S S W W I I T T C C H H M M A A N N A A G G E E M M E E N N T T 1.Connecting to the Switch Configuration Options The FMG-24K PLANEX COMMUNICATIONS INC includes a built-in network- management agent. The agent offers a variety of management options,including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
Page 6
The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions: > Set user names and passwords for up to 16 users > Set an IP interface for a management VLAN > Configure SNMP parameters >...
Page 7
Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch. Attach a VT100-compatible terminal, or a PC running a terminal emulation pro- gram to the switch.
Page 8
Remote Connections Prior to accessing the switch’s onboard agent via a network connection,you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. The IP address for this switch is assigned via 192.168.0.1 by default. To manual- ly configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address”...
2.Basic Configuration Console Connection The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec).The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic util- ities.
Page 10
1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level. 2. Type “configure” and press <Enter>. 3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>. 4.
Page 11
> Manual Configuration — You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.
Page 12
Dynamic Configuration If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart” command to start broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information.
Page 13
Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart Console#show ip interface IP interface vlan IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup Console# Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as EliteView.
Page 14
“mode” is rw (read/write) or ro (read only). Press <Enter>. 2. To remove an existing string, simply type “no snmp-server community string,” where “string” is the community access string to remove. Press <Enter>. Console(config)#snmp-server community PLANEX COMMUNICATIONS INC rw Console(config)#snmp-server community private Console(config)# >...
Page 15
Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in nonvolatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command. To save the current configuration settings, enter the following command: 1.
3.Managing System Files The switch’s flash memory supports three types of system files that can be man- aged by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start- up file.
4.System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (see “Setting the Startup Configuration File” on page 2-18). The following table lists some of the basic system defaults. Function Parameter Default...
Page 18
Function Parameter Default Console Port Baud Rate 9600 Connection Data bits Stop bits Parity none Local Console Timeout 0 (disabled) Port Status Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled 10/100/1000 Mbps Port 10 Mbps half duplex Capability 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex...
Page 19
Function Parameter Default Class of Service Ingress Port Priority Weighted Round Robin Class 0: 16 Class 1: 64 Class 2: 128 Class 3: 240 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled Multicast Filtering IGMP Snooping Enabled Act as Querier Enabled...
CONFIGURING THE SWITCH 1.Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).
Page 21
3. After you enter a user name and password, you will have access to the sys- tem configuration program. If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding to improve the switch’s response time to management commands issued through the Web interface (see “Managing STA Interface Settings”...
2.Navigating the Web Browser Interface To access the Web-browser interface you must first enter a user name and pass- word. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”...
Page 23
If this is your first time to access the management agent, you should define a new Administrator user name and password, record them and put them in a safe place. Select Security from the Main Menu, and then enter a new user name and password for the Administrator.
Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configu- ration change has been made on a page, be sure to click on the “Apply” or “Apply Changes” button to confirm the new setting. The following table summa- rizes the Web page configuration buttons.
4.Main Menu Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Menu Description Page System System Information Provides basic system description, including contact information...
Page 26
Menu Description Page Address Table Static Addresses Displays entries for interface, address or VLAN 2-29 Dynamic Addresses Displays or edits static entries in the Address Table 2-30 Address Aging Sets timeout for dynamically learned entries 2-31 Spanning Tree STA Information Displays STA values used for the bridge 2-34 STA Configuration...
Page 27
5.Basic Configuration Displaying System Information You can easily identify the system by providing a descriptive name, location and contact information. > Command Attributes > System Name – Name assigned to the switch system. >> Object ID – MIB II object ID for switch’s network management subsystem. >>...
Page 28
System OID string: 1.3.6.1.4.1.202.20.24 System information System Up time: 0 days, 2 hours, 4 minutes, and 7.13 seconds System Name : PLANEX COMMUNICATIONS 8624T Test Switch System Location : TPS - 3rd Floor System Contact : Chris MAC address : 00-30-f1-47-58-3a...
Page 29
Setting the IP Address An IP address may be used for management access to the switch over your net- work. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s user-specified defaults (IP address 0.0.0.0 and netmask 255.0.0.0) to values that are compatible with your network.
Page 30
Manual Configuration Web – Click System/IP. Specify the management interface, IP address and default gateway, then click Apply. – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 3-68 Console(config-if)#ip address 10.2.13.30 255.255.255.0 3-51 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 3-53 Console(config)# Using DHCP/BOOTP...
Page 31
> CLI – Specify the management interface, and set the IP Address Mode to DHCP or BOOTP. Console#config Console(config)#interface vlan 1 3-68 Console(config-if)#ip address dhcp 3-51 Console(config-if)#end Console#ip dhcp restart 3-52 Console#show ip interface 3-54 IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1, and address mode: User specified.
Page 32
6.Security Configuring the Logon Password The guest only has read access for most configuration parameters. However, the administrator has write access for parameters governing the onboard agent. You should therefore assign a new administrator password as soon as possible, and 1.
Page 33
Configuring Radius Logon Authentication Remote Authentication Dial-in User Service (RADIUS) is an authentication proto- col that uses a central server to control access to RADIUS-compliant devices on the network. A RADIUS server can be programmed with a database of multiple user name/password pairs and associated privilege levels for each user or group that requires management access to this switch using the console port, Telnet or the Web.
Page 34
Web – Click System/Radius. Specify the authentication sequence, server address, port number and other parameters, then click “Apply.” CLI Commands CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius 3-39 Console(config)#radius-server host 192.168.1.25 3-40 Console(config)#radius-server port 181 3-41 Console(config)#radius-server key green 3-41...
7.Managing Firmware You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without over- writing the previous version.
Page 36
If you download specifying a new destination file name, be sure to select the new file from the drop-down box, and then click Apply Changes. To start the new firmware, reboot the system. CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch.
Page 37
Saving or Restoring Configuration Settings You can upload/download configuration settings to/from a TFTP server. The con- figuration file can be later downloaded to restore the switch’s settings. Command Attributes > Destination File Name — The destination configuration file name should not contain slashes (\ or /), the leading letter of the file name should not be a peri- od (.), and the length of file name should be 1 to 32.
Page 38
CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config 3-18 TFTP server ip address: 192.168.1.19 Source configuration file name: startup2.0 Startup configuration file name [startup] : startup2.0 Console# Setting the Startup Configuration File...
Page 39
Console#copy tftp startup-config 3-18 TFTP server ip address: 192.168.1.19 Source configuration file name: startup2.0 Startup configuration file name [startup] : startup2.0 Console# Console#config Console(config)#boot system config: startup2.0 3-23 Console(config)#exit Console#reload The CLI allows you replace a running configuration file without performing a reset. Copying the Running Configuration to a File CLI –...
Page 40
Command Attributes > Extended Multicast Filtering Services – This switch does not support the fil- tering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol). > Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes.
Page 41
Web – Click System/Bridge Extension. CLI – Enter the following command. Console#show bridge-ext 3-106 Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No0 Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Enabled...
Page 42
Displaying Switch Hardware/Software Versions Command Attributes Main Board > Serial Number – The serial number of the switch > Number of Ports – Number of ports on this switch > Hardware Version – Hardware version of the main board. > Internal Power Status – Displays the status of the internal power supply >...
Page 43
CLI – Use the following command to display version information. Console#show version 3-38 Unit1 Serial number :A217056372 Service tag :[NONE] Hardware version :R0C Number of ports Main power status Redundant power status :not present Agent(master) Unit id :1 Loader version :1.0.0.0 Boot rom version :1.0.0.0...
8.Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the cur- rent connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Command Attributes > Name – Interface label. > Type – Indicates the of port type (1000Base-TX or 1000Base-SFP). >...
Page 45
CLI – This example shows the connection status for Port 13. Console#show interfaces status ethernet 1/13 3-75 Information of Eth 1/13 Basic information: Port type: 1000t Mac address: 00-00-11-11-22-2F Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full, Broadcast storm: Enabled Broadcast storm limit: 256 packets/second Flow control: Disabled...
Page 46
Configuring Interface Connections You can use the Trunk Configuration or Port Configuration page to enable/dis- able an interface, manually fix the speed and duplex mode, set flow control, set auto-negotiation, and set the interface capabilities to advertise. Command Attributes > Name – Allows you to label an interface. (Range: 1-64 characters) >...
Page 47
> Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Port Trunk Configuration” on page 2-61. Autonegotiation must be disabled before you can configure or force the interface to use the Speed/Duplex Mode or Flow Control options.
Page 48
Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
Page 49
Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.
9.Address Table Settings Switches store the addresses for all known devices. This information is used to route traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Page 51
CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset. Console(config)#bridge 1 address 00-e0-29-94-34-de vlan 1 forward ethernet 1/1 delete-on-reset 3-79 Console(config)# Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch.
Page 52
CLI – This example also displays the address table entries for port 11. Console#show bridge 1 ethernet 1/11 3-80 Interface Mac Address Vlan Type --------- ----------------- ---- ----------------- Eth 1/11 00-10-b5-62-03-74 1 Learned Console# Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Usage The range for the aging time is 17 - 2184 seconds.
10.Spanning Tree Protocol Configuration The Spanning Tree Algorithm can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
Page 54
> Spanning Tree State – Enable/disabled this switch to participate in a STA- compliant network. > Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device.
Page 55
Displaying the current global settings for STA Web – Click STA/STA Information. CLI – This command displays global STA settings, followed by the settings for each port. Console#show bridge group 1 3-90 Bridge-group information -------------------------------------------------------------- Spanning tree protocol :ieee8021d Spanning tree enable/disable :enable Priority :32768...
Page 56
The current root port and current root cost display as zero when this device is not con- nected to the network. Configuring the global settings for STA Web – Click STA/STA Configuration. Modify the required attributes, click “Apply.” CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes.
Page 57
Managing STA Interface Settings You can configure STA attributes for specific interfaces, including port priority, path cost, and fast forwarding. You may use a different priority or path cost for ports of same media type to indicate the preferred path. Command Attributes The following global attributes are read-only and cannot be changed: >...
Page 58
The following interface attributes can be configured: > Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest pri- ority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 59
Web – Click STA/STA Port Information or STA Trunk Information. CLI – This example shows the STA attributes for port 5.
Page 60
Console#show bridge group 1 ethernet 1/5 3-90 Bridge-group information -------------------------------------------------------------- Spanning tree protocol :ieee8021d Spanning tree enable/disable :enable Priority :32768 Hello Time (sec.) Max Age (sec.) Forward Delay (sec.) Designated Root :32768.0000e8000001 Current root port Current root cost Number of topology changes :325 Last topology changes time (sec.) :18 Hold times (sec.)
Page 61
Web – Click STA/STA Port Configuration or STA Trunk Configuration. Modify the required attributes, then click “Apply.” CLI – This example sets STA attributes for port 5. Console(config)#interface ethernet 1/5 3-68 Console(config-if)#bridge-group 1 priority 0 3-89 Console(config-if)#bridge-group 1 path-cost 50 3-88 Console(config-if)#bridge-group 1 portfast 3-90...
11.VLAN Configuration In conventional networks with routers, broadcast traffic is split up into separate domains. Switches do not inherently support broadcast domains. This can lead to broadcast storms in large networks that handle traffic such as IPX or NetBeui. By using IEEE 802.1Q-compliant VLANs, you can organize any group of network nodes into separate broadcast domains, thus confining broadcast traffic to the originating group.
Page 63
Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port (that is, a port attached to a VLAN-aware device) if you want it to carry traffic for one or more VLANs and if the device at the other end of the link also supports VLANs.
Page 64
Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each endstation should be assigned. If an endstation (or its network adapter) supports the IEEE 802.1Q VLAN protocol, it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join.
Displaying Basic VLAN Information Command Attributes > VLAN Version Number – The VLAN version used by this switch as specified in the IEEE 802.1Q standard. (Web interface only.) > Maximum VLAN ID – Maximum VLAN ID recognized by this switch. >...
Displaying Current VLANs Command Attributes for Web Interface > VLAN ID – ID of configured VLAN (1-4094, no leading zeroes). > Up Time at Creation – Time this VLAN was created; i.e., System Up Time. > Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP.
Page 67
Command Attributes for CLI Interface > VLAN – ID of configured VLAN (1-4094, no leading zeroes). > Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. >...
Page 68
CLI – This example creates a new VLAN. Console(config)#vlan database 3-93 Console(config-vlan)#vlan 5 name R&D media ethernet state active 3-93 Console(config-vlan)# Adding Interfaces Based on Membership Type Command Attributes > Port – Port identifier. > Trunk – Trunk identifier. > VLAN – ID of configured VLAN (1-4094, no leading zeroes). >...
Page 69
> Trunk Member – Indicates if a port is a member of a trunk. To add a trunk to the selected VLAN, use the last table on the VLAN Static Table page. Web – Click VLAN/VLAN Static Table. Select a VLAN ID from the scroll-down list.
Page 70
Adding Interfaces Based on Static Membership Command Attributes > Interface – Port or trunk identifier. > Member – VLANs for which the selected interface is a tagged member. > Non-Member – VLANs for which the selected interface is not a tagged mem- ber.
Page 71
Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers. Command Usage > GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network.
Page 72
> GARP Leave Timer – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the join time. This ensures that after a Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group.
Page 73
Web – Click VLAN/VLAN Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click “Apply.” CLI – This example sets port 1 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
12.Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 75
Web – Click Priority/Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click “Apply.” CLI – This example assigns a default priority or 5 to port 3. Console(config)#interface ethernet 1/3 3-68 Console(config-if)#switchport priority default 5 3-118...
Page 76
Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using four priority queues for each port, with service schedules based on Weighted Round Robin (WRR). Up to 8 separate traffic priorities are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table.
Page 77
Web – Click Priority/Traffic Classes. Assign priorities to the output queues, then click “Apply.” CLI – The following example shows how to map CoS values 0, 1 and 2 to CoS priority queue 0, value 3 to CoS priority queue 1, values 4 and 5 to CoS priority queue 2, and values 6 and 7 to CoS priority queue 3.
Page 78
Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping CoS Values to Egress Queues” on page 2-53, the traffic classes are mapped to one of the four egress queues provided for each port.
Page 79
CLI – The following example shows how to assign WRR weights of 1, 4, 16 and 64 to the CoS priority queues 0, 1, 2 and 3. Console(config)#queue bandwidth 1 4 16 64 3-119 Console(config)#exit Console#show queue bandwidth 3-122 Queue ID Weight -------- ------ Console#...
Page 80
Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).
Page 81
Web – Click Priority/IP Precedence Priority. Select “IP Precedence” from the IP Precedence/DSCP Priority Status menu. Select an IP Precedence value from the IP Precedence Priority Table by clicking on it with your cursor, enter a value in the Class of Service Value field, and then click “Ap pl y. ” CLI –...
Page 82
Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, and it retains backward compatibili- ty with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping.
Page 83
CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 1 to CoS value 0 on port 5, and then displays all the DSCP Priority settings for that port. (Note that the setting is global and applies to all ports on the switch.) Console(config)#map ip dscp 3-125...
13.Port Trunk Configuration Ports can be combined into an aggregate link to increase the bandwidth of a net- work connection where bottlenecks exist or to ensure fault recovery. You can create up to six trunks at a time, with any single trunk containing up to four ports. The switch supports both static trunking and dynamic LACP (Link Aggregation Control Protocol).
Page 85
Dynamically Configuring a Trunk with LACP Web – Click Trunk/LACP Configuration. Select any of the switch ports from the scroll-down port list and click “Add.” After you have completed adding ports to the member list, click “Apply.” CLI – The following example enables LACP for ports 17 and 18. Just connect these ports to two LACP-enabled trunk ports on another switch to form a trunk.
Page 86
Console(config)#interface ethernet 1/17 3-68 Console(config-if)#lacp 3-133 Console(config-if)#exit Console(config)#interface ethernet 1/18 Console(config-if)#lacp Console(config-if)#end Console#show interfaces status port-channel 1 3-75 Information of Trunk 1 Basic information: Port type: 1000t Mac address: 22-22-22-22-22-2d Configuration: Name: Port admin status: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full, Flow control status: Disabled Current status: Created by: Lacp...
Page 87
Statically Configuring a Trunk Web – Click Trunk/Trunk Configuration. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, and click “Add.” After you have completed adding ports to the member list, click “Apply.” CLI –...
Page 88
Console(config)#interface port-channel 1 3-68 Console(config-if)#exit Console(config)#interface ethernet 1/11 3-68 Console(config-if)#channel-group 1 3-132 Console(config-if)#exit Console(config)#interface ethernet 1/12 Console(config-if)#channel-group 1 Console(config-if)#end Console#show interfaces status port-channel 1 3-75 Information of Trunk 1 Basic information: Port type: 1000t Mac address: 22-22-22-22-22-2c Configuration: Name: Port admin status: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full, Flow control status: Disabled...
14.Configuring SNMP The switch includes an onboard agent that continuously monitors the status of its hardware, as well as the traffic passing through its ports, based on the Simple Network Management Protocol (SNMP). A network management station can access this information using software such as EliteView. Access rights to the onboard agent are controlled by community strings.
Page 90
Web – Click SNMP/SNMP Configuration. Enter a new string in the Community String box and select the access rights from the Access Mode drop-down list, then click “Add.” CLI – The following example adds the string “spiderman” with read/write access. Console(config)#snmp-server community spiderman rw 3-44 Console(config)#...
Page 91
Web – Click SNMP/SNMP Configuration. Fill in the Trap Manager IP Address box and the Trap Manager Community String box, mark Enable Authentication Traps if required, and then click “Add.” CLI – This example adds a trap manager and enables authentication traps. Console(config)#snmp-server host 10.1.19.23 batman 3-46 Console(config)#snmp-server enable traps authentication...
15.Multicast Configuration Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Page 93
Configuring IGMP Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance. Command Usage >...
Page 94
Command Attributes > IGMP Status — When enabled, the switch will monitor network traffic to deter- mine which hosts want to receive multicast traffic. This is also referred to as IGMP Snooping. (Default: Disabled) > Act as IGMP Querier — When enabled, the switch can serve as the Querier, which is responsible for asking hosts if they want to receive multicast traffic.
Page 95
Web – Click IGMP/IGMP Configuration. Adjust the IGMP settings as required, and then click “Apply.” (The default settings are shown below.) CLI – This example modifies the settings for multicast filtering, and then displays the current status. Console(config)#ip igmp snooping 3-108 Console(config)#ip igmp snooping querier 3-112...
Interfaces Attached to a Multicast Router Multicast routers use the information obtained from IGMP Query, along with a multicast routing protocol such as DVMRP, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.
Page 97
S S p p e e c c i i f f y y i i n n g g I I n n t t e e r r f f a a c c e e s s A A t t t t a a c c h h e e d d t t o o a a M M u u l l t t i i c c a a s s t t R R o o u u t t e e r r Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier.
Page 98
Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multi- cast IP address. Command Attribute > VLAN ID – Selects the VLAN in which to display port members. > Multicast IP Address – The IP address for a specific multicast service >...
Page 99
Adding Multicast Addresses to VLANs Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in “Configuring IGMP Parameters” on page 2-68. For certain application that require tighter control, you may need to statical- ly configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
Page 100
CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/12 3-109 Console(config)#exit Console#show bridge 1 multicast vlan 1 3-111 VLAN M'cast IP addr.
16.Showing Device Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMOM MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port.
C C O O M M M M A A N N D D L L I I N N E E I I N N T T E E R R F F A A C C E E This chapter describes how to use the Command Line Interface (CLI).
Page 104
After connecting to the system through the console port, the login screen dis- plays: User Access Verification Username: admin Password: CLI session with the PLANEX COMMUNICATIONS INC 8624T is opened. To end the CLI session, enter [Exit]. Console# Telnet Connection Telnet operates over the IP transport protocol. In this environment, your manage- ment station and any network device you want to manage over the network must have a valid IP address.
Page 105
After entering the Telnet command, the login screen displays: User Access Verification Username: admin Password: CLI session with the PLANEX COMMUNICATIONS INC 8624T is opened. To end the CLI session, enter [Exit]. Vty-0# You can open up to four sessions to the device via Telnet.
2.Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
Page 107
Getting Help on Commands You can display a brief description of the help system by entering the help com- mand. You can also display command syntax by using the “?” character to list keywords or parameters. Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, Interface, Line, or VLAN Database).
Page 108
The command “show interfaces ?” will display the following information: Console>show interfaces ? counters Information of interfaces counters status Information of interfaces status switchport Information of interfaces switchport Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided.
Page 109
Understanding Command Modes The command set is divided into Exec and Configuration classes. Exec com- mands generally display information on system status or clear statistical coun- ters. Configuration commands, on the other hand, modify interface parameters or enable certain switching functions. These classes are further divided into differ- ent modes.
Page 110
Username: admin Password: [system login password] CLI session with the PLANEX COMMUNICATIONS INC 8624T is opened. To end the CLI session, enter [Exit]. Console# Username: guest Password: [system login password] PLANEX COMMUNICATIONS CLI session with the INC 8624T is opened.
Page 111
To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands. Console#configure Console(config)# To enter Interface, Line Configuration, or VLAN mode, you must enter the “inter- face ...,”...
3.Command Groups The system commands can be broken down into the functional groups shown below. Command Description Page Group General Basic commands for entering privileged access mode, 3-12 restarting the system, or quitting the CLI Flash/File Manages code image or switch configuration files 3-18 System Controls system logs, system passwords, user name, 3-24...
Page 113
Command Description Page Group IGMP Snooping Configures IGMP multicast filtering, querier 3-107 eligibility, query parameters, and specifies ports attached to a multicast router Priority Sets port priority for untagged frames, relative weight 3-117 for each priority queue, and the maximum number of queues enabled;...
4.General Commands Command Function Mode Page enable Activates privileged mode 3-12 disable Returns to normal mode from privileged mode 3-13 configure Activates global configuration mode 3-14 reload Restarts the system 3-15 Returns to Privileged Exec mode GC, IC, 3-16 LC, VC exit Returns to the previous configuration mode, or 3-16...
Page 115
Command Usage > “super” is the default password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable pass- word command on page 3-27.) > The “#” character is appended to the end of the prompt to indicate that the sys- tem is in privileged access mode.
Page 116
Example Console#disable Console> Related Commands enable configure Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, and VLAN Database Configuration.
Page 117
Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 20 commands. Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1...
Page 118
reload Use this command to restart the system. When the system is restarted, it will always run the Power-On Self-Test. It will also retain all configuration information stored in non-volatile memory by the copy running- config startup-config command. Default Setting None Command Mode Privileged Exec...
Page 119
exit Use this command to return to the previous configuration mode or exit the config- uration program. Default Setting None Command Mode Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session...
5.Flash/File Commands These commands are used to manage the system code or configuration files. Command Function Mode Page copy Copies a code image or a switch configuration 3-18 to or from Flash memory or a TFTP server delete Deletes a file or code image 3-20 Displays a list of files in Flash memory 3-21...
Page 121
Default Setting None Command Mode Privileged Exec Command Usage > The system prompts for data required to complete the copy command. > The destination configuration file name should not contain slashes (\ or /), and the leading letter of the file name should not be a period (.). >...
Page 122
The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name : startup Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01 Startup configuration file name [startup]: Console#...
Page 123
Example This example shows how to delete the test2.cfg configuration file from Flash memory. Console#delete test2.cfg Console# Related Commands Use this command to display a list of files in Flash memory. Syntax dir [boot-rom | config | opcode [:filename]] The type of file or image to display includes: >...
Page 124
Column Heading Description file name The name of the file. file type File types: Boot-Rom, Operation Code, and Configfile. startup Shows if this file is used when the system is started. size The length of the file in bytes. Example The following example shows how to display all file information: Console#dir file name...
Page 125
whichboot Use this command to display which files booted. Default Setting None Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command. See the table on the previous page for a description of the file information dis- played by this command.
Page 126
boot system Use this command to specify the file or image used to start up the system. Syntax boot system {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: > boot-rom - Boot ROM >...
6.System Management Commands These commands are used to control system logs, passwords, user name, browser configuration options, and display or configure a variety of other system information. Command Function Mode Page Device DescriptionCommand hostname Specifies or modifies the host name for the 3-25 device User Access Commands...
Page 128
Use this command to specify or modify the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode Global Configuration Example Console(config)#hostname PLANEX COMMUNICATIONS INC 8624T Console(config)#...
Page 129
username Use this command to require user name authentication at login. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} pass- word} no username name > name - The name of the user. Up to 8 characters, case sensitive. Maximum number of users: 16 >...
Page 130
Example This example shows how the set the access level and password for a user. Console(config)#username bob access-level 15 Console(config)#username bob password 0 smith Console(config)# This example shows how the set unencrytped and encrypted passwords. Console(config)#username richard1 password 0 richard(1) Console(config)#username richard2 password 7 6ae199a93c381bf6d5de27491139d3f9(2) Console(config)#exit...
Page 131
enable password After initially logging onto the system, you should set the administrator (Privileged Exec) and guest (Normal Exec) passwords. Remember to record them in a safe place. Use the enable password command to set the password for access to the Privileged Exec level from the Normal Exec level. Use the no form to reset the default password.
Page 132
jumbo frame Use this command to enable jumbo frames through the switch. Use the no form to disable jumbo frames. Syntax jumbo frame no jumbo frame Default Setting Disabled Command Mode Global Configuration Command Usage > This switch provides more efficient throughput for large sequential data trans- fers by supporting jumbo frames up to 9000 bytes.
Page 133
ip http port Use this command to specify the TCP port number used by the Web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1- 65535) Default Setting Command Mode...
Page 134
Example Console(config)#ip http server Console(config)# Related Commands ip http port logging on Use this command to control logging of error messages. This command sends debug or error messages to a logging process. The no form disables the logging process. Syntax logging on no logging on Default Setting...
Page 135
logging history Use this command to limit syslog messages sent to the Simple Network Management Protocol network management station based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} >...
Page 136
Example Console(config)#logging history ram 0 Console(config)# Related Commands snmp-server enable traps snmp-server host clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] > flash - Event history stored in Flash memory (i.e., permanent memory). >...
Page 137
show logging Use this command to display the logging configuration for system and event messages. Syntax show logging {flash | ram} > flash - Event history stored in Flash memory (i.e., permanent memory). > ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
Page 138
Example Console#show startup-config building startup-config, please wait..snmp-server community private rw snmp-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1/1 switchport allowed vlan add 1 untagged...
Related Commands show running-config show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non- volatile memory.
Default Setting None Command Mode Normal Exec, Privileged Exec Example Console#show system FMG-24K System description: PLANEX COMMUNICATIONS INC System OID string: 1.3.6.1.4.1.202.20.25 System information System Up time : 0 days, 1 hours, 23 minutes, and 44.61 seconds PLANEX COMMUNICATIONS System Name...
Page 141
show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client. Default Setting None Command Mode Normal Exec, Privileged Exec Example Console#show users Username accounts: Username Privilege -------- --------- guest 0 admin 15 Online users: Line Username Idle time (h:m:s) Remote IP addr.
Page 142
Example Console#show version Unit1 Serial number :A217056372 Service tag :[NONE] Hardware version :R0C Number of ports :24 Main power status :up Redundant power status :not present Agent(master) Unit id :1 Loader version :1.0.0.0 Boot rom version :1.0.0.0 Operation code version :1.0.1.4 Console#...
7.RADIUS Client Commands Remote Authentication Dial-in User Service (RADIUS) is a system that uses a central server running RADIUS software to control access to RADIUS-aware devices on the network. A RADIUS server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch using the console port, Telnet or Web.
Page 144
Default Setting None Command Mode Global Configuration Example Console(config)#authentication login radius Console(config)# Related Commands username - for setting the local user names and passwords radius-server host Use this command to specify the RADIUS server. Use the no form to restore the default.
Page 145
radius-server port Use this command to set the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting None Command Mode Global Configuration...
Page 146
Example Console(config)#radius-server key green Console(config)# radius-server retransmit Use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server.
Default Setting None Command Mode Global Configuration Example Console(config)#radius-server timeout 10 Console(config)# show radius-server Use this command to display the current settings for the RADIUS server. Default Setting None Command Mode Privileged Exec Example Console#show radius-server Server IP address: 10.1.0.99 Communication key with radius server: Server port number: 1812 Retransmit times: 2...
8.SNMP Commands Controls access to this switch from SNMP management stations, as well as the error types sent to trap managers. Command Function Mode Page snmp-server Sets up the community access string to 3-44 community permit access to SNMP commands snmp-server contact Sets the system contact string 3-45...
Page 149
Default Setting > public - Read-only access. Authorized management stations are only able to retrieve MIB objects. > private - Read-write access. Authorized management stations are able to both retrieve and modify MIB objects. Command Mode Global Configuration Command Usage The first snmp-server community command you enter enables SNMP (SNMPv1).
Page 150
Example Console(config)#snmp-server contact Paul Console(config)# Related Commands snmp-server location snmp-server location Use this command to set the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text - String that describes the system location. (Maximum length: 255 char- acters) Default Setting None...
Page 151
snmp-server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host host-addr community-string no snmp-server host host-addr > host-addr - Name or Internet address of the host (the targeted recipient). (Maximum host addresses: 5 trap destination ip address entries) >...
Page 152
Example Console(config)#snmp-server host 10.1.19.23 batman Console(config)# Related Commands snmp-server enable traps snmp-server enable traps Use this command to enable this device to send Simple Network Management Protocol traps or informs (SNMP notifications). Use the no form to disable SNMP notifications. Syntax snmp-server enable traps [authentication | link-up-down] no snmp-server enable traps [authentication | link-up-down]...
Page 153
Command Usage If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. In order to configure this device to send SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled.
Page 154
show snmp Use this command to check the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides counter information for SNMP operations. Example SNMP traps: Authentication : enable Link-up-down : enable SNMP communities: 1.
Page 155
9.IP Commands An IP address may be used for management access to the switch over your net- work. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s user-specified defaults (IP address 0.0.0.0 and netmask 255.0.0.0) to values that are compatible with your network.
Page 156
Default Setting IP address: 0.0.0.0 Netmask: 255.0.0.0 Command Mode Interface Configuration (VLAN) Command Usage > You must assign an IP address to this device to gain management access over the network. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server.
Page 157
ip dhcp restart Use this command to submit a BOOTP or DCHP client request. Default Setting None Command Mode Privileged Exec Command Usage > DHCP requires the server to reassign the client’s last address if available. > If the BOOTP or DHCP server has been moved to a different domain, the net- work portion of the address provided to the client will be based on this new domain.
ip default-gateway Use this command to a establish a static route between this device and manage- ment stations that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default gateway Default Setting No static route is established.
Page 159
show ip interface Use this command to display the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Command Usage This switch can only be assigned one IP address. This address is used for managing the switch. Example Console#show ip interface IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1,...
Page 160
show ip redirects Use this command to show the default gateway configured for this device. Default Setting None Command Mode Privileged Exec Example Console#show ip redirects ip default gateway 10.1.0.254 Console# Related Commands ip default-gateway ping Use this command to send ICMP echo request packets to another node on the network.
Page 161
Command Usage > Use the ping command to see if another site on the network can be reached. > Following are some results of the ping command: >> Normal response -The normal response occurs in one to ten seconds, depending on network traffic. >>...
10.Line Commands You can access the onboard configuration program by attaching a VT100 com- patible device to the server’s serial port. These commands are used to set com- munication parameters for the serial port or a virtual terminal. Note that Telnet is considered a virtual terminal connection, and the only commands that apply to Telnet include exec-timeout and password-thresh.
Page 163
line Use this command to identify a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} > console - Console terminal line. > vty - Virtual terminal for remote console access. Default Setting There is no default line.
Page 164
login Use this command to enable password checking at login. Use the no form to dis- able password checking and allow connections without a password. Syntax login [local] no login local - Selects local password checking. Authentication is based on the user name specified with the username command.
Page 165
password Use this command to specify the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password -{0 | 7} - 0 means plain password, 7 means encrypted password - password - Character string that specifies the line password. The string can contain any alphanumeric characters, besides spaces, and can contain up to 8 characters.
exec-timeout Use this command to set the interval that the system waits until user input is detected. Use the no form to remove the timeout definition. Syntax exec-timeout seconds no exec-timeout seconds - Integer that specifies the number of seconds. (Range: 0 - 65535 seconds;...
Page 167
password-thresh Use this command to set the password intrusion threshold which limits the num- ber of failed logon attempts. Use the no form to remove the threshold value. Syntax password-thresh threshold no password-thresh threshold - The number of allowed password attempts. (Range: 1-120;...
Page 168
silent-time Use this command to set the amount of time the management console is inac- cessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command. Use the no form to remove the silent time value. Syntax silent-time seconds no silent-time...
Page 169
databits Use this command to set the number of data bits per character that are interpret- ed and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits > 7 - Seven data bits per character. >...
Page 170
parity Use this command to define generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity > none - No parity > even - Even parity > odd - Odd parity Default Setting No parity Command Mode...
Page 171
speed Use this command to set the terminal line's baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 9600, 57600, 38400, 19200, 115200 bps) Default Setting 9600 bps...
Page 172
stopbits Use this command to set the number of the stop bits transmitted per byte. Use the no form to restore the default setting. Syntax stopbits {1 | 2} > 1 - One stop bit > 2 - Two stop bits Default Setting 1 stop bit Command Mode...
Page 173
Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 65535 Console#...
11.Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Command Function Mode Page interface Configures an interface type and enters interface GC 3-68 configuration mode description Adds a description to an interface configuration 3-68 speed-duplex Configures the speed and duplex operation of a...
Page 175
interface Use this command to configure an interface type and enter interface configura- tion mode. Syntax interface interface interface > ethernet unit/port - unit - This is device 1. - port - Port number. > port-channel channel-id (Range: 1-6) > vlan vlan-id (Range: 1-4094) Default Setting None Command Mode...
Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to Ethernet port 15. Console(config)#interface ethernet 1/15 Console(config-if)#description RD-SW#3 Console(config-if)# speed-duplex Use this command to configure the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default. Syntax speed-duplex {1000full | 100full | 100half | 10full | 10half} no speed-duplex...
Page 177
Example The following example configures port 5 to 100 Mbps, half-duplex operation. Console(config)#interface ethernet 1/5 Console(config-if)#speed-duplex 100half Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation negotiation Use this command to enable autonegotiation for a given interface. Use the no form to disable autonegotiation. Syntax negotiation no negotiation...
Page 178
capabilities Use this command to advertise the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capa- bility, or the no form without parameters to restore the default values. Syntax capabilities {1000full | 100full |100half | 10full | 10half | flowcontrol | sym- metric} no port-capabilities [1000full | 100full | 100half | 10full |10half | flowcontrol | symmetric]...
flowcontrol Use this command to enable flow control. Use the no form to disable flow con- trol. Syntax flowcontrol no flowcontrol Default Setting Flow control enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage > Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill.
Page 180
shutdown Use this command to disable an interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved.
Page 181
switchport broadcast Use this command to configure broadcast storm control. Use the no form to dis- able broadcast storm control. Syntax switchport broadcast packet-rate rate no switchport broadcast rate - Threshold level as a rate; i.e., packets per second. (Range: 16, 64, 128, 256) Default Setting Enabled for all ports Packet-rate limit: 256 packets per second...
show interfaces status Use this command to display the status for an interface. Syntax show interfaces status interface interface > ethernet unit/port - unit - This is device 1. - port - Port number. > port-channel channel-id (Range: 1-6) > vlan vlan-id (Range: 1-4094) Default Setting None Command Mode...
Page 183
show interfaces counters Use this command to display statistics for an interface. Syntax show interfaces counters interface interface > ethernet unit/port - unit - This is device 1. - port - Port number. > port-channel channel-id (Range: 1-6) Default Setting None Command Mode Normal Exec, Privileged Exec...
show interfaces switchport Use this command to display advanced interface configuration settings. Syntax show interfaces switchport [interface] interface > ethernet unit/port - unit - This is device 1. - port - Port number. > port-channel channel-id (Range: 1-6) Default Setting Shows all interfaces.
12.Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Command Function Mode Page bridge address Maps a static address to a port in a VLAN 3-79 show bridge Displays classes of entries in the...
Page 187
bridge address Use this command to map a static address to a port in a VLAN. Use the no form to remove an address. Syntax bridge bridge-group address mac-address vlan vlan-id forward interface [action] no bridge bridge-group address address vlan vlan-id >...
Page 188
Example Console(config)#bridge 1 address 00-e0-29-94-34-de vlan 1 forward ethernet 1/1 delete-on-reset Console(config)# show bridge Use this command to view classes of entries in the bridge-forwarding database. Syntax show bridge bridge-group [interface] [address [mask]] [vlan vlan-id] [sort {address | vlan | interface}] >...
Example Console#show bridge 1 Interface Mac Address Vlan Type ------------ ------------------ ------- ----------------- Eth 1/ 1 00-e0-29-94-34-de 1 Delete-on-reset Console# clear bridge Use this command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any static or system configured entries.
Page 190
bridge-group aging-time Use this command to set the aging time for entries in the address table. Use the no form to restore the default aging time. Syntax bridge-group bridge-group aging-time seconds no bridge-group bridge-group aging-time > bridge-group - Bridge group index (bridge 1). >...
13.Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Command Function Mode Page bridge spanning-tree Enables the spanning tree protocol 3-84 bridge forward-time Configures the spanning tree bridge 3-84 forward time...
Page 192
bridge spanning-tree Use this command to enable STA globally for the switch. Use the no form to dis- able it. Syntax bridge bridge-group spanning-tree no bridge bridge-group spanning-tree bridge-group - Bridge group index (bridge 1). Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage...
Page 193
bridge forward-time Use this command to configure the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax bridge bridge-group forward-time seconds no bridge bridge-group forward-time > bridge-group - Bridge group index (bridge 1). >...
bridge hello-time Use this command to configure the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax bridge bridge-group hello-time time no bridge bridge-group hello-time > bridge-group - Bridge group index (bridge 1). >...
bridge max-age Use this command to configure the spanning tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax bridge bridge-group max-age seconds no bridge bridge-group max-age > bridge-group - Bridge group index (bridge 1). >...
Page 196
bridge priority Use this command to configure the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax bridge bridge-group priority priority no bridge bridge-group priority > bridge-group - Bridge group index (bridge 1). >...
Page 197
bridge priority Use this command to configure the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax bridge bridge-group priority priority no bridge bridge-group priority > bridge-group - Bridge group index (bridge 1). >...
Page 198
bridge-group path-cost Use this command to configure the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax bridge-group bridge-group path-cost cost no bridge-group bridge-group path-cost > bridge-group - Bridge group index (bridge 1). >...
Page 199
bridge-group priority Use this command to configure the priority for the specified port. Use the no form to restore the default. Syntax bridge-group bridge-group priority priority no bridge-group bridge-group priority > bridge-group - Bridge group index (bridge 1). > priority - The priority for a port. (Range: 0-255) Default Setting Command Mode Interface Configuration (Ethernet, Port Channel)
Page 200
bridge-group portfast Use this command to set a port to fast forwarding. Use the no form to disable fast forwarding. Syntax bridge-group bridge-group portfast no bridge-group bridge-group portfast bridge-group - Bridge group index (bridge 1). Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage >...
Page 201
show bridge group Use this command to show the spanning tree configuration. Syntax show bridge group bridge-group [interface] > bridge-group - Bridge group index (bridge 1). > interface >> ethernet unit/port - unit - This is device 1. - port - Port number. >>...
Page 202
show bridge group Use this command to show the spanning tree configuration. Syntax show bridge group bridge-group [interface] > bridge-group - Bridge group index (bridge 1). > interface >> ethernet unit/port - unit - This is device 1. - port - Port number. >>...
Page 203
Example Console#show bridge group 1 ethernet 1/11 Bridge-group information ---------------------------------------------------------------------------------------- Spanning tree protocol :ieee8021d Spanning tree enable/disable :enable Priority :32768 Hello Time (sec.) Max Age (sec.) Forward Delay (sec.) Designated Root :32768.0000e9000066 Curent root Curent root cost Number of topology changes Last topology changes time (sec.) :2167 Hold times (sec.)
14.VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Page 205
Command Function Mode Page show interfaces status Displays status for the specified VLAN 3-75 vlan interface show interfaces Displays the administrative and 3-77 switchport operational status of an interface vlan database Use this command to enter VLAN database mode. All commands in this mode will take effect immediately.
Page 206
vlan Use this command to configure a VLAN. Use the no form to restore the default settings or delete a VLAN. Syntax vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] > vlan-id - ID of configured VLAN. (Range: 1-4094, no leading zeroes) >...
interface vlan Use this command to enter interface configuration mode for VLANs, and config- ure a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes) Default Setting None Command Mode Global Configuration Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN:...
Page 208
switchport mode Use this command to configure the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {trunk | hybrid} no switchport mode > trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits and receives tagged frames that identify the source VLAN.
switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types > all - The port passes all frames, tagged or untagged. >...
Page 210
switchport ingress-filtering Use this command to enable ingress filtering for an interface. Use the no form to restore the default. Syntax switchport ingress-filtering no switchport ingress-filtering Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage > If ingress filtering is enabled, incoming frames for VLANs which do not include this ingress port in their member set will be discarded at the ingress port.
Page 211
switchport native vlan Use this command to configure the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading zeroes) Default Setting VLAN 1 Command Mode...
switchport allowed vlan Use this command to configure VLAN groups on the selected interface. Use the no form to restore the default. Syntax switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan- list} no switchport allowed vlan > add vlan-list - List of VLAN identifiers to add. >...
Page 213
switchport forbidden vlan Use this command to configure forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan {add vlan-list | remove vlan-list} no switchport forbidden vlan > add vlan-list - List of VLAN IDs to add. >...
Page 214
show vlan Use this command to show VLAN information. Syntax show vlan [id vlan-id | name vlan-name] > id - Keyword to be followed by the VLAN ID. > vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes) >...
15.GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configura- tion settings for the Bridge Extension MIB.
Page 216
Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# show gvrp configuration Use this command to show if GVRP is enabled. Syntax show gvrp configuration [interface] interface > ethernet unit/port - unit - This is device 1. - port - Port number.
Page 217
garp timer Use this command to set the values for the join, leave and leaveall timers. Use the no form to restore the timers' default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} >{join | leave | leaveall} - Which timer to set.
Page 218
Example Console(config)#interface ethernet 1/1 Console(config-if)#garp timer join 100 Console(config-if)# Related Commands show garp timer show garp timer Use this command to show the GARP timers for the selected interface. Syntax show garp timer [interface] interface > ethernet unit/port - unit - This is device 1. - port - Port number.
Page 219
bridge-ext gvrp Use this command to enable GVRP. Use the no form to disable it. Syntax bridge-ext gvrp no bridge-ext gvrp Default Setting Disabled Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network.
Page 220
Example Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Disabled GMRP: Disabled Console#...
16.IGMP Snooping Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only.
Page 222
ip igmp snooping Use this command to enable IGMP snooping on this switch. Use the no form to disable it. Syntax ip igmp snooping no ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static...
Page 223
Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port: Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet Console(config)# ip igmp snooping version Use this command to configure the IGMP snooping version. Use the no form to restore the default.
Page 224
show ip igmp snooping Use this command to show the IGMP snooping configuration. Default Setting None Command Mode Privileged Execs Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Enabled Querier status: Enabled Query count: 2 Query interval: 125 sec Query max response time: 10 sec Query time-out: 300 sec...
Page 225
Example The following shows the multicast entries learned through IGMP snooping for bridge group 1, VLAN 1: Console#show bridge 1 multicast vlan 1 igmp-snooping VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ -------1 224.1.2.3 Eth1/11 IGMP Console# ip igmp snooping querier Use this command to enable the switch as an IGMP snooping querier.
Page 226
ip igmp snooping query-count Use this command to configure the query count. Use the no form to restore the default. Syntax ip igmp snooping query-count count no ip igmp snooping query-count count - The maximum number of queries issued for which there has been no response before the switch takes action to solicit reports.
Page 227
Example The following shows how to configure the query interval to 100 seconds: Console(config)#ip igmp snooping query-interval 100 Console(config)# ip igmp snooping query-max-response-time Use this command to configure the snooping report delay. Use the no form of this command to restore the default. Syntax ip igmp snooping query-max-response-time seconds no ip igmp snooping query-max-response-time...
Page 228
ip igmp snooping query-time-out Use this command to configure the snooping query-timeout. Use the no form of this command to restore the default. Syntax ip igmp snooping query-time-out seconds no ip igmp snooping query-time-out seconds - The time the switch waits after the previous querier has stopped querying before it takes over as the querier.
Page 229
ip igmp snooping vlan mrouter Use this command to statically configure a multicast router port. Use the no form to remove the configuration. Syntax ip igmp snooping vlan vlan-id mrouter interface no ip igmp snooping vlan vlan-id mrouter interface > vlan-id - VLAN ID (Range: 1-4094) >...
Page 230
show ip igmp snooping mrouter Use this command to display information on statically configured and dynamical- ly learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Example...
17.Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 232
switchport priority default Use this command to set a priority for incoming untagged frames, or the priority of frames received by the device connected to the specified interface. Use the no form to restore the default value. Syntax switchport priority default default-priority-id no switchport priority default default-priority-id - The priority number for untagged ingress traffic.
Example The following example shows how to set a default priority on port 3 to 5: Console(config)#interface ethernet 1/3 Console (config-if)#switchport priority default 5 queue bandwidth Use this command to assign Weighted Round-Robin (WRR) weights to the four class of service (CoS) priority queues. Use the no form to restore the default weights.
Page 234
queue cos-map Use this command to assign class of service (CoS) values to the CoS priority queues. Use the no form set the CoS map to the default values. Syntax queue cos-map queue_id [cos1 ... cosn] no queue cos-map > queue_id - The queue id of the CoS priority queue. >...
Page 235
Example The following example shows how to map CoS values 0, 1 and 2 to CoS priority queue 0, value 3 to CoS priority queue 1, values 4 and 5 to CoS priority queue 2, and values 6 and 7 to CoS priority queue 3: Console(config)#interface ethernet 1/1 Console(config-if)#queue cos-map 0 0 1 2 Console(config-if)#queue cos-map 1 3...
Page 236
show queue cos-map Use this command to show the class of service priority map. Syntax show queue cos-map [interface] interface >. ethernet unit/port - unit - This is device 1. - port - Port number. > port-channel channel-id (Range: 1-6) Default Setting None Command Mode...
Page 237
map ip precedence (Global Configuration) Use this command to enable IP precedence mapping (i.e., IP Type of Service). Use the no form to disable IP precedence mapping. Syntax map ip precedence no map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage >...
Page 238
map ip precedence (Interface Configuration) Use this command to set IP precedence priority (i.e., IP Type of Service priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-value cos cos-value > no map ip precedence >...
Page 239
Example The following example shows how to map IP precedence value 1 to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip precedence 1 cos 0 Console(config-if)# map ip dscp (Global Configuration) Use this command to enable IP DSCP mapping (i.e., Differentiated Services Code Point mapping).
Page 240
map ip dscp (Interface Configuration) Use this command to set IP DSCP priority (i.e., Differentiated Services Code Point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp > dscp-value - 8-bit DSCP value. (Range: 0-255) >...
Page 241
Example The following example shows how to map IP DSCP value 1 to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip dscp 1 cos 0 Console(config-if)# show map ip precedence Use this command to show the IP precedence priority map. Syntax show map ip precedence [interface] interface...
Page 242
Related Commands map ip precedence - Maps CoS values to IP precedence values. show map ip dscp Use this command to show the IP DSCP priority map. Syntax show map ip dscp [interface] interface > ethernet unit/port - unit - This is device 1. - port - Port number.
18.Mirror Port Commands This section describes how to configure port mirror sessions. Command Function Mode Page port monitor Configures a mirror session 3-129 show port monitor Shows the configuration for a mirror port 3-130 port monitor Use this command to configure a mirror session. Use the no form to clear a mir- ror session.
Page 244
Command Usage > You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destina- tion port and study the traffic crossing the source port in a completely unobtru- sive manner.
Page 245
Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------- Destination port(listen port) :Eth1/1 Source port(monitored port) :Eth1/6 Mode :RX/TX Console# Related Commands port monitor...
19.Port Trunking Commands Ports can be statically grouped into an aggregate link to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
Page 247
Command Mode Interface Configuration (Ethernet) Command Usage > The maximum number of ports that can be combined as a static trunk is 4 10/100 Mbps ports, and 2 1000 Mbps ports. > All links in a trunk must operate at the same data rate and duplex mode. Example The following example creates trunk 1 and then adds port 11: Console(config)#interface port-channel 1...
Page 248
Command Usage > Finish configuring a port trunk before you connect the corresponding network cables between switches. > You can configure up to six trunks, containing up to four ports as a dynamic LACP trunk. > All ports in the same trunk must consist of the same media type (i.e., twisted- pair or fiber).
Page 249
Console(config)#interface ethernet 1/11 Console(config-if)#lacp Console(config-if)#exit Console(config)#interface ethernet 1/12 Console(config-if)#lacp Console(config-if)#exit Console(config)#interface ethernet 1/13 Console(config-if)#lacp Console(config-if)#exit Console(config)#exit Console#show interfaces status port-channel 1 Information of Trunk 1 Basic information: Port type: 1000t Mac address: 00-00-e8-00-00-0b Configuration: Name: Port admin status: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full, Flow control status: Disabled Current status:...
2.Upgrading Firmware via the Serial Port The switch contains two firmware components that can be upgraded; the diag- nostics (or Boot-ROM) code and runtime operation code. The runtime code can be upgraded via the switch’s RS-232 serial console port,via a network connec- tion to a TFTP server, or using SNMP management software.
Page 253
PC system. The “Xmodem file send” window displays the progress of the download procedure. The download file must be a PLANEX COMMUNICATIONS INC 8624T binary software file from PLANEX COMMUNICATIONS INC .
B B . . P P I I N N A A S S S S I I G G N N M M E E N N T T S S 1.Console Port Pin Assignments The DB-9 serial port on the switch s front panel is used to connect to the switch for out-of-band console configuration.
Page 255
Console Port to 9-Pin DTE Port on PC Switch’s 9-Pin Null Modem PC’s 9-Pin Serial Port DTE Port 2 RXD <---------TXD ------------ 3 TXD 3 TXD -----------RXD ----------> 2 RXD 5 SGND -----------SGND ---------- 5 SGND No other pins are used. Console Port to 25-Pin DTE Port on PC Switch’s 9-Pin Null Modem...
Page 256
L L O O S S S S A A R R Y Y 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3, 4, or 5 UTP cable. 100BASE-TX IEEE 802.3u specification for 100 Mbps Fast Ethernet over two pairs of Category 5 UTP cable.
Page 257
Collision A condition in which packets transmitted over the cable interfere with each other. Their interference makes both signals unintelligible. Collision Domain Single CSMA/CD LAN segment. CSMA/CD Carrier Sense Multiple Access/Collision Detect is the communication method employed by Ethernet and Fast Ethernet. Dynamic Host Control Protocol (DHCP) Provides a framework for passing configuration information to hosts on a TCP/IP network.
Page 258
GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network.
Page 259
IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value. IEEE 802.3 Defines carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications.
Page 260
Internet Group Management Protocol (IGMP) A protocol through which hosts can register with their local router for multicast services. If there is more than one multicast router on a given IEEE 802.3 Defines carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications.
Page 261
Internet Group Management Protocol (IGMP) A protocol through which hosts can register with their local router for multicast services. If there is more than one multicast router on a given subnetwork, one of the routers is made the “querier” and assumes responsibility for keeping track of group membership.
Page 262
Management Information Base (MIB) An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group.
Page 263
Spanning Tree Protocol (STP) A technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network.