Manuale d’uso / di manutenzione del prodotto SMC6824M del fabbricante SMC Networks
Vai alla pagina of 608
T igerStack III 10/100 24- P ort F ast Ethern et Swi tch ◆ 24 auto-MDI/ MDI-X 10B ASE-T/100BASE-TX ports ◆ 10B AS E-T/100 B ASE-TX por ts support PoE capabilities* ◆ 2 Gigabit com bo ports (RJ -45/SFP) ◆ 8.
.
38 T esla Irvine, CA 9261 8 Phone: (9 49) 679-8000 T igerStack III 10/100 Management Guide From SMC’ s T iger line of feature-r i ch workgro up LAN solutions June 200 5 Pub.
Infor matio n furn ished by SMC Networks , Inc. (SMC) is believed to be accurate and reliable . H ow ever , no responsibility is assumed by SMC for its use, nor f or any in fring ement s of pa tents or other r ights of third pa rt ies which may result from its use.
i L IMITED W ARRANTY Limited W ar ranty Statement: SMC Networks, Inc. (“S MC”) war r ants its p roduc ts to be fre e from defects in w orkmanship and materials, under nor mal use and service, for the applicable warranty term .
L IMIT ED W AR RANTY ii WARRA NTI ES EXCLUS IVE: IF AN SMC PR ODUCT DOES NOT OPERA TE AS W ARRA NTED ABO VE, CUSTOMER’S SOLE REMED Y SHALL BE REP AI R OR REPLA CEMENT OF THE PR OD UCT IN Q UESTION , AT SMC’S OP TION .
iii T ABLE OF C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descript ion of Softwa re Features .
T ABLE OF C ONTENTS iv Basic Conf iguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 Displaying Sy stem Info rmation . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 Displaying Sw itch Hardwa re/Software Versions .
T ABLE OF C ONTENTS v Replacing the Default Secure-s ite Certificate . . . . . . . . . . 3-77 Configur ing the Secur e Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78 Generating the Host K ey Pair . . . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS vi Power Over Eth ernet Set tings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 Switch P ower Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146 Setting a Switc h Power Bu dget . . .
T ABLE OF C ONTENTS vii Mapping CoS Va lues to Egress Queues . . . . . . . . . . . . . 3-204 Selecting th e Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . 3-206 Setting th e Service W eight for Traffic Cl asses . . . . . . . . . 3-207 Layer 3/4 Prior ity Settings .
T ABLE OF C ONTENTS viii Negating th e Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-6 Using Comm and Histor y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Understand ing Comman d Modes . . . . . . . . . . . .
T ABLE OF C ONTENTS ix enable pas sword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 IP Filter C ommands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 managemen t . . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS x logging se ndmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67 show logg ing send mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68 Time Command s . . . . . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xi radius-se rver key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 radius-se rver retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 radius-se rver timeout . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xii match acce ss-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137 show markin g . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138 MAC ACLs . . . . . . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xiii negotiatio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173 capabilit ies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-174 flowcontr ol . . . . . . .
T ABLE OF C ONTENTS xiv spanni ng-tree tra nsmission -limit . . . . . . . . . . . . . . . . . . . . . . . 4-213 spanni ng-tree bac kup-root . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-214 spanni ng-tree mst -configu ration . . . . . . . .
T ABLE OF C ONTENTS xv switchpor t private- vlan host- associat ion . . . . . . . . . . . . . 4-246 switchpor t private- vlan mapping . . . . . . . . . . . . . . . . . . . 4-246 show vlan pr ivate-vlan . . . . . . . . . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xvi IGMP Quer y Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-273 ip igmp snoo ping querie r . . . . . . . . . . . . . . . . . . . . . . . . . 4-273 ip igmp snoo ping query -count . . . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xvii A PPEN DICES : A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Software Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Managem ent Feature s .
T ABLE OF C ONTENTS xviii.
xix T ABLES Table 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System Defa ults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Web Pag e Configuratio n Button s .
T ABLES xx Table 4-19 show logg ing flash/ram - d isplay de scription . . . . . . . . 4-62 Table 4-20 show logg ing trap - dis play descr iption . . . . . . . . . . . . . 4-63 Table 4-21 SMTP Comma nds . . . . . . . . . . . . . . . . . . . . . . . . .
T ABL ES xxi Table 4-56 Spanning Tr ee Command s . . . . . . . . . . . . . . . . . . . . . . 4-204 Table 4-57 VLAN Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230 Table 4-58 Editing V LAN Groups . . . . . . . . . . . . . . . . .
T ABLES xxii.
xxiii F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Front Pan el Indicator s . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 Figure 3-3 System In formation . . . . . . . .
F IGU RES xxiv Figure 3-37 802.1X Global Information . . . . . . . . . . . . . . . . . . . . . . 3-89 Figure 3-38 802802.1X Global Configuration . . . . . . . . . . . . . . . . . . 3-90 Figure 3-39 802.1X Port Configuration . . . . . . . . . . . . . .
F IGU R ES xxv Figure 3-74 MSTP Port Inform ation . . . . . . . . . . . . . . . . . . . . . . . . 3-175 Figure 3-75 MSTP Port Configu ration . . . . . . . . . . . . . . . . . . . . . . . 3-178 Figure 3-76 Globally Enab ling GVRP . . . . . . . . . . . .
F IGU RES xxvi.
1-1 C HAPTER 1 I NTRODUCTION These swi t ches provide a broad range of featu res for La yer 2 switc hing. They include a m anagement agent that allo ws you to config ure the features listed in this manual. The default configuration can be used for most of the featu res provid ed by t hese switc hes .
I NTR OD UC TI ON 1-2 Descri ption of Soft ware Feat ures Th e switch pr ovides a wide rang e of advanc ed perf or man ce enh ancing featu res. Flow contro l eliminates the loss of packet s due to bottlenec ks caused by por t satura tion. Broa dcas t stor m suppres sion pre vents broad cast traff i c s t orms from eng ulfing the ne twor k.
D ESCRIPTION OF S OFTWARE F EAT UR ES 1-3 priorit y queue ing ensur es the m inimum del ay for moving real -time multimedia data across the network. While multicast filt ering provides suppor t for real-time network appli cations. Some of the manag ement features are brief ly describ ed below .
I NTR OD UC TI ON 1-4 switch connections. Flow control should also be enable d to control netw ork traff ic during pe riods of c ong esti on and prev ent the los s of pack ets when port buffe r thresholds are exceed ed. The switc h supports flow co ntrol based on the IEEE 802.
D ESCRIPTION OF S OFTWARE F EAT UR ES 1-5 IEEE 802.1D Bridge – T he switch supports IEEE 802.1D transparent bridgin g . T he addr ess table facilita tes data switching by le ar ning a ddresse s, and then filterin g or forwarding tra ffic based on this infor mation.
I NTR OD UC TI ON 1-6 for diffe rent VL ANs . It sim plifies ne twork manag ement, pr ovides for e ven faste r converg enc e tha n RSTP by limit ing t he size o f each r egion , and prev ents VLAN m embers fr om being seg m ented from the rest of the gr oup (as so metimes occ urs with I EEE 802.
S YSTEM D EFAULTS 1-7 prior ities are map ped to a Class o f Ser vice v alue by th e switch, and the traffi c then se nt to t he cor res pond ing outpu t queu e.
I NTR OD UC TI ON 1-8 Authentication Privileged Exec Level Username “a dmin” Password “ad min” Normal Exec Level Username “guest” Pass word “guest ” Enable Privilege d Exec from Normal Exe c Level Password “super” RADIUS Authentication Disabled TACACS Authe nti cati on Disab led 802.
S YSTEM D EFAULTS 1-9 Power over Ethernet * Status Enabled (all ports) Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP Disabled Broadcast St orm Protection Status Enabled (all ports) Broadcast Limit Rate 500 packets per second Spanning Tree Protocol Status Enabled, MSTP (Defaults: All valu es based on IEEE 802.
I NTR OD UC TI ON 1-10 IP Settings Management VLAN 1 IP Add ress 0.0.0.0 Subnet Mask 255.0.0. 0 Default Gate way 0.0.0.0 DHCP En abled BOOTP Disabled Multicast Filt ering IGMP Snooping Snooping: Enabl.
2-1 C HAPTER 2 I NITI AL C ONFIGURATI ON Connect ing to the Switch Configuration Opt ions The switc h includes a built-in ne twork ma nagement agent. The agent offer s a variety o f manag ement option s, including SNM P , RM ON and a web-base d inte rfa ce.
I NI TI AL C ONFIGURATION 2-2 The switch’ s CLI configur at ion pro g ram, w e b interface , and SNMP agent allow you to perf or m the following manag emen t functio ns: • Set user nam es an d pas.
C ONNECTING TO THE S WITCH 2-3 Required Connections The switch provides an RS-232 serial por t that enables a connection to a PC or te r minal for mo nitoring an d configur ing the sw itch . A null -modem console cable is pr ovided with the s witch. Note: When configuri ng a stack, co nnect to the cons ole port on t he Master unit.
I NI TI AL C ONFIGURATION 2-4 Notes: 1. When usin g HyperTe rminal wi th Micros oft ® Window s ® 200 0, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the p roblem of arrow keys not functioning in HyperTerminal’s VT 100 emulati on.
S TACK O PERATIONS 2-5 Note: The onboard program only provides a ccess to basi c configurat ion funct ions. To acc ess the full r ange of SNM P manageme nt funct ions, you mu st use SNMP- b ased network m anagement softwar e. Stack Operations Up to e ight switc hes can be s tacked together as des cribed in th e Installation Gui de .
I NI TI AL C ONFIGURATION 2-6 Resilient IP Int erface for Management Access The stack functions as one int eg ral system for m anagement and confi g uratio n purposes . Y ou can th erefore manage th e stack thro ugh any port configured as part of the VLAN used for managemen t access .
B ASIC C ONFIGURATION 2-7 4. The se ssion is opene d and the CL I displays the “Console #” prompt indicat ing you ha ve a ccess at the P rivileged Ex ec leve l.
I NI TI AL C ONFIGURATION 2-8 Dynamic — The swit ch sends IP configur ation reque sts to BOOT P or DHCP add ress a llocatio n ser vers on the ne twork.
B ASIC C ONFIGURATION 2-9 4. T o set the IP addr ess of th e default g atew ay for the netw ork to whic h the switch belongs, type “ip de fault-g ate way gateway , ” where “gatewa y” is the IP address o f the default gate way . Press < Enter>.
I NI TI AL C ONFIGURATION 2-10 4. T ype “ip dhcp restart” to begi n broadcasti ng ser vice reques ts. Press <Ente r>. 5. W ait a few min utes , and then c heck th e IP configur ation setti ngs by typi ng the “sho w ip inte rface” comman d.
B ASIC C ONFIGURATION 2-11 entire MIB tr ee. However, you may assig n new view s to versio n 1 or 2c comm unity strings that suit y our specific s ecurity requir ements (see page 3-67) .
I NI TI AL C ONFIGURATION 2-12 communi ty strings. If there are no commun ity strings, th en SNMP manageme nt acc ess from SN MP v1 an d v2c c lients is d isabl ed. Trap Receivers Y ou can a l so sp ecify SNMP stat ions that are to receiv e traps from the switc h.
B ASIC C ONFIGURATION 2-13 used for authentication , provides t he password “greenpeace” for authen tication, and the pass word “eins tien” for encry ption.
I NI TI AL C ONFIGURATION 2-14 Managing System File s Th e switch’ s flash me mor y sup por ts three ty pes of syste m files tha t can be managed b y the CLI pr og ram, w eb interfac e, or SNMP . The swit ch’ s file syste m allo ws files to be uploaded an d downloade d, copied, del eted, and set as a start-up file .
C ONFIGURING P OWER OVER E THER NET 2-15 Conf iguring Power ove r Etherne t The 24 10/100 Mbps por ts on the SMC6824MPE and SMC6826MPE support th e IEEE 802.3af P ower -over -E thernet (PoE) standard that enabl es DC powe r to be su pplied to attac hed device s ove r the unused pairs of wir es in the connect ing Ethernet cable .
I NI TI AL C ONFIGURATION 2-16.
3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using the We b Interface This sw itch provides an embedded HTTP W eb ag ent. Using a W eb bro wser you can configure the s w itch and view statis tics to monito r netw ork acti vity . The W eb agent can be accessed b y any computer on the network us ing a stan dard W eb browser (In ter net E xpl orer 5.
C ONFIGURING THE S WI TCH 3-2 Notes: 1. Yo u are al lowed th ree attemp ts to en ter the c orrect p assword ; on th e third fai led attempt the current co nnection is terminate d. 2. If you log into th e web interface as guest (Normal Exec level), you ca n view the co nfiguratio n settings or change the guest password.
N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-3 Navigati ng t he Web Browse r Inter face T o acce ss the W eb-browse r interfac e you must first e nter a us er name a nd passw ord. The administrator h as Read/W rite access to all conf iguration parameter s and stati stics .
C ONFIGURING THE S WI TCH 3-4 Configuration Opt ions Configur able paramet ers hav e a dialog bo x or a dro p-down lis t. Once a config urati on chang e has been made on a pag e, be sure to click on th e Apply bu tton to c onfir m the new setting. The foll owing table su mmarizes the W eb p ag e configu ratio n button s .
N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-5 Panel Display The we b agent displa ys an image of th e switch ’ s ports . T he Mod e can be set to display different infor mation for the por ts, including Activ e (i.e., up or down), Du plex (i.e., ha lf or ful l duplex) , or Flow Co ntro l (i.
C ONFIGURING THE S WI TCH 3-6 Main Menu Using the onboard W eb agent, y ou can defi ne system pa rameters , mana g e and control the switch, and all its po rts, or monitor ne twork conditions . The following table briefly describes the se lections available from this prog r am.
N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-7 SNTP 3-43 Configura tion Co nfigures SNTP cl ient setting s, includin g broadcast mo de or a specified list of servers 3-43 Clock Time Zone Sets the l.
C ONFIGURING THE S WI TCH 3-8 802.1X Port authentic ation 3-88 Information Displays the g lobal configu ration setti ng 3-89 Configura tion Configure s the global con figurati on setting 3-88 Port Con.
N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-9 Broadcast Control Sets the broadca st storm threshol d for each port 3-135 Mirror Port Configura tion Sets the source and target ports for mirroring 3.
C ONFIGURING THE S WI TCH 3-10 Trunk Configuratio n Configures indi vidual trunk settings for STA 3-169 MSTP VLAN Configuration Configures priority and VLANs for a spanning tr ee instance 3-172 Port I.
N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-11 Private VLA N 3-194 Information Shows priv a te VLANs and asso ciated por ts 3-195 Configura tion Co nfigures private VLANs 3-197 Associat ion Maps a.
C ONFIGURING THE S WI TCH 3-12 Copy Settings Enables mapping IP Prece dence and DSCP Priority settings to ports, or tru n ks. 3-215 ACL CoS Priority Sets the CoS value and corresponding output queue f.
B ASIC C ONFIGURATION 3-13 Basic Configuratio n Displaying System Inform ation Y ou can e asily identify the system b y provid ing a descript ive n ame, location and contact information. Field Attribut es • Sy stem Na me – Name as signed to th e switch syst em.
C ONFIGURING THE S WI TCH 3-14 We b – Click S ystem, Syst em I nfor mation. Spec ify t he sy stem n ame, location , and contact information for th e s ystem admini strator , then cli ck Apply . (T hi s pag e also inc ludes a T el net butt on that access th e Comma nd Line Inter face via T elnet.
B ASIC C ONFIGURATION 3-15 CLI – Specify the h ostname, location and contact info r mation. Displaying Switch Hardware/Software Versions Use the Switch Infor mation pag e to display hardware/fir mware version numbe rs for t he main board and management softwa re, as w ell as the pow er status of t he system.
C ONFIGURING THE S WI TCH 3-16 • Internal Power Status – Displays the st atus of th e internal power supply. Manageme nt Software • Loader Versio n – Version number of loa der co de. • Boot-RO M Version – Versi on of Powe r-On Self-T est (POST) and b oot code.
B ASIC C ONFIGURATION 3-17 We b – Click System, Switch Infor mation. Figure 3-4 General Switch Informati o n CLI – Use the followin g command to display version infor matio n.
C ONFIGURING THE S WI TCH 3-18 Displaying Bridge Extension Capabilities Th e Bridg e MIB in cludes ex tens ions for mana g ed device s that sup por t Multicast Filtering , T raffic Classes, an d Virtual LANs . Y ou can access t h ese exten s ions to displa y default setti ngs for the key v ariables .
B ASIC C ONFIGURATION 3-19 We b – Click System, Bridg e Extension. Figure 3-5 Displaying Bridge Extensi on Configuration CLI – Enter the following command. Setting the IP Addres s An IP address ma y be used fo r management acce ss to the s witch o ver y our network.
C ONFIGURING THE S WI TCH 3-20 Y ou can man ually con figure a spec i fic IP address , or dire ct the device to obtain an address from a BOOTP or DHCP server . V alid IP addresses consist of four dec im al numb ers , 0 to 255, separated by periods . Anything other th an this for mat will not be accepted b y the CLI prog ram.
B ASIC C ONFIGURATION 3-21 Manual Con figuration We b – Click System, IP Configuration. Select the VLAN thro ugh which the man age ment statio n is atta ched, set t he IP Add ress Mode to “Sta tic. ” Enter th e IP address , subnet mask and gatewa y , then clic k Apply .
C ONFIGURING THE S WI TCH 3-22 Usin g DHC P/BOO TP If you r network p rovid es D HCP/B OOT P ser vic es, you can con figu re th e switc h to be dyna m ical ly configured b y these se r vices . We b – Click System, IP Configuration. Specify the VLAN to which the manag ement station is attached , set the IP Address Mode to DH CP or BOOTP .
B ASIC C ONFIGURATION 3-23 Renewing DCHP – DHCP may lea se add resse s to cli ents in def inite ly or for a sp ecific period of time . If the addre s s exp ires or the swit ch is mo ved to anothe r network segment, you will lose m anagemen t access t o the switch.
C ONFIGURING THE S WI TCH 3-24 • File Name – The f ile name should not cont ain slash es ( or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on th e TFTP server is 127 character s or 31 characters for files on the s w itch.
B ASIC C ONFIGURATION 3-25 If yo u download to a new d estination file, go to the File, Set Sta r t-Up menu, mark the operation code file used at star tup , and click Apply . T o start the ne w fir mware , reboot the s ystem via the Sy stem/Re set menu.
C ONFIGURING THE S WI TCH 3-26 CLI – T o download new fir mware f or m a TF TP ser ver, enter the IP addres s of th e TFTP se r ver, select “opcode ” as the f ile typ e, then ent er the source and d estination file names. When the file h as finished d ownloading, set the new file to s tart u p the sy stem and then r estar t the sw itch.
B ASIC C ONFIGURATION 3-27 - file to startup-config - Copies a file in th e switch to the startup config uration. - file to tftp - Copies a file from the switch to a TFTP server. - running-con fig to f ile - Copies th e running config uratio n to a file.
C ONFIGURING THE S WI TCH 3-28 Download ing Config uration Setti ngs from a Server Y ou can d ownload t he configur ation fil e under a new file name and then set it as the startup fil e, o r you can specify the c ur rent startup configuration file as the desti nation file t o directly replace it.
B ASIC C ONFIGURATION 3-29 If you downloa d to a ne w file name using “tftp to s tar tup-co nfig ” or “tftp to file, ” the file is automatically set as the star t-up configuration file. T o use the ne w settings , reboot the system vi a the System/R eset me nu.
C ONFIGURING THE S WI TCH 3-30 This example shows how to download a P oE controll er file from a TFTP ser ver. This exam ple shows how to co py a P oE control ler file fr om another un it in the stack.
B ASIC C ONFIGURATION 3-31 • Passwor d Threshold – Sets the pass w ord in tr usion t hresho ld, wh ich limits the number o f failed log on att empts.
C ONFIGURING THE S WI TCH 3-32 We b – Cli ck System, Line, Consol e. Speci fy the consol e port connec tion para met ers as re qui red, then cl ick App ly . Fig ure 3- 13 Con sole Port S etting s CLI – Enter Li ne Configurati on mode for th e console , then specif y the connec tion parame ters as requir ed.
B ASIC C ONFIGURATION 3-33 Telnet Settings Y ou can access the on board confi guration prog ram o ver the netw ork using T eln et (i.e., a virtual ter m inal). Manag ement access via T elnet c an be enabled/ disabled and othe r various p arameters set, in cluding the TCP port num b er , timeouts , and a passw ord.
C ONFIGURING THE S WI TCH 3-34 We b – Clic k System, Line , T elnet. Spe cify the connect ion parameter s for T elnet access , then clic k Apply . Figure 3-14 Configuring the Telnet Interface CLI – Enter Line Conf iguration mode fo r a virtual ter m inal, then specify the co nnection parameters as re quired.
B ASIC C ONFIGURATION 3-35 Configuring Event Log ging The switch allows you to control the log ging of e rror messag es, including the ty pe of even ts that are reco rded in swi t c h memo r y , log ging to a r emote System Log (syslog) ser ver , and dis p la ys a list of recent ev ent messages .
C ONFIGURING THE S WI TCH 3-36 Command Att ributes • System Lo g Status – E nables /disab les th e loggin g of de bug or er ror messag es to the logging process. • Flash Level – Limits log mes sages saved to the switch’ s permane nt flash memory for all level s up to the specifi ed le vel.
B ASIC C ONFIGURATION 3-37 We b – Click System, Log, System Logs . Specify the Sy s tem Log Status , set the lev el of ev ent messa g es to be l og ged to RAM an d f lash me mor y , and then cl ick Apply . Figure 3-15 System Logs CLI – Enable system log gin g and then spe cify the lev el of m essages to be logg ed to RAM and flash memory .
C ONFIGURING THE S WI TCH 3-38 This att ribute specifi es the facility type tag sen t in s yslog messages. (See RFC 3164.) This t ype has no effect on t he kind of messages reported by the s witch . Howev er, it may b e used by the sy slog s erve r to pro cess messa g es, s uch as sorting o r storing m essag es in the corre sponding database.
B ASIC C ONFIGURATION 3-39 CLI – Enter the syslo g ser ver host IP address, c ho ose the facility type and set the minimum level of message s to be log g ed. Displaying Log Mes sages Use the Log s pag e to sc roll thro ugh the log ged system and ev ent messages .
C ONFIGURING THE S WI TCH 3-40 CLI – This exampl e shows th e event m essage stored in RAM. Sending Simple Mail Transfer Proto col Alerts T o alert sy stem administra tors of pro blems , the switc h can use SMT P (Simple Mail T r ansfer P rotoc ol) t o send email message s when trig g ered by log ging ev ents of a specified lev el.
B ASIC C ONFIGURATION 3-41 We b – Click System, Log , SMTP . Enable SMTP , specify a source email address , and select the minimum sev erity level. T o add an IP address to the SMTP Ser ver List, type the new I P address in the SMTP Ser ver fie l d and click Add.
C ONFIGURING THE S WI TCH 3-42 CLI – Enter the IP address o f at least one SM TP ser ver , set th e syslog severity lev el to trig g er an email messag e, and specify the switch (source) and up to five recipie nt (dest ination ) emai l addresse s . En able SMTP w ith the logging sendmai l command to co mplete the co nfiguration .
B ASIC C ONFIGURATION 3-43 CLI – Use the reload com m and to reboot t he system. Note: When resta rting the sys tem, it always runs the Pow er-On Self-Test. Setting the System C lock Simple Network Time Protocol (SNTP) allows the switch to set its int ernal cloc k based on pe riodic updat es from a time s er ver (SNTP or NTP).
C ONFIGURING THE S WI TCH 3-44 We b – Se lect SNTP , Con figuration. Modify any of the required p arameters and click Apply . Figure 3-20 SNTP Configuration CLI – This example c onfigures t h e swi t c h to op erate as an SNTP c lient and then displays the c urr ent time and setting s .
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-45 • Hours (0-13) – The n umber of hours b efore UTC (0-1 2) or a fter UTC (0-13) . • Minutes (0-59) – The number of minute s befo re/a fter UTC . • Direction – C onfigure s the time zone to be before (east) or after ( west) UTC.
C ONFIGURING THE S WI TCH 3-46 Infor m ation Bas e (MIB) tha t provides a sta ndard prese ntation of t he infor ma tion contr olled by the ag ent. SNMP d efines both the for mat of the MIB specificatio ns and the proto col us ed to access this info r mation over the netw ork.
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-47 Note: The predef ined default grou ps and view can be deleted fr om the system . You can then def ine customized grou ps and vie ws for the SNMP clients that require access.
C ONFIGURING THE S WI TCH 3-48 Enabling the SNMP Agent Enables SNMPv3 se r vice for all mana gement clients (i.e., versions 1, 2c, 3). Command Att ributes SNMP Age nt Status – Enables SNMP on the switch . We b – Click SNM P , Ag ent Status . Enable the SNMP Agent by mar ki ng the Enable d checkbo x, and clic k Apply .
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-49 • Acce ss Mod e – Spec ifie s the ac ces s right s for th e com munit y str ing: - Read-Only – Authorize d manage ment sta tions are only able to retrieve MIB objects . - Read/Write – A uthorized m anagement stations are able to b oth retr ieve and modify MI B objects .
C ONFIGURING THE S WI TCH 3-50 Specifying Trap Managers and Trap Types T raps in dicating st atus chang es a re issued by the switch to sp ecified trap managers . Y ou must specify trap managers so th at key ev ents ar e repor ted by this switch to your man age ment statio n (using network manag ement platforms suc h as SMC Elit eView).
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-51 3. C reate a view with th e req uire d not ificat ion messa g es (pag e 3- 67 ). 4. Create a g roup that inc ludes the required notify view (p age 3-61). 5. Specify a remote engine ID where the use r resides (page 3-54).
C ONFIGURING THE S WI TCH 3-52 - Retry times – The maximum number of times to resend an inform message if the recipient does not acknowledge receipt. (Range: 0-255; Default: 3) • Enable Authentication Traps 3 – Issue s a notifi cation messag e to speci fied IP t rap ma nager s wh enev er au thenti catio n of an SN MP r eque st fails.
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-53 Configuring SNM Pv3 Management Access To conf igure SNMPv3 mana gement a ccess to the switch, follow these steps: 1. If y ou want to c hange the default engine I D , it must be changed first before config urin g other param eters.
C ONFIGURING THE S WI TCH 3-54 We b – Click SNMP , SNM Pv3, Engine ID . Enter an ID of up to 26 hexadecimal ch aracters and then clic k Save . Figure 3-25 Setting an Engine ID CLI – This example sets an SN MPv3 engine ID .
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-55 We b – Click SNM P , SNMPv3, Remote Engine ID . Enter an ID of up to 26 hexadecimal ch aracters and then clic k Save . Figure 3-26 Setting an Engine ID CLI – This example sp ecifies a remote SNMPv3 en gine ID .
C ONFIGURING THE S WI TCH 3-56 - Auth Priv – S NMP comm unication s use bo th authe nticati on an d encrypt ion (only ava i lable f or the SNMPv3 se curity model).
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-57 We b – Click SNMP , SNMP v3, Users . Click New to configure a user name. In the New Use r page, defin e a name and assi gn it to a g roup , then click Add to save the configuration and retur n to the User Name list.
C ONFIGURING THE S WI TCH 3-58 CLI – Use the snm p-se r ver use r command to con figure a new user nam e and ass ign it to a g ro up. Confi g uring Rem ote SNMPv3 Users Each S NMPv3 use r is de fined by a u nique nam e. Users mu st be config ure d with a specific security level and assigned to a g roup .
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-59 Command Att ributes • User Na me – The name of user co nnecting to th e SNMP agent. (Range: 1-32 char acters) • Gro up N ame – The name of the SNMP group to whi ch the user is assigned.
C ONFIGURING THE S WI TCH 3-60 We b – Click SNMP , SNMPv3, Remote Users . Click New to configure a user name . In the New User pa g e, define a name an d assign it to a group , then click Add to save the configuration an d retur n to the Us er Name lis t.
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-61 CLI – Use the snm p-se r ver use r command to con figure a new user nam e and assi g n it to a group . Confi g uring S NMPv3 Groups An SNMPv3 g roup sets the access policy f or its assig n ed user s, restricti ng them to sp ecifi c re ad, w rite, a nd no tif y view s.
C ONFIGURING THE S WI TCH 3-62 • Notify View – The configured view for notifications. (Range: 1-64 charact ers) Table 3-5 Supported Notification Messages Object La bel Object ID Description RFC 1493 Traps newRoot 1.
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-63 warmStar t 1.3.6.1.6.3. 1.1.5.2 A warmSta rt trap sig nifies t hat th e SNMP v2 e nti ty , act ing in an agent role, is reinitializing itself su ch that its c onfiguration is unaltered . linkDown * 1.3.
C ONFIGURING THE S WI TCH 3-64 authenticationFailure * 1.3.6.1.6.3.1.1 .5.5 An authentica tionFailure trap signifies tha t the SNMP v2 e nti ty , act ing in an age nt role, has received a prot ocol messag e that is not properly authen ticated.
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-65 swIpFilterRejectTrap 1.3. 6. 1.4.1.202.20.28 .63.2.1. 0.40 1.3.6.1.4.1. 202.20.41.63. 2.1.0.40 1.3.6.1.4.1. 202.20.53.63. 2.1.0.40 T h i s t r a p i s s e n t w h e n a n incorrect IP address is rejected by the IP Filter.
C ONFIGURING THE S WI TCH 3-66 We b – Click SNMP , SNMPv3, Groups. Clic k Ne w to configure a new g roup . In the Ne w Group p age, def ine a name, a ssign a se curity model and level, and then select read and write view s . Click Add to sav e the new group and return to th e Groups li st.
S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-67 CLI – Use th e snm p-ser ver gr oup comma nd to configu re a new group , speci fying the secur ity model an d level, and restricti ng MIB access to define d read and write vi ews . Setti ng SNMP v3 Views SNMPv3 views are used to restrict user access to speci fied portions of the MIB tre e.
C ONFIGURING THE S WI TCH 3-68 We b – Click SNMP , SNMPv3, Views . Click New to configure a new view . In the N ew View page, define a name and specify OID s ubtrees in the switc h MIB to be includ ed or ex cluded in the view . Clic k Back to s ave the new view a nd return to the SNMPv3 V iews list.
U SER A UTHENTICATION 3-69 CLI – Us e the snmp-ser ver view comman d to conf igur e a new vie w . Th is exampl e view includes the MIB-2 interfaces table, and the wildcard m ask selects all inde x entries .
C ONFIGURING THE S WI TCH 3-70 Configuring Us er Accounts Th e gues t only ha s read ac cess f or most configu ratio n parame ters. Ho wev er, th e administrator has write access for all parameters governing the onbo ard agent. Y ou should the refore assign a new administrator password as so on as po ssible, and sto re it in a safe pl ace.
U SER A UTHENTICATION 3-71 We b – Clic k Security , User Acco unts . T o configure a new user accoun t, enter the user name , access lev el, a n d passw ord, t h en clic k Add. T o ch ange the pa ssword for a specif ic user , enter the user name and new passw ord, confi r m the pas sword b y entering it ag ain, t h en clic k Apply .
C ONFIGURING THE S WI TCH 3-72 Configuring L ocal/Remote Logon Aut hentication Use th e Authen tication Settings men u to res trict management access based on specif ied user names and pas s w ords .
U SER A UTHENTICATION 3-73 • You c an specify up to three au thenticati on methods fo r any user t o indicat e the authen tication sequ ence. For exam ple, if you s elect (1) RADIUS, (2) TACACS and (3) L ocal, the user name a nd passwo rd on the RADIUS server is verified first.
C ONFIGURING THE S WI TCH 3-74 • TACACS Settings - Server IP Address – Add ress of the TACA CS+ server. (Defau lt: 10.11.12.13) - Server Port N umber – Network (TCP) por t of TACACS+ server used for authentication messag es. (Range: 1-65535; Default: 49) - Secret Text String – En cryption key use d to aut henticate logon access for client.
U SER A UTHENTICATION 3-75 CLI – Spec ify all the req uired par ameters to enable log o n authen tication. Configuring H TTPS Y ou can c o nfigu re the switch to enable the Secure Hypertext T ransfer Proto col (HT TPS) over the S ecure Socket Layer (S SL), providing se cure access (i.
C ONFIGURING THE S WI TCH 3-76 • If you enable H T TPS, you mu st indicate th is in the URL that you specify in your br owser : https:/ / device [: po rt_number ] • When you start HTTPS, t he connection is established in this way: - The clien t authenticates the server usi ng the server’s digital cert i ficat e.
U SER A UTHENTICATION 3-77 We b – Click Sec urity , HTTPS Settings . Enable HTTPS and specify the por t numbe r, then click Apply . Figure 3-33 HTTPS Settings CLI – This example e n ables t he HTTP secure server and mo difies the por t numb er .
C ONFIGURING THE S WI TCH 3-78 When y ou hav e obtained these , place t h em on your TFTP server , and use the foll owing comm and at the switc h's comman d -line i n terface t o replace the de fault ( unreco gnized) cer tifica te with an author ized on e: Note: The switch m ust be reset for the new cer tificate t o be activated.
U SER A UTHENTICATION 3-79 Command Usage The SSH se r ver on t his swi tch supp or ts both passwo rd and publi c key authen tication. I f passw ord aut hentication i s specified b y the SSH clien t, t.
C ONFIGURING THE S WI TCH 3-80 only accept s public k ey files based on standard U NIX for mat as shown in the followin g exampl e for an RSA V ersion 1 key: 1024 35 1341081685 6098939210 4094492015 5.
U SER A UTHENTICATION 3-81 Notes: 1. To use SS H with onl y password a uthenti cation, the host pu blic key must still be give n to the client, either during initial conne ction or manua lly entere d int o the kn own host file. However , you do not need t o configure the client’ s keys.
C ONFIGURING THE S WI TCH 3-82 • Gen erate – This button is used to generate the host key pair. Note that you must fi rst generate the hos t key pair be fore you can enable the SSH server on the SSH Server Settings page. • Clear – This butt on clears th e host key from both volatile memo ry (RAM) and no n-volatile me mory (Flash ).
U SER A UTHENTICATION 3-83 CLI – This example gen erates a host -key p air using bo th the RSA and DSA al g orithm s, stores the keys to f las h memo r y , a nd then dis plays the host’ s publ ic keys . Configur ing the SSH Server The SSH server inc ludes basic se ttings for aut hentication.
C ONFIGURING THE S WI TCH 3-84 • SSH Server-Key Size – Sp ecifies the SSH se rver key size. ( Range: 512-896 bits: Default: 768 ) - The server key is a private ke y that is never shared outside th e switch. - The host key is shared with the SSH client, and is fixed at 1024 bits.
U SER A UTHENTICATION 3-85 Configuring P ort Security P or t security is a feature th at allows you t o configure a switch port with one or m ore devi ce MA C addresses t hat are auth orized to ac cess the network thro ugh t hat por t .
C ONFIGURING THE S WI TCH 3-86 • If a po rt is dis abled (shut do wn) d ue to a s ecurity violatio n, it must be manuall y re-enable d from the Port/P ort Configur ation page (page 3-11 7). Command Att ributes • Port – Port number. • Name – Descriptive text (page 3-114).
U SER A UTHENTICATION 3-87 We b – Click Secur ity , P or t S ecurity . S et the action to take whe n an invalid addr ess is d etect ed on a por t, ma rk the che ckbox in the Statu s colu mn to enable s ecurity for a por t, set t h e max imum numb er of MA C addresse s allowed on a port, and click Apply .
C ONFIGURING THE S WI TCH 3-88 Configuring 802.1X P ort Authentication Netw ork switch es can provid e open and easy access to netw ork resources by simply attaching a client PC.
U SER A UTHENTICATION 3-89 allows the client to acces s the network. Otherwise, network access is denie d and the port rem ains bloc ked. The operation of 802.1X on the switch require s the following: • The s witch must h ave an IP address ass igned.
C ONFIGURING THE S WI TCH 3-90 CLI – This example shows the default global setting for 802.1X. Configur ing 802.1X Global Set tings The 802.1X protocol provides client authentication. Command Att ributes 802.1X System Authentication Control – Sets th e glob al setting for 802.
U SER A UTHENTICATION 3-91 Configur ing Port Settings for 802.1X When 802.1X is enabled, you n eed to configure t he parameters for th e authen tication p rocess th at r uns betw een the cl ient and t he switc h (i. e., authen ticator), as well as t he client i dentity loo kup process that runs betwee n the switc h and authenti cation s er ver .
C ONFIGURING THE S WI TCH 3-92 • Re-authentication Period – S ets the time peri od after w hich a connected clien t mus t be re-authenticated. (Ran g e: 1-65535 seconds; Default: 3600 secon ds ) • TX Period – Se ts the time period d uring a n authen tication session that the switch waits before re-transmitting an EAP packet.
U SER A UTHENTICATION 3-93 Console#show dot1x 4-116 Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAutho rized yes 1/2 enabled Single-Host Auto yes .
C ONFIGURING THE S WI TCH 3-94 Displaying 802.1X St atistics This sw itch can display statistics for dot1x p rotocol exc h anges for any por t. Table 3-7 802.1X Statistics Parameter Description Rx EXPOL Start The number of EAPOL Start frames that have been receive d by this Authenticator.
U SER A UTHENTICATION 3-95 We b – Select Security , 802.1X, Statistics . Select the required port and then click Query . Click Refresh to update the statistics. Figure 3-40 Displaying 802.1X Statis t ics CLI – This example displays the 802.1X statistics for por t 4.
C ONFIGURING THE S WI TCH 3-96 Filtering IP Addr esses for M anagement Access Y ou can create a l ist of up to 16 IP add resses or IP addr ess g roups that are allowed management access to t he switch through the web interface, SNMP , or T elnet. Command Usage • Th e manage ment inter faces are open to all IP addres ses by defau l t.
U SER A UTHENTICATION 3-97 We b – Click Security , IP Filter. Enter the IP addresses or range of addresses t hat are allowed manag ement access to an interface, and clic k Add IP Fil tering E ntr y . Figure 3-41 Entering IP Addresses to be Filtered CLI – T his examp le re str icts ma nag em ent ac cess for T e lnet and SN MP clients.
C ONFIGURING THE S WI TCH 3-98 Access Control L ists Access Control Lists (AC L) provide packet filtering f or IP frames (b ased on add ress, protocol, L ayer 4 pr otocol p or t number or TCP cont rol cod e) or any fr ames (based on MAC a ddress or E t hernet type).
A CCES S C ONTROL L ISTS 3-99 • When an A CL is bound to an interface as an egre ss filter, all entries in the ACL must be deny rules. Otherwise , the bind operatio n will fail. • The s witch does not sup port the expli cit “deny any a ny” rule for t h e egress IP ACL or the egress MAC A CLs.
C ONFIGURING THE S WI TCH 3-100 We b – Click Security , A C L, Configuration. Enter an ACL name in the Name field , selec t the list ty pe (IP St andard , IP Extend ed, or MA C), and click Add to open the config uration pag e for the new list. Figure 3-42 Selecting ACL Type CLI – This example creates a standard IP A CL name d bill.
A CCES S C ONTROL L ISTS 3-101 We b – Spec ify the action (i.e., Permit or Deny ). Select the address type (Any , Host, or IP). If y ou select “ H ost, ” enter a sp ecific address . If you select “IP ,” enter a subn et addr ess an d the ma sk for a n add ress ran ge.
C ONFIGURING THE S WI TCH 3-102 • Source/Destination Subnet Mask – Sub net mask for source o r desti nation addr ess. (See th e descripti on for SubM ask on page 3-100.) • Service Type – Packet priority se ttings bas ed on the followi ng criteri a: - Precedence – IP precede n ce level.
A CCES S C ONTROL L ISTS 3-103 We b – Specify the act ion (i.e ., Permit or Deny) . Speci fy the sour ce and/or desti nation addr esses . Select the address type (Any , Host , or IP). If y ou selec t “Host ,” e nter a speci fic address . If y ou select “IP , ” enter a subn et address an d the mask for an address range .
C ONFIGURING THE S WI TCH 3-104 CLI – This exampl e adds three rules: 1. Accept an y incoming pac kets i f the s o urce a ddress is in subnet 10.7. 1.x . F o r exam ple, if the r u le is mat ched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked addre s s (10.
A CCES S C ONTROL L ISTS 3-105 • Ethernet Type Bitmask – Protocol bitmask. (Range: 600-fff hex.) • Packet Format – This att ribute includes the following pa cket types: - Any – Any E ther net pack et type . - Untagged-eth2 – Untag ged Ethern et II packets.
C ONFIGURING THE S WI TCH 3-106 We b – Specify the act ion (i.e ., Permit or Deny) . Speci fy the sour ce and/or desti nation add resses . Select t h e add ress type (A ny , Host, or MA C). If y ou select “Host,” enter a specific ad dress (e .g.
A CCES S C ONTROL L ISTS 3-107 Configuri ng ACL Masks Y ou must specify masks th at control the orde r in which A CL r ules are chec ked. The sw itch incl udes tw o system defaul t masks that pa ss/filter pack ets matc hing the permit/deny r ules specified in an ingress A CL.
C ONFIGURING THE S WI TCH 3-108 We b – Click Se curity , A CL, Mask Configuration. Click Edit for one of the bas i c mask types t o open the co nfigurati on page . Figure 3-46 Choosing ACL Types CLI – This exam ple creates a n IP ingre ss mask, and then adds two rules.
A CCES S C ONTROL L ISTS 3-109 • Source/Destination Subnet Mask – Sub net mask for source o r desti nation addr ess. (See th e descripti on for SubM ask on page 3-100.) • Protocol B itmask – Check the prot ocol field. • Service Type Mask – Check the rule for the specified priority type.
C ONFIGURING THE S WI TCH 3-110 CLI – This sho ws that th e entries in the mask o verride the p recedence in which th e r ules are en ter ed into th e A C L. I n the fo llowing examp le, pac ke ts with the s ource address 10.1.1.1 are dropped bec ause the “deny 10.
A CCES S C ONTROL L ISTS 3-111 We b – Configure the mask to match the required r u les in th e MAC ingress or egress A CLs. Set the mask to c heck for a n y source or destination address , a host ad dress, o r an address range. Use a bitmask to searc h for specific VL AN ID(s) or Ether net ty pe(s).
C ONFIGURING THE S WI TCH 3-112 CLI – T his exa mple shows how to cr eate an Ing res s MAC A CL and bind it to a po r t. You can then see that the ord er of the rules have been changed by the ma sk.
A CCES S C ONTROL L ISTS 3-113 • When an A CL is bound to an interface as an egre ss filter, all entries in the ACL must be deny rules. Otherwise , the bind operatio n will fail. • The s witch does not sup port the expli cit “deny any a ny” rule for t h e egress IP ACL or th e egress MAC ACLs.
C ONFIGURING THE S WI TCH 3-114 CLI – This example assigns an I P and MA C ing ress A CL to port 1, and an IP ingress A CL to port 2. Port Conf iguration Displaying Connection Status Y ou c an use t.
P ORT C ONFIGURATION 3-115 We b – Click P or t, P or t Infor mation or T r unk Infor mation. Fig ure 3-5 0 Port - Po rt Inf orm at ion Field Attribut es (CLI) Basic infor mation: • Port type – Indicates the port type.
C ONFIGURING THE S WI TCH 3-116 - 100full - Supp orts 10 0 Mbps full-d uplex op eratio n - 1000full - Supports 1000 Mbps full-duplex operation - Sym - Transmi t s and r eceives pause fr ames for flow co ntrol - FC - Supp orts fl ow contr ol • Broadcast sto rm – Show s if broa dcast st orm cont rol is ena bled or disa bled.
P ORT C ONFIGURATION 3-117 CLI – This example s hows the co nnection statu s for P or t 13. Configuring I nterface Connections Y ou can use the P o rt Configuration or T r unk Con figuration page to.
C ONFIGURING THE S WI TCH 3-118 the cap abiliti e s to b e advertis ed. When auto-neg otiation is di sabled, you can forc e the setti ngs for speed , mode, and flow control .
P ORT C ONFIGURATION 3-119 We b – Click Port, Port Configuration or T r unk Configuration. Mo dify the required interface settings, and c lick Apply . Figure 3-51 Configuring Port Attributes CLI – Sele ct the in terfac e, and then ent er the r equired settings.
C ONFIGURING THE S WI TCH 3-120 Creating Trunk Groups Y ou can creat e multiple l inks between d evices that w o rk as one virt ual, ag g regate link. A port tr unk offers a d ramatic increase in band width for network segments wher e bottlenecks exist , as well as providing a fault-tolerant link between two devices (i.
P ORT C ONFIGURATION 3-121 • When configuring stat ic trunks on switches of different types, th ey must be comp atible wi th the Ci sco Ethe rChan nel stan dard. • The port s at both ends of a trunk must be configured in a n identical manner , including co mmunicatio n mode (i.
C ONFIGURING THE S WI TCH 3-122 We b – Click P or t, T r unk Membership. E nter a tr unk ID of 1-6 in the T r unk field, sel ect any of the switch po r ts from th e scroll-do wn port list, and cl ick Add. Aft er you ha ve comple ted adding p o rts to t h e member list, click Apply .
P ORT C ONFIGURATION 3-123 Enabling LACP on Selected Ports Command Usage • To avoi d creatin g a loop in the ne twork , be sure yo u enable LACP befor e connectin g the po rts, and a lso disconn ect the port s before dis abling L ACP.
C ONFIGURING THE S WI TCH 3-124 Command Att ributes • Member List (Cur rent) – Show s configu red tru nks (Unit , Port). • New – Incl udes entry fields for cr eating new trunks . - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-26) We b – Click P or t, LA CP , Configuration.
P ORT C ONFIGURATION 3-125 Configur ing LACP Parameter s Dynamically Creating a Por t Channel – P or ts assi gned to a commo n por t channel must meet t he following criter ia: • Ports must have th e same L ACP Sy stem Prior ity. • Ports must have the s ame LACP port Ad min Key .
C ONFIGURING THE S WI TCH 3-126 Command Att ributes Set Port Actor – This menu sets the local side of an ag g reg ate link; i.e., the por ts on this switch.
P ORT C ONFIGURATION 3-127 We b – Click P or t, LACP , Ag g reg ation P o rt. Set the System Priority , Admin Key , and Port Priority for the P o rt Ac tor .
C ONFIGURING THE S WI TCH 3-128 CLI – The followi ng example config ures LA CP parameters for p or ts 1-6. P or ts 1-4 are used as acti ve members of the LA G; por ts 5 and 6 are set to backup mo de.
P ORT C ONFIGURATION 3-129 Displaying LACP Port Coun ters Y ou can dis play stati stics fo r LACP protoc ol mes sag es . We b – Click P or t, LA CP , Port Counters Infor mation.
C ONFIGURING THE S WI TCH 3-130 CLI – The follow ing example dis plays LA CP counters for port channel 1. Displaying LACP Sett ings and Status f or the Local Side Y ou can display configuratio n settings and th e operational state for th e local side of an link ag g reg ation.
P ORT C ONFIGURATION 3-131 Adm in Sta te , Oper S tate Administrative or opera tional values of the actor’s state parameters: • Expired – The actor’s rec eive machine is in the expire d state;.
C ONFIGURING THE S WI TCH 3-132 We b – Click P or t, LA CP , P or t Inter nal Infor mation. Se lect a por t channel to disp lay th e correspon ding info r mation. Figure 3-56 Displaying LACP Port Information CLI – The follow ing example dis plays th e LACP configuration settings and op erational sta t e for the local side of port chan nel 1.
P ORT C ONFIGURATION 3-133 Displaying LACP Settings and Sta tus for the Remo te Side Y ou can display configuratio n settings and th e operational state for th e remote side of an link ag gr eg ation. Table 3- 10 LACP Nei ghbor Configur ation Information Field Description Partner Admin System ID LAG partner’s syst em ID assigned by the user.
C ONFIGURING THE S WI TCH 3-134 We b – Click P or t, LA CP , P or t Neighbors Infor mation. Select a port channel to display the cor respon ding infor matio n.
P ORT C ONFIGURATION 3-135 Setting Broadcast Storm Thre sholds Broadc ast stor ms may o ccur when a devi ce on your net work is malfunctioning, o r if application prog rams are not well designed or proper ly configured.
C ONFIGURING THE S WI TCH 3-136 CLI – Sp ecify any inte rfa ce, and th en en ter the thresh old. T he followin g disab les broadcas t storm control fo r port 1, and then sets broadc ast suppr ession a t 60 packet s per sec ond fo r por t 2 .
P ORT C ONFIGURATION 3-137 Command Att ributes • Mirror S essions – Displays a list of curre nt mirror sessions . • Source Unit – The unit whose port traffic will be monitored. (Range: 1-8) • Source Port – The port whose tr affic will be monitored.
C ONFIGURING THE S WI TCH 3-138 Configuring Rate Lim its This f unctio n allows the network ma nag er to cont rol the ma ximum rate for traffic transmitted or receiv ed on an interface. Rate limiting is config ured on in terfac es at the edge of a network to limit traff ic coming out of the switch.
P ORT C ONFIGURATION 3-139 CLI - This example sets the rate limit for inpu t and output traffic pass ing through por t 1 to 60 Mbps. Showing Port Statistics Y ou can d isplay stand ard statistics on netwo rk traffic from th e Interfaces Group and Ether net-like MIBs, as w ell as a detailed breakdown of traffic based o n the RM ON MIB .
C ONFIGURING THE S WI TCH 3-140 Received Disca rded Packets The number of inboun d packets which were chosen to be discard ed even though no erro rs had been detected to prevent their being d eli verable to a higher-laye r protocol. One possibl e reason for discarding such a packet could be to free up buffer space.
P ORT C ONFIGURATION 3-141 Etherlike Statistics Alignment Errors The number of alignmen t errors (missynchronized data pac kets). Late Collisions The number of times that a collisi on is detected later than 512 bit-times into th e tran smission of a packet.
C ONFIGURING THE S WI TCH 3-142 Internal MA C Receive Errors A count of fra mes for which reception on a particular interface fails due to an in ternal MAC sub layer receive error. RMON St atistics Drop Events The total number of events in which packe ts were dropped due to lack of resources.
P ORT C ONFIGURATION 3-143 64 Bytes Frames The tot al number of frame s (including ba d packets) received an d transmitted that were 64 octets i n leng th (excluding framing bits but including FCS oc tets ).
C ONFIGURING THE S WI TCH 3-144 We b – Click P ort, Port Statistics . Select the required interface, and clic k Quer y . Y ou ca n also u se th e Refresh but ton a t the bott om of t he pag e to update th e screen.
P OWER O VER E THER NET S ETTINGS 3-145 CLI – This example show s statistics for por t 13. Power Ov er Etherne t Settings The SMC6824MPE and SMC6826MPE can provide DC po wer to a wide range of connected device s, eli minating the n eed for an addit ional pow er source and cutti ng down on the am ount of cables attac hed to each device .
C ONFIGURING THE S WI TCH 3-146 the p ower requ ired b y a device e xceeds the pow er budget o f the p or t or t h e whole switch, p ower is not supp lied.
P OWER O VER E THER NET S ETTINGS 3-147 We b – C l i c k Po E , Po w e r S t a t u s. Figure 3-62 Displaying the Gl obal PoE Status CLI – This exampl e displays the current pow er status for the s witch.
C ONFIGURING THE S WI TCH 3-148 We b – Clic k Po E, Po wer Config . Specify t he desired po wer budget for t he switch. Click Apply . Figure 3-63 Setting the Switch Power Budget CLI – Use th e power mainpower maximum allocation co mmand to se t the PoE power budg e t for th e swit ch.
P OWER O VER E THER NET S ETTINGS 3-149 We b – C l i c k Po E , Po w e r Po r t S t a t u s. Figure 3-64 Displaying Port PoE Status CLI – This example displa ys the P oE status and priority of por t 1.
C ONFIGURING THE S WI TCH 3-150 • If a d evice is connecte d to a critical or h igh-priority port and causes the swit ch to exc eed its budget , port power is turned on, bu t the switch drops power to on e or more lower-priorit y ports. Note: Pow er is dr opped f rom l ow-prior ity p orts in se quence start ing from po rt numb er 1.
A DDR ES S T ABLE S ETTINGS 3-151 CLI – This example sets the P oE pow er budget for port 1 to 8 wa tts, t h e pri ori ty to high (2 ), and th en enables the po wer . Addre ss Ta ble Set tings Switches sto re t he addres ses for a ll known devices. This infor matio n is used to pass traff ic directly b etween th e inbound and outbound por ts .
C ONFIGURING THE S WI TCH 3-152 We b – Click Address T able, Static Addresse s . Specify th e interface, the MA C address and VLAN , then click Add St atic Address . Figure 3-66 Mapping Ports to Static Addresses CLI – This example adds an address to the static ad dress table, but sets it to be deleted w hen the switch is reset.
A DDR ES S T ABLE S ETTINGS 3-153 • VLAN – ID of configured VLAN (1-4093). • Address Table Sort Key – You ca n sort the info rmation display ed based on MAC add ress, VLAN or interface (port or tru nk). • Dynamic Address Counts – The number of a ddresses d ynamically learned.
C ONFIGURING THE S WI TCH 3-154 Changing the Agin g Time Y ou can c hange the agin g time for entries in t h e dyna mic address ta ble. Command Att ributes • Aging Statu s – Enabl es or disab les the agin g time. • Aging Time – The time af ter which a lea rned entry is discarded.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-155 Th e spann ing tr ee alg o rithm s suppor ted by this switch inc lude th ese ve r si o n s : • STP – Spanning Tree Protocol (IEEE 802.1D) • RSTP – Rapid Spanni n g Tree Protocol (IEEE 802.1w) • MSTP – Multiple Spanning Tree Protocol (IEEE 802.
C ONFIGURING THE S WI TCH 3-156 start learning, predefin ing an alternate route t hat can be used w h en a node or por t fails , and retaining the forwarding database for por ts inse nsitive to chan g es in t h e tr ee str ucture when reconfi guration occur s.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-157 • Forward Delay – The maximum tim e (in seconds ) the root device will wait bef o re chang ing states (i.e., dis carding to learning to forwardin g) . This del ay is required becaus e every device m ust receive inform ation about to pology changes befo re it starts to forwa rd frames.
C ONFIGURING THE S WI TCH 3-158 • Priority – Bridge priority is used in se lecting the ro ot device, root port, and d esignated p ort. Th e device with the hig hest prior ity (i.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-159 We b – Click Spanning T r ee, ST A Infor m ation. Figure 3-69 Displaying the Spanning Tree Algorithm CLI – T his command disp lays global ST A settings, followed b y se ttings for ea ch por t .
C ONFIGURING THE S WI TCH 3-160 Note: The current root port an d current root co st display as zero when this de vice is not co nnected to the netw ork. Configuring Global Setti ngs Global sett ings apply to the e ntire switch. Command Usage • Sp annin g Tree Prot ocol 8 Uses RSTP fo r the internal state machine, b ut sends only 802.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-161 • Rapi d Spanning Tree Pr otocol 8 RSTP su pports connec tion s to eith er STP or RSTP no des by monitor ing the i ncoming pro tocol mess ages and d.
C ONFIGURING THE S WI TCH 3-162 - RSTP : Rapid Spanning Tree (IEEE 802.1w) RSTP is the default. - MSTP : Multiple Spanning Tree (IEEE 802.1s) • Default Priority Format – Sets the defa ult spann ing tr ee prio rity forma t: - 802.1D 9 : Specifies IEEE 802.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-163 • Forward Delay – The maxim um time ( i n seco nds) this de vice will wait before changi ng sta tes (i. e., dis cardi ng to lea rning to forw ardin g). This delay is required because e very device must r eceive informati o n about topology change s before it st arts to fo rward fram es.
C ONFIGURING THE S WI TCH 3-164 We b – Click Spanning T ree, STA Configuration. Modify the required attributes , an d click Apply . Figure 3-70 Configuring the Spanning Tree Algorithm.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-165 CLI – T his examp le en ables S pan ning Tree Protoc ol, set s the mode t o MST , and then configure s the ST A and MSTP parameters .
C ONFIGURING THE S WI TCH 3-166 - If two port s of a switch are conn ected to the same seg m ent and there is no o ther STA device a ttached to this segment, the p ort with th e small er ID forwards packets a nd the other is discardi ng.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-167 bridges, bridge p orts, or LANs fail or are removed. The role is set to disabled (i.e., disabled port ) if a po rt has n o role wit hin the s p annin g tree. • Trunk Member 11 – Indicates if a port is a member o f a trunk.
C ONFIGURING THE S WI TCH 3-168 likely to be blo cked if the Sp anning Tree Algorithm is detect i ng n etwork loops. Where m ore than on e port is assigned the hig hest prio rity, the port with lowest numeric identifier will b e enabled.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-169 CLI – This example show s g eneral ST A configuration and attributes for por t 5. Configuring I nterface Settings Y ou can c o nfigu re RSTP and MSTP a t tribut es for specific interfaces , including por t priorit y , path cost, link ty pe, and edge po rt.
C ONFIGURING THE S WI TCH 3-170 - Learning - Port has transmitted co nfiguration messages for an inter v al set by the Forward Delay p arameter with out receiving c o ntradi ctory infor m atio n. Port add ress table i s cleared, and t he port begins learning addr esses.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-171 • Admin Link Type – The link type a ttached to this inter face. - Poin t-to-Poin t – A conn ection to exac tly one o ther brid ge.
C ONFIGURING THE S WI TCH 3-172 CLI – T his examp le sets STA attributes for por t 5. Configuring M ultiple Spanning Trees MSTP generat es a unique sp anning t ree for eac h instance .
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-173 Command Att ributes • MST Instance – Instance iden tifier of this s p anning tree. (Default: 0) • Priority – Th e priority of a spanning tree instance.
C ONFIGURING THE S WI TCH 3-174 CLI – T his displays ST A settin gs for instance 1, followed by settings for eac h por t. Console#show spanning-tree mst 1 4-227 Spanning-tree information -----------.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-175 CLI – This example s ets the priori ty for MSTI 1, and ad ds VLANs 1-5 to this MSTI. Displaying Interface Setti ngs for MSTP The MSTP Port In for mat ion and MS TP T r un k Infor ma tion pa ges display the current s tatus of ports a n d trunks in t h e sele cted MST inst ance.
C ONFIGURING THE S WI TCH 3-176 CLI – T his displays ST A settin gs for instance 0, followed by settings for each por t. T he settin gs for instan ce 0 a re glob al set tin gs that a pply t o the IST (page 3-156), the settings for other instances only apply to the local spanning tr ee.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-177 Configuring I nterface Settings for MS TP Y ou can c o nfigu re the STA interface sett i ngs f o r an MST Instance usi n g the MSTP P o rt Conf iguration and MSTP T r unk Configuration p ages.
C ONFIGURING THE S WI TCH 3-178 when th e Path Cost Method is set to sho rt (page 3-63) , the maxim um path cost is 65,535. By defa ult, the s ystem automa tically de tects th e speed and d uplex mode used on each port, a n d conf igures the path cost accordi n g to the values shown be low.
VLAN C ONFIGURATION 3-179 VLAN C onfig ura tion IEEE 802.1Q VL ANs In la rg e netw orks , routers a re used to isol ate broadcas t traffic for ea ch subnet into se parate domains. T his switch provides a similar ser vic e at Layer 2 by usin g VLANs to org anize a ny g rou p of net w o rk nodes into sepa rate br oadcas t domains.
C ONFIGURING THE S WI TCH 3-180 Assigning Ports t o VLANs Before enabling VLANs for the switch , you m us t first assign eac h port to the VLAN g roup(s) in which it will par ticipate.
VLAN C ONFIGURATION 3-181 P o r t Overlapping – Port overlapp ing can be used to all ow acce ss to common ly shared netw ork resource s among differen t VLAN g roups , suc h as file ser vers or printers.
C ONFIGURING THE S WI TCH 3-182 should also determine securi ty boundaries i n the networ k and disable GVRP on po r ts to pr event adver tiseme nts bein g prop ag ated, o r forb id por ts from joining restricted VLAN s .
VLAN C ONFIGURATION 3-183 by t he frame tag . How eve r, when this switc h rece ives an untag ged frame from a VLAN-una ware device , it first decides where to for ward the frame, and th en inserts a VLAN tag reflecting t he ingress port’ s defa ult VID .
C ONFIGURING THE S WI TCH 3-184 Displaying Basic VLAN Info rmation The VLAN B asic Information page di spla ys basic i n formation on the VLAN typ e supp ort ed by the s witch. Field Attribut es • VLAN Version Number 14 – The VLAN versio n used by th is switch as specified in the IEEE 802.
VLAN C ONFIGURATION 3-185 Displaying Cur r ent VLANs The VLAN Curren t T able sho ws the current port mem b ers o f each VLAN and whether o r not the port supp or ts VLAN tag ging . P orts assi gned to a lar g e VLAN group t hat crosses sever al switch es should us e VLAN tag gin g .
C ONFIGURING THE S WI TCH 3-186 Command Att ributes (CLI) • VLAN – ID of configured VLAN (1-4093, no leading zeroes). • Type – Shows how this V LAN was added to the swi tch. - Dynamic : Au tomatical ly learne d via GVRP . - Static : A dde d as a sta tic entr y.
VLAN C ONFIGURATION 3-187 • VLAN I D – ID of configured VLAN (1-4093, no leading zeroes). • VLAN Name – Name of th e VLAN (1 to 32 charac ters). • Status (W eb) – En ables or disa bles the specifie d VLAN. - Enable : VLAN is operation al. - Disable : VLAN is suspend ed; i.
C ONFIGURING THE S WI TCH 3-188 CLI – T his examp le cre ates a new VLA N . Adding Stati c Members to VLANs (VLAN Index) Use the V LAN Static T able to confi g ure port member s for the select ed VLAN index. Assign por ts as tag g ed if they are c o nnected to 802.
VLAN C ONFIGURATION 3-189 Command Att ributes • VLAN – ID of configured VLAN (1-4093). • Name – Name of the VLAN (1 to 32 characte rs). • Status – Enables o r disables th e specified VLAN. - Enable : VLAN is oper ational. - Disable : VLA N is suspend ed; i.
C ONFIGURING THE S WI TCH 3-190 We b – Click VLAN , 802.1Q VLAN, S tatic T ab le. Select a VLAN ID from the scrol l-down list. Modify the VLAN name and status if required. Select the membe rship type by marking the ap propriat e radio button in the list of por ts or tr u nks.
VLAN C ONFIGURATION 3-191 • Non-Member – VLAN s for whic h the sel ected interfa ce is not a tagg ed member. We b – Click VLAN , 802.1Q VLAN , Static Membership by P or t. Select an interfa ce from th e scroll-down box (P or t or T r unk). Clic k Quer y to displa y membership in for mation for th e interface.
C ONFIGURING THE S WI TCH 3-192 • GARP – Group Ad dress Regi stration Prot ocol is us ed by GVRP t o register or d eregister clie nt attributes for client s ervices wit hin a bridged LAN. T h e defau lt values for th e GARP timers are independent of the media acc ess method or data rate .
VLAN C ONFIGURATION 3-193 • GARP J oin Ti mer 15 – The in terval betw een tran smitting requests/ queries t o participate in a VLAN group. (Ran ge: 20-1000 centisecond s; Default: 20) • GARP Leav e Ti mer 15 – The interval a port waits b efore leaving a VLAN grou p.
C ONFIGURING THE S WI TCH 3-194 We b – Click VLAN , 802. 1Q VLAN , P o rt Configuration o r T r unk Configuration. Fill in the required se ttings for each interface, click Apply .
VLAN C ONFIGURATION 3-195 VLAN , and with their desig nated promi scuous ports . (No t e th at priv ate VLANs and nor mal VLANs can e xist simultaneously wit hin the same switch.) Eac h priv ate VLAN co nsists of two c omponents: a primary VLAN and one or more communi ty VLANs .
C ONFIGURING THE S WI TCH 3-196 • Primary VLAN – The pr imary VLA N with whi ch the se lected VLAN is associa ted. (Note t hat this displa ys as VLAN 0 i f the selected VLAN is itself a primary VLAN.) • Ports List – The list o f ports (an d assigned type) in t he selected p rivate VLAN.
VLAN C ONFIGURATION 3-197 Configur ing Private VLANs Th e Private VLA N Config urati on pag e is u sed to c reate/ remove primar y or comm unity VLANs .
C ONFIGURING THE S WI TCH 3-198 Associating Commun ity VLANs Eac h communit y VLAN must be associated with a pr im ary VLAN . Command Att ributes • Primary VLAN ID – ID of primary VLAN (1-4093). • Association – Commu nity V LA Ns as sociat ed wi th t he sel ect ed pri mary VLAN.
VLAN C ONFIGURATION 3-199 Displaying Priva te VLAN I nterface I nformatio n Use the Pri vate V LAN P or t Information and Pri vate V LAN T r unk Infor mation men us to display t h e interfac es associated with pri vate VLANs. Command Att ributes • Port/Trunk – The s w itch i n terface.
C ONFIGURING THE S WI TCH 3-200 CLI – T his e xample show s the switc h configured with primary VLAN 5 and seco ndar y VLAN 6. P ort 3 has been con figured as a pro miscuous port and mapped to VLAN 5, while ports 4 and 5 ha ve been configured as a host ports and associated with V L AN 6.
VLAN C ONFIGURATION 3-201 promisc uous p or ts . I f PVLAN Port T ype is “H ost,” then specif y the associa ted secondary VLAN . We b – Click Private VLAN, Private VLAN Port Config uration or Private VLAN T runk Configura tion. Set the PVLAN Por t Type fo r each port that will join a private VLAN .
C ONFIGURING THE S WI TCH 3-202 Class o f Service Configura tion Class of Ser vice (CoS) allows you to specify which data packets hav e greater pr ecedence when traf fic is buffered in the swit ch due to cong esti on. T his switch s uppor ts C oS with fou r prio rity que ues fo r each port.
C LASS OF S ER VICE C ONFIGURATION 3-203 We b – Click Priority , Defa ult P or t P riority or Defau lt T r unk Pr iority . Modify th e default p riority for any interf ace, then c lick Apply . Figure 3-88 Configuring Class o f Service per Port CLI – T his example assigns a defau lt priority of 5 to p or t 3.
C ONFIGURING THE S WI TCH 3-204 Mapping CoS Val ues to Egress Queues This sw itch processes Class of Ser vice (CoS) priorit y tag ge d traffic by using four priority queues for ea ch port, with service sche dules based on W eight ed Round Robin (WR R).
C LASS OF S ER VICE C ONFIGURATION 3-205 We b 18 – Click Priority , T raffic Classes. Mark an interface and click Select to disp lay th e cur rent ma pping of CoS v alues to output queues . Assign prior ities to th e traffic class es (i.e ., output qu eues) for the se lected interface, then click Apply .
C ONFIGURING THE S WI TCH 3-206 Selecting t he Queue Mode Y ou c an set th e switch to s er vice the qu eues bas ed on a str ict r ule that require s all traffi c in a higher priority queue t o be pro.
C LASS OF S ER VICE C ONFIGURATION 3-207 Setting the Service Weight for Traffic Classes Th is swi tch us es the W eight ed Roun d Robin (WR R) al g orit hm to deter mine the frequency at which it ser vices each priority queue.
C ONFIGURING THE S WI TCH 3-208 CLI – The follow ing example s h ows how to as sign WRR wei ghts of 1, 4, 16 and 64 to the CoS p riority queues 0, 1, 2 and 3. Layer 3/4 Priority Settings Mapping L ayer 3/4 Prio rities to CoS Values This sw itch suppor ts several common me thods of prioritizing layer 3/4 traffic to meet application re quirements .
C LASS OF S ER VICE C ONFIGURATION 3-209 • IP Precedence – Maps layer 3/4 priori ties using IP Preceden ce. • IP DSCP – Ma ps l ayer 3/4 priori ties using Differentiat ed Services Code Point Mapping. We b – Clic k Priority , IP Precedence/ DSCP Priority Status .
C ONFIGURING THE S WI TCH 3-210 Command Att ributes • IP Precedence Priority Table – Shows the I P Precedence t o CoS map. • Class of Service Value – Ma ps a CoS value to the selected I P Preceden ce value. Note t h at “0” represents lo w priority an d “7” repr esent high priority.
C LASS OF S ER VICE C ONFIGURATION 3-211 Mapp ing D SCP Pr ior ity The DSCP is six bits wide, allo wing coding for up t o 64 different forward ing behavior s .
C ONFIGURING THE S WI TCH 3-212 Command Att ributes • DSCP Priori ty Table – Sh ows the DS CP Prio rity to C oS map. • Class of Service Value – Ma ps a CoS value to the selected DSCP Priority va lue. Note th at “0” repr esents low priority and “7” repr esent high prio rity .
C LASS OF S ER VICE C ONFIGURATION 3-213 CLI 21 – The following ex ample globally enables DSCP Priority ser vice on the switch , maps DS CP value 0 to CoS value 1 (on p or t 5), and th en displays the DSCP Priority setting s .
C ONFIGURING THE S WI TCH 3-214 We b – Click Priority , IP P o rt Sta tus . Set IP P or t Priori ty Status to Enab led. Figure 3-95 Globall y Enabling the IP Port Priority Status We b 22 – Click Priority , IP Port Priority . Select a por t or tr unk from the Interfac e field .
C LASS OF S ER VICE C ONFIGURATION 3-215 CLI 22 – T he following example globally enables IP Port Priority ser vice on the switch , maps HTTP tr affic (on p or t 5) to CoS value 0, and then displays the IP P or t Priority settings for that po rt .
C ONFIGURING THE S WI TCH 3-216 We b – Click Priority , Copy Settings . Se lect the source priority setting s to be copi ed, e nter the so urce por t or tr unk number an d choos e the destina tion inte rface/ s to copy to, then click Copy Setting s .
C LASS OF S ER VICE C ONFIGURATION 3-217 Command Usage Y ou mus t config ure an A CL mask before you can map CoS values to the rul e . Command Att ributes • Port – Port id entifier. • Name 23 – Name of ACL. • Type – Type of ACL (I P or MAC).
C ONFIGURING THE S WI TCH 3-218 Changing Priorities Based on ACL Rules Y ou can c hang e traffi c priorities for frames matc hing the defined A CL r ule. (This feature is common ly referre d to as A CL packet marking .) Th is switch can ch ang e the IEEE 802.
C LASS OF S ER VICE C ONFIGURATION 3-219 We b – Click Priority , A CL Marker . Select a por t and an A CL r ule. T o specify a T oS priority , mark the Precedence/DSCP c heck bo x, select Preceden ce or DSCP from th e scroll-dow n box, an d enter a priori ty .
C ONFIGURING THE S WI TCH 3-220 Mult ica st Fi lte ring Multicasting is used to suppor t real-time applications such as videocon ferencing or streaming audio . A multicast s er ver does no t have to establish a sep arate conne ction wit h each clie nt.
M ULTICAST F ILTE RIN G 3-221 multicast host re gistration pro tocol that allows any host to info r m its local router that it wa nts t o rece ive transm issions add ressed to a specific multicast g roup . A router, or m u lticast-enabled switch, can periodically ask their hosts if they want to receive m u lticas t traffic.
C ONFIGURING THE S WI TCH 3-222 Static IGM P Host In terf ace – For mult icast applicat ions that you need to control more carefully , you can manually assign a multicast ser vice to specific interfaces on the switch (page 3-228).
M ULTICAST F ILTE RIN G 3-223 • IGMP Query Count — Sets the maximum number of queries issued for which t here has be en no resp onse b efore the s witch t akes action to dr op a client from the multicast group. (Range: 2-10; Default: 2) • IGMP Query Interval — Sets the fr equency at whi ch the switch sends IGMP host-query messages.
C ONFIGURING THE S WI TCH 3-224 CLI – T his example modifies the set tings for multicast filtering, and the n disp lays the current s t atus . Displaying Interfaces Attached to a Multicast Route r M.
M ULTICAST F ILTE RIN G 3-225 We b – Click IGMP Snooping, Multic ast Router P or t Infor mation. Select the req uired VLAN I D from the scro ll-down list to disp lay the asso ciated multicast routers .
C ONFIGURING THE S WI TCH 3-226 • Port or Trunk – Specifies the interface at tached to a mul ticast router . We b – Click IGMP Snoopin g, Static Mult icast Router P or t Configuration. Specify the interfaces at tached to a multicast r outer , indicate t he VLAN which will forward all the corre sponding multicast traffic, and then click Add.
M ULTICAST F ILTE RIN G 3-227 • Multicast Group Port L ist – Shows the in t erface s that have already been assigned to the selected VLAN to propagate a specific multic ast servic e. We b – Click IGMP Snooping, IP Multicast R egi stration T able.
C ONFIGURING THE S WI TCH 3-228 Assigning Ports to Multicast Services Multicast filte ring can be dyna mically configured usin g IGMP Snoopin g and IG MP Que r y mes sage s as d escri bed in “Con figur ing IGM P Snoop ing and Query Parameter s” on pag e 3-222.
C ONFIGURING D OMAIN N AME S ER VICE 3-229 CLI – This example assigns a m ulticast addres s to VLAN 1, and t h en displays all the known multicast ser vices suppor te d on VLAN 1.
C ONFIGURING THE S WI TCH 3-230 through the do main list, append ing each domain name in the list to the host nam e, and checki ng with the specified name s ervers for a m atch.
C ONFIGURING D OMAIN N AME S ER VICE 3-231 We b – Select DNS, General Configuration. Set the default domain name or lis t of domain name s, sp ecify one or mo re name ser v ers to use f or address resolution, enable domain lo okup status , and click Apply .
C ONFIGURING THE S WI TCH 3-232 CLI - T his example sets a default domain name and a domain list. Howev er, remember that if a domain list is specified, the default domain name is not u sed.
C ONFIGURING D OMAIN N AME S ER VICE 3-233 • Alias – Displays th e host na mes that are mapp ed to the same address(es) as a pre viously configur ed entry. We b – Select DNS , Static Hos t T a ble. Enter a host name and one or more correspondin g addresses , then clic k Apply .
C ONFIGURING THE S WI TCH 3-234 CLI - T his exam ple maps tw o address to a hos t name , and then config ures an alias ho st name fo r the same a ddresse s . Displaying the DNS Cache Y ou can d isplay ent ries in the DNS cache that h ave b een learned via the desi gnated name ser vers.
C ONFIGURING D OMAIN N AME S ER VICE 3-235 We b – Se l e ct D NS, C a ch e. Figure 3-107 Displaying the DNS Cache CLI - T his exa m ple d isplays all the resource records l earned from th e desi gnated name ser vers. Conso le#sh ow dn s cache 4-293 NO FL AG TYPE IP TTL DO MAIN 0 4 CNAME 20 7.
C ONFIGURING THE S WI TCH 3-236.
4-1 C HAPTER 4 C OMMAND L INE I NTERF ACE This ch apter descr ibes how t o use the Comma nd Line Int erface (CLI). Using the Com m and Line Interface Accessing the CLI When acces sing the man ag ement.
U SING THE C OMMAND L INE I NTERFACE 4-2 After c onnecting to the sy stem through the consol e port , th e login screen displ ays: Telnet Conn ection T elnet operates over the IP transpo r t protocol. In this envi ronment, y o ur manageme nt station a nd any netw ork devi ce you w ant to manage o ver the network must hav e a valid IP address .
C OMMAND L INE I NTE RF ACE 4-3 After y ou configure t he switch wi th an IP addre s s , you can open a T elnet session by perfo r ming the se st eps. 1. Fr om the remote host, ente r the T elnet comma nd and the IP a ddress of the de vice you want to ac cess.
E NTERING C OMMANDS 4-4 Y ou can e nter commands as follows : • To ent er a simple c ommand, ente r the command key word. • To enter multiple commands , enter each command in the required order.
C OMMAND L INE I NTE RF ACE 4-5 Database). Y ou can also display a list of valid k eyword s for a specific comma nd. F or example , the c ommand “ show ? ” displays a list of possible show comma n.
E NTERING C OMMANDS 4-6 Partial Keywor d Lookup If yo u ter minate a partial keyw ord with a question mark, alt er nativ es that match the initial letters are provided. ( Re me mber not to leave a space betw een the command and question m ark.) F or example “ s? ” sh ows all the keyw ords starting with “s .
C OMMAND L INE I NTE RF ACE 4-7 mode . Y ou can alw ays ente r a question ma rk “ ? ” at the prom pt to d isplay a list of the commands avai lable for the cur rent mode .
E NTERING C OMMANDS 4-8 Confi g urati on Commands Configuration commands are privileged level commands used to modify switch setting s . Th ese command s modify the r unn ing configuration on ly and are not save d when the switc h is rebo oted.
C OMMAND L INE I NTE RF ACE 4-9 T o ente r the other m odes, at the config uration pro mpt type one o f the follo wing commands . Use the exit or end command to return to the Pri vileged Exec mo de. F or examp le, you ca n us e the fo llowing com man ds to e nter i nterf ace config uration m ode, and th en ret ur n to Privileg ed E xec mode.
E NTERING C OMMANDS 4-10 Command Line Pro cessing Commands are not case sensitiv e. Y ou can abbrevi ate commands and para mete rs as l ong a s they cont ain eno ugh le tter s to d iffer ent iate t hem from any ot her cur rentl y ava ilable comm ands or par ameters .
C OMMAND L INE I NTE RF ACE 4-11 Comman d Groups The syst em commands c an be br oken do wn into th e functional groups shown below . Table 4-4 Command Group Index Command Group Descripti on Page Line.
C OMMAND G RO UP S 4-12 The access m ode shown i n the follow ing tables i s indi cated by thes e abbr eviations: NE (Nor mal Exec) IC (Int erface Configuration) PE (Privileged Exec) VC (VLAN Database.
C OMMAND L INE I NTE RF ACE 4-13 Line Co mma nds Y ou can access the onboard configuration pr og ram by attac hing a VT100 compa t ible d evice to th e switch’ s seria l port. These comman ds are used t o set communication parameters for the serial por t or T e lnet (i.
L IN E C OMMANDS 4-14 line This command identifies a sp ecific line for configuration , and to process subse quent line config uration c omma nds . Syntax line { console | vty } • console - Console terminal line. • vty - Virtual terminal for r emote console acces s (i.
C OMMAND L INE I NTE RF ACE 4-15 login This command enables pass word c hecking at l ogin. Use the no for m to disable password checki ng and a llow conne ction s withou t a pass word. Syntax login [ local ] no login local - Selects loc al password c he cking .
L IN E C OMMANDS 4-16 Related Commands username (4-34) password (4-16) passwo rd This command s p ecifi es the pa ssword fo r a line. Use t he no f or m to rem ove the pas sword.
C OMMAND L INE I NTE RF ACE 4-17 Related Commands login (4-15) password-thre sh (4-19 ) time out l ogin resp ons e This c ommand sets the inte r val that the system waits for a user to log in to the CL I. Use t he no for m to restor e the defau lt setting.
L IN E C OMMANDS 4-18 exec-ti meout This c ommand sets the inter val that the system waits until user in put is detected. Use the no form to res tore the defa ult. Syntax exec-timeout [ sec onds ] no exec-timeout seconds - In teger that specifies the number of second s .
C OMMAND L INE I NTE RF ACE 4-19 passwo rd-th resh This c ommand sets th e password intr usion th reshold which limits t he number of failed logo n attempts. Us e the no for m to remov e the threshold val u e. Syntax passw ord-thresh [ thr e shol d ] no passw ord-thresh thr eshold - The numb er of all owed passw ord att empts .
L IN E C OMMANDS 4-20 silent-tim e This c ommand sets the amo unt of time the manag eme nt conso le is inacce ssible after th e number of unsuccessful lo g on attempt s exceed s the threshold set by the pas sword-t hr es h co mmand . Use th e no for m to remov e the silent ti me value .
C OMMAND L INE I NTE RF ACE 4-21 Default Setting 8 data bits per c haracter Command Mode Line Configuration Command Usage The databits co mmand can be u s ed to mask the high bit on input from devices th at g enerate 7 d ata bits w ith par ity . If pari ty is being g ene rated, s pe c i f y 7 d a t a b i t s p e r c h a r a c t e r .
L IN E C OMMANDS 4-22 Command Usage Communic ation pr otoc ols prov ided by dev ices s uch as te r mina ls an d modems o ften req uire a sp ecific par ity bit se tting. Example T o spec ify no parity , enter t h is co mmand: speed This c ommand sets th e ter minal line’ s baud rate.
C OMMAND L INE I NTE RF ACE 4-23 stopbits Th is command se ts the number of the stop bits tran smitted pe r byte. Use the no for m to r estore th e defau lt settin g .
L IN E C OMMANDS 4-24 Example Related Commands show ssh (4-53) show users (4-80) show line This comm and displays the ter minal line ’ s parameters . Syntax show li ne [ console | vty ] • console - Console terminal line. • vty - Virtual terminal fo r remote console acces s.
C OMMAND L INE I NTE RF ACE 4-25 General Comman ds enable This c ommand activates Pri v ilege d Exec mode . In privileged mo de, addition al commands are av ailable, an d cer tain commands dis p lay add itional infor mation . See “ Und ersta nding Command Mo des” on page 4-6.
G ENERA L C OMMANDS 4-26 Command Usage • “supe r” is the default passwo rd required to c hange the command mode from Normal Exec to Priv ileged Exec.
C OMMAND L INE I NTE RF ACE 4-27 configu re This comm and activates Global Configuration mode. Y ou must enter this mode to m odify any setting s on the switch.
G ENERA L C OMMANDS 4-28 Example In this exam ple, the s how his tor y c omma nd list s the c onte nts of th e comma nd history buffe r: The ! command re peats c ommand s from the Execution c omma nd .
C OMMAND L INE I NTE RF ACE 4-29 Example Th is example shows how to res et the sw itch: end This command returns to Privile g ed Ex ec mode. Default Setting None Command Mode Global Configuratio n, Interface Co nfiguration, Line Configura tion, VLAN Da tabase Con figura tion, and Mult iple Spanning T re e Configuration.
G ENERA L C OMMANDS 4-30 Example This examp le shows ho w to return to the Privi leged Exec m ode from the Global Configur ation mode , and th en quit the CLI session : quit Use this command to exi t the configurat ion program.
C OMMAND L INE I NTE RF ACE 4-31 System Mana gemen t Commands These comman ds are used to control syst em logs , passw ords , user names , browser config uratio n optio ns, and disp lay or con figure a variety of othe r system infor mat ion.
S YSTEM M ANAGEM ENT C OMMANDS 4-32 Device Designation Commands prom pt Th is command custo mizes the CL I prom pt. U se the no f o r m t o r e ve r t t o t h e defau lt pro mpt. Syntax prompt st ring no prompt string - Any alph anumeric string to use for the comman d prompt.
C OMMAND L INE I NTE RF ACE 4-33 hostnam e This command specifies or modifi es the host name fo r this device. Us e the no for m t o restore the defau lt hos t name.
S YSTEM M ANAGEM ENT C OMMANDS 4-34 User Access Commands The basic c ommands requir ed for management access are l i sted i n this sectio n. T his swit ch also incl udes ot her options f or pas sword .
C OMMAND L INE I NTE RF ACE 4-35 Default Setting • The default access level is Normal Exec. • The f actor y def aults f or the u ser na mes and passw ords are: Command Mode Global Config uration Command Usage The en cr ypted password is required for compatibility with leg acy pas sword settings (i.
S YSTEM M ANAGEM ENT C OMMANDS 4-36 enable password After initially log g ing onto the syste m, you should set the Privileged Exec passw ord. Remember t o record it in a safe place. Use this command to control access to the P rivileged Ex ec leve l from the Normal Ex ec level.
C OMMAND L INE I NTE RF ACE 4-37 Related Commands enable (4-25) auth enticati on enabl e (4-99) IP Filter Commands management This c ommand sp ecifies the clien t IP addresses that are allowed man ag ement access to the switch thro ugh various pr otocol s.
S YSTEM M ANAGEM ENT C OMMANDS 4-38 Command Usage • If anyo ne tries to access a manag ement interface on the switch from an invalid a ddress, the switch will rej ect the connect ion, enter an eve nt message in the s ystem log, and send a trap messag e t o the trap manag e r.
C OMMAND L INE I NTE RF ACE 4-39 Example Web Server Co m mands Console#show management all-client Management Ip Filter Http-Client: Start ip address End ip address ----------------------------------------- ------ 1. 192.168.1.19 192.168.1.19 2. 192.168.
S YSTEM M ANAGEM ENT C OMMANDS 4-40 ip http port This command specifies the T CP por t numb er used by t h e web browser interface. Use the no form to use the defa ult por t. Syntax ip http por t port-number no ip http por t por t-nu mbe r - Th e T C P p o rt t o be u s e d b y t h e b r o w s e r i n t e r f a c e .
C OMMAND L INE I NTE RF ACE 4-41 Example Related Commands ip http po rt (4-40) ip http secur e-server This c ommand enab les the s ecure h ypertext tran sfer prot ocol (HTTP S) ov er the Sec ure Socke t Layer (SSL) , providi ng secure acce ss (i.e ., an encrypted conne ction) to the switch’ s web interfa ce.
S YSTEM M ANAGEM ENT C OMMANDS 4-42 • The f ollowing w eb brow sers a nd oper ating sy stems c urre ntly s upport HTTPS: • To sp ecify a secur e-sit e cer tific ate, see “R epla cing th e Def ault Se cure -sit e Certificate” on page 3-77. Also refer to the copy command on page 4-82.
C OMMAND L INE I NTE RF ACE 4-43 Command Usage • You can not configure t he HTTP and HTTPS servers to us e the same port . • If yo u change the H TTPS p ort numb er, cl ients attemp ting to c onne.
S YSTEM M ANAGEM ENT C OMMANDS 4-44 Default Setting •S e r v e r : E n a b l e d • Se rve r Po rt: 23 Command Mode Global Config uration Example Secure Sh ell Commands The Berkley-stan dard includes remote access tools origin ally designed for Unix sy stems .
C OMMAND L INE I NTE RF ACE 4-45 The SSH se r ver on t his swi tch supp or ts both passwo rd and publi c key authen tication. If p assw o rd authen tication is sp ecified by the SSH clie nt, then the .
S YSTEM M ANAGEM ENT C OMMANDS 4-46 switch as de scribed in the following se ction. No te that reg ardless of wh ether you use public key or passw ord authenticatio n, you still hav e to g enerate authen tication k eys on the switch a nd enable th e SSH server .
C OMMAND L INE I NTE RF ACE 4-47 5. Enable SS H Service – Use the i p ssh ser ver command to enable the SSH server on the swit ch. 6. Configur e Challenge-R esponse A uthentication – Whe n an SSH client attempt s to contac t the switc h, the SSH server u ses the hos t ke y pair t o negotiate a ses sion key a nd encr yption method.
S YSTEM M ANAGEM ENT C OMMANDS 4-48 Command Usage • The SS H server support s up to fou r client se ssions. Th e maximu m number of client session s include s both curr ent Telnet se ssions and SSH session s.
C OMMAND L INE I NTE RF ACE 4-49 Command Usage The time out specifies the inter val the switch will wait for a response from t he client du ring the SSH n eg otiation ph ase. On ce an SSH session has bee n establis hed, the t imeout for us er input i s control led by the exec-timeout comman d for vty sessio ns.
S YSTEM M ANAGEM ENT C OMMANDS 4-50 ip ssh server-key size This command sets the SSH server key size . Use the no for m to restor e the default se tting. Syntax ip ssh ser ver -key siz e ke y - s i z e no ip ssh ser ver -key siz e key -s i z e – T he size of ser ver ke y .
C OMMAND L INE I NTE RF ACE 4-51 Example ip ssh crypt o host-key gener ate Use th is command to generate the host key p air (i.e ., public and pri vate). Syntax ip ssh cr ypto host-key generate [ ds a | rsa ] • dsa – DSA ( Version 2) key typ e. • rsa – RSA (Version 1) key type.
S YSTEM M ANAGEM ENT C OMMANDS 4-52 ip ssh crypto zer oize This comma nd clears the ho st key from memor y (i.e . RAM). Syntax ip ssh cr ypto zeroize [ dsa | rsa ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Clears b oth the DS A and RSA key .
C OMMAND L INE I NTE RF ACE 4-53 Default Setting Saves both the DSA and RSA key . Command Mode Pri vileged Exec Example Related Commands ip ssh cr y pto host-key gene rate (4-51) show ip ssh This comma nd displa ys the connection s ettings used when authenti cating client access to the SS H ser ver .
S YSTEM M ANAGEM ENT C OMMANDS 4-54 Table 4-16 show ssh - d i splay description Field Description Session The session numb er. (Range: 0-3) Version The Secure She ll versio n number. State The a uthentica tion neg otiation s tate. (Values: Negotiation-St a rte d, Authentication - Started, Session-Started) Username The user name of the client.
C OMMAND L INE I NTE RF ACE 4-55 show publ ic-key This comma nd shows the public key for the s pecified use r or for the host. Syntax show public-k ey [ user [ user name ]| host ] user na me – Name of an SSH user . (Range: 1-8 chara cters) Default Setting Shows all public keys.
S YSTEM M ANAGEM ENT C OMMANDS 4-56 Example Event Lo gging Comma nds Console#show public-key host Host: RSA: 1024 35 15684995401867669259333946775054617325313 6748908365472541502024559319 986854435836.
C OMMAND L INE I NTE RF ACE 4-57 loggi ng on This comm and controls log ging of er ror messag es , sending debug o r error messag es to switch memor y .
S YSTEM M ANAGEM ENT C OMMANDS 4-58 • ram - Eve nt history stor ed in temp orary RAM (i.e. , memory flushe d on powe r reset). • level - One of the syslog severit y levels listed in the follow ing table. Messag es sent include t he selected l evel down to level 0.
C OMMAND L INE I NTE RF ACE 4-59 loggi ng host This comm and adds a syslog ser ver host IP address that will receive log ging messages . Use the no for m to remo ve a s yslog server ho st. Syntax [ no ] lo gging host host_i p_addr ess host_ip_ addr ess - The IP addres s of a syslo g ser ver.
S YSTEM M ANAGEM ENT C OMMANDS 4-60 Command Usage The com mand specifies the facility type tag se nt in syslog me ssages. (See RFC 3164.) This type has no effect on the kind of messages reported by the swi tc h. H ow ev er , it may be u sed b y t he sys log serve r to sort me ssa g es or to sto re m essag es in the cor re spond ing datab ase.
C OMMAND L INE I NTE RF ACE 4-61 clear l og Use this command to cle ar messages from t h e log bu ffer . Syntax clear lo g [ fla s h | ram ] • fla sh - Even t history s tored in flas h memory (i.e. , permanent memo ry). • ram - Eve nt history stor ed in temp orary RAM (i.
S YSTEM M ANAGEM ENT C OMMANDS 4-62 Default Setting None Command Mode Pri vileged Exec Example The following example shows that sys tem log gin g is enabled, the me ssage level for flash memor y is “errors ” (i.e., default lev el 3 - 0), and the message level for RAM is “debug ging” (i.
C OMMAND L INE I NTE RF ACE 4-63 Related Commands show log gin g sendmail (4 -68) show log This comma n d disp lays the l o g messa g es stored in local memory . Syntax show log { fl a s h | ram } • fla sh - Even t history s tored in flas h memory (i.
S YSTEM M ANAGEM ENT C OMMANDS 4-64 Example The follo wing exampl e shows t he even t message stored in RAM. SMTP Ale rt Co mm and s Config ures SMTP ev ent handl ing, and forward ing of alert mess ages to the specif ied SMTP servers and e mail recipi ents .
C OMMAND L INE I NTE RF ACE 4-65 Default Setting None Command Mode Global Config uration Command Usage • You can specify up to three SMTP ser v ers for event handing .
S YSTEM M ANAGEM ENT C OMMANDS 4-66 Command Usage The spe cified level indicates an event thresh old. All events at this level or higher w ill be sen t to the configured email recipient s . (For example, using Level 7 will repor t all events from level 7 to level 0.
C OMMAND L INE I NTE RF ACE 4-67 loggi ng send m ail dest ination-email This command specifies the email recipient s of a l ert messages . Use the no for m to rem ove a recipient. Syntax [ no ] logging sendmail destina ti on-email email -address email-address - The re cip ient email ad dress for a ler t mess ages.
S YSTEM M ANAGEM ENT C OMMANDS 4-68 Example show lo gging sendmai l Th is com man d dis plays th e set ting s for th e SM TP even t han dler. Command Mode Nor mal Exec, Pri vile ged Exec Example Ti me Comm ands The sys tem clock can be dynami cally set by polling a set of spe cified time ser vers (N TP or SNTP ).
C OMMAND L INE I NTE RF ACE 4-69 sntp client This comm and enables SNTP client re quests for time synchronization from NTP or SN TP time servers specified with the sntp se r ver s comma nd.
S YSTEM M ANAGEM ENT C OMMANDS 4-70 Example Related Commands sntp ser ver (4 -70) sntp poll (4-71) show sntp (4-72) sntp server This comma nd sets the IP address of t he ser ver s to whic h SNTP time request s are issued. Use the this command w ith no argum ents to clea r all time ser vers from the cur rent lis t.
C OMMAND L INE I NTE RF ACE 4-71 Command Usage This c ommand specifi es time ser vers from which the switch wil l poll for time update s when set to SNTP client mode. Th e client will po ll the time servers in the order specifi ed until a resp onse is recei ved.
S YSTEM M ANAGEM ENT C OMMANDS 4-72 Related Commands sntp clien t (4-69) show sntp This c ommand displays the cur rent time and configuratio n settings for th e SNTP clie nt, and ind icates whethe r or not the lo cal time has been properl y updated .
C OMMAND L INE I NTE RF ACE 4-73 clock timezon e This command sets the time z one for the swit ch’ s internal clo ck. Syntax clock timezone name hour ho urs minute minutes { before-utc | after-utc } • name - Name of timezone, usually an acronym.
S YSTEM M ANAGEM ENT C OMMANDS 4-74 calendar set This comman d sets the sys tem cloc k . It m a y be used i f there is n o time s er ver on y our netw ork, or if you h ave no t configured the switc h to recei ve sig nals from a time ser v er. Syntax calendar set hour min sec { month day y ear | day mont h year } • hour - Ho ur in 24-hour format.
C OMMAND L INE I NTE RF ACE 4-75 Example This examp le shows ho w to dis play the cur rent sys tem cloc k setting . Sys tem S tatu s Com ma nds show startup-config This comman d displays the configuration file stored in non-volatile memor y that is use d to star t up th e system.
S YSTEM M ANAGEM ENT C OMMANDS 4-76 • This command disp lays settings for key command modes. Each mo de group is separ ated by “! ” symbols, and incl udes the conf iguration mode command, and corresponding commands.
C OMMAND L INE I NTE RF ACE 4-77 Related Commands show r unn ing-co nfig (4-7 7) show runnin g-config This comma n d disp lays the configur ation infor m ation cur rently in use.
S YSTEM M ANAGEM ENT C OMMANDS 4-78 Example Related Commands show star tup-con fig (4-75) Console#show running-config ! IP address DHCP ! phymap 00-04-e2-b3-16-c0 00-30-f1-b0-e9-8 0 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00 -00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 10.
C OMMAND L INE I NTE RF ACE 4-79 show system This c ommand displays system infor mation . Default Setting None Command Mode Nor mal Exec, Pri vile ged Exec Command Usage • For a descripti on of the it ems shown by this com mand, refe r to “Displaying Sy stem Information ” on page 3-13.
S YSTEM M ANAGEM ENT C OMMANDS 4-80 show us ers Shows all activ e console and T elne t sessions, including user name, idle time, and IP ad dress of T elnet clie nt. Default Setting None Command Mode Nor mal Exec, Pri vile ged Exec Command Usage Th e sessi on us ed to execute t his comma nd is indic ated by a “*” s ymbo l next to t he Li ne (i.
C OMMAND L INE I NTE RF ACE 4-81 Command Mode Nor mal Exec, Pri vile ged Exec Command Usage See “Disp laying Swi tch Hardware/ Software V ersio ns” on pag e 3- 15 for detailed infor mation on the items d isplayed by this comm and. Example Flash/File Commands These comma nds are used to manage the system code or configurat ion fil es.
F LASH /F ILE C OMMANDS 4-82 copy Use th is command to mov e (uploa d/downlo ad) a code image or configu ration file between the switch’ s flash memor y and a TFTP se r ver . Whe n you save the system code or con figurat ion setting s to a file on a TFTP ser ver, that file can later be downloaded to the switch to restore system operation.
C OMMAND L INE I NTE RF ACE 4-83 Command Usage • The system promp ts fo r data requi red to comple te th e copy comma nd. • The dest ination file name sho uld not cont ain slashes ( or /), the leading letter of the file name should not be a pe riod (.
F LASH /F ILE C OMMANDS 4-84 Example The follo wing exam ple show s how to upload the co nfiguration settings to a file on the TFTP ser ver . The follo wing exam ple show s how to copy the running conf iguration to a star tup file. Th e following examp le shows how to down l oad a co nfiguration file.
C OMMAND L INE I NTE RF ACE 4-85 This exampl e shows ho w to copy a p ublic-key used by SSH from an TFTP server . No te that pu blic ke y authen ticatio n via SSH i s only su pported for users configured locally on the switch. This ex3ampl e shows how to do w nload a P oE control ler file (to the SMC6824MPE or SMC6826MPE) from a TFTP server .
F LASH /F ILE C OMMANDS 4-86 delet e This comm and deletes a file or imag e. Syntax delete [ unit :] filename filename - Name of the configuration file or image name.
C OMMAND L INE I NTE RF ACE 4-87 dir This comm and displays a list of files in flash me mor y . Syntax dir [ unit : ] {{ boot-rom: | config: | opcode: } [ filename ]} The type of file or image t o dis.
F LASH /F ILE C OMMANDS 4-88 Example The following example shows how to display all file infor m ation: whichboo t This comma nd displa ys which files were booted when the syste m po wered up . Command Mode Pri vileged Exec Example This exa m ple shows th e infor mation displayed by the whichboot command.
C OMMAND L INE I NTE RF ACE 4-89 boot syst em Use th is command to specify t he file or image us ed to start up the sys tem. Syntax boot system [ unit : ] { boot-rom | config | opcode }: filenam e The ty pe of file or imag e to set a s a default inc ludes: • boot-rom * - Boot ROM.
P OWER OVER E THER NET C OMMANDS 4-90 Power ov er Etherne t Comman ds Th e comm ands in this g roup c ontro l the power tha t can be delivered to attached P oE devices through the switch por ts on the SMC6824MPE and SMC6826MPE.
C OMMAND L INE I NTE RF ACE 4-91 power mainpower maximu m allocation This command defines a pow er budget for the switch (i .e., th e power av ailable to all switch ports ). Use the no fo r m to restore the default setting . Syntax pow e r mainpower maximum allocation < wat ts > [ unit unit ] • watts - The power budget for the switch.
P OWER OVER E THER NET C OMMANDS 4-92 Default Setting Disabled Command Mode Global Config uration Command Usage • The sw itch auto matically detects a tta ched PoE de vice s by peri odically transmitting test voltages th at over the 10 /100BASE-TX ports.
C OMMAND L INE I NTE RF ACE 4-93 powe r inline This command i nstructs the swi tch to automati cally detect if a PoE-compl iant device is connected to the specified port, and tur n power on or off ac cordingly . Use the no form to turn off po wer fo r a port.
P OWER OVER E THER NET C OMMANDS 4-94 Command Mode Interf ace Configuratio n Command Usage If a device is connected to a switch p ort and the switch det ects that it requir es more th an the maximum power alloca ted to t he por t, no power is su pplied to t he device (i.
C OMMAND L INE I NTE RF ACE 4-95 • Powe r is dropped f rom low-pri ority ports in sequenc e starting fro m port number 1. Example Related Commands power mainpower maximum allocation (4-91) show power inl ine status This c ommand displays the cur rent power status for all por ts or for sp ecific por ts.
P OWER OVER E THER NET C OMMANDS 4-96 show po wer m ainpo wer Use th i s comm and to disp lay the current p ower st atus for the switch. Command Mode Pri vileged Exec Example Table 4-27 show power inl.
C OMMAND L INE I NTE RF ACE 4-97 Authen tication Com mands Y ou can config ure this switch to authe nticate users lo g ging into the system for managem ent access using loca l or RADI US auth enticati on meth ods . Y ou can a l so en able po r t-based auth entication for n etw ork client acc ess using IEEE 802.
A UTHENTICATION C OMMANDS 4-98 authent ication login This comm and defines th e login authe n ticat ion method and pre cedence . Use the no for m to r estore th e default. Syntax authentication login {[ loca l ] [ radius ] [ tacacs ]} no authentication login • local - Use l ocal password.
C OMMAND L INE I NTE RF ACE 4-99 Example Related Commands username - for set ting the local us er names and pa ssword s (4-34) authent ication enable This comma nd defines th e authentic ation meth od and prec edence to use when c hanging fro m Ex ec command m ode to Privile g ed Ex ec command mode w ith the ena ble command (see page 4-25).
A UTHENTICATION C OMMANDS 4-100 • You can specify thre e authenticati on methods in a single comm and to indica te the auth enticatio n sequence. Fo r example, if you enter “ authentication enable radius tacacs loc al ,” th e user name and password on the RADIUS s erver is verified first .
C OMMAND L INE I NTE RF ACE 4-101 radi us-server host This command specifies primary and bac kup RADIUS ser vers and authen tication p arameters that apply to each server .
A UTHENTICATION C OMMANDS 4-102 radi us-server port This comma nd sets the RAD I US se r ver netw ork port. Use the no for m to restore the defau lt. Syntax radius-ser ver port port_number no radius-server por t por t_nu mbe r - RADI US ser ver UDP por t used for authe ntication messages .
C OMMAND L INE I NTE RF ACE 4-103 Example radi us-server retran smit This comma nd sets the n umber of retr ies . Use the no fo r m to restore t h e defau lt.
A UTHENTICATION C OMMANDS 4-104 Command Mode Global Config uration Example show radius- server This comma nd displa ys the cur rent sett ings for th e RADIUS ser ver .
C OMMAND L INE I NTE RF ACE 4-105 TACACS+ Client T er minal Acce ss Controller Ac cess Control Syste m (TA CA CS+) is a log on authent icat ion prot ocol th at uses so ftware r unning on a cen tral se r ver to contr ol access to TA CACS-aw a re de vices on the n etwork.
A UTHENTICATION C OMMANDS 4-106 tacacs-server p o rt This comma n d speci fies the T A CACS + ser ver net work port. U s e the no for m to res tore the d efault. Syntax tacacs-ser ver port port_number no tacacs-ser ver por t por t_nu mbe r - TA C A CS+ ser ver T CP por t use d for a uthentica tion messages .
C OMMAND L INE I NTE RF ACE 4-107 Example show tacacs-ser ver This comma nd displa ys the current set tings for th e TA CACS+ ser ver . Default Setting None Command Mode Pri vileged Exec Example Port S ecurit y Comm ands These comman ds can be used to enable port secu rity on a por t.
A UTHENTICATION C OMMANDS 4-108 port se curit y This com m and enables or co nfigures por t secu rity . Use the no for m w ithout any k eyword s to disable por t secu rity . Use th e no for m with the appropr iate ke yword to restore the default settings for a re sponse to security v iolation or for the maximum number of allowed addresses .
C OMMAND L INE I NTE RF ACE 4-109 Command Usage • If you e nable port secur ity, the swi tch stops learning new MA C addr esses on th e specified por t when it has reach ed a configur ed maximum number. Only incoming traffic with source addres ses already stored in the dynamic or static addr ess table will be ac cepted.
A UTHENTICATION C OMMANDS 4-110 802.1X Port Auth entication The switch suppor ts IEEE 802.1X (dot1x) por t-based access control that prev ents unautho rized access to the netw ork by requiring users t o first submit credentials for authenti cation.
C OMMAND L INE I NTE RF ACE 4-111 dot1x system-au th-control This command enables IEEE 802.1X por t authentication globally on the switch. Us e the no for m to restore the default.
A UTHENTICATION C OMMANDS 4-112 Default 2 Command Mode Interf ace Configuratio n Example dot1 x port -con trol This c ommand se ts the dot1x mo de on a p ort int erfac e.
C OMMAND L INE I NTE RF ACE 4-113 dot1x o peration-mode This c ommand allows single or multiple hosts (client s) to conne ct to an 802.1X-authorized port. Use the no for m with no keyw ords to rest ore the default to single hos t. Use the no for m with th e multi-host max-count ke ywords t o resto re the default m aximum co unt.
A UTHENTICATION C OMMANDS 4-114 dot1x re-au then ticate This comm and forces re-authentic ation on all por ts or a specific interface. Syntax dot1x re-authenticate [ interfac e ] interface ethernet unit / port - unit - The stack unit. (Range: 1-8) - port - Po rt numb er.
C OMMAND L INE I NTE RF ACE 4-115 dot1x t imeout quiet-perio d This c ommand sets the time that a switch por t waits after th e Max Request Count h as been ex ceeded be fore attempti ng to acquire a n ew client. Use t he no form to re set the de fault.
A UTHENTICATION C OMMANDS 4-116 Example dot1x t imeout tx-period This c ommand sets th e time that an interfa ce on the sw itch waits during an authen tication ses sion before re-t ransmitting an EAP packet. Use the no form to rese t to the default value .
C OMMAND L INE I NTE RF ACE 4-117 Command Mode Pri vileged Exec Command Usage This c ommand displays t he following infor mation: • Global 802.1X Parameters – Shows whether or not 802.1X port authenticatio n is globally enabled on the s witch. • 802.
A UTHENTICATION C OMMANDS 4-118 - Supplicant– MAC address of authorized client. - Current Identifier– The intege r (0-255) used b y the Authen ticator to identify the curre nt authen ticatio n session.
C OMMAND L INE I NTE RF ACE 4-119 Access Co ntrol List Co mmands Access Control Lists (AC L) provide packet filtering f or IP fram es (based on address , protocol , Layer 4 protocol por t n umber or TCP control co de) or any frames (based on MA C address or Eth er net type) .
A CCESS C ONTR OL L IST C OMMANDS 4-120 soon as it matche s a den y r ule. If no ru les match for a list of all permit rules, the packet is drop ped; and if no rules match for a list of all deny rules, the packet is accepted. There are t h ree fil tering modes: • Stan dard IP ACL mode (STD-A CL) filt ers packets ba sed on the source IP address.
C OMMAND L INE I NTE RF ACE 4-121 • Egr ess MAC ACLs only wor k for destinat ion-mac-kn own packets, not for multicast, broadcast, o r destination-mac -unknown packe ts. The order in wh ich activ e A C Ls are chec ked is as follows : 1. User-defined r ules in the Egress MAC ACL for egress po rts.
A CCESS C ONTR OL L IST C OMMANDS 4-122 IP ACLs Table 4-36 IP ACL Commands Command Function Mode Page access-list ip Creates an IP ACL and enters configura tion mode GC 4-123 access-lis t ip extended .
C OMMAND L INE I NTE RF ACE 4-123 access-list i p This command adds an IP access list and ente rs config uration mode for stand ard or extende d IP A CLs .
A CCESS C ONTR OL L IST C OMMANDS 4-124 access-list i p extended fra gment-auto-mask This c ommand automatically create s extra mas ks to supp or t fragmente d A CL entries .
C OMMAND L INE I NTE RF ACE 4-125 Command Mode Standar d A CL Command Usage • New ru l es are appended to the end of the list. • Addres s bitmasks are simil ar to a subnet mask, co ntaining four int egers from 0 to 255, each separated b y a period.
A CCESS C ONTR OL L IST C OMMANDS 4-126 [ no ] { per m it | den y } tcp { any | source addr ess-bitmask | host sourc e } { any | destination address-bitmask | host destination } [ precedence preceden .
C OMMAND L INE I NTE RF ACE 4-127 with the a ddress for each IP packe t enteri ng the p ort(s) to which th is ACL has been assigne d. • You can s pecify both Prec edence and ToS in th e same rule. How ever, if DSCP i s used, then neither Precedence nor T oS can be specifi ed.
A CCESS C ONTR OL L IST C OMMANDS 4-128 This per mits all TCP pack ets from class C addresses 192.168.1.0 with the TCP co ntro l co de set to “SY N .” Related Commands access-list ip (4-123) show ip access-list This comm and displays the r ules for configured IP A CLs .
C OMMAND L INE I NTE RF ACE 4-129 access-list i p mask-precede n ce This comma nd changes to the IP Mask m ode used to co nfigure acces s control m asks. Use the no form to de lete t he mask t abl e. Syntax [ no ] access-list ip mask-precedence { in | out } • in – Ingress mask for i ngr ess ACLs.
A CCESS C ONTR OL L IST C OMMANDS 4-130 mask (IP AC L) This c ommand defines a ma sk for I P A CLs. This mask d efines th e field s to chec k in the IP he ader .
C OMMAND L INE I NTE RF ACE 4-131 determ ined b y the mask, a nd no t the o rder in whic h the ACL ru les we re enter ed. • First create the req uired ACLs and ingress or egress masks before mapping an ACL t o an interface . •I f y o u e n t e r dscp , you canno t enter to s or precedence .
A CCESS C ONTR OL L IST C OMMANDS 4-132 This shows ho w to create a standard A CL with an ingress mask to den y access to the IP host 171.69.198.102, and permit access to any others . This sho ws how to create an exten ded A CL with an egress mask to drop packe t s leaving netw ork 171.
C OMMAND L INE I NTE RF ACE 4-133 This is a mor e comprehens ive ex ample. It d enies any TCP packet s in which the SYN bit is ON , and per mits all othe r pack e ts . It t hen sets the ing re ss mask to check the deny r u le first, a nd fina lly bind s por t 1 to th is A CL .
A CCESS C ONTR OL L IST C OMMANDS 4-134 Example Related Commands mask (IP A CL) (4- 130) ip access-gro up Th is comm and bi nds a po rt to an I P ACL. Use th e no for m to remov e the por t. Syntax [ no ] ip access-group acl_name { in | out } • acl_name – Name of the ACL .
C OMMAND L INE I NTE RF ACE 4-135 Related Commands show ip access-list (4-128 ) show ip access-grou p This com m and shows th e ports assign ed to IP A CLs . Command Mode Pri vileged Exec Example Related Commands ip access-group (4-134) map access-list ip This command s ets the out p ut queue for pack ets match ing an A CL rule.
A CCESS C ONTR OL L IST C OMMANDS 4-136 • A packet mat ching a rule w ithin the sp ecified ACL is m apped to one of the o utput queues as shown in t h e fo l lowing table. For information on mapping the Co S values to output que ues, see queue cos-map on page 4-257.
C OMMAND L INE I NTE RF ACE 4-137 Related Commands map access-list ip (4-135) match access-list ip This command cha ng es the IEEE 802.1p p riority , IP Preced ence, or DSCP Priority of a frame matching th e defined ACL r ule. (Thi s feature is common ly refer red to as A CL pack et marking .
A CCESS C ONTR OL L IST C OMMANDS 4-138 IP fram e header can incl ude either the I P Precedence o r DSCP prio rity type. • The pr ecedence for pri o rity map ping by this s witch is IP Prece dence or DSCP Priority, and then 802.
C OMMAND L INE I NTE RF ACE 4-139 access-list mac This comma nd adds a MAC ac cess list an d enters MA C A CL configura tion mode. Use the no form to remov e the specif i ed A CL. Syntax [ no ] access-list m ac acl_ nam e acl_n ame – Name o f the A C L.
A CCESS C ONTR OL L IST C OMMANDS 4-140 Command Usage • An egr ess AC L must c ontain a ll deny ru les. • When y ou create a new ACL or enter confi gurati on mode f or an exist ing ACL, u se the permit or deny comm and to add new rules t o the bott om of the list.
C OMMAND L INE I NTE RF ACE 4-141 [ no ] { per m it | den y } untagged-eth2 { any | host so urce | sourc e addr ess-b itmask } { any | host destination | destination address-bitmask } [ ether type protocol [ protocol - bitmask ]] [ no ] { per m it | den y } tagged-802.
A CCESS C ONTR OL L IST C OMMANDS 4-142 • A det ailed listing of Ethe rnet p rotoc ol typ es can be foun d in RF C 106 0. A few o f the more commo n types inclu de the following : - 0800 - IP - 0806.
C OMMAND L INE I NTE RF ACE 4-143 access-list mac m ask-precedence This comma nd changes to MAC Mask mode used to configur e access control m asks. Use the no form to de lete t he mask t abl e. Syntax [ no ] access-list ip mask-precedence { in | out } • in – Ingress mask for i ngr ess ACLs.
A CCESS C ONTR OL L IST C OMMANDS 4-144 mask (MAC ACL) Th is command defines a mask for MAC A C Ls . T his ma sk define s the fie lds to c heck in the pack et header .
C OMMAND L INE I NTE RF ACE 4-145 Example This examp le shows ho w to creat e an Ingress MA C A CL and bi nd it t o a port. You can then see that the order of the rules have b een changed by the mask.
A CCESS C ONTR OL L IST C OMMANDS 4-146 show access-list mac mask-pr ecedence This c ommand shows the ing r ess or e gr ess r ule ma sks for MAC A CLs. Syntax show access-li st mac m ask-precedence [ in | out ] • in – Ingress ma sk precedence for ingress AC Ls.
C OMMAND L INE I NTE RF ACE 4-147 • If a po rt is already bound to an ACL and you bind it to a different A CL, the switch w ill replace the old binding with th e new one. • You mus t configure a mask for an ACL rule befo re you can b ind it to a port .
A CCESS C ONTR OL L IST C OMMANDS 4-148 Default Setting None Command Mode Interf ace Configur ation (Eth er net) Command Usage • You mus t confi g ure an ACL mask bef ore you can map Co S values to the rule . • By defau l t, a p acket matching a rul e within the sp ecified ACL is m apped to on e of the outp ut queues as shown belo w.
C OMMAND L INE I NTE RF ACE 4-149 Command Mode Pri vileged Exec Example Related Commands map access-list mac (4-147) match access-list mac This command changes the IEEE 802.1p priori t y of a La yer 2 frame matching th e defi ned ACL rule. (T his f eature is c ommon ly refe rr ed to as A CL pac ket marking .
A CCESS C ONTR OL L IST C OMMANDS 4-150 Related Commands show marking (4-138) ACL Information show access-list This command shows all ACLs and associated r ules , as well as all the user -defined masks . Command Mode Pri vileged Exec Command Usage Once th e A CL is bo und to a n interf ace (i.
C OMMAND L INE I NTE RF ACE 4-151 show access-group Th is comman d shows t he por t as signment s of A C Ls . Command Mode Pri vileged Executi ve Example SNMP Commands Controls access to th is switch from management stations using the Simpl e Network Manag emen t Proto col (SNMP ), as well as the er ror ty pes sent t o trap manag ers.
SNMP C OMMANDS 4-152 snmp-server This command enables the SN MPv3 engine and services for all management clients ( i.e., versions 1, 2c, 3). Use the no for m to di sable th e ser ver .
C OMMAND L INE I NTE RF ACE 4-153 show snmp This command can be used to c heck the s t atus of SNMP communi c ations . Default Setting None Command Mode Nor mal Exec, Pri vile ged Exec Command Usage T.
SNMP C OMMANDS 4-154 snmp-server communit y This comma nd defines the SNMP v1 and v 2c comm unity access s tring . Use the no for m to remove the specified community string.
C OMMAND L INE I NTE RF ACE 4-155 Default Setting None Command Mode Global Config uration Example Related Commands snmp-server locatio n (4-155) snmp-server l ocation This comma nd sets the sys tem locatio n string . Use the no for m to re move the lo cat ion str ing .
SNMP C OMMANDS 4-156 snmp-server host This co mmand specif ies the rec ipient of a Simple Ne twor k Management Protoc ol notificat ion operat ion. Use the no for m to remov e the specified host.
C OMMAND L INE I NTE RF ACE 4-157 Default Setting • Host Ad dress: No ne • Notification Type: Traps •S N M P V e r s i o n : 1 • UDP Port: 162 Command Mode Global Config uration Command Usage • If you do not ent er an snmp-server ho st command, no notific ations are sent.
SNMP C OMMANDS 4-158 3. Specify the targ et host that will receive inform me ssages w ith the snmp-ser ver host co mmand as described in this s ection. 4. Create a view with the required notification messages (page 4-162). 5. Create a group that includes the required n o tify view (page 4-164).
C OMMAND L INE I NTE RF ACE 4-159 snmp-server enabl e traps This c ommand enables th is device to se nd Simple Network Manag ement Protoc ol traps or infor ms (i.
SNMP C OMMANDS 4-160 Example Related Commands snmp-ser ver host (4-156) snmp-server engi ne-id This command configures an ide ntification strin g for the SNMPv3 engi ne.
C OMMAND L INE I NTE RF ACE 4-161 the en gine ID of the a uthoritati ve agent . For informs , the auth oritative SNMP agen t is the remot e agent. You therefore need t o configure th e remote agent ’s SN MP engi ne ID before you c an sen d prox y req uests or informs to it.
SNMP C OMMANDS 4-162 snmp-server view This command adds an SNMP view which con trols user acce ss to the MIB . Use the no form to remov e an SNMP view . Syntax snmp-ser ver view view-n ame oid- tr ee { included | e xcl uded } no snmp-ser ver view view- name • view-name - Name of an SNMP view.
C OMMAND L INE I NTE RF ACE 4-163 Examples This view includes MIB-2. This view in cludes the MIB-2 interfaces table, ifDescr . The wild card is used to select all the ind ex values in this table. This view incl udes the MIB - 2 interfac es table, and the mask selects all ind ex entries .
SNMP C OMMANDS 4-164 snmp-server group This command adds an SNMP group , mapping SNMP users to SNMP views . Use the no form to remov e an SNMP gr oup .
C OMMAND L INE I NTE RF ACE 4-165 Command Usage • A group set s the access policy for th e assign ed users. • When au thentica tion is select ed, the MD5 or SHA algori thm is used a s specified in the snmp-server us er command.
SNMP C OMMANDS 4-166 Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1 R.
C OMMAND L INE I NTE RF ACE 4-167 snmp-server user This command adds a us er to a n SNMP group , restricting the user to a specific SNMP Read and a W rit e View .
SNMP C OMMANDS 4-168 ID with the snmp-server engine-id command before using this configuration c ommand. • Before you configure a remote user, u se the snmp-server engine-i d command (page 4-160) to specify the engine ID for the remote device where th e user resides.
C OMMAND L INE I NTE RF ACE 4-169 show snmp u ser This command s hows infor mation on SNMP users. Command Mode Pri vileged Exec Example Console#show snmp user EngineId: 01000000000000000000000000 User.
I NTE RF ACE C OMMANDS 4-170 Interface Commands These commands are used to displa y or set communic ation param eters for an Ethernet port, a g greg ated link, o r VLAN .
C OMMAND L INE I NTE RF ACE 4-171 int erfa ce This comman d configures an interface type and enter interface configuration mode. Use the no for m to remov e a tr unk. Syntax interf ace interface no interface por t-channel channel-id interface • ethernet unit / port - unit - Stack unit.
I NTE RF ACE C OMMANDS 4-172 Default Setting None Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Example The follo wing example adds a descriptio n to port 25 speed-duplex This comma nd configures t he speed and d uplex mode of a giv en interface when a utonegotiati on is dis abled.
C OMMAND L INE I NTE RF ACE 4-173 •W h e n u s i n g t h e negotiation comma nd to en able auto-n egotia tion, the optimal setti ngs will be dete rmined by the capabilities command. To set the sp eed/duplex mod e under auto-nego t iati on, the requir ed mode must be specified in the capabilities list for an interface.
I NTE RF ACE C OMMANDS 4-174 Example The follo wing example confi gures port 1 1 to use autone g otiation Related Commands nego tiation (4-173) speed-duplex (4-172) capa biliti es This comm and advertises the po rt capabi lities of a given interface during auto neg otia tion.
C OMMAND L INE I NTE RF ACE 4-175 Command Usage Whe n auto-neg o tiation is enabled with the negotiation command, the switch will ne go tiate the best sett ings fo r a link base d on th e capabi lities comma nd.
I NTE RF ACE C OMMANDS 4-176 • To for ce flow control on or off (with th e flowcontrol or no flowco ntrol comm and), use t he no negot iation comma nd to disa ble auto -negot iation on the sel ected in terface .
C OMMAND L INE I NTE RF ACE 4-177 Example The follo wing example disabl es por t 5. switc hport bro adcas t pac ket- rate This comma n d conf igures broadcas t stor m contro l . Use th e no for m to disable br oadca st stor m c ontrol. Syntax swi tc hpor t broadcast packet-rate rate no switchpor t broadcast rate - Threshol d level as a rate; i.
I NTE RF ACE C OMMANDS 4-178 clear co unters This comma nd clears s tatistics on an interface . Syntax clear counters interf ace interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTE RF ACE 4-179 show interfaces status This comm and displays the status for an interface. Syntax show i nterfaces status [ interface ] interface • ethernet unit / port - unit - Stack unit.
I NTE RF ACE C OMMANDS 4-180 Example show interfaces co unters This comm and displays interface statistics. Syntax show interfaces counters [ interface ] interface • ethernet unit/p ort - unit - Stack unit.
C OMMAND L INE I NTE RF ACE 4-181 Command Usage If no interface is spe cified, infor mat ion on all interfaces is displayed. For a desc riptio n of the ite ms displ ayed b y this comman d, see “Sho wing P ort Statistics” on pag e 3-139.
I NTE RF ACE C OMMANDS 4-182 show interfaces swi tchport This comm and displays the administrative and operational status of the specified in terfaces . Syntax show interfaces s witchpor t [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTE RF ACE 4-183 Table 4-47 show interfaces switchport - display description Field Description Broadcast threshol d Shows if broadcast stor m suppres sion is enabled or disabled; if enabled it also sho ws the thresho ld level (pag e 4-177).
M IR R OR P ORT C OMMANDS 4-184 Mirror Port Commands Th is sectio n desc ribes how to mir ror tr affic f rom a so urce por t to a targ et por t. port m onit or This command con figures a mir ror sess ion.
C OMMAND L INE I NTE RF ACE 4-185 • The destinat ion port is set by sp ecifying an Ethe rnet interface. • The mir ror por t and mo nitor po rt spee ds sho uld match , othe rwise t raffic may be d roppe d from the moni tor port . • You can create multi ple mirror sessions, but all sessions must share the same destination p ort.
R ATE L IMIT C OMMANDS 4-186 Example The foll owing show s mir rorin g configured from port 6 to po r t 11: Rate Limit Commands This f unctio n allows the network ma nag er to cont rol the ma ximum rate for traffic t ransmitted or recei ved on an in te rface.
C OMMAND L INE I NTE RF ACE 4-187 rate-limit This c ommand defines t he rate limit for a specific interface. Use this command without spec ifying a rate t o resto re the default rate .
L IN K A GG R E G A T I O N C OMMANDS 4-188 Link Aggregation Comman ds P or ts can be st atically g rouped into an ag g reg ate link (i.e., tr unk) to inc rease the ba ndwidth of a netw ork connect ion or to en sure fault recov er y .
C OMMAND L INE I NTE RF ACE 4-189 Guidelines for Creating Trunks General Guidelines – • Finis h configuring port trunks befo re you conn ect the corres ponding network c ables betwee n switches to avo id creating a loop. • A trunk ca n have up to eight ports .
L IN K A GG R E G A T I O N C OMMANDS 4-190 channel- group This command adds a port to a trunk. Use the no fo r m to remov e a port from a trun k. Syntax channel-group channel-id no channel-group channel- id - T r unk index (Rang e: 1-6) Default Setting Th e cur ren t por t will be adde d to this t r unk.
C OMMAND L INE I NTE RF ACE 4-191 Command Mode Interf ace Configur ation (Eth er net) Command Usage • The po rts o n both en ds of a n LACP trunk mu st be co nfigur ed for f ull duple x, either by forced mo de or auto-negotia tion.
L IN K A GG R E G A T I O N C OMMANDS 4-192 lacp system-priority This comma nd configures a port's LA CP sys tem priori ty . Use th e no for m to restore the default s etting. Syntax lacp { actor | par tner } system-priority priority no lacp { actor | par tner } system-priority • actor - The local side an aggr egate link.
C OMMAND L INE I NTE RF ACE 4-193 • Once the remo te side of a link ha s been establis hed , LACP ope ratio nal sett ings are alrea dy in use on that side.
L IN K A GG R E G A T I O N C OMMANDS 4-194 • Once the remo te side of a link ha s been establis hed , LACP ope ratio nal sett ings are alrea dy in use on that side.
C OMMAND L INE I NTE RF ACE 4-195 Example lacp port -priori ty This command configures LA CP port priority . Use the no for m to res tore the de fault set ting . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | par tner } po r t-priority • actor - The local side an aggr egate link.
L IN K A GG R E G A T I O N C OMMANDS 4-196 show lacp This c ommand displays LA CP infor mation. Syntax show lacp [ port-chann e l ] { counter s | internal | neighbor s | sys-id } • port-cha nnel - Local identifier for a lin k aggregation grou p. (Range: 1-6 ) • counters - Statis tics for LACP protocol mes sages.
C OMMAND L INE I NTE RF ACE 4-197 Marker Receive d Number of valid Marker PDUs recei ved by this cha nnel group. LACPDUs Unk nown Pk ts Number of frames received tha t either (1) Carry the Slow Protoc.
L IN K A GG R E G A T I O N C OMMANDS 4-198 LACP Port Priority LACP port priority assigned to this interface within the channel group. Adm in Sta te , Oper S tate Adm inistr ative or ope ration al val.
C OMMAND L INE I NTE RF ACE 4-199 Console#show lacp 1 neighbors Channel group 1 neighbors ----------------------------------------- ---------------------------- Eth 1/1 -------------------------------.
A DDR ES S T ABL E C OMMANDS 4-200 Addre ss Ta ble Com man ds These comma nds are used to confi gure the addre ss table for filtering speci fied addres ses, display i ng curren t entries , clearin g the tab le, or settin g the agin g time.
C OMMAND L INE I NTE RF ACE 4-201 mac-address-tabl e static Th is c omm and map s a st at ic ad dre ss to a destination por t in a VLAN . Use the no for m to remo ve an addr ess.
A DDR ES S T ABL E C OMMANDS 4-202 Example clear mac-add ress-table dynamic This comma n d remo ves an y lear ned ent ries from the forwarding database and cl ears the tra nsmit and re ceiv e counts for any static or system configured entries .
C OMMAND L INE I NTE RF ACE 4-203 Default Setting None Command Mode Pri vileged Exec Command Usage • The MAC A ddres s Tab le cont ains the MA C add resse s ass ociate d with each i nterface.
S PANNING T RE E C OMMANDS 4-204 Command Mode Global Config uration Command Usage The aging t ime is used to age out dy namically lear ned forwarding infor mation . Example show mac-add ress-table agin g-time This c ommand shows the aging time for entries in the address tab le.
C OMMAND L INE I NTE RF ACE 4-205 spanning-tre e hello-time Configur es the spanni ng tree bridge hello time GC 4-209 spanning-tre e max-age Configu res the spanni ng tree bridge maximum a ge GC 4-210 spanning-tre e defaul t priority Sets the spanning-tree prio rity to use increments specifi ed by IEEE 802.
S PANNING T RE E C OMMANDS 4-206 spanning-tree This c ommand enable s the Spanning Tree Algorit hm globally for th e switch. Use the no form to disable it.
C OMMAND L INE I NTE RF ACE 4-207 ensure t hat only on e route exists be tween an y two st ations on the network, and pr ovide back up links wh ich automa tically ta ke ov e r when a primar y link g oes down.
S PANNING T RE E C OMMANDS 4-208 • Rapi d Spanning Tree Proto col RSTP supports co nnections to eithe r STP or RST P nodes b y monitorin g the inco ming prot ocol mes sages and dynam ically adj usting th e type o f protoc ol messa ges the RST P node transmit s, as desc ribed b elow: - STP Mode – If t h e switch receive s an 802.
C OMMAND L INE I NTE RF ACE 4-209 Default Setting 15 seconds Command Mode Global Config uration Command Usage This c ommand sets the maximum time (in seconds) th e root device will wai t before c hanging stat es (i.e ., discardi ng to learning to forwardi ng).
S PANNING T RE E C OMMANDS 4-210 Example spanning -tree max-age This comm and configures the spanning tree bridge maximum age globally for this switch. Use the no for m to restore the default. Syntax spanning-tree ma x-age seco nds no spanning-tree max-a ge seconds - Time in seconds .
C OMMAND L INE I NTE RF ACE 4-211 spanni ng-tr ee de fault prio rity Use th i s comm and to confi g ure the spanning-tree priority to use increments specified by IEEE 802.1D (steps of 1) or 802.1t (st eps of 4096). Use th e no for m to restore the default setting to increments specified b y IEEE 802.
S PANNING T RE E C OMMANDS 4-212 Default Setting 32768 Command Mode Global Config uration Command Usage Bridge prio rity is used in selec ting the root d evice, root por t, and designa ted po rt . Th e devic e with th e high est prio rity (i.e ., lower numeri c value) beco mes the ST A root device .
C OMMAND L INE I NTE RF ACE 4-213 Command Usage The path c ost meth od is used to deter mine the best path betw een devices . T heref ore , lower v alues sho uld be assigned t o por ts att ached to faster media, and higher values as signed to por ts wi th slow er media.
S PANNING T RE E C OMMANDS 4-214 spanni ng-tr ee ba ckup -root This c ommand ad justs the b ridg e priority in an attempt to take ov e r as the new root bridg e if it loses con tact with th e original root device. Use the no for m to di sable the command.
C OMMAND L INE I NTE RF ACE 4-215 Related Commands mst vlan (4-215) mst priority ( 4-216) name (4-217) revision (4-218) max-hops (4-218) mst vlan This comman d adds VLANs to a sp anning tree in stance. Use the no for m to remove the spe cifi ed VLAN s .
S PANNING T RE E C OMMANDS 4-216 MSTI region as a sing le node, co nnecting all regions to the Common Spanni ng Tree. Example mst priori ty This command configures the priority of a s panning tree instance .
C OMMAND L INE I NTE RF ACE 4-217 Example name This comm and configures the name for the multiple spanning tree region in which this switch is loc ated.
S PANNING T RE E C OMMANDS 4-218 revisi on This comm and configures the revisio n number for this multiple spanning tree configuration of th is switch. Use the no for m to r estore the de fault. Syntax revision number number - Rev ision number of the span ning tree.
C OMMAND L INE I NTE RF ACE 4-219 Default Setting 20 Command Mode MST Configuration Command Usage A n M S T I r e g i o n i s t r e a t ed a s a s i n g l e n o d e b y t h e S T P a n d R S T P protoc ols. Ther efor e, the mes sag e ag e for B PDUs in side a n MSTI region is ne ver c hanged.
S PANNING T RE E C OMMANDS 4-220 spanning -tree cost This comma n d conf igures the span ning tree path cost for the s pecified interface. Use the no form to restore th e defaul t . Syntax spanning-tree cost cost no spanning-tree cost cost - The p ath cost for the port.
C OMMAND L INE I NTE RF ACE 4-221 spanning -tree port-pri ority Use this command to conf igure the pr i ority fo r the specifi ed interface. Use the no for m to r estore th e default. Syntax spanning-tree por t-priority priority no spanning-tree por t-priority prio rity - The priority for a port.
S PANNING T RE E C OMMANDS 4-222 Default Setting Disabled Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • You can en able this option if an interface i s attache d to a LAN segmen t that is at the end of a bridged LAN or to an end node.
C OMMAND L INE I NTE RF ACE 4-223 Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • This c ommand is used t o enable/disabl e the fast spann i ng-tr ee mode for the s elected port. In this mode, ports skip th e Discarding and Learning states, and procee d straight to Fo rwarding.
S PANNING T RE E C OMMANDS 4-224 Default Setting auto Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • Specify a point-t o-point link if the int erface can only be co nnected to exact ly one other br idge, or a shared l ink if it can be con nected to two or more bridges.
C OMMAND L INE I NTE RF ACE 4-225 Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk : 500,000 • Fast Ethernet – half duplex: 200,000; full duplex: 100,000; t r.
S PANNING T RE E C OMMANDS 4-226 Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • This co mmand defin es the p riority for the use of a n interfac e in the multiple spanning-tre e.
C OMMAND L INE I NTE RF ACE 4-227 Command Usage If at any time t h e switc h detects ST P BPDUs, in cluding Configuration or T opolog y Change Not ification BPDUs, it will automatically se t the sele cted int erfa ce to f orce d ST P-co mp atibl e mod e.
S PANNING T RE E C OMMANDS 4-228 •U s e t h e show spanning-tree interface command t o display the spann ing tree co nfiguration for an interfac e within the Co m mon Span ning Tree (CST).
C OMMAND L INE I NTE RF ACE 4-229 show spa nning-tree ms t configuration This comm and shows the configuration of the multiple spanning tree. Command Mode Pri vileged Exec Example --------------------.
VLAN C OMMANDS 4-230 VLAN Commands A VLAN is a g roup of por ts that can be located a nywhere in the network , but co m mun icate as though they belong to the same p hysical s egment.
C OMMAND L INE I NTE RF ACE 4-231 Command Mode Global Config uration Command Usage • Use th e VLAN database command mode to add , change, and d elete VLANs. After finishi ng configurat i on ch anges, you can di splay the VLAN set tings by e nterin g the show vlan command .
VLAN C OMMANDS 4-232 Command Mode VLAN Da tabase Con figura tion Command Usage • no vlan vlan- id dele tes the VLAN. • no vlan vlan- id name rem oves the VL AN name. • no vlan vlan -id state returns the VLAN t o the default s tate ( i.e., a ctive).
C OMMAND L INE I NTE RF ACE 4-233 interface vlan This comma n d enter s interface co nfig uration mode for VLANs, which is used to configure VLA N par ameters for a p hys ical interface . Syntax interface vlan vlan- id vlan-id - ID of the configured VLAN .
VLAN C OMMANDS 4-234 switc hport mode Th is com mand co nfig ures the VLAN membe rshi p mode for a por t. Us e the no for m t o restore the de fault. Syntax swi tc hpor t mode { tr unk | hyb ri d } no switchpor t mode • trunk - Specifies a port as an end-point for a V LAN trunk.
C OMMAND L INE I NTE RF ACE 4-235 switchport accep table-frame-types This comma n d con figures t he acceptable fra m e ty pes for a port. Use t he no for m to res tore the d efault. Syntax swi tc hpor t acceptable-frame-types { all | tagged } no switchpor t acceptable-fr am e-types • all - Th e port accepts all frames, t agged or untagged.
VLAN C OMMANDS 4-236 switchpor t ingress-fi ltering This c ommand enables in g ress filt ering f o r an in terface. Use t he no for m to restore the defau lt.
C OMMAND L INE I NTE RF ACE 4-237 switc hport nati ve vlan This comman d configures the PVI D (i.e ., default VLAN ID) for a port. Use the no for m to r estore th e default. Syntax swi tc hpor t nativ e vlan vl an- id no switchpor t nativ e vlan vlan-id - Default VLAN ID for a p or t.
VLAN C OMMANDS 4-238 switc hport allo wed v lan This comma nd confi gures VLAN groups on th e selected inter face. Us e the no for m t o restore the de fault. Syntax swi tc hport allowed vlan { add vl an- list [ tagged | untagged ] | remov e vlan-list } no switchpor t allo wed vlan • add vlan -list - List of VLAN identifiers t o add.
C OMMAND L INE I NTE RF ACE 4-239 • If a VLAN on the forbidden list for an interface is manually added to th at interface, the VLAN is automatica lly removed from the for bidden list for that in terface.
VLAN C OMMANDS 4-240 Example Th e following examp le shows how to prevent p or t 1 fro m being added to VLAN 3: Displaying VLAN Inform ation show vlan This command shows V LAN in for mation. Syntax show v lan [ id vlan -id | name vlan-name ] • id - Keyword to be followed by the VLAN ID .
C OMMAND L INE I NTE RF ACE 4-241 Example Th e following examp le shows how to dis play infor mati on for V LAN 1 : Configur ing Private VLANs Pri vate VLAN s provide por t-based security and isolation be tween ports within th e as signed VLAN . T his sw itch su ppor ts two type s of p rivate VLAN por ts: pro miscuou s, and community po rts.
VLAN C OMMANDS 4-242 T o config ure priv ate VLANs , follo w these steps: 1. Use the pri vate-vlan com m and to designa te one o r more comm unity VLANs and the primar y VLAN that will channel traffic outs ide the comm unity groups . 2. Use the pri vate-vlan ass o ciation command to map the secondar y (i.
C OMMAND L INE I NTE RF ACE 4-243 private- vlan Use this co mmand to create a pri mar y or secondary (i.e ., communit y) priv ate VLAN . Use th e no for m to remove the specified private VLAN . Syntax pri vate-vlan vlan-id { community | primar y } no priv ate-vlan vlan-id • vlan-id - ID of private VLAN.
VLAN C OMMANDS 4-244 private- vlan ass ociation Use th i s comm and to associat e a primary VLAN wi th a secondary (i.e ., comm unity) VLAN . Use the no for m to remov e all associations for the specified p rimar y VLAN .
C OMMAND L INE I NTE RF ACE 4-245 switc hport mode priv ate- vlan Use th i s comm and to set the priv ate VLAN mode for an interface . Use the no for m to r estore th e defau lt settin g .
VLAN C OMMANDS 4-246 switchport p r ivate-v lan host-association Use this co m mand to associate an inter face with a secondary VLAN . Use the no for m to remo ve this association. Syntax swi tc hpor t priv ate-vlan host-association secondary-vlan-id no switchpor t pri vate-vlan host-association • secondary-v lan-id – ID of sec ondary ( i.
C OMMAND L INE I NTE RF ACE 4-247 Default Setting None Command Mode Interface Configurati on (Ethernet, Port Channel) Command Usage Promi s cuou s ports assigned to a primary VLAN can comm unicate with any ot her promi scuou s por ts in the sam e VLAN , and with the g roup members within any asso ciated secondary VLANs .
GVRP AND B RIDGE E XTEN SION C OMMANDS 4-248 Example GVRP and Bridg e Exte nsion Comman ds GARP V LAN Registra tion Prot ocol d efines a way for switches to exchange VLAN infor m ation in order to automatically register VLAN memb ers on interfaces a cross the netw ork.
C OMMAND L INE I NTE RF ACE 4-249 bridge-e xt gvrp This comma n d ena bles GVRP globall y for the sw i tc h. Use the no for m to disa ble it. Syntax [ no ] bridge-ex t gvr p Default Setting Disabled C.
GVRP AND B RIDGE E XTEN SION C OMMANDS 4-250 Example switchp ort gvrp This command enables GVRP for a p or t. Use the no form to disable it. Syntax [ no ] s w i tc h po rt g v rp Default Setting Disabled Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Example show gv rp configura tion This comm and shows if GVRP is enabl ed.
C OMMAND L INE I NTE RF ACE 4-251 Default Setting Shows both glob al and interface-spe cific configuration. Command Mode Nor mal Exec, Pri vile ged Exec Example garp t imer This comm and sets the values for the join, le av e and leav eall tim ers . Use the no for m to r estore th e timer s' defau lt values .
GVRP AND B RIDGE E XTEN SION C OMMANDS 4-252 unless you are experi encing diffi culties with GM RP or GVRP regi stration/d eregistrati on. • Timer values are applied to GVRP for all the ports on all VLANs.
C OMMAND L INE I NTE RF ACE 4-253 Example Related Commands garp timer (4-251) Priority Commands The com mands described in this section allow you to specify which data pack ets ha ve greater prec edence when traffic is bu ffered in the swi tch due to cong esti on.
P RIORITY C OMMANDS 4-254 Priority Commands (Layer 2) queue mode This c ommand se ts the queu e mode to stric t priority or W e ighted Round-R o bin (WRR) for the cla ss of ser vice (Co S) priorit y queues. Use the no for m t o restore the de fault value.
C OMMAND L INE I NTE RF ACE 4-255 Command Mode Global Config uration Command Usage Y ou can s et the switc h to service the queues b ased on a stri ct r ule that requires all traffic in a higher prior.
P RIORITY C OMMANDS 4-256 Command Usage WRR con trols bandw idth sharing at the egress port by d efining schedul ing weight s . Example The fol lowing ex ample sho ws how to as sign WRR w eights of 1,.
C OMMAND L INE I NTE RF ACE 4-257 the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will be used. • This switc h prov ides fou r prio rity qu eues fo r ea ch port . It is con figur ed to use We ighted Round Rob in, which can b e viewed with th e show queue bandwidth comman d .
P RIORITY C OMMANDS 4-258 Default Setting This s witch suppor ts Class of Ser v ice by using eight priority queues, with W eight ed Round Robin que uing f or each po rt. Eig ht sep arat e traff ic classes are defined in IEEE 802.1p . The default priority levels are assign ed according t o recommendatio ns in the IEEE 802.
C OMMAND L INE I NTE RF ACE 4-259 show queue mode This comma nd shows the current queue mod e. Default Setting None Command Mode Pri vileged Exec Example show queue ban dwidth This comma n d disp lays the w eighted roun d-robin (WRR) ban dwidth allocatio n for the p riority que ues.
P RIORITY C OMMANDS 4-260 show queue cos-map This com m and shows th e class of ser vice prior ity map . Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTE RF ACE 4-261 map ip port (Glob a l Configuration) This comma nd enables I P por t map ping (i.e., class of service mappi ng for TCP/UDP so ckets).
P RIORITY C OMMANDS 4-262 map ip port ( Interface Conf iguration) This comm and sets IP por t priority (i.e., TCP/UDP por t priority). Use the no form to remov e a specific s etting . Syntax map ip por t port-number cos cos-value no map ip por t port-number • port-number - 16-bit TCP/UDP port number.
C OMMAND L INE I NTE RF ACE 4-263 Command Mode Global Config uration Command Usage • The prece dence for prio rity mapping is IP Port, IP Precedence or I P DSCP, an d def ault swit chpor t priorit y. • IP Preced ence and IP DSCP cannot both be enabled.
P RIORITY C OMMANDS 4-264 Command Usage • The prece dence for prio rity mapping is IP Port, IP Precedence or I P DSCP, an d def ault swit chpor t priorit y. • IP Preced ence values are mapped to default Class of Service values on a one-to-o ne basis accord ing to reco mmenda tions in th e IEEE 802.
C OMMAND L INE I NTE RF ACE 4-265 Example Th e following exampl e shows how to enable IP DSCP mapping gl obally: map ip dscp (Inter fa ce Co nfig urat ion) This comm and sets IP DSCP priority (i.e., Differentiated Ser vices Cod e P oint priorit y). Use the no for m to re store the defau lt tab le.
P RIORITY C OMMANDS 4-266 • DSCP priority values are mapped to default Class of Service values according to recommend ations in the I EEE 802.1p standard, and then subsequen t ly mapped to the four ha rdware priority queues . • This co mmand sets the IP DSCP pr iority for all in terfaces.
C OMMAND L INE I NTE RF ACE 4-267 Related Commands map ip port (Global Configuration) (4-261) map i p port (Interf ace Config uration) (4-262) show map ip precedence This comma nd shows the IP prece dence priori ty map . Syntax show map ip precedence [ in terface ] interface • ethernet unit / port - unit - Stack unit.
P RIORITY C OMMANDS 4-268 show map ip dscp This comm and shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTE RF ACE 4-269 Mult icast Filt ering Co mmand s Th is switch uses IGMP (I nter net Gr oup Mana ge ment Pr otocol) to quer y f or any att ached host s that want to recei ve a speci fic multicas t ser vice. It ident ifies the po r ts containi ng hosts requesting a se r vice and sen ds data out to th ose ports only .
M ULTICAST F ILTERING C OMMANDS 4-270 ip igmp snooping This c ommand enable s IGMP snoo ping on this switch. Use the no for m to disa ble it. Syntax [ no ] i p igmp snooping Default Setting Enabl ed Command Mode Global Config uration Example The follo wing exam ple enables I GMP snooping .
C OMMAND L INE I NTE RF ACE 4-271 Example Th e following shows how to statically config ure a mult icas t gr oup on a por t: ip igmp snooping ve rsion This comma nd configures t he IGMP snoop ing vers ion.
M ULTICAST F ILTERING C OMMANDS 4-272 show ip ig m p snoopi ng Th is comman d shows t he IGMP snoopin g config uratio n. Default Setting None Command Mode Pri vileged Exec Command Usage See “ Confi guring IGMP Snoop ing and Que r y Parameter s” on pag e 3-2 22 for a description of t he displayed items.
C OMMAND L INE I NTE RF ACE 4-273 Command Mode Pri vileged Exec Command Usage Membe r types di splayed i nclude IGMP o r USER, depend ing on sel ected options.
M ULTICAST F ILTERING C OMMANDS 4-274 Default Setting Enabl ed Command Mode Global Config uration Command Usage If enabled, the switch will ser ve as querier if elected. The querier is respon sible for as king ho sts if they w ant to rec eive m ulticast t raffic .
C OMMAND L INE I NTE RF ACE 4-275 quer y-max- response-time . If the coun tdown fin ishes , and the cli ent still has not respond ed, then t hat client is c onsidered to have left the multicast g roup .
M ULTICAST F ILTERING C OMMANDS 4-276 ip igmp s nooping query- max-response -time This com mand config ures the snoop i ng repo r t dela y . Use the no for m of this command to restor e the default.
C OMMAND L INE I NTE RF ACE 4-277 ip igmp s nooping router -port-expir e-time This comm and configur es the query timeout . Use the no for m to rest ore the defau lt.
M ULTICAST F ILTERING C OMMANDS 4-278 Static Multicast Routing Command s ip igmp s nooping vlan mrouter This com mand statically configures a multica st router port.
C OMMAND L INE I NTE RF ACE 4-279 Example Th e following shows how to co nfigure por t 11 as a multic ast route r por t within VLAN 1: show ip ig m p snoopi ng mrouter This comman d displays infor mation on statically configured and dynamically lear ned multicast router po rts.
IP I NTERFACE C OMMANDS 4-280 IP Inte rface Commands An I P a dd r e ss e s m ay b e us e d f o r m a n a g e me n t a c ce s s to t h e sw i t ch o ver y ou r network.
C OMMAND L INE I NTE RF ACE 4-281 Default Setting DHCP Command Mode Interf ace Configur ation (VLA N) Command Usage • Yo u m u s t a s s i g n a n I P a d d r e s s t o t h i s d e v i c e t o g a i n m a n a g e m e n t a c c e s s over the network.
IP I NTERFACE C OMMANDS 4-282 ip def ault -ga teway This c ommand establ ishes a static route between t h is sw itch and devi ces that exist on another n etwork segment.
C OMMAND L INE I NTE RF ACE 4-283 Command Usage • This com man d iss ues a B OO TP or DHCP clien t req uest f or a ny I P interface th at has b een set to B OOTP or DHCP mod e via the ip address command. • DHCP requires the server to reassign the client’s last address if available.
IP I NTERFACE C OMMANDS 4-284 show ip re directs This comma nd shows the default gatew ay configu red for this device. Default Setting None Command Mode Pri vileged Exec Example Related Commands ip default-gateway ( 4-282) ping Th is comm and se nds ICM P echo re ques t packets to anothe r node on the network.
C OMMAND L INE I NTE RF ACE 4-285 • Followin g are some result s of the pi ng command: - Normal respon se -T he normal resp onse occurs i n one to ten s econds, depe nding on networ k traffi c. - Destination does not respond - If the host d o es not respon d, a “timeout” appears in t en seconds.
DNS C OMMANDS 4-286 DNS Commands These commands are used to config ure D omain Nami ng System (DNS) ser vices. Y ou can manually configure entries in the DNS domain name to IP addres s mappin g table, conf igure de fault dom ain names, or specify one or more name ser vers to use for doma in name to add ress tr anslation .
C OMMAND L INE I NTE RF ACE 4-287 ip ho st This comma nd creates a stat ic entry in the DNS tabl e that maps a ho st name to an IP ad dress . Use the no for m to re move an entr y . Syntax [ no ] ip ho st nam e addre ss1 [ a ddr ess2 … addr ess8 ] • name - Name of the host.
DNS C OMMANDS 4-288 clear host This c ommand delete s entries from the DNS tabl e. Syntax clear host { name | * } • name - Name of the host. (Rang e: 1-255 characters) • * - Removes all entries. Default Setting None Command Mode Pri vileged Exec Example This exampl e clears all static entri es from the DNS tab le.
C OMMAND L INE I NTE RF ACE 4-289 Example Related Commands ip domain-lis t (4-289) ip name-ser ver (4-290) ip domain-lookup (4-291) ip domain-list Th is comman d def ines a list of doma in name s that ca n be ap pende d to incomple te host names (i. e.
DNS C OMMANDS 4-290 • If there is no domain lis t, the domain n ame specified wit h the ip domain-name co mmand is used. If there is a do main list, the default domain name is not used. Example This examp le adds tw o domain names to t he cur rent l ist and th en displa ys the list.
C OMMAND L INE I NTE RF ACE 4-291 Command Usage Th e liste d nam e ser vers ar e que rie d in th e spec ified seq uenc e unti l a respon se is recei ved, o r the end of th e list is reac hed with n o respo nse. Example This exampl e adds tw o domain-nam e ser vers to the li st and then disp lays th e list.
DNS C OMMANDS 4-292 Example This examp le enables DNS an d then dis plays the co nfiguration. Related Commands ip domain-name (4-288) ip name-ser ver (4-290) show host s This c ommand displays the static ho st name-to-ad dress mapping t able.
C OMMAND L INE I NTE RF ACE 4-293 show dn s This comm and displays the configuration of th e DNS ser ver . Command Mode Pri vileged Exec Example show dns cache This comma nd displa ys ent ries in the DN S cache . Command Mode Pri vileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
DNS C OMMANDS 4-294 clear dns cache This comm and clears all entries in the DNS cache. Command Mode Pri vileged Exec Example Table 4-75 Show DNS Outpu t Description Field Description NO The en try nu mber for each re source reco rd. FLAG The flag is alway s “4” indicatin g a cache entry and theref ore unreliable.
A-1 A PPENDIX A S OFTWARE S PECIFI CATIONS Software Features Authenticatio n Local, RADIUS, T ACA CS, Port (802.1X ), HTTPS (HTT P/SSL), SSH, P or t Security Access Control Lists IP , MAC (u p to 32 l.
S OFTWARE S PECIFICATIONS A-2 Port Trun king Static tr unks (Cis co Et herChanne l complia nt) Dynamic tr unks (Link Ag g reg ation Control Protocol) Spanning Tree Protocol Spanning T ree Pro tocol (STP , IEEE 802. 1D) Rapid Spanning Tree Protocol (RSTP , IEEE 802.
S OFTWARE S PECIFICATIONS A-3 SNMPv3 Management access via MIB database T rap manageme nt to specified hosts RMON Groups 1, 2, 3, 9 (Statisti c s , History , Alarm, Event) Standards IEEE 802.1D Spanning Tree Pr otocol and traffic priorities IEEE 802.1p priority tags IEEE 802.
S OFTWARE S PECIFICATIONS A-4 Management Informat ion Bases Bridge MIB (RF C 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665 ) Extended Brid ge MIB (RFC 2674) Extensible SNMP Agent s MIB (RFC 274.
B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Int erface Table B-1 Tr oublesho oting C hart Symptom Action Cannot con nect using Telnet, web browse r, or SNMP software • Be sure the switch is powered up. • Check network cabling between the management station and the swit ch.
T R OUBLESHOOTING B-2 Cannot con nect using Secure Shell • If you cannot connect u s ing SSH, you m ay have excee ded the maximum number of concurrent Telnet /SSH sessions permitt e d.
U SIN G S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the In stallation Guid e to ensu re that the probl em you en cou ntere d is ac tual ly cau sed by the swi tch. If th e pro blem appea rs to be cause d by the sw itch, follow th ese s te ps: 1.
T R OUBLESHOOTING B-4.
Glossary-1 G LOSSA RY Acc ess Co ntro l Li st (ACL) A CLs can lim it network traffic and restrict access to cer tain users or devices by checking each pack e t for cert ain IP or MAC ( i.e., Layer 2) infor mation. Address Re solution Protoc ol (ARP) ARP converts between IP addresse s and MAC (i.
G LOSSAR Y Glossary-2 Dynamic Ho st Control Protoc ol (DHCP) Provides a framework for passing c onfiguration in for mation to hos ts on a TCP/IP network. DHCP is based on the Bootstrap Protocol ( BOOTP), addin g the capabilit y of automatic all ocation of reu sable network addresses and additiona l configurat ion opt ions.
G LOSSAR Y Glossary-3 IEEE 802.1Q VLAN T a g ging—De fines Ether net fra me tags wh ich car r y VLAN infor mation. It allows switches to assign ends tations to different vir tual LANs, and defines a standard wa y for VLANs to communicate across switched networks .
G LOSSAR Y Glossary-4 IGMP Query On each subnetwork, one IGMP-capa ble device will act as the querier — that is , the device that asks all hosts to rep ort on the IP multicast g roups they wish to join or to which they already belong . T he elected querie r will be the device with the lowest IP address in the subnetwork.
G LOSSAR Y Glossary-5 Link Aggregation See P o rt Trunk. Link Ag g reg ation Control Protocol (LACP) Allows ports to automa tica lly negotiate a tr unked link with LA CP-configured ports on another devi ce. Management Inf or mation Base (MIB) An acronym fo r Manag ement Infor mat ion Base.
G LOSSAR Y Glossary-6 Port Trunk Defines a network link ag g reg atio n and tr unking met hod which specifies how to create a single hig h-speed log ical link that combine s several lower - speed physical links . Private VLANs Private VLANs provide port- based se curity and isolation between por ts with in the assigned V LAN .
G LOSSAR Y Glossary-7 Simple Networ k Time Proto col (SNTP) SNTP allows a device to set it s inter nal clock based on periodic updates from a Network Time Protocol (NTP) ser ver. Updates can be requeste d from a specific NTP ser ver, or can be receiv ed via broadcasts se nt by NTP ser vers .
G LOSSAR Y Glossary-8 Virtual LAN (VLAN) A Virtual LAN is a collection of network nodes that share the same co llision domain reg ardless of their physical location or con nection point in the network.
Index-1 Numerics 802.1X configure 3 -88 , 4-110 port authentication 3- 88 , 4-110 A Access Con trol Lists See ACL ACL configuratio n guide lines 3-98 , 4-119 Extended IP 3- 99 , 4-120 , 4-12 2 , 4-125.
I NDE X Index-2 H hardware version, displ aying 3- 15 , 4-80 HTTPS, secure server 3-75 , 4-41 I IEEE 802.1D 3- 155 , 4-207 IEEE 802.1s 3-155 , 4-207 IEEE 802.
I NDEX Index-3 power budgets port 3-147 , 4-93 port priority 3-150 , 4-94 Power over Ethernet configuring 2-1 5 priority, default p ort ingress 3-202 , 4-25 6 priority, STA 3- 167 , 4-221 R RADIUS, lo.
I NDE X Index-4 W Web interface access requirements 3-1 configurat ion butt ons 3-4 home page 3-3 menu list 3-6 panel dis play 3-5.
.
38 T e sla Irvine, C A 9261 8 Phone: (949 ) 679-800 0 Model Nu mbers: SMC6 824M ( F2.4.2.13) SMC 6824MPE (F 2. 4.2.11 ) SMC6826MPE (F2.4. 2.11) Pub. Nu mber: 15 0200037 700A E06200 5-R02 FOR TECHNICAL SUPPOR T , CALL: From U.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il SMC Networks SMC6824M è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del SMC Networks SMC6824M - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso SMC Networks SMC6824M imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul SMC Networks SMC6824M ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il SMC Networks SMC6824M, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del SMC Networks SMC6824M.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il SMC Networks SMC6824M. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo SMC Networks SMC6824M insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.