PLANET has made every effort to ensure that this User ’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred.
It contains specifications of WGSW-24010. § Appendices It contains cable information of WGSW-24010. In the following section, terms “Switch” with upper case means the two switches, i.e. WGSW-24010. Terms with lower case “switch” means any Ethernet switches. 1.3 Product Features §...
§ 100~240VAC, 50~60Hz universal Power input § FCC, CE class A compliant 1.4 Product Specifications Model WGSW-24010 Hardware Specification 24 10/100/100 Base-T STP ports Network Ports 1 Mini-GBIC for 1000Base-SX/LX fiber-optic interface (shared with port 12) Switch Processing Scheme Store-and-Forward...
Basic knowledge of networking is assumed. Please read this chapter completely before continuing. 2.1 Product Description The WGSW-24010 is a powerful, high-performance 24G + 1 Mini-GBIC 10/100/1000Mbps Fast Ethernet and Gigabit managed switch with twenty-four 10/100/1000Mbps ports and 1-SFP Mini-GBIC interfaces. The SFP Mini-GBIC interfaces for fiber extension is ideal for backbone connection to other workgroup products.
Switch or the power adapter. 2.2 Installing the Switch This section describes how to install your WGSW-24010 Managed Gigabit Ethernet Switch and make connections to the Switch. Please read the following topics and perform the procedures in the order being presented. PLANET Managed Gigabit Ethernet Switch do not need software configuration.
Page 13
Caution: You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws would invalidate your warranty. Step3: Secure the brackets tightly. Step4: Follow the same steps to attach the second bracket to the opposite side. Step5: After the brackets are attached to the Switch, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-6 Figure 2-6 Mounting the Switch in a Rack...
3. CONSOLE CONFIGURATION The WGSW-24010 is a managed Ethernet Switch that can be controlled by the RS-232 console interface, telnet interface, and Web interface. This chapter describer how to configure the Switch through these interfaces. When you are ready to configure the smart functions of the Switch, make sure you had connected the supplied RS-232 serial cable to the RS-232 port at the front panel of your WGSW-24010 Switch and your PC.
From each mode a specific command is used to navigate from one command mode to another. The standard order to access the modes is as follows: User EXEC mode, Privileged EXEC mode, Global Configuration mode, and Interface Configuration mode. The following figure illustrates the command mode access path. When starting a session, the initial mode is the User EXEC mode.
To return from Global Configuration mode to Privileged EXEC mode, the user can use one of the following commands: exit § § Ctrl+Z § The following example illustrates how to access Global Configuration mode and teturn back to the Privileged EXEC mode: console # console # configure console(config) # exit...
4. When finished, exit the session with the quit or exit command. When a different user is required to log onto the system, in the Privileged EXEC Command mode the login command is entered. This effectively logs off the current user and logs on the new user. 3.2.3 Editing Features Entering Commands A CLI command is a series of keywords and arguments.
Command Completion If a command is entered and it is not complete, if the command is invalid, or if some parameters of the command are invalid or missing, the appropriate error message is displayed. This assists in entering the correct command. By pressing the <Tab>...
example, the command interface range port-channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all. 3.3 AAA Commands 3.3.1 aaa authentication login The aaa authentication login global configuration command defines login authentication. To return to the default configuration, use the no form of this command.
3.3.2 aaa authentication enable The aaa authentication enable global configuration command defines authentication method lists for accessing higher privilege levels. To return to the default configuration use the no form of this command. Syntax aaa authentication enable {default | list-name} method1 [method2...] no aaa authentication enable default §...
no login authentication § default — Uses the default list created with the authentication login command. § list-name — Uses the indicated list created with the authentication login command. Default Configuration Uses the default set with the command authentication login. Command Mode Line Configuration mode User Guidelines...
method1 [method2...] — Specify at least one from the following table § Keyword Source or destination local Uses the local username database for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is checked.
3.3.7 show authentication methods The authentication methods privilege EXEC command displays information about the authentication methods. Syntax show authentication methods Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the authentication configuration.
Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command. Example The following example specifies a password "abc" on a line. console (config-line) # password abc 3.3.9 enable password The enable password global configuration command sets a local password to control access to normal and privilege levels.
User Guidelines Up to 30 users can be defined on the device. Example The following example configures user "bob" with the password "lee" and user level 15 to the system. console (config)# username bob password lee level 15 3.3.11 show users accounts The show users accounts privileged EXEC command displays information about the local user database.
Default Configuration User EXEC mode commands are privilege level 1. Privileged EXEC mode and configuration mode commands are privilege level 15. The following commands are associated with privilege level 0: disable, enable, exit(EXEC), login, help. Command Modes Global configuration mode User Guidelines When the privilege level for a command is set with multiple words, note that the commands starting with the first word will also have the specified access level.
console(config)# privilege exec 15 show interfaces console(config)# privilege exec 1 show console(config)# show privilege configuration privilege exec 15 show interfaces privilege exec 1 show The following example sets all interface ethernet and interface Port-Channel commands to level 11 except for the speed command.
3.4.3 bridge multicast address The bridge multicast address interface configuration command registers MAC-layer multicast addresses to the bridge table, and adds static ports to the group. To unregister the MAC address, use the no form of the bridge multicast address command.
Default Configuration No forbidden addresses are defined. Command Modes Interface Configuration (VLAN) mode User Guidelines Before defining forbidden ports, the multicast group should be registered. Examples In this example the MAC address 0100.5e02.0203 is forbidden on port g9 within VLAN 8. console (config)# interface vlan 8 console (config-if)# bridge multicast address 0100.5e02.0203 console (config-if)# bridge multicast forbidden address 0100.5e02.0203 add ethernet e9...
§ add — Forbid forwarding unregistered multicast packets. § remove — Don’t forbid forwarding unregistered multicast packets. § interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; use a hyphen to designate a range of ports. (Range: Valid Ethernet port) §...
Syntax bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port-channel-number-list } no bridge multicast forward-all § add — Forbids forwarding all multicast packets. § remove — Does not forbid forwarding all multicast packets. § interface-list — Separates non consecutive valid Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
Syntax clear bridge This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example In this example, the bridge tables are cleared. console# clear bridge 3.4.11 port security The port security interface configuration command locks the port.
Default Configuration No addresses are defined. Command Mode Interface configuration (Ethernet, port-channel). Cannot be configured for a range of interfaces (range context). User Guidelines The command enables adding secure MAC addresses to a routed ports in port security mode. The command is available when the port is a routed port and in port security mode.
------ --------------- ---------- 224-239.130|2.2.3 224-239.130|2.2.8 3.4.17 show bridge multicast filtering The show bridge multicast filtering privileged EXEC command displays the multicast filtering configuration. Syntax show bridge multicast filtering vlan-id § vlan_id — A valid VLAN ID value. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
console # show ports security Port Status Action Trap Frequency Counter ------ ---------- ---------- ------- --------------- ------------- Unlocked Discard Enable Unlocked Discard, Disable Shutdown Unlocked 3.5 Clock Commands 3.5.1 clock set The clock set privileged EXEC command manually sets the system clock. Syntax clock set hh:mm:ss day month year clock set hh:mm:ss month day year...
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example configures an external time source for the system clock. console# clock source sntp 3.5.3 clock timezone The clock timezone global configuration command sets the time zone for display purposes. To set the time to Coordinated Universal Time (UTC), use the no form of this command.
date — Date of the month (Range:1 - 31) § § month — Month (Range: first three letters by name) § year — year - no abbreviation (Range: 2000 - 2097) § hh:mm — Time in military format, in hours and minutes (Range:hh: 0 - 23, mm:0 - 59) offset offset —...
cnsole(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate 3.5.6 sntp authenticate The sntp authenticate global configuration command grants authentication for received Network Time Protocol (NTP) traffic from servers,. To disable the feature, use the no form of this command. Syntax sntp authenticate no sntp authenticate...
Console(config)# sntp authenticate 3.5.8 sntp client poll timer The sntp client poll timer global configuration command sets the polling time for the Simple Network Time Protocol (SNTP) client. To return to default, use the no form of this command. Syntax sntp client poll timer seconds no sntp client poll timer §...
3.5.10 sntp anycast client enable The sntp anycast client enable global configuration command enables anycast client. To disable the polling for SNTP broadcast client, use the no form of this command. Syntax sntp anycast client enable no sntp anycast client enable This command has no arguments or keywords.
This command has no arguments or keywords. Default Configuration Disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from servers.
Default Configuration No servers are defined. Command Mode Global Configuration mode User Guidelines Up to 8 sntp servers can be defined. Use the sntp unicast client enable global configuration command to enable predefined unicast clients globally. To enable polling you should also use the sntp unicast client poll global configuration command for global enabling. Polling time is determined by the sntp client poll timer global configuration command.
running-config Represents the current running configuration file. startup-config Represents the startup configuration file. backup-config Represents the backup configuration file. Image The image is executable code which is decompressed during system startup, into the switching and routing software that manages the device. There are always two images stored in the device flash known as "image-1"...
Page 50
tftp cannot be the source and destination on the same copy. Copy Character Descriptions: Character Description For network transfers, an exclamation point indicates that the copy process is taking place. Each exclamation point indicates the successful transfer of ten packets (512 bytes each). For network transfers, a period indicates that the copy process timed out.
Copy took 0:0:23 [hh:mm:ss] 3.6.2 boot system The boot system privileged EXEC command specifies the system image that the device loads at startup. Syntax boot system {image-1 | image-2} § image-1 — Specifies image 1 as the system startup image. §...
hostname device interface ethernet 1/1-2 duplex full interface ethernet 1/1-2 speed 1000 exit interface ethernet 1/1 ip address 176.242.100.100 255.255.255.0 exit interface ethernet 1/2 ip address 176.243.100.100 255.255.255.0 exit 3.6.5 show bootvar The show bootvar privileged EXEC command displays the active system image file that the device loads at startup. Syntax show bootvar Default Configuration...
User Guidelines There are no user guidelines for this command. Example The following example enables ports g18 for configuration. Console(config)# interface ethernet g18 Console(config-if)# 3.7.2 interface range ethernet The interface range ethernet global configuration command enters the interface configuration mode to configure multiple Ethernet type interfaces.
The following example re-enables Ethernet port e5. Console(config)# interface ethernet e5 Console(config-if)# no shutdown 3.7.4 description The description interface configuration command adds a description to an interface. To remove the description use the no form of this command. Syntax description string no description §...
3.7.6 duplex The duplex interface configuration command configures the full/half duplex operation of a given Ethernet interface when not using auto-negotiation. To restore the default, use the no form of this command. Syntax duplex {half | full} no duplex § half—Force half-duplex operation §...
3.7.8 flowcontrol The flowcontrol interface configuration command configures the Flow Control on a given interface. To restore the default, use the no form of this command. Syntax flowcontrol {auto | on | off | rx | tx} no flowcontrol § auto—Enables auto-negotiation of Flow Control.
3.7.10 back-pressure The back-pressure interface configuration command enables Back Pressure on a given interface. To disable Back Pressure, use the no form of this command. Syntax back-pressure no back-pressure Default Configuration Back Pressure is disabled. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines Back Pressure will operate only if duplex mode is set to half.
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example In the following example, the counters for interface g1 are cleared. Console> clear counters ethernet g1 3.7.13 set interface active The set interface active privileged EXEC mode command reactivates an interface that was suspended by the system.
Console# show interfaces configuration Port Type Duplex Speed Flow Admin Back Mdix Control State Pressure Mode -------- --------- ----------- --------- --------- --------------- ------------- ---------- ----------- Full 1000 Auto Enable Auto Full Disable Full 1000 Disable Type Speed Flow Back Admin Control Pressure State...
Full Down Disable Full 1000 Disable Type Duplex Speed Flow Back Link Control Pressure State ------- -------- ----------- ----------- --------- ------------- -------------- --------- 1000 Full 1000 Disable The displayed port status information includes the following: § Port—The port number. § Description—If the port has a description, the description is displayed.
3.7.17 show interfaces counters The show interfaces counters user EXEC command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] § interface — A valid Ethernet port. § port-channel-number — A valid port-channel index. Default Configuration This command has no default configuration.
Deferred Transmissions: 0 Late Collisions: 0 Excessive Collisions: 0 Internal MAC Tx Errors: 0 Carrier Sense Errors: 0 Oversize Packets: 0 Internal MAC Rx Errors: 0 Received Pause Frames: 0 Transmitted Pause Frames: 0 The following table describes the fields shown in the display: Field Description InOctets...
Syntax show ports jumbo-frame Default Configuration This command has no default configuration. Command Modes User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the jumbo frames configuration. Console# show ports jumbo-frame Jumbo frames are disabled Jumbo frames will be enabled after reset 3.7.19 port storm-control include-multicast...
User Guidelines Use the port storm-control broadcast rate interface configuration command, to set the maximum allowable broadcast rate. Multicast can be counted as part of the "storm" frames if the port storm-control include-multicast global configuration command is already executed. Example The following example enables broadcast storm control on port g5.
Console# show ports storm-control Port Broadcast Storm control [kbyes/sec] ----- ------------------------------------------------- 8000 Disabled Disabled 3.8 GVRP Commands 3.8.1 gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP, a single switch is manually configured with all desired VLANs for the network, and all other switches on the network learn these VLANs dynamically.
Console (config)# interface ethernet g8 Console (config-if)# gvrp enable 3.8.3 garp timer The garp timer interface configuration command adjusts the GARP application join, leave, and leaveall GARP timer values. To reset the timer to default values, use the no form of this command. Syntax garp timer {join | leave | leaveall} timer_value no garp timer...
Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines This command forbids dynamic VLAN creation from the interface. The creation or modification of dynamic VLAN registration entries as a result of the GVRP exchanges on an interface are restricted only to those VLANs for which static VLAN registration exists.
Examples The following example configures the maximum number of VLANs to 300. Console (config)# gvrp max-vlan 300 3.8.7 clear gvrp statistics The clear gvrp statistics privileged EXEC command clears all the GVRP statistics information. Syntax clear gvrp statistics [ethernet interface | port-channel port-channel-number] •...
Enabled Normal Enabled 10000 3.8.9 show gvrp statistics The show gvrp statistics User EXEC command displays GVRP statistics. Syntax show gvrp statistics [ethernet interface | port-channel port-channel-number] § interface — A valid Ethernet interface. § port-channel-number — A valid trunk index. Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays GVRP statistics information. Console# show gvrp-error statistics GVRP error statistics: ----------------------------- Legend: INVPROT : Invalid Protocol Id INVPLEN : Invalid PDU Length INVATYP : Invalid Attribute Type...
3.9.2 ip igmp snooping (Interface) The ip igmp snooping interface configuration command enables Internet Group Management Protocol (IGMP) snooping on a specific VLAN. To disable IGMP snooping on a VLAN interface, use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled on all VLANs in the set context.
Command Mode Interface Configuration (VLAN) mode User Guidelines The timeout should be at least greater than 2*query_interval+max_response_time of the IGMP router. Example The following example configures the host timeout to 300 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping host-time-out 300 3.9.5 ip igmp snooping mrouter-time-out The ip igmp snooping mrouter-time-out interface configuration command configures the mrouter-time-out.
Use immediate leave only where there is only one host connected to a port. Example The following example configures the host leave-time-out to 60 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping leave-time-out 60 3.9.7 show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC command displays information on dynamically learned multicast router interfaces.
IGMP host timeout is 260 sec IGMP Immediate leave is disabled. IGMP leave timeout is 60 sec IGMP mrouter timeout is 300 sec Automatic learning of multicast router ports is enabled 3.9.9 show ip igmp snooping groups The show ip igmp snooping groups user EXEC command displays the multicast groups learned by IGMP snooping. Syntax show ip igmp snooping groups [vlan vlan-id] [address ip-multicast-address] vlan_id —...
Command Mode Privileged EXEC mode User Guidelines This command would delete the host name-to-address mapping temporarily until the next renew of the IP address. Examples The following example deletes all entries from the host name-to-address mapping. Console (config)# clear host dhcp * 3.10.2 ip address The ip address interface configuration command sets an IP address.
User Guidelines The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. Some DHCP Servers require that the DHCPDISCOVER message have a specific host name. The most typical usage of the ip address dhcp hostname host-name command is when host-name is the host name provided by the system administrator.
§ ethernet interface-number — Ethernet port number. § vlan vlan-id — VLAN number. § port-channel number — Port-channel number. § out-of-band-eth oob-interface — Out-of-band Ethernet port number. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command.
no arp timeout seconds § seconds — Time (in seconds) that an entry remains in the ARP cache. (Range: 1 - 40000000) Default Configuration The default timeout is 60000 seconds. Command Mode Global Configuration mode User Guidelines It Is recommended not to set the timeout value to less than 3600. Note: The ARP entry is deleted between the period of the "timeout value"...
Up to 255 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example defines a default domain name of www.planet.com.tw. Console (config)# ip domain-name www.planet.com.tw...
3.10.12 ip name-server The ip name-server global configuration command sets the available name servers. To remove a name server, use the no form of this command. Syntax ip name-server server-address [server-address2 … server-address8] no ip name-server [server-address1 … server-address8] § server-address —...
§ * — Removes all entries. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example deletes entries from the host name-to-address cache. Console (config)# clear host * 3.10.15 show hosts The show hosts EXEC command displays the default domain name, a list of name server hosts, the static and the cached...
3.11 LACP Commands 3.11.1 lacp system-priority The lacp system-priority global configuration command configures the system priority. To reset to default, use the no form of this command. Syntax lacp system-priority value no lacp system-priority § value — Value of the priority. (Range: 1 - 65535) Default Configuration The default system priority value is 1.
§ long — Specifies a long timeout value. § Short — Specifies a short timeout value. Default Configuration The default port timeout value is long. Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example assigns an administrative LACP timeout for port g8 to a long timeout value.
Example The following example shows how to display LACP port-channel information. Console# show lacp port-channel 1 Port-Channel 1:Port Type 1000 Ethernet Actor System Priority:1 MAC Address: 000285:0E1C00 Admin Key: 29 Oper Key: 29 Partner System Priority:0 MAC Address: 000000:000000 Oper Key: 14 3.12 Line Commands 3.12.1 line The line global configuration command identifies a specific line for configuration and enters the line configuration...
User Guidelines There are no user guidelines for this command, which is available only on the console line. Examples The following example the baud rate is set to 115200. Console (config)# line console Console(config-line)# speed 115200 3.12.3 exec-timeout The exec-timeout line configuration command sets the interval that the system waits until user input is detected. To restore the default setting, use the no form of this command.
Console (config-macl)# permit ethernet g9 Console (config-macl)# exit Console (config)# management access-class mlist The following example shows how to create an access-list called "mlist", configure all interfaces to be management interfaces except interfaces ethernet g1 and ethernet g9, and make the access-list the active list. Console (config)# management access-list mlist Console (config-macl)# deny ethernet g1 Console (config-macl)# deny ethernet g9...
3.13.5 show management access-list The show management access-list privileged EXEC command displays management access-lists. Syntax show management access-list [name] § name — Name of the access list. If unspecified, defaults to an empty access-list.(Range: Valid name) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode 12.5.4 User Guidelines...
3.14 PHY Diagnostics Commands 3.14.1 test copper-port tdr The test copper-port tdr privileged EXEC command diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface interface — A valid Ethernet port. §...
Short 13:32:00 23 July 2003 Test has not been preformed Short 13:32:00 23 July 2003 Fiber 3.14.3 show copper-ports cable-length The show copper-ports cable-length privileged EXEC command displays the estimated copper cable length attached to a port. Syntax show copper-ports cable-length [interface] §...
Port Temp Voltage Current Output Input Power Power Power ------ -------- ------------ ------------ ----------- ---------- --------- Copper Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current – Measured TX bias current. Output Power – Measured TX output power. Input Power –...
Command Mode Global Configuration mode User Guidelines Seven supported aggregated links are defined, and per port-channel, up to 4 member ports. Turning off auto-negotiation of an aggregate link may, under some circumstances, make it non-operational. If the other side has auto-negotiation turned on, it may re-synchronize all members of the aggregated link to half-duplex operation, and may, as per the standards, set them all to inactive.
User Guidelines Turning off auto-negotiation on an aggregate link may, under some circumstances make it non operational. If the other side has auto-negotiation turned on, it may re-synchronize all members of the aggregated link to half-duplex operation, and may, as per the standard, set them all to Inactive. When a port is added to a LAG, it acquires the trunk properties, as set by the administrator.
§ rx — Monitors received packets only. If no option specified, monitors both rx and tx. § tx — Monitors transmitted packets only. If no option specified, monitors both rx and tx. Default Configuration This command has no default configuration. Command Mode Interface Configuration mode User Guidelines...
Source Port Destination Port Type Status VLAN Tagging ---------------- ----------------------- ------------ ----------- ------------------- RX, TX Active RX, TX Active 1/18 Active 3.17 QoS Commands 3.17.1 qos The qos global configuration command enables quality of service (QoS) on the device and enters QoS basic or advanced mode.
Syntax show qos Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays a device where basic mode is supported. Console# show qos Qos: basic Basic trust: dscp 3.17.3 wrr-queue cos-map...
3.17.4 wrr-queue bandwidth The wrr-queue bandwidth interface configuration command assigns Weighted Round Robin (WRR) weights to egress queues. The weights ratio determines the frequency in which the packet scheduler dequeues packets from each queue. To return to the default values, use the no form of this command. Syntax wrr-queue bandwidth weight1 weight2 ...
Default Configuration All queues are expedite queues. Command Mode Global Configuration mode User Guidelines When configuring the priority-queue out num-of-queues command, the weighted round robin (WRR) weight ratios are affected because there are fewer queues participating in WRR. Example The following example sets queue 7, 8 to be an EF queue. Console (config)# priority-queue out num-of-queues 2 3.17.6 show qos interface The show qos interface user EXEC command displays interface QoS data.
Page 101
Threshold qid MinDP0 MaxDP0 ProbDP0 MinDP1 MaxDP1 ProbDP1 MinDP2 MaxDP2 ProbDP2 Weight The following example displays output from the show qos interface ethernet g1 queueing command. Console# show qos interface Ethernet g1 queuing Ethernet g1 wrr bandwidth weights and EF priority: weights Priority Cos-queue map:...
User Guidelines Queue settings for 3, 11, 19, ... cannot be modified. Example The following example maps DSCP values 33, 40 and 41 to queue 1. Console (config)# qos map dscp-queue 33 40 41 to 1 3.17.8 qos trust (Global) The qos trust global configuration command can be used in basic mode to configure the system to "trust"...
User Guidelines Use no qos trust to disable the trust mode on each port. Use qos trust to enable trust mode on each port. Example The following example configures port g5 in basic mode to default trust state (CoS). Console (config)# interface ethernet e5 Console (config-if) qos trust 3.17.10 qos cos The qos cos interface configuration command configures the default port CoS value.
Console(config)# qos cos override 3.17.12 show qos map The show qos map user EXEC command displays all the QoS maps. Syntax show qos map [dscp-queue | policed-dscp | dscp-mutation] dscp-queue — Displays the DSCP to queue map. § § policed-dscp — Displays the DSCP to DSCP remark table. §...
§ Timeout period — 20 seconds Console (config)# radius-server host 192.168.10.1 auth-port 20 timeout 20 3.18.2 radius-server key The radius-server key global configuration command sets the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon. To reset to the default, use the no form of this command. Syntax radius-server key [key-string] no radius-server key...
Syntax radius-server source-ip source no radius-server-ip § source — Specifies the source IP address. Default Configuration The default IP address is the outgoing IP interface. Command Mode Global Configuration mode User Guidelines To define an out-of-band IP address, use the out-of-band IP address format —oob/ip-address. Example The following example configures the source IP address used for communication with RADIUS servers to 10.1.1.1.
User Guidelines There are no user guidelines for this command. Example The following example sets a dead time where a RADIUS server is skipped over by transaction requests for this period, to 10 minutes. Console (config)# radius-server deadtime 10 3.18.7 show radius-servers The show radius-servers user EXEC command displays the RADIUS server settings.
Page 110
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays RMON Ethernet Statistics for port g1. Console# show rmon statistics ethernet g1 Port g1 Dropped: 8 Octets: 878128 Packets: 978...
octets in length inclusive (excluding framing bits but including FCS octets). 128 to 255 Octets The total number of packets (including bad packets) received that are between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). 256 to 511 Octets The total number of packets (including bad packets) received that are between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
Example The following example displays all RMON group statistics. Console# show rmon collection history Index Interface Interval Requested Granted Owner Samples Sample ------- ---------- ----------- --------------- ------------ --------- 1000 The following table describes the significant fields shown in the display: Field Description Index...
Page 113
Console# show rmon history 5 errors Sample Set: 1 Owner: CLI Interface: 1/g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time CRC Align Undersize Oversize Fragments Jabbers ------------------------------ --------------- ---------------- ------------- --------------- ------------- Jan 18 2002 21:57:00 Jan 18 2002 21:57:30 The following example displays RMON Ethernet Statistics history for "other"...
during this sampling interval. This number is not necessarily the number of packets dropped, it is just the number of times this condition has been detected. Collisions The best estimate of the total number of collisions on this Ethernet segment during this sampling interval.
Syntax show rmon alarm-table Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the alarms summary table. Console# show rmon alarm-table Index Owner -------...
Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field Description Monitored variable OID. Last Sample Value The statistic value during the last sampling period. For example, if the sample type is delta, this value is the difference between the samples at the beginning and end of the period.
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures an event with the trap index of 10 Console (config)# rmon event 10 log 3.19.9 show rmon events The show rmon events user EXEC command displays the RMON event table. Syntax show rmon events Default Configuration...
Syntax show rmon log [event] § event — Event index. (Range: 0 - 65535) Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the RMON logging table. Console# show rmon log Maximum table size: 500 Event...
User Guidelines The configured table size is effective after the device is rebooted. Example The following example configures the maximum RMON history table sizes to 1000 entries. Console (config)# rmon table-size history 1000 3.20 SNMP Commands 3.20.1 snmp-server community The snmp-server community global configuration command sets up the community access string to permit access to the SNMP protocol.
User Guidelines There are no user guidelines for this command. Examples The following example sets up the community access string "public" to permit administrative access to SNMP protocol, at an administrative station with the IP address 192.168.1.20. Console (config)# snmp-server community public su 192.168.1.20 The following examples set up the community access string "public"...
Console (config)# snmp-server location New_York 3.20.4 snmp-server enable traps The snmp-server enable traps global configuration command enables the switch to send SNMP traps. To disable SNMP traps use the no form of the command. Syntax snmp-server enable traps no snmp-server enable traps Default Configuration Enabled Command Mode...
§ host-address — Internet address of the host (the targeted recipient). An out-of-band IP address can be specified as described in the User Guidelines. § community-string — Password-like community string sent with the notification operation. (R ange: 1 - 20 characters) §...
rndCommunityAccess super 3.20.8 show snmp The show snmp privileged EXEC command displays the SNMP status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the SNMP communications status.
Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality. Console(config)# spanning-tree 3.21.2 spanning-tree mode The spanning-tree mode global configuration command configures the spanning-tree protocol. To return to the default configuration, use the no form of this command.
User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree bridge forward time to 25 seconds. Console(config)# spanning-tree forward-time 25 3.21.4 spanning-tree hello-time The spanning-tree hello-time global configuration command configures the spanning-tree bridge hello time, which is how often the switch broadcasts hello messages to other switches.To reset the default hello time, use the no form of this command.
3.21.6 spanning-tree priority The spanning-tree priority global configuration command configures the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command.
1000 mbps (giga) — 20,000 100 mbps — 200,000 10 mbps — 2,000,000 Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines The method used (long or short) is set by using the spanning-tree pathcost method command. Example The following example configures the spanning-tree cost on g5 to 35000. Console(config)# interface ethernet g5 Console(config-if)# spanning-tree cost 35000 3.21.9 spanning-tree port-priority...
Example The following example enables PortFast on g5 Console(config)# interface ethernet g5 Console(config-if)# spanning-tree portfast 3.21.11 spanning-tree link-type The spanning-tree link-type interface configuration command overrides the default link-type setting. To reset the default, use the no form of this command. Syntax spanning-tree link-type {point-to-point | shared} no spanning-tree spanning-tree link-type...
3.21.13 spanning-tree bpdu The spanning-tree bpdu global configuration command defines BPDU handling when spanning-tree is disabled on an interface. Syntax spanning-tree bpdu {filtering | flooding} § filtering — Filter BPDU packets when spanning-tree is disabled on an interface. § flooding — Flood BPDU packets when spanning-tree is disabled on an interface. Default Configuration The default definition is flooding.
Page 130
§ instance-id — ID associated with a spanning-tree instance.(Range: 1 - 15) § detail — Display detailed information. § active — Display active ports only. § blockedports — Display blocked ports only. Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines...
3.22 SSH and SLOGIN Commands 3.22.1 ip ssh port The ip ssh port global configuration command specifies the port to be used by the SSH server. To use the default port, use the no form of this command. Syntax ip ssh port port-number no ip ssh port §...
Syntax crypto key generate dsa Default Configuration DSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. If the device already has DSA keys, a warning and prompt to replace the existing keys with new keys is displayed.
Command Mode Global Configuration mode User Guidelines AAA authentication is independent. Example The following example enables public key authentication for incoming SSH sessions. Console (config)# ip ssh pubkey-auth 3.22.6 crypto key pubkey-chain ssh The crypto key pubkey-chain ssh global configuration command enters SSH Public Key-chain configuration mode. The mode is used to manually specify other device public keys such as SSH client public keys.
3.22.8 key-string The key-string SSH public key-string configuration command manually specifies a SSH public key. Syntax key-string text § text — Authentication string that must be sentand received in the packets, using the routing protocol being authenticated. The string can contain from 1 to 16 uppercase and lowercase alphanumeric characters. Default Configuration By default, the keys do not exist.
DSA (DSS) key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP address Version Cipher Auth Code username ---------------- ---------------- --------------- -------------- ------------------- 172.16.0.1 John Brown 2.0 3 HMAC-SH1 The following table describes the significant fields shown in the display: Field Description IP address...
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays all SSH public keys stored on the device. Console# show crypto key pubkey-chain ssh Username Fingerprint ----------------...
64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms ----10.1.1.1 PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 7/8/11 Console> The following example displays a ping to out-of-band management port 176.16.1.1. Console# ping oob/176.16.1.1 64 bytes from oob/176.16.1.1: icmp_seq=0.
The traceroute command terminates when the destination responds, when the maximum TTL is exceeded, or when the user interrupts the trace with Esc. To find the trace to an out-of-band IP address, use the out-of-band IP address format: oob/ip-address. Examples console>...
Page 139
Command Mode User EXEC mode User Guidelines The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system-specific functions. To issue a special Telnet command, enter Esc and then a command character.
3.23.5 reload The reload privileged EXEC command reloads the operating system. Syntax reload Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Caution should be exercised when resetting the device, to ensure that no other activity is being performed. In particular, the user should verify that no configuration files are being downloaded at the time of reset.
Example The following example displays information about the active users. Console# show users Username Protocol Location ---------------- ------------ ------------ Serial John 172.16.0.1 Robert HTTP 172.16.0.8 3.23.8 show sessions The show sessions command in EXEC mode lists the open Telnet sessions. Syntax show sessions This command has no arguments or keywords.
Page 143
Example The following example displays the system information. console> show system System Description: Corporate System Up Time (days,hour:min:sec): 1,22:38:21 System Contact: System Name: System location: System MAC Address: 0010.B5F4.0001 OOB MAC Address: 0010.B5F4.000F Sys Object ID: Unit Type --------- ------------------ Unit-type specific Unit-type specific Temperature Sensors:...
3.23.10 show version The show version user EXEC command displays the system version information. Syntax show version Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes).
3.24.2 logging The logging global configuration command logs messages to a syslog server. To delete the syslog server with the specified address from the list of syslogs, use the no form of this command. Syntax logging {ip-address} [port port] [severity level] [facility facility] [description text] no logging {ip-address} §...
3.24.4 logging buffered The logging buffered global configuration command limits syslog messages displayed from an internal buffer based on severity. To cancel the buffer use, use the no form of this command. Syntax logging buffered level no logging buffered § level —...
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example clears messages from the internal syslog message logging buffer. Console# clear logging Clear logging buffer [y/n] y 3.24.7 logging file The logging file global configuration command limits syslog messages sent to the logging file based on severity. To cancel the buffer, use the no form of this command.
3.24.9 show logging The show logging privileged EXEC command displays the state of logging and the syslog messages stored in the internal buffer. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Syntax show logging file Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the state of logging and the syslog messages stored in the logging file. Console # show logging file Logging is enabled.
User Guidelines There are no user guidelines for this command. Example The following example displays the syslog server settings. Console# show syslog-servers IP address Port Severity Facility Description ---------------- ------- ------------ ------------ ---------------- 192.180.2.275 Informational local 192.180.2.285 Warning local 3.25 TACACS Commands 3.25.1 tacacs-server host The tacacs-server host command in global configuration mode specifies a TACACS+ host.
3.25.2 tacacs-server key The tacacs-server key command in global configuration mode sets the authentication encryption key used for all TACACS+ communications between the device and the TACACS+ daemon. To disable the key, use the no form of this command. Syntax tacacs-server key key-string no tacacs-server key §...
Syntax tacacs-server source-ip source no tacacs-server-ip § source — Specifies the source IP address. An out-of-band IP address can be specified as described in the usage guidelines.(Range: Valid IP Address) Default Configuration The IP address would be of the outgoing IP interface. User Guidelines To define an out-of-band IP address use the out-of-band IP address format: oob/ip-address.
3.26.3 configure The configure privileged EXEC command enters the global configuration mode. Syntax configure There are no parameters for this command. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example In the following example, because no keyword is entered, a prompt is displayed.
Default Configuration This command has no default configuration. Command Mode All command modes User Guidelines There are no user guidelines for this command. Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode. Console(config-if)# exit Console(config)# exit Console# 3.26.6 exit(EXEC)
3.26.8 help The help command displays a brief description of the help system. Syntax help Default Configuration This command has no default configuration. Command Mode All Command modes User Guidelines There are no user guidelines for this command. 3.26.9 history The history line configuration command enables the command history function.
User Guidelines There are no user guidelines for this command. Example The following example changes the command history buffer size to 100 entries for a particular line. Console (config-line)# history size 100 3.26.11 debug-mode The debug-mode privilege EXEC command switches the mode to debug. Syntax debug-mode Default Configuration...
3.26.13 show privilege The show privilege user EXEC command displays the current privilege level. Syntax show privilege Default Configuration This command has no default configuration. Command Mode User EXEC command mode User Guidelines There are no user guidelines for this command. Example The following example displays the current privilege level.
vlan-range — A list of valid VLAN IDs to be added. List separate, non-consecutive VLAN IDs separated by commas § (without spaces); use a hyphen to designate a range of IDs. (Range: 2 - 4063) Default Configuration This command has no default configuration. Command Mode VLAN Database mode User Guidelines...
Example The following example configures the VLAN 1 IP address of 131.108.1.27 and subnet mask 255.255.255.0. Console (config)# interface vlan 1 Console (config-if)# ip address 131.108.1.27 255.255.255.0 3.27.5 interface range vlan The interface range vlan global configuration command enters the interface configuration mode to configure multiple VLANs.
3.27.7 switchport mode The switchport mode interface configuration command configures the VLAN membership mode of a port. To reset the mode to the appropriate default for the device, use the no form of this command. Syntax switchport mode {access | trunk | general} no switchport mode §...
3.27.9 switchport trunk allowed vlan The switchport trunk allowed vlan interface configuration command adds or removes VLANs from a trunk port. Syntax switchport trunk allowed vlan {add vlan-list | remove vlan-list} § add vlan-list — List of VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs.
Syntax switchport general allowed vlan add vlan-list [ tagged | untagged ] switchport general allowed vlan remove vlan-list § add vlan-list — List of VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs.
no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example shows how to enables port ingress filtering on g8. Console (config)# interface ethernet g8 Console (config-if)# switchport general ingress-filtering disable 3.27.14 switchport general acceptable-frame-type taggedonly...
User Guidelines There are no user guidelines for this command. Example The following example forbids adding VLANs number 234 till 256, to g8. Console (config)# interface ethernet g8 Console (config-if)# switchport forbidden vlan add 234-256 3.27.16 map protocol protocols-group The map protocol protocols-group VLAN database command adds a special protocol to a named group of protocols, which may be used for protocol-based VLAN assignment.
User Guidelines There are no user guidelines for this command. Example The following example sets a protocol-based classification rule of protocol group 1 to VLAN 8. Console (config)# interface ethernet g8 Console (config-if)# switchport general map protocols-group 1 vlan 8 3.27.18 ip internal-usage-vlan The ip internal-usage-vlan interface configuration command reserves a VLAN as the internal usage VLAN of an interface.
Console# show vlan Vlan Name Ports Type Authorization default e1-2 other Required g1-4 VLAN0010 e3-4 dynamic Required VLAN0011 e1-2 static Required VLAN0020 e3-4 static Required VLAN0021 static Required VLAN0030 static Required VLAN0031 static Not Required 3.27.20 show vlan internal usage The show vlan internal usage privileged EXEC command displays a list of VLANs being used internally by the switch.
3.28 Web Server Commands 3.28.1 ip http server The ip http server global configuration command enables the device to be configured from a browser. To disable this function use the no form of this command. Syntax ip http server no ip http server Default Configuration This command has no default configuration.
3.28.3 ip https server The ip https server global configuration command enables the device to be configured from a secured browser. To disable this function, use the no form of this command. Syntax ip https server no ip https server Default Configuration The default for the device is disabled.
Command Mode Global Configuration mode User Guidelines The command is not saved in the router configuration; however, the certificate and keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up to another device. Example The following example regenerates a HTTPS certificate.
3.29 802.1x Commands 3.29.1 aaa authentication dot1x The aaa authentication dot1x global configuration command specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. Use the no form of this command to return to default.
3.29.3 dot1x port-control The dot1x port-control interface configuration command enables manual control of the authorization state of the port. Use the no form of this command to return to the default setting. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control §...
3.29.5 dot1x timeout re-authperiod The dot1x timeout re-authperiod interface configuration command sets the number of seconds between reauthentication attempts. Use the no form of this command to return to the default setting. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod §...
Default Configuration Command Mode Interface configuration (Ethernet) User Guidelines During the quiet period, the switch does not accept or initiate any authentication requests. The default value of this command should only be changed to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers.
Command Mode Interface configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Examples The following example sets the number of times that the switch sends an EAP - request/identity frame, to 6 Console (config)# interface ethernet g8 Console (config-if)# dot1x max-req 6 3.29.10 dot1x timeout supp-timeout The dot1x timeout supp-timeout interface configuration command sets the time for the retransmission of an Extensible...
onsole config-if(Config-VLAN)# dot1x timeout supp-timeout 3600 3.29.12 show dot1x The show dot1x privileged EXEC command displays 802.1X status for the switch or for the specified interface. Syntax show dot1x [ethernet interface] § interface —The full syntax is: unit/port. Default Configuration This command has no default configuration.
Reauth Control Reauthentication control. Reauth Period Reauthentication peiod. Username The User-Name representing the identity of the Supplicant. State The current value of the Authenticator PAE state machine. Quiet period The number of seconds that the switch remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password).
3.29.14 show dot1x statistics The show dot1x statistics privileged EXEC command displays 802.1X statistics for the specified interface. Syntax show dot1x statistics ethernet interface § interface — The full syntax is: unit/port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame. LastEapolFrameSource The source MAC address carried carried in the most recently received EAPOL frame. 3.29.15 ADVANCED FEATURES dot1x auth-not-req The dot1x auth-not-req interface VLAN configuration command enables unauthorized users access to that VLAN. Use the no form of this command to disable the access.
3.29.18 dot1x single-host-violation The dot1x single-host-violation interface configuration command configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. Use the no form of this command to return to default. Syntax dot1x single-host-violation {forward | discard | discard-shutdown} [trap seconds] no port dot1x single-host-violation...
Page 182
console# show dot1x advanced ethernet 1/1 Guest VLAN: 3978 Unauthenticated VLANs: 91, 92 Use user attributes from Authentication Server: Enabled User VLAN not created: Create Interface Multiple Hosts Disabled Enabled Single Host Violation: Discard Trap: Enabled Frequency: 100 Status: Authorized (Locked) Counter: 9...
4. WEB CONFIGURATION Besides the console interface, WGSW-24010 can be configured through an Ethernet connection, make sure the manager PC must be set on same the IP subnet address with the switch. For example, if you have changed the default IP address of the Switch to 192.168.16.234 with subnet mask 255.255.255.0 via console, then the manager PC should be set at 192.168.16.x (where x is a number between 2 and 254) with subnet...
Figure 3-14 main menu screen 4.2 Configure System The System section provides information for devining system parameters including security featrues, device software. Under system the folling topics are provided to devine and view the system informatin: • General • SNTP •...
Page 185
Assert The Asset page contains parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, date, time, and System Up Time. To open Access screen perform the folling: Click System -> General -> Assert The Access information screen is displayed as in Figure 3-15.
Page 186
Time Synchronization The Time Synchronization page contains fields for defining system time parameters for both the local hardware clock, and the external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, the system time reverts to the local hardware clock.
Page 187
• New Zealand -- From the first Sunday in October until the first Sunday on or after 15th March. • Norway -- Last weekend of March until the last weekend of October. • Paraguay -- From 6th April until 7th September. •...
Page 188
The Clock Source section contains the following fields: • The source used to set the system clock. The possible field values: Clock Source -- • Specifies that the system time is set via an SNTP server. For more information, see "SNTP Global SNTP -- Settings".
Page 189
• Week -- The week within the month at which DST ends every year. The possible field range is 1-5. • Month -- The month of the year in which DST ends every year. The possible field range is Jan.-Dec. •...
Figure 3-18 Reset screen 4.2.2 SNTP The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. SNTP operates only as a client, and cannot provide time services to other systems. The device can poll the following server types for the server time: •...
Polling for Anycast information is used when the server IP address is unknown. The first anycast server to return a response is used to set the time value. Time levels T3 and T4 are used to determine the server time. Using Anycast time information for synchronizing device time is preferred to using Broadcast time information.
• Receive Anycast Servers Updates -- Polls the SNTP server for Anycast server time information, when enabled. If both the Receive Anycast Servers Update, and the Receive Broadcast Servers Update fields are enabled, the system time is set according the Anycast server time information. •...
Page 193
Click System -> SNTP -> Servers The SNTP Servers screen is displayed as in Figure 3-21. Figure 3-21 SNTP Servers screen The page includes the following fields: • SNTP Server -- Enter a user-defined SNTP server IP addresses or hostname. Up to eight SNTP servers can be defined.
Figure 3-22 SNTP Broadcast Interface Table screen The page includes the following fields: • Interface -- Contains an interface list on which SNTP can be enabled. • Receive Server Updates -- The amount of time that passes before the SNTP server is polled for information. The field range is 3600 - 4294967295 seconds.
Page 195
Critical The system is in a critical state. Cannot bind to SNMP. Error A system error has occurred. Failed to delete entry. Warning A system warning has Port down. occurred. Notice The system is functioning Bad route. properly, but system notice has occurred.
Figure 3-23 RAM Log Tables Log File The Log File Table contains information about log entries saved to the Log File in FLASH, including the time the log was entered, the log severity, and a description of the log message. To open Log File Table screen perform the folling: Click System ->...
Page 197
Figure 3-24 Log File Table screen The page includes the following fields: • Log Index -- The log number in the Log File Table. • Log Time -- Specifies the time at which the log was entered in the Log File Table. •...
4.2.4 IP Addressing The IP Addressing page contains links for assigning interface and default gateway IP addresses, and defining ARP and DHCP parameters for the interfaces. The IP Addressing page contains links to the following topics: • Default Gateway • IP Interface Parameters •...
Page 199
To open IP Interface Parameter screen perform the folling: Click System -> IP Addressing -> IP Interface Parameter The IP Interface Parameter screen is displayed as in Figure 3-27. Figure 3-27 IP Interface Parameter screen The page includes the following fields: •...
Figure 3-28 DHCP IP Interface screen The page includes the following fields: • Interface -- The specific interface connected to the device. Click the option button next to Port, LAG, or VLAN and select the interface connected to the device. •...
Figure 3-29 Domain Name System screen The page includes the following fields: • DNS Status -- Enables or disables translating DNS names into IP addresses. • DNS Server -- Contains a list of DNS servers. DNS servers are added in the Add DNS Server page. •...
Figure 3-30 Default Domain Name screen The page includes the following fields: • Default Domain Name (1-158 characters) -- Contains a user-defined DNS domain name server. When selected, the DNS domain name is the default domain. • Type -- The domain type if the domain was statically or dynamically created. •...
Page 203
Figure 3-30 Host Name Mapping screen The page includes the following fields: • Host Name -- Contains a Host Name list. Host Name are defined in the Add Host Name Mapping page. Each host provides up to eight IP addresses. The field values for the Host Name field are: •...
Figure 3-31 ARP Settings screen The page includes the following fields: • Global Settings -- Select this option to activate the fields for ARP global settings. • ARP Entry Age Out (1-40000000) -- For all devices, the amount of time (seconds) that passes between ARP requests about an ARP table entry.
Page 205
Integrated Cable Test The Integrated Cable Test for Copper Cables page contains fields for performing tests on copper cables. Cable testing provides information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error which occurred.
4.2.6 Management Security The Management Security page provides access tosecurity pages that contain fields for setting security parameters for ports, device management methods, user, and server security. • Access Profiles • Authentication Profiles • Select Authentication • Local User Database •...
Page 207
The page and the add pages include the following fields: • Access Profile -- User-defined Access Profile lists. The Access Profile list contains a default value of Console List, to which user-defined access profiles are added. Selecting Console Only as the Access Profile name disconnects the session, and enables accessing the device from the console only.
Page 208
Figure 3-34 Authentication Profile screen The page includes the following fields: • Authentication Profile Name -- User-defined authentication profile lists to which user-defined authentication profiles are added. The defaults are Network Default and Console Default. • Optional Methods -- User authentication methods. Possible options are: •...
Figure 3-35 Select Authentication screen The page includes the following fields: • Console -- Authentication profiles used to authenticate console users. • Telnet -- Authentication profiles used to authenticate Telnet users. • Secure Telnet (SSH) -- Authentication profiles used to authenticate Secure Shell (SSH) users. SSH provides clients with secure and encrypted remote connections to a device.
Page 210
Figure 3-36 Local User Database screen The page includes the following fields: • User Name -- List of users. • Access Level -- User access level. The lowest user access level is 1, and the highest user access level is 15. •...
Page 211
Figure 3-37 Line Password screen The page includes the following fields: • Line Password for Console/Telnet/Secure Telnet (0-159 Characters) -- The line password for accessing the device via a console, Telnet, or Secure Telnet session. Passwords can contain a maximum of 159 characters. •...
Page 212
Figure 3-38 Enable Password screen The page includes the following fields: • Select Enable Access Level -- Access level associated with the enable password. Possible field values are 1-15. • Password (0-159 Characters) -- The currently configured enable password. Enable passwords can contain a maximum of 159 characters.
Page 213
Figure 3-39 TACACS+ Settings screen TACACS+ provides the following services: • Authentication -- Provides authentication during login and via user names and user-defined passwords. • Authorization -- Performed at login. Once the authentication session is completed, an authorization session starts using the authenticated user name. The TACACS server checks the user privileges. The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between the device and TACACS+ server.
Page 214
Default Parameters Section The TACACS+ default parameters are user-defined defaults. The default settings are applied to newly defined TACACS+ servers. If default values are not defined, the system defaults are applied to the new TACACS+ new servers. The Default Parameters section contains the following fields: •...
• Priority (1-65535) -- The server priority. The possible values are 1-65535, where 1 is the highest value. This is used to configure the order in which servers are queried. • Authentication Port -- Identifies the authentication port. The authentication port is used to verify the RADIUS server authentication.
The SNMP Communities screen is displayed as in Figure 3-41. Figure 3-41 SNMP Communities screen The page includes the following fields: • SNMP Management Station -- A list of management station IP addresses. • Community String -- Functions as a password and used to authenticate the selected management station to the device.
Figure 3-42 SNMP Trap Settings screen The page includes the following fields: • SNMP Trap -- Enables sending SNMP traps or SNMP notifications from the device to defined trap recipients. • Authentication Trap -- Enables sending SNMP traps when authentication failed to define recipients. •...
Page 218
The File Download screen is displayed as in Figure 3-43. Figure 3-43 File Download screen The page includes the following fields: • Firmware Download -- The Firmware file is downloaded. If Firmware Download is selected, the Configuration Download fields are grayed out. •...
File Upload The File Upload to Server page contains fields for uploading the software from the TFTP server to the device. The Image file can also be uploaded from the File Upload to Server page. To open File Upload screen perform the folling: Click System ->...
Click System -> File Management -> Copy Files The Copy Files screen is displayed as in Figure 3-45. Figure 3-45 Copy File screen The page includes the following fields: • Copy Configuration -- When selected, copies either the Running Configuration, Startup Configuration or Backup Configuration files.
Figure 3-46 General Settings screen The page includes the following fields: • Attribute -- The general setting attribute. • Current -- The currently configured value. • After Reset -- The future (after reset) value. By entering a value in the After Reset column, memory is allocated to the field table.
4.3.1 Network Security The device enables network security through both Access Control Listsand Locked Ports. The Network Security page contains links to the following topics: • Port Based Authentication • Multiple Hosts • Authenticated Users • Port Security Port Base Authentication The Port Based Authentication page contains fields for configuring port based authentication.
• Admin Interface Control -- Defines the port authorization state. The possible field values are: • Authorized -- Set the interface state to authorized (permit traffic). • Unauthorized -- Set the interface state to unauthorized (deny traffic). • Auto -- Authorize state is set by the authorization method. •...
Page 224
• Port -- The port number for which Advanced Port Based Authentication is enabled. • Multiple Hosts -- Enables or disables a single host to authorize multiple hosts for system access. This setting must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port. •...
Page 225
• User Name -- List of users authorized via the RADIUS Server. • Port -- The port number(s) used for authentication - per user name. • Session Time -- The amount of time the user was logged on to the device. The field format is Day:Hour:Minute:Seconds, for example, 3 days: 2 hours: 4 minutes: 39 seconds.
Figure 3-50 Port Security screen The page includes the following fields: • Interface -- The selected interface type on which Locked Port is enabled. • Port -- The selected interface type is a port. • LAG -- The selected interface type is a LAG. •...
• Storm Control • Port Mirroring Port Configuration The Port Configuration page contains fields for defining port parameters. To open Port Configuration screen perform the folling: Click Switch -> Ports -> Port Configuration The Port Configuration screen is displayed as in Figure 3-51. Figure 3-51 Port Configuration screen The page includes the following fields: •...
• Current Duplex Mode -- The currently configured port duplex mode. • Auto Negotiation -- Enables Auto Negotiation on the port. Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode and flow control abilities to its partner.
Figure 3-52 LAG Configure screen The page includes the following fields: • LAG -- The LAG number. • Description (0-64 Characters) -- Provides a user-defined description of the configured LAG. • LAG Type -- The port types that comprise the LAG. •...
The Storm Control page provides fields for enabling and configuring Storm Control. To open Storm Control screen perform the folling: Click Switch -> Ports -> Strom Control The Storm Control screen is displayed as in Figure 3-53. Figure 3-53 Storm Control screen The page includes the following fields: •...
Page 231
• The port is not a VLAN member. • Only one destination port can be defined. The following restrictions apply to ports configured to be source ports: • Source Ports cannot be a LAG member. • Ports cannot be configured as a destination port. •...
4.3.3 Address Table MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet addressed to a destination stored in one of the databases is forwarded immediately to the port. The Static and Dynamic Address Tables can be sorted by interface, VLAN, and interface type.
Page 233
• Permanent -- The MAC address is permanent. • Delete on Reset -- The MAC address is deleted when the device is reset. • Delete on Timeout -- The MAC address is deleted when a timeout occurs. • Remove -- When selected, removes the the MAC address from the MAC Address Table. Dymanic Address Table The Dynamic Address Table contains fields for querying information in the dynamic address table, including the interface type, MAC addresses, VLAN, and table sorting.
4.3.4 GARP Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any network connectivity or membership-style information. GARP defines a set of devices interested in a given network attribute, such as VLAN or Multicast address. When configuring GARP, ensure the following: •...
4.3.5 Spanning Tree Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Loops occur when alternate paths exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
• Enable -- Enables Spanning Tree • Disable -- Disables Spanning Tree • STP Operation Mode -- The STP mode by which STP is enabled on the device. The possible field values are: ú Classic STP -- Enables Classic STP on the device. This is the default value. ú...
Page 237
Figure 3-59 STP Port Settings screen The page includes the following fields: • Select a Port -- Port on which STP is enabled. • STP -- Enables or disables STP on the port. • Fast Link -- When selected, enables Fast Link mode for the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up.
ú Gigabit Ethernet - 4 • Priority (0-240, in steps of 16) -- Priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority value is between 0-240. The priority value is provided in increments of 16.
ú Listening -- The LAG is in the listening mode and cannot forward traffic or learn MAC addresses. ú Learning -- The LAG is in the learning mode and cannot forward traffic, but it can learn new MAC addresses. ú Forwarding -- The LAG is currently in the forwarding mode, and it can forward traffic and learn new MAC addresses.
Page 240
Figure 3-61 Rapid Spanning Tree screen The page includes the following fields: • Interface -- Port or LAG on which Rapid STP is enabled. • Role -- The port role assigned by the STP algorithm in order to provide to STP paths. The possible field values are: ú...
4.3.6 VLAN VLANs are logical subgroups of a Local Area Network (LAN) created via software rather than defining a hardware solution. VLANs combine user stations and network devices into a single domain regardless of the physical LAN segment to which they are attached.
Figure 3-62 VLAN Membership screen The VLAN Membership page is divided into the following sections: • VLAN Membership Configuration • VLAN Port Membership Table VLAN Membership Configuration The VLAN Membership section contains parameters for assigning VLAN membership to ports. The section contains the following fields: •...
Figure 3-63 VLAN Port Settings screen The page includes the following fields: • Port -- The port number included in the VLAN. • Port VLAN Mode -- The port mode. Possible values are: • General -- The port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode).
Page 244
Figure 3-64 VLAN LAG Settings The page includes the following fields: • LAG -- The LAG number included in the VLAN. • LAG VLAN Mode -- The LAG VLAN mode. Possible values are: • General -- The LAG belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode).
Page 245
Figure 3-64 Protocol Group screen The page includes the following fields: Frame Type -- The packet type. Possible field values are Ethernet, RFC1042, and LLC Other. Protocol Value -- User-defined protocol name. Ethernet-Based Protocol Value -- The Ethernet protocol group type. The possible field values are IP, IPX and IPV6. Protocol Group ID -- The VLAN Group ID number.
Figure 3-65 Protocol Port Table screen The page includes the following fields: • Interface -- Port or LAG number added to a protocol group. • Group ID -- Protocol group ID to which the interface is added. Protocol group IDs are defined in the Protocol Group Table.
Figure 3-66 GVRP Global Parameters screen The page includes the following fields: • GVRP Global Status -- Enables or disables GVRP on the device. GVRP is disabled by default. • Interface -- The port or LAG for which GVRP is enabled. •...
• The port's 802.1p priority is equal to LAGs 802.1p priority. • QoS Trust is not disabled on the port. • GVRP is not enabled. Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG. Note The device uses a hash function to determine which frames are carried on which aggregated-link member.
• Select a Port -- The port number to which timeout and priority values are assigned. • LACP Port Priority (1-65535) -- LACP priority value for the port. • LACP Timeout -- Administrative LACP timeout. The possible field values are: •...
4.3.8 Multicast Support Multicast forwarding allows a single packet to be forwarded to multiple destinations. L2 Multicast service is based on L2 switch receiving a single packet addressed to a specific Multicast address. Multicast forwarding creates copies of the packet, and transmits the packets to the relevant ports. The device supports: •...
Figure 3-69 Multicast Global Parameters The page includes the following fields: • Bridge Multicast Filtering -- Enables or disables bridge Multicast filtering. Disabled is the default value. IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled. • IGMP Snooping Status -- Enables or disables IGMP Snooping on the device. Disabled is the default value. Bridge Multicast Group The Bridge Multicast Group page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables.
Page 252
Figure 3-70 Bridge Multicast Group screen The page includes the following fields: • VLAN ID -- Identifies a VLAN and contains information about the Multicast group address. • Bridge Multicast Address -- Identifies the Multicast group MAC address/IP address. • Remove -- When selected, removes a Bridge Multicast address. •...
Toggle a port to F to forbid adding specific Multicast addresses to a specific port. Click Apply Changes. The port is assigned to the Multicast group, and the device is updated. Assigning LAGs to Receive Multicast Service Define the VLAN ID and the Bridge Multicast Address fields. Toggle the LAG to S to join the LAG to the selected Multicast group.
Forbidden. Blank The port is not attached to a Multicast router or switch. Attaching a Port to a Multicast Router or Switch Define the VLAN ID field. Select a port in the Ports table, and assign the port a value. Click Apply Changes.
• Host Timeout (1-2147483647) -- Time before an IGMP snooping entry is aged out. The default time is 260 seconds. • Multicast Router Timeout (1-2147483647) -- Time before aging out a Multicast router entry. The default value is 300 seconds. •...
Figure 3-73 Utilization Summary screen The page includes the following fields: • Refresh Rate -- The amount of time that passes before the interface statistics are refreshed. • Interface -- The interface number. • Interface Status -- Status of the interface. •...
Figure 3-74 Counter Summary screen The page includes the following fields: • Refresh Rate -- The amount of time that passes before the interface statistics are refreshed. • Interface -- The interface number. • Interface Status -- The interface status. •...
Page 258
Figure 3-75 Interface Statistics The Interface Statistics page is divided into the following sections: • Statistics Selection • Receive Statistics • Transmit Statistics Statistics Selection The Statistics Selection section contains the following fields: • Interface -- Specifies whether statistics are displayed for a port or LAG. •...
To open Etherlink Statistics screen perform the folling: Click Statics/RMON -> Table Views -> Etherlink Statistics The Etherlink Statistics screen is displayed as in Figure 3-76 Figure 3-76 Etherlink Statistics screen The page includes the following fields: • Interface -- Specifies whether statistics are displayed for a port or LAG. •...
The GVRP Statistics screen is displayed as in Figure 3-77 Figure 3-76 GVRP Statistics screen The Interface Statistics page is divided into the following sections: • Statistics Selection • GVRP Statistics Table Attribute (Counter) • GVRP Error Statistics Statistics Selection •...
To open EAP Statistics screen perform the folling: Click Statics/RMON -> Table Views -> EAP Statistics The EAP Statistics screen is displayed as in Figure 3-78 Figure 3-78 EAP Statistics screen The page includes the following fields: • Port -- The port which is polled for statistics. •...
• Statistics • History Control • History Table • Events Control • Events Log • Alarms RMON Statistics The RMON Statistics Group page contains fields for viewing information about device utilization and errors that occurred on the device. To open EAP Statistics screen perform the folling: Click Statics/RMON ->...
Page 263
• CRC & Align Errors -- Number of CRC and Align errors that have occurred on the interface since the device was last refreshed. • Undersize Packets -- Number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed.
• Remove -- When selected, removes the History Control Table entry. RMON History Table The RMON History Table contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To open RMON History Control screen perform the folling: Click Statics/RMON ->...
Page 265
• Utilization -- Estimates the main physical layer network usage on an interface during the session sampling. The value is reflected in hundredths of a percent. RMON Events Control The RMON Events Control page contains fields for defining RMON events. To open RMON History Control screen perform the folling: Click Statics/RMON ->...
The RMON Events Log screen is displayed as in Figure 3-83 Figure 3-83 RMON Event Log screen The page includes the following fields: • Event -- The RMON Events Log entry number. • Log No.-- The log number. • Log Time -- Time when the log entry was entered. •...
Figure 3-84 RMON Alarm screen The page includes the following fields: • Alarm Entry -- Indicates a specific alarm. • Interface -- The interface for which RMON statistics are displayed. • Counter Name -- The selected MIB variable. • Counter Value -- B class=cBold origTag="Bold" cs="Bold"> The value of the selected MIB variable. •...
The Chart page contains links to the following topics: • Ports • LAGs Ports The Port Statistics page contains fields for opening statistics in a chart form for port elements. To open Port Statistics screen perform the folling: Click Statics/RMON -> Charts -> Ports The Ports Statistics screen is displayed as in Figure 3-85 Figure 3-85 Port Statistics screen The page includes the following fields:...
Figure 3-86 LAG Statistics screen The page includes the following fields: • Interface Statistics -- Selects the type of interface statistics to open. • Etherlike Statistics -- Selects the type of Etherlike statistics to open. • RMON Statistics -- Selects the type of RMON statistics to open. •...
QoS Settings The QoS Global Settings page contains fields for enabling or disabling QoS. In addition, the Trust mode can be selected. The Trust mode relies on predefined fields within the packet to determine the output queue. To open QoS Settings screen perform the folling: Click Quality of Service ->...
Figure 3-88 Global Queue Settings screen The page includes the following fields: • Queues -- The Queue number. • Strict Priority -- Specifies if traffic scheduling is based strictly on the queue priority. The default is enabled. • WRR -- Specifies if traffic scheduling is based on the Weighted Round Robin (WRR) weights to egress queues Interface Settings The Interface Settings page contains fields for defining, per interface, if the selected Trust mode is to be activated.
Page 272
Figure 3-89 Interface Cos/Qos Settings screen The page contains the following areas: • Interface Setting • Queue Settings Interface Settings Area The Interface Settings area includes the following fields: • Interface -- The specific port, LAG to configure: • Disable "Trust" Mode on Interface -- Disables Trust values on the device. For more information on Trust settings, see "Configuring Global CoS Settings".
Click Quality of Service -> QoS Global Parameters -> CoS to Queue The CoS to Queue Mapping Table screen is displayed as in Figure 3-90 Figure 3-90 CoS to Queue Mapping Table The page includes the following fields: • Class of Service -- Specifies the CoS priority tag values, where zero is the lowest and 7 is the highest. •...
Page 274
Figure 3-91 DSCP to Queue Mapping The page includes the following fields: • DSCP In -- The values of the DSCP field within the incoming packet. • Queue -- The queue to which packets with the specific DSCP value is assigned. The values are 1-4, where one is the lowest value and four is the highest.
5. SWITCH OPERATION 5.1 Address Table The Switch is implemented with an address table. This address table composed of many entries. Each entry is used to store the address information of some node in network, including MAC address, port no, etc. This information comes from the learning process of Ethernet Switch.
APPENDIX A A.1 Switch‘s RJ-45 Pin Assignments 1000Mbps, 1000Base T Contact MDI-X BI_DA+ BI_DB+ BI_DA- BI_DB- BI_DB+ BI_DA+ BI_DC+ BI_DD+ BI_DC- BI_DD- BI_DB- BI_DA- BI_DD+ BI_DC+ BI_DD- BI_DC- Implicit implementation of the crossover function within a twisted-pair cable, or at a wiring panel, while not expressly forbidden, is beyond the scope of this standard.
APPENDIX B B.1 System Default configuration. The following file is the factory default settings of WGSW-24010. Once you have to reset your WGSW-24010 configuration to default values, please upload the file to replace the running/startup/backup configuration. no spanning-tree interface range ethernet all...