Manuale d’uso / di manutenzione del prodotto ES5508 del fabbricante Accton Technology
Vai alla pagina of 446
www .edge-core.com Manage ment G uide P owered by Accton ES5508 8 XFP Slot La yer 2 10 Gi gabit Et hernet Sw itch.
.
Manage ment Guide 10 Gigabit Ethernet Switc h Layer 2 Standal one Switc h with 8 10GB ASE XFP Slots, an d 1 10/100B ASE-TX RJ -45 Mana gement Por t.
ES550 8 F3.0.0.3 E04200 5-R01 1491000 22900 A.
v Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem D efaul ts 1-4 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uratio.
Contents vi Savi ng or Resto ring Con figurati on Setting s 3-20 Downloa ding Confi guration Se ttings from a Server 3-21 Console Port Setti ngs 3-22 Telnet Setti ngs 3-24 Confi guring Eve nt Loggin g.
Contents vii Config uring ACL M asks 3-80 Specifyi ng the Mask Ty pe 3-80 Config uring an IP A CL Mask 3-81 Config uring a MAC ACL M ask 3-83 Binding a Port to an Access Co ntrol List 3-84 Port Conf i.
Contents viii Mappin g Protocols to VLANs 3-146 Class o f Service C onfigura tion 3-147 Layer 2 Queue Sett ings 3-14 7 Setting th e Default Pri ority for Interfa ces 3-147 Mappin g CoS Values to Egres.
Contents ix Comm and Line Processin g 4-7 Comm and G roups 4-8 Line Comm ands 4 -9 line 4- 10 login 4- 11 passw ord 4-12 timeout login response 4-12 exec-ti meout 4- 13 pas swor d-th resh 4 -14 silent.
Contents x ip ssh authentic ation-retri es 4-36 ip ssh s erv er-k ey size 4-36 delet e pu blic -key 4-37 ip ssh crypto ho st-key gene rate 4-37 ip ssh c ryp to zero ize 4-38 ip ssh s ave h ost- key 4-.
Contents xi whic hboo t 4-6 7 boot syste m 4-67 Authen tication Comm ands 4-68 Authentic ation Seq uence 4-69 authentic ation login 4-69 authentic ation enable 4-70 RADIUS Client 4-71 radius-s erver h.
Contents xii show map acc ess-list ip 4-98 match access -list ip 4-99 show ma rking 4-100 MAC AC Ls 4-10 0 acce ss-li st m ac 4- 101 permi t, deny ( MAC A CL) 4-10 2 show mac acce ss- list 4-10 3 acce.
Contents xiii show int erfaces switchpo rt 4-132 Mirror Port Commands 4-134 port monit or 4-13 4 show port monitor 4-135 Rate Li mit Comm ands 4-1 36 rate-lim it 4-136 Link Agg regatio n Command s 4-1.
Contents xiv show spannin g-tree mst configura tion 4-168 VLAN Comma nds 4-168 Editing VLAN Grou ps 4-168 vlan da tabase 4-169 vlan 4-1 69 Configuri ng VLAN In terfaces 4-170 inter face vlan 4-170 swi.
Contents xv map ip d scp (Inter face Config uration ) 4-194 show map ip por t 4-195 show map ip pre cedence 4-196 show map ip ds cp 4-196 Multica st Filtering Comm ands 4-197 IGMP Sno oping Com mands .
Contents xvi Appendix A: Soft ware Specificatio ns A-1 Soft war e Feat ures A- 1 Manage ment Featu res A-2 Stan dard s A-2 Manage ment Inform ation Bas es A-3 Appendix B: Trou bleshooting B-1 Problems.
xvii Tables Table 1- 1 Key Featu res 1-1 Tab le 1-2 Sys tem D efa ults 1-4 Table 3- 1 Web Page C onfigura tion Button s 3-3 Table 3- 2 Switch Main Men u 3-4 Table 3- 3 Logging Lev els 3-26 Table 3- 4 SNMPv3 Security Mod els and L evels 3-35 Table 3-5 Sup ported Notif ication Messa ges 3-46 Table 3-6 HTTPS Sys tem Support 3-55 Table 3- 7 802.
xviii T ables Table 4-24 Frame Size Command s 4-62 Table 4-2 5 Flash/File C omman ds 4-63 Table 4-2 6 File Directory Inf ormation 4-66 Table 4-2 7 Authenticatio n Comm ands 4-68 Table 4-2 8 Authentica.
xix T ables Table 4- 69 IGMP Snooping C omman ds 4- 198 Table 4- 70 IGMP Query Com mands (Lay er 2) 4-201 Table 4- 71 Static Multi cast Routi ng Commands 4- 204 Table 4- 72 Basic IP Confi guratio n Co.
xx T ables.
xxi Figures Figur e 3-1 Home P age 3-2 Figure 3-2 Front Panel Indi cators 3-3 Figur e 3-3 Syste m Inf ormat ion 3-9 Figure 3 -4 Switch Inform ation 3-11 Figure 3 -5 Displaying Bridge Ext ension Con fi.
xxii Figures Figure 3 -42 802.1X Port Stat istics 3-70 Figure 3-43 IP Filter 3-72 Figure 3 -44 Selecting ACL Type 3-74 Figure 3 -45 ACL Configur ation - Stan dard IP 3-75 Figure 3 -46 ACL Configu rati.
xxiii Figures Figure 3- 87 Que ue Mode 3-15 1 Figure 3-88 Queue Sch edulin g 3 -152 Figure 3 -89 IP Precedence/DS CP Priority S tatus 3-153 Figure 3-90 IP Precedenc e Priority 3 -154 Figure 3-91 IP DS.
xxiv Figures.
1-1 Chapter 1: Introduction This switc h provides a b road rang e of featur es for Layer 2 switching . It includes a manage ment ag ent that allow s you to con figure the feat ures listed in this manua l. The defau lt configur ation can be used for mos t of the featu res provide d by this switch .
Introduction 1-2 1 Description of Software F eatures The sw itch pr ovides a wid e range of a dvanced perform ance e nhanc ing feat ures. Broadca st storm s uppressio n prevents broa dcast traffic storms from engulfing t he network .
Description of Softw are Feat ures 1-3 1 Broadcast Storm Control – Broa dcast su ppression prevents broa dcast traffic from overwhel ming the network. W hen ena bled on a po rt, the level of bro adcast tra ffic passing thro ugh the por t is restrict ed.
Introduction 1-4 1 learned vi a GVRP , or ports can be man ually assi gned to a sp ecific se t of VLANs. This allow s the sw itch to res trict traffic to the VLAN g roups to wh ich a user has been assigne d.
System Defaults 1-5 1 Authentic ation Privileged Exec Level Username “admi n” Pass wor d “adm in” Normal E xec Lev el Username “gues t” Pass wor d “gue st” Enable P rivilege d Exec from Nor mal Exec Lev el Pass wor d “sup er” RADIUS A uthen tication Disabled T ACACS Authen tication Disabled 802.
Introduction 1-6 1 Address T able Aging Time 300 seco nds Virtual LANs Default V LAN 1 PVID 1 Acceptab le Fram e Type All Ingress F iltering Disabled Switchpo rt Mode (Egress M ode) Hybrid: ta gged/u .
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in netwo rk mana gement agent. The ag ent offers a vari ety of m anageme nt option s, inc luding S NMP , R MON and a web- based i nterfac e.
Initial Confi guration 2-2 2 • Enable po rt mirrorin g • Set br oadcast storm contr ol on any po rt • Displa y system info rmatio n and statistic s Required Connections The switch pr ovides an RS-232 ser ial port tha t enables a co nnecti on to a PC or termin al for monitor ing and co nfiguring the sw itch.
Basic Configur ation 2-3 2 Remote Connections Prior to acces sing the switch’s onboard agent via a netwo rk conn ection, y ou mus t fi rst c onf igure it wit h a va lid IP ad dre ss, s ubnet ma sk, a nd de faul t ga tewa y usi ng a console connect ion, DHCP or BOOTP prot ocol.
Initial Confi guration 2-4 2 4. The sessi on is opened an d the CL I displays th e “Consol e#” prompt i ndicatin g you have ac cess at the Pr ivileged Exec level.
Basic Configur ation 2-5 2 Before y ou can assign an IP addres s to the swi tch, you m ust obtain the f ollowing inform ation from y our netwo rk administ rator: • I P addr ess fo r the sw it ch • Default ga teway for the network • Network mask for thi s network T o assign an IP add ress to the switch , comple te the follow ing steps: 1.
Initial Confi guration 2-6 2 5. W ait a few minutes, an d then chec k the IP con figurat ion settings by typing th e “show ip int erface” co mman d. Press <E nter>. 6. Then save y our con figuratio n changes by typing “co py running- config startup-co nfig.
Basic Configur ation 2-7 2 The defa ult stri ngs are : • public - with read-on ly acc ess. A uthorize d mana gement s tations are o nly able to ret rieve MIB obje cts. • private - w ith re ad-write access. Authori zed ma nagemen t station s are able to both ret rieve and modif y MIB obje cts.
Initial Confi guration 2-8 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configure manageme nt access for SNMPv 3 clients, you ne ed to first creat e a view tha t defines the portions of MIB tha t the client can read or write, assign the v iew to a group , and then assign the user to a gr oup.
Managing System Files 2-9 2 Managing System Files The s wit ch’ s fl ash memor y su ppor ts thre e ty pes of sys tem f il es tha t ca n be manag ed by the CLI program, web interface, or SNMP . The s witch’ s file system allows files to be upload ed and dow nloade d, copied, del eted, and se t as a start-up file.
Initial Confi guration 2-10 2.
3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch prov ides an embed ded HT TP web agent. U sing a web br owser you can configur e the switch and view statistics to moni tor networ k activity . The web ag ent can be acce ssed by any compu ter on the ne twork usi ng a standard w eb browse r (Interne t Explorer 5.
Configuring the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-brows er interfac e you mus t first ente r a user name a nd password . The ad ministra tor has R ead/Write ac cess to all co nfigurati on paramete rs and statisti cs.
Navigating the Web Brow ser Interface 3-3 3 Configurati on Options Configu rable param eters h ave a dialog b ox or a drop -down l ist. Once a co nfigurati on change ha s been m ade on a page, b e sure to click o n the Appl y button to co nfirm the new set ting.
Configuring the Switch 3-4 3 Main Menu Using th e onboard web agent, you can def ine system parameters, manage an d contro l the switch, and all its ports, or monit or network c ondition s. The follow ing table briefly des cribes the select ions availab le from this program.
Navigating the Web Brow ser Interface 3-5 3 SNMPv3 3-3 9 Engine ID Sets the S NMP v3 engine ID 3-40 Remote E ngine ID Sets the S NMP v3 engine ID on a remote d evice 3-40 User s Conf igu res SN MP v3 .
Configuring the Switch 3-6 3 LACP 3-90 Configura tion Allo ws ports to dyna mically join trunk s 3-92 Aggregat ion Port Config ures para meters for link aggre gation group mem bers 3-94 Port Coun ters.
Navigating the Web Brow ser Interface 3-7 3 Trun k Co nfigu rati on Confi gures tru nk set tin gs fo r a spe cifi ed MST ins tanc e 3-130 VLAN 3-132 802.
Configuring the Switch 3-8 3 ACL C oS Prio rity Sets the CoS val ue and corre spondi ng output qu eue for pa ckets matching an AC L rule 3-158 IGMP Sn oopin g 3-159 IGMP Con figurat ion Enables m ulti.
Basic Configur ation 3-9 3 Basic Configuration Displaying Syste m Information Y ou can ea sily identi fy the syst em by displa ying the de vice nam e, locatio n and contact infor mation. Field Attributes • Syst em Name – Name assi gned to the sw itch syst em.
Configuring the Switch 3-10 3 CLI – S pecif y th e hos tnam e, l ocat ion and co nt act inf ormat ion. Displaying Switch Hardware/ Software Versi ons Use the Sw itch Infor mation page to di splay ha rdware/fir mware ve rsion num bers for the main bo ard and m anagem ent software, as well as the pow er status of th e system .
Basic Configur ation 3-11 3 These addi tional param eters are dis played f or the CLI. • Unit ID – Unit number in sta ck. • Redundant Power Status – Displa ys the statu s of the redu ndant powe r supply . Web – Click System, Switch I nformation.
Configuring the Switch 3-12 3 Displaying Bridge Extension Capa bilities The Bridg e MIB includ es extens ions for mana ged devic es that supp ort Multicas t Fil ter ing, T raf fic Cl asses , and Vi rtu al L ANs. Y ou can ac ces s the se ex tens ions to dis play def ault sett ings fo r the key va riab les.
Basic Configur ation 3-13 3 CLI – Enter the fo llowing co mmand. Setting the Switch’s IP Address An IP addre ss may be used for man ageme nt acce ss to the switch over yo ur network. By defa ult, the switch uses DHCP to assign IP setti ngs to VLAN 1 on the switch .
Configuring the Switch 3-14 3 • MAC Address – The MAC address of this switch . • Restart DHCP – Reque sts a new IP addr ess from t he DHCP ser ver. Manual Co nfiguration We b – Click Sy stem, IP Co nfiguratio n. Select the VLAN throug h which the manage ment station is at tached, set the IP Address Mode to “St atic.
Basic Configur ation 3-15 3 Using DHCP/BOOTP If your network pr ovides DHCP/BOOTP services, you can configure the switch to be dyna mic ally co nfi gur ed by th ese serv ices . We b – Click Sy stem, IP Co nfigurat ion. S pecify the VLAN to which the manage ment statio n is attached, set the IP Address Mode to DHCP or BOO TP .
Configuring the Switch 3-16 3 We b – If the address a ssigned by DHCP is no lo nger functioning, you will not be able to rene w the IP sett ings via the w eb interface . Y ou can onl y restart DHCP service vi a the web in terface if the current address is st ill available.
Basic Configur ation 3-17 3 Managing Firmware Y ou can up load/downl oad firmw are to or from a TFTP serv er , or copy files to and from switch units in a stack. By sa ving run time code to a file on a TFTP ser ver , that file can lat er be downl oaded to the switch to res tore ope ration.
Configuring the Switch 3-18 3 Downloadi ng System Softw are from a Server When dow nload ing runtim e code, you can specify the destin ation file nam e to replace th e curren t image, or first download the file usin g a different name f rom the current ru ntime co de file, and th en set the new file as the startup f ile.
Basic Configur ation 3-19 3 T o delete a file select System, File Manag ement, Dele te. Select th e file name from the given l ist by check ing the tick bo x and click Ap ply . Note that the file currently designa ted as the startu p code cann ot be de leted.
Configuring the Switch 3-20 3 Saving or Restoring Confi guration Settings Y ou can upload/d ownload configura tion set tings to/fr om a TFT P server, or copy files to and from sw itch units in a stack. The confi guration file ca n be later down loaded to restor e the switch ’s settings.
Basic Configur ation 3-21 3 Downloadi ng Configuration Se ttings from a Se rver Y ou can dow nload th e configura tion file under a new file nam e and then set it as the startup file, or you can sp ecify the c urrent startup co nfigurat ion file a s the de stination file to direct ly replac e it.
Configuring the Switch 3-22 3 CLI – Enter the IP ad dress of the TFT P server, specify the s ource f ile on the s erver , set the startup file name on the switch , and then restart the switch . T o select anothe r config uration file as the start-up con figurat ion, use the boot system comma nd and then restart the switch .
Basic Configur ation 3-23 3 • Speed – Sets the termi nal line’s baud rate for transm it (to terminal ) and recei ve (from termi nal). Set th e speed to mat ch the ba ud rate of the dev ice conn ected to the serial po rt.
Configuring the Switch 3-24 3 CLI – Enter Line Co nfigurat ion mode f or the consol e, then spe cify the con nection parameter s as require d. T o di splay the cu rrent cons ole port set tings, us e the show line command fr om the Normal Ex ec level .
Basic Configur ation 3-25 3 • Password 5 – Specifies a passw ord for the line c onnection . When a conn ection is started on a line w ith pa ssword protec tion, the sys tem pro mpts f or the passwor d. If you ente r the correc t passwor d, the sy stem show s a prom pt.
Configuring the Switch 3-26 3 Configuring Event Logging The sw itch allow s you to contr ol the logg ing of error m essages , includ ing the typ e of events that are re corded in sw itch memor y , loggi ng to a remote Sy stem Log (syslog) server, and disp lays a list of recent ev ent messa ges.
Basic Configur ation 3-27 3 We b – Click Sy stem, Lo gs, Syst em Log s. S pecify Sy stem Lo g S tatus, set the lev el o f event messages to be lo gged to RAM and fla sh memory , then c lick Apply . Figu re 3 -17 Sys tem Logs CLI – Enable system lo gging an d then sp ecify the le vel of mes sages to be logged t o RAM an d flash memo ry .
Configuring the Switch 3-28 3 We b – Click System, Logs, Remote Logs. T o add an I P address to the Ho st IP List, type the new IP address in the Host IP Address box , and the n click Add. T o delete an IP addr ess, click th e entry in th e Host IP List , and then cl ick Rem ove.
Basic Configur ation 3-29 3 Displaying Log Me ssages Use the Log s page to scro ll through th e logged sy stem and ev ent mes sages. Th e switch can store up t o 2048 log ent ries in tem porary ra ndom acc ess mem ory (RAM; i.e., memor y flushed o n power r eset) and up t o 4096 ent ries in perm anent flash memory .
Configuring the Switch 3-30 3 • SMTP Se rver List – Spe cif ies a lis t of up t o thr ee r ecip ient SMT P ser vers. The switch attempts to connect to th e other liste d server s if the first fails . Use the New SMTP Serv er text field an d the Add/Rem ove butto ns to config ure the list.
Basic Configur ation 3-31 3 CLI – Enter the IP ad dress of a t least on e SMT P server, set the s yslog s everity lev el to trigger a n email m essage, and speci fy the swi tch (sourc e) and up t o five rec ipient (destina tion) email ad dresses . Enable SM TP with the logging se ndmail com mand to compl ete the config uration.
Configuring the Switch 3-32 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allows the s witch to set it s inter nal clock based on pe riodic upd ates from a tim e server (SN TP or NTP) . Maintaining an accurate t ime on the s witch ena bles the sys tem log to rec ord mea ningful date s and times fo r event entri es.
Basic Configur ation 3-33 3 CLI – This examp le configu res the sw itch to operat e as an SNT P client and th en displays the curre nt time and se ttings.
Configuring the Switch 3-34 3 Simple Network Manage ment Protocol Simp le Ne twor k Mana gement Prot oco l (SNMP ) is a comm unic atio n prot oco l designe d specifi cally for ma naging de vices on a network. Equ ipmen t commonly manage d with SNM P includ es switches , routers and host comp uters.
Simple Network Management Proto col 3-35 3 securi ty models v1 and v2c. The followin g table shows t he securi ty model s and levels ava ilable and the system defaul t settings. Note: The predefined default groups and view c an be deleted from the system.
Configuring the Switch 3-36 3 CLI – The followi ng exam ple enable s SNMP on th e switch. Setting Community Access Strings Y ou may conf igure up to fiv e commu nity strings aut horized f or manag ement acce ss by clien ts using SN MP v 1 and v 2c. All commun ity str ings used for IP Trap Manager s should be listed in this table.
Simple Network Management Proto col 3-37 3 Specifying Trap Managers and Trap Types T raps indic ating status c hanges ar e issue d by the s witch to sp ecified tr ap manag ers.
Configuring the Switch 3-38 3 Version 1 or 2c clients), or define a corr espondi ng “User Na me” in the SN MPv3 Users pag e (for Version 3 clients) . (Range: 1- 32 charac ters, case sensitive) • Trap UDP Port – Specifies th e UDP port num ber use d by the trap m anager .
Simple Network Management Proto col 3-39 3 We b – Click SN MP , Con figuratio n. Enter the IP address and commu nity string for each management statio n that will re ceive trap me ssages, specify the UDP port, SNMP version, trap security level (f or v3 cli ents), tra p inform settings (for v2c/v3 clients), an d then c lick Add.
Configuring the Switch 3-40 3 Setting a Local Engine ID An SNMP v3 eng ine is an indepe ndent S NMP a gent that resides on the switch. This engine prot ects against message re play , de lay , and redirec tion.
Simple Network Management Proto col 3-41 3 The engi ne ID can be sp ecified b y enterin g 10 to 6 4 hexade cimal ch aracte rs. If less than 26 ch aracters ar e specified , trailing zeroes are add ed to the va lue. For example, the value “ 1234” is equi valent to “1234” follo wed by 60 zer oes.
Configuring the Switch 3-42 3 • Privacy Protocol – The en cryp tion algor ithm us e for dat a privac y; only 5 6-bit DES is currentl y available. • Privacy P asswo rd – A minimum of eight plai n text char acters is requ ired. • Actions – Enables t he user to be ass igned t o another S NMPv3 gr oup.
Simple Network Management Proto col 3-43 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user nam e and assign it to a group. Configuring Rem ote SNMPv3 Users Each SNMP v3 user is defined by a un ique name. Users mu st be configur ed with a specific security level and a ssigned to a group.
Configuring the Switch 3-44 3 • Privacy Protocol – The en cryp tion algor ithm us e for dat a privac y; only 5 6-bit DES is currentl y available. • Privacy P asswo rd – A minimum of eight plai n text char acters is requ ired. We b – Click SN MP , SNMP v3, Remot e Users.
Simple Network Management Proto col 3-45 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user nam e and assign it to a group. Configuring SNM Pv3 Groups An SNMP v3 group se ts the acces s policy fo r its assigne d users, res tricting them to specific read, write, and notify vi ews.
Configuring the Switch 3-46 3 T able 3-5 S upported N otifica tion Mess ages Object La bel Objec t ID Descripti on RFC 1493 Traps newRoot 1.3.6.1.2. 1.17.0 .1 The n ewRoot tra p indicate s that t he sendin g agent has become the new roo t of the S pannin g Tree; the trap is sent by a bridge soon after its election as the new root, e.
Simple Network Management Proto col 3-47 3 Private Tr aps swPowerS tatus ChangeT rap 1.3.6.1.4. 1.259. 6.10.76.2. 1.0.1 This trap is sent wh en the power sta te changes. swFanFai lureTra p 1.3 .6.1.4. 1.259.6.1 0.76.2. 1.0.17 Th is trap is s ent wh en the fan fails.
Configuring the Switch 3-48 3 We b – Click SNMP , SNMPv3, Group s. Click New to configure a new group. I n the New G roup page , define a nam e, assign a se curity mo del and level , and the n selec t read, wr ite, and notify views. Click Ad d to save t he new group and retur n to the Groups list.
Simple Network Management Proto col 3-49 3 Setting SNMPv3 Views SNMPv 3 views ar e used to restrict use r access to specified portions of the MIB tree. The prede fined view “defaultv iew” include s acces s to the entir e MIB tree. Command Attributes • View Name – The nam e of the SNMP view.
Configuring the Switch 3-50 3 CLI – Us e th e snmp-s erver vi ew comma nd to conf igure a new view . This examp le view incl udes the MIB-2 in terfaces ta ble, and the wild card mask select s all in dex entries.
User Authent ication 3-51 3 Command Attributes • Account List – Dis plays the cu rrent list of user accoun ts and ass ociated acc ess levels. (D efaults: ad min, and gu est) • New Account – Displ ays configu ration set tings for a ne w accoun t.
Configuring the Switch 3-52 3 Configuring Local/Remote Logon Authentication Use the Authe ntication Setting s menu to res trict ma nageme nt acc ess bas ed o n specifie d user name s and password s.
User Authent ication 3-53 3 • RADIUS Settings - Global – Provides g lobally ap plicable R ADIUS se ttings. - ServerIndex – Speci fies one of five RADI US server s that may be configure d. The switc h attempts authentic ation using t he listed sequ ence of ser vers.
Configuring the Switch 3-54 3 We b – Click Security , Authentication Settings. T o config ure local or re mote authenti cation pre ferenc es, specif y the authen ticatio n sequence (i.e., one t o three methods), fill in t he parameters for RADIUS or T ACACS+ authentic ation if sel ected, and click Ap ply .
User Authent ication 3-55 3 Configuring HTTPS Y ou can co nfigure the sw itch to enab le the Sec ure Hyper text T ransf er Protocol (HTTPS ) over the Secu re Soc ket Layer (SS L), prov iding secu re access (i.e., an encrypt ed con nection) to t he switc h’s web i nterface .
Configuring the Switch 3-56 3 We b – C lick Sec urity , H TTPS Se ttings. En able HTTP S and spe cify th e port num ber , then c lic k Ap ply . Figure 3- 35 HT TPS Setti ngs CLI – This example ena bles the H TTP secure server and m odifies the p ort number.
User Authent ication 3-57 3 Configuring the Secure She ll The Berkl ey-standard includes r emote a ccess tools originall y designed fo r Unix systems. Some of these tools hav e also bee n implem ented for M icrosoft Windo ws and other environm ents.
Configuring the Switch 3-58 3 be config ured loca lly on the sw itch via the U ser Accou nts page as described on page 3-50.) Th e clients are subs equen tly authent icated using t hese keys .
User Authent ication 3-59 3 Field Attributes • Public-Key of Host-Key – T he publi c ke y for th e host . - RSA (Versi on 1): The fir st field indicat es the size of th e host key (e. g., 1024), th e second f ield is the encod ed public exponent (e.
Configuring the Switch 3-60 3 CLI – Th is e xampl e ge nera tes a hos t-k ey p air usi ng bo th t he R SA an d DSA algorithms, stores the keys to flash memory , and then displays the host’s p ublic keys. Configuring the SSH Server The SSH se rver incl udes basi c settings for authenti cation.
User Authent ication 3-61 3 We b – Click Security , SSH, Settings. Enable SSH and adjust the authentication paramete rs as req uired, then clic k Apply . Note that y ou must fi rst generate t he host key pair on the SS H Ho st-Key Se ttings pag e befor e you c an enab le the SSH s erver .
Configuring the Switch 3-62 3 Configuring Port Security Port securit y is a feature t hat allows you to config ure a switch port with one or more device MA C addres ses that are autho rized to acc ess the ne twork thro ugh that por t.
User Authent ication 3-63 3 We b – Click Security , Port Security . Set the action to take when an invalid address is detected o n a port, mar k the chec kbox in the Status column to en able secu rity for a port, set the maxi mum number of MAC a ddresse s allowed o n a por t, and cl ick Apply .
Configuring the Switch 3-64 3 Configuring 802. 1X Port Authentication Netw ork switch es can pr ovi de ope n and eas y acce ss to ne twor k resou rces by simply attac hing a client PC.
User Authent ication 3-65 3 • The RADI US serve r and clie nt also hav e to supp ort the sa me EAP au thentica tion type – MD 5. (Som e clients have native su pport in Wi ndows, otherwise t he dot1x client mus t support it.) Displaying 802 .1X Global Settings The 80 2.
Configuring the Switch 3-66 3 Configuring 80 2.1X Globa l Settings The 80 2.1X proto col pr ovi des po rt aut hent ica tion . The 80 2.1X pr oto col mus t be enabled globa lly for the sw itch s ystem before port s ettings are a ctive. Command Attributes 802.
User Authent ication 3-67 3 • Max Reque st – Sets th e maximum number of times th e switch po rt will re transmit an EA P reques t packet to the client b efore it times o ut the au thentic ation ses sion.
Configuring the Switch 3-68 3 CLI – This examp le sets the 802.1X paramete rs on port 2. For a description of the addition al fields disp layed in this e xample , see “show dot1x” on pag e 4-83.
User Authent ication 3-69 3 Display ing 802.1X Statistics Thi s swit ch c an d isp lay s tat isti cs f or dot1x prot oco l exc hange s fo r an y por t. T able 3-7 80 2.1X Stat istics Paramete r Descr iption Rx EAPO L Start The numb er of EAPOL Start fra mes that ha ve bee n received b y this Au thenticato r .
Configuring the Switch 3-70 3 We b – Select S ecurity , 802.1X, S tatistics. Se lect the requ ired port and then click Query . Click Refres h to update the s tatisti cs. Figure 3- 42 80 2.1X Port Statis tics CLI – This examp le display s the dot1x sta tistics for por t 4.
User Authent ication 3-71 3 Filteri ng IP Addresses for Management Access Y ou can c reate a list of up to 16 IP add resses o r IP address grou ps that are all owed manage ment ac cess to the swi tch throu gh the web int erface, SNM P , or T elnet. Command Usage • The ma nagemen t inter faces a re open to all IP addr esses b y defau lt.
Configuring the Switch 3-72 3 We b – Click Secur ity , IP Filter . Enter the IP ad dresses or range of add resses t hat are allowe d manage ment acces s to an inter face, and click Add IP Filtering En try . Figure 3-4 3 IP F ilter CLI – Th is e xampl e re str ict s ma nagem ent acces s fo r T eln et cl ie nts.
Access C ontrol Lis ts 3-73 3 Access Control Lists Access C ontrol Lists (ACL) provide packet filte ring for I P frames (based on ad dress, protocol , Layer 4 protoc ol port num ber or TCP c ontrol cod e) or any frame s (based on MAC addre ss or Ether net type ).
Configuring the Switch 3-74 3 Setting the ACL Name and Ty pe Use the AC L Configur ation page to de signate the na me and type of an AC L. Command Attributes • Name – Name of the AC L.
Access C ontrol Lis ts 3-75 3 and comp ared with th e address for each IP pac ket entering the port(s) to which this ACL ha s been as sign ed. We b – S pecif y the action (i .e., Permit or Deny). Select the address type ( Any , Host, or IP). If yo u sele ct “Hos t,” enter a spe cific ad dress.
Configuring the Switch 3-76 3 • Protocol – Speci fies the prot ocol type to m atch as TCP , UDP or Ot hers, whe re others in dicates a s pecific p rotocol n umber (0- 255). (Opt ions: TC P, UDP, O thers; Default: TCP) • Source/D estination Por t – Source /destina tion port num ber for th e specified protocol type.
Access C ontrol Lis ts 3-77 3 We b – S pecify the act ion (i.e., Per mit or Deny ). S pecify the sou rce and/ or destinat ion addres ses. Select the address type (Any , Host, or IP). If you select “Host,” enter a spec ific ad dress. I f you select “IP ,” e nter a s ubnet address and the mask for an address r ange.
Configuring the Switch 3-78 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any com binatio n of permit or de ny rules. • Source/D estination Address Type – Use “An.
Access C ontrol Lis ts 3-79 3 We b – S pecify the act ion (i.e., Per mit or Deny ). S pecify the sou rce and/ or destinat ion addres ses. Sele ct the addre ss type (Any , Host, or MA C). If you sel ect “Host,” enter a specific a ddres s (e.g., 1 1- 22-33-4 4-55-66 ).
Configuring the Switch 3-80 3 Configuring ACL Masks Y ou must s pecify ma sks that con trol the order in which A CL rules are ch ecked . The swi tch incl udes two s yste m de fault mask s th at p as s/fi lter p acket s ma tchi ng t he permit /deny rule s specified i n an ingress AC L.
Access C ontrol Lis ts 3-81 3 Configuring an IP ACL Mask This mask d efines the fields to chec k in the IP hea der . Command Usage • Masks t hat include an entry fo r a Layer 4 prot ocol sourc e port or dest ination port can only be applied to packets with a header l ength of exa ctly five byt es.
Configuring the Switch 3-82 3 We b – Configu re the mask to match t he required rules in th e IP ingress or egress ACLs. S et the mask to check for a ny source or destinati on addres s, a specif ic host address , or an addres s range. Include oth er criteria to search for i n the rules, su ch as a protoc ol type or one of t he servic e types.
Access C ontrol Lis ts 3-83 3 Configuring a MAC ACL Mask This mask d efines the fields to chec k in the packe t header. Command Usage Y ou must conf igu re a m ask f or an ACL rul e befo re y ou can bi nd i t to a por t.
Configuring the Switch 3-84 3 CLI – This e xample s hows how to c reate an Ingres s MA C ACL and b ind it to a port . You can the n see that th e order of th e rules have be en chan ged by the mask.
Port Configurati on 3-85 3 We b – Click Sec urity , ACL, P ort Bi nding. Ma rk the Enab le field for the port yo u wan t to bind to an ACL for ingre ss or egres s traffic, select the r equired ACL f rom the drop-do wn list, then click Apply .
Configuring the Switch 3-86 3 • Autonegotiation – Shows if auto-neg otiation is e nabled for disable d. (This s etting is fixed at “Di sabled” f or all 10G por ts.) • Trunk Me mber 8 – Sh ows if port is a tru nk member . • Creation 9 – Shows if a tru nk is manual ly configure d or dynamic ally set via LACP .
Port Configurati on 3-87 3 • LACP – Shows if LACP is enab led or disab led. • Port secu rity – Shows if po rt security is enabled or di sabled.
Configuring the Switch 3-88 3 Configuring I nterface Connections Y ou ca n use t he Port C onfigur ation or T runk C onfigur ation page to ena ble/disa ble an interface, set auto-ne gotiation an d the interfac e capabilitie s to advertise, or manually fix the speed and duplex m ode.
Port Configurati on 3-89 3 We b – Cli ck P ort, Por t Conf ig urat ion o r T runk Con fig ura tion. Modi fy the requ ired interface settings, and click Apply . Figure 3-5 3 Por t - Port Co nfigur ation CLI – Select the interface, and then ente r the required settings.
Configuring the Switch 3-90 3 Creating Tr unk Groups Y ou can cr eate multi ple links bet ween de vices that work as one vir tual, aggr egate link. A por t trunk offers a dram atic incre ase in band width for net work segm ents where b ottlenec ks e xist, as well a s prov iding a fault-to lerant l ink b etween two switch es.
Port Configurati on 3-91 3 Statically Configuring a Trunk Command Usage • When co nfiguri ng stati c trunks, you m ay not be able to link sw itches of different types, dependi ng on the man ufactu rer’s implemen tation. However , note that th e static trunks on th is switch a re Cisco Ethe rChannel compatible.
Configuring the Switch 3-92 3 CLI – This exampl e crea tes tr unk 1 wi th port s 1 and 2. Just connec t th ese port s to two static trun k ports on ano ther switc h to form a tru nk.
Port Configurati on 3-93 3 Command Attributes • Member Li st (C urre nt) – Show s config ured trunk s (Unit, Port). • New – Include s entry field s for creatin g new trunk s. - Port – Port ident ifier. (Range : 1-8) We b – Click Po rt, LACP , C onfiguration .
Configuring the Switch 3-94 3 Configuring LACP Pa rameters Dynami cally Creati ng a Port Chann el – Ports assigne d to a com mon port ch annel must meet the f ollowing c riteria: • Ports must have the same LACP System Priority. • Ports must have th e same LACP port Admin Key.
Port Configurati on 3-95 3 We b – Click Po rt, LACP , Aggreg ation Po rt. Set the System Priority , Admi n Key , and Por t Pri orit y for the Por t Act or .
Configuring the Switch 3-96 3 CLI – The followi ng exam ple configur es LACP para meters for ports 1-6. Ports 1-4 are used as active me mbers of t he LAG , ports 5 and 6 are set to backup mode.
Port Configurati on 3-97 3 Displaying LACP Port Cou nters Y ou can disp lay statistics f or LACP protocol me ssages . We b – Click Port, LACP , Port Counters Info rmation.
Configuring the Switch 3-98 3 Displaying LACP Settings and Status for the Lo cal Side Y ou can disp lay conf iguration s ettings an d the oper ational state for the local sid e of an link aggreg ation.
Port Configurati on 3-99 3 We b – Click Port, LACP , Port Intern al Informati on. Select a port channel to display the corres ponding informa tion. Figure 3-58 LAC P - Po rt Internal Inform ation CLI – The followi ng exam ple displays the LACP configura tion settings and operat ional state for th e local side of port channel 1.
Configuring the Switch 3-100 3 Displaying LACP Settings and Status for the Rem ote Side Y ou can disp lay conf iguration s ettings an d the oper ational state for the remote si de of an link ag gregatio n. We b – Click Por t, LACP , P ort Neighbo rs Informa tion.
Port Configurati on 3-101 3 CLI – The followi ng exam ple displays the LACP configura tion settings and operat ional state for th e remote side of port chann el 1.
Configuring the Switch 3-102 3 We b – Click Por t, Port Broad cast Contro l or Tr unk Broa dcast Con trol. Chec k the Enabled box f or any interfac e, set the th reshold, and c lick App ly . Figure 3 -60 P ort Broad cast C ontrol CLI – S pecify any i nterface , and then ent er the thre shold.
Port Configurati on 3-103 3 Configuring Port Mirroring Y ou can m irror traffic from any source port to a target port for re al-time an alysis. Y ou can then attach a logic an alyzer o r RMON pr obe to the target port and s tudy the traffic crossing the source port in a comple tely unob trusive manner.
Configuring the Switch 3-104 3 Configuring Rat e Limits This funct ion allows the netwo rk manager to control th e maximum rate for traffic transmi tted or recei ved on an in terface. R ate limiting i s configur ed on interfa ces at the edge o f a network to limit traffic into or ou t of the switch .
Port Configurati on 3-105 3 Showing Port Statistics Y ou can disp lay standa rd statistics on ne twork traffic fro m the Inte rfaces Grou p and Ethernet- like MIBs, as well as a detailed breakdown of traffic based on th e RMON MIB. Inter faces an d Ethernet- like statistics d isplay error s on the traffic passin g throug h each port.
Configuring the Switch 3-106 3 Transmit Discard ed Packets The num ber o f outbou nd p ackets w hich w ere cho sen to be dis carded even though no errors had been detec ted to pre vent th eir being t ransmit ted. One poss ible rea son for di scardin g such a p acket could be t o free up buffer spa ce.
Port Configurati on 3-107 3 Received Frame s The total number of frames (bad, bro adcast and multi cast) recei ved. Broadcas t Frame s The total numbe r of good frames received t hat were d irected to the broadcas t addre ss. Note th at this does not include multicast packe ts.
Configuring the Switch 3-108 3 We b – Click Por t, Port St atistics. Sele ct the requ ired interfac e, and click Quer y . Y ou can also use the Refres h button at the bottom of the page to upd ate the sc reen.
Address T able Settings 3-109 3 CLI – Th is ex ampl e sh ows s ta tist ics for port 12. Address Table Settings Switche s store the add resses fo r all known devices. Thi s inform ation is used to pass traffic directly between the i nbound and outbound ports.
Configuring the Switch 3-110 3 We b – Click Add ress T able, Static Addr esses. S pecify the inter face, the MAC addr ess and V LAN, t hen cli ck Ad d S tatic Addr ess . Figure 3 -64 S tatic Addr esses CLI – This exam ple adds an a ddress to the static addre ss table, but sets it to be deleted when t he switch is re set.
Address T able Settings 3-111 3 We b – C lick Addr ess T a ble, Dy namic Add resses. S pecify the s earch t ype (i.e., mark the Inte rf ace, MAC A ddres s, or VL AN ch eckbo x), sel ect the metho d of sort ing the displaye d address es, and th en click Q uery .
Configuring the Switch 3-112 3 Changing the Aging Time Y ou can se t the aging time for entri es in the dyna mic add ress table. Command Attributes • Aging Status – Enab les/disa bles the aging funct ion. • Aging Time – The time afte r which a learned entry is disca rded .
Spanning Tree Algorithm Configurati on 3-113 3 Once a stable network top ology has been establ ished, all bri dges liste n for Hello BPDUs (Bri dge Protoco l Data Units) transmitt ed from the Root Bridge.
Configuring the Switch 3-114 3 new root po rt is select ed from am ong the de vice ports attached to the netwo rk. (Refer ences to “por ts” in this se ction mea n “interface s,” whic h includes both ports and trun ks.) • Hello Time – Interval (in seco nds) at whi ch the root device tran smits a configur ation mes sage.
Spanning Tree Algorithm Configurati on 3-115 3 • Root Forward Delay – The maximum time (in seconds ) this device will wait b efore changin g states (i. e., discarding to learnin g to forward ing). This dela y is requir ed because every de vice must receive in formatio n about topol ogy chang es befor e it starts t o forward fra mes.
Configuring the Switch 3-116 3 Note: The current root por t and current root cost display as zero when this dev ice is not connected to the network. Configuring Globa l Settings Global s ettings ap ply to the entir e switch. Command Usage • Spannin g Tree Protoc ol 14 Uses RSTP for the inter nal state mac hine, but send s only 802 .
Spanning Tree Algorithm Configurati on 3-117 3 • Multiple S panning Tre e Protoco l - To a llow multipl e spanni ng trees t o operate ov er the ne twork, you must con figure a related se t of bridges w ith the same MSTP co nfiguration , allowing them to participat e in a spec ific set of sp anning tre e instances .
Configuring the Switch 3-118 3 • Forward Delay – The maximum time (in seconds) this d evice will wai t before changin g states (i. e., discarding to learnin g to forward ing). This dela y is requir ed because e very de vice must receive in formatio n about topol ogy chang es befor e it starts to forward frames.
Spanning Tree Algorithm Configurati on 3-119 3 We b – Click Spanning T ree, ST A, Configuratio n. Modify th e required attributes, an d click Apply .
Configuring the Switch 3-120 3 CLI – Th is e xampl e en able s S panni ng T ree Pr ot ocol , se ts the mode t o MS T , and then configu res the ST A and MSTP paramet ers. Displaying Int erface Settings The S T A Por t Inform ation a nd ST A Trunk Informa tion pages display the c urrent status of ports and tru nks in the Spanning T ree.
Spanning Tree Algorithm Configurati on 3-121 3 • Desig nated Po rt – The port prior ity and numbe r of the po rt on the design ated bridging device thro ugh which this switch m ust com municat e with the root of the Span ning Tre e.
Configuring the Switch 3-122 3 These addi tional param eters are on ly displa yed for the CL I: • Admin stat us – Show s if this interfac e is enabled . • Exte rnal path cost – The path cost f or the IST. This parameter is used b y the STA to d etermin e the be st path b etwee n devic es.
Spanning Tree Algorithm Configurati on 3-123 3 CLI – This examp le shows t he ST A attributes for por t 5. Configuring I nterface Settings Y ou can co nfigure RSTP and MSTP attribu tes for spec ific interface s, including port priority , path cost, link typ e, and edge port.
Configuring the Switch 3-124 3 The follow ing interfa ce attribut es can be con figured: • Spanning Tree – Ena bles/disabl es STA on th is interfac e. (De fault: Ena bled) • Priority – Defines th e priority us ed for this p ort in the Spanni ng Tree Protocol.
Spanning Tree Algorithm Configurati on 3-125 3 • Migratio n – If at any time the switch det ects STP BPDU s, includ ing Configura tion or Topol ogy Change N otificati on BPDUs, it will autom atically set the s electe d interface t o forced S TP-comp atible mo de.
Configuring the Switch 3-126 3 T o use multipl e spanning tre es: 1. Set the spanning tree type to MSTP (ST A Configuratio n, page 3-1 16). 2. Enter the spanning tree prior ity for the sele cted MST in stance (MSTP VL AN Config uration). 3. Add the VLANs that will share this MSTI (MSTP VLAN Configuration).
Spanning Tree Algorithm Configurati on 3-127 3 We b – Click Spanning T ree, MSTP , VLAN Confi guration . Select an ins tance identifier fro m the list, set the instance prior ity , an d click Apply . T o add th e VLAN memb ers to an M STI instan ce, enter the instan ce identifie r , the VLA N identif ier , and click Add.
Configuring the Switch 3-128 3 CLI – This examp le sets the priority for M STI 1, and adds VLANs 1-5 to this MSTI. ----------------------------------------------------- ---------- Eth 1/ 7 informati.
Spanning Tree Algorithm Configurati on 3-129 3 Displaying Int erface Settings for MSTP The MSTP Po rt Informa tion and MS TP T runk Infor mation pages di splay the cu rrent status of por ts and trunks in the sel ected MS T instance. Field Attributes MST Instan ce ID – Inst ance ide ntifier to confi gure.
Configuring the Switch 3-130 3 Configuring I nterface Settings for MSTP Y ou can co nfigure the ST A interface settings for an M ST Instance us ing the MSTP Port Confi guration and MSTP Trunk Con figuration pages . Field Attributes The follow ing attribu tes are read-on ly and can not be chan ged: • Port – Port i dentifier.
Spanning Tree Algorithm Configurati on 3-131 3 Protoco l is detecting network l oops. Wh ere more t han one por t is assigne d the highest pr iority, the po rt with lowe st nume ric identifier will be enable d.
Configuring the Switch 3-132 3 VLAN Configuration IEEE 802.1Q VLANs In large netw orks, rou ters are use d to isolat e broadc ast traffic for each su bnet into separate dom ains. T his sw itch provi des a s imilar s ervice at Layer 2 by using VLANs to organ ize any group of networ k nodes into separate broad cast dom ains.
VLAN Configurati on 3-133 3 Note: VLAN-tagged frames c an pass throug h VLAN-awa re or VLAN-unaw are network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host th at does not support VLAN t agging.
Configuring the Switch 3-134 3 these hos ts, and core swi tches in th e network , enable GV RP on the link s betwe en these dev ices. Y ou should also determin e securit y boundarie s in the netwo rk and disable G VRP on th e boundar y ports to prevent advertis ements from be ing propagate d, or forbid thos e ports from joining restric ted VLA Ns.
VLAN Configurati on 3-135 3 Enabling or Dis abling GVRP (Gl obal Settin g) GARP VLAN Registra tion Protoco l (GVRP) defines a way for swit ches to excha nge VLAN info rmat ion i n orde r to re gist er VL AN memb ers on port s acr oss th e netw ork .
Configuring the Switch 3-136 3 CLI – Enter the fo llowing co mmand. Displaying Current VLANs The VLAN Cu rrent T a ble show s the curr ent port mem bers of each VLAN and whether or not the port supp orts VLAN tagging. Por ts assigned t o a large VLAN group th at crosses s everal sw itches shou ld use VLAN tagging.
VLAN Configurati on 3-137 3 Command Attributes (CLI) • VLAN – ID of con figured VL AN (1-4094, n o leading zeroe s). • Type – Show s how this VLAN was added to the switch. - Dynamic : Automa tically le arned v ia GVR P. - Static : Added as a s tatic ent ry.
Configuring the Switch 3-138 3 We b – Click VLA N, 802.1Q VLAN, St atic List. T o create a ne w VLAN, ente r the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lic k Ad d. Figure 3 -77 V LAN Static List - Creating VLANs CLI – Th is e xampl e cr eate s a ne w VLA N.
VLAN Configurati on 3-139 3 • Trunk – Trunk identi fi er. • Memb ership Type – Select VLAN mem bership for each interfac e by marking th e appropr iate radio bu tton for a po rt or trunk: - Tagged : Interface is a mem ber of the VLAN.
Configuring the Switch 3-140 3 CLI – The followin g exam ple adds tagged and untagged ports to VLAN 2. Adding Static Members to VLANs (Po rt Index) Use the VLAN S tatic Membership by Port menu to ass ign VLAN gr oups to the selected interface as a tagged me mber .
VLAN Configurati on 3-141 3 Configuring VLAN Be havior for Interfac es Y ou can conf ig ure VL AN beh avio r for sp eci fic inte rfac es, i ncl udin g the de fau lt VL AN identifier ( PVID), acce pted fram e types, ingr ess filtering , GVRP status , and GARP time rs .
Configuring the Switch 3-142 3 Leave or Leave All mess age has b een issu ed, the applican ts can r ejoin bef ore the port actua lly leave s the group.
VLAN Configurati on 3-143 3 CLI – Th is examp le sets por t 3 to ac cept o nly tagged f rames , assign s PVID 3 as t he nati ve VL AN ID, ena ble s G VR P , se ts t he GA RP t ime rs, an d t hen sets th e sw itc hpo rt mode to hybr id.
Configuring the Switch 3-144 3 Configuring Upli nk and Downl ink Ports Use the P riv ate V LAN Link S t atu s p age to s et po rt s as d ownl ink or u plin k po rt s. Ports design ated as d ownlin k ports can no t commun icate w ith any ot her ports on t he switch except for the uplink ports.
VLAN Configurati on 3-145 3 Command Usage T o configu re pro tocol-based VLANs , follow thes e steps: 1. First con figure VLAN groups for the protoc ols you w ant to use (page 3- 137). Although not m andat ory , w e sug gest c onfiguring a separ ate VLA N for each major pr otocol run ning on yo ur network.
Configuring the Switch 3-146 3 Mapping Protocols to VLANs Map a protocol group to a VLAN fo r each interf ace that will p articip ate in the group. Command Usage • When c reating a pro tocol-bas ed VLAN , only assig n interfa ces usi ng this configur ation scr een.
Class of Servi ce Configurati on 3-147 3 Class of Service Config uration Class of Service (CoS) allows you to specify w hich data packets ha ve greater precede nce when traffic is buffered in the sw itch due to congestion . This switch supports Co S with eight priority que ues for each port.
Configuring the Switch 3-148 3 We b – Click Priority , Default Port Pri ority or Default T runk Pri ority . Modify the default priority for any inte rface, then c lick Apply . Figure 3-8 5 De fault Port Priorit y CLI – Th is e xampl e as sign s a de faul t p rior ity of 5 to port 3.
Class of Servi ce Configurati on 3-149 3 Mapping CoS Values to Egress Que ues This switc h process es Class of Ser vice (Co S) priority tagge d traffic by using eigh t priority qu eues for each port , with servic e schedul es based on strict or Weigh ted Round Ro bin (WRR ).
Configuring the Switch 3-150 3 We b – Click Priority , Traf fic Cla sses. Assign prio rities to the t raff ic classes (i .e., output que ues), then c lick Apply . Figure 3- 86 Traffic Clas ses CLI – Th e fo llo wing e xamp le s hows how t o ch ange t he C oS as sign ment s to a one-to -one mappi ng.
Class of Servi ce Configurati on 3-151 3 Selecting th e Queue M ode Y ou can se t the switc h to service the queues based on a st rict rule that requires all traffic in a higher pr iority queue to be .
Configuring the Switch 3-152 3 We b – Click Pr iority , Queue Sched uling. Selec t the inte rface, highli ght a traffic class (i.e., output queue), ent er a weigh t, then click App ly . Figure 3- 88 Qu eue S cheduling CLI – The followi ng exam ple shows how to assi gn WRR wei ghts to each of the priority qu eues.
Class of Servi ce Configurati on 3-153 3 Layer 3/4 Priori ty Settings Mapping Layer 3/4 Pr iorities to C oS Values This swi tch suppo rts several com mon me thods of prio ritizing l ayer 3/4 traffic to m eet applicat ion requirem ents.
Configuring the Switch 3-154 3 Mapping IP Preceden ce The T ype of Se rvi ce (T oS) oc tet in the I Pv4 hea der in clud es thr ee pre ceden ce bit s defining eight different priority leve ls ranging from highes t priority for network control pac ket s to lo west pri orit y fo r ro uti ne t raf fi c.
Class of Servi ce Configurati on 3-155 3 CLI – The followi ng exam ple globally enables IP Pr ecedence service on the switch , maps IP Prec edence va lue 1 to CoS v alue 0 (on por t 1), and then di splays the IP Pre ceden ce set ting s.
Configuring the Switch 3-156 3 We b – Clic k P rior ity , IP DS CP Prio rit y . Sel ect an en try from the DS CP table , e nter a value in th e Class of Serv ice V alu e field, then click Apply .
Class of Servi ce Configurati on 3-157 3 Mapping IP Port Priority Y ou can also map netwo rk applic ations to Cl ass of Ser vice value s based on th e IP port numb er (i.e., TCP/UDP port num ber) in the frame he ader . Some of th e more common TC P service ports include: HT TP: 80, FTP: 21, T elnet: 23 an d POP3: 1 1 0.
Configuring the Switch 3-158 3 CLI – The followin g exampl e globally ena bles IP Po rt Priority serv ice on the swi tch, maps HTTP traf fic ( on port 1) to CoS valu e 0, and then displays the IP Port Priorit y settings .
Mult ica st Filt eri ng 3-159 3 We b – Click Priority , ACL CoS Priority . Select a port, select an ACL rule, specify a CoS priority , then click Add. Figu re 3- 94 ACL C oS Pri ori ty CLI – Th is ex ampl e as sign s a C oS val ue o f ze ro to pac ket s ma tch ing r ules wit hi n the specif ied ACL on po rt 1.
Configuring the Switch 3-160 3 multicast switch/r outer to ensu re that it will conti nue to receiv e the multica st service . This procedure is called multicast filtering.
Mult ica st Filt eri ng 3-161 3 Configuring IG MP Snooping and Query Pa rameters Y ou can co nfigure the sw itch to for ward mult icast traffic intel ligently . Based on the IGMP quer y an d repo rt m essa ges, the swit ch f orwar ds tr af fi c onl y to the port s t hat request multicast tr affic.
Configuring the Switch 3-162 3 We b – Click IGMP Snooping, IGMP Co nfiguration. Adjust th e IGMP settings as required , and then click Apply . (The default set tings are shown belo w .) Figure 3 -95 I GMP Conf igurati on CLI – Th is examp le modi fies the settings for m ulticast filtering, an d then displa ys the current status .
Mult ica st Filt eri ng 3-163 3 Displaying Interfaces Attac hed to a Mu lticast Router Multicast routers t hat are attached to ports on the swi tch use inf ormation ob tained fro m IGM P , al ong wit h a m ulti cast ro utin g pr otoc ol s uch as DV MRP or PIM , to supp ort IP m ulti cast ing acr oss t he I nter net .
Configuring the Switch 3-164 3 Specifying Static Inter faces for a M ulticast R outer Depend ing on you r networ k connect ions, IGM P snoopi ng may n ot always be able to locate the IGMP quer ier .
Mult ica st Filt eri ng 3-165 3 Displaying Port Members o f Multicast Se rvices Y ou can disp lay the po rt memb ers assoc iated with a spe cified VLA N and mu lticast serv ice. Command Attribute • VLAN ID – Sele cts the VLAN fo r which to displ ay port me mbers.
Configuring the Switch 3-166 3 Assigning Po rts to Mult icast Services Multicast filtering ca n be dynam ically conf igured using I GMP Snoop ing and IGM P Query me ssages as describ ed in “Conf iguring IGMP Snoop ing and Que ry Parame ters” on page 3 -161.
Configuring Doma in Name Service 3-167 3 Configuring Domain Name Service The Domain Naming System ( DNS) service on thi s switch allows host names to be mapped to IP addre sses using s tatic table entrie s or by redirect ion to othe r name server s on the netw ork.
Configuring the Switch 3-168 3 We b – Select DN S, General C onfigurat ion. Set the def ault domai n name or list of domain nam es, spe cify one or more nam e servers t o use to use for address resolution , enable domain lo okup status, a nd click Appl y .
Configuring Doma in Name Service 3-169 3 Configuring Sta tic DNS Host to Address Entries Y ou can m anually co nfigure static en tries in the D NS table that are used to map domain names to IP addresse s.
Configuring the Switch 3-170 3 We b – Select DN S, S tatic Host T a ble. Enter a hos t name and on e or more corres ponding a ddres ses, the n click Apply . Figu re 3 -101 DN S Stat ic Host T able CLI - Th is ex ampl e map s t wo ad dres s to a hos t na me, a nd th en confi gur es an ali as host nam e for the sam e add resses.
Configuring Doma in Name Service 3-171 3 Displaying the DNS Cache Y ou can disp lay entri es in the DNS cache tha t have been learned via the designa ted name se rvers. Field Attributes • No – The entry nu mber for ea ch resour ce record. • Flag – Th e flag is alway s “4” indicat ing a cach e entry and th erefore unrel iable.
Configuring the Switch 3-172 3 CLI - This examp le displays all the reso urce reco rds learne d from the designated name ser vers. Console#show dns cache 4-216 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.46.134.222 51 www.microso ft.akadns.net 1 4 CNAME 207.
4-1 Chapter 4: Command Line Interface This chap ter describe s how to use the Com mand Line Interface (CLI). Using the Command Line Interface Accessing the CLI When acc essing t he manag ement interfa.
Command Line I nterface 4-2 4 T o access the switch thr ough a T elnet ses sion, you m ust first se t the IP addr ess for the switch , and set the default gat eway if yo u are manag ing the swi tch from a different IP su bnet.
Entering Co mmands 4-3 4 Entering Commands Thi s sect ion de scri bes how to ente r CLI co mmand s. Keywords and Argument s A CLI comma nd is a ser ies of keywords and argum ents. Keywo rds identify a comm and, and argu ments spec ify configu ration parame ters.
Command Line I nterface 4-4 4 Showing Com mands If you ente r a “?” at the co mmand pr ompt, th e system w ill display th e first leve l of keywords for the curr ent comm and clas s (Normal Exec or Privil eged Exec) or configuration c lass (Global, ACL, DHCP , I nterface, Line, Router , VLAN Database, or MSTP).
Entering Co mmands 4-5 4 Partial Keyword Lookup If you termi nate a partial keyw ord with a question mark, alte rnatives tha t match th e initial lette rs are provi ded. (Re member no t to leave a space between t he comman d and quest ion mark.) For examp le “ s? ” shows all the keywor ds starting with “s .
Command Line I nterface 4-6 4 Exec Commands When you open a new console se ssion on the switch wi th the user na me and password “g uest,” the sys tem enter s the Norma l Exec com mand mod e (or guest mode), di splaying the “Cons ole>” comm and pro mpt.
Entering Co mmands 4-7 4 T o enter th e Global Configu ration m ode, e nter the comm and co nfigure in Privileged Exec mode. The sys tem prompt will change to “Console(c onfig)#” which g ives you access pr ivilege to all Global Con figurat ion comm ands.
Command Line I nterface 4-8 4 Command Groups The syst em com mands can be b roken do wn into the fun ctional gro ups shown below . Ctrl -L Repe ats cu rren t co mmand line o n a ne w lin e. Ctrl-N Enters the next c ommand l ine in t he history buffer .
Line Commands 4-9 4 The access mode sho wn in the fo llowing table s is indicate d by these ab breviation s: PE (Privileg ed Exec) VC (VLAN Database C onfigur ation) NE (Nor mal Exec ) MST (Mul tiple .
Command Line I nterface 4-10 4 line This comm and id entifies a s pecific lin e for con figuration , and to process subseque nt line conf iguration co mmand s. Syntax line { conso le | vty } • console - Console t erminal line . • vty - Vi rtua l ter min al fo r r emot e cons ole acce ss (i .
Line Commands 4-11 4 login This c ommand enable s passwo rd che cking at logi n. Use the no form to disa ble password checking and allow con nectio ns without a password. Syntax log in [ local ] no login local - Select s local password checking. Authentication i s based on the user name specified with the username command.
Command Line I nterface 4-12 4 passwo rd This comm and sp ecifies the password for a line . Use the no form to re move the password . Syntax pas sw o r d { 0 | 7 } password no password •{ 0 | 7 } - 0 means pl ain pass word, 7 mea ns encr ypted pas sword • passw ord - Ch aract er strin g th at sp eci fie s the l in e pass wor d.
Line Commands 4-13 4 Default Sett ing • CLI: D isable d (0 s econds) • Telnet: 600 s eco nds Command Mode Line Co nfigurat ion Command Usage • If a lo gin atte mpt is no t de tect ed wi thi n the ti meout inte rva l, t he con nec tion is termin ated for the ses sion.
Command Line I nterface 4-14 4 passwo rd-thresh This command sets the password intrusi on threshold which limits the number of failed logo n attempts. Use the no form to remov e the thresh old valu e. Syntax password -thre sh [ thresh old ] no password-thr esh threshold - The number of allowed password at tempts.
Line Commands 4-15 4 Example T o set the sil ent time to 60 seconds, enter t his command: Related Commands passw ord-th resh (4-1 4) databits This comm and sets the num ber of d ata bits per character that are inte rpreted and generat ed by the cons ole port.
Command Line I nterface 4-16 4 parity This comm and define s the gene ration of a parity bit. Use the no for m to r es tore th e default se tting. Syntax par i t y { none | even | odd } no parity • .
Line Commands 4-17 4 Command Usage Set the speed to match th e baud rate of the device con nected t o the serial port. Som e baud rates avai lable on de vices co nnected to the po rt might no t be support ed. The system i ndicates i f the spee d you s elected is n ot suppo rted.
Command Line I nterface 4-18 4 Example Related Commands show ss h (4-39 ) show us ers (4-61) show lin e This command dis plays the termin al line’ s paramete rs. Syntax show line [ con sole | vty ] • console - Console t erminal line . • vty - Vi rtua l ter min al fo r r emot e cons ole acce ss (i .
General Co mmands 4-19 4 General Commands enab le Thi s com mand a cti vate s Pri vil eged Exec mode . In pri vile ged mode, addi tio nal comm ands are availabl e, and cer tain comm ands di splay a dditional information . See “Unde rstanding C omma nd Modes” on page 4-5 .
Command Line I nterface 4-20 4 Related Commands disable (4 -20) enable pass word (4-2 6) disab le This command r eturns to Normal Ex ec mode from priv ileged mode. In normal access m ode, y ou can onl y disp lay basic informa tion on the s witch' s configu ration or Etherne t statistics.
General Co mmands 4-21 4 show his tory This comm and sh ows the con tents of the com mand hi story buffer . Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage The hist ory buf fer si ze is fix ed at 10 E xecut io n com mands and 10 Configur ation com mands.
Command Line I nterface 4-22 4 Command Usage Thi s comma nd res et s the ent ire syste m. Example This examp le show s how to res et the switch: end This comm and retur ns to Privileged Exec mode .
System Management Commands 4-23 4 quit This c ommand exits the configu ration program. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage The qui t and exit comma nds can both exi t the configu ration pr ogram.
Command Line I nterface 4-24 4 Device Designation Commands prompt Thi s com mand c usto miz es t he CL I pro mpt. Use the no form to restor e the defa ult prompt. Syntax prompt string no prompt string - Any alphanum eric string to use for th e CLI prompt.
System Management Commands 4-25 4 Example User Access Commands The bas ic com mands requir ed for mana gement a ccess are listed in this s ection . This switc h also incl udes othe r options for passw.
Command Line I nterface 4-26 4 Command Mode Global Co nfigurati on Command Usage The encry pted passwor d is requir ed for compatib ility with leg acy password settings (i.e., plain t ext or e ncryp ted) w hen rea ding the confi guration file d uring system bo otup or when dow nloading t he config uration f ile from a T FTP serve r .
System Management Commands 4-27 4 Example Related Commands enable (4-19) aut hent icat ion en able (4- 70) IP Filt er Commands managem ent This comm and speci fies the client IP addr esses tha t are allowed m anage ment access t o the switch through v arious prot ocols.
Command Line I nterface 4-28 4 • When ent ering addr esses for the sa me group (i.e., SNMP, web or Telnet ), the switch will not accept overlapping address ranges. When ent ering addresses for diffe rent groups, t he switch will accept overlapping address ranges.
System Management Commands 4-29 4 Web Server Commands ip http port This comm and speci fies the TCP port numbe r used by t he web brow ser interf ace. Use t he no form to us e the defaul t port. Syntax ip http port port- number no ip http port port-number - The TCP p ort to be used by the browser interface.
Command Line I nterface 4-30 4 Example Related Commands ip htt p port (4-29) ip http sec ure-server This comm and enabl es the secur e hypertex t transfe r protocol (HTT PS) over the Secure Socket Layer (SSL ), provi ding sec ure acc ess (i.e ., an en crypted c onnec tion) to the swit ch’s web interfac e.
System Management Commands 4-31 4 Example Related Commands ip http secu re-port (4-31) copy tftp https-certif icate (4-63) ip http sec ure-port This comm and specif ies the UD P port number us ed for HTTP S connectio n to the switch’ s web interface .
Command Line I nterface 4-32 4 Telnet Ser ver Commands ip telnet s erver This command allows this device to be monitored or configured from T elnet. It also specifie s the TCP port num ber used by the T e lnet interfac e. Use the no form wit hout the “port ” keyword to disable thi s function.
System Management Commands 4-33 4 Thi s sect ion de scri bes the comma nds us ed to co nfig ure th e SSH ser ver . Howe ver , note that y ou also nee d to install a SSH cl ient on the ma nageme nt station whe n using thi s protocol to configure t he switch.
Command Line I nterface 4-34 4 station and place the ho st publ ic key in it. An entry for a public key in the know n hosts file wou ld appea r similar to the f ollowing example : 10.
System Management Commands 4-35 4 ip ssh se rver This comm and enable s the Secure She ll (SSH) serve r on this switc h. Use the no form to disa ble this se rvice. Syntax [ no ] i p ssh server Default Sett ing Disabled Command Mode Global Co nfigurati on Command Usage • The SSH server suppo rts up to fou r client sessi ons.
Command Line I nterface 4-36 4 Command Usage The ti meo ut specifi es the interval the switch will wait fo r a response from th e client duri ng the SSH neg otiation pha se. Once an SSH session has been establishe d, the timeo ut for user inpu t is controlle d by the exec -timeout comm and for vty se ssions.
System Management Commands 4-37 4 Default Sett ing 768 bits Command Mode Global Co nfigurati on Command Usage • The serve r key is a priv ate key that is never sha red outsi de the swit ch. • The host ke y is shared w ith the SSH c lient, and is fixe d at 1024 bit s.
Command Line I nterface 4-38 4 Command Usage • This co mmand stores t he host key pai r in mem ory (i.e. , RAM) . Use th e ip ssh save ho st-key co mm and to sa ve th e ho st key p air t o fla sh m emo ry. • Some S SH client pr ograms aut omatic ally add the public key to t he known hosts file as part of the con figurat ion process .
System Management Commands 4-39 4 ip ssh sa ve host- key This comm and saves the host key from RA M to flash m emory . Syntax ip ssh save ho st-key [ dsa | rsa ] • dsa – DSA ke y type. • rsa – RSA key type. Default Sett ing Saves both the DSA an d RSA key .
Command Line I nterface 4-40 4 show pub lic-key Thi s com mand s hows the publ ic ke y fo r th e sp ecifi ed u ser or fo r t he ho st. Syntax show p ublic-key [ user [ usernam e ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Sett ing Shows all public keys .
System Management Commands 4-41 4 • When a n RSA k ey is displayed , the first fiel d indica tes the s ize of the ho st key (e.g., 10 24), the sec ond field is the e ncoded public expo nent (e.
Command Line I nterface 4-42 4 logging on This comm and cont rols loggin g of error m essages, sending debug or erro r message s to switch memory . The no form dis able s the l oggi ng pr ocess .
System Management Commands 4-43 4 • level - One of the l evels listed below. Mes sages sen t include t he selec ted level dow n to level 0 . (Range: 0- 7) Default Sett ing Flash: error s (level 3 - .
Command Line I nterface 4-44 4 Command Usage • By usin g th is c ommand more tha n onc e yo u can buil d up a li st of hos t I P address es. • The maxi mum num ber of hos t IP address es allowed i s five. Example logging fac ility This comm and sets the f acility typ e for remo te loggin g of sysl og mess ages.
System Management Commands 4-45 4 Default Sett ing • Disabled • Level 7 - 0 Command Mode Global Co nfigurati on Command Usage • Using th is comma nd with a sp ecified leve l enables r emote log ging and se ts the minim um sever ity level t o be saved.
Command Line I nterface 4-46 4 show log ging This comm and disp lays the con figurat ion settings for loggin g messag es to local switch memory , to an SMTP event handler , or to a rem ote syslog server . Syntax sh ow logg ing { flash | ram | sendmail | tr ap } • flas h - Displays settings for storing ev ent messages in flash memory (i.
System Management Commands 4-47 4 The follow ing exam ple displays settings for the trap fu nction. Related Commands show logg ing sendm ail (4-51) show log This comm and disp lays the lo g messag es stored in local memo ry . Syntax show log { flash | ra m } • flas h - Event hist ory store d in flash mem ory (i.
Command Line I nterface 4-48 4 Example The follow ing exam ple shows the event m essage st ored in RAM . SMTP Alert Commands These com mands configure S MTP event han dling, an d forwardi ng of alert messag es to the spec ified SM TP servers and email rec ipients.
System Management Commands 4-49 4 • To op en a con nection , the swi tch first selec ts the se rver that succe ssfully sent mail du ring the las t conne ction, or the first server configur ed by th is comm and. If it fai ls to send mail, the switch selects the next server in the lis t and tries to send mail again.
Command Line I nterface 4-50 4 Command Mode Global Co nfigurati on Command Usage Y ou may use an symb olic email add ress that identifies t he switch , or the address of an admi nistrator respo nsible f or th e switch. Example logging se ndmail d estination-em ail This comm and sp ecifies the email recip ients of alert me ssages.
System Management Commands 4-51 4 Example show log ging sendma il This c ommand displays the settings for th e SMTP event handle r . Command Mode Normal Exec, Privileged Exec Example Time Commands The syste m clock can be dynami cally set by p olling a set of specifie d time server s (NTP or SNTP ).
Command Line I nterface 4-52 4 sntp clien t This comm and enable s SNTP client requests for time syn chronizati on from NTP or SNTP time se rvers sp ecified with the sntp se rvers co mmand.
System Management Commands 4-53 4 Default Sett ing None Command Mode Global Co nfigurati on Command Usage This command specifies time servers fr om which the s witch will poll for time updates when set to SNTP client mode. The client will pol l the time servers in the ord er spec ified unti l a respo nse is r eceive d.
Command Line I nterface 4-54 4 show sn tp This comm and disp lays the cur rent time a nd configur ation set tings for the S NTP client, and indicates whether or not the local time has bee n proper ly updated.
System Management Commands 4-55 4 Related Commands show sn tp (4-54 ) cale nda r set This comm and se ts the system cl ock. It may be used if ther e is no time ser ver on your net work, or if you have not co nfigur ed the s witch to receive si gnals from a time serv er .
Command Line I nterface 4-56 4 System Status Commands show sta rtup-config This command dis plays the configur ation file sto red in non-volati le memory that is used to start up the system .
System Management Commands 4-57 4 Example Related Commands show runni ng-con fig (4- 58) Console#show startup-config !<stackingDB>00</stackingDB> !<stackingMac>01_00-0c-db-21-11-33_00</st ackingMac> ! phymap 00-0c-db-21-11-33 ! SNTP server 0.
Command Line I nterface 4-58 4 show runn ing-config This comm and disp lays the con figurat ion informa tion curr ently in use. Default Sett ing None Command Mode Privileged Exec Command Usage • Use.
System Management Commands 4-59 4 Example Related Commands show startu p-config (4-56) Console#show running-config building running-config, please wait... !<stackingDB>00</stackingDB> !<stackingMac>01_00-0c-db-21-11-33_00</st ackingMac> ! phymap 00-0c-db-21-11-33 ! SNTP server 0.
Command Line I nterface 4-60 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Usage • For a descr iption of th e items sh own by this com mand, refer to “D isplay ing System In formatio n” on page 3-9.
System Management Commands 4-61 4 show us ers Shows all act ive cons ole an d T elnet s ession s, includi ng use r nam e, idle time, a nd IP address of T el net client. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage The sess ion use d to ex ecute t his co mmand i s indica ted by a “*” symbol n ext to the Line (i.
Command Line I nterface 4-62 4 Example Frame Size Commands jumbo frame This comm and enabl es suppo rt for jumbo frames. Us e the no form to di sabl e it.
Flash/File Commands 4-63 4 Example Flash/File Commands These c omman ds a re use d to ma nage the s ystem c ode o r conf iguration files. copy This comm and mov es (uplo ad/downloa d) a code i mage or co nfigurati on file between t he switch’s flash m emory and a TFTP serv er .
Command Line I nterface 4-64 4 Command Mode Privileged Exec Command Usage • The sy stem prompts fo r data req uired to comp lete the copy c ommand. • The de stination fi le name s hould no t conta in slashe s ( or /), th e leadi ng letter of the file na me should no t be a period (.
Flash/File Commands 4-65 4 The follow ing exampl e shows how to downl oad a conf iguration f ile: This examp le shows ho w to cop y a secure-si te certifica te from an T FTP server . It then r eboots the switc h to activate the c ertificate : This examp le shows ho w to copy a pub lic-key used by SSH from an TFTP serv er .
Command Line I nterface 4-66 4 Command Usage • If the file type i s used for sys tem startup, th en this file cannot be dele ted. • “Facto ry_Defau lt_Con fig.cfg” ca nnot be delet ed. Example This exa mple sho ws how t o delete the tes t2.cfg co nfigurati on file fro m flash m emory .
Flash/File Commands 4-67 4 Example The follow ing exam ple shows how to disp lay all file inform ation: whichboo t This c ommand displ ays w hich file s were booted when the s ystem powere d up. Default Sett ing None Command Mode Privileged Exec Example This examp le show s the inform ation displ ayed by the whichboot command.
Command Line I nterface 4-68 4 Command Mode Global Co nfigurati on Command Usage • A colon (:) is required af ter the spec ified unit num ber and file t ype.
Authentication Co mmands 4-69 4 Authenticat ion Sequence authentica tion login This co mmand d efines the login authent ication method a nd prec edenc e. Use the no form to rest ore the d efault. Syntax authenti cation login {[ local ] [ radius ] [ tacacs ]} no authenticat ion login • loc al - Use local password.
Command Line I nterface 4-70 4 authentica tion enable This comm and define s the aut henticat ion metho d and prece dence to us e when changin g from Exec com mand mod e to Privileg ed Exec comm and mod e with the enable co mmand (see page 4-19). U se the no form to resto re the defau lt.
Authentication Co mmands 4-71 4 RADIUS Client Remote Authenticat ion Dial-in User Service (RADIUS ) is a logon authe ntication protoc ol that uses softw are runn ing on a centr al server to co ntrol acce ss to RADIUS- aware dev ices on th e network.
Command Line I nterface 4-72 4 Example radius- server por t This comm and sets the RADIU S server net work por t. Use the no form to re stor e the default. Syntax radius-server po rt port _number no radius-server port port_number - RADIUS server UDP por t used for authen tication messages.
Authentication Co mmands 4-73 4 radius- server r etransmi t This c ommand sets th e numb er of retries. Use the no form to restore the defa ult. Syntax radi us-s erver re trans mit num ber _of_ retr ies no radius-server retransmit number_of_retries - Numbe r of times the switch will try to authenticate logon access via t he RADIUS server.
Command Line I nterface 4-74 4 Example TACACS+ Client T ermina l Access Controller Acces s Control System (T ACA CS+) is a logon authenti cation pro tocol tha t uses software ru nning on a ce ntral ser ver to control access t o T ACAC S-aw are device s on the net work.
Authentication Co mmands 4-75 4 Example tacacs-se rver por t This command specifies the T ACACS+ server network port. Use the no form to restore t he default . Syntax t aca cs-serv er port port _numb er no tacacs-serv er port port_number - T ACACS+ server TCP port use d for authentication messages.
Command Line I nterface 4-76 4 show taca cs-s erve r This comm and disp lays the cur rent sett ings for the T ACACS+ se rver . Default Sett ing None Command Mode Privileged Exec Example Port Security Commands These com mands can be used to enable po rt securi ty on a port.
Authentication Co mmands 4-77 4 port se curity This comm and enabl es or confi gures port security . Use the no for m wit hout any keywords to d isable port securit y . Us e the no form wit h the ap prop riat e keywo rd t o restore th e default settings fo r a respons e to secur ity violat ion or for the maximum number of allowed a ddresses .
Command Line I nterface 4-78 4 Example The follow ing exam ple enable s port secur ity for port 5, and sets the respo nse to a security violation t o issue a trap message : Related Commands shutdown (4 -129) mac-a ddress-table stati c (4-147) show mac -addres s-table (4-148 ) 802.
Authentication Co mmands 4-79 4 dot1x system -auth-contro l This comm and enable s IEEE 802. 1X port authe ntication globally on the sw itch. Use the no form to rest ore the def ault.
Command Line I nterface 4-80 4 dot1x port-control This comm and sets the dot 1x mode on a port interfac e. Use the no f orm to resto re the defaul t. Syntax dot1x p ort-control { auto | force-au thori.
Authentication Co mmands 4-81 4 Command Usage • The “max -count” pa rameter specified by this comma nd is only effective if the dot1x m ode is set to “au to” by the dot 1x port-c ontrol comm and (pag e 4-105) .
Command Line I nterface 4-82 4 dot1x timeout quiet- period This command set s the t ime that a s witch port wai ts af ter the Max Request Count has been ex ceede d before a ttempting to acquire a new client.
Authentication Co mmands 4-83 4 dot1x timeout tx-perio d This comm and sets the time tha t an interfac e on the swi tch waits du ring an authenti cation ses sion before re -transm itting an EAP pa cket. Use the no form to reset to th e default val ue.
Command Line I nterface 4-84 4 • 802.1X Port Detai ls – Displays the por t access con trol parame ters for each interface, includi ng the followi ng items : - rea uth- enabl ed – Pe riodi c re-a uthe nti cat ion (pag e 4-81) . - reau th-perio d – Time aft er which a conn ected cl ient must be re-authe nticated (page 4-82 ).
Authentication Co mmands 4-85 4 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 disabled Single-Host ForceAuthorized n/a .
Command Line I nterface 4-86 4 Access Control List Com mands Access C ontrol Lists (ACL) provide packet filte ring for I P frames (based on ad dress, protocol , Layer 4 protoc ol port num ber or TCP c ontrol cod e) or any frame s (based on MAC address or Et hernet type ).
Access Contr ol List Commands 4-87 4 The order in which active AC Ls are che cked is as follow s: 1. User-defined r ules in the Egress MAC ACL f or egress port s. 2. User- defined ru les in the Egre ss IP ACL f or egress po rts. 3. Use r-defined ru les in the Ingr ess MAC AC L for ingres s ports.
Command Line I nterface 4-88 4 access-l ist ip This co mmand adds an IP acce ss list and en ters con figuratio n mode for standar d or extende d IP ACLs .
Access Contr ol List Commands 4-89 4 access-l ist ip ex tended fragme nt-auto-ma sk This comm and auto maticall y creates ex tra masks to support fra gmente d ACL entries.
Command Line I nterface 4-90 4 Example This examp le config ures one pe rmit rule for the specif ic address 10 .1.1.21 an d another rule for the ad dress ran ge 168.9 2.16.x – 168. 92.31.x us ing a bitmas k. Related Commands access-l ist ip (4-88) permit , deny (Extended ACL) This comm and adds a r ule to an Extende d IP ACL.
Access Contr ol List Commands 4-91 4 Default Sett ing None Command Mode Extende d ACL Command Usage • All new rule s are appen ded to the end of the list. • Address bitmask s are simi lar to a s ubnet mask , conta ining fou r integers f rom 0 to 25 5, each separa ted by a peri od.
Command Line I nterface 4-92 4 This perm its all TCP packets from cla ss C addres ses 192.1 68.1.0 with t he TCP control code set to “SYN.” Related Commands access-l ist ip (4-88) show ip access-list This comm and disp lays the ru les for configur ed IP ACL s.
Access Contr ol List Commands 4-93 4 Command Usage • A mask can only be use d by all ingres s ACLs or all eg ress ACLs. • The prece dence of the ACL rules ap plied to a pac ket is not de termin ed by order of th e rules, but in stead by the order of the masks; i.
Command Line I nterface 4-94 4 Command Mode IP M as k Command Usage • Packe ts crossing a po rt are check ed agains t all the rules i n the ACL unti l a match is found. The order in w hich the se pack ets are ch ecked is determi ned by the mask , and not the or der in whic h the ACL rules were enter ed.
Access Contr ol List Commands 4-95 4 This s hows how to create a standar d ACL with an in gress ma sk to deny access to the IP hos t 171.69.1 98.102, and permit ac cess to an y others. This show s how to crea te an extend ed ACL w ith an egres s mask to dro p packets leaving ne twork 171 .
Command Line I nterface 4-96 4 This is a mo re compreh ensive exam ple. It deni es any TCP packe ts in which the SYN bit is ON , and permi ts all other packets. It then sets the ingress m ask to ch eck the deny rul e first, and finally binds po rt 1 to this ACL.
Access Contr ol List Commands 4-97 4 Related Commands mas k (IP A CL ) (4-9 3) ip acces s-group This comm and bind s a port to an IP ACL. Use the no f orm to remove t he port. Syntax [ no ] ip access-group acl_na me { in | out } • acl_name – Name o f the ACL.
Command Line I nterface 4-98 4 map acce ss-list ip This comm and sets the out put queu e for packets match ing an ACL ru le. The specifie d CoS value is only used t o map the ma tching packet to an output queue; it is not writt en to the packet itself.
Access Contr ol List Commands 4-99 4 Command Mode Privileged Exec Example Related Commands map a ccess -list ip ( 4-98) match ac cess-list ip This comm and chang es the IEE E 802.1p pr iority , IP Prec edenc e, or DSCP Prior ity of a frame matching the defined AC L rule.
Command Line I nterface 4-100 4 Example Related Commands sho w m ark ing (4 -100 ) show ma rking This comm and disp lays the cur rent con figuratio n for packet mar king.
Access Contr ol List Commands 4-101 4 access-l ist mac This comm and adds a MAC acce ss list and enters MAC AC L configu ration m ode. Use t he no form to rem ove the sp ecified ACL . Syntax [ no ] access-list mac acl_nam e acl_name – Name of the ACL.
Command Line I nterface 4-102 4 permit , deny (MAC ACL) This comm and adds a rule to a MAC ACL . The rule filte rs packets matching a specifie d MAC so urce or de stination a ddress (i. e., physi cal layer ad dress), or Ethernet p rotocol type . Use the no form to remove a ru le.
Access Contr ol List Commands 4-103 4 Command Mode MAC ACL Command Usage • New rules are added t o the end of th e list. •T h e ethe rty pe option can only be used to filter Ethern et II formatted pac kets. • A detaile d listing o f Ethernet pr otocol type s can b e found in RFC 1060 .
Command Line I nterface 4-104 4 access-l ist mac mask-preced ence This comm and ch anges to MAC Mask m ode used t o configur e access co ntrol mask s. Us e th e no form to dele te the mask table. Syntax [ no ] access-list ip m ask-pre cedenc e { in | out } • in – Ingr ess ma sk for ingres s ACLs.
Access Contr ol List Commands 4-105 4 • vid-bitm ask – VLAN ID of rule must match this bitmask. • ethertype – Ch eck th e Ethe rnet typ e field.
Command Line I nterface 4-106 4 This examp le creates an Egress M AC ACL. show ac cess-list m ac mask-pr ecedence This comma nd shows the ingres s or egress rule mask s for MAC ACLs. Syntax show a ccess -list ma c mask -pre cedence [ in | out ] • in – Ingr ess ma sk pre ceden ce for i ngress ACLs .
Access Contr ol List Commands 4-107 4 mac access -group This comm and bind s a port to a MAC ACL. Use the no form to r emove the port. Syntax mac a ccess-group acl_ name { in | out } • acl_name – Name o f the ACL. (Max imum lengt h: 16 charac ters) • in – Indi cates that th is list applies to ingr ess pac kets.
Command Line I nterface 4-108 4 map acce ss-list mac This comm and sets the out put queu e for packets match ing an ACL ru le. The specifie d CoS value is only used t o map the ma tching packet to an output queue; it is not writt en to the packet itself.
Access Contr ol List Commands 4-109 4 Command Mode Privileged Exec Example Related Commands map access -list mac (4-1 08) match ac cess-list ma c This comm and chang es the IEE E 802.1p pr iority of a La yer 2 frame matching the defined AC L rule. (Thi s feature is co mmonly r eferred to as AC L packet marki ng.
Command Line I nterface 4-110 4 ACL Information show ac cess-list This co mmand s hows a ll ACLs and ass ociate d rules, as wel l as all t he user -defined masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to a n interface (i.e .
SNMP Commands 4-111 4 SNMP Command s Controls a ccess to th is switch fr om management st ations usin g the Simple Ne twork Manage ment Prot ocol (SNMP ), as well as t he error types sent to trap managers.
Command Line I nterface 4-112 4 Example show sn mp This comm and ca n be used to check the statu s of SNMP co mmunica tions. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Us.
SNMP Commands 4-113 4 snmp- server com munity This comm and define s the SNMP v1 and v2c communi ty acces s string. Us e the no form to rem ove the sp ecified co mmun ity string.
Command Line I nterface 4-114 4 Related Commands snmp -serve r locat ion (4 -1 1 4) snmp- server loc ation This comm and se ts the system loca tion string . Use the no form to remove the location string . Syntax snmp-s erver locati on text no snmp-s erver lo cation text - St ring that describes the system location.
SNMP Commands 4-115 4 to us ing the snmp-s erver h ost command. (Maximu m length: 32 charac ters) • version - Specifies whether to s end notif ications as SNMP Vers ion 1, 2c or 3 tr aps .
Command Line I nterface 4-116 4 To send an info rm to a SNMPv3 hos t, complete t hese steps: 1. En able the SNMP agen t (p age 4-1 1 1). 2. Allow th e switch to send SNM P traps; i.e., not ifications ( page 4-1 16 ). 3. Specify the target host that will receiv e inform mes sages with the snmp-s erver host comman d as d escr ibed in this sect ion.
SNMP Commands 4-117 4 Command Usage • If you do not en ter an snm p-serve r enable t raps com mand, no notification s contro lled by thi s comman d are s ent. In o rder to con figure thi s devic e to send SNMP notifications, you must enter at least one snmp-s erve r enabl e traps comm and.
Command Line I nterface 4-118 4 password s to generat e the secu rity keys for authent icating a nd encryp ting SNMPv3 packe ts. • A remote en gine ID is req uired when us ing SNMP v3 inform s.
SNMP Commands 4-119 4 snmp- server vie w This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emove a n SNM P view. Syntax snmp-s erver view view-na me oid-tree { included | excluded } no snmp-s erver vi ew view -name • view-name - Name of an SNMP view.
Command Line I nterface 4-120 4 show sn mp view This comma nd shows informa tion on the SNMP views. Command Mode Privileged Exec Example snmp- server group This comm and adds a n SNMP grou p, mapp ing SNMP us ers to SNMP vi ews. Use the no form to remove a n SNMP group.
SNMP Commands 4-121 4 Default Sett ing • Default gr oups: pu blic 27 (read on ly), pr iv ate 28 (read/w rite) • readvi ew - Every obj ect belonging to the Inte rnet OID space (1 .3.6.1). • writevie w - Nothing is defined. • notifyvie w - Nothi ng is de fine d.
Command Line I nterface 4-122 4 snmp- server use r Thi s com mand a dds a use r t o an S NMP gr oup , res tri ctin g th e us er to a spe cif ic SNMP Re ad, Write, or No tify View .
SNMP Commands 4-123 4 • ip-a ddre ss - The I nterne t address of the remote dev ice. • v1 | v2c | v3 - Use SNMP ve rsion 1, 2c o r 3. • encr ypte d - Accepts the pa sswor d as encryp ted input. • auth - Uses SNMP v3 w ith auth enticat ion. • md5 | sha - Use s MD5 or SHA authen ti cati on.
Command Line I nterface 4-124 4 show sn mp user This comma nd shows informatio n on SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Na.
Interface Co mmands 4-125 4 Interface Commands Thes e comma nds ar e used t o disp lay or set comm unic atio n par amet ers for an Ethernet p ort, aggregate d link, or VLAN. interface This comm and conf igures an interfac e type and en ter interface configura tion mode .
Command Line I nterface 4-126 4 Command Mode Global Co nfigurati on Example T o specify port 4, en ter the foll owing com mand: descri ption This comm and adds a desc ription to an interface.
Interface Co mmands 4-127 4 Default Sett ing • Auto-ne gotiation is enabled by default. • When aut o-negoti ation is disa bled, the default spe ed-duplex setting is: - Fas t Ethernet port – 100f.
Command Line I nterface 4-128 4 disabled , you m ust man ually s pecify the link a ttributes with the speed -duplex and flowcont rol comman ds. • If aut onegotiation is d isabled, auto-MDI/MDI- X pin signal configuration will also be disa bled for th e RJ-45 por ts.
Interface Co mmands 4-129 4 Related Commands negotiat ion (4-127 ) speed-d uplex (4 -126) shutdown This comm and disa bles an inter face. T o restart a disabl ed interfac e, use the no form . Syntax [ no ] shut down Default Sett ing All interface s are enabled .
Command Line I nterface 4-130 4 Example The fol lowi ng sho ws ho w t o conf ig ure br oadc ast stor m con trol at 600 p ac ket s pe r secon d: clear coun ters This comm and clea rs statistics on a n interface. Syntax clear cou nters inte rfac e interfa ce • etherne t unit / port - unit - This is unit 1.
Interface Co mmands 4-131 4 Default Sett ing Shows the sta tus for all inte rfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no i nterface is spec ified, informat ion on a ll int erfaces is display ed. For a descript ion of the item s display ed by this com mand, se e “Displ aying Conn ecti on S tat us” on p age 3-85.
Command Line I nterface 4-132 4 Command Mode Normal Exec, Priv ileged Exec Command Usage If no i nterface is spec ified, informat ion on a ll int erfaces is display ed. For a descript ion of the item s display ed by this com mand, se e “Showi ng Port S tatistics” on page 3-105 .
Interface Co mmands 4-133 4 Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed .
Command Line I nterface 4-134 4 Mirror Port Commands This secti on descr ibes how to mirror traffic from a so urce por t to a target port. port monitor This c omman d conf igures a mirro r sess ion.
Mirror Por t Commands 4-135 4 Example The follow ing exam ple configur es the swi tch to mirror all packets from port 6 to 8: show port monitor This c ommand displ ays mir ror infor mation. Syntax sh ow port mon itor [ in terf ac e ] inte rface - ethernet unit / port (source port) • unit - This is unit 1.
Command Line I nterface 4-136 4 Rate Limit Commands This funct ion allows the netwo rk manager to control th e maximum rate for traffic transmi tted or recei ved on an in terface. R ate limiting i s configur ed on interfa ces at the edge of a network to limit tr affic in to or out of the network.
Link Aggregati on Commands 4-137 4 Link Aggregation Comma nds Ports can be statica lly groupe d into an aggr egate link (i. e., trunk) t o increase t he bandwidth of a network co nnecti on or to ensur e fault recove ry .
Command Line I nterface 4-138 4 Dynami cally Crea ting a Port Ch annel – Ports assi gned to a co mmon po rt channel must meet the followi ng criteria : • Ports mu st have the same LACP system priori ty. • Ports must have the same port admi n key (Ethernet Interface).
Link Aggregati on Commands 4-139 4 lacp Thi s com mand enab les 8 02. 3ad Link Aggr egat io n Con trol Prot ocol (L ACP) for the cur ren t int erf ace.
Command Line I nterface 4-140 4 lacp system- priority This c ommand config ures a port's LACP s ystem p riority . Use th e no form to resto re the defaul t setting. Syntax lacp { actor | pa r tn e r } syst em-pri ority prio rit y no lacp { actor | pa r t n e r } system- priority • actor - Th e local side an ag gregat e link.
Link Aggregati on Commands 4-141 4 lacp admin-ke y (Ethernet I nterface) This c ommand config ures a port's LACP admin istration key . Use t he no form to restore t he default setting. Syntax lacp { actor | pa r tn e r } adm in-key key [ no ] lacp { ac tor | pa r t ne r } admin-key • actor - Th e local side an ag gregat e link.
Command Line I nterface 4-142 4 Default Sett ing 0 Command Mode Interface C onfigur ation (Por t Channel) Command Usage • Ports are on ly allowed to join the sam e LAG if (1) th e LACP syste m priorit y matches, ( 2) the LACP port a dmin key matche s, and (3) th e LACP port channel key matche s (if con figured).
Link Aggregati on Commands 4-143 4 Example show la cp This c ommand displ ays LAC P infor mation. Syntax show la cp [ port-chan nel ] { counters | internal | neighbors | sys- id } • port-cha nnel - Local identi fier for a link ag gregatio n group. (Ran ge: 1-4) • counter s - Statistics for LACP protoc ol messag es.
Command Line I nterface 4-144 4 Console#show lacp 1 internal Port channel: 1 ----------------------------------------- -------------------------------- Oper Key: 3 Admin Key: 0 Eth 1/ 2 --------------.
Link Aggregati on Commands 4-145 4 Console#show lacp 1 neighbors Port channel 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 ---------------------------.
Command Line I nterface 4-146 4 Address Table Command s Thes e comma nds ar e used to conf igur e the ad dres s ta ble fo r fil teri ng spe cifi ed addr esse s, di spla yin g curr ent en tri es, cle arin g the t abl e, or setti ng th e agin g time .
Address T able Commands 4-147 4 mac-addr ess-table stati c This comm and maps a static ad dress to a dest ination por t in a VLAN. U se the no form to rem ove an addr ess.
Command Line I nterface 4-148 4 clear mac -address- table dynami c This comm and rem oves any l earned en tries from th e forward ing database an d clears the transmi t and receiv e counts for any static or system c onfigured entries.
Address T able Commands 4-149 4 means t o match a bit an d “1” means to ignore a bi t. For exampl e, a mask of 00-00-0 0-00-00- 00 means an exact m atch, and a m ask of FF-FF-FF -FF-FF-FF m eans “any.” • The maxi mum nu mber of add ress ent ries is 8191.
Command Line I nterface 4-150 4 Spanning Tree Command s This secti on include s command s that con figure the Spanning T ree Algo rithm (ST A) globally fo r the switch , and comm ands tha t configure ST A for the sele cted inter face.
Spanning Tree Commands 4-151 4 span nin g-t ree Thi s com mand en able s the S panni ng T r ee Al gori thm gl obal ly f or t he sw itch. Use the no form to disab le it.
Command Line I nterface 4-152 4 memb ers may be inadvertent ly disabl ed to preven t network loops, thu s isolating group memb ers. Wh en op erating m ultiple V LANs, we rec ommen d selecti ng the MST P option.
Spanning Tree Commands 4-153 4 Command Usage This command set s the maximum time (in seconds) the r oot device wil l wait before changing sta tes (i.e., di scarding to learni ng to forwa rding). This delay is required becaus e every dev ice must rece ive inform ation abo ut topolog y changes before it starts to forwar d frames .
Command Line I nterface 4-154 4 Default Sett ing 20 seco nds Command Mode Global Co nfigurati on Command Usage This comm and sets the ma ximum t ime (in s econd s) a device can wa it witho ut receivin g a conf iguration m essage before attempt ing to r econfigur e.
Spanning Tree Commands 4-155 4 spanning-tre e pathcost m ethod This comm and conf igures the path cost met hod used for Ra pid Sp anning T ree an d Multiple S panning Tree.
Command Line I nterface 4-156 4 spanning-tre e mst-configu ration This comm and chang es to Mult iple S panning Tree (MST) configu ration m ode. Default Sett ing • No VLANs ar e mappe d to any MST inst ance. • The regi on name is set the switch ’s MAC add ress.
Spanning Tree Commands 4-157 4 and the sa me instan ce (on each bridge) with the same set of VLANs. Also , note that RS TP treats eac h MSTI regi on as a sing le node, con necting all regions to the Commo n Spanning Tree. Example mst priority This c ommand config ures the prio rity of a spannin g tree instance.
Command Line I nterface 4-158 4 Default Sett ing Switch’s MAC ad dress Command Mode MST Conf iguration Command Usage The MST re gion name an d revision number (page 4- 158) are us ed to designa te a unique M ST regio n. A bridge (i.e ., spanning-tree comp liant device suc h as th is s witc h) ca n only bel ong to one MST reg ion.
Spanning Tree Commands 4-159 4 max-hops This comm and conf igures the maximum numbe r of hops in the region before a BPDU is discarde d. U se the no form t o restore the de fault. Syntax max-h op s hop-numb er hop-number - M aximum hop number for multiple spanning tree.
Command Line I nterface 4-160 4 span nin g-t ree co st This comm and co nfigures the spanning tree path cost for the sp ecified int erface . Use t he no form to re store the d efault. Syntax spanning-tree cost co st no spanning-tree co st cost - T he path cost for the p ort.
Spanning Tree Commands 4-161 4 spanning-tre e port-priority This c ommand config ures the prio rity for the s pecified i nterfac e. Use the no form to restore t he default . Syntax spanning-tree port-priority prio rity no spanning-tree port -priority priority - The priority for a por t.
Command Line I nterface 4-162 4 devices such as workstat ions or servers, re tains the curre nt forwa rding databas e to reduce the amo unt of fra me floodin g required to rebuil d addres s tables d u.
Spanning Tree Commands 4-163 4 Related Commands spanning-tr ee edg e-port ( 4-161) spanning-tre e link-type This c ommand config ures the link t ype f or Rapi d Sp anning T ree a nd M ultiple S panning Tree.
Command Line I nterface 4-164 4 The recom mende d range is - - Ether net: 200, 000-20,00 0,000 - Fas t Ethernet : 20,00 0-2,000,0 00 - Gigab it Ethern et: 2,000-20 0,000 - 10 Gi gabi t Ethe rne t: 20 .
Spanning Tree Commands 4-165 4 Command Mode Interface C onfigur ation (Ether net Ports 1-8, Por t Channel ) Command Usage • This comm and de fines the pri ority for the us e of an inter face in the mult iple spannin g-tree.
Command Line I nterface 4-166 4 show sp anning-tree This c ommand shows the c onfigura tion for the c ommon s panning t ree (C ST) or f or an instance withi n the multip le spanning tree (MST). Syntax show s panning-tree [ in terface | mst instance_id ] • int er face • etherne t unit / port - unit - This is unit 1.
Spanning Tree Commands 4-167 4 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode: MSTP Spanning tree enable/disable: enable Instance: 0 Vlans configuration: 1-409 4 Priority: 32768 Bridge Hello Time (sec.
Command Line I nterface 4-168 4 show sp anning-tree ms t configuration This c ommand shows the c onfigura tion of the multiple spanning t ree. Command Mode Privileged Exec Example VLAN Commands A VLAN is a gro up of ports that ca n be located anywher e in the netwo rk, but comm unicate as t hough the y belong to the same ph ysical seg ment.
VLAN Commands 4-169 4 vlan databas e This comm and ente rs VLAN databa se mode. All c ommands i n this mode w ill take effect imm ediately . Default Sett ing None Command Mode Global Co nfigurati on Command Usage • Use the VLAN databa se com mand m ode t o add, change , and delete VL ANs.
Command Line I nterface 4-170 4 Command Usage • no vlan v lan-id deletes the VL AN. • no vlan v lan-id name rem oves th e VLAN name . • no vlan v lan-id state re turns the VL AN to the defau lt state (i.e., act ive). • You can con figure up to 255 VLANs on the switch .
VLAN Commands 4-171 4 Example The follow ing exam ple shows how to set the i nterface configura tion mode to VLAN 1, and t hen assign an IP addres s to the VLAN : Related Commands shutdown (4 -129) switchpo rt mode This comm and conf igures the VLAN mem bership mo de for a port.
Command Line I nterface 4-172 4 switchpo rt accepta ble-frame-type s This co mmand configur es the acc eptable fra me types for a p ort. Use t he no form to restore t he default . Syntax switchpo rt acceptable-f rame-ty pes { all | tag g ed } no switchp ort acceptable-f rame-ty pes • all - The por t accepts all frames, tag ged or unta gged.
VLAN Commands 4-173 4 • If ingress filtering i s enable d and a po rt receiv es frame s tagged for VLA Ns for whi ch i t is not a memb er, these fr ames wil l be disc arde d. • Ingress filt ering does no t affect VLAN in dependen t BPDU fram es, such as GVRP or STA.
Command Line I nterface 4-174 4 switchpo rt allowe d vlan This c ommand config ures V LAN grou ps on the se lected int erface. Use the no form to restor e the default.
VLAN Commands 4-175 4 switchpo rt forbidden vlan This c ommand configur es forbi dden V LANs. Use th e no form to remove the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan -list | remove vlan-li st } no switchp ort forbi dden vlan • add vlan-l ist - Lis t of VLA N ide nti fier s to add .
Command Line I nterface 4-176 4 show vl an This comma nd shows VLAN informatio n. Syntax show v lan [ id vlan-id | name vlan-n ame ] • id - Key word to be follow ed by the VLAN ID. vlan-i d - ID of t he co nfig ured VLAN . (Ra nge: 1- 4094 , no l eadi ng ze roes ) • name - Keyw ord to be follow ed by the VLAN name.
VLAN Commands 4-177 4 Configuring Pri vate VLANs Private VLA Ns provid e port-bas ed securit y and isolati on betwee n ports within th e assigne d VLAN . This section descri bes com mands used to conf igure p rivate V lANs. pvlan This comm and enab les or con figures a priva te VLAN .
Command Line I nterface 4-178 4 show pv lan This comm and displ ays the config ured private VL AN. Command Mode Privileged Exec Example Configuring Prot ocol-based VLANs The net work dev ices r equired t o suppor t multi ple proto cols c annot b e easily grouped into a common VLAN.
VLAN Commands 4-179 4 protocol-vla n protocol-group (Confi guring Gr oups) Thi s comman d crea tes a protoc ol gro up, or t o add spec if ic prot oco ls to a gr oup.
Command Line I nterface 4-180 4 Command Usage • When cre ating a pro tocol-based VLAN, only assign interfa ces via this comm and. If you assi gn interfac es using a ny of the othe r VLAN comma nds (such as vlan on page 4-169), the se interfaces will admit traff ic of any protoco l typ e into t he asso cia ted VL AN.
GVRP and Bridge Extens ion Commands 4-181 4 show inte rfaces protoco l-vlan prot ocol-group This comm and show s the mapp ing from pr otocol groups t o VLANs f or the selecte d int er face s. Syntax show interface s protocol-vlan prot ocol-group [ interface ] inte rface • etherne t unit / port - unit - This is unit 1.
Command Line I nterface 4-182 4 bridge-ext g vrp This command enables GVRP g lobally for th e switch. Use the no form to disable i t. Syntax [ no ] bridg e-ex t gvr p Default Sett ing Disabled Command.
GVRP and Bridge Extens ion Commands 4-183 4 switchpo rt gvrp This comm and enabl es GVRP f or a port. Use the no form to dis able it. Syntax [ no ] s witchport gvrp Default Sett ing Disabled Command Mode Interface C onfigur ation (Ether net Ports 1-8, Por t Channel ) Example show gv rp configurat ion This c ommand shows if G VRP i s enabl ed.
Command Line I nterface 4-184 4 garp timer This comm and sets the val ues for the join, leave an d leavea ll timers. Use the no form to r estore the time rs’ defaul t values. Syntax garp t imer { join | leave | leaveal l } timer_ valu e no garp timer { join | leave | leavea ll } •{ join | leave | leavea ll } - Which timer to set.
Priority Co mmands 4-185 4 show ga rp timer This c ommand shows the G ARP timers for the se lected int erface. Syntax sh ow garp time r [ inte rface ] inte rface • etherne t unit / port - unit - This is unit 1. - port - Port num ber. (Rang e: 1-8) • port-chann el cha nnel-id (Rang e: 1-4) Default Sett ing Shows all GARP timers.
Command Line I nterface 4-186 4 Priorit y Commands (Layer 2) queue mod e This comm and sets the que ue mo de to strict prior ity or Weighted Round-R obin (WR R) for the clas s of servi ce ( CoS) prio rit y queu es. U se t he no form to r es tore the default va lue.
Priority Co mmands 4-187 4 Example The fo llowing example sets th e queue mode to strict p riority s ervice m ode: switchpo rt priority def ault This comm and sets a prio rity for incom ing untagged frames. Us e the no form to restore t he default value.
Command Line I nterface 4-188 4 queue ban dwidth Thi s com mand a ssig ns we ight ed r ound -ro bin ( WRR) w eig ht s to the eigh t cla ss o f service (Co S) priori ty queues . Use the no for m to restore the defau lt weights. Syntax queue bandwidth weight1.
Priority Co mmands 4-189 4 Default Sett ing This switc h supports Clas s of Service by using eight prio rity queues, with Weighted Ro und Robin queuing for each port. Eight separate traffic class es are defi ned in IEEE 802.1p. The def ault prior ity level s are as signed acc ording to recomm endatio ns in the IEEE 80 2.
Command Line I nterface 4-190 4 show que ue bandwi dth This command dis plays the weighted r ound-robin (WRR) bandwid th allocati on for the eight p riority queu es. Default Sett ing None Command Mode Privileged Exec Example show que ue cos-map This co mmand sho ws the cl ass of se rvic e prio rity map .
Priority Co mmands 4-191 4 Priorit y Commands (Layer 3 and 4) map ip port (Gl obal Co nfiguratio n) This co mmand en ables I P port m apping (i.e., class of service mappi ng for TC P/UDP socke ts).
Command Line I nterface 4-192 4 Default Sett ing None Command Mode Interface C onfigur ation (Ether net Ports 1-8, Por t Channel ) Command Usage • The prece dence for priority map ping is IP Por t, IP Preced ence or IP DSCP, and defau lt switch port priority .
Priority Co mmands 4-193 4 map ip pr ecedence (Interface Configu ration) This co mmand se ts IP preced ence p riority (i.e. , IP T ype of Se rvice p riority). Us e the no form to restore the default table . Syntax map ip preceden ce ip-prec edence-valu e cos cos-valu e no map ip preceden ce • precede nce-value - 3-bit prec edence va lue.
Command Line I nterface 4-194 4 Command Usage • The prece dence for priority map ping is IP Por t, IP Preced ence or IP DSCP, and defau lt switch port priority . • IP Prece dence and IP DSCP c annot bo th be enab led. Enabl ing one of these priority types will a utomatically d isable the other type.
Priority Co mmands 4-195 4 • DSCP pr iority va lues are m apped to def ault Clas s of Serv ice value s accor ding to recomme ndations in the IEEE 802.1p s tandard, a nd then subse quently mapp ed to the eigh t hard war e prior ity queu es. • This comma nd sets the I P DSCP priority fo r all i nterfaces.
Command Line I nterface 4-196 4 show ma p ip precede nce This comm and show s the IP prec edence pr iority map . Syntax show m ap ip p reced ence [ interface ] interfa ce • etherne t unit / port - unit - This is unit 1.
Multicast Filte ring Commands 4-197 4 Default Sett ing None Command Mode Privileged Exec Example Related Commands map ip dscp ( Global Co nfigurat ion) (4-193) map ip d scp ( Int erfac e Co nfi gura t.
Command Line I nterface 4-198 4 IGMP Snooping Commands ip igmp sn ooping This comm and ena bles I GMP snoo ping on t his swit ch. Use the no form t o di sabl e it. Syntax [ no ] ip igm p snooping Default Sett ing Enabled Command Mode Global Co nfigurati on Example The follow ing exampl e enable s IGMP sno oping.
Multicast Filte ring Commands 4-199 4 Example The follow ing shows h ow to staticall y configur e a multicas t group on a port: ip igmp sn ooping v ersion This c ommand config ures the IGMP snoopi ng ver sion. Us e the no form to re store the defaul t.
Command Line I nterface 4-200 4 Example The fo llowing shows the c urrent IG MP s nooping c onfigu ration: show ma c-address-tab le multic ast This comm and show s know n multicast ad dresses .
Multicast Filte ring Commands 4-201 4 IGMP Query Commands (Layer 2) ip igmp sn ooping qu erier This co mmand enables the sw itch as an IGM P queri er .
Command Line I nterface 4-202 4 Command Mode Global Co nfigurati on Command Usage The que ry coun t def ines ho w long the q uerier w aits for a respo nse fr om a multicast client before taking a ction.
Multicast Filte ring Commands 4-203 4 Default Sett ing 10 seco nds Command Mode Global Co nfigurati on Command Usage • The swit ch must be us ing IGMPv2 for this command to t ake effect. • This com mand de fines the time after a quer y, during wh ich a resp onse is expecte d from a mu lticast c lient.
Command Line I nterface 4-204 4 Example The follow ing shows h ow to con figure the def ault time out to 300 sec onds: Related Commands ip i gmp s noo ping ver sion (4- 199) Static Multi cast Routing Commands ip igmp sn ooping v lan mrouter This comm and statica lly configures a multicast router por t.
IP Interface Co mmands 4-205 4 Example The follow ing sh ows how to configure port 1 as a mul ticast route r port within VLAN 1: show ip igmp snoopin g mrouter This comm and di splays infor mation on statically co nfigured and dy namical ly learned multicast router por ts.
Command Line I nterface 4-206 4 ip addr ess This command set s the IP address for th e currently se lected VLAN interface . Use the no form to rest ore t he defa ult IP addr ess. Syntax ip addres s { ip-address ne tmask | bootp | dhcp } no ip address • ip-a ddre ss - IP addres s • netma sk - Netw ork m ask for the associ ated IP subn et.
IP Interface Co mmands 4-207 4 Example In the follo wing exampl e, the devi ce is assig ned an addr ess in VLAN 1. Related Commands ip dhcp restar t (4-207 ) ip default-g ateway This comm and establi shes a static route be tween this switch an d devices that exist on anothe r networ k segmen t.
Command Line I nterface 4-208 4 • DHCP requires t he server to rea ssign the cli ent’s last address if availabl e. • If the BOOTP or DHCP server has b een moved to a di fferent domain , the network portion of the add ress provided t o the c lient will b e base d on this new domain.
IP Interface Co mmands 4-209 4 Related Commands ip default- gateway (4-207 ) ping This comm and sends ICMP echo reque st packets to anothe r node on th e network . Syntax ping host [ count count ][ size size ] • host - IP ad dre ss or IP alias of the ho st.
Command Line I nterface 4-210 4 DNS Commands Thes e comma nds ar e used t o conf igur e Domai n Nami ng Syst em (DN S) ser vice s. Y ou can ma nual ly co nfigu re en tri es in the DNS domai n nam e to.
DNS Commands 4-211 4 Command Usage Servers or other netw ork devices may suppo rt one or mor e connect ions via multiple IP address es. If more t han one IP ad dress is asso ciated with a host name usi ng this com mand, a D NS client can try each ad dress in succ ession , until it establishes a c onnection with the targe t device .
Command Line I nterface 4-212 4 Default Sett ing None Command Mode Global Co nfigurati on Example Related Commands ip d omai n-l ist ( 4- 212) ip name-s erver (4-2 13) ip d omai n-l ookup (4- 214 ) ip domain- list This comm and de fines a list of do main nam es that can be append ed to incom plete host nam es (i.
DNS Commands 4-213 4 Example This examp le adds t wo domai n names to th e curren t list and then di splays the list. Related Commands ip d omai n-na me (4- 21 1) ip name-s erver Thi s com mand s peci fies the a ddr ess of one o r mor e doma in na me se rver s to u se fo r name-to -addres s resolu tion.
Command Line I nterface 4-214 4 Example Thi s exam ple ad ds two doma in- nam e server s to the lis t and th en dis play s the l ist. Related Commands ip d omai n-na me (4- 21 1) ip d omai n-l ookup (4- 214 ) ip domain- lookup This comm and enabl es DNS ho st name -to-addre ss translat ion.
DNS Commands 4-215 4 Related Commands ip d omai n-na me (4- 21 1) ip name-s erver (4-2 13) show hos ts This comm and disp lays the static host name- to-addre ss mappi ng table. Command Mode Privileged Exec Example Note that a host name will be displayed as an a lias if it is mapped to the same address (es) as a prev iously con figured en try .
Command Line I nterface 4-216 4 show dns cache This comm and disp lays ent ries in the DN S cache . Command Mode Privileged Exec Example clear dns cac he This comm and clea rs all entries in the DNS cac he. Command Mode Privileged Exec Example Console#show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 10.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802.1X), HTTPS , SSH, Port Security Acce ss Cont rol List s IP , M AC (up t o 32 lists) DHCP Clie.
Software Specifi cations A-2 A Addi tio nal Feat ures BOOTP client SNTP (Simpl e Network Time Protocol) SNMP (Si mple Netwo rk Manag ement Proto col) RMON (R emote M onitoring , groups 1,2,3, 9) SMTP .
Management Infor mation Bases A-3 A SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 13 50) Management Information Bases Bridge MIB (R FC 1493) Entity MI B (RFC 2737) Ether-l ike MIB (RFC 2 665) Extende d.
Software Specifi cations A-4 A.
B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Interface T able B-1 T rou bles hooti ng Cha rt Sympt om A ctio n Cannot co nnect using T elne t, web brow ser, or SNMP software • Be su re the swit ch is po wered up . • Check networ k cabling betwee n the man ageme nt station and the s witch.
T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer t o the Inst allation Gu ide to ensur e that the pr oblem you encount ered is act ually cause d by the swi tch. If the prob lem app ears to be c aused by th e swit ch, fol lo w these st ep s: 1.
Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it net work traf f ic and re stri ct ac cess to ce rt ai n users or devi ces by checkin g each packet for certain IP or MAC (i.
Glossary Glossar y-2 Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authenticatio n protocol used by this switch to verify the ne twork access rig hts for any devi ce that is plug ged into th e switch. A us er name an d password is requested by the swit ch, and then pass ed to an aut henticat ion server (e.
Glos sary -3 Glossary IEEE 802.1X Port Authen ticatio n controls access to the switch po rts by requiring us ers to fir st enter a user ID and passwo rd for auth entication .
Glossary Glossar y-4 Link Agg regation Con trol Pr otocol (LA CP) Allows por ts to automa tically ne gotiate a trunke d link with LACP-c onfigured p orts on another device. Mana gement Informat ion Base (MIB) An acrony m for Mana gement In formatio n Base.
Glos sary -5 Glossary Quality of Service (QoS) QoS refer s to the capabilit y of a network to provide be tter serv ice to select ed traffic flows us ing features such as data pr ioritization, queuing , congestion avoidanc e and tra ff ic shapi ng.
Glossary Glossar y-6 Telnet Defines a r emote communicati on facility for interfa cing to a t erminal device ov er TCP/IP . Termin al Access Co ntroller Ac cess Con trol System Plus (TACACS+) TACACS+ .
Index-1 Numerics 802.1X, po rt authenticatio n 3-64, 4-78 A accepta ble fram e type 3-141 , 4-172 Acce ss Co ntrol List See ACL ACL Extende d IP 3-74 , 4-86 , 4-87, 4-90 MAC 3-74, 4-86, 4-100 , 4-101.
Index-2 Index H har dware ver sion , di spla ying 3-10 , 4-61 HTTPS 3-55 , 4-30 HTT PS, se cur e serv er 3-55, 4-30 I IEEE 802.1D 3 -112, 4-151 IEEE 802.
Index-3 Index capa bil iti es 3-88, 4-12 8 duplex mo de 3-88, 4-126 speed 3- 88, 4-12 6 ports, con figurin g 3-85, 4-125 por ts, m irr ori ng 3-103, 4-134 priority, def ault port in gress 3-14 7, 4-18.
Index-4 Index displayi ng por t memb ers 3-1 36, 4-176 egress m ode 3-142, 4-171 interface co nfigurat ion 3-141 , 4-172–4 -175 private 3-1 43, 4- 177 protocol 3- 144, 4-1 78 W Web in terface acces .
.
ES5508 E042005-R 01 14910002 2900A.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Accton Technology ES5508 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Accton Technology ES5508 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Accton Technology ES5508 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Accton Technology ES5508 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Accton Technology ES5508, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Accton Technology ES5508.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Accton Technology ES5508. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Accton Technology ES5508 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.