster Candidate switches. Console#show cluster candidates 4-239 Cluster Candidates: Role Description --------------- ----------------- ----------------------------------------- ACTIVE MEMBER 00-12-cf-23-49-c0 24/48 L2/L4 IPV4/IPV6 GE Switch CANDIDATE 00-12-cf-0b-47-a0 24/48 L2/L4 IPV4/IPV6 GE Switch Console# UPnP Universal Plug and Play (UPnP) is a set of computer network protocols promulgated by the UPnP Forum.

  • Page 233: Upnp Configuration

    Configuring the Switch UPnP Configuration This page allows you to enable or disable UPnP, and to set time out values. Command Attributes • UPNP Status – Enables/disables UPnP on the device. • Advertising Duration – This sets the duration of which a device will advertise its status to the control point.

  • Page 234: Chapter 4: Command Line Interface

    Chapter 4: Command Line Interface This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.
  • Page 235 Command Line Interface To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.254...

  • Page 236: Entering Commands

    Entering Commands Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
  • Page 237 Command Line Interface display a list of valid keywords for a specific command. For example, the command “show ?” displays a list of possible show commands: Console#show ? access-group Access groups access-list Access lists bridge-ext Bridge extension information calendar Date and time information class-map Displays class maps cluster...

  • Page 238: Partial Keyword Lookup

    Entering Commands Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.” Console#show s? snmp sntp...

  • Page 239: Exec Commands

    Command Line Interface Exec Commands When you open a new console session on the switch with the user name and password “guest,” the system enters the Normal Exec command mode (or guest mode), displaying the “Console>” command prompt. Only a limited number of the commands are available in this mode.

  • Page 240: Command Line Processing

    Entering Commands To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands. Console#configure Console(config)# To enter the other modes, at the configuration prompt type one of the following commands.

  • Page 241: Command Groups

    Command Line Interface Table 4-3. Keystroke Commands (Continued) Keystroke Function Ctrl-N Enters the next command line in the history buffer. Ctrl-P Enters the last command. Ctrl-R Repeats current command line on a new line. Ctrl-U Deletes from the cursor to the beginning of the line. Ctrl-W Deletes the last word typed.

  • Page 242: Line Commands

    Line Commands Table 4-4. Command Group Index (Continued) Command Group Description Page Spanning Tree Configures Spanning Tree settings for the switch 4-139 VLANs Configures VLAN settings, and defines port membership for VLAN 4-152 groups; also enables or configures private VLANs GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning;...

  • Page 243: Line

    Command Line Interface Table 4-5. Line Command Syntax Command Function Mode Page password Specifies a password on a line 4-12 timeout login Sets the interval that the system waits for a login attempt LC 4-13 response exec-timeout Sets the interval that the command interpreter waits until 4-13 user input is detected password-thresh...

  • Page 244: Login

    Line Commands Example To enter console line mode, enter the following command: Console(config)#line console Console(config-line)# Related Commands show line (4-18) show users (4-61) login This command enables password checking at login. Use the no form to disable password checking and allow connections without a password. Syntax login [local] no login...

  • Page 245: Password

    Command Line Interface Example Console(config-line)#login local Console(config-line)# Related Commands username (4-25) password (4-12) password This command specifies the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password - {0 | 7} - 0 means plain password, 7 means encrypted password - password - Character string that specifies the line password.

  • Page 246: Timeout Login Response

    Line Commands timeout login response This command sets the interval that the system waits for a user to log into the CLI. Use the no form to restore the default setting. Syntax timeout login response [seconds] no timeout login response seconds - Integer that specifies the timeout interval.

  • Page 247: Password-Thresh

    Command Line Interface Command Usage • If user input is detected within the timeout interval, the session is kept open; otherwise the session is terminated. • This command applies to both the local console and Telnet connections. • The timeout for Telnet cannot be disabled. •...

  • Page 248: Silent-Time

    Line Commands silent-time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command. Use the no form to remove the silent time value. Syntax silent-time [seconds] no silent-time...

  • Page 249: Parity

    Command Line Interface Example To specify 7 data bits, enter this command: Console(config-line)#databits 7 Console(config-line)# Related Commands parity (4-16) parity This command defines the generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity - none - No parity - even - Even parity...

  • Page 250: Stopbits

    Line Commands Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on devices connected to the port might not be supported.

  • Page 251: Show Line

    Command Line Interface Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection. Example Console#disconnect 1 Console# Related Commands show ssh (4-40) show users (4-61) show line This command displays the terminal line’s parameters.

  • Page 252: General Commands

    General Commands General Commands Table 4-6. General Commands Command Function Mode Page enable Activates privileged mode 4-19 disable Returns to normal mode from privileged mode 4-20 configure Activates global configuration mode 4-20 show history Shows the command history buffer NE, PE 4-21 reload Restarts the system...

  • Page 253: Disable

    Command Line Interface Example Console>enable Password: [privileged level password] Console# Related Commands disable (4-20) enable password (4-26) disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics.

  • Page 254: Show History

    General Commands Example Console#configure Console(config)# Related Commands end (4-22) show history This command shows the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands.

  • Page 255: End

    Command Line Interface Note: When the system is restarted, it will always run the Power-On Self-Test. It will also retain all configuration information stored in non-volatile memory by the copy running-config startup-config command. Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system.

  • Page 256: Quit

    System Management Commands Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: quit This command exits the configuration program. Default Setting None Command Mode...

  • Page 257: Device Designation Commands

    Command Line Interface Table 4-7. System Management Commands (Continued) Command Group Function Page Secure Shell Provides secure replacement for Telnet 4-33 Event Logging Controls logging of error messages 4-43 SMTP Alerts Configures SMTP email alerts 4-49 Time (System Clock) Sets the system clock automatically via NTP/SNTP server or 4-53 manually System Status...

  • Page 258: Hostname

    System Management Commands Example Console(config)#prompt RD2 RD2(config)# hostname This command specifies or modifies the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode...

  • Page 259: Enable Password

    Command Line Interface - name - The name of the user. (Maximum length: 8 characters, case sensitive. Maximum users: 16) - access-level level - Specifies the user level. - The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. - nopassword - No password is required for this user to log in.

  • Page 260: Ip Filter Commands

    System Management Commands - password - password for this privilege level. (Maximum length: 8 characters plain text, 32 encrypted, case sensitive) Default Setting • The default is level 15. • The default password is “super” Command Mode Global Configuration Command Usage •...

  • Page 261: Show Management

    Command Line Interface - http-client - Adds IP address(es) to the web group. - snmp-client - Adds IP address(es) to the SNMP group. - telnet-client - Adds IP address(es) to the Telnet group. - start-address - A single IP address, or the starting address of a range. - end-address - The end address of a range.

  • Page 262: Web Server Commands

    System Management Commands Command Mode Privileged Exec Example Console#show management all-client Management Ip Filter Http-Client: Start ip address End ip address ----------------------------------------------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 Snmp-Client: Start ip address End ip address ----------------------------------------------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 Telnet-Client: Start ip address...

  • Page 263: Ip Http Server

    Command Line Interface Command Mode Global Configuration Example Console(config)#ip http port 769 Console(config)# Related Commands ip http server (4-30) ip http server This command allows this device to be monitored or configured from a browser. Use the no form to disable this function. Syntax [no] ip http server Default Setting...

  • Page 264: Ip Http Secure-Port

    System Management Commands Command Usage • Both HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure the HTTP and HTTPS servers to use the same UDP port. • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number] •...

  • Page 265: Telnet Server Commands

    Command Line Interface Default Setting Command Mode Global Configuration Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port. • If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https:/ /device:port_number Example Console(config)#ip http secure-port 1000...

  • Page 266: Secure Shell Commands

    System Management Commands Syntax [no] ip telnet port [port-number] port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting Command Mode Global Configuration Example Console(config)#ip telnet port 123 Console(config)# Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems.
  • Page 267 Command Line Interface Table 4-15. Secure Shell Commands (Continued) Command Function Mode Page ip ssh crypto host-key Generates the host key 4-38 generate ip ssh crypto zeroize Clear the host key from RAM 4-39 ip ssh save host-key Saves the host key from RAM to flash memory 4-39 disconnect Terminates a line connection...

  • Page 268: Ip Ssh Server

    System Management Commands The clients are subsequently authenticated using these keys. The current firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA Version 1 key: 1024 35 13410816856098939210409449201554253476316419218729589211431738 05553616163105177594083868631109291232226828519254374603100937 187721199696317813662774141689851320491172048303392543241016379 975923714490119380060902539484084827178194372288402533115952134 861022902978982721353267131629432532818915045306393916643...

  • Page 269: Ip Ssh Timeout

    Command Line Interface Default Setting Disabled Command Mode Global Configuration Command Usage • The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions. • The SSH server uses DSA or RSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.

  • Page 270: Ip Ssh Authentication-Retries

    System Management Commands Example Console(config)#ip ssh timeout 60 Console(config)# Related Commands exec-timeout (4-13) show ip ssh (4-40) ip ssh authentication-retries This command configures the number of times the SSH server attempts to reauthenticate a user. Use the no form to restore the default setting. Syntax ip ssh authentication-retries count no ip ssh authentication-retries...

  • Page 271: Delete Public-Key

    Command Line Interface Command Usage • The server key is a private key that is never shared outside the switch. • The host key is shared with the SSH client, and is fixed at 1024 bits. Example Console(config)#ip ssh server-key size 512 Console(config)# delete public-key This command deletes the specified user’s public key.

  • Page 272: Ip Ssh Crypto Zeroize

    System Management Commands • Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process. Otherwise, you must manually create a known hosts file and place the host public key in it. •...

  • Page 273: Show Ip Ssh

    Command Line Interface Syntax ip ssh save host-key [dsa | rsa] - dsa – DSA key type. - rsa – RSA key type. Default Setting Saves both the DSA and RSA key. Command Mode Privileged Exec Example Console#ip ssh save host-key dsa Console# Related Commands ip ssh crypto host-key generate (4-38)

  • Page 274: Show Public-Key

    System Management Commands Example Console#show ssh Connection Version State Username Encryption Session-Started admin ctos aes128-cbc-hmac-md5 stoc aes128-cbc-hmac-md5 Console# Table 4-16. show ssh - display description Field Description Session The session number. (Range: 0-3) Version The Secure Shell version number. State The authentication negotiation state.
  • Page 275 Command Line Interface Command Mode Privileged Exec Command Usage • If no parameters are entered, all keys are displayed. If the user keyword is entered, but no user name is specified, then the public keys for all users are displayed. •...

  • Page 276: Event Logging Commands

    System Management Commands Example Console#show public-key host Host: RSA: 1024 65537 1568499540186766925933394677505461732531367489083654725415020245593 1998685443583616519999233297817660658309586108259132128902337654680172627 2571413428762941301196195566782595664104869574278881462065194174677298486 5468615717739390164779355942303577413098022737087794545240839717526463580 58176716709574804776117 DSA: ssh-dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV/yrDbKStIlnzD/Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW/a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRAAAAFQChb4vsdfQGNIjw bvwrNLaQ77isiwAAAIEAsy5YWDC99ebYHNRj5kh47wY4i8cZvH+/p9cnrfwFTMU01VFDly3IR 2G395NLy5Qd7ZDxfA9mCOfT/yyEfbobMJZi8oGCstSNOxrZZVnMqWrTYfdrKX7YKBw/Kjw6Bm iFq7O+jAhf1Dg45loAc27s6TLdtny1wRq/ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF/+DjKGWtPNIQqabKgYCw2 o/dVzX4Gg+yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 Console# Event Logging Commands Table 4-17. Event Logging Commands Command Function Mode Page logging on Controls logging of error messages 4-43 logging history...

  • Page 277: Logging History

    Command Line Interface Command Usage The logging process controls error messages saved to switch memory. You can use the logging history command to control the type of error messages that are stored. Example Console(config)#logging on Console(config)# Related Commands logging history (4-44) clear logging (4-46) logging history This command limits syslog messages saved to switch memory based on severity.

  • Page 278: Logging Host

    System Management Commands Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority (i.e., numerically lower) than that specified for RAM. Example Console(config)#logging history ram 0 Console(config)# logging host This command adds a syslog server host IP address that will receive logging messages.

  • Page 279: Logging Trap

    Command Line Interface Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to sort messages or to store messages in the corresponding database.

  • Page 280: Show Logging

    System Management Commands Syntax clear logging [flash | ram] - flash - Event history stored in flash memory (i.e., permanent memory). - ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). Default Setting Flash and RAM Command Mode Privileged Exec Example...

  • Page 281: Show Log

    Command Line Interface The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), and the message level for RAM is “debugging” (i.e., default level 7 - 0). Console#show logging flash Syslog logging: Enabled...

  • Page 282: Smtp Alert Commands

    System Management Commands Syntax show log {flash | ram} - flash - Event history stored in flash memory (i.e., permanent memory). - ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). Default Setting None Command Mode Privileged Exec Example The following example shows the event message stored in RAM.

  • Page 283: Logging Sendmail Level

    Command Line Interface ip_address - IP address of an SMTP server that will be sent alert messages for event handling. Default Setting None Command Mode Global Configuration Command Usage • You can specify up to three SMTP servers for event handing. However, you must enter a separate command to specify each server.

  • Page 284: Logging Sendmail Source-Email

    System Management Commands Example This example will send email alerts for system errors from level 3 through 0. Console(config)#logging sendmail level 3 Console(config)# logging sendmail source-email This command sets the email address used for the “From” field in alert messages. Syntax logging sendmail source-email email-address email-address - The source email address used in alert messages.

  • Page 285: Logging Sendmail

    Command Line Interface Example Console(config)#logging sendmail destination-email ted@this-company.com Console(config)# logging sendmail This command enables SMTP event handling. Use the no form to disable this function. Syntax [no] logging sendmail Default Setting Enabled Command Mode Global Configuration Example Console(config)#logging sendmail Console(config)# show logging sendmail This command displays the settings for the SMTP event handler.

  • Page 286: Time Commands

    System Management Commands Time Commands The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. If the clock is not set, the switch will only record the time from the factory default set at the last bootup.

  • Page 287: Sntp Server

    Command Line Interface Example Console(config)#sntp server 10.1.0.19 Console(config)#sntp poll 60 Console(config)#sntp client Console(config)#end Console#show sntp Current time: Dec 23 02:52:44 2002 Poll interval: 60 Current mode: unicast SNTP status : Enabled SNTP server 137.92.140.80 0.0.0.0 0.0.0.0 Current server: 137.92.140.80 Console# Related Commands sntp client (4-53) sntp poll (4-55)

  • Page 288: Sntp Poll

    System Management Commands sntp poll (4-55) show sntp (4-55) sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.

  • Page 289: Clock Timezone

    Command Line Interface Example Console#show sntp Current time: Dec 23 05:13:28 2002 Poll interval: 16 Current mode: unicast SNTP status : Enabled SNTP server 137.92.140.80 0.0.0.0 0.0.0.0 Current server: 137.92.140.80 Console# clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} - name - Name of timezone, usually an acronym.

  • Page 290: Show Calendar

    System Management Commands - hour - Hour in 24-hour format. (Range: 0 - 23) - min - Minute. (Range: 0 - 59) - sec - Second. (Range: 0 - 59) - day - Day of month. (Range: 1 - 31) - month - january | february | march | april | may | june | july | august | september | october | november | december - year - Year (4-digit).
  • Page 291 Command Line Interface Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!”...

  • Page 292: Show Running-Config

    System Management Commands Example Console#show startup-config building startup-config, please wait..username admin access-level 15 username admin password 0 admin username guest access-level 0 username guest password 0 guest enable password level 15 0 super snmp-server community public ro snmp-server community private rw vlan database vlan 1 name DefaultVlan media ethernet state active interface vlan 1...

  • Page 293: Show System

    Command Line Interface - VLAN configuration settings for each interface - IP address configured for the switch - Spanning tree settings - Any configured settings for the console port and Telnet Example Console#show running-config building running-config, please wait..phymap 00-30-f1-df-9c-a0 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 SNTP server 0.0.0.0 0.0.0.0 0.0.0.0...

  • Page 294: Show Users

    • The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: SMC Networks SMC8124PL2 System OID string: 1.3.6.1.4.1.259.6.10.94 System Information System Up Time: 0 days, 0 hours, 7 minutes, and 22.65 seconds...

  • Page 295: Show Version

    Command Line Interface Example Console#show users Username accounts: Username Privilege Public-Key -------- --------- ---------- admin None guest None steve Online users: Line Username Idle time (h:m:s) Remote IP addr. ----------- -------- ----------------- --------------- console admin 0:14:14 VTY 0 admin 0:00:00 192.168.1.19 SSH 1 steve...

  • Page 296: Frame Size Commands

    System Management Commands Example Console#show version Unit 1 Serial Number: Hardware Version: EPLD Version: 0.01 Number of Ports: Main Power Status: Redundant Power Status: Not present Agent (Master) Unit ID: Loader Version: 1.0.0.0 Boot ROM Version: 1.0.0.3 Operation Code Version: 1.0.0.8 Console# Frame Size Commands...

  • Page 297: Flash/File Commands

    Command Line Interface • Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second. (See the broadcast packet-rate command on page 4-121.) • The current setting for jumbo frames can be displayed with the show system command (page 4-60).
  • Page 298 Flash/File Commands - tftp - Keyword that allows you to copy to/from a TFTP server. - https-certificate - Keyword that allows you to copy the HTTPS secure site certificate. - public-key - Keyword that allows you to copy a SSH key from a TFTP server.
  • Page 299 Command Line Interface The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name: startup Write to FLASH Programming. \Write to FLASH finish. Success. Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01...

  • Page 300: Delete

    Flash/File Commands delete This command deletes a file or image. Syntax delete [unit:] filename filename - Name of the configuration file or image name. unit - Stack unit. (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted. •...

  • Page 301: Whichboot

    Command Line Interface Command Mode Privileged Exec Command Usage • If you enter the command dir without any parameters, the system displays all files. • A colon (:) is required after the specified unit number. • File information is shown below: Table 4-26.

  • Page 302: Boot System

    Flash/File Commands Example This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command. Console#whichboot file name file type startup size (byte) -------------------------------- ----------------------- ------- ----------- Unit1: diag_0060...

  • Page 303: Authentication Commands

    Command Line Interface Example Console(config)#boot system config: startup Console(config)# Related Commands dir (4-67) whichboot (4-68) Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1X.

  • Page 304: Authentication Enable

    Authentication Commands Command Mode Global Configuration Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet.

  • Page 305: Radius Client

    Command Line Interface Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. •...

  • Page 306: Radius-Server Port

    Authentication Commands Syntax radius-server host host_ip_address no radius-server host [no] radius-server index host {host_ip_address | host_alias} [auth-port auth_port] [timeout timeout] [retransmit retransmit] [key key] - index - Allows you to specific up to five servers. These servers are queried in sequence until a server responds or the retransmit period expires. - host_ip_address - IP address of server.

  • Page 307: Radius-Server Key

    Command Line Interface Command Mode Global Configuration Example Console(config)#radius-server port 181 Console(config)# radius-server key This command sets the RADIUS encryption key. Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.

  • Page 308: Radius-Server Timeout

    Authentication Commands Example Console(config)#radius-server retransmit 5 Console(config)# radius-server timeout This command sets the interval between transmitting authentication requests to the RADIUS server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the switch waits for a reply before resending a request.

  • Page 309: Tacacs+ Client

    Command Line Interface TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.

  • Page 310: Tacacs-Server Key

    Authentication Commands Command Mode Global Configuration Example Console(config)#tacacs-server port 181 Console(config)# tacacs-server key This command sets the TACACS+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client.

  • Page 311: Port Security Commands

    Command Line Interface Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with TACACS server: ***** Server port number: Console# Port Security Commands These commands can be used to enable port security on a port. When using port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
  • Page 312 Authentication Commands Action: None Maximum Addresses: 0 Command Mode Interface Configuration (Ethernet) Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted.

  • Page 313: 802.1X Port Authentication

    Command Line Interface 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).

  • Page 314: Dot1X Default

    Authentication Commands Example Console(config)#dot1x system-auth-control Console(config)# dot1x default This command sets all configurable dot1x global and port settings to their default values. Syntax dot1x default Command Mode Global Configuration Example Console(config)#dot1x default Console(config)# dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session.

  • Page 315: Dot1X Operation-Mode

    Command Line Interface - auto – Requires a dot1x-aware connected client to be authorized by the RADIUS server. Clients that are not dot1x-aware will be denied access. - force-authorized – Configures the port to grant access to all clients, either dot1x-aware or otherwise.

  • Page 316: Dot1X Re-Authenticate

    Authentication Commands Example Console(config)#interface eth 1/2 Console(config-if)#dot1x operation-mode multi-host max-count 10 Console(config-if)# dot1x re-authenticate This command forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate [interface] interface • ethernet unit/port - unit - Stack unit. (Always unit 1) - port - Port number.

  • Page 317: Dot1X Timeout Re-Authperiod

    Command Line Interface seconds - The number of seconds. (Range: 1-65535) Default 60 seconds Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x timeout quiet-period 350 Console(config-if)# dot1x timeout re-authperiod This command sets the time period after which a connected client must be re-authenticated.

  • Page 318: Show Dot1X

    Authentication Commands Example Console(config)#interface eth 1/2 Console(config-if)#dot1x timeout tx-period 300 Console(config-if)# show dot1x This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] - statistics - Displays dot1x status for each port. - interface - ethernet unit/port - unit - Stack unit.
  • Page 319 Command Line Interface authentication session (page 4-81). - Status – Authorization status (authorized or not). - Operation Mode – Shows if single or multiple hosts (clients) can connect to an 802.1X-authorized port. - Max Count – The maximum number of hosts allowed to access this port (page 4-82).
  • Page 320 Authentication Commands Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized disabled Single-Host ForceAuthorized disabled Single-Host ForceAuthorized 1/25 disabled Single-Host ForceAuthorized 1/26 enabled Single-Host Auto 802.1X Port Details 802.1X is enabled on port 1/1 802.1X is enabled on port 26 reauth-enabled: Enable...

  • Page 321: Access Control List Commands

    Command Line Interface Access Control List Commands Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter packets, first create an access list, add the required rules, and then bind the list to a specific port.

  • Page 322: Ip Acls

    Access Control List Commands IP ACLs Table 4-34. IP ACL Commands Command Function Mode Page access-list ip Creates an IP ACL and enters configuration mode 4-89 for standard or extended IP ACLs permit, deny Filters packets matching a specified source IP STD-ACL 4-90 address...

  • Page 323: Permit, Deny (Standard Acl)

    Command Line Interface Example Console(config)#access-list ip standard david Console(config-std-acl)# Related Commands permit, deny 4-90 ip access-group (4-92) show ip access-list (4-92) permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source.

  • Page 324: Permit, Deny (Extended Acl)

    Access Control List Commands permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule.

  • Page 325: Show Ip Access-List

    Command Line Interface Example This example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through. Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any Console(config-ext-acl)# This allows TCP packets from class C addresses 192.168.1.0 to any destination...

  • Page 326: Show Ip Access-Group

    Access Control List Commands - in – Indicates that this list applies to ingress packets. - out – Indicates that this list applies to egress packets. Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage • A port can only be bound to one ACL. •...

  • Page 327: Show Map Access-List Ip

    Command Line Interface Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage • You must configure an ACL mask before you can map CoS values to the rule. • A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table.

  • Page 328: Acl Information

    Access Control List Commands Example Console#show map access-list ip Access-list to COS of Eth 1/24 Access-list ALS1 cos 0 Console# Related Commands map access-list ip (4-93) ACL Information Table 4-36. ACL Information Command Function Mode Page show access-list Shows all ACLs and associated rules 4-95 show access-group Shows the ACLs assigned to each port...

  • Page 329: Snmp Commands

    Command Line Interface Example Console#show access-group Interface ethernet 1/25 IP standard access-list david IP access-list jerry Console# SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 provides security features that cover message integrity, authentication, and encryption;...

  • Page 330: Show Snmp

    SNMP Commands Syntax [no] snmp-server Default Setting Enabled Command Mode Global Configuration Example Console(config)#snmp-server Console(config)# show snmp This command can be used to check the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.

  • Page 331: Snmp-Server Community

    Command Line Interface Example Console#show snmp SNMP Agent: enabled SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read-write 2. public, and the privilege is read-only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors...

  • Page 332: Snmp-Server Contact

    SNMP Commands • private - Read-write access. Authorized management stations are able to both retrieve and modify MIB objects. Command Mode Global Configuration Example Console(config)#snmp-server community alpha rw Console(config)# snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information.

  • Page 333: Snmp-Server Host

    Command Line Interface Command Mode Global Configuration Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (4-99) snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host host-addr [inform [retry retries | timeout seconds]] community-string [version {1 | 2c | 3 {auth | noauth | priv} [udp-port port]}...
  • Page 334 SNMP Commands • UDP Port: 162 Command Mode Global Configuration Command Usage • If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server host command.

  • Page 335: Snmp-Server Enable Traps

    Command Line Interface Specify a remote engine ID where the user resides (page 4-103). Then configure a remote user (page 4-109). • The switch can send SNMP version 1, 2c, or 3 notifications to a host IP address, depending on the SNMP version that the management station supports.

  • Page 336: Snmp-Server Engine-Id

    SNMP Commands • The snmp-server enable traps command is used in conjunction with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. In order to send notifications, you must configure at least one snmp-server host command. •...

  • Page 337: Show Snmp Engine-Id

    Command Line Interface authoritative agent. For informs, the authoritative SNMP agent is the remote agent. You therefore need to configure the remote agent’s SNMP engine ID before you can send proxy requests or informs to it. • Trailing zeroes need not be entered to uniquely specify a engine ID. In other words, the value “1234”...

  • Page 338: Snmp-Server View

    SNMP Commands snmp-server view This command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view. Syntax snmp-server view view-name oid-tree {included | excluded} no snmp-server view view-name • view-name - Name of an SNMP view. (Range: 1-64 characters) •...

  • Page 339: Snmp-Server Group

    Command Line Interface Example Console#show snmp view View Name: mib-2 Subtree OID: 1.2.2.3.6.2.1 View Type: included Storage Type: nonvolatile Row Status: active View Name: defaultview Subtree OID: 1 View Type: included Storage Type: nonvolatile Row Status: active Console# Table 4-39. show snmp view - display description Field Description View Name...

  • Page 340: Show Snmp Group

    SNMP Commands • readview - Every object belonging to the Internet OID space (1.3.6.1). • writeview - Nothing is defined. • notifyview - Nothing is defined. Command Mode Global Configuration Command Usage • A group sets the access policy for the assigned users. •...

  • Page 341: Table 4-40. Show Snmp Group - Display Description

    Command Line Interface Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: defaultview Write View: daily Notify View: none Storage Type: nonvolatile Row Status: active Group Name: public Security Model: v1 Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active...

  • Page 342: Snmp-Server User

    SNMP Commands snmp-server user This command adds a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View. Use the no form to remove a user from an SNMP group. Syntax snmp-server user username groupname [remote ip-address] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv-password]] no snmp-server user username {v1 | v2c | v3 | remote} •...

  • Page 343: Show Snmp User

    Command Line Interface • SNMP passwords are localized using the engine ID of the authoritative agent. For informs, the authoritative SNMP agent is the remote agent. You therefore need to configure the remote agent’s SNMP engine ID before you can send proxy requests or informs to it.

  • Page 344: Interface Commands

    Interface Commands Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Table 4-42. Interface Commands Command Function Mode Page interface Configures an interface type and enters interface 4-111 configuration mode description Adds a description to an interface configuration 4-112...

  • Page 345: Description

    Command Line Interface Example To specify port 24, enter the following command: Console(config)#interface ethernet 1/24 Console(config-if)# description This command adds a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface.

  • Page 346: Negotiation

    Interface Commands 1000full for Gigabit Ethernet ports. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation command to disable auto-negotiation on the selected interface.

  • Page 347: Capabilities

    Command Line Interface Example The following example configures port 11 to use autonegotiation. Console(config)#interface ethernet 1/11 Console(config-if)#negotiation Console(config-if)# Related Commands capabilities (4 -114) speed-duplex (4-112) capabilities This command advertises the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capability, or the no form without parameters to restore the default values.

  • Page 348: Flowcontrol

    Interface Commands Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control. Console(config)#interface ethernet 1/5 Console(config-if)#capabilities 100half Console(config-if)#capabilities 100full Console(config-if)#capabilities flowcontrol Console(config-if)# Related Commands negotiation (4-113) speed-duplex (4-112) flowcontrol (4-115) flowcontrol This command enables flow control. Use the no form to disable flow control. Syntax [no] flowcontrol Default Setting...

  • Page 349: Shutdown

    Command Line Interface Example The following example enables flow control on port 5. Console(config)#interface ethernet 1/5 Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (4-113) capabilities (flowcontrol, symmetric) (4-114) shutdown This command disables an interface. To restart a disabled interface, use the no form.

  • Page 350: Show Interfaces Status

    Interface Commands • port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session. However, if you log out and back into the management interface, the statistics displayed will show the absolute value accumulated since the last power reset.

  • Page 351: Show Interfaces Counters

    Command Line Interface Example Console#show interfaces status ethernet 1/5 Information of Eth 1/5 Basic information: Port type: 1000T Mac address: 00-30-F1-D4-73-A5 Configuration: Name: Port admin: Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full Broadcast storm: Enabled Broadcast storm limit: 500 packets/second Flow control: Disabled LACP:...

  • Page 352: Show Interfaces Switchport

    Interface Commands Example Console#show interfaces counters ethernet 1/7 Ethernet 1/7 Iftable stats: Octets input: 30658, Octets output: 196550 Unicast input: 6, Unicast output: 5 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 3064 Broadcast input: 262, Broadcast output: 1...

  • Page 353: Table 4-43. Show Interfaces Switchport - Display Description

    Command Line Interface Example This example shows the configuration setting for port 24. Console#show interfaces switchport ethernet 1/24 Broadcast threshold: Enabled, 500 packets/second LACP status: Enabled Ingress rate limit: disable, Level: 30 VLAN membership mode: Hybrid Ingress rule: Enabled Acceptable frame type: All frames Native VLAN: Priority for untagged traffic: 0...

  • Page 354: Broadcast Commands

    Broadcast Commands Broadcast Commands This section describes how to configure broadcast storm control for the switch. Table 4-44. Broadcast Commands Command Function Mode Page broadcast packet-rate Configures the global threshold level 4-121 switchport broadcast Enables broadcast storm control for an interface 4-121 show interfaces Displays the administrative and operational status of...

  • Page 355: Mirror Port Commands

    Command Line Interface Default Setting Enabled Command Mode Interface Configuration Example The following shows how to disable broadcast storm control on an interface: Console(config-if)#no switchport broadcast Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Table 4-45.

  • Page 356: Show Port Monitor

    Mirror Port Commands Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner.

  • Page 357: Rate Limit Commands

    Command Line Interface Example The following shows mirroring configured from port 6 to port 11. Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------- Destination port(listen port):Eth1/1 Source port(monitored port) :Eth1/6 Mode :RX/TX Console# Rate Limit Commands This function allows the network manager to control the maximum rate for traffic received on an interface.

  • Page 358: Link Aggregation Commands

    Link Aggregation Commands Example Console(config)#interface ethernet 1/1 Console(config-if)#rate-limit input 600 Console(config-if)# Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.

  • Page 359: Channel-Group

    Command Line Interface communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings. • All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specified port-channel. •...

  • Page 360: Lacp

    Link Aggregation Commands lacp This command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to disable it. Syntax [no] lacp Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of an LACP trunk must be configured for full duplex, and auto-negotiation.

  • Page 361: Lacp System-Priority

    Command Line Interface Example The following shows LACP enabled on ports 10-12. Because LACP has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that Trunk1 has been established. Console(config)#interface ethernet 1/10 Console(config-if)#lacp Console(config-if)#exit...

  • Page 362: Lacp Admin-Key (Ethernet Interface)

    Link Aggregation Commands Command Mode Interface Configuration (Ethernet) Command Usage • Port must be configured with the same system priority to join the same LAG. • System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.

  • Page 363: Lacp Admin-Key (Port Channel)

    Command Line Interface • Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configuring LACP settings for the partner only applies to its administrative state, not its operational state, and will only take effect the next time an aggregate link is established with the partner.

  • Page 364: Lacp Port-Priority

    Link Aggregation Commands Example Console(config)#interface port channel 1 Console(config-if)#lacp admin-key 3 Console(config-if)# lacp port-priority This command configures LACP port priority. Use the no form to restore the default setting. Syntax lacp {actor | partner} port-priority priority no lacp {actor | partner} port-priority •...

  • Page 365: Table 4-48. Show Lacp Counters - Display Description

    Command Line Interface • port-channel - Local identifier for a link aggregation group. (Range: 1-6) • counters - Statistics for LACP protocol messages. • internal - Configuration settings and operational state for local side. • neighbors - Configuration settings and operational state for remote side. •...

  • Page 366: Table 4-49. Show Lacp Internal - Display Description

    Link Aggregation Commands Console#show lacp internal Channel group : 1 ------------------------------------------------------------------- Oper Key: Admin Key: 0 Eth 1/ 2 ------------------------------------------------------------------- LACPDUs Internal: 30 sec LACP System Priority: 32768 LACP Port Priority: 32768 Admin Key: Oper Key: Admin State: defaulted, aggregation, long timeout, LACP-activity Oper State: distributing, collecting, synchronization, aggregation, long timeout, LACP-activity...

  • Page 367: Table 4-50. Show Lacp Neighbors - Display Description

    Command Line Interface Console#show lacp 1 neighbors Channel group 1 neighbors ------------------------------------------------------------------- Eth 1/1 ------------------------------------------------------------------- Partner Admin System ID: 32768, 00-00-00-00-00-00 Partner Oper System ID: 32768, 00-01-F4-78-AE-C0 Partner Admin Port Number: 2 Partner Oper Port Number: Port Admin Priority: 32768 Port Oper Priority: 32768 Admin Key:...

  • Page 368: Address Table Commands

    Address Table Commands Console#show lacp 1 sysid Channel group System Priority System MAC Address ------------------------------------------------------------------- 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-D4-73-A0 32768 00-30-F1-D4-73-A0 32768 00-30-F1-D4-73-A0 32768 00-30-F1-D4-73-A0 32768 00-30-F1-D4-73-A0 32768 00-30-F1-D4-73-A0 Table 4-51. show lacp sysid - display description Field Description Channel group...

  • Page 369: Clear Mac-Address-Table Dynamic

    Command Line Interface Syntax mac-address-table static mac-address interface interface vlan vlan-id [action] no mac-address-table static mac-address vlan vlan-id • mac-address - MAC address. • interface • ethernet unit/port - unit - Stack unit. (Always unit 1) - port - Port number. (Range: 1-28) •...

  • Page 370: Show Mac-Address-Table

    Address Table Commands Default Setting None Command Mode Privileged Exec Example Console#clear mac-address-table dynamic Console# show mac-address-table This command shows classes of entries in the bridge-forwarding database. Syntax show mac-address-table [address mac-address [mask]] [interface interface] [vlan vlan-id] [sort {address | vlan | interface}] •...

  • Page 371: Mac-Address-Table Aging-Time

    Command Line Interface • The maximum number of address entries is 8191. Example Console#show mac-address-table Interface Mac Address Vlan Type --------- ----------------- ---- ----------------- Eth 1/ 1 00-00-00-00-00-17 1 Learned Eth 1/ 1 00-E0-29-94-34-DE 1 Delete-on-reset Console# mac-address-table aging-time This command sets the aging time for entries in the address table. Use the no form to restore the default aging time.

  • Page 372: Spanning Tree Commands

    Spanning Tree Commands Example Console#show mac-address-table aging-time Aging time: 300 sec. Console# Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 4-53. Spanning Tree Commands Command Function Mode...

  • Page 373: Spanning-Tree Mode

    Command Line Interface Command Mode Global Configuration Command Usage The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.

  • Page 374: Spanning-Tree Forward-Time

    Spanning Tree Commands delay timer expires, the switch assumes that it is connected to an 802.1D bridge and starts using only 802.1D BPDUs. • RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires, RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port.

  • Page 375: Spanning-Tree Hello-Time

    Command Line Interface spanning-tree hello-time This command configures the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1].

  • Page 376: Spanning-Tree Priority

    Spanning Tree Commands Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals.

  • Page 377: Spanning-Tree Pathcost Method

    Command Line Interface Example Console(config)#spanning-tree priority 40000 Console(config)# spanning-tree pathcost method This command configures the path cost method used for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method •...

  • Page 378: Spanning-Tree Spanning-Disabled

    Spanning Tree Commands Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs. Example Console(config)#spanning-tree transmission-limit 4 Console(config)# spanning-tree spanning-disabled This command disables the spanning tree algorithm for the specified interface. Use the no form to reenable the spanning tree algorithm for the specified interface. Syntax [no] spanning-tree spanning-disabled Default Setting...

  • Page 379: Spanning-Tree Port-Priority

    Command Line Interface • Gigabit Ethernet – full duplex: 10,000; trunk: 5,000 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used by the Spanning Tree Algorithm to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.

  • Page 380: Spanning-Tree Edge-Port

    Spanning Tree Commands Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree port-priority 0 Related Commands spanning-tree cost (4-145) spanning-tree edge-port This command specifies an interface as an edge port. Use the no form to restore the default. Syntax [no] spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel)

  • Page 381: Spanning-Tree Portfast

    Command Line Interface spanning-tree portfast This command sets an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax [no] spanning-tree portfast Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port.

  • Page 382: Spanning-Tree Protocol-Migration

    Spanning Tree Commands • shared - Shared medium. Default Setting auto Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Specify a point-to-point link if the interface can only be connected to exactly one other bridge, or a shared link if it can be connected to two or more bridges. •...

  • Page 383: Show Spanning-Tree

    Command Line Interface Example Console#spanning-tree protocol-migration eth 1/5 Console# show spanning-tree This command shows the configuration for the common spanning tree (CST). Syntax show spanning-tree [interface] • interface • ethernet unit/port - unit - Stack unit. (Always unit 1) - port - Port number. (Range: 1-28) •...
  • Page 384 Spanning Tree Commands Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode: RSTP Spanning tree enabled/disabled: enabled Instance: VLANs configuration: 1-4093 Priority: 32768 Bridge Hello Time (sec.): Bridge Max Age (sec.): Bridge Forward Delay (sec.): Root Hello Time (sec.): Root Max Age (sec.): Root Forward Delay (sec.): Max hops: Remaining hops:...

  • Page 385: Vlan Commands

    Command Line Interface VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.

  • Page 386: Vlan

    VLAN Commands Example Console(config)#vlan database Console(config-vlan)# Related Commands show vlan (4-159) vlan This command configures a VLAN. Use the no form to restore the default settings or delete a VLAN. Syntax vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] •...

  • Page 387: Configuring Vlan Interfaces

    Command Line Interface Configuring VLAN Interfaces Table 4-56. Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified 4-154 VLAN switchport mode Configures VLAN membership mode for an interface IC 4-155 switchport Configures frame types to be accepted by an 4-155 acceptable-frame-types interface...

  • Page 388: Switchport Mode

    VLAN Commands switchport mode This command configures the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {hybrid | access} no switchport mode • hybrid - Specifies a hybrid VLAN interface. The port may transmit tagged or untagged frames.

  • Page 389: Switchport Ingress-Filtering

    Command Line Interface Command Usage When set to receive all frame types, any received frames that are untagged are assigned to the default VLAN. Example The following example shows how to restrict the traffic received on port 1 to tagged frames: Console(config)#interface ethernet 1/1 Console(config-if)#switchport acceptable-frame-types tagged...

  • Page 390: Switchport Native Vlan

    VLAN Commands switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port. (Range: 1-4093, no leading zeroes) Default Setting VLAN 1...

  • Page 391: Switchport Forbidden Vlan

    Command Line Interface spaces; use a hyphen to designate a range of IDs. Do not enter leading zeros. (Range: 1-4093). Default Setting • All ports are assigned to VLAN 1 by default • The default frame type is untagged. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...

  • Page 392: Displaying Vlan Information

    VLAN Commands spaces; use a hyphen to designate a range of IDs. Do not enter leading zeros. (Range: 1-4093). Default Setting No VLANs are included in the forbidden list. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command prevents a VLAN from being automatically added to the specified interface via GVRP.

  • Page 393: Configuring Private Vlans

    Command Line Interface Command Mode Normal Exec, Privileged Exec Example The following example shows how to display information for VLAN 1. Console#show vlan id 1 VLAN ID: Type: Static Name: DefaultVlan Status: Active Ports/Port Channels: Eth1/ 1(S) Eth1/ 2(S) Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S) Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S) Eth1/11(S) Eth1/12(S) Eth1/13(S) Eth1/14(S) Eth1/15(S) Eth1/16(S) Eth1/17(S) Eth1/18(S) Eth1/19(S) Eth1/20(S)

  • Page 394: Private-Vlan

    VLAN Commands To configure primary/secondary associated groups, follow these steps: Use the private-vlan command to designate one or more community VLANs and the primary VLAN that will channel traffic outside of the community groups. Use the private-vlan association command to map the community VLAN(s) to the primary VLAN.

  • Page 395: Private Vlan Association

    Command Line Interface page 4-155.) Example Console(config)#vlan database Console(config-vlan)#private-vlan 2 primary Console(config-vlan)#private-vlan 3 community Console(config)# private vlan association Use this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no form to remove all associations for the specified primary VLAN. Syntax private-vlan primary-vlan-id association {primary-vlan-id | add secondary-vlan-id | remove secondary-vlan-id}...

  • Page 396: Switchport Private-Vlan Host-Association

    VLAN Commands ports in the same primary VLAN, as well as with all the ports in the associated secondary VLANs. Default Setting Normal VLAN Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • To assign a promiscuous port to a primary VLAN, use the switchport private-vlan mapping command.

  • Page 397: Switchport Private-Vlan Mapping

    Command Line Interface switchport private-vlan mapping Use this command to map an interface to a primary VLAN. Use the no form to remove this mapping. Syntax switchport private-vlan mapping primary-vlan-id no switchport private-vlan mapping primary-vlan-id - ID of primary VLAN. (Range: 1-4093, no leading zeroes). Default Setting None Command Mode...

  • Page 398: Gvrp And Bridge Extension Commands

    GVRP and Bridge Extension Commands Example Console#show vlan private-vlan Primary Secondary Type Interfaces -------- ----------- ---------- ------------------------------ primary Eth1/ 3 community Eth1/ 4 Eth1/ 5 Console# GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network.

  • Page 399: Show Bridge-Ext

    Command Line Interface Example Console(config)#bridge-ext gvrp Console(config)# show bridge-ext This command shows the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 3-126 and “Displaying Bridge Extension Capabilities” on page 3-12 for a description of the displayed items.

  • Page 400: Show Gvrp Configuration

    GVRP and Bridge Extension Commands Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - Stack unit. (Always unit 1) - port - Port number. (Range: 1-28) •...

  • Page 401: Show Garp Timer

    Command Line Interface • leave: 60 centiseconds • leaveall: 1000 centiseconds Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate.

  • Page 402: Priority Commands

    Priority Commands Example Console#show garp timer ethernet 1/1 Eth 1/ 1 GARP timer status: Join timer: 20 centiseconds Leave timer: 60 centiseconds Leaveall timer: 1000 centiseconds Console# Related Commands garp timer (4-167) Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion.

  • Page 403: Priority Commands (Layer 2)

    Command Line Interface Priority Commands (Layer 2) Table 4-61. Priority Commands (Layer 2) Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted 4-170 Round-Robin (WRR) switchport priority default Sets a port priority for incoming untagged frames 4-170 queue bandwidth Assigns round-robin weights to the priority queues...

  • Page 404: Switchport Priority Default

    Priority Commands Example The following example sets the queue mode to strict priority service mode. Console(config)#queue mode strict Console(config)# switchport priority default This command sets a priority for incoming untagged frames. Use the no form to restore the default value. Syntax switchport priority default default-priority-id no switchport priority default...

  • Page 405: Queue Bandwidth

    Command Line Interface queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queues. Use the no form to restore the default weights. Syntax queue bandwidth weight1...weight4 no queue bandwidth weight1...weight4 - The ratio of weights for queues 0 - 3 determines the weights used by the WRR scheduler.

  • Page 406: Show Queue Mode

    Priority Commands Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown below. Table 4-62.

  • Page 407: Show Queue Bandwidth

    Command Line Interface Example Console#sh queue mode Wrr status: Enabled Console# show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues. Default Setting None Command Mode Privileged Exec Example Console#show queue bandwidth Information of Eth 1/1 Queue ID Weight --------...

  • Page 408: Priority Commands (Layer 3 And 4)

    Priority Commands Command Mode Privileged Exec Example Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 CoS Value : 0 1 2 3 4 5 6 7 Priority Queue: 2 0 1 3 4 5 6 7 Console# Priority Commands (Layer 3 and 4) Table 4-63.

  • Page 409: Map Ip Dscp (Interface Configuration)

    Command Line Interface map ip dscp (Interface Configuration) This command sets IP DSCP priority (i.e., Differentiated Services Code Point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp •...

  • Page 410: Show Map Ip Dscp

    Priority Commands show map ip dscp This command shows the IP DSCP priority map. Syntax show map ip dscp [interface] interface • ethernet unit/port • unit - Stack unit. (Always unit 1) • port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-8) Default Setting None Command Mode...

  • Page 411: Multicast Filtering Commands

    Command Line Interface Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.

  • Page 412: Ip Igmp Snooping Vlan Static

    Multicast Filtering Commands Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static This command adds a port to a multicast group. Use the no form to remove the port. Syntax [no] ip igmp snooping vlan vlan-id static ip-address interface •...

  • Page 413: Ip Igmp Snooping Immediate-Leave

    Command Line Interface Command Mode Global Configuration Command Usage • All systems on the subnet must support the same version. If there are legacy devices in your network that only support Version 1, you will also have to configure this switch to use Version 1. •...

  • Page 414: Show Mac-Address-Table Multicast

    Multicast Filtering Commands Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-162 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Enabled Querier status:...

  • Page 415: Igmp Query Commands (Layer 2)

    Command Line Interface Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: Console#show mac-address-table multicast vlan 1 igmp-snooping VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------- 224.1.2.3 Eth1/11 IGMP Console# IGMP Query Commands (Layer 2) Table 4-67.

  • Page 416: Ip Igmp Snooping Query-Interval

    Multicast Filtering Commands Syntax ip igmp snooping query-count count no ip igmp snooping query-count count - The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group.

  • Page 417: Ip Igmp Snooping Query-Max-Response-Time

    Command Line Interface Example The following shows how to configure the query interval to 100 seconds. Console(config)#ip igmp snooping query-interval 100 Console(config)# ip igmp snooping query-max-response-time This command configures the query report delay. Use the no form to restore the default.

  • Page 418: Ip Igmp Snooping Router-Port-Expire-Time

    Multicast Filtering Commands ip igmp snooping router-port-expire-time This command configures the query timeout. Use the no form to restore the default. Syntax ip igmp snooping router-port-expire-time seconds no ip igmp snooping router-port-expire-time seconds - The time the switch waits after the previous querier stops before it considers the router port (i.e., the interface which had been receiving query packets) to have expired.

  • Page 419: Show Ip Igmp Snooping Mrouter

    Command Line Interface - ethernet unit/port - unit - Stack unit. (Always unit 1) - port - Port number. (Range: 1-28) - port-channel channel-id (Range: 1-8) Default Setting No static multicast router ports are configured. Command Mode Global Configuration Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier.

  • Page 420: Igmp Filtering And Throttling Commands

    IGMP Filtering and Throttling Commands Example The following shows that port 11 in VLAN 1 is attached to a multicast router. Console#show ip igmp snooping mrouter vlan 1 VLAN M'cast Router Ports Type ---- ------------------- ------- Eth 1/11 Static Eth 1/12 Dynamic Console# IGMP Filtering and Throttling Commands...

  • Page 421: Ip Igmp Profile

    Command Line Interface Command Mode Global Configuration Command Usage • IGMP filtering enables you to assign a profile to a switch port that specifies multcast groups that are permitted or denied on the port. An IGMP filter profile can contain one or more, or a range of multicast addresses, but only one profile can be assigned to a port.

  • Page 422: Permit, Deny

    IGMP Filtering and Throttling Commands Example Console(config)#ip igmp profile 19 Console(config-igmp-profile)# permit, deny This command sets the access mode for an IGMP filter profile. Use the no form to delete a profile number. Syntax {permit | deny} Default Setting Deny Command Mode IGMP Profile Configuration Command Usage...

  • Page 423: Ip Igmp Filter (Interface Configuration)

    Command Line Interface Command Usage Enter this command multiple times to specify more than one multicast address or address range for a profile. Example Console(config)#ip igmp profile 19 Console(config-igmp-profile)#range 239.1.1.1 Console(config-igmp-profile)#range 239.2.3.1 239.2.3.100 ip igmp filter (Interface Configuration) This command assigns an IGMP filtering profile to an interface on the switch. Use the no form to remove a profile from an interface.

  • Page 424: Ip Igmp Max-Groups

    IGMP Filtering and Throttling Commands ip igmp max-groups This command sets the IGMP throttling number for an interface on the switch. Use the no form to restore the default setting. Syntax ip igmp max-groups number no ip igmp max-groups • number - The maximum number of multicast groups an interface can join at the same time.

  • Page 425: Show Ip Igmp Filter

    Command Line Interface Command Usage When the maximum number of groups is reached on a port, the switch can take one of two actions; either “deny” or “replace.” If the action is set to deny, any new IGMP join reports will be dropped. If the action is set to replace, the switch randomly removes an existing group and replaces it with the new multicast group.

  • Page 426: Show Ip Igmp Profile

    IGMP Filtering and Throttling Commands show ip igmp profile This command displays IGMP filtering profiles created on the switch. Syntax show ip igmp profile [profile-number] • profile-number - An existing IGMP filter profile number. (Range: 1-4294967295) Default Setting None Command Mode Privileged Exec Example Console#show ip igmp profile...

  • Page 427: Multicast Vlan Registration Commands

    Command Line Interface Example Console#show ip igmp throttle interface ethernet 1/1 Information of Eth 1/1 status : TRUE action : deny max multicast groups : 32 current multicast groups : 0 Console# Multicast VLAN Registration Commands This section describes commands used to configure Multicast VLAN Registration (MVR).

  • Page 428: Mvr (Interface Configuration)

    Multicast VLAN Registration Commands Default Setting • MVR is disabled. • No MVR group address is defined. • The default number of contiguous addresses is 0. • MVR VLAN ID is 1. Command Mode Global Configuration Command Usage • Use the mvr group command to statically configure all multicast group addresses that will join the MVR VLAN.
  • Page 429 Command Line Interface Default Setting • The port type is not defined. • Immediate leave is disabled. • No receiver port is a member of any configured multicast group. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for multicast filtering.

  • Page 430: Show Mvr

    Multicast VLAN Registration Commands Example The following configures one source port and several receiver ports on the switch, enables immediate leave on one of the receiver ports, and statically assigns a multicast group to another receiver port: Console(config)#interface ethernet 1/5 Console(config-if)#mvr type source Console(config-if)#exit Console(config)#interface ethernet 1/6...

  • Page 431: Table 4-71. Show Mvr - Display Description

    Command Line Interface Example The following shows the global MVR settings: Console#show mvr MVR Status:enable MVR running status:TRUE MVR multicast vlan:1 MVR Max Multicast Groups:255 MVR Current multicast groups:10 Console# Table 4-71. show mvr - display description Field Description MVR status Shows if MVR is globally enabled on the switch.

  • Page 432: Lldp

    LLDP The following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN: Console#show mvr members MVR Group IP Status Members ---------------- -------- ------- 225.0.0.1 ACTIVE eth1/1(d), eth1/2(s) 225.0.0.2 INACTIVE None 225.0.0.3 INACTIVE None 225.0.0.4 INACTIVE None 225.0.0.5 INACTIVE...
  • Page 433 Command Line Interface Table 4-74. LLDP Commands Command Function Mode Page lldp transmit-hold Configures the time-to-live (TTL) value sent in LLDP 4-202 advertisements lldp reinit-delay Configures the delay before attempting to re-initialize 4-202 after LLDP ports are disabled or the link goes down lldp notification-interval Configures the allowed interval for sending SNMP 4-203...

  • Page 434: Lldp Transmit-Interval

    LLDP Table 4-74. LLDP Commands Command Function Mode Page show lldp info Shows statistical counters all LLDP-enabled interfaces PE 4-215 statistics * Vendor-specific options may or may not be advertised by neighboring devices. lldp transmit-interval This command configures the periodic transmit interval for LLDP advertisements. Use the no form to restore the default setting.

  • Page 435: Lldp Transmit-Hold

    Command Line Interface Command Usage • The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission.

  • Page 436: Lldp Notification-Interval

    LLDP Syntax lldp reinit-delay <seconds> no lldp reinit-delay • seconds - Specifies the delay before attempting to re-initialize LLDP. (Range: 5 - 10 seconds) Default Setting 2 seconds Command Mode Global Configuration Command Usage • When LLDP is re-initialized on a port, all information in the remote systems LLDP MIB associated with this port is deleted.

  • Page 437: Lldp

    Command Line Interface transmission loss. Example Console(config)#lldp notification-interval 30 Console(config)# lldp This command enables LLDP transmit, receive, or transmit and receive mode on the specified port. Use the no form to restore the default setting. Syntax lldp {transmit-and-receive | transmit-only | receive-only} no lldp •...

  • Page 438: Lldp Basic-Tlv Description

    LLDP Command Usage • The management address protocol packet includes the IPv4 address of the ECN430-switch. If no management address is available, the address should be the MAC address for the CPU or for the port sending this advertisement. • The management address TLV may also include information about the specific interface associated with this address, and an object identifier indicating the type of hardware component or protocol entity associated with this address.

  • Page 439: Lldp Basic-Tlv System-Capabilities

    Command Line Interface Example Console(config)#interface ge1/1 Console(config-if)#lldp basic-tlv description Console(config-if)# lldp basic-tlv system-capabilities This command configures an LLDP-enabled port to advertise its system capabilities. Use the no form to disable this feature. Syntax [no] lldp basic-tlv system-capabilities Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage...

  • Page 440: Lldp Basic-Tlv System-Name

    LLDP type, software operating system, and networking software. Example Console(config)#interface ge1/1 Console(config-if)#lldp basic-tlv system-description Console(config-if)# lldp basic-tlv system-name This command configures an LLDP-enabled port to advertise the system name. Use the no form to disable this feature. Syntax [no] lldp basic-tlv system-name Default Setting Disabled Command Mode...

  • Page 441: Lldp Dot1-Tlv Port-Vlan-Id

    Command Line Interface Command Usage • This option sends out SNMP trap notifications to designated target stations at the interval specified by the lldp notificationinterval command. Trap notifications include information about state changes in the LLDP MIB (IEEE 802.1AB), or vendor-specific LLDP-EXT-DOT1 and LLDP-EXT-DOT3 MIBs. •...

  • Page 442: Lldp Dot1-Tlv Port-Protocol-Vlan-Id

    LLDP lldp dot1-tlv port-protocol-vlan-id This command configures an LLDP-enabled port to advertise port-related VLAN information. Use the no form to disable this feature. Syntax [no] lldp dot1-tlv port-protocol-vlan-id Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...

  • Page 443: Lldp Dot1-Tlv Protocol-Identity

    Command Line Interface lldp dot1-tlv protocol-identity This command configures an LLDP-enabled port to advertise the supported protocols. Use the no form to disable this feature. Syntax [no] lldp dot1-tlv protocol-identity Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...

  • Page 444: Lldp Dot3-Tlv Link-Aggregation

    LLDP lldp dot3-tlv link-aggregation This command configures an LLDP-enabled port to advertise its link aggregation capabilities. Use the no form to disable this feature. Syntax [no] lldp dot3-tlv link-aggregation Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...

  • Page 445: Lldp Dot3-Tlv Maximum-Frame-Size

    Command Line Interface Example Console(config)#interface ge1/1 Console(config-if)#lldp dot3-tlv power-via-mdi Console(config-if)# lldp dot3-tlv maximum-frame-size This command configures an LLDP-enabled port to advertise its maximum frame size. Use the no form to disable this feature. Syntax [no] lldp dot3-tlv maximum-frame-size Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel)

  • Page 446: Show Lldp Info Local-Device

    LLDP Console#show lldp config LLDP Global Configuation LLDP Transmit interval : 30 LLDP Hold Time Multiplier : 4 LLDP Delay Interval : 2 LLDP Reinit Delay : 2 LLDP Notification Interval : 5 LLDP Port Configuration Port AdminStatus NotificationEnabled -------- + ----------- ------------------- ge1/1 Rx False ge1/2 Rx False ge1/3 Rx False...

  • Page 447: Show Lldp Info Remote-Device

    Command Line Interface Example Console#show lldp info local-device LLDP Local System Information Chassis Type : MAC Address Chassis ID : 00-01-22-33-44-AB System Description : ECN430 System Capabilities Support : Bridge, Router System Capabilities Enable : Bridge, Router Management Address : 0.0.0.0 (IPv4) LLDP Port Information Port | PortID Type PortID PortDesc ----- + ---------------- ----------------- -----------------...

  • Page 448: Show Lldp Info Statistics

    LLDP show lldp info statistics This command shows statistical counters all LLDP-enabled interfaces. Syntax show lldp info statistics [detail] • detailed - Shows detailed information. Command Mode Privileged Exec Example switch#show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated : 0 seconds New Neighbor Entries Count : 0 Neighbor Entries Deleted Count : 0 Neighbor Entries Dropped Count : 0...

  • Page 449: Upnp

    Command Line Interface UPnP Universal Plug and Play (UPnP) is a set of computer network protocols promulgated by the UPnP Forum. The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home (data sharing, communications, and entertainment) and corporate environments.

  • Page 450: Upnp Device

    UPnP upnp device This command enables UPnP on the device. Use the no form to disable UPnP. Syntax [no] upnp device} Default Setting Enabled Command Mode Global Configuration Command Usage You must enable UPnP before you can configure time out settings for sending of UPnP messages.

  • Page 451: Upnp Device Advertise Duration

    Command Line Interface Example In the following example, the ttl is set to 20 seconds. Console(config)#upnp device ttl 20 Console(config)# Related Commands upnp device advertise duration (4-218) upnp device advertise duration This command sets the duration of which a device will advertise its status to the control point.

  • Page 452: Ip Interface Commands

    IP Interface Commands Example Console#show upnp UPnP global settings: Status: Enabled Advertise duration: TTL: Console# IP Interface Commands An IP addresses may be used for management access to the switch over your network. The IP address for this switch is obtained via DHCP by default. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on.

  • Page 453: Ip Dhcp Restart

    Command Line Interface Default Setting DHCP Command Mode Interface Configuration (VLAN) Command Usage • You must assign an IP address to this device to gain management access over the network. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server.

  • Page 454: Ip Default-Gateway

    IP Interface Commands • DHCP requires the server to reassign the client’s last address if available. • If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will be based on this new domain.

  • Page 455: Show Ip Interface

    Command Line Interface show ip interface This command displays the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Example Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console# Related Commands show ip redirects (4-222)

  • Page 456: Ip Source Guard Commands

    IP Source Guard Commands because the switch adds header information. • count - Number of packets to send. (Range: 1-16, default: 5) Default Setting This command has no default for the host. Command Mode Normal Exec, Privileged Exec Command Usage •...

  • Page 457: Ip Source-Guard

    Command Line Interface prevent traffic attacks caused when a host tries to use the IP address of a neighbor to access the network. This section describes commands used to configure IP Source Guard. Table 4-77. IP Source Guard Commands Command Function Mode Page...

  • Page 458: Ip Source-Guard Binding

    IP Source Guard Commands VLAN identifier, and port identifier. • Static addresses entered in the source guard binding table with the ip source-guard binding command (page ) are automatically configured 4-225 with an infinite lease time. Dynamic entries learned via DHCP snooping are configured by the DHCP server itself;...
  • Page 459 Command Line Interface no ip source-guard mac-address vlan vlan-id • mac-address - A valid unicast MAC address. • vlan-id - ID of a configured VLAN (Range: 1-4094) • ip-address - A valid unicast IP address, including classful types A, B or C. •...

  • Page 460: Show Ip Source-Guard

    DHCP Snooping Commands show ip source-guard This command shows whether source guard is enabled or disabled on each interface. Command Mode Privileged Exec Example Console#show ip source-guard Interface Filter-type --------- ----------- Eth 1/1 DISABLED Eth 1/2 DISABLED Eth 1/3 DISABLED Eth 1/4 DISABLED Eth 1/5...

  • Page 461: Ip Dhcp Snooping

    Command Line Interface Table 4-78. DHCP Snooping Commands Command Function Mode Page ip dhcp snooping Enables DNS-based host name-to-address translation 4-233 information policy ip dhcp snooping Displays the static host name-to-address mapping table 4-233 database flash show ip dhcp snooping Displays the configuration for DNS services 4-234 show ip dhcp snooping...
  • Page 462 DHCP Snooping Commands a trusted port. If the received packet is a DHCP ACK message, a dynamic DHCP snooping entry is also added to the binding table. - If DHCP snooping is enabled globally, and also enabled on the VLAN where the DHCP packet is received, but the port is not trusted, it is processed as follows: - If the DHCP packet is a reply packet from a DHCP server (including...

  • Page 463: Ip Dhcp Snooping Vlan

    Command Line Interface ip dhcp snooping vlan This command enables DHCP snooping on the specified VLAN. Use the no form to restore the default setting. Syntax [no] ip dhcp snooping vlan vlan-id • vlan id - ID of a configured VLAN (Range: 1-4094) Default Setting Disabled Command Mode...

  • Page 464: Ip Dhcp Snooping Verify Mac-Address

    DHCP Snooping Commands Default Setting All interfaces are untrusted Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.

  • Page 465: Ip Dhcp Snooping Information Option

    Command Line Interface Command Usage If MAC address verification is enabled, and the source MAC address in the Ethernet header of the packet is not same as the client’s hardware address in the DHCP packet, the packet is dropped. Example This example enables MAC address verification.

  • Page 466: Ip Dhcp Snooping Information Policy

    DHCP Snooping Commands Example This example enables the DHCP Snooping Information Option. Console(config)#ip dhcp snooping information option Console(config)# ip dhcp snooping information policy This command sets the DHCP snooping information option policy for DHCP client packets that include Option 82 information. Syntax ip dhcp snooping information policy <drop | keep | replace>...

  • Page 467: Show Ip Dhcp Snooping

    Command Line Interface Example Console(config)#ip dhcp snooping database flash Console(config)# show ip dhcp snooping This command shows the DHCP snooping configuration settings. Command Mode Privileged Exec Example Console#show ip dhcp snooping Global DHCP Snooping status: disable DHCP Snooping is configured on the following VLANs: Verify Source Mac-Address: enable Interface Trusted...

  • Page 468: Switch Cluster Commands

    Switch Cluster Commands Switch Cluster Commands Switch Clustering is a method of grouping switches together to enable centralized management through a single unit. A switch cluster has a “Commander” unit that is used to manage all other “Member” switches in the cluster. The management station uses Telnet to communicate directly with the Commander throught its IP address, and the Commander manages Member switches using cluster “internal”...

  • Page 469: Cluster Commander

    Command Line Interface • Cnfigured switch clusters are maintained across power resets and network changes. Example Console(config)#cluster Console(config)# cluster commander This command enables the switch as a cluster Commander. Use the no form to disable the switch as cluster Commander. Syntax [no] cluster commander Default Setting...

  • Page 470: Cluster Member

    Switch Cluster Commands Command Mode Global Configuration Command Usage • An “internal” IP address pool is used to assign IP addresses to Member switches in the cluster. Internal cluster IP addresses are in the form 10.x.x.member-ID. Only the base IP address of the pool needs to be set since Member IDs can only be between 1 and 36.

  • Page 471: Rcommand

    Command Line Interface Example Console(config)#cluster member mac-address 00-12-34-56-78-9a id 5 Console(config)# rcommand This command provides access to a cluster Member CLI for configuration. Syntax rcommand id <member-id> • member-id - The ID number to assign to the Member switch. (Range: 1-36) Command Mode Privileged Exec Command Usage...

  • Page 472: Show Cluster Members

    Switch Cluster Commands Example Console#show cluster Role: commander Interval heartbeat: 30 Heartbeat loss count: 3 Number of Members: 1 Number of Candidates: 2 Console# show cluster members This command shows the current switch cluster members. Command Mode Privileged Exec Example Console#show cluster members Cluster Members: ID: 1...
  • Page 473 Command Line Interface 4-240...

  • Page 474: Appendix A: Software Specifications

    Appendix A: Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port Security Access Control Lists DHCP Client Port Configuration 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex 1000BASE-SX/LX/LH - 1000 Mbps at full duplex (SFP), Flow Control Full Duplex: IEEE 802.3x Half Duplex: Back pressure...

  • Page 475: Management Features

    Software Specifications SNTP (Simple Network Time Protocol) SNMP (Simple Network Management Protocol) RMON (Remote Monitoring, groups 1,2,3,9) SMTP Email Alerts Management Features In-Band Management Telnet, Web-based HTTP or HTTPS, SNMP manager, or Secure Shell Out-of-Band Management RS-232 DB-9 console port Software Loading TFTP in-band or XModem out-of-band SNMP...

  • Page 476: Management Information Bases

    Management Information Bases Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) IP Multicasting related MIBs MAU MIB (RFC 2668)
  • Page 477 Software Specifications...

  • Page 478: Appendix B: Troubleshooting

    8 data bits, 1 stop bit, no parity, and the baud rate set to any of the serial port connection following (9600, 19200, 38400, 57600, 115200 bps). • Check that the null-modem serial cable conforms to the pin-out connections provided in the Installation Guide. Forgot or lost the password • Contact SMC Technical Support for help.

  • Page 479: Using System Logs

    Troubleshooting Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.

  • Page 480: Glossary

    Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
  • Page 481 Glossary GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network. Generic Attribute Registration Protocol (GARP) GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so...
  • Page 482 Glossary IEEE 802.3x Defines Ethernet frame start/stop requests and timers used for flow control on full-duplex links. IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. IGMP Query On each subnetwork, one IGMP-capable device will act as the querier —...
  • Page 483 Glossary MD5 Message-Digest Algorithm An algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
  • Page 484 Glossary Remote Monitoring (RMON) RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard SNMP, and can set alarms on a variety of traffic conditions, including specific error types. Rapid Spanning Tree Protocol (RSTP) RSTP reduces the convergence time for network topology changes to about 10% of that required by the older IEEE 802.1D STP standard.
  • Page 485 Glossary Trivial File Transfer Protocol (TFTP) A TCP/IP protocol commonly used for software downloads. User Datagram Protocol (UDP) provides a datagram mode for packet-switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets –...

  • Page 486: Index

    Index DHCP 3-16, 4-217, 4-218, 4-219 Numerics client 3-14 802.1x, port authentication 4-80 dynamic configuration 2-5 81047 Differentiated Code Point Service See Heading 2 DSCP LLDP downloading software 3-18, 4-64 3-140 DSCP enabling 3-151, 4-175 mapping priorities 3-152, 4-176 acceptable frame type 3-132, 4-155 dynamic addresses, displaying 3-109, Access Control List See ACL 4-137...
  • Page 487 Index snooping 3-162, 4-178 displaying 3-166, 4-181 snooping, configuring 3-162, 4-178 multicast, static router port 3-165, ingress filtering 3-132, 4-156 4-185 IP address BOOTP/DHCP 3-16, 4-217, 4-218, 4-219 password, line 4-12 setting 2-4, 3-14, 3-17, 4-217, passwords 2-4 4-218, 4-219 administrator setting 3-50, 4-25 IP precedence path cost 3-113, 3-119...
  • Page 488 Index static addresses, setting 3-108, 4-135 statistics RADIUS, logon authentication 3-51, port 3-99, 4-118 4-72 STP 3-115, 4-140 rate limits, setting 3-98, 4-124 STP Also see STA remote logging 4-46 system clock, setting 3-32, 4-53 restarting the system 4-21 system software, downloading from RSTP 3-111, 4-140 server 3-18, 4-64 global configuration 3-112, 4-140...
  • Page 489 Index menu list 3-3 panel display 3-3 Index-4...
  • Page 491 PORTUGUES Informações sobre Suporte Técnico em www.smc.com SWEDISH Information om Teknisk Support finns tillgängligt på www.smc.com INTERNET E-mail address: techsupport@smc.com Driver updates http://www.smc.com/ index.cfm?action=tech_support_drivers_downloads World Wide Web http://www.smc.com/ SMC8124PL2 20 Mason • Irvine, CA 92618 • Phn: 949-679-8000 • www.smc.com...

This manual is also suitable for:

Tigerswitch smc8124pl2

Table of Contents