Milan Technology MIL-SM24004TG - Manual

Contents xiii show ip igmp snooping 4-205 show mac-address-table multicast 4-206 IGMP Query Commands (Layer 2) 4-207 ip igmp snooping querier 4-207 ip igmp snooping query-count 4-207 ip igmp snooping query-interval 4-208 ip igmp snooping query-max-response-time 4-209 ip igmp snooping router-port-exp...

xv Tables Table 1-1. Key Features 1-1 Table 1-2. System Defaults 1-5 Table 3-1 Web Page Configuration Buttons 3-3 Table 3-2 Switch Main Menu 3-4 Table 3-3 Logging Levels 3-19 Table 3-4 HTTPS System Support 3-35 Table 3-5 802.1X Statistics 3-48 Table 3-6 LACP Port Counters 3-76 Table 3-7 LACP Interna...

xvii Figures Figure 3-1 Home Page 3-2 Figure 3-2 Front Panel Indicators 3-3 Figure 3-3 System Information 3-9 Figure 3-4 Switch Information 3-11 Figure 3-5 Displaying Bridge Extension Configuration 3-12 Figure 3-6 IP Interface Configuration - Manual 3-14 Figure 3-7 IP Interface Configuration - DHCP ...

Figures xix Figure 3-88 DNS General Configuration 3-148 Figure 3-89 DNS Static Host Table 3-150 Figure 3-90 DNS Cache 3-151

1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are...

Introduction 1-2 1 Description of Software Features The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the ...

Description of Software Features 1-3 1 Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity. Port Trunking – Ports can be combined i...

Introduction 1-4 1 Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each region,...

System Defaults 1-5 1 System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-18). The following table lists some of the basic system defaults. Ta...

Introduction 1-6 1 Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Port Capability 1000BASE-T –10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disab...

2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configu...

Initial Configuration 2-2 2 • Enable port mirroring • Set broadcast storm control on any port • Display system information and statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-mod...

Basic Configuration 2-3 2 Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. The IP address for this switch is obtained vi...

Initial Configuration 2-4 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names using the “username” command, record them and put them in a safe place. Passwords can consist of up to 8 alphanumeric characters and...

Basic Configuration 2-5 2 Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this network To assign an IP address to the switch, complete the fo...

Initial Configuration 2-6 2 5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>. 6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>....

Basic Configuration 2-7 2 To configure a community string, complete the following steps: 1. From the Privileged Exec level global configuration mode prompt, type “snmp-server community string mode ,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press...

Initial Configuration 2-8 2 2. Enter the name of the start-up file. Press <Enter>. Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downl...

3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (...

Configuring the Switch 3-2 3 Navigating the Web Browser Interface To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “ad...

Navigating the Web Browser Interface 3-3 3 Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the “Apply” button to confirm the new setting. The following table summarizes the web page configur...

Configuring the Switch 3-4 3 Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 3-2 Switch Main Menu Menu Des...

Basic Configuration 3-9 3 Basic Configuration Displaying System Information You can easily identify the system by displaying the device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network man...

Configuring the Switch 3-10 3 CLI – Specify the hostname, location and contact information. Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system....

Basic Configuration 3-11 3 Web – Click System, Switch Information. Figure 3-4 Switch Information CLI – Use the following command to display version information. Displaying Bridge Extension Capabilities The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic C...

Configuring the Switch 3-12 3 • Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration” on page 3-111.) • Local VLAN Capable – This switch does not suppo...

Basic Configuration 3-13 3 Setting the Switch’s IP Address This section describes how to configure an IP interface for management access over the network. The IP address for this switch is obtained via DHCP by default. To manually configure an address, you need to change the switch’s default setting...

Configuring the Switch 3-14 3 Manual Configuration Web – Click System, IP Configuration. Select the VLAN through which the management station is attached, set the IP Address Mode to “Static,” enter the IP address, subnet mask and gateway, then click Apply. Figure 3-6 IP Interface Configuration - Man...

Basic Configuration 3-15 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services. Web – Click System, IP Configuration. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP o...

Configuring the Switch 3-16 3 CLI – Enter the following command to restart DHCP service. Managing Firmware You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also ...

Basic Configuration 3-17 3 If you download to a new destination file, then select the file from the drop-down box for the operation code used at startup, and click Apply Changes. To start the new firmware, reboot the system via the System/Reset menu. Figure 3-9 Setting the Startup Code CLI – Enter t...

Configuring the Switch 3-18 3 Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the fi...

Basic Configuration 3-19 3 If you download the startup configuration file under a new file name, you can set this file as the startup file at a later time, and then restart the switch. Configuring Event Logging The switch allows you to control the logging of error messages, including the type of eve...

Configuring the Switch 3-20 3 • RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 7) Note: The Flash Level must b...

Basic Configuration 3-21 3 Command Attributes • Remote Log Status – Enables/disables the logging of debug or error messages to the remote logging process. (Default: Disabled) • Logging Facility – Sets the facility type for remote logging of syslog messages. There are eight facility types specified b...

Configuring the Switch 3-22 3 CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap. Displaying Log Messages Use the Logs page to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access mem...

Basic Configuration 3-23 3 CLI – This example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “debugging” (i.e., default level 7 - 0), and lists one sample error. Sending Simple Mail Transfer Protocol Aler...

Configuring the Switch 3-24 3 Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an IP address to the SMTP Server List, type the new IP address in the SMTP Server field and click Add. To delete an IP address, click the entry in t...

Basic Configuration 3-25 3 CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the logging sendmail command to complete the configur...

Configuring the Switch 3-26 3 Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times fo...

Basic Configuration 3-27 3 CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings. Setting the Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian,...

Configuring the Switch 3-28 3 CLI - This example shows how to set the time zone for the system clock. Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP...

Simple Network Management Protocol 3-29 3 Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Access Mode drop-down list, then click Add. Figure 3-19 Configuring SNMP Community Strings CLI – The following example adds the string “spiderman” with ...

Configuring the Switch 3-30 3 Web – Click SNMP, Configuration. Fill in the IP address and community string for each trap manager that will receive these messages, specify the SNMP version, mark the trap types required, and then click Add. Figure 3-20 Configuring SNMP Trap Managers CLI – This example...

User Authentication 3-31 3 Command Attributes • User Name* – The name of the user. (Maximum length: 8 characters) • Access Level* – Specifies the user level. (Options: Normal and Privileged) • Password – Specifies the user password. (Range: 0-8 characters plain text, case sensitive) * CLI only. Web ...

User Authentication 3-33 3 Note: The local switch user database has to be set up by manually entering user names and passwords using the CLI. (See “username” on page 4-26.) Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authenticat...

Configuring the Switch 3-34 3 CLI – Specify all the required parameters to enable logon authentication. Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) ...

User Authentication 3-35 3 • The following web browsers and operating systems currently support HTTPS: • To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” on page 3-35. Command Attributes • HTTPS Status – Allows you to enable/disable the HTTPS server feature o...

Configuring the Switch 3-36 3 Note: For maximum security, we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity. This is because the default certificate for the switch is not unique to the hardware you have purchased. When you have obtained these, place them o...

User Authentication 3-37 3 To use the SSH server, complete these steps: 1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a host public/private key pair. 2. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial...

Configuring the Switch 3-38 3 e. The switch compares the decrypted bytes to the original bytes it sent. If the two sets match, this means that the client's private key corresponds to an authorized public key, and the client is authenticated. Notes: 1. To use SSH with only password authentication, th...

User Authentication 3-39 3 Web – Click Security, SSH Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host key from memory to flash (if required) prior to generating the key, and then click Generate. Figure 3-23 SSH Host-Key Settings CLI – This exampl...

Configuring the Switch 3-40 3 Configuring the SSH Server The SSH server includes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disabled) • Version – The Secure Shell version number. Version 2.0 is displa...

User Authentication 3-41 3 CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the administrator has made a connection via SHH, and then disables this connection. Configuring Port Security Port security is a feature that allows yo...

Configuring the Switch 3-42 3 • If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configuration page (page 3-67). Command Attributes • Port – Port number. • Name – Descriptive text (page 4-124). • Action – Indicates the action to be take...

User Authentication 3-43 3 CLI – This example selects the target port, sets the port security action to send a trap and disable the port, specifies a maximum address count, and then enables port security for the port. Configuring 802.1X Port Authentication Network switches can provide open and easy ...

Configuring the Switch 3-44 3 The operation of 802.1X on the switch requires the following: • The switch must have an IP address assigned. • RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified. • 802.1X must be enabled globally for the switch. • Each...

Configuring the Switch 3-46 3 Configuring 802.1X Global Settings The dot1x protocol includes global parameters that control the client authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch ...

User Authentication 3-47 3 Web – Select Security, 802.1X, Configuration. Enable dot1x globally for the switch, modify any of the parameters required, and then click Apply. Figure 3-27 802.1X Configuration CLI – This enables re-authentication and sets all of the global parameters for 802.1X. Configur...

Configuring the Switch 3-48 3 • Authorized – - Yes – Connected client is authorized. - No – Connected client is not authorized. - Blank – Displays nothing when dot1x is disabled on a port. • Supplicant – Indicates the MAC address of a connected client. • Trunk – Indicates if the port is configured a...

User Authentication 3-49 3 Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. Figure 3-29 802.1X Port Statistics Rx EAP Resp/Oth The number of valid EAP Response frames (other than Resp/Id frames) that have been received ...

Configuring the Switch 3-50 3 CLI – This example displays the 802.1X statistics for port 4. Filtering IP Addresses for Management Access You can create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the web interface, SNMP, or Telnet. Co...

User Authentication 3-51 3 Web – Click Security, IP Filter. Enter the addresses that are allowed management access to an interface, and click Add IP Filtering Entry. Figure 3-30 IP Filter CLI – This example allows SNMP access for a specific client. Console(config)#management snmp-client 10.1.2.3 4-2...

Configuring the Switch 3-52 3 Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an acces...

Access Control Lists 3-53 3 Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum length: 16 characters) • Type – There are three filtering modes: - Standard: IP ACL mode that filters packets based...

Configuring the Switch 3-54 3 with the address for each IP packet entering the port(s) to which this ACL has been assigned. Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet ...

Access Control Lists 3-55 3 • Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicates a specific protocol number (0-255). (Options: TCP, UDP, Others; Default: TCP) • Src/Dst Port – Source/destination port number for the specified protocol type. (Range: 0-65535) ...

Configuring the Switch 3-56 3 Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Se...

Access Control Lists 3-57 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules) • Source/Destination MAC – Use “Any” to include all possible addresses, “Host” to indicate a specific MAC address, or “MAC” to specify an add...

Access Control Lists 3-59 3 Configuring ACL Masks You can specify optional masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven...

Configuring the Switch 3-60 3 Configuring an IP ACL Mask This mask defines the fields to check in the IP header. Command Usage • Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes. Command Attri...

Access Control Lists 3-61 3 Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or destination address, a specific host address, or an address range. Include other criteria to search for in the rules, such as a protocol type or ...

Configuring the Switch 3-62 3 Configuring a MAC ACL Mask This mask defines the fields to check in the packet header. Command Usage You must configure a mask for an ACL rule before you can bind it to a port. Command Attributes • Source/Destination MAC – Use “Any” to match any address, “Host” to speci...

Access Control Lists 3-63 3 CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask. Binding a Port to an Access Control List After configuring the Access Control Lists (ACL), you can bind the ports t...

Configuring the Switch 3-64 3 Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egress traffic, select the required ACL from the drop-down list, then click Apply. Figure 3-38 ACL Port Binding CLI – This examples assigns an IP and MA...

Port Configuration 3-67 3 Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. Command Attributes • ...

Configuring the Switch 3-68 3 • Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Creating Trunk Groups” on page 3-69. Note: Auto-negotiation must be disabled before you can configure or force the interface to use the Speed/Duplex Mode or Flow Control...

Port Configuration 3-69 3 Creating Trunk Groups You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two switches. ...

Configuring the Switch 3-70 3 Statically Configuring a Trunk Command Usage • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible....

Port Configuration 3-71 3 CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to form a trunk. Enabling LACP on Selected Ports Command Usage • To avoid creating a loop in the network, be sure you enable LACP before connecting th...

Configuring the Switch 3-72 3 Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply. Figure 3-42 LACP Trunk Configuration CLI – The following example enables LACP for p...

Port Configuration 3-73 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assigned to a common port channel must meet the following criteria: • Ports must have the same LACP System Priority. • Ports must have the same LACP port Admin Key. • However, if the “port channel” Admi...

Configuring the Switch 3-76 3 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information. Figure 3-44 LACP - Port Counters Information CLI – The following exampl...

Port Configuration 3-77 3 Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of an link aggregation. Table 3-7 LACP Internal Configuration Information Field Description Oper Key Current operational value of the k...

Configuring the Switch 3-78 3 Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information. Figure 3-45 LACP - Port Internal Information CLI – The following example displays the LACP configuration settings and operational state for the local side ...

Port Configuration 3-79 3 Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding inform...

Configuring the Switch 3-80 3 CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs ar...

Port Configuration 3-81 3 Web – Click Port, Port/Trunk Broadcast Control. Check the Enabled box for any interface, set the threshold and click Apply. Figure 3-47 Port Broadcast Control CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port ...

Configuring the Switch 3-82 3 Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. Comma...

Port Configuration 3-83 3 Configuring Rate Limits This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic coming out of the switch. Traffic that falls...

Configuring the Switch 3-84 3 Showing Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passi...

Port Configuration 3-87 3 Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. Figure 3-50 Port Statistics

Configuring the Switch 3-88 3 CLI – This example shows statistics for port 13. Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stor...

Address Table Settings 3-89 3 • VLAN – ID of configured VLAN (1-4094). Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. Then set this as a permanent address or to be deleted on reset. Figure 3-51 Static Addresses CLI – This ...

Configuring the Switch 3-90 3 Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query. Figure 3-52 Dynamic Addresses CLI – This example also displays th...

Spanning Tree Algorithm Configuration 3-91 3 Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables or disables the aging time. • Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 secon...

Configuring the Switch 3-92 3 Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to th...

Configuring the Switch 3-94 3 information that would make it return to a discarding state; otherwise, temporary data loops might result. • Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. • Max hops –...

Configuring the Switch 3-96 3 Configuring Global Settings Global settings apply to the entire switch. Command Usage • Spanning Tree Protocol 6 Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. This creates one spanning tree instance for the entire network. If multiple VLANs are ...

Spanning Tree Algorithm Configuration 3-97 3 • Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address wil...

Configuring the Switch 3-98 3 • Transmission Limit – The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages. (Range: 1-10; Default: 3) Configuration Settings for MSTP • Max Instance Numbers – The maximum number o...

Spanning Tree Algorithm Configuration 3-99 3 Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. Figure 3-55 STA Configuration

Configuring the Switch 3-100 3 CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters. Displaying Interface Settings The STA Port Information and STA Trunk Information pages display the current status of ports and trunks in the Spanni...

Configuring the Switch 3-102 3 • Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a ...

Spanning Tree Algorithm Configuration 3-103 3 CLI – This example shows the STA attributes for port 5. Configuring Interface Settings You can configure RSTP and MSTP attributes for specific interfaces, including port priority, path cost, link type, and edge port. You may use a different priority or p...

Configuring the Switch 3-104 3 Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled. • Default: 128• Range: 0-240, in steps of 16 • Path Cost – This parameter is used by the STP to determine the best p...

Spanning Tree Algorithm Configuration 3-105 3 Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Apply. Figure 3-57 STA Port Configuration CLI – This example sets STA attributes for port 7. Configuring Multiple Spanning Trees MSTP ge...

Configuring the Switch 3-106 3 Command Attributes • MST Instance – Instance identifier of this spanning tree. (Default: 0) • Priority – The priority of a spanning tree instance. (Range: 0-61440 in steps of 4096; Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 4...

Configuring the Switch 3-108 3 Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selected MST instance. Field Attributes • MST Instance ID – Instance identifier to configure. (Range: 0-4094; Default...

Spanning Tree Algorithm Configuration 3-109 3 Configuring Interface Settings for MSTP You can configure the STA interface settings for an MST Instance using the MSTP Port Configuration and MSTP Trunk Configuration pages. Field Attributes The following attributes are read-only and cannot be changed: ...

Configuring the Switch 3-110 3 • MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port p...

VLAN Configuration 3-111 3 VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast doma...

Configuring the Switch 3-112 3 Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. VLAN Classification – When the switch receives a...

VLAN Configuration 3-113 3 these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine security boundaries in the network and disable GVRP on the boundary ports to prevent advertisements from being propagated, or forbid those ports from jo...

Configuring the Switch 3-114 3 Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by h...

VLAN Configuration 3-115 3 CLI – Enter the following command. Displaying Current VLANs The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging. How...

Configuring the Switch 3-116 3 Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic : Automatically learned via GVRP. - Static : Added as a static entry. • Name – Name of the VLAN (1 to 32 characters). • ...

VLAN Configuration 3-117 3 Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add. Figure 3-64 VLAN Static List - Creating VLANs CLI – This example creates a new VLAN. Adding Static Members ...

Configuring the Switch 3-118 3 • Trunk – Trunk identifier. • Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: - Tagged : Interface is a member of the VLAN. All packets transmitted by the port will be tagged, that is, carry a tag...

VLAN Configuration 3-119 3 Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member. Command Attributes • Interface – Port or trunk identifier. • Member – VLANs for which the selected interface is a tag...

VLAN Configuration 3-121 3 • Mode – Indicates VLAN membership mode for an interface. (Default: 1Q Trunk) - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. Note that frames ...

Configuring the Switch 3-122 3 Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously...

VLAN Configuration 3-123 3 Configuring Uplink and Downlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with an...

Configuring the Switch 3-124 3 Configuring Protocol Groups Create a protocol group for one or more protocols. Command Attributes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type used by this protocol. (Options: Ethernet, RFC_1042, LLC_oth...

VLAN Configuration 3-125 3 - If the frame is untagged and the protocol type matches, the frame is forwarded to the appropriate VLAN. - If the frame is untagged but the protocol type does not match, the frame is forwarded to the default VLAN for this interface. Command Attributes • Interface – Port o...

Configuring the Switch 3-126 3 Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s ...

Class of Service Configuration 3-127 3 Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. Figure 3-72 Default Port Priority CLI – This example assigns a default priority of 5 to port 3. Console(config)#interface eth...

Configuring the Switch 3-128 3 Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service schedules based on strict or Weighted Round Robin (WRR). Up to eight separate traffic priorities are defi...

Class of Service Configuration 3-129 3 Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click Apply. Figure 3-73 Traffic Classes CLI – The following example shows how to change the CoS assignments to a one-to-one mapping. * Mapping specific ...

Configuring the Switch 3-130 3 • Strict - Services the egress queues in sequential order, transmitting all traffic in the higher priority queues before servicing lower priority queues. Web – Click Priority, Queue Mode. Select Strict or WRR, then click Apply. Figure 3-74 Queue Mode CLI – The followin...

Class of Service Configuration 3-131 3 Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), enter a weight, then click Apply. Figure 3-75 Queue Scheduling CLI – The following example shows how to assign WRR weights to each of the priority queu...

Configuring the Switch 3-132 3 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bi...

Class of Service Configuration 3-133 3 Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Pre...

Configuring the Switch 3-134 3 CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings. * Mapping specific values for IP Precedence is implemented as an interface configurati...

Class of Service Configuration 3-135 3 Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service Value field, then click Apply. Figure 3-78 IP DSCP Priority CLI – The following example globally enables DSCP Priority service on the switch, maps...

Configuring the Switch 3-136 3 Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110. Comman...

Class of Service Configuration 3-137 3 CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS value 0, and then displays the IP Port Priority settings for that port. * Mapping specific values for IP Precedence is implemented as an inte...

Configuring the Switch 3-138 3 Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then click Apply. Figure 3-81 ACL CoS Priority CLI – This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 24. Ch...

Class of Service Configuration 3-139 3 Command Attributes • Port – Port identifier. • Name 14 – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Precedence value. (Range: 0-7) • DSCP – Differentiated Services Code Point value. (Range: 0-63) • 802.1p Priority – Class of Service value ...

Configuring the Switch 3-140 3 Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts...

Multicast Filtering 3-141 3 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic. This prevents the switch from...

Configuring the Switch 3-142 3 Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) Figure 3-83 IGMP Configuration CLI – This example modifies the settings for multicast filtering, and then displays the cur...

Multicast Filtering 3-143 3 Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. These routers ...

Configuring the Switch 3-144 3 Command Attributes • Interface – Activates the Port or Trunk scroll down list. • VLAN ID – Selects the VLAN to propagate all multicast traffic coming from the attached multicast router. • Port or Trunk – Specifies the interface attached to a multicast router. Web – Cli...

Multicast Filtering 3-145 3 Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service. Figure 3-86 IP Multicast Registratio...

Configuring the Switch 3-146 3 • Multicast IP – The IP address for a specific multicast service • Port or Trunk – Specifies the interface attached to a multicast router/switch. Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabl...

Configuring Domain Name Service 3-147 3 Configuring General DNS Server Parameters Command Usage • To enable DNS service on this switch, first configure one or more name servers, and then enable domain lookup status. • To append domain names to incomplete host names received from a DNS client (i.e., ...

Configuring the Switch 3-148 3 Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name servers to use to use for address resolution, enable domain lookup status, and click Apply. Figure 3-88 DNS General Configuration CLI - This example s...

Configuring Domain Name Service 3-149 3 Configuring Static DNS Host to Address Entries You can manually configure static entries in the DNS table that are used to map domain names to IP addresses. Command Usage • Static entries may be used for local devices connected directly to the attached network...

Configuring the Switch 3-150 3 Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply. Figure 3-89 DNS Static Host Table CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses. Consol...

Configuring Domain Name Service 3-151 3 Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers. Field Attributes • No – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefore ...

4-1 Chapter 4: Command Line Interface This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the s...

Command Line Interface 4-2 4 To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, If your corporate network is connected to another network outside your off...

Entering Commands 4-3 4 Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status eth...

Command Line Interface 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, Interface, Line, VLAN Database, or MSTP). You can also displ...

Entering Commands 4-5 4 Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “ s? ” shows all the keywords starting with “s.” Negati...

Command Line Interface 4-6 4 Understanding Command Modes The command set is divided into Exec and Configuration classes. Exec commands generally display information on system status or clear statistical counters. Configuration commands, on the other hand, modify interface parameters or enable certai...

Entering Commands 4-7 4 Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in non-volatile storage, use the ...

Command Line Interface 4-8 4 To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode. For example, you can use the following commands to enter interface configuration mode, and then return to Privileg...

Entering Commands 4-9 4 Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or...

Command Line Interface 4-10 4 Command Groups The system commands can be broken down into the functional groups shown below . Table 4-4 Command Group Index Command Group Description Page Line Sets communication parameters for the serial port and Telnet, including baud rate and console time-out 4-11 G...

Line Commands 4-11 4 The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration) GC (Global Configuration) VC (VLAN Database Configuration) ACL (Access Control List Configuration) MST (M...

Command Line Interface 4-12 4 line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line { console | vty } • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting The...

Line Commands 4-13 4 Command Usage • There are three authentication modes provided by the switch itself at login: - login selects authentication by a single global password as specified by the password line configuration command. When using this method, the management interface starts in Normal Exec...

Command Line Interface 4-14 4 number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state. • The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when ...

Line Commands 4-15 4 password-thresh This command sets the password intrusion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold value. Syntax password-thresh [ threshold ] no password-thresh threshold - The number of allowed password attempts. (Range...

Command Line Interface 4-16 4 Example To set the silent time to 60 seconds, enter this command: Related Commands password-thresh (4-15) databits This command sets the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default valu...

Line Commands 4-17 4 parity This command defines the generation of a parity bit. Use the no form to restore the default setting. Syntax parity { none | even | odd } no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode Line Configuration Command ...

Command Line Interface 4-18 4 Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on devices connected to the port might not be supported. The system indicates if the speed you selected is not supported. If you select the “auto” op...

Line Commands 4-19 4 Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection. Example Related Commands show ssh (4-41)show users (4-61) show line This command displays t...

Command Line Interface 4-20 4 General Commands enable This command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 4-6. Syntax enable [ level ] level - Privilege leve...

General Commands 4-21 4 Example Related Commands disable (4-21)enable password (4-27) disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all comma...

Command Line Interface 4-22 4 Related Commands end (4-23) show history This command shows the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands. ...

Command Line Interface 4-24 4 quit This command exits the configuration program. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program. Example This example shows how to quit a CLI session: System Management Co...

System Management Commands 4-25 4 Device Designation Commands prompt This command customizes the CLI prompt. Use the no form to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Cons...

Command Line Interface 4-26 4 Example User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 4-11), user authentication via a remote authentication s...

System Management Commands 4-27 4 Command Mode Global Configuration Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file fro...

Command Line Interface 4-28 4 Example Related Commands enable (4-20) IP Filter Commands management This command specifies the client IP addresses that are allowed management access to the switch through various protocols. Use the no form to restore the default setting. Syntax [ no ] management { all...

System Management Commands 4-29 4 • When entering addresses for the same group (i.e., SNMP, Web or Telnet), the switch will not accept overlapping address ranges. When entering addresses for different groups, the switch will accept overlapping address ranges. • You cannot delete an individual addres...

Command Line Interface 4-30 4 Web Server Commands ip http port This command specifies the TCP port number used by the Web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range...

System Management Commands 4-31 4 Example Related Commands ip http port (4-30) ip http secure-server This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface. Use the ...

Command Line Interface 4-32 4 Example Related Commands ip http secure-port (4-32)copy tftp https-certificate (4-63) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’s Web interface. Use the no form to restore the default port. Syntax ip http ...

System Management Commands 4-33 4 Telnet Server Commands ip telnet port This command specifies the TCP port number used by the Telnet interface. Use the no form to use the default port. Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface...

Command Line Interface 4-34 4 Related Commands ip telnet port (4-33) Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including comma...

System Management Commands 4-35 4 The SSH server on this switch supports both password and public key authentication. If password authentication is specified by the SSH client, then the password can be authenticated either locally or via a RADIUS or TACACS+ remote authentication server, as specified...

Command Line Interface 4-36 4 corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this process: a. The client sends its public key to the switch. b. The switch compares the client's public key to those stored in memory. c. If a match is fo...

System Management Commands 4-37 4 ip ssh timeout Use this command to configure the timeout for the SSH server. Use the no form to restore the default setting. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation. (Range: 1-120) Default Sett...

Command Line Interface 4-38 4 Example Related Commands show ip ssh (4-40) ip ssh server-key size Use this command to set the SSH server key size. Use the no form to restore the default setting. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server key. (Range...

System Management Commands 4-39 4 Example ip ssh crypto host-key generate Use this command to generate the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) key type. Default Setting Generates both...

Command Line Interface 4-40 4 Command Mode Privileged Exec Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to clear the host key from flash memory. • The SSH server must be disabled before you can execute this command. Example Rela...

System Management Commands 4-41 4 Example show ssh Use this command to display the current SSH server connections. Command Mode Privileged Exec Example Console#show ip sshSSH Enabled - version 1.99Negotiation timeout: 120 secs; Authentication retries: 3Server key size: 768 bitsConsole# Console#show ...

System Management Commands 4-43 4 Event Logging Commands logging on This command controls logging of error messages, sending debug or error messages to switch memory. The no form disables the logging process. Syntax [ no ] logging on Default Setting None Command Mode Global Configuration Command Usa...

Command Line Interface 4-44 4 logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history { flash | ram } level no logging history { flash | ram } • flash - Event history...

System Management Commands 4-45 4 logging host This command adds a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server. Default Setting None Co...

Command Line Interface 4-46 4 logging trap This command enables the logging of system messages to a remote server, or limits the syslog messages saved to a remote server based on severity. Use this command without a specified level to enable remote logging. Use the no form to disable remote logging....

System Management Commands 4-47 4 Related Commands show logging (4-47) show logging This command displays the logging configuration, along with any system and event messages stored in memory. Syntax show logging { flash | ram | sendmail | trap } • flash - Event history stored in flash memory (i.e., ...

Command Line Interface 4-48 4 The following example displays settings for the trap function. Related Commands show logging sendmail (4-51) SMTP Alert Commands These commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP servers and email recipients. Console#sh...

System Management Commands 4-49 4 logging sendmail host This command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMTP server. Syntax [ no ] logging sendmail host ip_address ip_address - IP address of an SMTP server that will be sent alert messages for event ...

Command Line Interface 4-50 4 Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to the configured email recipients. (For example, using Level 7 will report all events from level 7 to level 0.) Example This example will send email alerts f...

System Management Commands 4-51 4 Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify each recipient. Example logging sendmail This command enables SMTP event handling. Use the no form to disable this function. Syntax [ no ] l...

Command Line Interface 4-52 4 Time Commands The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP), or by using information broadcast by local time servers. sntp client This command enables SNTP client requests for time synchronization from NTP or SNTP time ...

System Management Commands 4-53 4 Example Related Commands sntp server (4-53)sntp poll (4-54)show sntp (4-54) sntp server This command sets the IP address of the servers to which SNTP time requests are issued. Use the this command with no arguments to clear all time servers from the current list. Sy...

Command Line Interface 4-54 4 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds) Defaul...

System Management Commands 4-55 4 clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes { before-utc | after-utc } • name - Name of timezone, usually an acronym. (Range: 1-29 characters) • hours - Number of hours before/a...

Command Line Interface 4-56 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15:12:34, February 1st, 2004. show calendar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileged Exec Example Console...

System Management Commands 4-57 4 System Status Commands show startup-config This command displays the configuration file stored in non-volatile memory that is used to start up the system. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show...

Command Line Interface 4-60 4 Related Commands show startup-config (4-57) show system This command displays system information. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage • For a description of the items shown by this command, refer to “Displaying System Information...

System Management Commands 4-61 4 show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symb...

Command Line Interface 4-62 4 Example Frame Size Commands jumbo frame This command enables support for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled Command Mode Global Configuration Command Usage • This switch provides more efficient throughput for ...

Command Line Interface 4-64 4 Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for fi...

Flash/File Commands 4-65 4 The following example shows how to download a configuration file: This example shows how to copy a secure-site certificate from an TFTP server. It then reboots the switch to activate the certificate: This example shows how to copy a public-key used by SSH from an TFTP serv...

Command Line Interface 4-66 4 Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cfg” cannot be deleted. Example This example shows how to delete the test2.cfg configuration file from flash memory. Related Commands dir (4-66)delet...

Command Line Interface 4-68 4 Default Setting None Command Mode Global Configuration Command Usage • A colon (:) is required after the specified file type. • If the file contains an error, it cannot be set as the default file. Example Related Commands dir (4-66) whichboot (4-67) Authentication Comma...

Authentication Commands 4-69 4 Authentication Sequence authentication login This command defines the login authentication method and precedence. Use the no form to restore the default. Syntax authentication login {[ local ] [ radius ] [ tacacs ]} no authentication login • local - Use local password....

Command Line Interface 4-70 4 authentication enable This command defines the authentication method and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command (see page 4-20). Use the no form to restore the default. Syntax authentication enable ...

Authentication Commands 4-71 4 RADIUS Client Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of multiple user n...

Command Line Interface 4-72 4 Default Setting 1812 Command Mode Global Configuration Example radius-server key This command sets the RADIUS encryption key. Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticat...

Authentication Commands 4-73 4 Example radius-server timeout This command sets the interval between transmitting authentication requests to the RADIUS server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of...

Command Line Interface 4-76 4 Port Security Commands These commands can be used to enable port security on a port. When using port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses ...

Command Line Interface 4-78 4 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS ser...

Authentication Commands 4-79 4 authentication dot1x default This command sets the default authentication server type. Use the no form to restore the default. Syntax authentication dot1x default radiusno authentication dot1x Default Setting RADIUS Command Mode Global Configuration Example dot1x defau...

Command Line Interface 4-82 4 dot1x re-authenticate This command forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. Command Mode Privileged Exec Example dot1x re-a...

Authentication Commands 4-83 4 Command Mode Global Configuration Example dot1x timeout re-authperiod This command sets the time period after which a connected client must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod seconds - The number of seconds. (...

Command Line Interface 4-84 4 show dot1x This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [ statistics ] [ interface interface ] • statistics - Displays dot1x status for each port. • interface • ethernet unit / port - unit - Thi...

Authentication Commands 4-85 4 • Backend State Machine - State – Current state (including request, response, success, fail, timeout, idle, initialize). - Request Count – Number of EAP Request packets sent to the Supplicant without receiving a response. - Identifier(Server) – Identifier carried in th...

Command Line Interface 4-86 4 Access Control List Commands Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter packets, first create an access...

Access Control List Commands 4-87 4 • You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules ...

Command Line Interface 4-88 4 access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the no form to remove the specified ACL. Syntax [ no ] access-list ip { standard | extended } acl_name • standard – Specifies an ACL that filters packe...

Access Control List Commands 4-89 4 Example Related Commands permit, deny 4-89ip access-group (4-97)show ip access-list (4-92) permit , deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source. Use the no form...

Access Control List Commands 4-91 4 Command Usage • All new rules are appended to the end of the list.• Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” ...

Access Control List Commands 4-93 4 Command Usage • A mask can only be used by all ingress ACLs or all egress ACLs.• The precedence of the ACL rules applied to a packet is not determined by order of the rules, but instead by the order of the masks; i.e., the first mask that matches a rule will deter...

Command Line Interface 4-96 4 This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets. It then sets the ingress mask to check the deny rule first, and finally binds port 1 to this ACL. Note that once the ACL is bound to an interface (...

Command Line Interface 4-98 4 Related Commands ip access-group (4-97) map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself. Use the no form to...

Access Control List Commands 4-99 4 show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) Syntax show map access-list ip [ interface ] interface • ethernet unit / port - un...

Command Line Interface 4-100 4 Command Usage • You must configure an ACL mask before you can change frame priorities based on an ACL rule. • Traffic priorities may be included in the IEEE 802.1p priority tag. This tag is also incorporated as part of the overall IEEE 802.1Q VLAN tag. To specify this ...

Access Control List Commands 4-101 4 MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the specified ACL. Syntax [ no ] access-list mac acl_name acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting Non...

Access Control List Commands 4-103 4 • destination – Destination MAC address range with bitmask. • address-bitmask* – Bitmask for MAC address (in hexidecimal format). • vid – VLAN ID. (Range: 1-4095)• vid-bitmask* – VLAN bitmask. (Range: 1-4095) • protocol – A specific Ethernet protocol number. (Ran...

Command Line Interface 4-104 4 Example Related Commands permit, deny 4-102mac access-group (4-107) access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no form to delete the mask table. Syntax [ no ] access-list ip mask-precedence { in...

Command Line Interface 4-106 4 Example This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask. This example creates an Egress MAC ACL. Console(config)#access-list mac M4Console(config-mac-acl)#permit any a...

Command Line Interface 4-108 4 Related Commands show mac access-list (4-103) show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Related Commands mac access-group (4-107) map access-list mac This command sets the output queue for packets matc...

Access Control List Commands 4-109 4 Example Related Commands queue cos-map (4-193)show map access-list mac (4-109) show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) S...

Command Line Interface 4-110 4 match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching the defined ACL rule. (This feature is commonly referred to as ACL packet marking.) Use the no form to remove the ACL marker. Syntax match access-list mac acl_name set prior...

Access Control List Commands 4-111 4 ACL Information show access-list This command shows all ACLs and associated rules, as well as all the user-defined masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interface (i.e., the ACL is active), the order in which the rules are ...

Command Line Interface 4-112 4 SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the community access string for the Simple Network Ma...

SNMP Commands 4-115 4 Related Commands snmp-server enable traps (4-115) snmp-server enable traps This command enables this device to send Simple Network Management Protocol traps (SNMP notifications). Use the no form to disable SNMP notifications. Syntax [ no ] snmp-server enable traps [ authenticat...

DNS Commands 4-117 4 DNS Commands These commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS domain name to IP address mapping table, configure default domain names, or specify one or more name servers to use for domain name to address tra...

Command Line Interface 4-118 4 Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP address is associated with a host name using this command, a DNS client can try each address in succession, until it establishes a connecti...

Command Line Interface 4-120 4 Example This example adds two domain names to the current list and then displays the list. Related Commands ip domain-name (4-118) ip name-server This command specifies the address of one or more domain name servers to use for name-to-address resolution. Use the no for...

DNS Commands 4-121 4 Example This example adds two domain-name servers to the list and then displays the list. Related Commands ip domain-name (4-118)ip domain-lookup (4-121) ip domain-lookup This command enables DNS host name-to-address translation. Use the no form to disable DNS. Syntax [ no ] ip ...

Command Line Interface 4-122 4 Example This example enables DNS and then displays the configuration. Related Commands ip domain-name (4-118)ip name-server (4-120) show hosts This command displays the static host name-to-address mapping table. Command Mode Privileged Exec Example Note that a host nam...

DNS Commands 4-123 4 show dns This command displays the configuration of the DNS server. Command Mode Privileged Exec Example show dns cache This command displays entries in the DNS cache. Command Mode Privileged Exec Example Console#show dnsDomain Lookup Status: DNS enabledDefault Domain Name: samp...

Command Line Interface 4-124 4 clear dns cache This command clears all entries in the DNS cache. Command Mode Privileged Exec Example Console#clear dns cacheConsole#show dns cacheNO FLAG TYPE IP TTL DOMAINConsole#

Interface Commands 4-125 4 Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. interface This command configures an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax inter...

Command Line Interface 4-126 4 Command Mode Global Configuration Example To specify port 24, enter the following command: description This command adds a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description...

Interface Commands 4-127 4 Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex setting is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports. Command Mode Interface Configuration (Ethernet, Port Channel) Command Us...

Command Line Interface 4-128 4 • If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports. Example The following example configures port 11 to use autonegotiation. Related Commands capabilities (4-128)speed-duplex (4-126) capabilities This com...

Interface Commands 4-129 4 Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control. Related Commands negotiation (4-127)speed-duplex (4-126)flowcontrol (4-129) flowcontrol This command enables flow control. Use the no form to disable flow control. S...

Command Line Interface 4-130 4 Example The following example enables flow control on port 5. Related Commands negotiation (4-127)capabilities (flowcontrol, symmetric) (4-128) combo-forced-mode This command forces the port type selected for combination ports 21-24. Use the no form to restore the defa...

Interface Commands 4-131 4 Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved...

Command Line Interface 4-132 4 Example The following shows how to configure broadcast storm control at 600 packets per second: clear counters This command clears statistics on an interface. Syntax clear counters interface interface • ethernet unit / port - unit - This is device 1. - port - Port numb...

Interface Commands 4-133 4 show interfaces status This command displays the status for an interface. Syntax show interfaces status [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • vlan vlan-id (Range: 1-4094) Def...

Command Line Interface 4-134 4 show interfaces counters This command displays interface statistics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows the counter...

Interface Commands 4-135 4 show interfaces switchport This command displays the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel channel-...

Command Line Interface 4-136 4 Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. port monitor This command configures a mirror session. Use the no form to clear a mirror session. Syntax port monitor interface [ rx | tx | both ] no port monitor int...

Mirror Port Commands 4-137 4 Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner. • The d...

Command Line Interface 4-138 4 Example The following shows mirroring configured from port 6 to port 11: Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge ...

Link Aggregation Commands 4-139 4 Example Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotia...

Command Line Interface 4-140 4 • All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specified port-channel. • STP, VLAN, and IGMP settings can only be made for the entire trunk via the specified port-channel. Dynamically Creating a Port Ch...

Link Aggregation Commands 4-141 4 lacp This command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to disable it. Syntax [ no ] lacp Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of...

Command Line Interface 4-142 4 lacp system-priority This command configures a port's LACP system priority. Use the no form to restore the default setting. Syntax lacp { actor | partner } system-priority priority no lacp { actor | partner } system-priority • actor - The local side an aggregate link. ...

Link Aggregation Commands 4-143 4 lacp admin-key (Ethernet Interface) This command configures a port's LACP administration key. Use the no form to restore the default setting. Syntax lacp { actor | partner } admin-key key [ no ] lacp { actor | partner } admin-key • actor - The local side an aggregat...

Command Line Interface 4-144 4 lacp admin-key (Port Channel) This command configures a port channel's LACP administration key string. Use the no form to restore the default setting. Syntax lacp admin-key key [ no ] lacp admin-key key - The port channel admin key is used to identify a specific link a...

Link Aggregation Commands 4-145 4 Command Mode Interface Configuration (Ethernet) Command Usage • Setting a lower value indicates a higher effective priority.• If an active port link goes down, the backup port with the highest priority is selected to replace the downed link. However, if two or more ...

Link Aggregation Commands 4-147 4 Console#show lacp 1 internalPort Channel : 1-------------------------------------------------------------------------Oper Key : 4Admin Key : 0Eth 1/1------------------------------------------------------------------------- LACPDUs Internal : 30 sec LACP System Prior...

Command Line Interface 4-148 4 Console#show lacp 1 neighborsPort Channel 1 neighbors-------------------------------------------------------------------------Eth 1/1------------------------------------------------------------------------- Partner Admin System ID : 32768, 00-00-00-00-00-00 Partner Ope...

Address Table Commands 4-149 4 Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Console#show lacp sysidPort Channel System Priority System MAC Address-----------...

Spanning Tree Commands 4-153 4 Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 4-52 Spanning Tree Commands Command Function Mode Page spanning-tree Enable...

Command Line Interface 4-154 4 spanning-tree This command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it. Syntax [ no ] spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tree Algorithm (STA...

Spanning Tree Commands 4-155 4 Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This creates one spanning tree instance for the entire network. If multiple VLANs are implemented on a network, the path between specific VLAN members may be...

Spanning Tree Commands 4-157 4 spanning-tree max-age This command configures the spanning tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax spanning-tree max-age seconds no spanning-tree max-age seconds - Time in seconds. (Range: 6-40 seconds) The minim...

Command Line Interface 4-158 4 Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the l...

Spanning Tree Commands 4-159 4 spanning-tree transmission-limit This command configures the minimum interval between the transmission of consecutive RSTP/MSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The ...

Command Line Interface 4-160 4 mst vlan This command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no form without any VLAN parameters to remove all VLANs. Syntax [ no ] mst instance_id vlan vlan-range • instance_id - Instance identifier of the span...

Spanning Tree Commands 4-161 4 mst priority This command configures the priority of a spanning tree instance. Use the no form to restore the default. Syntax mst instance_id priority priority no mst instance_id priority • instance_id - Instance identifier of the spanning tree. (Range: 0-4094) • prior...

Command Line Interface 4-162 4 Command Usage The MST region name and revision number (page 4-162) are used to designate a unique MST region. A bridge (i.e., spanning-tree compliant device such as this switch) can only belong to one MST region. And all bridges in the same region must be configured wi...

Spanning Tree Commands 4-165 4 Default Setting 128 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command defines the priority for the use of a port in the Spanning Tree Algorithm. If the path cost for all ports on a switch are the same, the port with the highest ...

Command Line Interface 4-166 4 Example Related Commands spanning-tree portfast (4-166) spanning-tree portfast This command sets an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax [ no ] spanning-tree portfast Default Setting Disabled Command Mode Interface Configurat...

Spanning Tree Commands 4-167 4 spanning-tree link-type This command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree link-type { auto | point-to-point | shared } no spanning-tree link-type • auto - Automatically...

Command Line Interface 4-168 4 Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex: 200,000; full duplex: 100,000; trunk: 50,000• Gigabit Ethernet – full duplex: 10,000; trunk: 5,000 Command Mode Interface Configuration (Ethernet, ...

Spanning Tree Commands 4-169 4 interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. • Where more than one interface is assigned the highest priority, the interface with lowest numeric identifier will be enabled. Example Related Comman...

Spanning Tree Commands 4-171 4 Example show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree. Syntax show spanning-tree mst configuration Command Mode Privileged Exec Console#show spanning-treeSpanning-tree information--------------------------------...

Command Line Interface 4-172 4 Example VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is u...

VLAN Commands 4-173 4 Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the...

Command Line Interface 4-174 4 • no vlan vlan-id state returns the VLAN to the default state (i.e., active). • You can configure up to 255 VLANs on the switch. Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default. Related Commands show vlan (4-1...

VLAN Commands 4-175 4 Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Related Commands shutdown (4-130) switchport mode This command configures the VLAN membership mode for a port. Use the no form to restore the de...

Command Line Interface 4-176 4 switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types { all | tagged } no switchport acceptable-frame-types • all - The port accepts all frames, ...

VLAN Commands 4-177 4 Command Usage • Ingress filtering only affects tagged frames.• If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port). ...

Command Line Interface 4-178 4 Example The following example shows how to set the PVID for port 1 to VLAN 3: switchport allowed vlan This command configures VLAN groups on the selected interface. Use the no form to restore the default. Syntax switchport allowed vlan { add vlan-list [ tagged | untagg...

VLAN Commands 4-179 4 Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: switchport forbidden vlan This command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan { add vl...

Command Line Interface 4-180 4 Displaying VLAN Information show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name ] • id - Keyword to be followed by the VLAN ID. - vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes) • name - Keyword to be fo...

VLAN Commands 4-181 4 Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This section describes commands used to configure private VlANs. pvlan This command enables or configures a private VLAN. Use the no form to disable the pri...

Command Line Interface 4-182 4 show pvlan This command displays the configured private VLAN. Command Mode Privileged Exec Example Configuring Protocol-based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard dev...

VLAN Commands 4-183 4 protocol-vlan protocol-group (Configuring Groups) This command creates a protocol group, or to add specific protocols to a group. Use the no form to remove a protocol group. Syntax protocol-vlan protocol-group group-id [{ add | remove } frame_type frame protocol-type protocol ]...

VLAN Commands 4-185 4 show interfaces protocol-vlan protocol-group This command shows the mapping from protocol groups to VLANs for the selected interfaces. Syntax show interfaces protocol-vlan protocol-group [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port num...

Command Line Interface 4-186 4 GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfa...

GVRP and Bridge Extension Commands 4-187 4 show bridge-ext This command shows the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 3-114 and “Displaying Bridge Extension Capabilities” on page ...

Command Line Interface 4-188 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp configuration [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows both global and in...

GVRP and Bridge Extension Commands 4-189 4 Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate...

Command Line Interface 4-190 4 Related Commands garp timer (4-188) Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues fo...

Priority Commands 4-191 4 queue mode This command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) priority queues. Use the no form to restore the default value. Syntax queue mode { strict | wrr } no queue mode • strict - Services the egress queues ...

Command Line Interface 4-192 4 switchport priority default This command sets a priority for incoming untagged frames. Use the no form to restore the default value. Syntax switchport priority default default-priority-id no switchport priority default default-priority-id - The priority number for unta...

Priority Commands 4-193 4 queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queues. Use the no form to restore the default weights. Syntax queue bandwidth weight1...weight8 no queue bandwidth weight1...weight8 - The ratio of weights ...

Command Line Interface 4-194 4 Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in th...

Priority Commands 4-195 4 Example show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues. Default Setting None Command Mode Privileged Exec Example show queue cos-map This command shows the class of service priority map. Syntax sh...

Command Line Interface 4-196 4 Example Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP port mapping (i.e., class of service mapping for TCP/UDP sockets). Use the no form to disable IP port mapping. Syntax [ no ] map ip port Default Setting Disabled Comman...

Priority Commands 4-197 4 Example The following example shows how to enable TCP/UDP port mapping globally: map ip port (Interface Configuration) This command enables IP port mapping (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port number cos cos-va...

Command Line Interface 4-198 4 Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type. Example The fo...

Priority Commands 4-199 4 map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [ no ] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage • The p...

Command Line Interface 4-200 4 Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping...

Priority Commands 4-201 4 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0: Related Commands map ip port (Global Configuration) (4-196)map ip port (Interface Configuration) (4-197) show map ip precedence This command shows...

Command Line Interface 4-202 4 Example Related Commands map ip port (Global Configuration) (4-196)map ip precedence (Interface Configuration) (4-198) show map ip dscp This command shows the IP DSCP priority map. Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - This is ...

Multicast Filtering Commands 4-203 4 Example Related Commands map ip dscp (Global Configuration) (4-199)map ip dscp (Interface Configuration) (4-199) Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specifi...

Command Line Interface 4-204 4 IGMP Snooping Commands ip igmp snooping This command enables IGMP snooping on this switch. Use the no form to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. ip ig...

Multicast Filtering Commands 4-205 4 Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port: ip igmp snooping version This command configures the IGMP snooping version. Use the no form to restore the default. Syntax ip igmp snooping vers...

Command Line Interface 4-206 4 Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-141 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: show mac-address-table multicast This command shows known multicast addresses...

Multicast Filtering Commands 4-207 4 IGMP Query Commands (Layer 2) ip igmp snooping querier This command enables the switch as an IGMP querier. Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, th...

Command Line Interface 4-208 4 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action. If a querier has sent a number of queries defined by this command, but a client has n...

Command Line Interface 4-210 4 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect. Example The following shows how to configure the default timeout to 300 seconds: Related Commands ip igmp snooping version (4-205) St...

Multicast Filtering Commands 4-211 4 Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you ...

Command Line Interface 4-212 4 IP Interface Commands An IP addresses may be used for management access to the switch over your network. The IP address for this switch is obtained via DHCP by default. You can manually configure a specific IP address, or direct the device to obtain an address from a B...

IP Interface Commands 4-213 4 • If you select the bootp or dhcp option, IP is enabled but will not function until a BOOTP or DHCP reply has been received. Requests will be broadcast periodically by this device in an effort to learn its IP address. (BOOTP and DHCP values can include the IP address, d...

Command Line Interface 4-214 4 ip default-gateway This command establishes a static route between this switch and management stations that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the...

IP Interface Commands 4-215 4 show ip redirects This command shows the default gateway configured for this device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-gateway (4-214) ping This command sends ICMP echo request packets to another node on the network. S...

A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) DHCP Client DNS Server Port Configuration 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex1000BA...

Software Specifications A-2 A Additional Features BOOTP clientSNTP (Simple Network Time Protocol)SNMP (Simple Network Management Protocol)RMON (Remote Monitoring, groups 1, 2, 3, 9)SMTP Email Alerts Management Features In-Band Management Telnet, Web-based HTTP or HTTPS, SNMP manager, or Secure Shell...

Management Information Bases A-3 A RMON (RFC 1757 groups 1,2,3,9)SNMP (RFC 1157)SNMPv2 (RFC 1907)SNTP (RFC 2030)SSH (Version 2.0)TFTP (RFC 1350) Management Information Bases Bridge MIB (RFC 1493)Entity MIB (RFC 2737)Ether-like MIB (RFC 2665)Extended Bridge MIB (RFC 2674)Extensible SNMP Agents MIB (R...

B-1 Appendix B: Troubleshooting Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connect using Telnet, web browser, or SNMP software • Be sure the switch is powered up.• Check network cabling between the management station and the switch.• Check that ...

Troubleshooting B-2 B Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: 1. Enable logging. 2. Set the error messages reported to ...

Glossary-1 Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide bootup information for network devices, including IP ...

Glossary Glossary-2 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network. Generic Attribute ...

Glossary-5 Glossary Rapid Spanning Tree Protocol (RSTP) RSTP reduces the convergence time for network topology changes to about 10% of that required by the older IEEE 802.1D STP standard. Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate user...

Glossary Glossary-6 User Datagram Protocol (UDP) UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded b...

Index-1 Numerics 802.1x, port authentication 3-43, 4-78 A acceptable frame type 3-120, 4-176Access Control List See ACL ACL Extended IP 3-53, 4-86, 4-87, 4-90MAC 3-53, 4-86, 4-101, 4-101–4-103 Standard IP 3-53, 4-86, 4-87, 4-89 address table 3-88, 4-149 aging time 3-91, 4-152 B BOOTP 3-15, 4-212BPDU...

Index-2 Index HTTPS 3-34, 4-31HTTPS, secure server 3-34, 4-31 I IEEE 802.1D 3-91, 4-154IEEE 802.1s 4-154IEEE 802.1w 3-91, 4-154IEEE 802.1x 3-43, 4-78IGMP groups, displaying 3-144, 4-206Layer 2 3-140, 4-204query 3-140, 4-207query, Layer 2 3-141, 4-207snooping 3-140, 4-204snooping, configuring 3-141, ...

Index-3 Index R RADIUS, logon authentication 3-31, 4-71 rate limits, setting 3-83, 4-138restarting the system 3-25, 4-22RSTP 3-91, 4-154 global configuration 3-92, 4-154 S Secure Shell 3-36, 4-34 configuration 3-36, 4-37 Secure Shell configuration 4-37serial port configuring 4-11 Simple Network Mana...