Asus GigaX2024SX- User Manual

1 Chapter: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are man...

Description of Software Features The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Port-based...

registration. System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-21). The following table lists some of the basic system defaults. 1-5

2 Chapter: Initial Configuration e Switch Configuration Options The switch includes a built-in network management agent. The agent offers a line interface (CLI). ote: The IP address for this switch is unassigned by default. To change this nd display statistics using a standard Web browser such as et...

• Configure IGMP multicast filtering • Upload and download system firmware via TFTP • Upload and download switch configuration files via TFTP rameters • Configure up to 4 static or LACP trunks he switch provides an RS-232 serial port that enables a connection to a PC or m console cable is rovided wi...

on page 4-1. For a list of all the CLI commands and detailed information on using h’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. ss assignment via DHCP or BOOTP, see...

2. At the Username prompt, enter “admin.” 3. At the Password prompt, also enter “admin.” (The password characters are not isplayed on the console screen.) nd the CLI displays the “Console#” prompt indicating Exec level. etting Passwords ord default user name and password “admin” to access the Privil...

Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four nything outside this format will not be accepted...

2. At the interface-configuration mode prompt, use one of the following To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>. and press <Enter>. ress <Enter>. commands: • • To obtain IP settings via BOOTP, type “ip address bootp” 3. Type “end” to return to the P...

both retrieve and modify MIB objects. Note: If you do not intend to utilize SNMP, we recommend that you delete both of itch is disabled. o configure a community string, complete the following steps: Enter>. (Note that e default mode is read only.) the default community strings. If there are no co...

3 Chapter : Configuring the Switch erface Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web al connection to the console port or via Telnet. For more information on sing the CLI, refer to Chapter 4: “Command Line Interface.” Prior to...

Navigating the Web Browser Interface .” Home Page When your web browser connects with the switch’s web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links To access the web...

Configuration Options the web page configuration buttons. Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes Notes: 1. To ensure proper scr...

Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. 3-4

Basic Configuration D splayin y displaying the device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Adminis...

CLI – Specify the hostname, location and contact information. Displaying Switch Hardware/Software Versions Use the Switch Information page to difor the main board ower status of the system. pansion ports. • Hardware Version – Hardware version of the main board. • Internal Power Status – Displays the...

Expansion Slot • Expansion Slot 1/2 –Combination RJ-45/SFP ports. These additional parameters are displayed for the CLI. • Unit ID – Unit number in stack. • Redundant Power Status – Displays the status of the redundant power supply. Web – Click System, Switch Information. Figure 3-4. Displaying Swit...

Displaying Bridge Extension Capabilities The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables. Field Attributes • Extended Multicast Filtering Serv...

Setting the Switch’s IP Address This section describes how to configure an IP interface for management access o e with ateway between the obtain an ist of four e this format will rt belonging to any VLAN, as long as Host Configuration Protocol (DHCP), or Boot not function until a reply as been recei...

Manual Configuration Web – Click System, IP Configuration. Select the VLAN through which the management station is attached, set the IP Address Mode to “Static,” enter the IP address, subnet mask and gateway, then click Apply. Figure 3-6. IP Configuration CLI – Specify the management interface, IP a...

Figure 3-7. IP Configuration using DHCP Note: If you lose your management connection, use a console connection and enter “show ip interface” to determine the new switch address. CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart”...

Figure 3-8. Operation Code Image File Transfer If you download to a new destination file, select the file from the drop-down box for the operation code used at startup, and click Apply. To start the new firmware, reboot the system via the System/Reset menu. Figure 3-9. Select Start-Up Operation File...

Figure 3-10. Deleting Files CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “opcode” as the file type, then enter the source and destination file names. When the file has completed the download, set the new file to start up the system and then resta...

of the file name should not be a period (.), and the maximum length for file names le to directly replace it. Note that the file “Factory_Default_Config.cfg” ile, Copy. Select “tftp to startup-config” or “tftp to file” and ck on the TFTP server is 127 characters or 31 characters for files on the swi...

Figure 3-12. Setting the Startup Configuration Settings CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. To select another configuration file as the start-up configuration, use the boot system ...

Figure 3-13. Console Port Settings n specify the connection show line command from the Normal Exec level. CLI – Enter Line Configuration mode for the console, the parameters as required. To display the current console port settings, use the Telnet Settings You can access the onboard configuration pr...

Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log plays a list of recent event messages. to RAM or flash memory. ermanently stored work problems. Up to 4096 log ent...

• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range:0-7,Default: 3) ote: The Flash Level must be equal to or less than the RAM L...

Figure 3-17. Displaying System Logs vel for vel 7 - 0), and lists one sample error. CLI – This example shows that system logging is enabled, the message le flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “debugging” (i.e., default le Resetting the System Web – Clic...

Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also ...

Setting the Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time,or GMT) based on the time at the Earth’s prime meridian, zero degrees longitudeTo display a time corresponding to your local time, you must indicate the numberof hours and minutes your time zone is east ...

Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol ly MP is onfigure these devices for proper operation in a network uously monitors the by community ng sections. You may configure up to five community strings authorized for management access. Al...

Figure 3-22. Configuring SNMP CLI – The following example adds the string “spiderman” with read/write access. Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by...

Figure 3-23. Configuring IP Trap Managers CLI – This example adds a trap manager and enables both authentication and link-up, link-down traps. 3-33

User Authentication You can restrict management access to this switch using the following options: • User Accounts – Manually configure access rights on the switch for specified users. • Authentication Settings – Use remote authentication to configure access rights. • HTTPS Settings – Provide a secu...

Figure 3-24. Access Levels CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password. Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually conf...

Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protoco TTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an itch’s web interface. itch. t configure both services to use the same UDP port. • If you enable HTTPS, you must indicate this in ...

certificate for the switch is not unique to the hardware you have purchased. When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line interface to replace the default (unrecognized) certificate with an authorized one: Note: The switch m...

1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a host rt the host public key during the initial connection setup with the switch. therwise, you need to manually create a known hosts file on the management ple: 10.1.0.5410243515 53136748908365 72541502024559319986854435836165...

Figure 3-27. SSH Host-Key Settings CLI – This example generates a host-key pair using both the RSA and DSA m algorithms, stores the keys to flash emory, and then displays the host’s public keys. Configuring the SSH Server he SSH server includes basic settings for authentication. Allows you to enable...

Configuring Port Security Port security is a feature that allows you to configure a switch port with one or port security is enabled on a port, the switch stops learning new rt. Only incoming traffic with source addresses as network through that port. If a device with an the port and ng a trap messa...

Configuring 802.1x Port Authentication Network switches can provide open and easy access to network resources by guration and access is rized personnel to easily intrude and possibly gain access to sensitive network data. ized access to a network by requiring users to first submit ation. Access to a...

re-authenticated. (Range: 1-65535; Default: 30 seconds) • Tx Period – Sets the time period during an authentication session that the switch waits before re-transmitting an EAP packet. (Range: 1-65535; Default: 30 seconds) • Authorized – - Yes – Connected client is authorized. - No – Connected client...

Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Statistical Values 3-51

Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. 3-52

Figure 3-33. Displaying 802.1x Port Statistics CLI – This example displays the 802.1x statistics for port 4. Filtering Addresses for Management Access The switch allows you to create a web browser list of up to 16 IP addresses or IP allowed access to the switch through the web interface, ge en to al...

Figure 3-34 Creating a Web IP Filt er List . CLI – This example allows SNMP access for a specific client 3-55

Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules...

Default: TCP) • Source/Destination Port – Source/destination port number for the specified protocol type. (Range: 0-65535) • Control Code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63) • Control Code Bitmask – Decimal number represen...

Figure 3-38. Configuring MAC ACLs CLI – This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where the Ethernet type is 0800. Binding a Port to an Access Control List After configuring Access Control Lists (ACL), you should bind them to the ports that ne...

Web – Click Security, ACL, Port Binding. Mark the Enabled field for the port you n ACL, select the required ACL from the drop-down list, then click Apply. want to bind to a Figure 3-39. Binding a Port to an ACL CLI – This examples assigns an IP and MAC access list to port 1, and an IP access list to...

Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Field Attributes (Web) • Name – Interface label. • Type – Indicates the p...

Creating Trunk Groups You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments viding a fault-tolerant link between two at a time. switch as LACP, as long as they are not already configured as pa...

Command Attributes • Member List (Current) – Shows configured trunks (Trunk ID, Unit, Port). Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-26) Web – Click Port, Trunk Membership. Enter a trunk ID of 1-4 in the Trunk field, select any of the switch ports from the scroll-down port list,...

Enabling LACP on Selected Ports Command Usage • To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports before disabling LACP. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automati...

Command Attributes Shows configured trunks (Unit, Port). • Member List (Current) –• New – Includes entry fields for creating new trunks. - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-26) Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-dow...

- System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems. • Admin Key – The LACP administration key must be set to the same value for ports that belong to the same LAG. (Rang...

Displaying LACP Port Counters You can display statistics for LACP protocol messages. Counter Information W a member port to di eb – Click Port, LACP, Port Counters Information. Select ponding information. splay the corres 3-73

Figure 3-45. Displaying LACP Port Counters CLI – The following example displays LACP counters. Displaying LACP Settings and Status for the Local Side ou can display configuration settings and the operational state for the local side tion. Yof an link aggrega 3-74

Web – Click Port, LACP, Port Internal Information. Select a port channel to ormation. display the corresponding inf Figure 3-46. Displaying LACP Port Internal Information 3-75

CLI – The following example displays the LACP configuration settings and operational state for the local side of port channel 1. Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. eb – C...

Figure 3-47. Displaying LACP Port Neighbors Information CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or ...

Command Usage • Broadcast Storm Control is enabled by default. • The default threshold is 32000 octets per second. he switch. Command Attributes • Port – Port number. • Trunk – Trunk number. • Type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • Threshold – Threshold as percentage of p...

Figure 3-51 Output Rate Limit Port Configuration CLI - This example sets the rate limit level for input and output traffic passing through port 3. Showing Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed br...

Figure 3-52. Port Statistics CLI – This example shows statistics for port 13. 3-86

Address Table Settings Switches store the addresses for all known devices. This information is used to re bound to a specific port. ddress can be assigned to a specific interface on this switch. Static ally configured addresses. ress. pass traffic directly between the inbound and outbound ports. All...

CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset. Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address...

Figure 3-54. Configuring a Dynamic Address Table CLI – This example also displays the address table entries for port 1. Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables/disables the function. • Aging Time – The t...

Figure 3-55. Setting the Address Aging Time seconds. CLI – This example sets the aging time to 400 3-91

Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (STA) can be used to detect and disable network e over when a primary link goes down. The spanning tree algorithms supported by this switch include these versions: • STP – Spanning Tree Protocol (IEEE 802.1D) • RSTP – Rapid Spanning T...

When using STP or RSTP, it may be difficult to maintain a stable path between all VLAN members. Frequent changes in the tree structure can easily isolate some of the group members. Displaying Global Settings You can display a summary of the current bridge STA information that applies to the entire s...

Note: The current root port and current root cost display as zero when this device is not connected to the network. onfiguring Global Settings C Global settings apply to the entire switch. Command Usage • Spanning Tree Algorithm6 Uses RSTP for the internal state machine, but sends only 802.1D BPDUs....

- Long: Specifies 32-bit based values that range from 1-200,000,000. - Short: Specifies 16-bit based values that range from 1-65535. f consecutive protocol messages. (Range: 1-10; Default: 3) Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. (This is the...

Displaying Interface Settings The STA Port Information a ages display the current status of ports and trunks in • panning Tree – Shows if STA has been enabled on this interface. anning Tree: does not forward packets. itch are connected to the same segment and there is no e t to travel from this port...

Configuring Interface Settings rt. You may use a different priority or path cost for indicate the preferred path, link type to indicate a point-to-point connection or shared-media connection, and edge port to indicate if fig ration messages, but does not forward n interval set by s. port in the Span...

Figure 3-59. Configuring Spanning Tree per Port LI – This example sets STA attributes for port 7. C 3-103

VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into switch provides a similar service at Layer 2 by using group of network nodes into separate broadcast domains. t traffic to the originating group, and can eliminate This also pro...

Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network.VLANs are dynamically configured based on join messages issued by host devices and propagated throu...

Figure 3-61. Displaying Basic VLAN Information CLI – Enter the following command. Displaying Current VLANs The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assigned to a large VLAN group that crosses several switches should u...

Creating VLANs Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes • Current – Lists all the current VLAN groups created for this ...

Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port members for the selected VLAN index. Assign ports as tagged if they are connected to 802.1Q VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices. Or configure a port as forbidden t...

Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This switch supports two types of private VLAN ports: promiscuous, and community ports. A promiscuous port can communicate with all interfaces within a private VLAN. Community ports can only...

Figure 3-67. Private VLAN Information CLI s – This example shows the switch configured with primary VLAN 5 and econdary VLAN 6. Port 3 has been configured as a promiscuous port and fic for port 4 and 5 can only pass through port 3. mapped to VLAN 5, while ports 4 and 5 have been configured as a host...

• Current – Displays a list of the currently configured VLANs. the VLAN ID number, select Primary, Isolated or Community type, then click Add. To remove a private Web – Click VLAN, Private VLAN, Configuration. Enter VLAN from the switch, highlight an entry in the Current list box and then click Remo...

Figure 3-69. Private VLAN Association CLI – This example associates community VLANs 6 and 7 with primary VLAN 5. Displaying Private VLAN Interface Information Use the Private VLAN Port Information and Private VLAN Trunk Information menus to display the interfaces associated with private VLANs. Comma...

Figure 3-70. Displaying Private VLAN Port Information CLI – This example shows the switch configured with primary VLAN 5 and community VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have been configured as host ports and associated with VLAN 6. Thi...

Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s ty queue will be transmitted bef...

Figure 3-72. Port Priority Configuration signs a default priority of 5 to port 3. CLI – This example as Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using four R s are defined in IEEE ed according to recommendations in andard as shown in...

Figure 3-73. Traffic Classes ws how to change the CoS assignments to CLI – The following example sho aone-to-onemapping. NOTE ： Mapping specific values for CoS priorities is implemented as an interface d, but any changes will apply to the all interfaces on the ng the Queue Mode e Weighted Round-Robi...

qu e moving on to the next queue. This prevents the head-of-line blocking that can occur with strict priority queuing. Command Attributes d Round-Robin shares bandwidth at the egress ports by using weights 1, 2, 4, 6 for queues 0 through 3 respectively. (This is the ueue 0 is non-configurable.) he e...

Figure 3-75. Configuring Queue Scheduling ing example shows how to assign WRR weights to each of the priority queues. CLI – The follow Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values orts several common methods of prioritizing layer 3/4 traffic to quirements. Traffic prioritie...

these priority types will automatically disable the other. Priority The switch allows you to choose between using IP Precedence or DSCP priority. Select one of the methods or disable this feature. Command Attributes • Disabled – Disables both priority services. (This is the default setting.) • IP Pr...

Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map. • Class of Service Value – Maps a CoS value to the selected IP Precedence value. Note that “0” represents low priority and “7” represent high priority. Web – Click Priority, IP Precedence Priority. Select the req...

* Mapping specific values for IP Precedence is implemented as an interface The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility nce bits so that non-DSCP compliant, ToS-enabled devices, with the ...

Web – Click Priority, IP DSCP Priority. Select the required interface, select an rom the DSCP table, enter a value in the Class of Service Value field, then entry fclick Apply. Figure 3-78. Mapping IP DSCP Priority Values CLI – The following example globally enables DSCP Priority service on the swit...

Mapping IP Port Priority of Service values based on the i.e., TCP/UDP port number) in the frame header. Some of the ommon TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and riority Status – Enables or disables the IP port priority. /UDP) – Set a new IP port number. • lass of Service Value ...

Figure 3-79. Enabling IP Port Priority Status Click Priority, IP Port Priority.Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box, and then click Add IP Port. Figure 3-80. IP Port Priority CLI – The following example globally e...

Note: Mapping specific values for IP Port Priority is implemented as an interface ration command, but any changes will apply to the all interfaces on the g CoS Values to ACLs Use the ACL CoS Mapping page to set the output queue for packets matching an ACL rule as shown in the following table. Note t...

Figure 3-81. ACL CoS Priority CLI – This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 24. 3-135

Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multi...

list, click Apply. Figure 3-86. IGMP Member Port Table CLI – This example assigns a multicast address to VLAN 1 the known multicast services supported on VLAN 1. , and then displays all 3-142

4 Chapter 4: Command Line Interface This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface A Wto itch can be by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands o...

Telnet Connection ment, your ent station and any network device you want to manage over the . Valid IP addresses consist of four numbers, ch address consists of a network portion and .1, with nsists of a network portion (10.1.0) and a host ss for this switch is unassigned by default. the switch thro...

Note: You can open up to four sessions to the device via Telnet. ands. Keywords and Arguments s a series of keywords and arguments. Keywords identify a rguments specify configuration parameters. For example, in the erfaces status ethernet 1/5,” show interfaces and status are sp Y• • ex ode, and disp...

Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, Interface, Line or VLAN Database). You can also display a list of valid keywords for a sp...

Partial Keyword Lookup uestion mark, alternatives that match space between the estion mark.) For example “ s? ” shows all the keywords starting If you terminate a partial keyword with a qthe initial letters are provided. (Remember not to leave a command and quwith”s.” egating the Effect of Commands ...

Exec Commands When you open a new console session on the switch with the user name and password “guest,” the system enters the Normal Exec command mode (or guest mode), displaying the “Console>” command prompt. Only a limited number of the commands are available in this mode. You can access all c...

Command Groups The system commands can be broken down into the functional groups shown below. 4-10

The access mode shown in the following tables is indicated by thesabbreviations: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration) GC (Global Configuration) VC (VLAN Database Configuration) ACL (Access Control List Configuration) e ine Commands on program by ...

* These commands only apply to the serial port. line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line { console | vty } • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). D...

There is no default line. onfiguration ty” in g., databits) do not affect Telnet connections. Command Mode Global C Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vscreen displays such as show users . However, the serial communication parameters (e. Example To...

Related Commands e (4-36) pas pass cifies the password for a line. Use the no form to remove the pas Usage • When a connection is started on a line with password protection, the system rompts for the password. If you enter the correct password, the system shows a password-thresh command to set the n...

timeout login response (4-13) rd-thresh This command sets the password intrusion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold value. Syntax password-thresh [ threshold ] no password-thresh threshold - The number of allowed password attempts. (Ra...

Command Mode Line Configuration h as terminals and modems rity bit setting. cify no parity, enter this command: Command Usage Communication protocols provided by devices sucoften require a specific pa Example To spe s ets both the (from terminal) speeds. Use the no form to ing. spn its per second. L...

General Commands enable This command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 4-8. Syntax enable [ level ] level - Privilege level to log into the device. The ...

Related Commands disable (4-28) -37) of the prompt to indicate that the system enable password (4 disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access ...

System Management Commands mands are used to control system logs, passwords, user names, browserconfiguration options, and display or configure a variety of other system These com information. Device Designation Commands prompt This command customizes the CLI prompt. Use the no form to restore the d...

prompt string length: 255 characters) Console Command Mode Global Configuration Example no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum Default Setting hostname This command specifies or modifies the host name for this device. Use the no form to restore the default hos...

• The default password is “super” Command Mode Global Configuration Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 4-27). • The encrypted password is required for compatibi...

IP Filter Commands m T allowed management the switch through various protocols. Use the no form to restore the [ no ] management { all-client | http-client | snmp-client | telnet-client } start-address [ end-address ] • all-client - Adds IP address(es) to the SNMP, Web and Telnet groups. address(es)...

show management This command displays the client IP addresses that are allowed management access to the switch through various protocols. Syntax show management { all-client | http-client | snmp-client | telnet-client } • all-client - Adds IP address(es) to the SNMP, Web and Telnet groups. t - Adds ...

Web Server Commands ip http port This command specifies the TCP port number used by the Web browser interface. m to use the default port. ace. D 80 C G E Use the no for Syntax ort port-number ip http pno ip http port r interf port-number - The TCP port to be used by the browse (Range: 1-65535) efaul...

Related Commands Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface. Use the no form to disable this function. Syntax [ no ] ip http secure-server Default Setting Enabled Command Mode Global Configuration Command Usage • Both HTTP and HTTPS serv...

Telnet Server Commands ip telnet port T et interface. Use th S D C E his command specifies the TCP port number used by the Teln e no form to use the default port. yntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) efaul...

Secure Shell Commands y-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows nts. These tools, including commands such as rlogin (remote The Secure Shell (SSH) includes server/client applications intended as ...

show ssh Use this command to display the current SSH server connections. Command Mode Privileged Exec Example 4-43

Event Logging Commands lo This command controls logging of error messages, sending debug or error Command Mode Global Configuration Command Usage The logging process controls error messages saved to switch memory. You can use the logging history command to control the type of error messages that are...

Time Commands dynamically set by polling a set of specified time servers TP or SNTP). Maintaining an accurate time on the switch enables the system gful dates and times for event entries. If the clock is not set, p. The system clock can be (Nlog to record meaninthe switch will only record the time f...

System Status Commands light unit This command displays the unit ID of a switch using its front-panel LED indicators. t [ unit ] • unit - specifies a unit in a switch stack to light the panel LEDs Default Setting None icators for ports 1 to 8. it command is entered, the LED corresponding to the sh f...

show version This command displays hardware and software version information for the None Command Mode Normal Exec, Privileged Exec Command Usage See “Displaying Switch Hardware/Software Versions” on page 3-13 for detailed information on the items displayed by this command. Example system. Default S...

Frame Size Commands jumbo frame This command enables support for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled Command Mode Global Configuration Command Usage • This switch provides more efficient throughput for large sequential data transfers by sup...

Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x. Authentication Sequence authentication lo...

TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with...

d and sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control { auto | force-authorized | force-unauthorized } no dot1x port-control client to be authorized by the re will be denied access. • force-authorized – Configures the port to grant access to...

Access Control List Commands frames (based on MAC address or Ethernet type). To filter packets, first create an access list, add the required rules, specify a mask to modify the precedence in hen bind the list to a specific port. Access Control Lists An ACL is a sequential list of permit or deny con...

4. Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports. 5. If no explicit rule is matched, the implicit default is permit all. IP ACLs access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the no form to rem...

MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the specified ACL. Setting C C ing ACL, le, use the no permit or no deny command followed by the p to 32 rules. Syntax [ no ] access-list mac acl_name acl_name – Name of the ...

map access-list mac (4-134) ACL Information sho ows all ACLs and associated rules, as well as all the w access-list This command shuser-defined masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interface (i.e., the ACL is active), the order in which the rules are displaye...

SN imple MP Commands Controls access to this switch from management stations using the SNetwork Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the community access string for the Simple Network Management Protocol. Use the no ...

The first snmp-server comm (SNMPv1). The no snmp-server community unity command you enter enables SNMP command disables SNMP. Example snmp-server contact T ntact string. Use the no form to remove the system contact information. Syn sn g no snmp-server contact st ntact information. (Maximum length: D...

Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. int figures an interface type and enter interface configuration interface erface This command conmode.Use the no form to remove a trunk. Syntax interface 4-108

no interface port-channel channel-id interface • ethernet unit / port 1. • port-channel channel-id (Range: 1-4) 4) d Mode Glo To specify port 24, enter the following command: - unit - This is device - port - Port number. • vlan vlan-id (Range: 1-409 Default Setting None Comman bal Configuration Exam...

• 100full - Forces 100 Mbps full-duplex operation full-duplex operation lf - Forces 10 Mbps half-duplex operation D by default. When auto-negotiation is disabled, the default speed-duplex setting is 100half Interface Configuration (Ethernet, Port Channel) • To force operation to the speed and duplex...

Example The following example configures port 11 to use autonegotiation. Related Commands capabilities (4-149) speed-duplex (4-147) capabilities This command advertises the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capabili...

R negotiation (4-148) spflo This [ n ntrol can eliminate frame loss by “blocking” traffic from end stations or operation and IEEE 802.3x for full-duplex operation. • To force flow control on or off (with the flowcontrol or no flowcontrol command), use the no negotiation command to disable auto-negot...

shutdown This command disables an interface. To restart a disabled interface, use the no form. Syntax [ no ] shutdown Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal beha...

show interfaces counters show interfaces counters [ interface ] e • D S C ileged Exec Command Usage ecified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Showing Port -115. Example This command displays interface statistics. Syntax interf...

show interfaces switchport This command displays the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [ interface ] • port-channel channel-id (Range: 1-4) S or d Exec C This example shows the configuration setting for port 24. interface • ethernet ...

Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. port monitor This command configures a mirror session. Use the no form to clear a mirror session. Syntax port monitor interface [ rx | tx ] no port monitor interface • interface - ethernet unit / p...

show port monitor splays mirror information. r [ interface ] t unit / port (source port) sessions. Mode Privileged Exec Command Usage This command displays the currently configured source port, destination port, and mirror mode (i.e., RX, TX). Example The following shows mirroring configured from po...

Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transm iting is configured on interfaces at twork to limit traffic into or out of the network. Traffic that falls with ceed the acceptable e dropped. g can be applied to individual ports or trunks. W...

Command Usage Actual rate limit = Rate limit level * Granularity xample E rate-limit granularity efine the rate limit granularity for the Fast Ethernet ports, and the Gigabit Ethernet ports. Use the no form of this command to restore the ra itethernet } granularity [ granularity ] no et | gigabiteth...

• For Fast Ethernet interfaces, the rate limit granularity is 512 Kbps, 1 Mbps, or rate limit granularity is 33.3 Mbps. Example 3.3 Mbps. • For Gigabit Ethernet interfaces, the Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of...

Guidelines for Creating Trunks General Guidelines – • Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop. nds of a connection must be configured as trunk ports. orts in a trunk have to be treated as a whole when moved from/to,...

D The current port will be added to this trunk. C e tandard. • Use no channel-group to remove a port group from a trunk. es port-channel to remove a trunk from the switch. ple creates trunk 1 and then adds port 11: efault Setting ommand Mode Interface Configuration (Ethernet) Command Usag • When con...

lacp system-priority This command crest defau onfigures a port's LACP system priority. Use the no form to lt setting. er } system-priority priority rtner } system-priority The local side an aggregate link. ide of an aggregate link. -65535) ration (Ethernet) Usage • Port must be configured with the s...

the no form to restore the default setting. [ n ctor | partner } admin-key key dmin key is used to identify a specific link aggregation group (LAG) during local LACP setup on this switch. (Range: 0-65535) Defau 0 erface Configuration (Port Channel) y allowed to join the same LAG if (1) the LACP syst...

lacp port-priority This command configures LACP port priority. Use the no form to restore the default setting. Syntax lacp { actor | partner } port-priority priority no lacp { actor | partner } port-priority • actor - The local side an aggregate link. • partner - The remote side of an aggregate link...

Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. mac-address-table static his command maps a static address to a destination port in a VLAN. Use the no ddress. n...

Spanning Tree Commands his section includes commands that configure the Spanning Tree Algorithm and commands that configure STA for the selected T(STA)globally for the switch,interface. spanning-tree This command enables the Spanning Tree Algorithm globally for the switch. Use Spanning tree is enabl...

The following example configures the switch to use Rapid Spanning Tree: s nfigures the spanning tree bridge forward time globally for this form to restore the default. -time seconds y device must receive information about topology changes addition, each port needs time to listen for co iscarding sta...

mits a configuration message. Example spanning-tree max-age the spanning tree bridge maximum age globally for this se the no form to restore the default. Syn spno spanning-tree max-age sec Range: 6-40 seconds) The minimum value is the higher of 6 or [2 x (hello-time + 1)]. The maximum value is the l...

spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range – 0-61440, in steps of 4096; Options: 0, 4096, 8192, ...

4-190) takes precedence over port Example priority (page 4-191). spanning-tree transmission-limit This command configures the minimum interval between the transmission of the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The...

spanning-tree portfast This command sets an interface to fast forwarding. Use the no form to disable fast ommand Mode mand is used to enable/disable the fast spanning-tree mode for the port. In this mode, ports skip the Discarding and Learning states, and proc• Sinc d through the s ard conve for end...

Default Setting auto Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Specify a point-to-point link if the interface can only be connected to exactly one other bridge, or a shared link if it can be connected to two or more bridges. • When automatic detection is selected,...

VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section ed to create VLAN groups, add port members, specify used, and enable automatic VLAN registration for the describes commands ushow VLA...

Configuring VLAN Interfaces interface vlan This command enters interface configuration mode for VLANs, which is used to configure VLAN parameters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes) Default Setting None Comma...

4-159 Displaying VLAN Information show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name | private-vlan private-vlan-type ] • id - Keyword to be followed by the VLAN ID. - vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes) • name - Keyword ...

4-160 Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This switch supports two types of private VLAN ports: promiscuous, and community ports. A promiscuous port can communicate with all interfaces within a private VLAN. Commun...

4-165 GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the ...

4-166 Example show bridge-ext This command shows the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Enabling or Disabling GVRP (Global Setting)” on page 4-147and “Displaying Bridge Extension Capabilities” on page 3-11 for a descripti...

4-167 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-4) Default Setting Shows both global and interface-specific configurat...

4-168 values for the GARP timers are independent of the media access method or data rate. These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registration/deregistration. • Timer values are applied to GVRP for all the ports on all VLANs. • Timer values must ...

4-169 Priority Commands The commands described in this section allow you to specify which data packet shave greater precedence when traffic is buffered in the switch due to congestion.This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will ...

4-174 show queue cos-map This command shows the class of service priority map. Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Example

4-182 Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates th...

4-189 Related Commands ip igmp snooping version (4-240) Static Multicast Routing Commands ip igmp snooping vlan mrouter This command statically configures a multicast router port. Use the no form to remove the configuration. Syntax [ no ] ip igmp snooping vlan vlan-id mrouter interface • vlan-id - V...

4-191 IP Interface Commands There are no IP addresses assigned to this switch by default. You must manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets. You may also need to a establish a default gateway between this device and manag...

5-1 5 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) DHCP Client Port Configuration 100BASE-TX: 10/100 Mbps, half/full duplex 1000BASE-T: 1000 Mbps, full duplex Flow Co...

5-3 SSH (Version 2.0) Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ethernet MIB (RFC 2665) Ether-like MIB (RFC 1643) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Int...

6-1 6 Appendix B: Troubleshooting Problems Accessing the Management Interface Table 6-1. Troubleshooting Chart

6-3 Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: 1. Enable logging. 2. Set the error messages reported to include all catego...