LevelOne GEL-2870 24 GE + 4 GE Combo SFP L2 SNMP Switch Management Guide version 1.0...
Page 2
A N A G E M E N T U I D E GEL-2870 Layer 2 SNMP Switch with 24 10/100/1000BASE-T (RJ-45) Ports, and 4 Gigabit Combination Ports (RJ-45/SFP) GEL-2870 E112009/AP-R01 149100000054A...
BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
ONTENTS BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features Configuration Backup and Restore Authentication Access Control Lists Port Configuration Rate Limiting Port Mirroring Port Trunking Storm Control Static Addresses IEEE 802.1D Bridge Store-and-Forward Switching Spanning Tree Algorithm Virtual LANs Traffic Prioritization...
Page 6
ONTENTS Required Connections Remote Connections Basic Configuration Setting Passwords Setting an IP Address Enabling SNMP Management Access Managing System Files Saving or Restoring Configuration Settings ECTION ONFIGURATION SING THE NTERFACE Connecting to the Web Interface Navigating the Web Browser Interface Home Page Configuration Options Panel Display...
Page 7
ONTENTS IGMP Snooping Configuring IGMP Snooping and Query Configuring IGMP Filtering Configuring Link Layer Discovery Protocol Configuring the MAC Address Table IEEE 802.1Q VLANs Assigning Ports to VLANs Configuring VLAN Attributes for Port Members Configuring Private VLANs Using Port Isolation Quality of Service Configuring Port-Level Queue Settings Configuring DSCP Remarking...
Page 8
ONTENTS Displaying Information About Ports Displaying Port Status On the Front Panel Displaying an Overview of Port Statistics Displaying QoS Statistics Displaying Detailed Port Statistics Displaying Information on Authentication Servers Displaying a List of Authentication Servers Displaying Statistics for Configured Authentication Servers Displaying Information on LACP Displaying an Overview of LACP Groups Displaying LACP Port Status...
Page 9
ONTENTS ECTION OMMAND NTERFACE SING THE OMMAND NTERFACE Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Getting Help on Commands Partial Keyword Lookup Using Command History Command Line Processing CLI Command Groups YSTEM OMMANDS system configuration system reboot system restore default...
Page 10
ONTENTS ip ping ip dns ip dns_proxy ip sntp ip ipv6 autoconfig ip ipv6 setup ip ipv6 ping6 ip ipv6 sntp 11 A UTHENTICATION OMMANDS auth configuration auth timeout auth deadtime auth radius auth acct_radius auth tacacs+ auth client auth statistics 12 P OMMANDS port configuration...
Page 11
ONTENTS lacp mode lacp key lacp role lacp status lacp statistics 15 RSTP C OMMANDS rstp configuration rstp sysprio rstp age rstp delay rstp txhold rstp version rstp mode rstp cost rstp priority rstp edge rstp autoedge rstp p2p rstp status rstp statistics rstp mcheck 16 IEEE 802.1X C...
Page 12
ONTENTS igmp state igmp querier igmp fastleave igmp leave proxy igmp throttling igmp filtering igmp router igmp flooding igmp groups igmp status 18 LLDP C OMMANDS lldp configuration lldp mode lldp optional_tlv lldp interval lldp hold lldp delay lldp reinit lldp info lldp statistics lldp cdp_aware...
ABLES Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Main Menu Table 5: Recommended STA Path Cost Range Table 6: Recommended STA Path Costs Table 7: Default STA Path Costs Table 8: HTTPS System Support Table 9: QCE Modification Buttons Table 10: Mapping CoS Values to Egress Queues Table 11: QCE Modification Buttons...
ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: “Introduction” on page 24 ◆...
NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
| Introduction HAPTER Description of Software Features Table 1: Key Features (Continued) Feature Description Virtual LANs Up to 256 using IEEE 802.1Q, port-based, and private VLANs Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/ UDP port, DSCP, ToS bit, VLAN tag priority, or port Qualify of Service Supports Differentiated Services (DiffServ), and DSCP remarking Multicast Filtering...
| Introduction HAPTER Description of Software Features ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP CCESS ONTROL port number or frame type) or layer 2 frames (based on any destination ISTS MAC address for unicast, broadcast or multicast, or based on VLAN ID or VLAN tag priority).
| Introduction HAPTER Description of Software Features moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.
| Introduction HAPTER Description of Software Features S The switch supports up to 256 VLANs. A Virtual LAN is a collection of IRTUAL network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
| Introduction HAPTER Description of Software Features ERVICE Differentiated Services (DiffServ) provides policy-based management UALITY OF mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, DSCP values, or VLAN lists.
| Introduction HAPTER System Defaults YSTEM EFAULTS The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter Default Console Port Connection Baud Rate 115200 bps Data bits Stop bits Parity none Local Console Timeout 0 (disabled) Authentication User Name...
Page 31
| Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default Spanning Tree Algorithm Status Enabled, RSTP (Defaults: RSTP standard) Edge Port Enabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Disabled Switchport Mode (Egress Mode) Tagged frames Traffic Prioritization...
NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. ONNECTING TO THE WITCH The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web- based interface.
| Initial Switch Configuration HAPTER Connecting to the Switch ◆ Set the speed/duplex mode for any port ◆ Configure the bandwidth of any port by limiting input or output rates ◆ Control port access through IEEE 802.1X security or static address filtering ◆...
| Initial Switch Configuration HAPTER Connecting to the Switch Set the data format to 8 data bits, 1 stop bit, and no parity. ■ Set flow control to none. ■ Set the emulation mode to VT100. ■ When using HyperTerminal, select Terminal keys, not Windows ■...
| Initial Switch Configuration HAPTER Basic Configuration ASIC ONFIGURATION ASSWORDS If this is your first time to log into the console interface, you should define ETTING a new password for access to the web interface, record it, and put it in a safe place.
Page 36
| Initial Switch Configuration HAPTER Basic Configuration SSIGNING AN DDRESS Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: ◆ IP address for the switch ◆ Network mask for this network ◆...
Page 37
| Initial Switch Configuration HAPTER Basic Configuration When configuring the IPv6 address and gateway, one double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields. To generate an IPv6 global unicast address for the switch, type the following command, and press <Enter>.
| Initial Switch Configuration HAPTER Basic Configuration >ip dhcp enable >ip dhcp DHCP Client : Enabled Active Configuration: IP Address : 192.168.0.3 IP Mask : 255.255.255.0 IP Router : 0.0.0.0 DNS Server : 0.0.0.0 SNTP Server > : Response time from DHCP servers vary considerably for different network environments.
Page 39
| Initial Switch Configuration HAPTER Basic Configuration The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients. To provide management access for version 1 or 2c clients, you must specify a community string. The switch provides a default MIB View (i.e., an SNMPv3 construct) for the default “public”...
Page 40
| Initial Switch Configuration HAPTER Basic Configuration ECEIVERS You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, enter the “snmp trap” commands shown below, and press <Enter>. “snmp trap version version” “snmp trap commuity community-string”...
Page 41
| Initial Switch Configuration HAPTER Basic Configuration SNMP V ONFIGURING CCESS FOR ERSION LIENTS To configure management access for SNMPv3 clients, you need to first create a user, assign the user to a group, create a view that defines the portions of MIB that the client can read or write, and then create an access entry with the group and view.
“config save tftp-server file-name” where “tftp-server” is the ip address of the backup server, and “file-name” is the name under which the configuration settings are saved. >config save 192.168.1.19 GEL-2870.cfg > To restore configuration settings from a backup server, enter the following command, and press <Enter>.
ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: ◆ “Using the Web Interface” on page 44 “Configuring the Switch” on page 50 ◆...
SING THE NTERFACE This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Netscape 6.2, Mozilla Firefox 2.0.0.0, or more recent versions).
| Using the Web Interface HAPTER Navigating the Web Browser Interface AVIGATING THE ROWSER NTERFACE To access the web-browser interface you must first enter a user name and password. By default, the user name is “admin” with password “admin”. AGE When your web browser connects with the switch’s web agent, the home page is displayed as shown below.
| Using the Web Interface HAPTER Navigating the Web Browser Interface ISPLAY The web agent displays an image of the switch’s ports. The refresh mode is ANEL disabled by default. Tick Auto-refresh to refresh the data displayed on the screen approximately once every 5 seconds, or press the Refresh button to refresh the screen right away.
Page 47
| Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page Port Group Configures multicast groups to be filtered on specified port Filtering LLDP Configures global LLDP timing parameters, and port-specific TLV attributes MAC Address Table Configures address aging, dynamic learning, and static addresses...
Page 48
| Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page Relay Configures DHCO relay information status and policy Monitor System Information Displays basic system description, switch’s MAC address, system time, and software version Limits the system messages logged based on severity;...
Page 49
| Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page Port Statistics Displays statistics for all connected remote devices, and statistics for LLDP protocol packets crossing each port DHCP Relay Statistics Displays server and client statistics for packets affected by the relay information policy MAC Address Table Displays dynamic and static address entries associated with...
ONFIGURING THE WITCH This chapter describes all of the basic configuration tasks. ONFIGURING YSTEM NFORMATION You can identify the system by configuring the contact information, name, and location of the switch. ARAMETERS These parameters are displayed on the System Information page: ◆...
| Configuring the Switch HAPTER Setting an IP Address NTERFACE To configure System Information in the web interface: Click Configuration, System, Information. Specify the contact information for the system administrator, as well as the name and location of the switch. Also indicate the local time zone by configuring the appropriate offset.
Page 52
| Configuring the Switch HAPTER Setting an IP Address You can manually configure a specific IP address, or direct the device to obtain an address from a DHCP server. Valid IPv4 addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything other than this format will not be accepted by the CLI program.
| Configuring the Switch HAPTER Setting an IP Address NTERFACE To configure an IP address and SNTP in the web interface: Click Configuration, System, IP & Time. Specify the IPv4 settings, and enable DNS proxy service if required. Click Save. Figure 4: IP &...
Page 54
| Configuring the Switch HAPTER Setting an IP Address values. One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields. ◆ When configuring a link-local address, note that the prefix length is fixed at 64 bits, and the host portion of the default address is based on the modified EUI-64 (Extended Universal Identifier) form of the interface identifier (i.e., the physical MAC address).
| Configuring the Switch HAPTER Setting an IP Address An IPv6 default gateway can only be successfully set when a network interface that directly connects to the gateway has been configured on the switch. ◆ VLAN ID – ID of the configured VLAN. By default, all ports on the switch are members of VLAN 1.
| Configuring the Switch HAPTER Setting the System Password ETTING THE YSTEM ASSWORD The administrator has read/write access for all parameters governing the onboard agent. You should therefore assign a new administrator password as soon as possible, and store it in a safe place. The administrator name is “admin”...
Page 57
| Configuring the Switch HAPTER Filtering IP Addresses for Management Access ARAMETERS The following parameters are displayed on the Access Management page: ◆ Mode – Enables or disables filtering of management access based on configured IP addresses. (Default: Disabled) ◆ Start IP Address – The starting address of a range. ◆...
| Configuring the Switch HAPTER Configuring Port Connections ONFIGURING ONNECTIONS The Port Configuration page includes configuration options for enabling auto-negotiation or manually setting the speed and duplex mode, enabling flow control, setting the maximum frame size, specifying the response to excessive collisions, or enabling power saving mode.
| Configuring the Switch HAPTER Configuring Port Connections Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub.
| Configuring the Switch HAPTER Configuring Authentication for Management Access and 802.1X 802.1X ONFIGURING UTHENTICATION FOR ANAGEMENT CCESS AND Use the Authentication Configuration page to specify the authentication method for controlling management access through Telnet, SSH or HTTP/ HTTPS. Access can be based on the (local) user name and password configured on the switch, or can be controlled with a RADIUS or TACACS+ remote access authentication server.
Page 61
| Configuring the Switch HAPTER Configuring Authentication for Management Access and 802.1X ◆ When using RADIUS or TACACS+ logon authentication, the user name and password must be configured on the authentication server. The encryption methods used for the authentication process must also be configured or negotiated between the authentication server and logon client.
Page 62
| Configuring the Switch HAPTER Configuring Authentication for Management Access and 802.1X ◆ IP Address – IP address or IP alias of authentication server. ◆ Port – Network (UDP) port of authentication server used for authentication messages. (Range: 1-65535; Default: 0) If the UDP port is set to 0 (zero), the switch will use 1812 for RADIUS authentication servers, 1813 for RADIUS accounting servers, or 49 for TACACS+ authentication servers.
| Configuring the Switch HAPTER Configuring Authentication for Management Access and 802.1X NTERFACE To configure authentication for management access in the web interface: Click Configuration, Authentication. Configure the authentication method for management client types, the common server timing parameters, and address, UDP port, and secret key for each required RADIUS or TACACS+ server.
| Configuring the Switch HAPTER Creating Trunk Groups REATING RUNK ROUPS You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches.
| Configuring the Switch HAPTER Creating Trunk Groups Use the Static Aggregation page to configure the aggregation mode and ONFIGURING TATIC members of each static trunk group. RUNKS SAGE UIDELINES ◆ When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer's implementation.
Page 66
| Configuring the Switch HAPTER Creating Trunk Groups best for switch-to-switch trunk links where traffic through the switch is destined for many different hosts. Do not use this mode for switch-to-router trunk links where the destination MAC address is the same for all traffic. IP Address –...
| Configuring the Switch HAPTER Creating Trunk Groups NTERFACE To configure a static trunk: Click Configuration, Aggregation, Static. Select one or more load-balancing methods to apply to the configured trunks. Assign port members to each trunk that will be used. Click Save.
Page 68
| Configuring the Switch HAPTER Creating Trunk Groups ◆ A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. ◆ If more than eight ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
Page 69
| Configuring the Switch HAPTER Creating Trunk Groups NTERFACE To configure a dynamic trunk: Click Configuration, Aggregation, LACP. Enable LACP on all of the ports to be used in an LAG. Specify the LACP Admin Key to restrict a port to a specific LAG. Set at least one of the ports in each LAG to Active initiation mode, either at the near end or far end of the trunk.
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm ONFIGURING THE PANNING LGORITHM The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link...
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Use the RSTP System Configuration page to configure settings for STA ONFIGURING LOBAL which apply globally to the switch. ETTINGS FOR ARAMETERS The following parameters are displayed on the RSTP System Configuration page: ◆...
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm STP Compatible Mode - If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port's migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm ◆ Path Cost – This parameter is used by the STA to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state. Specifying edge ports provides quicker convergence for devices such as workstations or servers, retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events, does not cause the spanning tree to...
| Configuring the Switch HAPTER Configuring 802.1X Port Authentication 802.1X P ONFIGURING UTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Page 77
| Configuring the Switch HAPTER Configuring 802.1X Port Authentication The operation of 802.1X on the switch requires the following: ◆ The switch must have an IP address assigned (see page 51). ◆ RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified.
Page 78
| Configuring the Switch HAPTER Configuring 802.1X Port Authentication SAGE UIDELINES When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
Page 79
| Configuring the Switch HAPTER Configuring 802.1X Port Authentication expires, the switch will consider the client alive, and leave it authenticated. Therefore, an age period of T will require the client to send frames more frequent than T/2 to stay authenticated. ◆...
Page 80
| Configuring the Switch HAPTER Configuring 802.1X Port Authentication ◆ Port State - The current state of the port: Disabled - 802.1X and MAC-based authentication are globally ■ disabled. (This is the default state.) Link Down - 802.1X or MAC-based authentication is enabled, but ■...
| Configuring the Switch HAPTER Configuring HTTPS NTERFACE To configure 802.1X Port Security: Click Configuration, Port Security. Modify the required attributes. Click Save. Figure 14: Port Security Configuration HTTPS ONFIGURING You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch's web interface.
| Configuring the Switch HAPTER Configuring HTTPS The client and server generate session keys for encrypting and ■ decrypting data. The client and server establish a secure encrypted connection. ■ A padlock icon should appear in the status bar for Internet Explorer 5.x or above, Netscape 6.2 or above, and Mozilla Firefox 2.0.0.0 or above.
| Configuring the Switch HAPTER Configuring SSH ONFIGURING Secure Shell (SSH) provides remote management access to this switch as a secure replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a public-key that the client uses along with a local user name and password for access authentication.
| Configuring the Switch HAPTER IGMP Snooping NTERFACE To configure SSH: Click Configuration, SSH. Enable SSH if required. Click Save. Figure 16: SSH Configuration IGMP S NOOPING Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client.
| Configuring the Switch HAPTER IGMP Snooping IGMP You can configure the switch to forward multicast traffic intelligently. Based ONFIGURING on the IGMP query and report messages, the switch forwards traffic only to NOOPING AND UERY the ports that request multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance.
Page 86
| Configuring the Switch HAPTER IGMP Snooping When the conditions in the preceding item all apply, except that the receiving port is a router port, then the switch will not send a GS-query, but will immediately start the last member query timer for that port. VLAN Related Configuration ◆...
Page 87
| Configuring the Switch HAPTER IGMP Snooping If Fast Leave is enabled, the switch assumes that only one host is connected to the interface. Therefore, Fast Leave should only be enabled on an interface if it is connected to only one IGMP-enabled device, either a service host or a neighbor running IGMP snooping.
| Configuring the Switch HAPTER IGMP Snooping NTERFACE To configure IGMP Snooping: Click Configuration, IGMP Snooping, Basic Configuration. Adjust the IGMP settings as required. Click Save. Figure 17: IGMP Snooping Configuration IGMP In certain switch applications, the administrator may want to control the ONFIGURING multicast services that are available to end users;...
| Configuring the Switch HAPTER Configuring Link Layer Discovery Protocol ◆ Filtering Groups – Multicast groups that are denied on a port. When filter groups are defined, IGMP join reports received on a port are checked against the these groups. If a requested multicast group is denied, the IGMP join report is dropped.
Page 90
| Configuring the Switch HAPTER Configuring Link Layer Discovery Protocol (Transmission Interval * Transmission Hold Time) 65536, and Transmission Interval (4 * Transmission Delay) ◆ Tx Hold – Configures the time-to-live (TTL) value sent in LLDP advertisements as shown in the formula below. (Range: 2-10; Default: 3) The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit...
Page 91
| Configuring the Switch HAPTER Configuring Link Layer Discovery Protocol Both the CDP and LLDP support “system capabilities,” but the CDP ■ capabilities cover capabilities that are not part of LLDP. These capabilities are shown as “others” in the LLDP neighbors table. If all ports have CDP awareness disabled, the switch forwards CDP frames received from neighbor devices.
| Configuring the Switch HAPTER Configuring the MAC Address Table Set the required mode for transmitting or receiving LLDP messages. Enable or disable decoding CDP frames. Specify the information to include in the TLV field of advertised messages. Click Save. Figure 19: LLDP Configuration MAC A ONFIGURING THE...
Page 93
| Configuring the Switch HAPTER Configuring the MAC Address Table ◆ Age Time - The time after which a learned entry is discarded. (Range: 10-1000000 seconds; Default: 300 seconds) MAC Table Learning ◆ Auto - Learning is done automatically as soon as a frame with an unknown source MAC address is received.
| Configuring the Switch HAPTER IEEE 802.1Q VLANs NTERFACE To configure the MAC Address Table: Click Configuration, MAC Address Table. Change the address aging time if required. Specify the way in which MAC addresses are learned on any port. Add any required static MAC addresses by clicking the Add New Static Entry button, entering the VLAN ID and MAC address, and marking the ports to which the address is to be mapped.
| Configuring the Switch HAPTER IEEE 802.1Q VLANs VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections. VLANs can be easily organized to reflect departmental groups (such as Marketing or R&D), usage groups (such as e-mail), or multicast groups (used for multimedia applications such as videoconferencing).
| Configuring the Switch HAPTER IEEE 802.1Q VLANs printers. Note that if you implement VLANs which do not overlap, but still need to communicate, you must connect them through a router. NTERFACE To configure IEEE 802.1Q VLAN groups: Click Configuration, VLANs, VLAN Membership. Change the ports assigned to the default VLAN (VLAN 1) if required.
Page 97
| Configuring the Switch HAPTER IEEE 802.1Q VLANs If ingress filtering is disabled and a port receives frames tagged for ■ VLANs for which it is not a member, these frames will be flooded to all other ports. Ingress filtering does not affect VLAN independent BPDU frames, ■...
| Configuring the Switch HAPTER Configuring Private VLANs NTERFACE To configure attributes for VLAN port members: Click Configuration, VLANs, Ports. Configure in the required settings for each interface. Click Save. Figure 22: VLAN Port Configuration VLAN ONFIGURING RIVATE Private VLANs provide port-based security and isolation between ports within the assigned VLAN.
| Configuring the Switch HAPTER Using Port Isolation ARAMETERS The following parameters are displayed on the Private VLAN Membership Configuration page: ◆ PVLAN ID - Private VLAN identifier. (Range: 1-4095) By default, all ports are configured as members of VLAN 1 and PVLAN 1.
| Configuring the Switch HAPTER Quality of Service NTERFACE To configure isolated ports: Click Configuration, Private VLANs, Port Isolation. Mark the ports which are to be isolated from each other. Click Save. Figure 24: Port Isolation Configuration UALITY OF ERVICE All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class.
| Configuring the Switch HAPTER Quality of Service You can specify the default port priority for each port on the switch, a ONFIGURING Quality Control List (which sets the priority for ingress packets based on EVEL UEUE detailed criteria), the default tag assigned to egress packets, the queuing ETTINGS mode, and queue weights.
| Configuring the Switch HAPTER Quality of Service will be allowed to transmit up to 8 packets, after which the next lower priority queue will be serviced according to it's weighting. This prevents the head-of-line blocking that can occur with strict priority queuing. This weight determines the frequency at which each queue will be polled for service, and subsequently affects the response time for software applications assigned a specific priority value.
Page 103
| Configuring the Switch HAPTER Quality of Service ARAMETERS The following parameters are displayed on the DSCP Remarking Configuration page: ◆ Port - Port identifier. ◆ DSCP Remarking Mode - Enables or disables remarking of the DSCP bits for egress packets placed in this queue. (Default: Disabled) ◆...
| Configuring the Switch HAPTER Quality of Service NTERFACE To configure port-level DSCP remarking: Click Configuration, QoS, DSCP Remarking. Enable remarking on each port for which it is required. Assign DSCP values to use for each of the egress queues. Click Save.
| Configuring the Switch HAPTER Quality of Service ◆ Type Value - A value which depends on the selected QCE type. Type values are also described later in this section. ◆ Traffic Class - The QoS class associated with a QCE. The following buttons are used to edit or move the QCEs: Table 9: QCE Modification Buttons Button...
| Configuring the Switch HAPTER Quality of Service ◆ Traffic Class - Output queue buffer. (Range: Low, Normal, Medium and High, where High is the highest CoS priority queue) NTERFACE To configure QoS Control Lists: Click Configuration, QoS, Control Lists. Click the button to add a new QCL, or use the other QCL modification buttons to specify the editing action (i.e., edit, delete, or...
| Configuring the Switch HAPTER Quality of Service Rate limiting controls the maximum rate for traffic transmitted or received ONFIGURING on an interface. Rate limiting can be configured on interfaces at the edge of IMITING a network to form part of the customer service package by limiting traffic into or out of the switch.
| Configuring the Switch HAPTER Quality of Service NTERFACE To configure Rate Limits: Click Configuration, QoS, Rate Limiters. To set an rate limit on ingress traffic, check Policer Enabled box next to the required port, set the rate limit in the Policer Rate field, and select the unit of measure for the traffic rate.
| Configuring the Switch HAPTER Quality of Service You can configure limits on broadcast, multicast and unknown unicast ONFIGURING TORM traffic to control traffic storms which may occur when a network device is ONTROL malfunctioning, the network is not properly configured, or application programs are not well designed or properly configured.
| Configuring the Switch HAPTER Access Control Lists NTERFACE To configure Storm Control: Click Configuration, QoS, Storm Control. Enable storm control for unknown unicast, broadcast, or multicast traffic by marking the Status box next to the required frame type. Select the control rate as a function of 2 pps (i.e., a value with no suffix for the unit of measure) or a rate in Kpps (i.e., a value marked with the suffix “K”).
| Configuring the Switch HAPTER Access Control Lists ◆ Policy ID - An ACL policy configured on the ACE Configuration page (page 114). (Range: 1-8; Default: 1, which is undefined) ◆ Action - Permits or denies a frame based on whether it matches a rule defined in the assigned policy.
| Configuring the Switch HAPTER Access Control Lists ARAMETERS The following options are displayed on the ACL Rate Limiter Configuration page: ◆ Rate Limiter ID - Rate limiter identifier. (Range: 0-14; Default: 1) ◆ Rate (pps) - The threshold above which packets are dropped. (Options: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, 1024K pps;...
Page 113
| Configuring the Switch HAPTER Access Control Lists take effect immediately, while those defined for a policy must be mapped to one or more ports using the ACL Ports Configuration menu (page 110). SAGE UIDELINES ◆ Rules within an ACL are checked in the configured order, from top to bottom.
| Configuring the Switch HAPTER Access Control Lists Open the System Log Information menu (page 137) to view any entries stored in the system log for this entry. Related entries will be displayed under the “Info” or “All” logging levels. ◆...
Page 115
| Configuring the Switch HAPTER Access Control Lists DMAC Filter - The type of destination MAC address. (Options: Any, ■ MC - multicast, BC - broadcast, UC - unicast, Specific - user defined; Default: Any) Ethernet Type Parameters EtherType Filter - This option can only be used to filter Ethernet II ■...
Page 116
| Configuring the Switch HAPTER Access Control Lists not equal to the SMAC address, 1 - ARP frames where SHA is equal to the SMAC address; Default: Any) RARP DMAC Match - Specifies whether frames can be matched ■ according to their target hardware address (THA) field settings. (Options: Any - any value is allowed, 0 - RARP frames where THA is not equal to the DMAC address, 1 - RARP frames where THA is equal to the DMAC address;...
Page 117
| Configuring the Switch HAPTER Access Control Lists ICMP Code Filter - Specifies the ICMP code of an ICMP packet ■ to filter for this rule. (Options: Any, Specific (0-255); Default: Any) UDP Parameters Source Port Filter - Specifies the UDP source filter for this rule. ■...
Page 118
| Configuring the Switch HAPTER Access Control Lists TCP URG - Specifies the TCP “Urgent Pointer field significant” ■ (URG) value for this rule. (Options: Any - any value is allowed, 0 - TCP frames where the URG field is set must not match this entry, 1 - TCP frames where the URG field is set must match this entry;...
Page 119
| Configuring the Switch HAPTER Access Control Lists ◆ Shutdown - Shuts down a port when a macthing frame is seen. (Default: Disabled) ◆ Counter - Shows he number of frames which have matched any of the rules defined for this ACL. VLAN Parameters ◆...
| Configuring the Switch HAPTER Configuring Port Mirroring Figure 32: Access Control List Configuration ONFIGURING IRRORING You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the Source Single target port and study the traffic crossing the...
| Configuring the Switch HAPTER Simple Network Management Protocol NTERFACE To configure port mirroring: Click Configuration, Mirroring. Then click Next. Select the destination port to which all mirrored traffic will be sent. Set the mirror mode on any of the source ports to be monitored. Click Save.
| Configuring the Switch HAPTER Simple Network Management Protocol The switch includes an onboard agent that supports SNMP versions 1, 2c, and 3. This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports. A network management station can access this information using software such as HP OpenView.
| Configuring the Switch HAPTER Simple Network Management Protocol SNMP To manage the switch through SNMP, you must first enable the protocol ONFIGURING and configure the basic access parameters. To issue trap messages, the YSTEM AND trap function must also be enabled and the destination host specified. ETTINGS ARAMETERS The following parameters are displayed on the SNMP System Configuration...
Page 124
| Configuring the Switch HAPTER Simple Network Management Protocol ◆ Trap Version - Indicates if the target user is running SNMP v1, v2c, or v3. (Default: SNMP v1) ◆ Trap Community - Specifies the community access string to use when sending SNMP trap packets.
Page 125
| Configuring the Switch HAPTER Simple Network Management Protocol field is used. (Range: 10-64 hex digits, excluding a string of all 0’s or all F’s) : The Trap Probe Security Engine ID must be disabled before an engine ID can be manually entered in this field. ◆...
| Configuring the Switch HAPTER Simple Network Management Protocol Figure 34: SNMP System Configuration SNMP All community strings used to authorize access by SNMP v1 and v2c clients ETTING should be listed in the SNMPv3 Communities Configuration table. For OMMUNITY CCESS security reasons, you should consider removing the default strings.
| Configuring the Switch HAPTER Simple Network Management Protocol ◆ Source IP - Specifies the source address of an SNMP client. ◆ Source Mask - Specifies the address mask for the SNMP client. NTERFACE To configure SNMP community access strings: Click Configuration, SNMP, Communities.
Page 128
| Configuring the Switch HAPTER Simple Network Management Protocol ◆ Engine ID - The engine identifier for the SNMP agent on the remote device where the user resides. (Range: 10-64 hex digits, excluding a string of all 0’s or all F’s) To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides.
| Configuring the Switch HAPTER Simple Network Management Protocol NTERFACE To configure SNMPv3 users: Click Configuration, SNMP, Users. Click Add New User to configure a user name. Enter a remote Engine ID of up to 64 hexadecimal characters Define the user name, security level, authentication and privacy settings.
| Configuring the Switch HAPTER Simple Network Management Protocol NTERFACE To configure SNMPv3 groups: Click Configuration, SNMP, Groups. Click Add New Group to set up a new group. Select a security model. Select the security name. For SNMP v1 and v2c, the security names displayed are based on the those configured in the SNMPv3 Communities menu.
| Configuring the Switch HAPTER Simple Network Management Protocol mask a specific portion of the OID string using an asterisk. (Length: 1- 128) NTERFACE To configure SNMPv3 views: Click Configuration, SNMP, Views. Click Add New View to set up a new view. Enter the view name, view type, and OID subtree.
| Configuring the Switch HAPTER Configuring UPnP ◆ Write View Name - The configured view for write access. (Range: 1-32 characters, ASCII characters 33-126 only) NTERFACE To configure SNMPv3 group access rights: Click Configuration, SNMP, Accesses. Click Add New Access to create a new entry. Specify the group name, security settings, read view, and write view.
Page 133
UPnP under Windows XP, open My Network Places in the Explore file manager. An entry for “GEL-2870” will appear in the list of discovered devices. Double-click on this entry to access the switch's web management interface.
| Configuring the Switch HAPTER Configuring DHCP Relay and Option 82 Information NTERFACE To configure UPnP: Click Configuration, UPnP. Enable or disable UPnP, then set the TTL and advertisement values. Click Save. Figure 40: UPnP Configuration DHCP R 82 I ONFIGURING ELAY AND PTION...
| Configuring the Switch HAPTER Configuring DHCP Relay and Option 82 Information ARAMETERS The following parameters are displayed on the DHCP Relay Configuration page: ◆ Relay Mode - Enables or disables the DHCP relay function. (Default: Disabled) ◆ Relay Server - IP address of DHCP server to be used by the switch's DHCP relay agent.
ONITORING THE WITCH This chapter describes how to monitor all of the basic functions, configure or view system logs, and how to view traffic status or the address table. ISPLAYING ASIC NFORMATION BOUT THE YSTEM You can use the Monitor/System menu to display a basic description of the switch, log messages, or statistics on traffic used in managing the switch.
| Monitoring the Switch HAPTER Displaying Basic Information About the System NTERFACE To view System Information in the web interface, click Monitor, System, Information. Figure 42: System Information Use the System Log Information page to scroll through the logged system ISPLAYING and event messages.
| Monitoring the Switch HAPTER Displaying Basic Information About the System Table Headings ◆ ID – Error ID. ◆ Level – Error level as described above. ◆ Time – The time of the system log entry. ◆ Message – The message text of the system log entry. NTERFACE To display the system log: Click Monitor, System, Log.
| Monitoring the Switch HAPTER Displaying Basic Information About the System Use the Detailed Log page to view the full text of specific log messages. ISPLAYING ETAILS NTERFACE To display the text of a specific log message, click Monitor, System, Detailed Log.
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the information on management packets, click Monitor, System, Access Management Statistics. Figure 45: Access Management Statistics ISPLAYING NFORMATION BOUT ORTS You can use the Monitor/Port menu to display a graphic image of the front panel which indicates the connection status of each port, basic statistics on the traffic crossing each port, the number of packets processed by each service queue, or detailed statistics on port traffic.
| Monitoring the Switch HAPTER Displaying Information About Ports ◆ Packets Receive/Transmit – The number of packets received and transmitted. ◆ Bytes Receive/Transmit – The number of bytes received and transmitted. ◆ Errors Receive/Transmit – The number of frames received with errors and the number of incomplete transmissions.
| Monitoring the Switch HAPTER Displaying Information About Ports ◆ Normal Queue Receive/Transmit – The number of packets received and transmitted through the normal-priority queue. ◆ Medium Queue Receive/Transmit – The number of packets received and transmitted through the medium-priority queue. ◆...
Page 143
| Monitoring the Switch HAPTER Displaying Information About Ports Unicast – The number of received and transmitted unicast packets ■ (good and bad). Multicast – The number of received and transmitted multicast ■ packets (good and bad). Broadcast – The number of received and transmitted broadcast ■...
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the detailed port statistics, click Monitor, Ports, Detailed Statistics. Figure 49: Detailed Port Statistics – 144 –...
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers ISPLAYING NFORMATION ON UTHENTICATION ERVERS Use the Monitor/Authentication pages to display information on RADIUS authentication and accounting servers, including the IP address and statistics for each server. Use the RADIUS Overview page to display a list of configured ISPLAYING A IST OF authentication and accounting servers.
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers Use the RADIUS Details page to display statistics for configured ISPLAYING authentication and accounting servers. The statistics map closely to those TATISTICS FOR specified in RFC4668 - RADIUS Authentication Client MIB. ONFIGURED UTHENTICATION ERVERS...
Page 147
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers Timeouts - The number of authentication timeouts to the server. ■ After a timeout, the client may retry to the same server, send to a different server, or give up. A retry to the same server is counted as a retransmit as well as a timeout.
Page 148
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers Transmit Packets ◆ Requests - The number of RADIUS packets sent to the server. This ■ does not include retransmissions. Retransmissions - The number of RADIUS packets retransmitted ■ to the RADIUS accounting server. Pending Requests - The number of RADIUS packets destined for ■...
| Monitoring the Switch HAPTER Displaying Information on LACP LACP ISPLAYING NFORMATION ON Use the monitor pages for LACP to display information on LACP configuration settings, the functional status of participating ports, and statistics on LACP control packets. Use the LACP System Status page to display an overview of LACP groups. ISPLAYING AN LACP VERVIEW OF...
| Monitoring the Switch HAPTER Displaying Information on LACP Backup - The port could not join the aggregation group but will join ■ if other port leaves. Meanwhile it's LACP status is disabled. ◆ Key - Current operational value of the key for the aggregation port. Note that only ports with the same key can aggregate together.
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree ◆ Discarded - The number of unknown or illegal LACP frames that have been discarded at each port. NTERFACE To display LACP statistics for local ports this switch, click Monitor, LACP, Port Statistics.
Page 153
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree ◆ Root Port - The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree ◆ Point2Point - Indicates a connection to exactly one other bridge. The flag may be automatically computed or explicitly configured. The point- to-point properties of a port affect how fast it can transition RSTP states.
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree Learning - Port has transmitted configuration messages for an ■ interval set by the Forward Delay parameter without receiving contradictory information. Port address table is cleared, and the port begins learning addresses. Forwarding - Port forwards packets, and continues learning ■...
| Monitoring the Switch HAPTER Displaying Port Security Information NTERFACE To display information on spanning port statistics, click Monitor, Spanning Tree, Port Statistics. Figure 57: Spanning Tree Port Statistics ISPLAYING ECURITY NFORMATION Use the monitor pages for Port Security to display the IEEE 802.1X authentication state, statistics, and protocol information for each port.
| Monitoring the Switch HAPTER Displaying Port Security Information recently received frame from a new client for MAC-based authentication. ◆ Last ID - The user name (supplicant identity) carried in the most recently received Resp/ID EAPOL frame for port-based authentication, and the source MAC address from the most recently received frame from a new client for MAC-based authentication.
Page 158
| Monitoring the Switch HAPTER Displaying Port Security Information ◆ Invalid Type - The number of EAPOL frames that have been received by the switch in which the frame type is not recognized. ◆ Invalid Length - The number of EAPOL frames that have been received by the switch in which the Packet Body Length field is invalid.
Page 159
| Monitoring the Switch HAPTER Displaying Port Security Information communication with the backend server. Possible retransmissions are not counted. For MAC-based authentication, this field counts all the backend server packets sent from the switch towards the backend server for a given port (left-most table) or client (right-most table).
| Monitoring the Switch HAPTER Showing IGMP Snooping Information Figure 59: Port Security Statistics IGMP S HOWING NOOPING NFORMATION Use the IGMP Snooping page to display IGMP querier status and snooping statistics for each VLAN, the port members of each service group, and the ports connected to an upstream multicast router/switch.
| Monitoring the Switch HAPTER Displaying LLDP Information ◆ V2 Leave Receive - The number of received IGMP Version 2 leave reports. IGMP Groups ◆ VLAN ID - VLAN Identifier. ◆ Groups - The IP address for a specific multicast service. ◆...
| Monitoring the Switch HAPTER Displaying LLDP Information LLDP Use the LLDP Neighbor Information page to display information about ISPLAYING devices connected directly to the switch’s ports which are advertising EIGHBOR information through LLDP. NFORMATION ARAMETERS These parameters are displayed on the LLDP Neighbor Information page: ◆...
| Monitoring the Switch HAPTER Displaying LLDP Information NTERFACE To display information about LLDP neighbors, click Monitor, LLDP, Neighbors. Figure 61: LLDP Neighbor Information LLDP Use the LLDP Port Statistics page to display statistics on LLDP global ISPLAYING counters and control frames. TATISTICS ARAMETERS These parameters are displayed on the LLDP Port Statistics page:...
| Monitoring the Switch HAPTER Displaying DHCP Relay Statistics ◆ Frames Discarded - Number of frames discarded because they did not conform to the general validation rules as well as any specific usage rules defined for the particular Type Length Value (TLV). ◆...
Page 165
| Monitoring the Switch HAPTER Displaying DHCP Relay Statistics ARAMETERS These parameters are displayed on the DHCP Relay Statistics page: Server Statistics ◆ Transmit to Server - The number of packets relayed from the client to the server. ◆ Transmit Error - The number of packets containing errors that were sent to clients.
| Monitoring the Switch HAPTER Displaying the MAC Address Table NTERFACE To display DHCP relay statistics, click Monitor, DHCP, Relay Statistics. Figure 63: DHCP Relay Statistics MAC A ISPLAYING THE DDRESS ABLE Use the MAC Address Table to display dynamic and static address entries associated with the CPU and each port.
| Monitoring the Switch HAPTER Displaying the MAC Address Table NTERFACE To display the address table, click Monitor, MAC Address Table. Figure 64: MAC Address Table – 167 –...
ERFORMING ASIC IAGNOSTICS This chapter describes how to test network connectivity using Ping for IPv4 or IPv6, and how to test network cables. INGING AN DDRESS The Ping page is used to send ICMP echo request packets to another node on the network to determine if it can be reached.
| Performing Basic Diagnostics HAPTER Running Cable Diagnostics Figure 65: ICMP Ping UNNING ABLE IAGNOSTICS The VeriPHY page is used to perform cable diagnostics for all ports or selected ports to diagnose any cable faults (short, open, etc.) and report the cable length.
ERFORMING YSTEM AINTENANCE This chapter describes how to perform basic maintenance tasks including upgrading software, restoring or saving configuration settings, and resetting the switch. ESETTING THE WITCH Use the Reset Device page to restart the switch. NTERFACE To restart the switch Click Maintenance, Reset Device.
| Performing System Maintenance HAPTER Upgrading Firmware The factory defaults are immediately restored, which means that no reboot is necessary. Figure 68: Factory Defaults PGRADING IRMWARE Use the Software Upload page to upgrade the switch’s system firmware by specifying a file provided by Transition Networks. You can download firmware files for your switch from the Support section of the Transition Networks web site at www.transition.com.
| Performing System Maintenance HAPTER Registering the Product EGISTERING THE RODUCT Use the Register Product page to register your switch online if you have not already done so. The Register Product page provides a convenient link to the Transition Networks web site for this purpose. NTERFACE To register your switch: Click Maintenance, Register Product.
| Performing System Maintenance HAPTER Managing Configuration Files Figure 71: Configuration Save Use the Configuration Upload page to restore previously saved ESTORING configuration settings to the switch from a file on your local management ONFIGURATION station. ETTINGS NTERFACE To restore your current configuration settings: Click Maintenance, Configuration, Upload.
ECTION OMMAND NTERFACE This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: ◆ “Using the Command Line Interface” on page 177 “System Commands” on page 185 ◆...
Page 176
| Command Line Interface ECTION “SNMP Commands” on page 308 ◆ “HTTPS Commands” on page 329 ◆ ◆ “SSH Commands” on page 332 “UPnP Commands” on page 334 ◆ “DHCP Commands” on page 337 ◆ “Firmware Commands” on page 341 ◆...
SING THE OMMAND NTERFACE This chapter describes how to use the Command Line Interface (CLI). CCESSING THE When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet or Secure Shell connection (SSH), the switch can be managed by entering command keywords and parameters at the prompt.
| Using the Command Line Interface HAPTER Accessing the CLI ONNECTION Telnet operates over the IP transport protocol. In this environment, your ELNET management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.
HAPTER Entering Commands After entering the Telnet command, the login screen displays: Username: admin Password: Login in progress... Welcome to LevelOne Command Line Interface. Type 'help' or '?' to get help. Port Numbers: +-------------------------------------------------------------+ | +--+--+--+--+ +--+--+--+--+ +--+--+--+--+ +----+ +----+ |...
| Using the Command Line Interface HAPTER Entering Commands ◆ To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter: >system password admin The CLI will accept a minimum number of characters that uniquely identify INIMUM a command.
| Using the Command Line Interface HAPTER Entering Commands Type '<group>' to enter command group, e.g. 'port'. Type '<group> ?' to get list of group commands, e.g. 'port ?'. Type '<command> ?' to get help on a command, e.g. 'port mode ?'. Commands may be abbreviated, e.g.
| Using the Command Line Interface HAPTER Entering Commands The CLI maintains a history of commands that have been entered. You can SING OMMAND scroll back through the history of commands by pressing the up arrow key. ISTORY Any command displayed in the history list can be executed again, or first modified and then executed.
| Using the Command Line Interface HAPTER CLI Command Groups CLI C OMMAND ROUPS The system commands can be broken down into the functional groups shown below Table 15: Command Group Index Command Group Description Page System Configures general system settings, including descriptive information, user name and password, rebooting the system, setting the time zone, configuring the log levels to display, and filtering management access to the switch...
Page 184
| Using the Command Line Interface HAPTER CLI Command Groups Table 15: Command Group Index Command Group Description Page Firmware Upgrades firmware via a TFTP server Debug Displays debugging information for all key functions These commands are not described in this manual. Please refer to the prompt messages included in the CLI interface.
YSTEM OMMANDS This section describes commands used to configure information that uniquely identifies the switch, set the user name and password, reboot the system, set the time zone, configure the log levels to display, and filter management access to the switch through specified IP addresses. Table 16: System Commands Command Function...
Timezone Offset: 0 MAC Address : 00-01-c1-00-00-e1 System Time : 1970-01-01 03:39:06 +0000 System Uptime : 03:39:06 Software Version: GEL-2870 Managed (standalone) GEL-2870-LevelOne-0_4 Software Date : 2009-06-12 14:32:38 +0200 System> system reboot This command restarts the system. YNTAX system reboot...
| System Commands HAPTER system restore This command restores the original factory settings. Note that the LAN IP Address, Subnet Mask and Gateway IP Address will be reset to their factory default defaults. YNTAX system restore default [keep_ip] all - Displays a full list of all configuration settings. EFAULT ETTING Restores all settings...
| System Commands HAPTER EFAULT ETTING None OMMAND SAGE No blank spaces are permitted as part of the name string. XAMPLE System>name RD System> system location This command displays or sets the system location. YNTAX system location [location] location - String that describes the system location. (Maximum length: 255 characters) EFAULT ETTING...
| System Commands HAPTER XAMPLE System>password admin System> system timezone This command displays or sets the time zone for the switch’s internal clock. YNTAX system timezone [offset] offset - Number of minutes before/after UTC. (Range: -720 minutes before to 720 minutes after) EFAULT ETTING no offset...
| System Commands HAPTER XAMPLE System>log all Info 1970-01-01 02:22:38 +0000 Frame of 202 bytes received on port 4 Info 1970-01-01 02:22:41 +0000 Frame of 202 bytes received on port 3 Info 1970-01-01 02:23:09 +0000 Frame of 202 bytes received on port 4 Info 1970-01-01 02:23:12 +0000 Frame of 202 bytes received on port 3...
| System Commands HAPTER system access add This command adds IPv4 addresses that are allowed management access to the switch through various protocols. YNTAX system access add access-id start-ip-addr end-ip-addr [web | snmp | telnet] access-id - Entry index. (Range: 1-16) start-ip-addr - The starting IPv4 address of a range.
| System Commands HAPTER system access ipv6 This command adds IPv6 addresses that are allowed management access to the switch through various protocols. YNTAX system access ipv6 add access-id start-ip-addr end-ip-addr [web | snmp | telnet] access-id - Entry index. (Range: 1-16) start-ip-addr - The starting IPv6 address of a range.
IP C OMMANDS This section describes commands used to configure IP settings, including IPv4 or IPv6 addresses, DHCP, DNS, DNS proxy, as well as SNTP. Table 17: IP Commands Command Function ip configuration Displays all settings for IPv4 and IPv6 and related functions ip dhcp Displays or sets the DHCP client mode ip setup...
| IP Commands HAPTER IPv6 Address : ::192.168.1.10 IPv6 Prefix : 96 IPv6 Router : :: IPv6 VLAN ID SNTP Server IPv6 SNTP Server : :: Active Configuration: IP Address : 192.168.1.1 IP Mask : 255.255.255.0 IP Router : 0.0.0.0 DNS Server : 0.0.0.0 SNTP Server...
| IP Commands HAPTER ◆ If the IP DHCP option is enabled, the switch will start broadcasting service requests as soon as it is powered on. XAMPLE IP>dhcp enable IP>dhcp DHCP Client : Enabled Active Configuration: IP Address : 192.168.0.3 IP Mask : 255.255.255.0 IP Router...
| IP Commands HAPTER separated by periods. Anything outside this format will not be accepted by the configuration program. ◆ A gateway must be defined if the management station is located in a different IP segment. ◆ An default gateway can only be successfully set when a network interface that directly connects to the gateway has been configured on the switch.
| IP Commands HAPTER Destination does not respond - If the host does not respond, a ■ “timeout” appears in ten seconds. Destination unreachable - The gateway for this destination indicates ■ that the destination is unreachable. Network or host unreachable - The gateway found no corresponding ■...
| IP Commands HAPTER EFAULT ETTING Disabled OMMAND SAGE If enabled, the switch maintains a local database based on previous responses to DNS queries forwarded on behalf of attached clients. If the required information is not in the local database, the switch forwards the DNS query to a DNS server, stores the response in its local cache for future reference, and passes the response back to the client.
| IP Commands HAPTER OMMAND SAGE ◆ To connect to a larger network with multiple subnets, you must configure a global unicast address. This address can be automatically configured using this command, or it can be manually configured using ip ipv6 setup command (page 201).
| IP Commands HAPTER ◆ To connect to a larger network with multiple subnets, you must configure a global unicast address. This address can be manually configured with this command, or it can be automatically configured using the ip ipv6 autoconfig command (page 200).
| IP Commands HAPTER OMMAND SAGE ◆ An IPv6 address must be formatted according to RFC 2373 “IPv6 Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields. ◆...
Page 204
| IP Commands HAPTER OMMAND SAGE The switch attempts to periodically update the time from the specified server. The polling interval is fixed at 15 minutes. XAMPLE IP/IPv6>sntp ::129.6.15.28 IP/IPv6> – 204 –...
UTHENTICATION OMMANDS This section describes commands used to controls management access through RADIUS or TACACS+ authentication servers. Table 18: Authentication Commands Command Function auth configuration Displays settings for authentication servers and the authentication methods used for each access protocol auth timeout Displays or sets the time the switch waits for a reply from an authentication server before it resends the request auth deadtime...
| Authentication Commands HAPTER auth deadtime This command displays or sets the time after which the switch considers an authentication server to be dead if it does not reply. YNTAX auth deadtime [dead-time] dead-time - The time after which the switch considers an authentication server to be dead if it does not reply.
| Authentication Commands HAPTER OMMAND SAGE ◆ By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication method and the corresponding parameters for the remote authentication protocol.
Page 209
| Authentication Commands HAPTER ip-addr - IP address or IP alias of accounting server. An IPv4 address consists of 4 numbers, 0 to 255, separated by periods. secret - Encryption key shared between the accounting server and the switch. (Maximum length: 29 characters) server-port - Network (UDP) port of accounting server used for accounting messages.
| Authentication Commands HAPTER auth tacacs+ This command displays or sets TACACS+ authentication server settings. YNTAX auth tacacs+ [server-index] [enable | disable] [ip-addr] [secret] [server-port] server-index - Allows you to specify up to five servers. These servers are queried in sequence until a server responds or the retransmit period expires.
OMMANDS This section describes commands used to configure connection parameters for ports, power saving mode, and cable testing. Table 19: Port Commands Command Function port configuration Displays configuration settings port state Displays or sets administrative state to enabled or disabled port mode Displays or sets port speed and duplex mode port flow control...
Page 216
| Port Commands HAPTER Table 20: Port Configuration (Continued) Field Description Flow Control Flow control mode (Enabled or Disabled) MaxFrame Maximum frame size Power Power saving mode (Enabled or Disabled) Excessive Response to take when excessive transmit collisions are detected on a port (Discard frame or Restart backoff algorithm) Link Link status (connection speed/duplex mode or down)
| Port Commands HAPTER port state This command displays the administrative state, or sets it enabled or disabled. YNTAX port state [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, or all) enable - Enables the specified ports. disable - Disables the specified ports.
| Port Commands HAPTER OMMAND SAGE : The 1000BASE-T standard does not support forced mode. Auto- negotiation should always be used to establish a connection over any 1000BASE-T port or trunk. If not used, the success of the link process cannot be guaranteed when connecting to other types of switches.
| Port Commands HAPTER XAMPLE Port>flow control 5 enable Port>flow control 5 Port Flow Control Rx Pause Tx Pause ---- ------------ -------- -------- Enabled Enabled Enabled Port> port maxframe This command displays or sets the maximum frame size allowed for a port. YNTAX port maxframe [port-list] [max-frame] port-list - A specific port or a range of ports.
| Port Commands HAPTER Enabling power saving mode can significantly reduce power used for cable lengths of 20 meters or less, and continue to ensure signal integrity. XAMPLE This example indicates that power usage for port 5 is 41% of normal. Port>power 5 enable Port>power 5 Port...
| Port Commands HAPTER port statistics This command displays port statistics. YNTAX port statistics [port-list] [clear] [statistic] port-list - A specific port or a range of ports. (Range: 1-28, or all) clear - Clears port statistics statistic - Specifies the statistics to display. packets - The number of packets received and transmitted.
| Port Commands HAPTER XAMPLE This example shows the cable length, operating conditions and isolates a variety of common faults that can occur on Category 5 twisted pair cabling. Port>veriphy 1-10 Starting VeriPHY, please wait Port Pair A Length Pair B Length Pair C Length...
GGREGATION OMMANDS This section describes commands used to configures static port aggregation, including member assignment, and load balancing methods. Table 21: Link Aggregation Commands Command Function aggr configuration Displays configuration settings for all link aggregation groups aggr add Adds or modifies member ports for a link aggregation group aggr delete Deletes a link aggregation group aggr lookup...
| Link Aggregation Commands HAPTER When configuring static trunks on switches of different types, they ■ must be compatible with the Cisco EtherChannel standard. The ports at both ends of a trunk must be configured in an identical ■ manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
| Link Aggregation Commands HAPTER aggr add This command adds or modifies member ports for a link aggregation group. YNTAX aggr add port-list [aggr-id] port-list - A specific port or a range of ports. (Range: 1-28) aggr-id - Trunk identifier. If not specified, the next available aggregation ID is used.
| Link Aggregation Commands HAPTER aggr lookup This command displays information on the specified link aggregation group. YNTAX aggr lookup [aggr-id] aggr-id - Trunk identifier. (Range: 1-14) EFAULT ETTING Displays information for all link aggregation groups. XAMPLE Aggr>lookup 2 Aggr ID Name Type Configured Ports...
Page 228
| Link Aggregation Commands HAPTER enable - Enables the specified methods for traffic distribution. disable - Disables the specified methods for traffic distribution. EFAULT ETTING Source MAC Address IP Address TCP/UDP Port Number OMMAND SAGE When incoming data frames are forwarded through the switch to a trunk, the switch must determine to which port link in the trunk an outgoing frame should be sent.
LACP C OMMANDS This section describes commands used to configures the Link Aggregation Control Protocol. Table 22: LACP Commands Command Function lacp configuration Displays LACP configuration settings for specified ports lacp mode Displays or sets LACP mode for specified ports lacp key Displays or sets the LACP administration key for specified ports lacp role...
Page 230
| LACP Commands HAPTER The ports at both ends of a connection must be configured as trunk ■ ports. The ports at both ends of a trunk must be configured in an identical ■ manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
| LACP Commands HAPTER lacp configuration This command displays the LACP configuration settings for specified ports. YNTAX lacp configuration [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) XAMPLE In the following example, Key refers to the LACP administration key, and Role to the protocol initiation mode.
| LACP Commands HAPTER XAMPLE LACP>mode 4-7 enable LACP>mode 1-10 Port Mode ---- -------- Disabled Disabled Disabled Enabled Enabled Enabled Enabled Disabled Disabled Disabled LACP> lacp key This command displays or sets the LACP administration key for specified ports. YNTAX lacp key [port-list] [key] port-list - A specific port or a range of ports.
| LACP Commands HAPTER EFAULT ETTING Active XAMPLE LACP>role 11-15 passive LACP> lacp status This command displays the operational status for specified ports. YNTAX lacp status [port-list] port-list - A specific port or a range of ports. (Range: 1-28, or all) XAMPLE LACP>status 1-10 Aggr ID...
Page 234
| LACP Commands HAPTER XAMPLE This example shows the number of LACP frames received and transmitted, as well as the number of unknown or illegal LACP frames that have been discarded. LACP>statistics 4-5 Port Rx Frames Tx Frames Rx Unknown Rx Illegal ---- ----------...
RSTP C OMMANDS This section describes commands used to configure the Rapid Spanning Tree Protocol. Table 23: RSTP Commands Command Function rstp configuration Displays RSTP configuration settings for specified interfaces rstp sysprio Displays or sets RSTP system priority rstp age Displays or sets RSTP maximum age rstp delay Displays or sets RSTP forward delay...
| RSTP Commands HAPTER rstp configuration This command displays RSTP configuration settings for specified interfaces. YNTAX rstp configuration [port-list] port-list - A specific port or a range of ports. (Range: 1-28, all for all ports, or 0 for all link aggregation groups) XAMPLE In the following example, Key refers to the LACP administration key, and Role to the protocol initiation mode.
| RSTP Commands HAPTER rstp age This command displays or sets RSTP maximum age. YNTAX rstp age [maximum-age] maximum-age - The maximum time a device can wait without receiving a configuration message before attempting to reconfigure. (Range: 6-40 seconds) Minimum: The higher of 6 or [2 x (Hello Time + 1)] Maximum: The lower of 40 or [2 x (Forward Delay - 1)] EFAULT ETTING...
| RSTP Commands HAPTER XAMPLE RSTP>delay 20 RSTP> rstp txhold This command displays or sets RSTP Transmit Hold Count. YNTAX rstp txhold [transmit-hold] transmit-hold - The number of BPDUs a bridge port can send per second. When exceeded, transmission of the next BPDU will be delayed.
| RSTP Commands HAPTER XAMPLE RSTP>version compatible RSTP> rstp mode This command displays or sets RSTP administrative mode for specified interfaces. YNTAX rstp mode [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, all for all ports, or 0 for all link aggregation groups) enable - Enables RSTP.
| RSTP Commands HAPTER Table 24: Recommended STA Path Cost Range Port Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet 50-600 200,000-20,000,000 Fast Ethernet 10-60 20,000-2,000,000 Gigabit Ethernet 3-10 2,000-200,000 Table 25: Recommended STA Path Costs Port Type Link Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet Half Duplex...
| RSTP Commands HAPTER rstp priority This command displays or sets RSTP priority for specified interfaces. YNTAX rstp priority [port-list] [priority] port-list - A specific port or a range of ports. (Range: 1-28, all for all ports, or 0 for all link aggregation groups) priority - The priority for an interface.
| RSTP Commands HAPTER overcomes other STA-related time-out problems. However, remember that this feature should only be enabled for ports connected to an end-node device. XAMPLE RSTP>edge 19 enable RSTP> rstp autoedge This command displays or sets RSTP automatic edge port detection for specified ports.
| RSTP Commands HAPTER rstp p2p This command displays or sets RSTP point-to-point link type for specified ports. YNTAX rstp p2p [port-list] [enable | disable | auto] port-list - A specific port or a range of ports. (Range: 1-28, or all) enable - Specifies a point-to-point connection to exactly one other bridge.
| RSTP Commands HAPTER RSTP>status 1 RSTP Bridge Status Bridge ID : 40960-00:01:C1:00:00:E1 Root ID : 32768-00:01:EC:F8:D8:C6 Root Port Root Cost : 200000 TC Flag : Steady TC Count : 161 TC Last 0d 01:10:47 Port Port Role State PathCost Edge Uptime ---------...
Page 245
| RSTP Commands HAPTER appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible). XAMPLE RSTP>mcheck RSTP> – 245 –...
IEEE 802.1X C OMMANDS The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).
| IEEE 802.1X Commands HAPTER OMMAND SAGE The fields shown by this command are described below: Table 28: 802.1X Configuration Field Description Port Port index Admin State Administrative state (Enabled or Disabled) Port State Operational state: • Disabled - 802.1X and MAC-based authentication are globally disabled.
| IEEE 802.1X Commands HAPTER dot1x mode This command displays or sets the 802.1X mode for the switch. YNTAX dot1x mode [enable | disable] enable - Enables 802.1X globally for the switch. disable - Disables 802.1X globally for the switch. EFAULT ETTING Disabled...
| IEEE 802.1X Commands HAPTER OMMAND SAGE ◆ The authentication mode can only be set to Authorized for ports participating in the Spanning Tree algorithm (see page 239). ◆ When 802.1X authentication is enabled on a port, the MAC address learning function for this interface is disabled, and the addresses dynamically learned on this port are removed from the common address table.
| IEEE 802.1X Commands HAPTER authentication mode is set to “auto” or “macbased” (using the dot1x state command described on page 248). XAMPLE Dot1x>authenticate 9 Dot1x> dot1x This command displays or sets periodic re-authentication for all ports. reauthentication YNTAX dot1x reauthentication [enable | disable] enable - Schedules reauthentication to whenever the quiet-period of the port runs out (port-based authentication).
| IEEE 802.1X Commands HAPTER dot1x period This command displays or sets the re-authentication period. YNTAX dot1x period [reauth-period] reauth-period - The time after which a connected client must be re-authenticated. (Range: 1-3600 seconds) EFAULT ETTING 3600 seconds XAMPLE Dot1x>period 300 Dot1x>...
| IEEE 802.1X Commands HAPTER EFAULT ETTING Allows all new clients. OMMAND SAGE The switch has a fixed pool of state-machines, from which all ports draw whenever a new client is seen on the port. When a given port's maximum is reached (counting both authorized and unauthorized clients), further new clients are disallowed access.
| IEEE 802.1X Commands HAPTER XAMPLE Dot1x>agetime 900 Dot1x> dot1x holdtime This command displays or sets the hold time before MAC addresses that failed authentication expire. YNTAX dot1x holdtime [hold-time] hold-time - The time after an EAP Failure indication or RADIUS timeout that a client is not allowed access.
Page 254
| IEEE 802.1X Commands HAPTER OMMAND SAGE ◆ For MAC-based ports, it shows only statistics for the backend RADIUS authentication server. ◆ For a description of the information displayed by command, see “Displaying Detailed Port Statistics” on page 142. XAMPLE Dot1x>statistics 1 Rx Access Rx Other...
IGMP C OMMANDS This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
| IGMP Commands HAPTER OMMAND SAGE The fields shown by this command are described below: Table 30: IGMP Configuration Field Description Global Settings IGMP Mode Shows if IGMP snooping is enabled or disabled IGMP Leave Proxy Shows if leave messages are suppressed unless received from the last member port in the group Flooding Shows if unregistered multicast traffic is flooded into attached VLANs...
| IGMP Commands HAPTER igmp mode This command displays or sets the IGMP snooping mode for the switch. YNTAX igmp mode [enable | disable] enable - Enables IGMP snooping globally for the switch. When IGMP snooping is enabled, the switch will monitor network traffic to determine which hosts want to receive multicast traffic.
| IGMP Commands HAPTER XAMPLE IGMP>state enable IGMP> igmp querier This command displays or sets the IGMP querier mode for the specified VLAN. YNTAX igmp querier [vlan-id] [enable | disable] vlan-id - VLAN to which the management address is assigned. (Range: 1-4095) enable - Enables the switch to serve as querier on this VLAN.
| IGMP Commands HAPTER igmp fastleave This command displays or sets IGMP fast leave for specified ports. YNTAX igmp fastleave [port-list] [enable | disable] port-list - A specific port or range of ports. (Range: 1-28, or all) enable - Enables IGMP fast leave. If enabled, the switch immediately deletes a member port of a multicast service if a leave packet is received at that port.
| IGMP Commands HAPTER igmp leave proxy This command displays or sets IGMP leave proxy for the switch. YNTAX igmp leave proxy [enable | disable] enable - Enables IGMP leave proxy. If enabled, the switch suppresses leave messages unless received from the last member port in the group.
| IGMP Commands HAPTER OMMAND SAGE IGMP throttling sets a maximum number of multicast groups that a port can join at the same time. When the maximum number of groups is reached on a port, any new IGMP join reports will be dropped. XAMPLE IGMP>throttling 9 5 IGMP>...
| IGMP Commands HAPTER igmp router This command displays or sets specified ports which are attached to a known IGMP router. YNTAX igmp router [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, or all) enable - Sets the specified ports to function as a router port, which leads towards a Layer 3 multicast device or IGMP querier.
LLDP C OMMANDS Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
| LLDP Commands HAPTER identification of the system's hardware type, software operating system, and networking software. sys_capa - The system capabilities identifies the primary function(s) of the system and whether or not these primary functions are enabled. The information advertised by this TLV is described in IEEE 802.1AB.
| LLDP Commands HAPTER XAMPLE LLDP>interval 60 LLDP> lldp hold This command displays or sets the TTL value sent in LLDP advertisements. YNTAX lldp hold [hold] hold - The time-to-live (TTL) value sent in LLDP advertisements as shown in the formula below. (Range: 2-10) TTL in seconds is based on the following rule: (Transmission Interval * Transmission Hold Time) ...
| LLDP Commands HAPTER OMMAND SAGE The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission.
| LLDP Commands HAPTER XAMPLE LLDP>info Local port : Port 4 Chassis ID : 00-30-FC-12-34-56 Port ID : 00-30-FC-12-34-58 Port Description : Ethernet Port on unit 1, port 2 System Name System Description System Capabilities : Bridge(+) Management Address : 192.168.1.20 (IPv4) LLDP>...
| LLDP Commands HAPTER lldp cdp_aware This command displays or configures whether or not discovery information from received CDP frames is added to the LLDP neighbor table. YNTAX lldp cdp_aware [port-list] [enable | disable] port-list - A specific port or range of ports. (Range: 1-28, or all) enable - Enables decoding of Cisco Discovery Protocol frames.
MAC C OMMANDS This section describes commands used to configure the MAC address table, including learning mode, aging time, and setting static addresses. Table 32: MAC Commands Command Function mac configuration Displays MAC address table configuration for specified ports mac add Adds a static MAC address to the specified port and VLAN mac delete Deletes a MAC address entry from the specified VLAN...
| MAC Commands HAPTER mac add This command adds a static MAC address to the specified port and VLAN. YNTAX mac add mac-address port-list [vlan-id] mac-address - Physical address of a device mapped to a port. port-list - A specific port or a range of ports. (Range: 1-28, all, or none) vlan-id - VLAN identifier.
| MAC Commands HAPTER mac lookup This command searches for the specified MAC address in the specified VLAN. YNTAX mac lookup mac-address [vlan-id] mac-address - Physical address of a device mapped to a port. vlan-id - VLAN identifier. (Range: 1-4095) XAMPLE MAC>lookup 00-12-cf-94-34-dd Type...
| MAC Commands HAPTER EFAULT ETTING Auto OMMAND SAGE Make sure that the link used for managing the switch is added to the Static MAC Table before changing to secure learning mode. Otherwise the management link will be lost, and can only be restored by using another non-secure port or by connecting to the switch via the serial interface.
| MAC Commands HAPTER mac statistics This command displays statistics on the type and number of MAC addresses associated with specified ports. YNTAX mac statistics [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) EFAULT ETTING Displays statistics for all ports.
VLAN C OMMANDS This section describes commands used to configure standard IEEE 802.1Q VLANs port members and port attributes. Table 33: VLAN Commands Command Function vlan configuration Displays VLAN attributes for specified ports and list of ports assigned to each VLAN vlan aware Displays or sets whether or not a port processes the VLAN ID in ingress frames...
| VLAN Commands HAPTER vlan aware This command displays or sets whether or not a port processes the VLAN ID in ingress frames. YNTAX vlan aware [enable | disable] enable - Each frame is assigned to the VLAN indicated in the VLAN tag, and the tag is removed.
| VLAN Commands HAPTER vlan pvid This command displays or sets the VLAN ID assigned to untagged frames received on specified ports. YNTAX vlan pvid [port-list] [vlan-id | none] port-list - A specific port or range of ports. (Range: 1-28, or all) vlan-id - VLAN identifier.
| VLAN Commands HAPTER vlan ingressfilter This command displays or sets ingress filtering for specified ports, which when enabled, discards frames tagged for VLANs for which it is not a member. YNTAX vlan ingressfilter [port-list] [enable | disable] port-list - A specific port or range of ports. (Range: 1-28, or all) enable - If a port receives frames tagged for VLANs for which it is not a member, these frames will be discarded.
| VLAN Commands HAPTER vlan add This command adds specified ports to a VLAN. YNTAX vlan add [vlan-id] [port-list] vlan-id - VLAN identifier. (Range: 1-4095) port-list - A specific port or range of ports. (Range: 1-28, or all) EFAULT ETTING All ports are assigned to VLAN 1.
PVLAN C OMMANDS This section describes commands used to configure private VLANs (PVLAN) and isolated ports, providing port-based security and isolation between ports within the assigned VLAN. Table 34: PVLAN Commands Command Function pvlan configuration Displays PVLAN member ports, and whether or not port isolation is enabled pvlan add Add specified ports to a PVLAN...
| PVLAN Commands HAPTER pvlan add This command add specified ports to a PVLAN. YNTAX pvlan add pvlan-id [port-list] pvlan-id - PVLAN identifier. (Range: 1-4095) port-list - A specific port or a range of ports. (Range: 1-28, or all) EFAULT ETTING Adds all ports.
| PVLAN Commands HAPTER pvlan lookup This command displays the specified PVLANs and port members. YNTAX vlan lookup [pvlan-id] pvlan-id - PVLAN identifier. (Range: 1-4095) XAMPLE PVLAN>lookup 2 PVLAN ID Ports -------- ----- 6-10 PVLAN> pvlan isolate This command displays or sets port isolation between ports within the same PVLAN.
OMMANDS This section describes commands used to configure quality of service parameters, including the default port queue, the default tag assigned to untagged frames, input rate limiting, output shaping, queue mode, queue weight, quality control lists, storm control, DSCP remarking, and DSCP queue mapping.
| QoS Commands HAPTER qos configuration This command displays QoS configuration settings, including storm control, default priority queue, default tag priority, quality control list, rate limiting, queuing mode and queue weights. YNTAX qos configuration [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) XAMPLE QoS>configuration 1-10 Traffic Classes: 4...
| QoS Commands HAPTER qos tagprio This command displays or sets the default tag priority (used when adding a tag to untagged frames) for specified ports. YNTAX qos tagprio [port-list] [tag-priority] port-list - A specific port or range of ports. (Range: 1-28, or all) tag-priority - The default priority used when adding a tag to untagged frames.
| QoS Commands HAPTER XAMPLE QoS>QCL>port 9 1 QoS>QCL> qos qcl add This command adds or modifies a QoS control entry. YNTAX qos qcl add [qcl-id] [qce-id] [qce-id-next] {etype ethernet-type | vid vlan-id | port udp-tcp-port | dscp dscp | tos tos-list | tag-prio tag-priority-list} class qcl-id - A Quality Control List containing one or more classification criteria used to determine the traffic class to which a frame is...
| QoS Commands HAPTER EFAULT ETTING QCL: 1 QCE: 1 OMMAND SAGE ◆ The braces used in the syntax of this command indicate that one of the classification criteria must be specified. The class parameter must also be specified in each command. The other parameters are optional. ◆...
| QoS Commands HAPTER qos qcl lookup This command displays the specified QoS control list or control entry. YNTAX qos qcl lookup [qcl-id] [qce-id] qcl-id - A Quality Control List containing one or more classification criteria used to determine the traffic class to which a frame is assigned.
| QoS Commands HAPTER qos weight This command displays or sets the egress queue weight for specified ports. YNTAX qos weight [port-list] [class] [weight] port-list - A specific port or range of ports. (Range: 1-28, or all) class - Output queue buffer. (Range: low/normal/medium/high or 1/2/3/4) weight - The weight assigned to the specified egress queue, and thereby to the corresponding traffic priorities.
| QoS Commands HAPTER OMMAND SAGE Rate limiting controls the maximum rate for traffic transmitted or received on an interface. Rate limiting can be configured on interfaces at the edge of a network to form part of the customer service package by limiting traffic into or out of the switch.
| QoS Commands HAPTER ◆ Due to an ASIC limitation, the enforced rate limits are slightly less than the listed options. For example: 1 Kpps translates into an enforced threshold of 1002.1 pps. XAMPLE QoS>Storm>multicast enable 2k QoS>Storm> qos storm This command displays or sets broadcast storm rate limits for the switch.
| QoS Commands HAPTER EFAULT ETTING Disabled XAMPLE QoS>DSCP>remarking 9 enable QoS>DSCP> qos dscp queue This command displays or sets the DSCP value used for DSCP remarking for specified ports. mapping YNTAX qos dscp queue mapping [port-list] [class] [dscp] port-list - A specific port or range of ports. (Range: 1-28, or all) class - Output queue buffer.
ACL C OMMANDS This section describes commands used to configure access control lists, including policies, responses, and rate limiters. Table 37: ACL Commands Command Function acl configuration Displays ACL configuration settings, including policy, response, rate limiters, port copy, logging, and shutdown acl action Displays or sets default action for specified ports, including permit/deny, rare limiters, port copy, logging, and shutdown...
| ACL Commands HAPTER ACL> acl action This command displays or sets the default action for specified ports, including permit/deny, rate limiters, port copy, logging, and shutdown. YNTAX acl action [port-list] [permit | deny] [rate-limiter] [port-copy] [logging] [shutdown] port-list - A specific port or range of ports. (Range: 1-28, or all) permit - Permits a frame if it matches a rule defined in the assigned policy (see the acl policy...
| ACL Commands HAPTER acl policy This command displays or sets the policy assigned to specified ports. YNTAX acl policy [port-list] [policy] port-list - A specific port or range of ports. (Range: 1-28, or all) policy - An ACL policy configured with the acl add command, containing one or more ACEs.
Page 300
| ACL Commands HAPTER ARP/RARP opcode set to ARP, rarp - frame must have ARP/ RARP opcode set to RARP, other - frame has unknown ARP/ RARP opcode flag; Default: any) arp-flags - One of the following ARP flags: request - Frame must have ARP Request or RARP Request opcode flag set.
Page 301
| ACL Commands HAPTER udp - One of the following UDP parameters: sip - Source IP address (a.b.c.d/n) or any. dip - Destination IP address (a.b.c.d/n) or any. sport - Source UDP port/range (0-65535) or any. dport - Destination UDP port/range (0-65535) or any. ip-flags - One of the IP flags listed under the ip parameter.
| ACL Commands HAPTER OMMAND SAGE Rules within an ACL are checked in the configured order, from top to bottom. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted.
| ACL Commands HAPTER Tag Priority: Any ACL> acl clear This command clears all ACL counters displayed in the ACL lookup table (see the acl lookup command, page 302). YNTAX acl clear XAMPLE ACL>clear ACL> – 303 –...
IRROR OMMANDS This section describes commands used to mirror data to another port for analysis without affecting the data passing through or the performance of the monitored port. Table 38: Mirror Commands Command Function mirror configuration Displays the port mirroring configuration mirror port Displays or sets the destination port to which data is mirrored mirror mode...
| Mirror Commands HAPTER EFAULT ETTING Displays the destination mirror port. XAMPLE Mirror>port 9 Mirror> mirror mode This command displays or sets the mirror mode for specified source ports. YNTAX mirror mode [port-list] [enable | disable | rx | tx] port-list - A specific port or range of ports.
The file may be modified using an editor and loaded to a switch. XAMPLE Config>save 192.168.1.19 GEL-2870-config Saved 29683 bytes to server Config> – 306 –...
- Just check the configuration file for errors, do not apply EFAULT ETTING Check and apply the file. OMMAND SAGE You can also restore the factory default settings using the system restore default command (page 187). XAMPLE Config>load 192.168.1.19 GEL-2870-config Config> – 307 –...
SNMP C OMMANDS This section describes commands used to control access to this switch from management stations using the Simple Network Management Protocol (SNMP), including configuring community strings, trap managers, and basic settings for SNMPv3. SNMP Version 3 also provides strong security features that cover message integrity, authentication, and encryption;...
| SNMP Commands HAPTER Table 40: SNMP Commands (Continued) Command Function snmp community add Adds or modifies an SNMPv3 community entry snmp community delete Deletes an SNMPv3 community entry snmp community lookup Displays SNMPv3 community entries snmp user add Adds an SNMPv3 user entry snmp user delete Deletes an SNMPv3 user entry snmp user changekey...
| SNMP Commands HAPTER Trap Security Engine ID Trap Security Name : None SNMPv3 Engine ID : 800007e5017f000001 SNMPv3 Communities Table: Idx Community Source IP Source Mask --- -------------------------------- --------------- --------------- public 0.0.0.0 0.0.0.0 private 0.0.0.0 0.0.0.0 192.168.1.0 255.255.255.0 Number of entries: 3 SNMPv3 Users Table: Idx Engine ID User Name Level...
| SNMP Commands HAPTER OMMAND SAGE To manage the switch through SNMP, you must first enable the protocol and configure the basic access parameters. XAMPLE SNMP>mode enable SNMP> snmp version This command displays or sets the SNMP protocol version. YNTAX snmp version [1 | 2c | 3] 1 - SNMP version 1.
| SNMP Commands HAPTER XAMPLE SNMP>read community tps SNMP> snmp write This command displays or sets the community string for SNMP read/write access. community YNTAX snmp write community [community] community - The community used for read/write access to the SNMP agent. (Range: 0-255 characters, ASCII characters 33-126 only) EFAULT ETTING...
| SNMP Commands HAPTER snmp trap This command displays or sets the SNMP trap destination's IPv4 address. destination YNTAX snmp trap destination [ip-address] ip-address - IPv4 address or alias of the management station to receive notification messages. An IPv4 address consists of 4 numbers, 0 to 255, separated by periods.
| SNMP Commands HAPTER OMMAND SAGE When this function is enabled, the switch will issue a notification message to specified IP trap managers whenever authentication of an SNMP request fails. XAMPLE SNMP/Trap>authentication failure enable SNMP/Trap> snmp trap link-up This command displays or sets the port link-up and link-down trap mode. YNTAX snmp trap link-up [enable | disable] enable - Enables sending link-up and link-down traps.
| SNMP Commands HAPTER that critical information is received by the host. However, note that informs consume more system resources because they must be kept in memory until a response is received. Informs also add to network traffic. You should consider these effects when deciding whether to issue notifications as traps or informs.
| SNMP Commands HAPTER snmp trap probe This command displays or sets the SNMP trap security engine ID probe mode. security engine id YNTAX snmp trap probe security engine id [enable | disable] enable - Enable SNMP trap security engine ID probe mode, whereby the switch uses the engine ID of the SNMP trap probe in trap and inform messages.
| SNMP Commands HAPTER snmp trap security This command displays or sets the SNMP trap security name. name YNTAX snmp trap security name [security-name] security-name - Specifies the SNMP trap security name. SNMPv3 traps and informs use USM for authentication and privacy. A unique security name is needed when SNMPv3 traps or informs are enabled.
| SNMP Commands HAPTER XAMPLE SNMP>engine id 800007e5017f000005 Changing Engine ID will clear all original local users SNMP> snmp community This command adds or modifies an SNMPv3 community entry. YNTAX snmp community add community [ip-address] [address-mask] community - Specifies the community strings which allow access to the SNMP agent.
| SNMP Commands HAPTER used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host. SNMP passwords are localized using the engine ID of the authoritative agent. For informs, the authoritative SNMP agent is the remote agent.
| SNMP Commands HAPTER XAMPLE SNMP/User>lookup Idx Engine ID User Name Level Auth Priv --- --------- -------------------------------- -------------- ---- ---- Remote william Auth, Priv Remote steve Auth, Priv Number of entries: 2 SNMP/User>delete 2 SNMP/User> snmp user This command changes an SNMPv3 user password. changekey YNTAX snmp user changekey engine-id user-name auth-password...
| SNMP Commands HAPTER XAMPLE SNMP/User>lookup Idx Engine ID User Name Level Auth Priv --- --------- -------------------------------- -------------- ---- ---- Remote william Auth, Priv Number of entries: 1 SNMP/User> snmp group add This command adds an SNMPv3 group entry. YNTAX snmp group add security-model security-name group-name security-model - The user security model.
| SNMP Commands HAPTER snmp group delete This command deletes an SNMPv3 group entry. YNTAX snmp group delete index index - Index to SNMPv3 group table. (Range: 1-64) EFAULT ETTING None XAMPLE SNMP/Group>lookup Idx Model Security Name Group Name --- ----- -------------------------------- ------------------------------- public default_ro_group private...
| SNMP Commands HAPTER snmp view add This command adds or modifies an SNMPv3 view entry. YNTAX snmp view add view-name [included | excluded] oid-subtree view-name - The name of the SNMP view. (Range: 1-32 characters, ASCII characters 33-126 only) included | excluded - Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view.
| SNMP Commands HAPTER EFAULT ETTING Security model: any Security level: noAuthNoPriv OMMAND SAGE Use this command to assign portions of the MIB tree to which each SNMPv3 group is granted access. You can assign more than one view to a group to specify access to different portions of the MIB tree.
HTTPS C OMMANDS This section describes commands used to enables or disable HTTPS, or automatically redirect management access from HTTP connections to HTTPS. Table 41: HTTPS Commands Command Function https configuration Displays HTTPS configuration settings https mode Displays or sets HTTPS operational mode https redirect Displays or sets HTTPS redirect mode from HTTP connections https configuration...
| HTTPS Commands HAPTER ◆ If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port-number] ◆ When you start HTTPS, the connection is established in this way: The client authenticates the server using the server's digital ■...
SSH C OMMANDS This section describes commands used to enable or disable management access via secure shell (SSH). Table 43: SSH Commands Command Function ssh configuration Displays SSH configuration settings ssh mode Displays or sets SSH operational mode ssh configuration This command displays SSH configuration settings.
Page 333
| SSH Commands HAPTER ◆ You need to install an SSH client on the management station to access the switch for management via the SSH protocol. The switch supports both SSH Version 1.5 and 2.0 clients. ◆ SSH service on this switch only supports password authentication. The password can be authenticated either locally or via a RADIUS or TACACS+ remote authentication server, as specified the auth radius...
OMMANDS This section describes commands used to configure Universal Plug and Play (UPnP) protocol settings. Table 44: UPnP Commands Command Function upnp configuration Displays UPnP configuration settings upnp mode Displays or sets UPnP operational mode upnp ttl Displays or sets the TTL value for UPnP messages upnp advertising duration Displays or sets the advertising duration of UPnP messages upnp configuration...
| UPnP Commands HAPTER is added to the network, the UPnP discovery protocol allows that control point to search for UPnP enabled devices on the network. Once a control point has discovered a device its next step is to learn more about the device and its capabilities by retrieving the device's description from the URL provided by the device in the discovery message.
| UPnP Commands HAPTER upnp advertising This command displays or sets the advertising duration of UPnP messages. duration YNTAX upnp advertising duration [duration] duration - The duration, carried in Simple Service Discover Protocol (SSDP) packets, which informs a control point or control points how often it or they should receive a SSDP advertisement message from this switch.
DHCP C OMMANDS This section describes commands used to configure DHCP Relay and Option 82 Information. Table 45: DHCP Commands Command Function dhcp relay configuration Displays DHCP relay configuration settings dhcp relay mode Displays or sets DHCP relay operational mode dhcp relay server Displays or sets the IP address of the DHCP relay server dhcp relay information...
| DHCP Commands HAPTER OMMAND SAGE ◆ The switch supports DHCP relay service for attached host devices. If a subnet does not include a DHCP server, you can relay DHCP client requests to a DHCP server on another subnet. ◆ When DHCP relay is enabled and the switch sees a DHCP request broadcast, it inserts its own IP address into the request (so that the DHCP server knows the subnet of the client), then forwards the packet to the DHCP server.
| DHCP Commands HAPTER EFAULT ETTING Disabled OMMAND SAGE ◆ DHCP also provides a mechanism for sending information about the switch and its DHCP clients to the DHCP server. Known as DHCP Option 82, it allows compatible DHCP servers to use the information when assigning IP addresses, or to set other services or policies for clients.
Page 340
| DHCP Commands HAPTER EFAULT ETTING Displays DHCP statistics OMMAND SAGE For a description of the information displayed by this command, see “Displaying DHCP Relay Statistics” on page 164. XAMPLE DHCP/Relay>statistics Server Statistics: ------------------ Transmit to Server Transmit Error Receive from Server Receive Missing Agent Option : Receive Missing Circuit ID : Receive Missing Remote ID...
Off at a frequency of 10 Hz while the firmware update is in progress. Do not reset or power off the device at this time or the switch may fail to function afterwards. XAMPLE Firmware>load 192.168.1.19 GEL-2870-0_7_smbstax_estax_34.dat Downloaded "GEL-2870-0_7_smbstax_estax_34.dat", 1812567 bytes – 341 –...
| Firmware Commands HAPTER Master initiated software updating starting Waiting for firmware update to complete Transferred image to switch 1 All switches confirmed reception, programming Starting flash update - do not power off device! Erasing image... Programming image..Erase from 0x807e0000-0x807effff: ..
ECTION PPENDICES This section provides additional information and includes these items: “Software Specifications” on page 345 ◆ “Troubleshooting” on page 349 ◆ – 344 –...
OFTWARE PECIFICATIONS OFTWARE EATURES Local, RADIUS, TACACS+, Port (802.1X), AAA, HTTPS, SSH, Port Security, UTHENTICATION IP Filter, DHCP Snooping 128 rules per system CCESS ONTROL ISTS 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex ONFIGURATION 100BASE-BX - 100 Mbps at full duplex (SFP) 1000BASE-BX/SX/LX/LH - 1000 Mbps at full duplex (SFP) Full Duplex: IEEE 802.3-2005 ONTROL...
| Software Specifications PPENDIX Management Features Supports four levels of priority LASS OF ERVICE Strict or Weighted Round Robin queueing Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS bit, VLAN tag priority, or port Layer 3/4 priority mapping: IP DSCP remarking DiffServ supports DSCP remarking, ingress traffic policing, and egress UALITY OF...
ROUBLESHOOTING ROBLEMS CCESSING THE ANAGEMENT NTERFACE Table 47: Troubleshooting Chart Symptom Action Cannot connect using ◆ Be sure the switch is powered up. Telnet, web browser, or ◆ Check network cabling between the management station and SNMP software the switch. ◆...
| Troubleshooting PPENDIX Using System Logs SING YSTEM If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
LOSSARY Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. BOOTP Boot Protocol. BOOTP i used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 352
LOSSARY DSCP Differentiated Services Code Point Service. DSCP uses a six-bit tag to provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues.
Page 353
LOSSARY IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. IEEE 802.1 An IEEE standard for providing quality of service (QoS) in Ethernet networks.
Page 354
LOSSARY IP M A process whereby this switch can pass multicast traffic along to ULTICAST ILTERING participating hosts. IP P The Type of Service (ToS) octet in the IPv4 header includes three RECEDENCE precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
Page 355
LOSSARY Network Time Protocol provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master- slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. Management of the network from a station not attached to the network.
Page 356
LOSSARY SMTP Simple Mail Transfer Protocol is a standard host-to-host mail transport protocol that operates over TCP, port 25. SNMP Simple Network Management Protocol. The application protocol in the Internet suite of protocols which offers network management services. SNTP allows a device to set its internal clock based on Simple Network Time Protocol periodic updates from a Network Time Protocol (NTP) server.
Page 357
LOSSARY Universal Time Coordinate. UTC is a time scale that couples Greenwich Mean Time (based solely on the Earth’s rotation rate) with highly accurate atomic time. The UTC does not have daylight saving time. VLAN Virtual LAN. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network.
NDEX downloading software UMERICS using HTTP 802.1X, port authentication using TFTP downoading software dynamic addresses, displaying acceptable frame type Access Control List See ACL edge port, STA binding to a port event logging address table aging time firmware displaying version BPDU upgrading selecting protocol based on message format...
Page 359
NDEX IPv4 address mirror port DHCP configuring dynamic configuration multicast filtering manual configuration multicast groups setting displaying IPv6 address multicast services dynamic configuration (global unicast) displaying leave proxy dynamic configuration (link-local) multicast storm, threshold EUI format multicast, filtering EUI-64 setting multicast, static router port global unicast multicast, throttling...
Page 360
NDEX system clock setting the time zone RADIUS setting with SNTP logon authentication system information settings configuring rate limits, setting displaying restarting the system system logs RSTP displaying global settings, displaying system software – interface settings downloading interface settings, displaying downloading from server settings, configuring TACACS+...
Page 361
NDEX web interface access requirements configuration buttons home page menu list panel display – 361 –...