1. Manuals
  2. Brands
  3. Amer.com Manuals
  4. Network Router
  5. SS2R24G4i
  6. User manual

Amer.com SS2R24G4i User Manual

Layer 2/layer 4 managed fast ethernet switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
SS2R24G4i/SS2R48G4i
L
a
L
a
S
S
2
S
S
2
y
e
r
2
/
L
a
y
e
r
4
y
e
r
2
/
L
a
y
e
r
4
U
SER
R
2
4
G
4
i
,
R
2
4
G
4
i
,
M
a
n
a
g
e
d
F
a
M
a
n
a
g
e
d
F
a
M
- 0 -
S
S
2
R
4
8
S
S
2
R
4
8
s
t
E
t
h
e
r
n
e
t
S
s
t
E
t
h
e
r
n
e
t
S
ANUAL
V
e
V
M
a
M
a
G
4
i
G
4
i
w
i
t
c
h
w
i
t
c
h
r
s
i
o
n
1
.
2
e
r
s
i
o
n
1
.
2
r
c
h
2
0
0
9
r
c
h
2
0
0
9

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SS2R24G4i and is the answer not in the manual?

Questions and answers

Related Manuals for Amer.com SS2R24G4i

Summary of Contents for Amer.com SS2R24G4i

  • Page 1 SS2R24G4i/SS2R48G4i ANUAL - 0 -...
  • Page 2 SS2R24G4i/SS2R48G4i Trademarks Copyright ©2009 Amer.com. Contents subject to change without prior notice. Copyright Statement No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission, as stipulated by the United States Copyright Act of 1976.

  • Page 3: Electronic Emission Notices

    SS2R24G4i/SS2R48G4i Caution Circuit devices are sensitive to static electricity, which can damage their delicate electronics. Dry weather conditions or walking across a carpeted floor may cause you to acquire a static electrical charge. To protect your device, always Touch the metal chassis of your computer to ground the static electrical charge before you pick up the circuit device.
  • Page 4 SS2R24G4i/SS2R48G4i Preface SS2R24/48G4i switch is a high performance Ethernet switch which has wire-speed Layer 2 switching capacity. The switch can seamlessly support various network interfaces from 10Mb, 100Mb, 1000Mb Ethernets. We strongly recommend you to read through this manual carefully before installation and configuration to avoid possible damage to the switch and malfunction.

  • Page 5: Table Of Contents

    SS2R24G4i/SS2R48G4i CONTENTS Chapter 1 Switch Overview _______________________________ 1 1.1 B ________________________________________ 1 RIEF NTRODUCTION 1.1.1 Overview ________________________________________________ 1 1.1.2 Features and Benefits ______________________________________ 2 1.1.3 Main Features ____________________________________________ 3 1.2 T ____________________________________ 4 ECHNICAL SPECIFICATIONS 1.3 P _____________________________________ 5 HYSICAL PECIFICATIONS 1.4 P...
  • Page 6 SS2R24G4i/SS2R48G4i 4.1.1 Out-of-band Management __________________________________ 20 4.1.2 In-band Management _____________________________________ 23 4.2 M _____________________________________ 26 ANAGEMENT NTERFACE 4.2.1 CLI Interface ____________________________________________ 27 4.2.2 Web Interfac ____________________________________________ 32 Chapter 5 Basic Switch Configuration_______________________ 34 5.1 B _______________________ 34 ASIC WITCH ONFIGURATION OMMANDS 5.1.1 clock set _______________________________________________ 34...
  • Page 7 SS2R24G4i/SS2R48G4i 5.6.3 System Log Configuration Example __________________________ 64 5.6.4 System Log troubleshooting ________________________________ 64 5.7 C __________________________________ 66 LASSIFIED ONFIGURATION 5.7.1 Introduction of Classified Configuration _______________________ 66 5.7.2 Configure the Classified Configuration ________________________ 66 5.8 P ___________________________________________ 66 SOLATION 5.8.1 Introduction of Port Isolation _______________________________ 66 5.8.2 Port Isolation Configuration ________________________________ 67...
  • Page 8 SS2R24G4i/SS2R48G4i 9.1 I VLAN_____________________________________ 86 NTRODUCTION TO 9.2 VLAN C ______________________________________ 87 ONFIGURATION 9.2.1 VLAN Configuration Task List _______________________________ 87 9.2.2 Typical VLAN Application ___________________________________ 89 9.3 D _______________________________ 90 TUNNEL ONFIGURATION 9.3.1 Dot1q-tunnel Introduction _________________________________ 90 9.3.2 Configuration Task Sequence Of Dot1q-Tunnel __________________ 91 9.3.3 Typical Applications Of The Dot1q-tunnel ______________________ 92...
  • Page 9 SS2R24G4i/SS2R48G4i 13.1 DCSCM I ___________________________________ 111 NTRODUCTION 13.2 DCSCM C __________________________________ 111 ONFIGURATION 13.2.1 DCSCM Configuration Task Sequence _______________________ 111 13.3 DCSCM T _________________________________ 114 YPICAL XAMPLES 13.4 DCSCM T ________________________________ 115 ROUBLESHOOTING 13.4.1 DCSCM Debug and Monitor Command ______________________ 115 13.4.2 11.4.2 DCSCM Troubleshooting ___________________________ 116...
  • Page 10 SS2R24G4i/SS2R48G4i 17.1 I ____________________________ 149 NTRODUCTION TO HANNEL 17.2 P ______________________________ 150 HANNEL ONFIGURATION 17.2.1 Port Channel Debug and Monitor Command __________________ 150 17.3 P ___________________________________ 151 HANNEL XAMPLE 17.4 P ____________________________ 153 HANNEL ROUBLESHOOTING 17.4.1 Debug and Monitor Command ____________________________ 153 17.4.2 Port Channel Channel Troubleshooting ______________________ 155...
  • Page 11 SS2R24G4i/SS2R48G4i 22.1.1 QoS Terms____________________________________________ 174 22.1.2 QoS Implementation ____________________________________ 175 22.1.3 Basic QoS Model _______________________________________ 175 22.2 Q _____________________________________ 176 ONFIGURATION 22.2.1 QoS Configuration Task List ______________________________ 176 22.3 Q __________________________________________ 179 XAMPLE 22.4 Q ___________________________________ 181 ROUBLESHOOTING 22.4.1 QoS Monitor And Debug Command ________________________ 181 22.4.2 Qos Troubleshooting ____________________________________ 184...

  • Page 12: Chapter 1 Switch Overview

    SS2R24G4i/SS2R48G4i Chapter 1 Switch Overview 1.1 Brief Introduction Fig 1-1 SS2R24G4i switch Fig 1-2 SS2R48G4i switch 1.1.1 Overview The SS2R24/48G4i switch Intelligent Stackable Secure Ethernet Access Switch can not only be utilized in large-scale enterprise networks, campus networks and metropolitan area networks as access...

  • Page 13: Features And Benefits

    SS2R24G4i/SS2R48G4i of switch has unique network access functions and flexible management of network, including MAC binding/filtering, limiting the total number of Mac addresses, IEEE802.1Q VLAN, PVLAN, IEEE802.1x access authentication, QoS, ACL, bandwidth control, IEEE802.3ad TRUNK, IGMP Snooping, broadcast storm control, IEEE802.1d/w spanning tree, port mirroring and so on.

  • Page 14: Main Features

    SS2R24G4i/SS2R48G4i TRUNK The switch supports IEEE802.3ad standard TRUNK . It can also realize link redundancy and traffic load balance. IGMP Snooping The switch supports multicast applications which are based on IGMP Snooping mechanism, and as a result, it can realize all kinds of multicast services, diminish the network traffic and meet the requirement of multicast services like multimedia playing, remote teaching and entertainment.

  • Page 15: Technical Specifications

    SS2R24G4i/SS2R48G4i Can update the firmware using TFTP/FTP. Can be fixed in a standard 19-inch frame. 1.2 Technical specifications Protocols and Standards IEEE802.3 10BASE-T Ethernet IEEE802.3u 100BASE-TX/FX Fast Ethernet IEEE802.3x Flow control IEEE802.1x access control IEEE802.1D/w Spanning Tree IEEE802.1p Class of Service IEEE802.1Q VLAN...

  • Page 16: Physical Specifications

    1.4 Product appearance 1.4.1 Product Front Panel View SS2R24/48G4i switch switch front panel view as follows Fig 1-3 SS2R24G4i switch front panel view Fig 1-4 SS2R48G4i switch front panel view 1.4.2 Product back panel view SS2R24/48G4i switch back panel view as follows...

  • Page 17: Status Leds

    SS2R24G4i/SS2R48G4i Fig 1-5 SS2R24G4i back panel view Fig 1-6 SS2R48G4i back panel view 1.4.3 Status LEDs The LEDs of SS2R24/48G4i switch switch include PWR, DIAG, Link/Act and 1000M. The LEDs are located on the front panel for easy viewing and shown below...
  • Page 18 The initialization of the program has failed. Table1-2 Description of LEDs in SS2R24G4i/SS2R48G4i Switch SS2R48G4iswitch does not have the 1000M LED. The Link/ACT LED of its 100M port is above the corresponding port, while the Link/ACT iLED of its 1000M port is on the right of the corresponding port.

  • Page 19: Chapter 2 Hardware Installation

    SS2R24G4i/SS2R48G4i Chapter 2 Hardware Installation 2.1 Installation Notice To ensure the proper operation of SS2R24/48G4i switch and your physical security, please read carefully the following installation guide. 2.1.1 Environmental Requirements The switch must be installed in a clean area. Otherwise, the switch may be damaged by electrostatic adherence.

  • Page 20: Power Supply

    SS2R24G4i/SS2R48G4i 0.05 0.15 0.01 Table 2-2 Environmental Requirements Particles 2.1.1.2 Temperature and Humidity As the switch is designed to no fan, it’s physical heat-away ,the site should still maintain a desirable temperature and humidity. High-humidity conditions can cause electrical resistance degradation or even electric leakage, degradation of mechanical properties and corrosion of internal components.

  • Page 21: Installation Notice

    SS2R24G4i/SS2R48G4i Improper power supply system grounding, extreme fluctuation of the input source and transients (or spikes) can result in larger error rate, or even hardware damage! 2.1.1.4 Preventing Electrostatic Discharge Damage Static electric discharges can cause damage to internal circuits, even the entire switch. Follow...

  • Page 22: Security Warnings

    SS2R24G4i/SS2R48G4i installation materials and tools are prepared. And make sure the installation site is well prepared. During the installation, users must use the brackets and screws provided in the accessory kit. Users should use the proper tools to perform the installation. Users should always wear antistatic uniform and ESD wrist straps.

  • Page 23: Hardware Installation

    SS2R24G4i/SS2R48G4i RJ-45 pin Table 2-4 The required tools and utilities 2.3 Hardware Installation 2.3.1 Installing the Switch Please mount SS2R24/48G4i switch on the 19’’ rack as below Fig 2-1 SS2R24/48G4i switch Rack-mounting 1. Attach the 2 brackets on the SS2R24/48G4i switch with screws provided in the accessory kit.

  • Page 24: Power Supply Connection

    SS2R24G4i/SS2R48G4i listed below Fig 2-2 Connecting Console to SS2R24/48G4i switch Find the console cable provided in the accessory kit. Attach the Mini-USB end to console port of the switch. Connect the other side of the console cable to a character terminal (PC).
  • Page 25 SS2R24G4i/SS2R48G4i...

  • Page 26: Chapter 3 Setup Configuration

    SS2R24G4i/SS2R48G4i Chapter 3 Setup Configuration Setup configuration refers to the initial operation to the switch after the user purchases the switch. For first-time users of the SS2R24/48G4i switch, this chapter provides a very practical instruction. When using the CLI (command line interface), the user can type setup under admin mode to enter the Setup configuration interface.

  • Page 27: Configuring Vlan1 Interface

    SS2R24G4i/SS2R48G4i 3.3.2 Configuring Vlan1 Interface Select “1” in the Setup main menu and press Enter to start configuring the Vlan1 interface Config Interface-Vlan1 [0] Config interface-Vlan1 IP address [1] Config interface-Vlan1 status [2] Exit Selection number Select “0” in the Vlan1 interface configuration menu and press Enter, the following screen appears Please input interface-Vlan1 IP address (A.B.C.D)

  • Page 28: Configuring Web Server

    SS2R24G4i/SS2R48G4i 3.3.4 Configuring Web Server Select “3” in the Setup main menu and press Enter to start configuring the Web server, the follow appears Configure web server [0] Add webuser [1] Config web server status [2] Exit Selection number Select “0” in the Web server configuration menu and press Enter, the following screen appears Please input the new web user name Note the valid username length is 1 to 16 characters.

  • Page 29: Exiting Setup Configuration Mode

    SS2R24G4i/SS2R48G4i Please input the read-write access community string[private] Note the valid length for a read-write access community string is 1 to 255 characters, the default value is “private”. When a valid read-write access community string is entered, pressing Enter returns you to the SNMP configuration menu.
  • Page 30 SS2R24G4i/SS2R48G4i Selecting “6” in the Setup main menu exits the Setup configuration mode and saves the configurations made. This is equivalent to running the Write command. For instance, if under the Setup configuration mode, the user sets a Telnet user and enables Telnet service, and selects “5” to exit Setup main menu.

  • Page 31: Chapter 4 Switch Management

    SS2R24G4i/SS2R48G4i Chapter 4 Switch Management 4.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. SS2R24/48G4i switch provides two management options in-band management and out-of-band management. 4.1.1 Out-of-band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
  • Page 32 SS2R24G4i/SS2R48G4i Open the HyperTerminal included in Windows after the connection established. 1) Click Start menu - All Programs – Accessories – Communication - HyperTerminal. 2)Type a name for opening HyperTerminal, such as “Switch_A”. Fig 4-2 Opening HyperTerminal 3)In the “Connecting with” drop-list, select the RS-232 serial port used by the PC, e.g. COM1, and click “OK”.
  • Page 33 67,108,864 RAM OK. Initializing... Booting..Starting at 0x10000... Current time is MON JAN 01 00 00 00 2001 SS2R24G4I Series Switch Operating System SoftWare Version RS-5200-28_1.2.17.0 NOS Version NOS_5.1.35.47 Copyright (C) 2001-2007 AMER. COM http //www.amer.com SS2R24G4I Switch (88E6218-133M) processor 28 Ethernet/IEEE 802.3 interface(s)

  • Page 34: In-Band Management

    SS2R24G4i/SS2R48G4i 4.1.2 In-band Management In-band management refers to the management by logging into the switch using Telnet. In-band management enables the function of managing the switch for some devices attached to the switch. In the case when in-band management fails due to switch configuration changes, out-of-band management can be used for configuring and managing the switch.
  • Page 35 SS2R24G4i/SS2R48G4i below. Before in-band management, the switch must be configured with an IP address by out-of-band management (i.e. Console mode), The configuration commands (All switch configuration prompts are assumed to be “switch” hereafter if not otherwise specified) Switch> Switch>en Switch#config Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.0...

  • Page 36: Management Via Http

    SS2R24G4i/SS2R48G4i Fig 4-7 Telnet Configuration Interface 4.1.2.2 Management via HTTP To manage the switch via HTTP, the following conditions should be meet 1) Switch has an IP address configured; 2) The host IP address and the switch’s VLAN interface IP address is in the same network segment.

  • Page 37: Management Interface

    SS2R24G4i/SS2R48G4i Fig 4-8 Run HTTP Protocol Logon to the switch Step 3 To logon to the HTTP configuration interface, valid login user name and password are required; otherwise the switch will reject HTTP access. This is a method to protect the switch from the unauthorized access.

  • Page 38: Cli Interface

    SS2R24G4i/SS2R48G4i 4.2.1 CLI Interface CLI interface is familiar to most users. As aforementioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands.

  • Page 39: Admin Mode

    SS2R24G4i/SS2R48G4i 4.2.1.1.2 Admin Mode When enable command is used under User Mode,To Admin Mode sees the following In user entry system, if as Admin user, it is defaulted to Admin Mode. Admin Mode prompt “Switch#” can be entered under the User Mode by running the enable command and entering corresponding access levels admin user password, if a password has been set.

  • Page 40: Dhcp Address Pool Mode

    SS2R24G4i/SS2R48G4i related return <port-channel-nu settings such mber> command Global Mode. under Global duplex Mode. mode, speed, etc. 4.2.1.1.5 VLAVLAN Mode Using the vlan <vlan-id> command under Global Mode can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode 4.2.1.1.6 DHCP Address Pool Mode...

  • Page 41: Shortcut Key Support

    SS2R24G4i/SS2R48G4i parameter; {enum1 | … | enumN } indicates a mandatory parameter that should be selected from the parameter set enum1~enumN; and the square bracket ([ ]) in [option] indicate an optional parameter. There may be combinations of “< >“, “{ }” and “[ ]” in the command line, such as [<variable>],{enum1 <variable>...

  • Page 42: Help Function

    SS2R24G4i/SS2R48G4i Right “→” The cursor moves one character to entered command. the right. Ctrl +p The same as Up key “↑”. Ctrl +n The same as Down key “↓”. Ctrl +b The same as Left key “←”. Ctrl +f The same as Right key “→”.

  • Page 43: Web Interfac

    SS2R24G4i/SS2R48G4i 4.2.1.5.1 Returned Information success All commands entered through keyboards undergo syntax check by the Shell. Nothing will be returned if the user entered a correct command under corresponding modes and the execution is successful. 4.2.1.5.2 Returned Information error Returned Information error...
  • Page 44 SS2R24G4i/SS2R48G4i configuration interface. The bottom left part of the Web configuration interface is the main menu, with which users can configure, control and maintain the switch, monitor ports and so on. The bottom right part is used to display information and to interact with users. When the users click the upper part or the bottom left part, the bottom right part will show the configuration interface of the corresponding menu(submenu), then, the users can configure the switch as they want to.

  • Page 45: Chapter 5 Basic Switch Configuration

    SS2R24G4i/SS2R48G4i Chapter 5 Basic Switch Configuration 5.1 Basic Switch Configuration Commands Basic switch configuration includes commands for entering and exiting the admin mode, commands for entering and exiting interface mode, for configuring and displaying the switch clock, for displaying the version information of the switch system, etc.

  • Page 46: Help

    SS2R24G4i/SS2R48G4i Command exit Function to quit from the current mode quit and return the previous mode. By this command, users being in global mode will return to admin configuration mode; users being admin mode will return to user mode. Command mode All Modes 5.1.4 help...

  • Page 47: Setup

    SS2R24G4i/SS2R48G4i Command reload Function Warm reset the switch. Command mode Admin Mode set default Command set default Function Reset the switch to factory settings. Command mode Admin Mode 5.1.9 setup Command setup Function Enter the Setup Mode of the switch.

  • Page 48: Show Cpu Usage

    SS2R24G4i/SS2R48G4i 5.1.13 show cpu usage Command show cpu usage Function To display the CPU usage rate of the switch Command Mode Admin Mode. show tech-support Command show tech-support Function To collect tech-support information. Command Mode Admin Mode. 5.2 Monitor and Debug Command...
  • Page 49 SS2R24G4i/SS2R48G4i as described earlier in the In-band management section. As a Telnet server, SS2R24/48G4i switch switch allows up to 5 telnet client TCP connections. And as Telnet client, using telnet command under Admin Mode allows the user to login to the other remote hosts.

  • Page 50: Authentication Login

    SS2R24G4i/SS2R48G4i Command Explanation Admin Mode Login to a remote host with the Telnet telnet [<ip-addr>] [<port>] client included in the switch. 5.2.2.3 Commands for Telnet 5.2.2.3.1 authentication login Command authentication login {local | radius | local radius | radius local}...

  • Page 51: Ssh

    SS2R24G4i/SS2R48G4i disables the Telnet function in the switch. Default Telnet server function is enabled by default. Command mode Global Mode 5.2.2.3.5 telnet-server securityip Command telnet-server securityip <ip-addr> no telnet-server securityip <ip-addr> Function Configure the secure IP address of Telnet client allowed to login to the switch; the “no telnet-server securityip <ip-addr>“...
  • Page 52 SS2R24G4i/SS2R48G4i SSH Server Configuration Command Explanation Global Mode Enable SSH function on the switch; the ssh-server enable “no command ssh-server enable” no ssh-server enable disables SSH function. Configure the username and password of SSH client software for logging on the ssh-user <user-name>...
  • Page 53 SS2R24G4i/SS2R48G4i Function Configure the username and password of SSH client software for logging on the switch; the “no ssh-user <user-name>“ command deletes the username. Parameter <username> is SSH client username. It can’t exceed 16 characters; <password> is SSH client password. It can’t exceed 8 characters; 0|7 stand for unencrypted password and encrypted password.
  • Page 54 SS2R24G4i/SS2R48G4i the SSH client side,enable function of debug information in console Command mode Admin Mode Relative Command ssh-user 5.2.3.4 SSH Server Configure Example Scenario 1 Requirement Enable SSH server on the switch, and run SSH2.0 client software such as Secure shell client and putty on the terminal.

  • Page 55: Traceroute

    SS2R24G4i/SS2R48G4i 5.2.4 Traceroute Command traceroute {<ip-addr> | host <hostname> }[hops <hops>] [timeout <timeout> ] Function This command is used to test the gateways passed by packets on their way from sending equipment to destination equipment, in order to check whether the network can be reached and to locate the fault of network.

  • Page 56: Show History

    SS2R24G4i/SS2R48G4i Command show flash Function Display the document in the flash Command Mode Admin Mode 5.2.5.5 show history Command show history Function Display the recent user input history command Command Mode Admin Mode 5.2.5.6 show memory Command show memory Function Display the contents in the memory Command Mode Admin Mode 5.2.5.7 show rom...

  • Page 57: Debug

    SS2R24G4i/SS2R48G4i the switch 5.2.5.11 show tcp Command show tcp Function Display the current TCP connection status established to the switch. Command mode Admin Mode 5.2.5.12 show udp Command show udp Function Display the current UDP connection status established to the switch.
  • Page 58 SS2R24G4i/SS2R48G4i The IP address of SS2R24/48G4i switch switch is set on the VLAN interface. The VLAN with an IP address is called management VLAN. All the in-band management of the switch is done through management VLAN.SS2R24/48G4i switch switch only allows one VLAN interface, so, to change the ID of the management VLAN, the original VLAN interface should be deleted first, and then create a new VLAN interface.

  • Page 59: Snmp Configuration

    SS2R24G4i/SS2R48G4i 5.4 SNMP Configuration 5.4.1 Introduction To SNMP SNMP (Simple Network Management Protocol) is a standard network management protocol widely used in computer network management. SNMP is an evolving protocol. SNMP v1 [RFC1157] is the first version of SNMP which is adapted by vast numbers of manufacturers for its simplicity and easy implementation;...

  • Page 60: Introduction To Mib

    SS2R24G4i/SS2R48G4i 5.4.2 Introduction to MIB The network management information accessed by NMS is well defined and organized in a Management Information Base (MIB). MIB is pre-defined information which can be accessed by network management protocols. It is in layered and structured form. The pre-defined management information can be obtained from monitored network devices.

  • Page 61: Introduction To Rmon

    SS2R24G4i/SS2R48G4i 5.4.3 Introduction to RMON RMON is the most important expansion of the standard SNMP. RMON is a set of MIB definitions, used to define standard network monitor functions and interfaces, enabling the communication between SNMP management terminals and remote monitors. RMON provides a highly efficient method to monitor actions inside the subnets.
  • Page 62 SS2R24G4i/SS2R48G4i 2. Configure SNMP community string Command Explanation snmp-server community {ro|rw} <string> Configure the community string for the no snmp-server community <string> switch; the “no snmp-server community <string>“ command deletes the configured community string. 3. Configure IP address of SNMP management base...

  • Page 63: Typical Snmp Configuration Examples

    SS2R24G4i/SS2R48G4i 8. Configuring TRAP Command Explanation snmp-server enable traps Enable the switch to send Trap message. no snmp-server enable traps This command is used for SNMP v1/v2/v3. snmp-server host <host-address > Set the host IPv4/IPv6 address which is {v1|v2c|{v3 used to receive SNMP Trap information.

  • Page 64: Snmp Troubleshooting

    SS2R24G4i/SS2R48G4i Switch (Config)#snmp-server user tester DCNGroup encrypted auth md5 hello Switch (Config)#snmp-server group DCNGroup AuthPriv read max write max notify max Switch (Config)#snmp-server view max 1 include Scenario 4 NMS wants to receive the v3Trap messages sent by the switch.

  • Page 65: Show Snmp Status

    SS2R24G4i/SS2R48G4i maximum packet size Maximum length of SNMP packets. no such name errors Number packets requesting non-existent MIB objects. bad values errors Number of “Bad_values” error SNMP packets. general errors Number of “General_errors” error SNMP packets. response PDUs Number of response packets sent.

  • Page 66: Show Snmp User

    SS2R24G4i/SS2R48G4i 5.4.6.1.4 show snmp user Command show snmp user Function Display the user information commands Command Mode Admin Mode Displayed Information Explanation User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm...

  • Page 67: Switch Upgrade

    SS2R24G4i/SS2R48G4i 5.4.6.1.7 show snmp mib Command show snmp mib Function Display all MIB supported by the switch Command Mode Admin Mode 5.4.6.1.8 debug snmp packet Command debug snmp packet no debug snmp packet Function Enable the SNMP debugging; the “no debug snmp packet” command disables the...

  • Page 68: Bootrom Upgrade

    SS2R24G4i/SS2R48G4i 5.5.1 BootROM Upgrade There are two methods for BootROM upgrade TFTP and FTP, which can be selected at BootROM command settings. The upgrade procedures are listed below Step 1 A PC is used as the console for the switch. A console cable is used to connect PC to the management port on the switch.

  • Page 69: Ftp/Tftp Upgrade

    SS2R24G4i/SS2R48G4i Loading... entry = 0x10010 size = 0x1077f8 Step 5 Execute “write nos.img” in BootROM mode. The following saves the system update image file. [Boot] writeimg Programming... Program OK. Step 6 After successful upgrade, execute “run” command in BootROM mode to return to CLI configuration interface.
  • Page 70 SS2R24G4i/SS2R48G4i authentication or permission-based file access authorization. It ensures correct data transmission by sending and acknowledging mechanism and retransmission of time-out packets. The advantage of TFTP over FTP is that it is a simple and low overhead file transfer service.
  • Page 71 SS2R24G4i/SS2R48G4i The configurations of SS2R24/48G4i switch switch as FTP and TFTP clients are almost the same, so the configuration procedures for FTP and TFTP are described together in this manual. 5.5.2.2.1 FTP/TFTP Configuration Task List 1. FTP/TFTP client configuration Upload/download the configuration file or system file.

  • Page 72: The Three-Level Switch Of Log Message

    SS2R24G4i/SS2R48G4i (3)Modify FTP server connection idle time Command Explanation Global Mode ftp-server timeout <seconds> set connection idle time。 no ftp-server timeout 3.TFTP server configuration(1)Start TFTP server Command Explanation Global Mode Start TFTP server, the “no ftp-server enable” tftp-server enable command shuts down TFTP server and no tftp-server enable prevents TFTP user from logging in.
  • Page 73 SS2R24G4i/SS2R48G4i At present, the system log of the switch can be outputted through five directions( aka log channels ) Output log information to local console through Console port. Output log information to remote Telnet terminal or Dumb terminal, which helps remote maintenance.

  • Page 74: Configuring The System Log

    SS2R24G4i/SS2R48G4i log message can be actually sent out through the output channel. 5.6.2 Configuring The System Log 5.6.2.1 The Task Sequence of Configuring The System Log 1. Set the global log switch 2. Set the output channel of the console.

  • Page 75: System Log Configuration Example

    SS2R24G4i/SS2R48G4i 5.Set the output channel of the log host Command Description Privileged configuration mode Open the output channel of the log host. logging <ip-addr> facility Prefixing the command with a “no” will <local-number> ] disable this function. no logging <ip-addr>...

  • Page 76: Show Logging Buffered

    SS2R24G4i/SS2R48G4i 5.6.4.1.1 show channel Command show channel [console | monitor | logbuff | loghost ] Function To display brief information of the log channel. Parameters console the output channel of log is console; monitor the output channel of log is the user’s terminal;...

  • Page 77: Classified Configuration

    SS2R24G4i/SS2R48G4i 5.7 Classified Configuration 5.7.1 Introduction of Classified Configuration In order to effectively protect the network, the switch allows users to log on as different identities to configure it, allows different password for those identities, and allows those identities to use different rights.

  • Page 78: Port Isolation Configuration

    SS2R24G4i/SS2R48G4i Port isolation is aimed at meeting the user’s demand showed below The topologic structure of the switches is illustrated in the picture above. The demand is that, once the configuration port on switch1 is isolated, the e0/0/1 and e0/0/2 on switch1 are not connected, while both of which can be connected to the uplink port e0/0/25.

  • Page 79: Chapter 6 Cluster Configuration

    SS2R24G4i/SS2R48G4i Chapter 6 Cluster Configuration 6.1 Introduction to cluster network management Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch).
  • Page 80 SS2R24G4i/SS2R48G4i Enable or disable joining the cluster automatically Set holdtime of heartbeat of the cluster Set interval of sending heartbeat packets among the switches of the cluster Clear the list of candidate switches discovered by the commander switch Configure attributes of the cluster in the candidate switch...
  • Page 81 SS2R24G4i/SS2R48G4i Global Mode Set interval of sending cluster register cluster register timer <timer-value> packet no cluster register timer 5. Remote cluster network management Command Explanation Admin Mode commander switch, this command is used to configure and rcommand member <mem-id> manage member switches.

  • Page 82: Chapter 7 Port Configuration

    1000Base-TX/1000Base-FX single/multi mode interfaces, the other 2 of which are 1000Base-TX stack interfaces. On the panel of SS2R24G4I, each port is marked with a port ID. The relationshipbetween these port IDs and the port IDs provided by the SS2R24G4I operating system (software port IDs)is listed as follows Physical port ID...
  • Page 83 SS2R24G4i/SS2R48G4i 4) Configure port cable types 5) Configure port speed and duplex mode 6) Configure bandwidth control 7) Configure traffic control 8) Enable/Disable port loopback function 9) Configure Combo port mode 3. Set the packet suppression function 1. Enter the Ethernet port configuration mode...

  • Page 84: Vlan Interface Configuration

    SS2R24G4i/SS2R48G4i 3.Set the packet suppression function Command Explanation Port configuration mode Enable the packet suppresntion function of the switch, and set the max data traffic packet-suppression <packets> allowed pass. “no {broadcast|brmc|brmcdlf|all} packet-suppression” command is used to no packet-suppression cancel the packet suppression function.

  • Page 85: Introduction To Port Mirroring

    SS2R24G4i/SS2R48G4i 7.2.3.1 Introduction to Port Mirroring Port mirroring refers to the duplication of data frames sent/received on a port to another port. The duplicated port is referred to as mirror source port and the duplicating port is referred to as mirror destination port.

  • Page 86: Show Monitor

    SS2R24G4i/SS2R48G4i 7.2.3.4 Device Mirroring Troubleshooting 7.2.3.4.1 show monitor Command show monitor Function To display the source and destination port information of the image. Command Mode Admin Mode Display information Explanation session number Session number of the image Source ports Source ports of the image The image in the receiving direction of the port.

  • Page 87: Port Configuration Example

    SS2R24G4i/SS2R48G4i 7.3 Port Configuration Example Fig 7-2 Port Configuration Example Use default VLAN1 since VLAN is not configured on all of the switches. Switch Port Attributes 0/0/7 10M/full 0/0/8-9 10M/full,mirror source port 0/0/24 100M/full,mirror dentistination port 0/0/10 10M/full The configurations are listed below...

  • Page 88: Port Troubleshooting

    SS2R24G4i/SS2R48G4i 7.4 Port Troubleshooting 7.4.1 Monitor and Debug Command 7.4.1.1 clear counters ethernet Command clear counters [ethernet <interface-list>] Function Clear counters information on Ethernet interface Parameters <interface-list>is the port ID of Ethernet Command Mode Admin Mode Default Do not delete the counters information on Ethernet interface 7.4.1.2 show interface ethernet...

  • Page 89: Chapter 8 Mac Table Configuration

    SS2R24G4i/SS2R48G4i Chapter 8 MAC Table Configuration 8.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses. Static MAC addresses are manually configured by the user, have the highest priority and are permanently effective (will not be overwritten by dynamic MAC addresses);...

  • Page 90: Forward Or Filte

    SS2R24G4i/SS2R48G4i added to the MAC table. 4. Now the MAC table has two dynamic entries, MAC address 00-01-11-11-11-11 - port 5 and 00-01-33-33-33-33 -port 12. 5. After the communication between PC1 and PC3, the switch does not receive any message sent from PC1 and PC3.

  • Page 91: Commands For Mac Address Table Configuration

    SS2R24G4i/SS2R48G4i frame. When VLANs are configured, the switch will forward unicast frame within the same VLAN. If the destination MAC address is found in the MAC table but belonging to different VLANs, the switch can only broadcast the unicast frame in the VLAN it belongs to.

  • Page 92: Clear Mac-Address-Table Dynamic

    SS2R24G4i/SS2R48G4i Command Mode Global mode Default no filtering entries 8.2.4 clear mac-address-table dynamic Command clear mac-address-table dynamic [address <hw_addr>] [vlan <vid>] [interface {[ethernet|port-channel] <Interfacename>}] Function Deletes dynamic address entries Parameter <mac-addr> MAC address to be deleted; <interface-name> name of the port transmitting the MAC data packet;...

  • Page 93: Troubleshooting

    SS2R24G4i/SS2R48G4i 8.4.2 Troubleshooting Using the show mac-address-table command, a port is found to be failed to learn the MAC of a device connected to it. Possible reasons The connected cable is broken. Spanning Tree is enabled and the port is in “discarding” status; or the device is just connected to the port and Spanning Tree is still under calculation, wait until the Spanning Tree calculation finishes, and the port will learn the MAC address.
  • Page 94 SS2R24G4i/SS2R48G4i Enable MAC address binding function for the ports Command Explanation Interface Mode Enable address binding function;the” switchport port-security switchport command disables the no switchport port-security port-security MAC address binding function Lock the MAC addresses for a port Command Explanation Interface Mode Lock the port.
  • Page 95 SS2R24G4i/SS2R48G4i 8.5.1.3 MAC Address Binding Troubleshooting 8.5.1.3.1 MAC Address Binding Monitor and Debug Comman 8.5.1.3.2 show port-security Command show port-security Function Display the secure MAC addresses of the port. Command mode Admin Mode Parameter <interface-list> stands for the port to be displayed.
  • Page 96 SS2R24G4i/SS2R48G4i 8.5.1.3.4 show port-security address Command show port-security address [interface <interface-id>] Function Display the secure MAC addresses of the port. Command mode Admin Mode Parameter <interface-id> stands for the port to be displayed. Displayed information Explanation Vlan The VLAN ID for the secure MAC Address...

  • Page 97: Chapter 9 Vlan Configuration

    SS2R24G4i/SS2R48G4i Chapter 9 VLAN Configuration 9.1 Introduction to VLAN VLAN (Virtual Local Area Network) is a technology that divides the logical addresses of devices within the network to separate network segments basing on functions, applications or management requirements. By this way, virtual workgroups can be formed regardless of the physical location of the devices.

  • Page 98: Vlan Configuration

    SS2R24G4i/SS2R48G4i 9.2 VLAN Configuration 9.2.1 VLAN Configuration Task List 1. Creating or deleting VLAN 2. Specifying or deleting name of VLAN 3. Assigning Switch ports for VLAN 4. Set The Switch Port Type 5. Set Trunk port 6. Set Access port 7.
  • Page 99 SS2R24G4i/SS2R48G4i 5. Set Trunk port Command Explanation Interface Mode Set/delete VLAN allowed to be crossed by Trunk. The “no” switchport trunk allowed vlan {<vlan-list>|all} command restores the default no switchport trunk allowed vlan <vlan-list> setting. switchport trunk native vlan <vlan-id>...

  • Page 100: Typical Vlan Application

    SS2R24G4i/SS2R48G4i 9.2.2 Typical VLAN Application Scenario VLAN100 VLAN200 VLAN2 Workstation Workstation IBM PC Desktop PC IBM PC Desktop PC Switch A Trunk Link Switch B VLAN200 Desktop PC VLAN100 Desktop PC VLAN2 Workstation Workstation IBM PC Fig 9-2 Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requirements.

  • Page 101: Dot1Q-Tunnel Configuration

    SS2R24G4i/SS2R48G4i Connect the Trunk ports of both switches for a Trunk link to convey the cross-switch VLAN traffic; connect all network devices to the other ports of corresponding VLANs. In this example, port 1 and port 24 is spared and can be used for management port or for other purposes.

  • Page 102: Configuration Task Sequence Of Dot1Q-Tunnel

    SS2R24G4i/SS2R48G4i metropolitan area network using layer-3 switch as backbone equipment. As shown in Fig 5-4, after being enabled on the user port, dot1q-tunnel assigns each user an SPVLAN identification (SPVID). Here the identification of user is 3. Same SPVID should be assigned for the same network user on different PEs.

  • Page 103: Typical Applications Of The Dot1Q-Tunnel

    SS2R24G4i/SS2R48G4i 2. Configure the type of protocol (TPID) of the port Command Explanation Port mode Configure the type of protocol on dot1q-tunnel tpid {8100|9100|9200} the ports. 3.Set the dot1q-tunnel type of the port Command Explanation Interface configuraiton mode switchport dot1q-tunnel mode {customer...

  • Page 104: Dot1Q-Tunnel Troubleshooting

    SS2R24G4i/SS2R48G4i SS2R48G4I (Config-Vlan3)#switchport interface ethernet 0/0/1 SS2R48G4I (Config-Vlan3)#exit SS2R48G4I (Config)#dot1q-tunnel enable SS2R48G4I (Config)#interface ethernet 0/0/1 SS2R48G4I (Config-Ethernet0/0/1)#switchport dot1q-tunnel mode customer SS2R48G4I (Config-Ethernet0/0/1)#exit SS2R48G4I (Config)#interface ethernet 0/0/10 SS2R48G4I (Config-Ethernet0/0/10)#switchport mode trunk SS2R48G4I (Config-Ethernet0/0/10)#switchport dot1q-tunnel mode uplink SS2R48G4I (Config-Ethernet0/0/10)#exit SS2R48G4I (Config)# 9.3.4 Dot1q-tunnel Troubleshooting This function cannot be used simultaneously with private-vlan(refer to session 9.2.2.9).

  • Page 105: Protocol Vlan Configuration Task Sequence

    SS2R24G4i/SS2R48G4i In SS2R24/48G4i switch, 1000bps network ports can support Protocol VLAN fucntion unconditionally, while the 100bps wthernet ports have to be set tgo trunk ports to use the function. 9.4.2 Protocol VLAN Configuration Task Sequence Enable Protocol VLAN Configure the protocol list entries 1.
  • Page 106 SS2R24G4i/SS2R48G4i for the VLAN to display status information, valid length is 1 to 11 characters. Command mode Admin Mode Displayed information Explanation VLAN VLAN number Name VLAN name Type VLAN type, statically configured dynamically learned Status Active, Status of VLAN...

  • Page 107: Chapter 10 Rstp Configuration

    SS2R24G4i/SS2R48G4i Chapter 10 RSTP CONFIGURATION 10.1 INTRODUCTION TO RSTP RSTP is the abbreviation of Rapid Spanning Tree Protocol, which may block the redundant paths in exchanging network through rapid spanning tree algorithm and establish non-loop tree network. The rapid spanning tree algorithm adopted by RSTP is a distributed algorithm. It operates on all bridges of a Bridged-LAN, and is responsible for calculating a simple and interconnected active topology.

  • Page 108: Rstp Configuration

    SS2R24G4i/SS2R48G4i 10.2 RSTP CONFIGURATION 10.2.1 RSTP CONFIGURATION TASK SEQUENCE 1. startup RSTP and configure running mode Command Explanation Global configuration mode and Port configuration mode Startup RSTP,the “no spanning-tree spanning-tree” command close RSTP function. no spanning-tree Global mode configure RSTP...

  • Page 109: Rstp Configuration Examples

    SS2R24G4i/SS2R48G4i Configure switch forward time,the” spanning-tree forward-time <time> restores spanning-tree forward-time” no spanning-tree forward-time default configuration Configure switch Hello time,the “no spanning-tree hello-time <time> command spanning-tree hello-time” no spanning-tree hello-time restores default configuration Configure switch maximum aging spanning-tree maxage <time>...
  • Page 110 SS2R24G4i/SS2R48G4i Elevating the port priority of the port 0/0/1 of switch 4 to 160 while that of the port 0/0/3 of switch 4 is still the defaulted 128, will make the port 0/0/2 of switch 5 be the root port.

  • Page 111: Rstp Troubleshooting

    SS2R24G4i/SS2R48G4i 10.4 RSTP Troubleshooting 10.4.1 Monitor and Debug Command 10.4.1.1 show spanning-tree Command show spanning-tree [interface <interface-list>] [detail] Function to display RSTP protocol information Parameter <interface-list>is the port list; [detail] display detailed RSTP status of each port Command mode Admin mode...

  • Page 112: Rstp Troubleshooting

    SS2R24G4i/SS2R48G4i no debug stp {all|basic | in | out} Function to open RSTP debug information. Use the “no debug stp {all | basic | in | out}” command to close RSTP debug information. Parameter ”all” means all debug information switch; basic table express as basic debug information switch;...

  • Page 113: Chapter 11 Igmp Snooping

    SS2R24G4i/SS2R48G4i Chapter 11 IGMP Snooping 11.1 Introduction to IGMP Snooping IGMP (Internet Group Management Protocol) is a protocol used in IP multicast. IGMP is used by multicast enabled network device (such as a router) for host membership query, and by hosts that are joining a multicast group to inform the router to accept packets of a certain multicast address.
  • Page 114 SS2R24G4i/SS2R48G4i snooping can join and the max number of {group <g_limit> | source <s_limit>} sources each group can have.” No ip igmp No ip igmp snooping vlan < vlan-id > snooping vlan < vlan-id > limit ” will reset it limit to default value.

  • Page 115: Igmp Snooping Examples

    SS2R24G4i/SS2R48G4i tatic-group <multicast-IPAddress> interface {[ethernet|port-channel] <interfaceName> 11.3 IGMP Snooping Examples Scenario 1 IGMP Snooping function Fig 11-1 Enabling IGMP Snooping function Example As shown in the above figure, a VLAN 100 is configured in the switch and includes ports 1, 2, 6, 10 and 12.
  • Page 116 SS2R24G4i/SS2R48G4i one connected to port 10 orders program2 and the other one connected to port 12 orders program 3 IGMP Snooping listening result The multicast table built by IGMP Snooping in VLAN 100 indicates ports 1, 2, 6, 10 in Group1 and ports 1, 12 in Group3.

  • Page 117: Igmp Snoopingigmp Snooping Troubleshooting

    SS2R24G4i/SS2R48G4i Multicast Configuration The same as scenario 1. IGMP Snooping listening result Similar to scenario 1. 11.4 IGMP SnoopingIGMP Snooping Troubleshooting 11.4.1 IGMP Snooping Monitor and Debug Command 11.4.1.1 debug igmp snooping all/packet/event/timer/mfc Command debug igmp snooping all/packet/event/timer/mfc no debug igmp snooping all/packet/event/timer/mfc Function Enable the IGMP Snooping debug swithc of the switch;...

  • Page 118: Igmp Snooping Troubleshooting

    SS2R24G4i/SS2R48G4i Igmp snooping mrouter port The keep-alive time vlan of the vlan keep-alive time Igmp snooping The query-suppression time of the vlan as a query-suppression time l2-general-querier IGMP Snooping Connect Group The group membership of the vlan , that is the Membership corresponding relationship between the port and(S,G).

  • Page 119: Chapter 12 Multicast Vlan Configuration

    SS2R24G4i/SS2R48G4i Chapter 12 Multicast VLAN Configuration 12.1 Multicast VLAN Introduction Based on the current multicast programordering method, when users in different VLANs order programs, each VLAN will copy a multicast stream within itself. This method will waste lots of bandwidth.

  • Page 120: Multicast Vlan Examples

    SS2R24G4i/SS2R48G4i the IGMP Snooping function globally. 12.3 Multicast VLAN Examples SWITCHB SWITCHA Work Station Fig 2-12-1 The function configuration of multicast VLAN As showed in the picture above, multicast server connects to a 3-layer switch switchA via port 0/0/1,and the port 0/0/1 belongs to the vlan10 of the switch. 3-lay switch switchA connects to 2-layer switch switchB via port .
  • Page 121 SS2R24G4i/SS2R48G4i switchA (config)# interface ethernet switchA (Config-Ethernet )switchport mode trunk switchB#config switchB (config)#vlan 100 switchB (config-vlan100)#switchport access ethernet switchB (config-vlan100)exit switchB#config switchB (config)#vlan 101 switchB (config-vlan101)#switchport access ethernet switchB (config-vlan101)exit switchB (config)# interface ethernet switchB (Config-Ethernet )#switchport mode trunk switchB (Config-Ethernet )#exit...

  • Page 122: Chapter 13 Dcscm Configuraion

    SS2R24G4i/SS2R48G4i Chapter 13 DCSCM Configuraion 13.1 DCSCM Introduction DCSCM(security control multicast)technology includes three respects multicast source controllabillity, multicast users controllabillity and the service-priority-oriented multicast policy. The DCSCM technology mainly use the following methods to realize multicast source controllabillity a) On the boundary switch, if configured the source-controlled multicast, only the muticast data of the specified group sent by specified source can pass.
  • Page 123 SS2R24G4i/SS2R48G4i Enable the source control globally, the “[no] ip multicast source-control” command will disable the source control globally. What calls for attention is that after the global source control is enabled, all the multicast messages [no] multicast will be dumped by default. All the souce...
  • Page 124 SS2R24G4i/SS2R48G4i Command Explantation Global configuration mode Enable the destination globally. The” no ip multicast destination-contro” command will disable [no] multicast destination control globally.Only destination-control(necessary) after desination control enabled globally, all of the other configurations can take effect. The next step is to configure the destination control rules, which is also similar to that ofsource control except that it uses ACL ID from 6000 to 7999.

  • Page 125: Dcscm Typical Examples

    SS2R24G4i/SS2R48G4i To configure the rule used in source control specified source [no] multicast destination-control address/MASK, prefixing <source> <source-wildcard> command with “NO” will cancel the access-group <6000-7999> configuration. 3. Configuration of mulicast policy mulicast policy satisfies the demand of special users by designating priority for specified multicast data.

  • Page 126: Dcscm Troubleshooting

    SS2R24G4i/SS2R48G4i Server 210.1.1.1 is sending important multicast data in the group 239.1.2.3 上, we can configure as follows on its access switch Switch(Config)#ip multicast policy 210.1.1.1 0.0.0.0 239.1.2.3 0.0.0.0 cos 4 Thus when the multicast strem is passing the TRUNK of this switch to other switches, it will be at...

  • Page 127: Dcscm Troubleshooting

    SS2R24G4i/SS2R48G4i Parameters detail whether display detailed information. <Interfacename> interface name,like Ethernet 0/0/1or ethernet 0/0/1。 Default Settings None. Command Mode Admin Mode 13.4.1.5 show ip multicast destination-control Command show ip multicast destination-control [detail] show ip multicast destination-control interface <Interfacename> [detail] show ip multicast destination-control host-address <ipaddress> [detail] show ip multicast destination-control <vlan-id>...

  • Page 128: Chapter 14 802.1X Configuration

    SS2R24G4i/SS2R48G4i Chapter 14 802.1x Configuration 14.1 Introduction to 802.1x IEEE 802.1x is a port-based network access management method, which authenticates and manages the accessing devices on the physical access level of the LAN device. The physical access level here are the ports of the switch. If the users’ devices connected to such ports can be authenticated, access to resources in the LAN is allowed;...

  • Page 129: Configuration

    SS2R24G4i/SS2R48G4i In the IEEE 802.1x application environment, SS2R24/48G4i switch is used as the access management unit, and the user connection device is the device with 802.1x client software. An authenticating server usually reside in the Carrier’s AAA center and usually is a Radius server.
  • Page 130 "no dot1x enable" command no dot1x enable disables the 802.1x function. Enable the switch to force the client software adopts AMER.COM private 802.1x authentication message format; the “no dot1x privateclient enable dot1x privateclient enable” command is no dot1x privateclient enable...
  • Page 131 SS2R24G4i/SS2R48G4i Set the max number of the users allowed to access by specified port, applied to ports using userbased access control dot1x max-user userbased <number> mode; “ dot1x max-user no dot1x max-user userbased userbased ” command is used to reset the default value allowing 10 users at most.
  • Page 132 SS2R24G4i/SS2R48G4i Sets the number of EAP request/MD5 frame to be sent before the switch dot1x max-req <count> re-initials authentication on no supplicant no dot1x max-req response, “no dot1x max-req” command restores the default setting. Enables periodical supplicant authentication; “no dot1x dot1x re-authentication re-authentication”...

  • Page 133: Example Of 802.1X Application

    SS2R24G4i/SS2R48G4i Specifies the IP address or IPv6 address radius-server accounting host and listening port number for RADIUS <IPaddress> [[port {<portNum>}] accounting server; the “no radius-server [primary]] authentication host radius-server accounting host <IPaddress>“ command deletes <IPaddress> RADIUS server 3) Configure RADIUS Service parameters.

  • Page 134: Troubleshooting

    SS2R24G4i/SS2R48G4i The computer is connected to the port 0/0/2 of the switch, and the IEEE802.1 authentication function is enabled on the port, which adopts MAC-address-based authentication as the access method by default. The IP address of the switch is 10.1.1.2, and all the ports other than port 0/0/2 are connected to RADIUS authentication server, the IP address of which is 10.1.1.3.

  • Page 135: Show Radius Count

    SS2R24G4i/SS2R48G4i authentication server[X].Host IP Displays authentication server .Udp Port number and corresponding IP address, .Is Primary UDP port number, Primary server or not, .Is Server Dead down or not, and socket number. .Socket No accounting server sum The number of accounting servers.
  • Page 136 SS2R24G4i/SS2R48G4i displayed. Command mode Admin Mode Displayed information Explanation Global 802.1x Parameters Global 802.1x parameter information free-resource Free resource reauth-enabled Whether re-authentication is enabled or not reauth-period Re-authentication interval quiet-period Silent interval tx-period EAP retransmission interval max-req EAP packet retransmission interval...

  • Page 137: Debug Dot1X Packet

    SS2R24G4i/SS2R48G4i Parameters send represents sending packets; receiverepresents receiving packets; all represents receiving and sending packets; <InterfaceName> is the name of interface. 14.4.1.8 debug aaa detail Command debug dot1x detail {pkt-send|pkt-receive|internal|userbased|all} interface {[ethernet] <InterfaceName>} no debug dot1x detail {pkt-send|pkt-receive|internal|userbased|all} interface {[ethernet] <InterfaceName>}...

  • Page 138: Troubleshooting

    SS2R24G4i/SS2R48G4i Command Mode Admin Mode Parameters pkt-send represents the detail of sending packets; pkt-receive represen the details of receiving packets; internal represents internal details; userbased represents the user-based information; all represents all the detailed informations; <InterfaceName> is the name of interface.

  • Page 139: Chapter 15 Acl Configuration

    SS2R24G4i/SS2R48G4i Chapter 15 ACL Configuration 15.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguarding the security of networks. The user can lay down a set of rules according to some information specific to packets, each rule describes the action for a packet with certain information matched “permit”...

  • Page 140: Acl Configuration

    SS2R24G4i/SS2R48G4i rules, from the first rule to the first matched rule; the rest of the rules will not be processed. Global default action applies only to IP packets in the incoming direction on the ports. For non- incoming IP packets and all outgoing packets, the default forward action is “permit”.
  • Page 141 SS2R24G4i/SS2R48G4i Create the name of the time range Configure periodic time range Configure absolute time range 4. Bind access-list to a specific direction of the specified port. 1.Configuring access-list (1)Configuring a numbered standard IP access-list Command Explanation Global Mode Creates a numbered standard IP access-list, access-list <num>...
  • Page 142 SS2R24G4i/SS2R48G4i Creates numbered access-list <num> {deny | permit} {eigrp | gre extended IP access rule for | igrp | ipinip | ip | <int>} {{<sIpAddr> other specific IP protocol or all <sMask>} any-source {host-source IP protocols; if the numbered <sIpAddr>}} {{<dIpAddr>...
  • Page 143 SS2R24G4i/SS2R48G4i [no] {deny | permit} icmp {{<sIpAddr> Creates extended <sMask>} | any-source | {host-source name-based ICMP IP access <sIpAddr>}} {{<dIpAddr> <dMask>} rule; the “no” form command any-destination {host-destination deletes this name-based <dIpAddr>}} [<icmp-type> [<icmp-code>]] extended IP access rule [precedence <prec>] [tos <tos>][time-range<time-range-name>]...
  • Page 144 SS2R24G4i/SS2R48G4i Creates numbered standard access-list <num> {deny|permit} access-list, if the access-list already exists, {any-source-mac|{host-source-mac then a rule will add to the current access-list; <host_smac>}|{<smac><smac-mask> “no access-list command <num>“ deletes numbered standard no access-list <num> access-list. (6) Creates a numbered MAC extended access-list...
  • Page 145 SS2R24G4i/SS2R48G4i Creates an extended name-based access rule matching [no]{deny|permit}{any-source-mac|{host-source-mac<host untagged ethernet 2 _smac>}|{<smac><smac-mask>}}{any-destination-mac|{ho frame; the “no” form st-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} command deletes [untagged-eth2 [ethertype <protocol> [protocol-mask]]] this name-based extended access rule Creates access rule matching [no]{deny|permit}{any-source-mac|{host-source-mac 802.3 frame; the “no” <host_smac>}|{<smac><smac-mask>}} form...
  • Page 146 SS2R24G4i/SS2R48G4i Creates a numbered access-list<num>{deny|permit}{any-source-mac mac-icmp extended {host-source-mac<host_smac>}|{<smac><smac-mask>}} mac-ip access rule; {any-destination-mac|{host-destination-mac numbered <host_dmac>}|{<dmac><dmac-mask>}}icmp extended access-list {{<source><source-wildcard>}|any-source of specified number {host-source<source-host-ip>}} does not exist, then {{<destination><destination-wildcard>}|any-destination | an access-list will be {host-destination<destination-host-ip>}}[<icmp-type> created using this [<icmp-code>]] [precedence <precedence>] [tos number.
  • Page 147 SS2R24G4i/SS2R48G4i Creates a numbered extended mac-ip access-list<num>{deny|permit}{any-source-mac access rule for other {host-source-mac<host_smac>}|{<smac><smac-mask>}} specific mac-ip {any-destination-mac|{host-destination-mac protocol or all mac-ip <host_dmac>}|{<dmac><dmac-mask>}} protocols; {eigrp|gre|igrp|ip|ipinip|ospf|{<protocol-num>}} numbered extended {{<source><source-wildcard>}|any-source access-list {host-source<source-host-ip>}} specified number {{<destination><destination-wildcard>}|any-destination | does not exist, then {host-destination<destination-host-ip>}} an access-list will be [precedence <precedence>]...
  • Page 148 SS2R24G4i/SS2R48G4i [no]{deny|permit}{any-source-mac|{host-source-mac Creates an extended <host_smac>}|{<smac><smac-mask>}} name-based {any-destination-mac|{host-destination-mac MAC-IGMP access <host_dmac>}|{<dmac><dmac-mask>}}igmp rule; the “no” form {{<source><source-wildcard>}|any-source command deletes {host-source<source-host-ip>}} this name-based {{<destination><destination-wildcard>}|any-destination | extended {host-destination <destination-host-ip>}} [<igmp-type>] MAC-IGMP access [precedence <precedence>] [tos rule <tos>][time-range<time-range-name>] [no]{deny|permit}{any-source-mac|{host-source-mac Creates an extended <host_smac>}|{<smac><smac-mask>}} name-based...
  • Page 149 SS2R24G4i/SS2R48G4i Quit extended name-based Exit MAC-IP access mode 2. Configuring packet filtering function (1)Enable global packet filtering function Command Explanation Global Mode Enables global packet Firewall enable filtering function disables global packet Firewall disable filtering function (2)Configure default action Command...

  • Page 150: Acl Example

    SS2R24G4i/SS2R48G4i [no]absolute-periodic{Monday|Tu esday|Wednesday|Thursday|Frid ay|Saturday|Sunday}<start_time> to{Monday|Tuesday|Wednesday|T hursday|Friday|Saturday stop the function of the time range in the week Sunday} <end_time> [no]periodic{{Monday+Tuesday+ Wednesday+Thursday+Friday+Sa turday+Sunday}|daily|weekdays | weekend} <start_time> <end_time> (3)Configure absolute time range Command Explanation Global Mode Absolute Configure absolute time range start<start_time><start_data>[en d<end_time> <end_data>]...
  • Page 151 SS2R24G4i/SS2R48G4i Switch(Config)#access-list 110 deny tcp 10.0.0.0 The configuration steps are listed below 0.0.0.255 any-destination d-port 21 Switch(Config)#firewall enable Switch(Config)#firewall default permit Switch(Config)#interface ethernet 0/0/10 Switch(Config-Ethernet0/0/10)#ip access-group 110 in Switch(Config-Ethernet0/0/10)#exit Switch(Config)#exit Configuration result Switch#show firewall Firewall is enabled. Firewall default rule is to permit any packet.
  • Page 152 SS2R24G4i/SS2R48G4i Switch(Config-Ethernet0/0/10)#exit Switch(Config)#exit Configuration result Switch#show firewall Firewall is enabled. Firewall default rule is to permit any packet. Switch #show access-lists access-list 1100(used 1 time(s)) access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-FF-FF any-destination-mac untagged-802.3 access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-FF-FF any-destination-mac tagged-802.3 Switch #show access-group interface name Ethernet0/0/10 MAC Ingress access-list used is 1100.

  • Page 153: Acl Troubleshooting

    SS2R24G4i/SS2R48G4i Switch#show access-lists access-list 3110(used 1 time(s)) access-list 3110 deny 00-12-11-23-00-00 00-00-00-00-FF-FF any-destination-mac tcp 10.0.0.0 0.0.0.255 any-destination d-port 21 Switch #show access-group interface name Ethernet0/0/10 MAC-IP Ingress access-list used is 3110. 15.5 ACL Troubleshooting 15.5.1 Monitor And Debug Command 15.5.1.1 show access-lists Command show access-lists [<num>|<acl-name>]...

  • Page 154: Acl Troubleshooting

    SS2R24G4i/SS2R48G4i Parameters <name>,Interface name Default None Command Mode Admin mode Displayed information Explanation interface name Ethernet0/0/2 Tying situation on port Ethernet0/0/2 IP Ingress access-list used is No. 111 numeric expansion ACL tied to entrance of port Ethernet0/0/2 interface name Ethernet0/0/1...
  • Page 155 SS2R24G4i/SS2R48G4i The number of ACL that can be binded successfully is dependent on the content of binded ACL and the limitation of hardware resource; If there are some rules including the same filtering information but conflicting behavior in the access-list, it can not be binded to the port, and will cause an error prompt. For example configure permit tcp any-source any-destination and deny tcp any-source any-destination at the same time.

  • Page 156: Chapter 16 Am Configuration

    SS2R24G4i/SS2R48G4i Chapter 16 AM Configuration 16.1 AM Introduction AM(access management) compares the information of the received data message ( source IP address or source IP + source MAC ) with the configured hardware address pool, if founds a match, forwards the message, if not, dumps it.

  • Page 157: Am Examples

    SS2R24G4i/SS2R48G4i Command Explanation Physical interface configuration mode am port Enable or disable the AM function of a physical interface. no am port Configure IP address on a physical interface. “no ip-pool am ip-pool <start_ip_address> [<num>] <start_ip_address> [<num>] ” no am ip-pool <start_ip_address> [<num>] command will delete all the configured IP addresses on the interface.

  • Page 158: Am Troubleshooting

    SS2R24G4i/SS2R48G4i Switch(Config)#interface ethernet 0/0/1 Switch(Config-Ethernet0/0/1)#am port Switch(Config-Ethernet0/0/1)#am ip-pool 10.1.1.1 8 Switch(Config-Ethernet0/0/1)#exit Switch(Config)#exit Configuration result Switch#show am Global AM is enabled Interface Ethernet0/0/1 am is enable Interface Ethernet0/0/1 am ip-pool 10.1.1.1 8 USER_CONFIG Scenario 2 The configuration demand of the user is that the port 10 of the switch connects to the 10.1.1.0/8 segment, the administrator hopes the binding relationships between users and MAC+IP are user1(100.1.1.1,00-00-00-00-01-12),user2(100.1.1.2,00-00-00-00-00-13).

  • Page 159: Am Troubleshooting

    SS2R24G4i/SS2R48G4i 16.5.1.1 show am Command show am [interface <interfaceName>] Function Display the address entries configured on the current switch. Parameters interfaceName name of the physical interface Command Mode Global configuration mode Default Setting None Displayed information Explanation Global AM is enabled...

  • Page 160: Chapter 17 Port Channel Configuration

    SS2R24G4i/SS2R48G4i Chapter 17 Port Channel Configuration 17.1 Introduction to Port Channel To understand Port Channel, Port Group should be introduced first. Port Group is a group of physical ports in the configuration level; only physical ports in the Port Group can take part in link aggregation and become a member port of a Port Channel.

  • Page 161: Port Channel Configuration

    SS2R24G4i/SS2R48G4i All Ports are of the same type All ports are Access ports and belong to the same VLAN or are all Trunk ports. If the ports are Trunk ports, then their “Allowed VLAN” and “Native VLAN” property should also be the same.

  • Page 162: Port Channel Example

    SS2R24G4i/SS2R48G4i 17.3 Port Channel Example Scenario 1 Configuring Port Channel in LACP. Fig 17-2 Configuring Port Channel in LACP Example The switches in the description below are all SS2R24/48G4i switch switch and as shown in the figure, ports 1, 2, 3 of Switch1 are access ports that belong to vlan1. Add those three ports to group1 in active mode.
  • Page 163 SS2R24G4i/SS2R48G4i Scenario 2 Configuring Port Channel in ON mode. Fig 17-3 Configuring Port Channel in ON mode Example As shown in the figure, ports 1, 2, 3 of Switch1 are access ports that belong to vlan1. Add those three port to group1 in “on” mode. Ports 6, 7, 8 of Switch2 are trunk ports that also belong to vlan1, and allow all,and add the these four ports to group2 in “on”...

  • Page 164: Port Channel Troubleshooting

    SS2R24G4i/SS2R48G4i are ungrouped and re-aggregate with port 3 to form port-channel 1. (It should be noted that whenever a new port joins in an aggregated port group, the group will be ungrouped first and re-aggregated to form a new group.) Now all four ports in both SwitchA and SwitchB are aggregated in “on” mode and become an aggregated port respectively.

  • Page 165: Debug Lacp

    SS2R24G4i/SS2R48G4i speed_type Port speed type 10Mbps, 100Mbps, 1,000Mbps and 10Gbps. duplex_type Port duplex mode full-duplex and half-duplex port_type Port VLAN property access port or trunk port mux_state Status of port binding status machine rcvm_state Status of port receiving status machine...

  • Page 166: Port Channel Channel Troubleshooting

    SS2R24G4i/SS2R48G4i Command debug lacp no debug lacp Enables the LACP debug function “no debug lacp” command disables this debug Function function. Command mode Admin Mode Default LACP debug information is disabled by default. 17.4.2 Port Channel Channel Troubleshooting If problems occur when configuring port aggregation, please first check the following for causes.

  • Page 167: Chapter 18 Dhcp Configuration

    SS2R24G4i/SS2R48G4i Chapter 18 DHCP Configuration 18.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway, DNS server, and default route and host image file position within the network.

  • Page 168: Dhcp Server Configuration

    SS2R24G4i/SS2R48G4i supports not only dynamic IP address assignment, but also manual IP address binding (i.e. specify a specific IP address to a specified MAC address or specified device ID over a long period. The differences and relations between dynamic IP address allocation and manual IP address binding are 1) IP address obtained dynamically can be different every time;...
  • Page 169 SS2R24G4i/SS2R48G4i dns-server Configures DNS server for DHCP clients [address1[address2[…address8]]] no dns-server Configures Domain name for DHCP domain-name <domain> clients; the “no domain-name” command no domain-name deletes the domain name. netbios-name-server Configures the address for WINS server [address1[address2[…address8]]] no netbios-name-server netbios-node-type {b-node|h-node|m-node|p-node|<typ...

  • Page 170: Dhcp Server Configuration Commands Example

    SS2R24G4i/SS2R48G4i Global Mode Enables logging for DHCP address to ip dhcp conflict logging detect address conflicts no ip dhcp conflict logging Admin Mode Deletes a single address conflict record or clear ip dhcp conflict <address | all> all conflict records 4.

  • Page 171: Dhcp Troubleshooting

    SS2R24G4i/SS2R48G4i Switch(dhcp-A-config)#netbios-name-server 10.16.1.209 Switch(dhcp-A-config)#netbios-node-type H-node Switch(dhcp-A-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.1.200 10.16.1.210 Switch(Config)#ip dhcp pool B Switch(dhcp-B-config)#network 10.16.2.0 24 Switch(dhcp-B-config)#lease 1 Switch(dhcp-B-config)#default-route 10.16.2.200 10.16.2.201 Switch(dhcp-B-config)#dns-server 10.16.2.202 Switch(dhcp-B-config)#option 72 ip 10.16.2.209 Switch(dhcp-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.2.200 10.16.2.210 Switch(Config)#ip dhcp pool A1 Switch(dhcp-A1config)#host 10.16.1.210 Switch(dhcp-A1-config)#hardware-address 0003.2223.dcab...

  • Page 172: Clear Ip Dhcp Server Statistics

    SS2R24G4i/SS2R48G4i Command clear ip dhcp conflict {<address> | all } Function Deletes an address present in the address conflict log. Parameters <address> is the IP address that has a conflict record; all stands for all addresses that have conflict records.

  • Page 173: Debug Ip Dhcp Server

    SS2R24G4i/SS2R48G4i Memory usage using rate of EMS memory Address pools Number DHCP address pools configured. Database agents Number of database agents. Automatic bindings Number addresses assigned automatically Manual bindings Number of addresses bound manually Conflict bindings Number of conflicting addresses...

  • Page 174: Dhcp Troubleshooting

    SS2R24G4i/SS2R48G4i 18.3.2 DHCP Troubleshooting If the DHCP clients cannot obtain IP addresses and other network parameters, the following procedures can be followed when DHCP client hardware and cables have been verified ok. Verify the DHCP server is running, start the related DHCP server if not running.

  • Page 175: Chapter 19 Dhcp Snooping Configuration

    SS2R24G4i/SS2R48G4i Chapter 19 DHCP snooping Configuration 19.1 DHCP Snooping Introduction DHCP Snooping can effectively block attacks from fake DHCP servers. Defense against Fake DHCP Server once the switch intercepts the DHCP server reply packets from un-trusted ports(including DHCPOFFER, DHCPACK, and DHCPNAK), it will alarm the users and respond according to the situation(shutdown the port or send BlackHole)。...
  • Page 176 SS2R24G4i/SS2R48G4i Ip dhcp snooping enable Enable or disable dhcp snooping function no Ip dhcp snooping enable 2.Enable the binding function of DHCP Snooping Command Explanation Global configuration mode Ip dhcp snooping binding enable Enable or disable the binding function of dhcp...

  • Page 177: Dhcp Snooping Typical Applications

    SS2R24G4i/SS2R48G4i Command Explanation Admin Mode Login on logging source {default m_shell|sys_event|anti_attack} channel { console | logbuff Please refer to the chapter on system log loghost | monitor } [ level critical debugging notifications | warnings } [state { on | off } ] ] 19.2.2 DHCP Snooping Typical Applications...

  • Page 178: Dhcp Snooping Troubleshooting

    SS2R24G4i/SS2R48G4i switch(Config-Port-Range)# 19.3 DHCP Snooping Troubleshooting 19.3.1 Monitor and Debug Information 19.3.1.1 show ip dhcp snooping Command show ip dhcp snooping [interface [ethernet] <interfaceName>] Function Display the configuration information of the current dhcp snooping or display the defense action log of the specified port.

  • Page 179: Dhcp Snoopingtroubleshooting

    SS2R24G4i/SS2R48G4i Command logging source {default | m_shell|sys_event|anti_attack} channel { console logbuff | loghost | monitor } [ level { critical | debugging | notifications | warnings } [state { on | off } ] ] Function The details about this command are covered in the chapter on system log; the data source of this command anti_attack records information about all kinds of denfense to network attacks, including the automatic defense action log of dhcp snooping.

  • Page 180: Chapter 20 Defense Against Segment Scanning

    SS2R24G4i/SS2R48G4i Chapter 20 Defense Against Segment Scanning 20.1 Defense Against Segment Scanning 20.1.1 Defense Against Segment Scanning Configuration Task Sequence Enable the defense against segment scanning function Configure trusted ports Configure trusted source IP Enable the log recording function Enable the automatic recovery function...

  • Page 181: Monitor And Debug Command

    SS2R24G4i/SS2R48G4i Command Explanation Global configuration mode Enable/disable the log recording function. anti-netscan log enable no anti-netscan log enable 5. Enable the automatic recovery function Command Explanation Global configuration mode Enable /disable the automatic recovery anti-netscan recovery enable function no anti-netscan recovery enable 6.

  • Page 182: Chapter 21 Sntp Configuration

    SS2R24G4i/SS2R48G4i Chapter 21 SNTP Configuration The Network Time Protocol (NTP) is widely used for clock synchronization for global computers connected to the Internet. NTP can assess packet sending/receiving delay in the network, and estimate the computer’s clock deviation independently, so as to achieve high accuracy in network computer clocking.

  • Page 183: Show Sntp

    SS2R24G4i/SS2R48G4i Command sntp timezone <name> {add | subtract} <time_difference> no sntp timezone Function Set the time difference between the time zone in which the SNTP client resides and UTC. The “no sntp timezone” command cancels the time zone set and restores the default setting.

  • Page 184: Typical Sntp Configuration Examples

    SS2R24G4i/SS2R48G4i 21.2 Typical SNTP Configuration Examples Fig 21-1 Typical SNTP Configuration All SS2R24/48G4i switch switch in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured.

  • Page 185: Chapter 22 Qos Configuration

    SS2R24G4i/SS2R48G4i Chapter 22 QoS Configuration 22.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.

  • Page 186: Qos Implementation

    SS2R24G4i/SS2R48G4i according to the policing policies. Queuing Egress QoS action. Put the packets to appropriate egress queues according to the packet CoS value. QoS egress action. Configure the weight for eight egress queues WRR (Weighted Scheduling Round Robin). In Profile Traffic within the QoS policing policy range (bandwidth or burst value) is called “In Profile".

  • Page 187: Qos Configuration

    SS2R24G4i/SS2R48G4i replace the original higher level DSCP value in the packet; this is also called “marking down”. The following flowchart describes the operations during policing and remarking Queuing and scheduling Packets at the egress will re-map the internal DSCP value to CoS value, the queuing operation assigns packets to appropriate queues of priority according to the CoS value;...
  • Page 188 SS2R24G4i/SS2R48G4i mode; “no no class-map <class-map-name> class-map command <class-map-name>” deletes the specified class map. Set matching criterion (classify data match {access-group <acl-index-or-name> stream by ACL, DSCP, VLAN or | ip dscp <dscp-list> | ip precedence priority, etc) for the class map; the “no <ip-precedence-list>...
  • Page 189 SS2R24G4i/SS2R48G4i Apply a policy set to classified traffic; police aggregate “no <aggregate-policer-name> police aggregate police aggregate <aggregate-policer-name>” command deletes the specified policy <aggregate-policer-name> set. 4.Apply QoS to ports Command Explanation Interface Mode Configure port trust; the “no mls qos trust [cos...

  • Page 190: Qos Example

    SS2R24G4i/SS2R48G4i egress queue; the “no wrr-queue cos8> command no wrr-queue cos-map [<queue-id>] cos-map[<queue-id>]” restores the default setting. 6.Configure QoS mapping Command Explanation Global Mode Set CoS to DSCP mapping, qos map {cos-dscp <dscp1...dscp8> DSCP to CoS mapping, dscp-cos <dscp-list> to <cos> | dscp-mutation DSCP to DSCP mutation <in-dscp>...
  • Page 191 SS2R24G4i/SS2R48G4i Switch(config)#class-map c1 Switch(config-ClassMap)#match access-group 1 Switch(config-ClassMap)# exit Switch(config)#policy-map p1 Switch(config-PolicyMap)#class c1 Switch(config--Policy-Class)#police 10000000 4000 exceed-action drop Switch(config--Policy-Class)#exit Switch(config-PolicyMap)#exit Switch(config)#interface ethernet 0/0/2 Switch(Config-Ethernet0/0/2)#service-policy input p1 Configuration result An ACL name 1 is set to matching segment 192.168.1.0. Enable QoS globally, create a class map named c1, matching ACL1 in class map;...

  • Page 192: Q O S Troubleshooting

    SS2R24G4i/SS2R48G4i assigns different IP precedences. For example, set IP precedence for packets from segment 192.168.1.0 to 5 on port ethernet 1/1. The port connecting to switch2 is a trunk port. In SwitchB, set port ethernet 1/1 that connecting to swtich1 to trust IP precedence. Thus inside the QoS domain, packets of different priorities will go to different queues and get different bandwidth.

  • Page 193: Show Mls Qos Interface

    SS2R24G4i/SS2R48G4i Parameters <aggregate-policer-name> is the policy set name. Default N/A. Command mode Admin Mode Displayed information Explanation aggregate-policer policer1 80000 Configuration for this policy set. exceed-action drop Not used by any policy map Time that the policy set is being referred to 22.4.1.3 show mls qos interface...

  • Page 194: Show Mls Qos Maps

    SS2R24G4i/SS2R48G4i Displayed information Explanation Ethernet1/2 Port name ClassMap Name of the Class map Classified Total data packets match this class map. In-profile Total in-profile data packets match this class map. out-profile Total out-profile data packets match this class map. 22.4.1.4 show mls qos maps Command show mls qos maps [cos-dscp | dscp-cos | dscp-mutation | policed-dscp] Function Displays mapping configuration information for QoS.

  • Page 195: Qos Troubleshooting

    SS2R24G4i/SS2R48G4i 22.4.1.6 show policy-map Command show policy-map [<policy-map-name>] Function Display policy map of QoS. Parameter < policy-map-name> is the policy map name. Default N/A. Command mode Admin Mode Displayed information Explanation Policy Map p1 name of policy map Class map name c1...

  • Page 196: Chapter 23 Layer 3 Configuration

    SS2R24G4i/SS2R48G4i Chapter 23 Layer 3 Configuration SS2R24/48G4i switch switch only supports layer 2 forwarding function. But, we can configure a layer3 control port. On the interface of this port we can configure IP addresses used in communication of various IP-based control protocols.

  • Page 197: Arp

    SS2R24G4i/SS2R48G4i will delete the default gateway address. 23.2 ARP 23.2.1 Introduction to ARP ARP (Address Resolution Protocol) is mainly used in IP address to Ethernet MAC address resolution. SS2R24/48G4i switch supports static configuration. 23.2.1.1 ARP Configuration Task Sequence 1. Configure static ARP...

  • Page 198: Debug Arp

    SS2R24G4i/SS2R48G4i entry. Port Physical (Layer2) interface corresponding to the ARP entry. Flag Describes whether ARP entry is dynamic or static. 23.2.2.1.2 debug arp Command debug arp no debug arp Enable the ARP debug function the “no debug arp” command disables this debug Function function.

This manual is also suitable for:

Ss2r48g4i

Table of Contents