Vdsl switch (with ac power connector) supporting 12 vdsl lines, with 2 slots for optional 1000base-sx, 1000base-lx, 1000base-t or 1000base-x gbic uplink modules
Page 3
Management Guide VDSL Switch-V4512 VDSL Switch (with AC power connector) supporting 12 VDSL lines, with 2 Slots for Optional 1000BASE-SX, 1000BASE-LX, 1000BASE-T or 1000BASE-X GBIC uplink modules VDSL Switch-VS4512DC VDSL Switch (with DC power connector) supporting 12 VDSL lines, with 2 Slots for Optional 1000BASE-SX, 1000BASE-LX, 1000BASE-T or 1000BASE-X GBIC uplink modules...
Page 4
Singapore 229594 Phone: +65 238 6556 Fax: +65 238 6466 Internet: www.acctontech.com Accton is a trademark of Accton Technology Corporation. Other trademarks or brand names mentioned herein are trademarks or registered trademarks of their respective companies. VS4512 VS4512DC F1.0.4.0 E122003-R02...
Contents Chapter 1: Introduction Key Features Description of Software Features System Defaults Chapter 2: Initial Configuration Connecting to the Switch Configuration Options Required Connections Remote Connections Basic Configuration Console Connection Setting Passwords Setting an IP Address Manual Configuration Dynamic Configuration Enabling SNMP Management Access Community Strings Trap Receivers...
Page 6
Contents Saving or Restoring Configuration Settings 3-16 Downloading Configuration Settings from a Server 3-16 Setting the Startup Configuration File 3-17 Copying the Running Configuration to a File 3-17 Resetting the System 3-18 Setting the System Clock 3-18 Configuring SNTP 3-18 Setting the Time Zone 3-19 Simple Network Management Protocol...
Page 7
Contents Address Table Settings 3-73 Setting Static Addresses 3-73 Displaying the Address Table 3-74 Changing the Aging Time 3-75 Spanning Tree Algorithm Configuration 3-76 Displaying Global Settings 3-77 Configuring Global Settings 3-79 Displaying Interface Settings 3-81 Configuring Interface Settings 3-84 VLAN Configuration 3-86 Overview...
Page 8
Contents Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands...
Page 9
Contents User Access Commands 4-24 username 4-24 enable password 4-25 IP Filter Commands 4-26 management 4-26 show management 4-27 Web Server Commands 4-28 ip http port 4-28 ip http server 4-28 ip http secure-server 4-29 ip http secure-port 4-30 ip telnet server 4-30 Secure Shell Commands 4-31...
Page 10
Contents System Status Commands 4-49 show startup-config 4-49 show running-config 4-51 show system 4-53 show users 4-53 show version 4-54 Flash/File Commands 4-55 copy 4-55 delete 4-57 4-58 whichboot 4-59 boot system 4-59 Authentication Commands 4-60 Authentication Sequence 4-60 authentication login 4-60 RADIUS Client 4-61...
Page 11
Contents SNMP Commands 4-76 snmp-server community 4-76 snmp-server contact 4-77 snmp-server location 4-77 snmp-server host 4-78 snmp-server enable traps 4-79 snmp ip filter 4-80 show snmp 4-81 DHCP Commands 4-82 DHCP Client 4-82 ip dhcp client-identifier 4-82 ip dhcp restart client 4-83 Interface Commands 4-84...
Page 12
Contents show controllers efm admin 4-112 show controllers efm profile 4-112 show controllers efm status 4-114 show controllers efm remote ethernet mode 4-115 show controllers efm-noise-margin 4-116 show controllers efm channel-performance 4-117 show controllers efm line-table 4-117 show controllers efm phy-table 4-118 show controllers efm channel-table 4-119...
Page 14
Contents IP Interface Commands 4-166 Basic IP Configuration 4-166 ip address 4-167 ip default-gateway 4-168 show ip interface 4-168 show ip redirects 4-169 ping 4-169 Appendix A: Software Specifications Software Features Management Features Standards Management Information Bases Appendix B: Troubleshooting Glossary Index...
Chapter 1: Introduction The switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
Introduction Feature Description Virtual LANs Up to 255 using IEEE 802.1Q, port-based, or private VLANs Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or Differentiated Services Code Point (DSCP) Multicast Filtering Supports IGMP snooping and query Description of Software Features The switch provides a wide range of advanced performance enhancing features.
Page 17
Description of Software Features Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity. Port Trunking –...
Page 18
Introduction Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
System Defaults System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-17). The following table lists some of the basic system defaults. Function Parameter Default...
Page 20
Introduction Function Parameter Default Web Management HTTP Server Enabled HTTP Port Number HTTP Secure Server Enabled HTTP Secure Port Number SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabled Link-up-down events: enabled IP Filtering Disabled Port Configuration Admin Status Enabled Auto-negotiation Enabled...
Page 21
System Defaults Function Parameter Default Acceptable Frame Type Ingress Filtering Disabled Switchport Mode (Egress Hybrid: tagged/untagged frames Mode) Traffic Prioritization Ingress Port Priority Weighted Round Robin Queue: 0:1 2:16 3:64 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Settings IP Address 0.0.0.0 Subnet Mask...
Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
Initial Configuration • Globally set broadcast storm control • Display system information and statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.
Basic Configuration Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. The IP address for this switch is assigned by DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address”...
Initial Configuration Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names using the “username” command, record them and put them in a safe place. Passwords can consist of up to 8 alphanumeric characters and are case sensitive.
Basic Configuration Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this network To assign an IP address to the switch, complete the following steps: From the Privileged Exec level global configuration mode prompt, type “interface vlan 1”...
Initial Configuration Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end...
Basic Configuration To configure a community string, complete the following steps: From the Privileged Exec level global configuration mode prompt, type “snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>. (Note that the default mode is read only.) To remove an existing string, simply type “no snmp-server community string,”...
Initial Configuration Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file. The three types of files are: •...
Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).
Configuring the Switch Navigating the Web Browser Interface To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.” Home Page When your web browser connects with the switch’s web agent, the home page is displayed as shown below.
Navigating the Web Browser Interface Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer 5.x is configured as follows: Under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings,” the setting for item “Check for newer versions of stored pages”...
Page 34
Configuring the Switch Menu Description Page SNTP 3-18 Configuration Configures SNTP client settings, including broadcast mode or a 3-18 specified list of servers Clock Time Zone Sets the local time zone for the system clock 3-19 SNMP 3-20 Configuration Configures community strings and related trap functions 3-21 IP Filtering Sets IP addresses of clients allowed management access...
Page 35
Navigating the Web Browser Interface Menu Description Page Rate Limit 3-50 Input Port Configuration Sets the input rate limit for each port 3-50 Input Trunk Configuration Sets the input rate limit for each trunk 3-50 Output Port Configuration Sets the output rate limit for each port 3-50 Output Trunk Configuration Sets the output rate limit for each trunk 3-50...
Page 36
Configuring the Switch Menu Description Page VLAN 3-86 802.1Q VLAN 3-86 Basic Information Displays information on the VLAN type supported by this switch 3-88 Current Table Shows the current port members of each VLAN and whether or 3-89 not the port is tagged or untagged Static List Used to create or remove VLAN groups 3-91...
Basic Configuration Menu Description Page IGMP Snooping 3-109 IGMP Configuration Enables multicast filtering; configures parameters for multicast 3-110 query Multicast Router Displays the ports that are attached to a neighboring multicast 3-111 Port Information router for each VLAN ID Static Multicast Router Port Assigns ports that are attached to a neighboring multicast router 3-112 Configuration...
Page 38
Configuring the Switch Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows access to the Command Line Interface via Telnet.) CLI –...
Basic Configuration Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • Serial Number – The serial number of the switch. •...
Configuring the Switch CLI – Use the following command to display version information. Console#show version 4-54 Unit1 Serial number Service tag Hardware version Module A type :not present Module B type :not present Number of ports Main power status Redundant power status : Agent(master) Unit id Loader version...
Configuring the Switch Command Attributes • Management VLAN – ID of the configured VLAN (1-4093, no leading zeroes). By default, all ports on the switch are members of VLAN 1. However, the management station can be attached to a port belonging to any VLAN, as long as that VLAN has been assigned an IP address.
Basic Configuration CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 4-84 Console(config-if)#ip address 192.168.1.254 255.255.255.0 4-167 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.253 4-168 Console(config)# Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services.
Configuring the Switch Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service via the CLI.
Basic Configuration Note: Up to two copies of the system software (i.e., the runtime firmware) can be stored in the file directory on the switch. The currently designated startup version of this file cannot be deleted. Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file.
Configuring the Switch CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file 4-55 TFTP server ip address: 10.1.0.19...
Basic Configuration Setting the Startup Configuration File If you download to a new file name, select the new file from the drop-down list for Startup Configuration File, and press Apply Changes. To use the new settings, reboot the system via the System/Reset menu. CLI –...
Configuring the Switch Resetting the System Web – Click System, Reset. Click the Reset button to restart the switch. CLI – Use the reload command to restart the switch. Console#reload 4-20 System will be restarted, continue <y/n>? Note: When restarting the system, it will always run the Power-On Self-Test. Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP).
Basic Configuration • SNTP Poll Interval – Sets the interval between sending requests for a time update from a time server when set to SNTP Client mode. (Range: 16-16284 seconds; Default: 16 seconds) • SNTP Server – In unicast mode, sets the IP address for up to three time servers.
Configuring the Switch Web – Select SNTP, Clock Time Zone. Set the offset for your time zone relative to the UTC, and click Apply. CLI - This example shows how to set the time zone for the system clock. Console(config)#clock timezone Dhaka hours 6 minute 0 after-UTC 4-48 Console# Simple Network Management Protocol...
Simple Network Management Protocol Setting Community Access Strings You may configure up to five community strings authorized for management access. All community strings used for IP Trap Managers should be listed in this table. For security reasons, you should consider removing the default strings. Command Attributes •...
Configuring the Switch Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as HP OpenView.
Simple Network Management Protocol Filtering Addresses for SNMP Client Access The switch allows you to create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch via SNMP management software. Command Usage •...
Configuring the Switch CLI – This example allows SNMP access for a specific client. Console(config)#snmp ip filter 10.1.2.3 255.255.255.255 4-80 Console(config)# User Authentication. Use the Passwords or RADIUS/TACACS+ menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch (Passwords menu), or you can use a remote access authentication server based on the RADIUS/TACACS+ protocol.
User Authentication. CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password. Console(config)#username bob access-level 15 4-24 Console(config)#username bob password 0 smith Console(config)# Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords.
Page 56
Configuring the Switch Command Attributes • – Select the authentication, or authentication sequence Authentication required: - Local – User authentication is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server only. – User authentication is performed using a TACACS+ server only. TACACS –...
Page 57
User Authentication. Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply. CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius 4-60 Console(config)#radius-server host 192.168.1.25...
Configuring the Switch Telnet Settings Telnet access to the switch can be enabled via the Web or CLI. Web – Click Security, Telnet Settings, then check the checkbox to enable access via Telnet (i.e., a virtual terminal). CLI – This example enables Telnet access to the switch. Console#config 4-30 Console(config)#ip telnet server...
User Authentication. Command Attributes • – Allows you to enable/disable the HTTPS server feature on the HTTPS Status switch. (Default: Enabled) • – Specifies the UDP port number used for HTTPS/ Change HTTPS Port Number SSL connection to the switch’s web interface. (Default: Port 443) Web –...
Configuring the Switch Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as, rsh (remote shell), and rexec (remote execute), are not secure from hostile attacks.
User Authentication. CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the administrator has made a connection via SHH, and then disabled this connection. Console(config)#ip ssh server 4-31 Console(config)#ip ssh timeout 100 4-35 Console(config)#ip ssh authentication-retries 5 4-33...
Page 62
Configuring the Switch Command Attributes • – Port number. Port • – The action to be taken when a port security violation is detected: Action* - None: No action should be taken. (This is the default.) - Trap: Send an SNMP trap message. - Shutdown: Disable the port.
User Authentication. Configuring 802.1x Port Authentication Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Configuring the Switch Displaying 802.1x Global Settings The dot1x protocol includes global parameters that control the client authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
Page 65
User Authentication. CLI – This example shows the default protocol settings for 802.1x. For a description of the additional entries displayed in the CLI, See “show dot1x” on page 73. Console#show dot1x 4-73 Global 802.1X Parameters reauth-enabled: yes reauth-period: quiet-period: tx-period: supp-timeout: server-timeout: 30...
Configuring the Switch Configuring 802.1x Global Settings The dot1x protocol includes global parameters that control the client authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
Configuring the Switch CLI – This example sets the authentication mode to enable 802.1x on port 2, and allows up to ten clients to connect to this port. Console(config)#interface ethernet 1/2 4-84 Console(config-if)#dot1x port-control auto 4-70 Console(config-if)#dot1x operation-mode multi-host max-count 10 4-70 Console(config-if)# Displaying 802.1x Statistics...
Port Configuration CLI – This example displays the 802.1x statistics for port 4. Console#show dot1x statistics interface ethernet 1/4 4-73 Eth 1/4 Rx: EXPOL EAPOL EAPOL EAPOL Start Logoff Invalid Total Resp/Id Resp/Oth LenError 1007 Last Last EAPOLVer EAPOLSrc 00-00-E8-98-73-21 Tx: EAPOL Total Req/Id...
Page 70
Configuring the Switch • Max MAC Count – Shows the maximum number of MAC address that can be learned by a port. (0 - 20 addresses) • – Shows the current speed and duplex mode. Speed Duplex Status • – Indicates the type of flow control currently in use. Flow Control Status (IEEE 802.3x, Back-Pressure or None) •...
Page 71
Port Configuration - 10full - Supports 10 Mbps full-duplex operation - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-duplex operation - 1000full - Supports 1000 Mbps full-duplex operation - Sym - Transmits and receives pause frames for flow control - FC - Supports flow control •...
Configuring the Switch CLI – This example shows the connection status for Port 5. Console#show interfaces status ethernet 1/5 4-91 Information of Eth 1/5 Basic information: Port type: 1000T Mac address: 00-30-f1-47-58-46 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full, Broadcast storm: Enabled Broadcast storm limit: 500 packets/second Flow control: Disabled...
Page 73
Port Configuration • – Allows auto-negotiation to be enabled/ Autonegotiation (Port Capabilities) disabled. When auto-negotiation is enabled, you need to specify the capabilities to be advertised. When auto-negotiation is disabled, you can force the settings for speed, mode, and flow control.The following capabilities are supported. - 10half - Supports 10 Mbps half-duplex operation - 10full - Supports 10 Mbps full-duplex operation - 100half - Supports 100 Mbps half-duplex operation...
Port Configuration Statically Configuring a Trunk Command Usage • When configuring static trunks, you may not statically be able to link switches of different types, configured depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.
Configuring the Switch CLI – This example creates trunk 2 with ports 13 and 14. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 1 4-84 Console(config-if)#exit Console(config)#interface ethernet 1/13 4-84 Console(config-if)#channel-group 1 4-99 Console(config-if)#exit...
Page 77
Port Configuration Web – Click Port, LACP, Configuration. Select switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply. CLI – The following example enables LACP for ports 13 and 14. Just connect these ports to LACP-enabled trunk ports on another switch to form a trunk.
Configuring the Switch Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
Port Configuration CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 packets per second for port 2. This threshold will then apply to all ports with broadcast storm control enabled.
Configuring the Switch Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the target port, then click CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port. Note that default mirroring under the CLI is for both received and transmitted packets.
Port Configuration Web - Click Rate Limit, Input/Output Port/Trunk Configuration. Set the Input Rate Limit Status or Output Rate Limit Status, then set the rate limit for the individual interfaces, and click Apply. CLI - This example sets the rate limit for input and output traffic passing through port 1 to 50 Mbps.
Configuring the Switch Statistical Values Parameter Description Interface Statistics Received Octets The total number of octets received on the interface, including framing characters. Received Unicast Packets The number of subnetwork-unicast packets delivered to a higher-layer protocol. Received Multicast Packets The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addressed to a multicast address at this sub-layer.
Page 83
Port Configuration Parameter Description Single Collision Frames The number of successfully transmitted frames for which transmission is inhibited by exactly one collision. Internal MAC Transmit Errors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error. Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision.
Page 84
Configuring the Switch Parameter Description 64 Bytes Frames The total number of frames (including bad packets) received and transmitted that were 64 octets in length (excluding framing bits but including FCS octets). 65-127 Byte Frames The total number of frames (including bad packets) received and transmitted where the number of octets fall within the specified range 128-255 Byte Frames (excluding framing bits but including FCS octets).
Configuring the Switch VDSL Configuration You can configure and display communication parameters for VDSL and Ethernet ports on the switch and connected CPEs. VDSL Global Configuration This Web page assigns the same profile to each VDSL switch port. Details of these profiles are given in the table below.
Page 87
VDSL Configuration 4. The maximum distances for VDSL links using the recommended profiles are: Upstream Downstream Mode Max. Range 16 Mbps 16 Mbps Symmetric 600m (1970 ft) 11 Mbps 34 Mbps Asymetric 610m (2000 ft) 5. Type-1 26 AWG (100 ohm)/0.4 mm, or Type-2 24 AWG (100 ohm)/0.5 mm cable may be installed to achieve the maximum distance.
Configuring the Switch VDSL Port Configuration You can enable/disable a selected port, enable/disable Remote Digital Loopback (RDL), set the optimal transmission rate, and configure a profile for the selected port. Command Attributes • Active Status – Check this box to enable the selected port. •...
Page 89
VDSL Configuration Profile Name Theoretical Minimum Signal-to-Noise Ratio (dB) A5-50-7 A6-22-3A A7-40-5A Not Used A8-46-7A TLAN Max-Rate Noise margins should be configured to a level appropriate to the actual noise level of the environment. A noisier environment requires a higher noise margin to ensure a stable link.
Page 90
Configuring the Switch Web – Click VDSL, Port Configuration. Select a port from the drop-down list, and click Select. CLI – The following examples show how these features are configured in the CLI. Examples The following example disables VDSL port 1. Console(config)#interface ethernet 1/1 4-84 Console(config-if)#efm shutdown...
VDSL Configuration The following example shows rate adaption enabled for port 1. Console#config Console(config)#interface ethernet 1/1 4-84 Console(config-if)#efm rate-adapt 4-108 Console(config-if)#end Console# The following example configures VDSL port 1 with an upstream noise margin of 6, and a downstream noise margin of 6. Console#config Console(config)#interface ethernet 1/1 4-84...
Page 92
Configuring the Switch - PBO – Indicates the status of the power back-off mechanism (on/off). If PBO is enabled, the power of transmission from the port will automatically be adjusted to ensure that the signal successfully reaches the receive port. - Rate Adaptation –...
Page 93
VDSL Configuration CLI –The following examples show how VDSL link current values are displayed in the CLI. Examples The following example displays VDSL link current values on VDSL switch port 2. Console#show controller efm Ethernet 1/2 actual dsrserrs 4-111 Downstream Reed-Solomon errors: 0 Console#show controller efm Ethernet 1/2 actual link Link status: Down Console#show controller efm Ethernet 1/2 actual rxpower...
Configuring the Switch Displaying VDSL Port Ethernet Statistics VDSL Port Ethernet Statistics display key statistics for an interface. Web – Click VDSL, VDSL Port Ethernet Statistics. 3-64...
Configuring the Switch • Config Profile – In this version, only “DEFVAL” is displayed. In future versions, a drop-down list of all configurable VDSL profiles will be displayed in this field. • Alarm Config Profile – The alarm profile is pre-configured to send trap messages via SNMP protocol to register errors on the VDSL line.
Page 97
VDSL Configuration • Physical Interfaces Information - Serial Number – A number given by the manufacturer to the item produced. This only displays on the CPE side. - Vendor ID – The name of the manufacturer of this switch. - Version Number – The number of the current hardware. - Current Signal to Noise Ratio Margin –...
Page 98
Configuring the Switch Web – Click VDSL, Interface Information. Select Line and Channel from the drop-down lists, and click Query. CLI – The following examples show how these parameters are displayed in the CLI. Examples The following example displays physical interface information for VDSL port 1.
VDSL Configuration VDSL Performance Monitor Information This screen displays line and channel performance data information since the switch was last reset, during the current 15 minute interval, and during the current day. Command Attributes • Line – Select the VDSL line from the drop-down list. •...
Page 100
Configuring the Switch Web – Click VDSL, Performance Monitor Information. 3-70...
Page 101
VDSL Configuration CLI – Use the show controllers efm current-performance command. Example Console#show controllers efm current-performance vtu-c 1/1 4-120 VDSL_PERF_DATA_ENTRY : Ethernet 1/1 Loss of Framing Ethernet 1/1 Loss of Signal Ethernet 1/1 Loss of Power Ethernet 1/1 Loss of Link Ethernet 1/1 Errored Seconds Ethernet 1/1...
Configuring the Switch Monitoring VDSL Performance History This page displays line and channel performance data information during selected 15 minute intervals over the last 24 hours of switch operation, and during selected 1-day intervals from the current day to 30 days ago. Command Attributes •...
VDSL Configuration Web – Click VDSL, Performance Monitor History. Note: The parameters described above are not displayed in the CLI for periods before the current 15 minute, or 24 hour interval. To display these parameters during the current 15 minute, or 24 hour period see “VDSL Performance Monitor Information” on page 3-69.
Configuring the Switch Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.
VDSL Configuration Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query CLI – This example also displays the address table entries for port 1. Console#show mac-address-table interface ethernet 1/1 4-123 Interface Mac Address...
Configuring the Switch Web – Click Address Table, Address Aging. Specify the new aging time, click Apply CLI – This example sets the aging time to 400 seconds. Console(config)#mac-address-table aging-time 400 4-124 Console(config)# Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
Spanning Tree Algorithm Configuration If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down. This bridge will then initiate negotiations with other bridges to reconfigure the network to reestablish a valid network topology.
Page 108
Configuring the Switch • Configuration Changes – The number of times the Spanning Tree has been reconfigured. • Last Topology Change – Time since the Spanning Tree was last reconfigured. These additional parameters are only displayed for the CLI: • Spanning tree mode – Specifies the type of spanning tree used on this switch: - STP: Spanning Tree Protocol (IEEE 802.1D) - RSTP: Rapid Spanning Tree (IEEE 802.1w) •...
Spanning Tree Algorithm Configuration CLI – This command displays global STA settings, followed by settings for each port. Console#show spanning-tree 4-135 Spanning-tree information --------------------------------------------------------------- Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.)
Page 110
Configuring the Switch • Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Spanning Tree Algorithm Configuration Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. CLI – This example enables Spanning Tree Protocol, and then configures the STA parameters. Console(config)#spanning-tree 4-126 Console(config)#spanning-tree priority 40000 4-129 Console(config)#spanning-tree hello-time 5 4-128 Console(config)#spanning-tree forward-time 20 4-127...
Page 112
Configuring the Switch The rules defining port status are: - A port on a network segment with no other STA compliant bridging device is always forwarding. - If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is discarding.
Page 113
Spanning Tree Algorithm Configuration Backup port receives more useful BPDUs from the same bridge and is therefore not selected as the designated port. These additional parameters are only displayed for the CLI: • Admin status – Shows if this interface is enabled. •...
Configuring the Switch Web – Click Spanning Tree, STA, Port Information or STA Trunk Information. CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 4-135 1/ 5 information ------------------------------------------------------------- Admin status : enable Role : disable State : discarding...
Page 115
Spanning Tree Algorithm Configuration • Trunk – Indicates if a port is a member of a trunk. (STA Port Configuration only) The following interface attributes can be configured: • Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Configuring the Switch • Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the Protocol Migration button to manually re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the selected interfaces.
VLAN Configuration VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to update IP addresses or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN.
Configuring the Switch Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups, such as file servers or printers. Note that if you implement VLANs which do not overlap, but still need to communicate, you can connect them by enabled routing on this switch.
VLAN Configuration CLI – Enter the following command. Console#show bridge-ext 4-146 Max support vlan numbers: 255 Max support vlan ID: 4093 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled GMRP: Disabled Console#...
Page 120
Configuring the Switch Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list. Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no leading zeroes) • Type – Shows how this VLAN was added to the switch - Dynamic: Automatically learned via GVRP* - Static: Added as a static entry * Not supported in the current version...
VLAN Configuration Creating VLANs Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes •...
Configuring the Switch Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port members for the selected Notes: 1. VLAN index. Assign ports as tagged if they are connected to 802.1Q VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices.
VLAN Configuration Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks.
Configuring the Switch Web – Open VLAN, 802.1Q VLAN, Static Membership. Select an interface from the scroll-down box (Port or Trunk). Click Query to display membership information for the interface. Select a VLAN ID, and then click Add to add the interface as a tagged member, or click Remove to remove the interface.
Page 125
VLAN Configuration • Ingress Filtering – Determines how to process frames tagged for VLANs for which the ingress port is not a member. (Default: Disabled) - Ingress filtering only affects tagged frames. - If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port).
Configuring the Switch Web – Click VLAN, 802.1Q VLAN, Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click Apply. CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, sets the GARP timers, and then sets the switchport mode to hybrid.
VLAN Configuration Enabling Private VLANs Use the Private VLAN Status page to enable/disable the Private VLAN function. Web – Click VLAN, Private VLAN, Status. Select Enable or Disable from the scroll-down box, and click Apply. CLI – This example enables private VLANs. Console(config)#pvlan 4-144 Console(config)#...
Class of Service Configuration Command Attributes • Default Priority* – The priority that is assigned to untagged frames received on the specified interface. (Range: 0 - 7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffers provided for each port.
Configuring the Switch Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using four priority queues for each port, with service schedules based on strict or Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p.
Class of Service Configuration Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to output queues. Assign priorities to the traffic classes (i.e., output queues) for the selected interface, then click Apply. CLI –...
Configuring the Switch CLI – The following sets the queue mode to strict priority service mode. Console(config)#queue mode strict 4-151 Console(config)#exit Console#show queue mode 4-151 Queue mode: strict Console# Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue.
Class of Service Configuration CLI – The following example shows how to assign WRR weights to each of the priority queues. Console(config)#queue bandwidth 2 8 16 128 4-149 Console(config)#exit Console#show queue bandwidth 4-151 Queue ID Weight -------- ------ Console# Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements.
Configuring the Switch CLI – The following example enables IP Precedence service on the switch. Console(config)#map ip precedence 4-152 Console(config)# Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
Class of Service Configuration CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings. Console(config)#map ip precedence 4-152 Console(config)#interface ethernet 1/1 4-84 Console(config-if)#map ip precedence 1 cos 0...
Page 136
Configuring the Switch Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service Value field, then click Apply. CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings.
Class of Service Configuration Mapping IP Port Priority In the IP Port Priority page, for each switch port or trunk, you can map IP ports (TCP/UDP ports) to the switch’s 4 traffic class queues. Command Attributes • Current IP Port Table – displays a list of IP ports with their mapped class of service queues.
Configuring the Switch CLI – The following example shows IP Port 80 mapped to CoS value 0 for ethernet port 1. Console(config)#map ip port 4-155 Console(config)#interface ethernet 1/5 Console(config-if)#map ip port 80 cos 0 4-155 Console(config-if)#end Console# show map ip port ethernet 1/5 4-157 TCP port mapping status: enabled Port...
Multicast Filtering Multicast Filtering Multicasting is used to support real-time applications such Unicast as videoconferencing or streaming audio. A multicast Flow server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Configuring the Switch Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance.
Multicast Filtering Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) CLI – This example modifies the settings for multicast filtering, and then displays the current status. Console(config)#ip igmp snooping 4-158 Console(config)#ip igmp snooping querier...
Configuring the Switch Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to display the associated multicast routers. CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.
Multicast Filtering Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add. After you have finished adding interfaces to the list, click Apply.
Configuring the Switch Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service. CLI –...
Page 145
Multicast Filtering Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast service, specify the multicast IP address, and click Add. After you have completed adding ports to the member list, click Apply.
Chapter 4: Command Line Interface This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.
Page 148
Command Line Interface To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 4-84 Console(config-if)#ip address 10.1.0.254 255.255.255.0 Console(config-if)#exit...
Entering Commands Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
Command Line Interface Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, Interface, Line, VLAN Database, or MSTP). You can also display a list of valid keywords for a specific command.
Entering Commands Negating the Effect of Commands For many configuration commands you can enter the prefix keyword “no” to cancel the effect of a command or reset the configuration to the default value. For example, the logging command will log system messages to a host server. To disable logging, specify the no logging command.
Command Line Interface The system will now display the “Console#” command prompt. You can also enter Privileged Exec mode from within Normal Exec mode, by entering the enable command, followed by the privileged level password “super” (page 4-25). To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the switch is opened.
Entering Commands To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode. Mode Command Prompt Page Line line {console | vty} Console(config-line)# Interface interface {ethernet port | port-channel id| vlan id} Console(config-if)# 4-91...
Command Line Interface Command Groups The system commands can be broken down into the functional groups shown below Command Group Description Page Line Sets communication parameters for the serial port and Telnet, including baud rate and console time-out General Basic commands for entering privileged access mode, restarting the 4-17 system, or quitting the CLI System Management...
Line Commands Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal). Command Function Mode...
Command Line Interface Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty” in screen displays such as show users. However, the serial communication parameters (e.g., databits) do not affect Telnet connections. Example To enter console line mode, enter the following command: Console(config)#line console Console(config-line)# Related Commands...
Line Commands Example Console(config-line)#login local Console(config-line)# Related Commands username (4-24) password (4-11) password This command specifies the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password • {0 | 7} - 0 means plain password, 7 means encrypted password •...
Command Line Interface exec-timeout This command sets the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout [seconds] no exec-timeout seconds - Integer that specifies the number of seconds. (Range: 0 - 65535 seconds;...
Line Commands Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down.
Command Line Interface databits This command sets the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits • 7 - Seven data bits per character.
Line Commands Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. Example To specify no parity, enter this command: Console(config-line)#parity none Console(config-line)# speed This command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds.
Command Line Interface stopbits This command sets the number of the stop bits transmitted per byte. Use the no form to restore the default setting. Syntax stopbits {1 | 2} • 1 - One stop bit • 2 - Two stop bits Default Setting 1 stop bit Command Mode...
General Commands show line This command displays the terminal line’s parameters. Syntax show line [console | vty] • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting Shows all lines Command Mode Normal Exec, Privileged Exec Example To show all lines, enter this command:...
Command Line Interface enable This command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 4-5. Syntax enable level level - Privilege level to log into the device. The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec.
General Commands Command Usage The “>” character is appended to the end of the prompt to indicate that the system is in normal access mode. Example Console#disable Console> Related Commands enable (4-18) configure This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch.
Command Line Interface Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history buffer...
General Commands This command returns to Privileged Exec mode. Default Setting None Command Mode Global Configuration, Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console#...
Command Line Interface Command Usage The quit and exit commands can both exit the configuration program. Example This example shows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username: System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information.
System Management Commands prompt This command customizes the CLI prompt. Use the no form to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Console Command Mode Global Configuration...
Command Line Interface User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 4-9), user authentication via a remote authentication server (page 4-60), and host access authentication for specific ports (page 4-68).
System Management Commands Example This example shows how the set the access level and password for a user. Console(config)#username bob access-level 15 Console(config)#username bob password 0 smith Console(config)# enable password After initially logging onto the system, you should set the Privileged Exec password. Remember to record it in a safe place.
Command Line Interface IP Filter Commands Command Function Mode management Configures IP addresses that are allowed management access GC 4-26 show management Displays the switch to be monitored or configured from a 4-27 browser management This command specifies the client IP addresses that are allowed management access to the switch through various protocols.
System Management Commands Example This example restricts management access to the indicated addresses. Console(config)#management all-client 192.168.1.19 Console(config)#management all-client 192.168.1.25 192.168.1.30 Console# show management This command displays the client IP addresses that are allowed management access to the switch through various protocols. Syntax show management {all-client | http-client | snmp-client | telnet-client} •...
Command Line Interface Web Server Commands Command Function Mode ip http port Specifies the port to be used by the Web browser interface 4-28 ip http server Allows the switch to be monitored or configured from a browser GC 4-28 ip http secure-server Enables HTTPS/SSL for encrypted communications 4-29...
System Management Commands Command Mode Global Configuration Example Console(config)#ip http server Console(config)# Related Commands ip http port (4-28) ip http secure-server This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface.
Command Line Interface Example Console(config)#ip http secure-server Console(config)# Related Commands ip http secure-port (4-30) copy tftp https-certificate (4-55) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’s Web interface. Use the no form to restore the default port. Syntax ip http secure-port port_number no ip http secure-port...
System Management Commands Command Mode Global Configuration Example Console#config Console(config)#ip telnet server Console(config-line)# Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rsh (remote shell), and rexec (remote execute), are not secure from hostile attacks.
Command Line Interface Default Setting Disabled Command Mode Global Configuration Command Usage • The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions. • The SSH server uses DSA or RSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.
System Management Commands Example Console(config)#ip ssh timeout 60 Console(config)# Related Commands exec-timeout (4-12) show ip ssh (4-34) ip ssh authentication-retries Use this command to configure the number of times the SSH server attempts to reauthenticate a user. Use the no form to restore the default setting. Syntax ip ssh authentication-retries count no ip ssh authentication-retries...
Command Line Interface Example Console#disconnect ssh 0 Console# show ip ssh Use this command to display the connection settings used when authenticating client access to the SSH server. Command Mode Privileged Exec Example Console#show ip ssh Information of secure shell SSH status: enable SSH authentication timeout: 120 SSH authentication retries: 3...
System Management Commands Event Logging Commands Command Function Mode logging on Controls logging of error messages 4-35 logging history Limits syslog messages saved to switch memory based on 4-36 severity logging host Adds a syslog server host IP address that will receive logging 4-37 messages logging facility...
Command Line Interface logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
System Management Commands logging host This command adds a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax [no] logging host host_ip_address host_ip_address - The IP address of a syslog server. Default Setting None Command Mode...
Command Line Interface Example Console(config)#logging facility 19 Console(config)# logging trap This command limits syslog messages saved to a remote server based on severity. Use the no form to return the remote logging of syslog messages to the default level. Syntax [no] logging trap level level - One of the level arguments listed below.
System Management Commands show logging This command displays the logging configuration, along with any system and event messages stored in memory. Syntax show logging {flash | ram | sendmail | trap} • flash - Event history stored in flash memory (i.e., permanent memory). •...
Command Line Interface The following example displays settings for the trap function. Console#show logging trap Syslog logging: Enable REMOTELOG status: disable REMOTELOG facility type: local use 7 REMOTELOG level type: Debugging messages REMOTELOG server IP address: 1.2.3.4 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0...
System Management Commands logging sendmail host This command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMTP server. Syntax [no] logging sendmail host ip_address ip_address - IP address of an SMTP server that will be sent alert messages for event handling.
Command Line Interface Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to the configured email recipients. (For example, using Level 7 will report all events from level 7 to level 0.) Example This example will send email alerts for system errors from level 3 through 0.
System Management Commands Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify each recipient. Example Console(config)#logging sendmail destination-email ted@this-company.com Console(config)# logging sendmail This command enables SMTP event handling. Use the no form to disable this function.
Command Line Interface Example Console#show logging sendmail SMTP servers ----------------------------------------------- 192.168.1.19 SMTP minimum severity level: 7 SMTP destination email addresses ----------------------------------------------- ted@this-company.com SMTP source email address: bill@this-company.com SMTP status: Enable Console# Time Commands The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP), or by using information broadcast by local time servers.
System Management Commands Command Usage • The time acquired from time servers is used to record accurate dates and times for log events. Without SNTP, the switch only records the time starting from the factory default set at the last bootup (e.g., 00:00:00, Jan.
Command Line Interface Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode. The client will poll the time servers in the order specified until a response is received. It issues time synchronization requests based on the interval set via the sntp poll command.
System Management Commands sntp broadcast client This command synchronizes the switch’s clock based on time broadcast from time servers (using the multicast address 224.0.1.1). Use the no form to disable SNTP broadcast client mode. Syntax [no] sntp broadcast client Default Setting Disabled Command Mode Global Configuration...
Command Line Interface clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} • name - Name of time zone, usually an acronym. (Range: 1-29 characters) •...
System Management Commands Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15:12:34, February 1st, 2002. Console#calendar set 15:12:34 1 February 2002 Console# show calendar This command displays the system clock. Default Setting None Command Mode...
Page 196
Command Line Interface Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!”...
System Management Commands Example Console#show startup-config building startup-config, please wait..username admin access-level 15 username admin password 0 admin username guest access-level 0 username guest password 0 guest enable password level 15 0 super snmp-server community public ro snmp-server community private rw vlan database vlan 1 name DefaultVlan media ethernet state active spanning-tree mst-configuration...
Page 198
Command Line Interface Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!”...
System Management Commands Related Commands show startup-config (4-49) show system This command displays system information. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage • For a description of the items shown by this command, refer to “Displaying System Information”...
Command Line Interface Command Mode Normal Exec, Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number. Example Console#show users Username accounts: Username Privilege Public-Key -------- --------- ---------- admin None...
Flash/File Commands Flash/File Commands These commands are used to manage the system code or configuration files. Command Function Mode Page copy Copies a code image or a switch configuration to or from flash 4-55 memory or a TFTP server delete Deletes a file or code image 4-57 Displays a list of files in flash memory...
Page 202
Command Line Interface Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch.
Flash/File Commands The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01 Startup configuration file name [startup]: Write to FLASH Programming. \Write to FLASH finish. Success. Console# This example shows how to copy a secure-site certificate from an TFTP server.
Command Line Interface This command displays a list of files in flash memory. Syntax dir [boot-rom | config | opcode [:filename]] The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file. • config - Switch configuration file.
Flash/File Commands whichboot This command displays which files were booted when the system powered up. Default Setting None Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command.
Command Line Interface Related Commands dir (4-58) whichboot (4-59) Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x. Command Group Function Page...
Authentication Commands • RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server. • You can specify three authentication methods in a single command to indicate the authentication sequence.
Command Line Interface Command Mode Global Configuration Example Console(config)#radius-server host 192.168.1.25 Console(config)# radius-server port This command sets the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting 1812...
Authentication Commands Example Console(config)#radius-server key green Console(config)# radius-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server.
Command Line Interface show radius-server This command displays the current settings for the RADIUS server. Default Setting None Command Mode Privileged Exec Example Console#show radius-server Server IP address: 10.1.0.1 Communication key with radius server: Server port number: 1812 Retransmit times: 2 Request timeout: 5 Console# TACACS+ Client...
Authentication Commands Example Console(config)#tacacs-server host 192.168.1.25 Console(config)# tacacs-server port This command specifies the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages.
Command Line Interface Example Console(config)#tacacs-server key green Console(config)# show tacacs-server This command displays the current settings for the TACACS+ server. Default Setting None Command Mode Privileged Exec Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with radius server: green Server port number: 49 Console# Port Security Commands...
Authentication Commands port security This command enables or configures port security. Use the no form without any keywords to disable port security. Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses.
Command Line Interface Example The following example enables port security for port 5, and sets the response to a security violation to issue a trap message: Console(config)#interface ethernet 1/5 Console(config-if)#port security action trap Related Commands shutdown (4-89) mac-address-table static (4-122) show mac-address-table (4-123) 802.1x Port Authentication The switch supports IEEE 802.1x (dot1x) port-based access control that prevents...
Authentication Commands Default Setting RADIUS Command Mode Global Configuration Example Console(config)#authentication dot1x default radius Console(config)# dot1x default This command sets all configurable dot1x global and port settings to their default values. Syntax dot1x default Command Mode Global Configuration Example Console(config)#dot1x default Console(config)# dot1x max-req This command sets the maximum number of times the switch port will retransmit an...
Command Line Interface dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control • auto – Requires a dot1x-aware connected client to be authorized by the RADIUS server.
Authentication Commands Example Console(config)#interface eth 1/2 Console(config-if)#dot1x operation-mode multi-host max-count 10 Console(config-if)# dot1x re-authenticate This command forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate interface interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Command Line Interface Default 60 seconds Command Mode Global Configuration Example Console(config)#dot1x timeout quiet-period 350 Console(config)# dot1x timeout re-authperiod This command sets the time period after which a connected client must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod seconds - The number of seconds.
Authentication Commands Example Console(config)#dot1x timeout tx-period 300 Console(config)# show dot1x This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Page 220
Command Line Interface • Authenticator State Machine - State– Current state (including initialize, disconnected, connecting, authenticating, authenticated, aborting, held, force_authorized, force_unauthorized). - Reauth Count– Number of times connecting state is re-entered. • Backend State Machine - State – Current state (including request, response, success, fail, timeout, idle, initialize).
Page 221
Authentication Commands Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: quiet-period: tx-period: supp-timeout: server-timeout: 30 reauth-max: max-req: 802.1X Port Summary Port Name Status Mode Authorized disabled ForceAuthorized disabled ForceAuthorized disabled ForceAuthorized enabled Auto 802.1X Port Details 802.1X is disabled on port 1 802.1X is enabled on port 26 Max request Quiet period...
Command Line Interface SNMP Commands SNMP Commands control access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. Command Function Mode Page snmp-server community Sets up the community access string to permit access to 4-76 SNMP commands snmp-server contact...
SNMP Commands Example Console(config)#snmp-server community alpha rw Console(config)# snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information. (Maximum length: 255 characters) Default Setting None...
Command Line Interface Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (4-77) snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host host-addr community-string [version {1 | 2c}] no snmp-server host host-addr •...
SNMP Commands Example Console(config)#snmp-server host 10.1.19.23 batman Console(config)# Related Commands snmp-server enable traps (4-79) snmp-server enable traps This command enables this device to send Simple Network Management Protocol traps (SNMP notifications). Use the no form to disable SNMP notifications. Syntax [no] snmp-server enable traps [authentication | link-up-down] •...
Command Line Interface snmp ip filter This command sets the IP addresses of clients that are allowed management access to the switch via SNMP. Use the no form the remove an IP address. Syntax [no] snmp ip filter ip_address subnet_mask •...
SNMP Commands show snmp This command checks the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
Command Line Interface DHCP Commands These commands are used to configure Dynamic Host Configuration Protocol (DHCP) client. You can configure any VLAN interface to be automatically assigned an IP address via DHCP. DHCP Client Command Function ip dhcp client-identifier Specifies the DHCP client identifier for this switch 4-82 ip dhcp restart client Submits a BOOTP or DHCP client request...
DHCP Commands ip dhcp restart client This command submits a BOOTP or DHCP client request. Default Setting None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command. •...
Command Line Interface Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Command Function Mode Page interface Configures an interface type and enters interface configuration 4-84 mode description Adds a description to an interface configuration 4-85 speed-duplex Configures the speed and duplex operation of a given interface...
Interface Commands Command Mode Global Configuration Example To specify port 24, enter the following command: Console(config)#interface ethernet 1/24 Console(config-if)# description This command adds a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface.
Command Line Interface Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex setting is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Interface Commands Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands. •...
Command Line Interface Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands. Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.
Interface Commands Example The following example enables flow control on port 5. Console(config)#interface ethernet 1/5 Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (4-86) capabilities (4-87) shutdown This command disables an interface. To restart a disabled interface, use the no form. Syntax [no] shutdown Default Setting...
Command Line Interface Default Setting Enabled for all ports Packet-rate limit: 500 packets per second Command Mode Interface Configuration (Ethernet) Command Usage • When broadcast traffic exceeds the specified threshold, packets above that threshold are dropped. • This command can enable or disable broadcast storm control for the selected interface.
Interface Commands Example The following example clears statistics on port 5. Console#clear counters ethernet 1/5 Console# show interfaces status This command displays the status for an interface. Syntax show interfaces status [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Command Line Interface Example Console#show interfaces status ethernet 1/1 Information of Eth 1/1 Basic information: Port type: 100TX-EFM Mac address: 00-01-00-02-00-04 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, Broadcast storm: Enabled Broadcast storm limit: 650 packets/second Flow control: Disabled Lacp: Disabled Port security: Disabled...
Page 240
Command Line Interface Command Usage If no interface is specified, information on all interfaces is displayed. Example This example shows the configuration setting for port 2. Console#show interfaces switchport ethernet 1/2 Information of Eth 1/2 Broadcast threshold: Enabled, 650 packets/second Lacp status: Disabled Ingress rate limit: disable,100M bits per second Egress rate limit: disable,100M bits per second...
Mirror Port Commands Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Command Function Mode Page port monitor Configures a mirror session 4-95 show port monitor Shows the configuration for a mirror port 4-96 port monitor This command configures a mirror session.
Command Line Interface Example The following example configures the switch to mirror all packets from port 6 to 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 both Console(config-if)# show port monitor This command displays mirror information. Syntax show port monitor [interface] interface - ethernet unit/port (source port) •...
Rate Limit Commands Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
Command Line Interface Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
Link Aggregation Commands • However, if the port channel admin key is set, then the port admin key must be set to the same value for a port to be allowed to join a channel group. • If a link goes down, LACP port priority is used to select the backup link. channel-group This command adds a port to a trunk.
Page 246
Command Line Interface Command Usage • The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation. • A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID.
VDSL Commands VDSL Commands These commands are used to to configure and display communication parameters for VDSL and Ethernet ports on the switch and connected CPEs. Command Function Page efm profile global Batch assigns profiles for speed to all the VDSL ports on the 4-102 switch efm profile...
Command Line Interface efm profile global Use this command to batch assign profiles for speed to all the VDSL ports on the switch. Syntax efm profile global profile name profile name - Name of the profile. Default Setting Default Profile Command Mode Global Configuration Command Usage...
VDSL Commands 2. A suffix of “A” in the profile name (e.g., S2-16-16A) indicates that this profile is for both VDSL and ADSL lines in a bundle. Profiles without a suffix of “A” in the profile name (e.g., S1-16-16) are for VDSL lines only. 3.
Command Line Interface Example The following example assigns EFM profile S1-16-16 to VDSL port 1. Console#config Console(config)#interface ethernet 1/1 Console(config-if)#efm profile S1-16-16 Console(config-if)# Related Commands efm profile global (4-102) efm reset Use this command to reset the switch VDSL chipset or, if a CPE is connected, the CPE VDSL chipset.
VDSL Commands Command Mode Interface Configuration Command Usage Use this command to disable the VDSL chipset transmitter of a VDSL port that is not connected to a working CPE. In some unusual circumstances, the power emitted by VDSL ports can affect other VDSL ports. It is recommended that ports that are not wired to CPEs be shut down in this way.
Command Line Interface efm interleave This command sets the interleave parameters for the selected VDSL port. Syntax efm interleave [downstream M value] [upstream M value] [downstream I value] [upstream I value] no efm interleave • M value – M is the interleaving depth index. Range: 0-64 •...
VDSL Commands efm noise-margin This command sets the noise margin of the selected VDSL port. Use the no form of this command to disable this feature. Syntax efm noise-margin [downstream noise margin] [upstream noise margin] no efm noise-margin • downstream noise margin - A measure of the amount of noise that the downstream VDSL line can tolerate before the signal is affected.
Command Line Interface Profile Name Theoretical Minimum Signal-to-Noise Ratio (dB) A6-22-3A A7-40-5A Not Used A8-46-7A TLAN Max-Rate Example The following example configures VDSL port 1 with an upstream noise margin of 6, and a downstream noise margin of 6. Console(config)#interface ethernet 1/1 Console(config-if)#efm noise-margin 6 6 Console(config-if)#end Related Commands...
VDSL Commands efm pbo This command enables and disables power back-off on the selected VDSL port. Syntax [no] efm pbo Default Setting Enabled Command Mode Interface Configuration Command Usage If PBO is enabled, the power of transmission from the port will automatically be adjusted to ensure that the signal successfully reaches the receive port.
VDSL Commands show controllers efm actual Use this command to display the current values of the VDSL link on a specific VDSL port. Syntax show controllers efm interface-id actual {dsrserrs | usrserrs | txpower | rxpower | snr | link} •...
Command Line Interface Related Commands show controllers efm admin (4-112) show controllers efm profile (4-112) show controllers efm admin Use this command to display the actual values of the VDSL link on a specific VDSL port. Syntax show controllers efm interface-id admin {dsrate | usrate} •...
VDSL Commands Command Mode Privileged EXEC Command Usage See efm profile global (4-102) for the VDSL profiles shipped with the switch, and for the their upstream and downstream data rates. Examples This example displays VDSL profiles and link status for the switch’s VDSL ports. Console#show controllers efm profile mapping Interface Port Profile...
Command Line Interface show controllers efm status Use this command to display the VDSL link statistics and profile information on a specific VDSL port including link state, link duration, data rates, power levels, signal-to-noise ratio, and Reed-Solomon errors. Syntax show controllers efm status {link | profile} interface-id •...
VDSL Commands This example displays the link status, uptime, profile name, downstream and upstream rates, and the number of link failures for the switch’s VDSL ports. Interface Link Uptime Profile Name DSRate USRate Fail ------------- ---- -------- -------------------- ------ ------ ---- Ethernet 1/1 0:38:30...
Command Line Interface show controllers efm-noise-margin This command displays the noise margin for the switch’s VDSL ports. Syntax show controllers efm noise-margin Default Setting Default: 0 dBm Command Mode Privileged EXEC Example This example displays the downstream (DS) and upstream (US) noise-margin for the switch’s VDSL ports.
VDSL Commands show controllers efm channel-performance This command displays the channel performance for the channels in a VDSL line. For details see “Displaying VDSL Interface Information” on page 3-66. Syntax show controllers efm channel-performance {vtu-r | vtu-c} [fast | slow] [interface] {15-minutes | 1-day} •...
Command Line Interface Example Console#show controllers efm line-table VDSL_LINE_ENTRY : Ethernet 1/1 Line Coding Ethernet 1/1 Line Type Ethernet 1/1 Line Config Profile DEFVAL Ethernet 1/1 Line Alarm Config Profile DEFVAL VDSL_LINE_ENTRY : Ethernet 1/12 Line Coding Ethernet 1/12 Line Type Ethernet 1/12 Line Config Profile DEFVAL...
VDSL Commands Command Mode Privileged EXEC Example Console#show controllers efm phy-table vtu-c 1/1 VDSL_PHYS_ENTRY : Ethernet 1/1 Serial Number Ethernet 1/1 Vendor ID ACCTON Ethernet 1/1 Version Number Ethernet 1/1 Current Signal to Noise Ratio Margin Ethernet 1/1 Current Attenuation Ethernet 1/1 Current Status Ethernet 1/1...
Command Line Interface show controllers efm current-performance Use this command to display line and channel performance data information for the current 15 minute interval, and for the current day. Syntax show controllers efm current-performance {vtu-r | vtu-c} [interface] • vtu-r – VTU (VDSL Transceiver Unit) at the remote end of the line •...
Page 267
VDSL Commands Example Console#show controllers efm current-performance vtu-c 1/1 VDSL_PERF_DATA_ENTRY : Ethernet 1/1 Loss of Framing Ethernet 1/1 Loss of Signal Ethernet 1/1 Loss of Power Ethernet 1/1 Loss of Link Ethernet 1/1 Errored Seconds Ethernet 1/1 Severely Errored Seconds Ethernet 1/1 Unavailable Seconds Ethernet 1/1...
Command Line Interface Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Command Function Mode Page mac-address-table static Maps a static address to a port in a VLAN 4-122 clear mac-address-table Removes any learned entries from the forwarding database PE...
Address Table Commands • Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. •...
Command Line Interface Command Usage • The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: • Learned - Dynamic address entries • Permanent - Static entry • Delete-on-reset - Static entry to be deleted when system is reset •...
Spanning Tree Commands show mac-address-table aging-time This command shows the aging time for entries in the address table. Default Setting None Command Mode Privileged Exec Example Console#show mac-address-table aging-time Aging time: 300 sec. Console# Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface.
Command Line Interface spanning-tree This command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it. Syntax [no] spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
Spanning Tree Commands • Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Command Line Interface Example Console(config)#spanning-tree forward-time 20 Console(config)# spanning-tree hello-time This command configures the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1].
Spanning Tree Commands Command Usage This command sets the maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN.
Command Line Interface spanning-tree pathcost method This command configures the path cost method used for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 1-200,000,000. •...
Spanning Tree Commands Example Console(config)#spanning-tree transmission-limit 4 Console(config)# spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range: 1-200,000,000)) The recommended range is: •...
Command Line Interface spanning-tree port-priority This command configures the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for a port. (Range: 0-240, in steps of 16) Default Setting Command Mode Interface Configuration (Ethernet, Port Channel)
Spanning Tree Commands Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
Command Line Interface Example Console(config)#interface ethernet 1/5 Console(config-if)#bridge-group 1 portfast Console(config-if)# Related Commands spanning-tree edge-port (4-132) spanning-tree link-type This command configures the link type for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree link-type {auto | point-to-point | shared} no spanning-tree link-type •...
Spanning Tree Commands spanning-tree protocol-migration This command re-checks the appropriate BPDU format to send on the selected interface. Syntax spanning-tree protocol-migration interface interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Value: 1) Command Mode Privileged Exec Command Usage...
Page 282
Command Line Interface Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree. • Use the show spanning-tree interface command to display the spanning tree configuration for an interface.
VLAN Commands VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Command Line Interface Example Console(config)#vlan database Console(config-vlan)# Related Commands show vlan (4-143) vlan This command configures a VLAN. Use the no form to restore the default settings or delete a VLAN. Syntax vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] •...
VLAN Commands Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN 4-139 switchport mode Configures VLAN membership mode for an interface 4-140 switchport Configures frame types to be accepted by an interface 4-140 acceptable-frame-types switchport ingress-filtering...
Command Line Interface switchport mode This command configures the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {trunk | hybrid} no switchport mode • trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN.
VLAN Commands Command Usage When set to receive all frame types, any received frames that are untagged are assigned to the default VLAN. Example The following example shows how to restrict the traffic received on port 1 to tagged frames: Console(config)#interface ethernet 1/1 Console(config-if)#switchport acceptable-frame-types tagged Console(config-if)#...
Command Line Interface switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port. (Range: 1-4093, no leading zeroes) Default Setting VLAN 1 Command Mode...
VLAN Commands Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • A port, or a trunk with switchport mode set to hybrid, must be assigned to at least one VLAN as untagged. • If a trunk has switchport mode set to trunk (i.e., 1Q Trunk), then you can only assign an interface to VLAN groups as a tagged member.
Command Line Interface Default Setting Shows all VLANs. Command Mode Normal Exec, Privileged Exec Example The following example shows how to display information for VLAN 1: Console#show vlan id 1 VLAN Type Name Status Ports/Channel groups ---- ------- ---------------- --------- ---------------------------------- Static DefaultVlan Active Eth1/ 1 Eth1/ 2 Eth1/ 3 Eth1/ 4 Eth1/ 5...
Configuring Private VLANs Command Usage A Private VLAN allows modification of the default VLAN to provide port-based security and isolation between ports within the VLAN. Data traffic on the downlink ports can only be forwarded to, and from, the uplink port. Private VLANs and normal VLANs can exist simultaneously within the same switch.
Command Line Interface Bridge Extension Commands This section describes how to display default configuration settings for the Bridge Extension MIB. Command Function Mode show bridge-ext Shows the global bridge extension configuration 4-146 show bridge-ext This command shows the configuration for bridge extension commands. Default Setting None Command Mode...
Priority Commands Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Command Line Interface Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • The default priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both untagged and tagged frames).
Priority Commands Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
Command Line Interface queue cos-map This command assigns class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 3). Use the no form set the CoS map to the default values. Syntax queue cos-map queue_id [cos1 ... cosn] no queue cos-map •...
Priority Commands show queue mode This command shows the current queue mode. Default Setting None Command Mode Privileged Exec Example Console#sh queue mode Wrr status: Enabled Console# show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues.
Priority Commands map ip precedence (Interface Configuration) This command sets IP precedence priority (i.e., IP Type of Service priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-value cos cos-value no map ip precedence • precedence-value - 3-bit precedence value.
Command Line Interface Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type. Example The following example shows how to enable IP DSCP mapping globally: Console(config)#map ip dscp...
Priority Commands Example The following example shows how to map IP DSCP value 1 to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip dscp 1 cos 0 Console(config-if)# map ip port (Global Configuration) Use this command to enable IP port mapping (i.e., class of service mapping for TCP/UDP sockets).
Command Line Interface show map ip precedence This command shows the IP precedence priority map. Syntax show map ip precedence interface interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Value: 1) Default Setting None Command Mode...
Priority Commands Default Setting None Command Mode Privileged Exec Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --- Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Console#...
Command Line Interface Example The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port Port no. COS --------- -------- --- Eth 1/ 5 Console# Related Commands map ip port (Interface Configuration) (4-155) Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service.
Multicast Filtering Commands Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static This command adds a port to a multicast group. Use the no form to remove the port. Syntax [no] ip igmp snooping vlan vlan-id static ip-address interface •...
Command Line Interface Default Setting IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version. If there are legacy devices in your network that only support Version 1, you will also have to configure this switch to use Version 1.
Multicast Filtering Commands show mac-address-table multicast This command shows known multicast addresses. Syntax show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] • vlan-id - VLAN ID (1 to 4094) • user - Display only the user-configured multicast entries. • igmp-snooping - Display only entries learned through IGMP snooping. Default Setting None Command Mode...
Command Line Interface ip igmp snooping querier This command enables the switch as an IGMP querier. Use the no form to disable it. Syntax [no] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic.
Multicast Filtering Commands Example The following shows how to configure the query count to 10: Console(config)#ip igmp snooping query-count 10 Console(config)# Related Commands ip igmp snooping query-max-response-time (4-163) ip igmp snooping query-interval This command configures the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval...
Command Line Interface Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries defined by the ip igmp snooping query-count, but a client has not responded, a countdown timer is started using an initial value set by this command.
Multicast Filtering Commands Related Commands ip igmp snooping version (4-159) Static Multicast Routing Commands Command Function Mode ip igmp snooping vlan Adds a multicast router port 4-165 mrouter show ip igmp snooping Shows multicast router ports 4-166 mrouter ip igmp snooping vlan mrouter This command statically configures a multicast router port.
Command Line Interface show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4093) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage...
IP Interface Commands ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} no ip address • ip-address - IP address •...
Command Line Interface ip default-gateway This command establishes a static route between this switch and devices that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default gateway Default Setting No static route is established.
IP Interface Commands show ip redirects This command shows the default gateway configured for this device. Default Setting None Command Mode Privileged Exec Example Console#show ip redirects ip default gateway 10.1.0.254 Console# Related Commands ip default-gateway (4-168) ping This command sends ICMP echo request packets to another node on the network. Syntax ping host [count count][size size] •...
Page 316
Command Line Interface Example Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 packets received (100%), 0 packets lost (0%) Approximate round trip times:...
Appendix A: Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security DHCP Client Port Configuration 1000BASE-T: 10/100/1000 Mbps, half/full duplex 1000BASE-SX/LX: 1000 Mbps, full duplex Flow Control Full Duplex: IEEE 802.3x Half Duplex: Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring...
Appendix B: Troubleshooting Troubleshooting Chart Symptom Action Cannot connect using Telnet, • Be sure you have configured the agent with a valid IP address, subnet Web browser, or SNMP mask and default gateway. software • If you are trying to connect to the agent via the IP address for a tagged VLAN group, your management station must include the appropriate tag in its transmitted frames.
Glossary Boot Protocol (BOOTP) used to provide bootup information for network devices, including IP BOOTP is address information, the address of the TFTP server that contains the devices system files, and the name of the boot file. Class of Service (CoS) CoS is supported by prioritizing packets based on the required level of service, and then placing them in the appropriate output queue.
Page 324
Glossary GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network. Generic Attribute Registration Protocol (GARP) GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so...
Page 325
Glossary IEEE 802.3x Defines Ethernet frame start/stop requests and timers used for flow control on full-duplex links. IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. IGMP Query On each subnetwork, one IGMP-capable device will act as the querier —...
Page 326
Glossary Management Information Base (MIB) An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group.
Page 327
Glossary Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central RADIUS server to control access to RADIUS-compliant devices on the network. Remote Monitoring (RMON) RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard SNMP, and can set alarms on a variety of traffic conditions, including specific error types.
Page 328
Glossary Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol suite that includes TCP as the primary transport protocol, and IP as the network layer protocol. Trivial File Transfer Protocol (TFTP) A TCP/IP protocol commonly used for software downloads. User Datagram Protocol (UDP) provides a datagram mode for packet-switched communications.