Accton Technology ES3528M-SFP User Manual

Powered by Accton

ES3528M-SFP

Fast Ethernet Switch

Management Guide

www.edge-core.com

Management Guide

Fast Ethernet Switch

Layer 2 Workgroup Switch
with 24 100BASE-BX (SFP) Ports, 2 1000BASE-T (RJ-45)
and 2 Combination Gigabit (RJ-45/SFP) Ports

ES3528M-SFP
E122007-DG-R01
149100035500A

About This Guide

Purpose

This guide gives specific information on how to operate and use the management
functions of the switch.

Audience

The guide is intended for use by network administrators who are responsible for operating
and maintaining network equipment; consequently, it assumes a basic working
knowledge of general switch functions, the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).

Conventions

The following conventions are used throughout this guide to show information:

Note: Emphasizes important information or calls your attention to related features or

instructions.

Caution: Alerts you to a potential hazard that could cause loss of data, or damage the

Warning: Alerts you to a potential hazard that could cause personal injury.

Related Publications

The following publication details the hardware features of the switch, including the
physical and performance-related characteristics, and how to install the switch:

The Installation Guide

Also, as part of the switch’s software, there is an online web-based help that describes all
management related features.

system or equipment.

Revision History

This section summarizes the changes in each revision of this guide.

November 2007 Revision

This is the second revision of this guide. This guide is valid for software release v1.1.0.7.

v

vi

Contents

Chapter 1: Introduction 1-1

Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4

Manual Configuration 2-4
Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8

Saving Configuration Settings 2-8

Managing System Files 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2

Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-12

Displaying System Information 3-12

Displaying Switch Hardware/Software Versions 3-13

Displaying Bridge Extension Capabilities 3-15

Setting the Switch’s IP Address 3-16

Manual Configuration 3-17

Using DHCP/BOOTP 3-18
Enabling Jumbo Frames 3-19
Managing Firmware 3-19

Downloading System Software from a Server 3-20

i

Contents

Saving or Restoring Configuration Settings 3-21

Downloading Configuration Settings from a Server 3-22
Console Port Settings 3-23
Telnet Settings 3-25
Configuring Event Logging 3-28

Displaying Log Messages 3-28

System Log Configuration 3-28

Remote Log Configuration 3-30

Simple Mail Transfer Protocol 3-31
Resetting the System 3-33
Setting the System Clock 3-34

Setting the Time Manually 3-34

Configuring SNTP 3-34

Configuring NTP 3-35

Setting the Time Zone 3-37

Simple Network Management Protocol 3-38

Setting Community Access Strings 3-39
Specifying Trap Managers and Trap Types 3-40
Enabling SNMP Agent Status 3-41
Configuring SNMPv3 Management Access 3-42

Setting the Local Engine ID 3-42

Specifying a Remote Engine ID 3-43
Configuring SNMPv3 Users 3-43
Configuring Remote SNMPv3 Users 3-45
Configuring SNMPv3 Groups 3-46
Setting SNMPv3 Views 3-49

User Authentication 3-51

Configuring User Accounts 3-51
Configuring Local/Remote Logon Authentication 3-53
Configuring Encryption Keys 3-57
AAA Authorization and Accounting 3-58

Configuring AAA RADIUS Group Settings 3-59

Configuring AAA TACACS+ Group Settings 3-59

Configuring AAA Accounting 3-60

AAA Accounting Update 3-62

AAA Accounting 802.1X Port Settings 3-62

AAA Accounting Exec Command Privileges 3-63

AAA Accounting Exec Settings 3-65

AAA Accounting Summary 3-65

Authorization Settings 3-67

Authorization EXEC Settings 3-68

Authorization Summary 3-68
Configuring HTTPS 3-69
Replacing the Default Secure-site Certificate 3-70
Configuring the Secure Shell 3-71

ii

Contents

Configuring the SSH Server 3-74
Generating the Host Key Pair 3-75

Importing User Public Keys 3-76
Configuring Port Security 3-80
Configuring 802.1X Port Authentication 3-81

Displaying 802.1X Global Settings 3-83

Configuring 802.1X Global Settings 3-83

Configuring Port Settings for 802.1X 3-84

Displaying 802.1X Statistics 3-87
Web Authentication 3-88

Configuring Web Authentication 3-89

Configuring Web Authentication for Ports 3-90

Displaying Web Authentication Port Information 3-91

Re-authenticating Web Authenticated Ports 3-92
Network Access – MAC Address Authentication 3-93

Configuring the MAC Authentication Reauthentication Time 3-94

Configuring MAC Authentication for Ports 3-94

Configuring Port Link Detection 3-96

Displaying Secure MAC Address Information 3-97
MAC Authentication 3-98

Configuring MAC authentication parameters for ports 3-98

Access Control Lists 3-99

Configuring Access Control Lists 3-100

Setting the ACL Name and Type 3-100

Configuring a Standard IP ACL 3-101

Configuring an Extended IP ACL 3-102

Configuring a MAC ACL 3-105
Binding a Port to an Access Control List 3-106
Filtering IP Addresses for Management Access 3-107

Port Configuration 3-110

Displaying Connection Status 3-110
Configuring Interface Connections 3-112
Creating Trunk Groups 3-114

Statically Configuring a Trunk 3-115

Enabling LACP on Selected Ports 3-116

Configuring LACP Parameters 3-118

Displaying LACP Port Counters 3-120

Displaying LACP Settings and Status for the Local Side 3-122

Displaying LACP Settings and Status for the Remote Side 3-124
Setting Broadcast Storm Thresholds 3-125
Configuring Port Mirroring 3-127
Configuring Rate Limits 3-128

Rate Limit Configuration 3-128
Showing Port Statistics 3-129

Address Table Settings 3-133

iii

Contents

Setting Static Addresses 3-133
Displaying the Address Table 3-134
Changing the Aging Time 3-136

Spanning Tree Algorithm Configuration 3-136

Displaying Global Settings 3-138
Configuring Global Settings 3-141
Displaying Interface Settings 3-144
Configuring Interface Settings 3-147
Configuring Multiple Spanning Trees 3-149
Displaying Interface Settings for MSTP 3-151
Configuring Interface Settings for MSTP 3-153

VLAN Configuration 3-155

IEEE 802.1Q VLANs 3-155

Enabling or Disabling GVRP (Global Setting) 3-158
Displaying Basic VLAN Information 3-159
Displaying Current VLANs 3-159
Creating VLANs 3-161
Adding Static Members to VLANs (VLAN Index) 3-162
Adding Static Members to VLANs (Port Index) 3-164
Configuring VLAN Behavior for Interfaces 3-165

Configuring IEEE 802.1Q Tunneling 3-167

Enabling QinQ Tunneling on the Switch 3-170
Adding an Interface to a QinQ Tunnel 3-172

Private VLANs 3-173

Displaying Current Private VLANs 3-174
Configuring Private VLANs 3-175
Associating VLANs 3-176
Displaying Private VLAN Interface Information 3-177
Configuring Private VLAN Interfaces 3-178

Protocol VLANs 3-179

Protocol VLAN Group Configuration 3-179
Protocol VLAN System Configuration 3-180

Link Layer Discovery Protocol 3-181

Setting LLDP Timing Attributes 3-181
Configuring LLDP Interface Attributes 3-183
Displaying LLDP Local Device Information 3-186
Displaying LLDP Remote Port Information 3-187
Displaying LLDP Remote Information Details 3-188
Displaying Device Statistics 3-189
Displaying Detailed Device Statistics 3-190

Class of Service Configuration 3-191

Layer 2 Queue Settings 3-191

Setting the Default Priority for Interfaces 3-191
Mapping CoS Values to Egress Queues 3-192
Enabling CoS 3-194

iv

Contents

Selecting the Queue Mode 3-195

Setting the Service Weight for Traffic Classes 3-195
Layer 3/4 Priority Settings 3-196

Mapping Layer 3/4 Priorities to CoS Values 3-196

Enabling IP DSCP Priority 3-197

Mapping DSCP Priority 3-198

Quality of Service 3-199

Configuring Quality of Service Parameters 3-200

Configuring a Class Map 3-200

Creating QoS Policies 3-203

Attaching a Policy Map to Ingress Queues 3-206

VoIP Traffic Configuration 3-207

Configuring VoIP Traffic 3-207
Configuring VoIP Traffic Port 3-208
Configuring Telephony OUI 3-210

Multicast Filtering 3-212

Layer 2 IGMP (Snooping and Query) 3-212

Configuring IGMP Snooping and Query Parameters 3-213

Enabling IGMP Immediate Leave 3-215

Displaying Interfaces Attached to a Multicast Router 3-216

Specifying Static Interfaces for a Multicast Router 3-217

Displaying Port Members of Multicast Services 3-218

Assigning Ports to Multicast Services 3-219
IGMP Filtering and Throttling 3-220

Enabling IGMP Filtering and Throttling 3-221

Configuring IGMP Filter Profiles 3-222

Configuring IGMP Filtering and Throttling for Interfaces 3-223

Multicast VLAN Registration 3-225

Configuring Global MVR Settings 3-226
Displaying MVR Interface Status 3-227
Displaying Port Members of Multicast Groups 3-228
Configuring MVR Interface Status 3-229
Assigning Static Multicast Groups to Interfaces 3-231

DHCP Snooping 3-232

DHCP Snooping Configuration 3-233
DHCP Snooping VLAN Configuration 3-233
DHCP Snooping Information Option Configuration 3-234
DHCP Snooping Port Configuration 3-235
DHCP Snooping Binding Information 3-236

IP Source Guard 3-237

IP Source Guard Port Configuration 3-237
Static IP Source Guard Binding Configuration 3-238
Dynamic IP Source Guard Binding Information 3-239

IP Clustering 3-240

Cluster Configuration 3-241

v

Contents

Cluster Member Configuration 3-242
Cluster Member Information 3-243
Cluster Candidate Information 3-243

UPnP 3-245

UPnP Configuration 3-245

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-2

Entering Commands 4-3

Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-6
Negating the Effect of Commands 4-6
Using Command History 4-6
Understanding Command Modes 4-6
Exec Commands 4-7
Configuration Commands 4-8

Command Line Processing 4-10
Command Groups 4-11
Line Commands 4-12

line 4-13

login 4-13

password 4-14

timeout login response 4-15

exec-timeout 4-15

password-thresh 4-16

silent-time 4-17

databits 4-17

parity 4-18

speed 4-19

stopbits 4-19

disconnect 4-20

show line 4-20
General Commands 4-21

enable 4-21

disable 4-22

configure 4-23

show history 4-23

vi

Contents

reload 4-24
reload cancel 4-24
show reload 4-25
end 4-25
exit 4-26
quit 4-26

System Management Commands 4-27

Device Designation Commands 4-27

prompt 4-27
hostname 4-28

Banner 4-28

banner configure 4-29
banner configure company 4-30
banner configure dc-power-info 4-31
banner configure department 4-31
banner configure equipment-info 4-32
banner configure equipment-location 4-33
banner configure ip-lan 4-33
banner configure lp-number 4-34
banner configure manager-info 4-35
banner configure mux 4-35
banner configure note 4-36
show banner 4-37

User Access Commands 4-38

username 4-38
enable password 4-39

IP Filter Commands 4-40

management 4-40
show management 4-41

Web Server Commands 4-42

ip http port 4-42
ip http server 4-42
ip http secure-server 4-43
ip http secure-port 4-44

Telnet Server Commands 4-45

ip telnet port 4-45
ip telnet server 4-45

Secure Shell Commands 4-46

ip ssh server 4-48
ip ssh timeout 4-49
ip ssh authentication-retries 4-49
ip ssh server-key size 4-50
delete public-key 4-50
ip ssh crypto host-key generate 4-51
ip ssh crypto zeroize 4-51

vii

Contents

ip ssh save host-key 4-52
show ip ssh 4-52
show ssh 4-53
show public-key 4-54

Event Logging Commands 4-55

logging on 4-55
logging history 4-56
logging host 4-57
logging facility 4-57
logging trap 4-58
clear logging 4-58
show logging 4-59
show log 4-60

SMTP Alert Commands 4-61

logging sendmail host 4-61
logging sendmail level 4-62
logging sendmail source-email 4-63
logging sendmail destination-email 4-63
logging sendmail 4-64
show logging sendmail 4-64

Time Commands 4-65

sntp client 4-65
sntp server 4-66
sntp poll 4-67
show sntp 4-67
ntp client 4-68
ntp server 4-69
ntp poll 4-70
ntp authenticate 4-70
ntp authentication-key 4-71
show ntp 4-72
clock timezone-predefined 4-72
clock timezone 4-73
clock summer-time (date) 4-74
clock summer-time (predefined) 4-75
clock summer-time (recurring) 4-76
calendar set 4-77
show calendar 4-77

System Status Commands 4-78

show startup-config 4-78
show running-config 4-79
show system 4-82
show users 4-82
show version 4-83

Frame Size Commands 4-84

viii

Contents

jumbo frame 4-84

Flash/File Commands 4-85

copy 4-85
delete 4-88
dir 4-89
whichboot 4-90
boot system 4-90

Authentication Commands 4-91

Authentication Sequence 4-91

authentication login 4-92
authentication enable 4-93

RADIUS Client 4-94

radius-server host 4-95
radius-server acct-port 4-95
radius-server auth-port 4-96
radius-server key 4-96
radius-server retransmit 4-97
radius-server timeout 4-97
show radius-server 4-97

TACACS+ Client 4-98

tacacs-server host 4-98
tacacs-server port 4-99
tacacs-server key 4-99
tacacs-server retransmit 4-100
tacacs-server timeout 4-100
show tacacs-server 4-101

AAA Commands 4-102

aaa group server 4-102
server 4-103
aaa accounting dot1x 4-103
aaa accounting exec 4-104
aaa accounting commands 4-105
aaa accounting update 4-106
accounting dot1x 4-107
accounting exec 4-107
accounting commands 4-108
aaa authorization exec 4-108
authorization exec 4-109
show accounting 4-110

Port Security Commands 4-111

port security 4-111

802.1X Port Authentication 4-112
dot1x system-auth-control 4-113
dot1x default 4-113
dot1x max-req 4-114

ix

Contents

dot1x port-control 4-114
dot1x operation-mode 4-115
dot1x re-authenticate 4-115
dot1x re-authentication 4-116
dot1x timeout quiet-period 4-116
dot1x timeout re-authperiod 4-117
dot1x timeout tx-period 4-117
dot1x intrusion-action 4-118
show dot1x 4-118

Network Access – MAC Address Authentication 4-121

network-access mode 4-121
network-access max-mac-count 4-122
mac-authentication intrusion-action 4-123
mac-authentication max-mac-count 4-123
network-access dynamic-qos 4-124
network-access dynamic-vlan 4-124
network-access guest-vlan 4-125
network-access link-detection 4-125
network-access link-detection link-down 4-126
network-access link-detection link-up 4-126
network-access link-detection link-up-down 4-127
mac-authentication reauth-time 4-127
clear network-access 4-128
show network-access 4-128
show network-access mac-address-table 4-129

Web Authentication 4-130

web-auth login-attempts 4-131
web-auth login-fail-page-url 4-131
web-auth login-page-url 4-132
web-auth login-success-page-url 4-132
web-auth quiet-period 4-133
web-auth session-timeout 4-133
web-auth system-auth-control 4-134
web-auth 4-134
show web-auth 4-135
show web-auth interface 4-135
web-auth re-authenticate (Port) 4-136
web-auth re-authenticate (IP) 4-136
show web-auth summary 4-137

Access Control List Commands 4-139

IP ACLs 4-140

access-list ip 4-140
permit, deny (Standard ACL) 4-141
permit, deny (Extended ACL) 4-141
show ip access-list 4-143

x

Contents

ip access-group 4-143
show ip access-group 4-144

MAC ACLs 4-144

access-list mac 4-145
permit, deny (MAC ACL) 4-146
show mac access-list 4-147
mac access-group 4-148
show mac access-group 4-148

ACL Information 4-149

show access-list 4-149
show access-group 4-149

SNMP Commands 4-150

snmp-server 4-151
show snmp 4-151
snmp-server community 4-152
snmp-server contact 4-153
snmp-server location 4-153
snmp-server host 4-154
snmp-server enable traps 4-156
snmp-server engine-id 4-157
show snmp engine-id 4-158
snmp-server view 4-159
show snmp view 4-160
snmp-server group 4-160
show snmp group 4-161
snmp-server user 4-163
show snmp user 4-165

Interface Commands 4-166

interface 4-166
description 4-167
speed-duplex 4-167
negotiation 4-168
capabilities 4-169
flowcontrol 4-170
shutdown 4-171
switchport packet-rate 4-172
clear counters 4-172
show interfaces status 4-173
show interfaces counters 4-174
show interfaces switchport 4-175

Mirror Port Commands 4-177

port monitor 4-177
show port monitor 4-178

Rate Limit Commands 4-179

rate-limit 4-179

xi

Contents

Link Aggregation Commands 4-180

channel-group 4-181
lacp 4-182
lacp system-priority 4-183
lacp admin-key (Ethernet Interface) 4-184
lacp admin-key (Port Channel) 4-185
lacp port-priority 4-186
show lacp 4-186

Address Table Commands 4-190

mac-address-table static 4-190
clear mac-address-table dynamic 4-191
show mac-address-table 4-191
mac-address-table aging-time 4-192
show mac-address-table aging-time 4-193

LLDP Commands 4-193

lldp 4-195
lldp holdtime-multiplier 4-195
lldp medFastStartCount 4-196
lldp notification-interval 4-196
lldp refresh-interval 4-197
lldp reinit-delay 4-198
lldp tx-delay 4-198
lldp admin-status 4-199
lldp notification 4-199
lldp mednotification 4-200
lldp basic-tlv management-ip-address 4-201
lldp basic-tlv port-description 4-201
lldp basic-tlv system-capabilities 4-202
lldp basic-tlv system-description 4-202
lldp basic-tlv system-name 4-203
lldp dot1-tlv proto-ident 4-203
lldp dot1-tlv proto-vid 4-204
lldp dot1-tlv pvid 4-204
lldp dot1-tlv vlan-name 4-205
lldp dot3-tlv link-agg 4-205
lldp dot3-tlv mac-phy 4-206
lldp dot3-tlv max-frame 4-206
lldp dot3-tlv poe 4-207
lldp medtlv extpoe 4-207
lldp medtlv inventory 4-208
lldp medtlv location 4-208
lldp medtlv med-cap 4-209
lldp medtlv network-policy 4-209
show lldp config 4-210
show lldp info local-device 4-212

xii

Contents

show lldp info remote-device 4-213
show lldp info statistics 4-213

UPnP Commands 4-215

upnp device 4-215
upnp device ttl 4-216
upnp device advertise duration 4-216
show upnp 4-217

Spanning Tree Commands 4-217

spanning-tree 4-218
spanning-tree mode 4-219
spanning-tree forward-time 4-220
spanning-tree hello-time 4-221
spanning-tree max-age 4-221
spanning-tree priority 4-222
spanning-tree pathcost method 4-222
spanning-tree transmission-limit 4-223
spanning-tree mst-configuration 4-223
mst vlan 4-224
mst priority 4-225
name 4-225
revision 4-226
max-hops 4-226
spanning-tree spanning-disabled 4-227
spanning-tree cost 4-227
spanning-tree port-priority 4-228
spanning-tree edge-port 4-229
spanning-tree portfast 4-230
spanning-tree link-type 4-231
spanning-tree loopback-detection 4-231
spanning-tree loopback-detection release-mode 4-232
spanning-tree loopback-detection trap 4-233
spanning-tree mst cost 4-233
spanning-tree mst port-priority 4-234
spanning-tree protocol-migration 4-235
show spanning-tree 4-235
show spanning-tree mst configuration 4-237

VLAN Commands 4-238

GVRP and Bridge Extension Commands 4-238

bridge-ext gvrp 4-239
show bridge-ext 4-239
switchport gvrp 4-240
show gvrp configuration 4-240
garp timer 4-241
show garp timer 4-241

Editing VLAN Groups 4-242

xiii

Contents

vlan database 4-242
vlan 4-243

Configuring VLAN Interfaces 4-244

interface vlan 4-244
switchport mode 4-245
switchport acceptable-frame-types 4-246
switchport ingress-filtering 4-246
switchport native vlan 4-247
switchport allowed vlan 4-248
switchport forbidden vlan 4-249

Displaying VLAN Information 4-250

show vlan 4-250

Configuring IEEE 802.1Q Tunneling 4-251

dot1q-tunnel system-tunnel-control 4-251
switchport dot1q-tunnel mode 4-252
switchport dot1q-tunnel tpid 4-253
show dot1q-tunnel 4-253

Configuring Private VLANs 4-254

private-vlan 4-256
private vlan association 4-256
switchport mode private-vlan 4-257
switchport private-vlan host-association 4-258
switchport private-vlan isolated 4-258
switchport private-vlan mapping 4-259
show vlan private-vlan 4-259

Configuring Protocol-based VLANs 4-261

protocol-vlan protocol-group (Configuring Groups) 4-261
protocol-vlan protocol-group (Configuring VLANs) 4-262
show protocol-vlan protocol-group 4-263
show protocol-vlan protocol-group-vid 4-263

Priority Commands 4-264

Priority Commands (Layer 2) 4-264

queue mode 4-265
switchport priority default 4-265
queue bandwidth 4-266
queue cos-map 4-267
show queue mode 4-268
show queue bandwidth 4-268
show queue cos-map 4-269

Priority Commands (Layer 3 and 4) 4-269

map ip dscp (Global Configuration) 4-269
map ip dscp (Interface Configuration) 4-270
show map ip dscp 4-271

Quality of Service Commands 4-272

class-map 4-273

xiv

Contents

match 4-274
policy-map 4-275
class 4-276
set 4-277
police 4-277
service-policy 4-278
show class-map 4-279
show policy-map 4-279
show policy-map interface 4-280

Voice VLAN Commands 4-280

voice vlan 4-281
voice vlan aging 4-282
voice vlan mac-address 4-282
switchport voice vlan 4-283
switchport voice vlan rule 4-284
switchport voice vlan security 4-284
switchport voice vlan priority 4-285
show voice vlan 4-286

Multicast Filtering Commands 4-287

IGMP Snooping Commands 4-287

ip igmp snooping 4-288
ip igmp snooping vlan static 4-288
ip igmp snooping version 4-289
ip igmp snooping leave-proxy 4-289
ip igmp snooping immediate-leave 4-290
show ip igmp snooping 4-291
show mac-address-table multicast 4-291

IGMP Query Commands (Layer 2) 4-292

ip igmp snooping querier 4-292
ip igmp snooping query-count 4-293
ip igmp snooping query-interval 4-293
ip igmp snooping query-max-response-time 4-294
ip igmp snooping router-port-expire-time 4-295

Static Multicast Routing Commands 4-295

ip igmp snooping vlan mrouter 4-296
show ip igmp snooping mrouter 4-296

IGMP Filtering and Throttling Commands 4-297

ip igmp filter (Global Configuration) 4-298
ip igmp profile 4-298
permit, deny 4-299
range 4-299
ip igmp filter (Interface Configuration) 4-300
ip igmp max-groups 4-300
ip igmp max-groups action 4-301
show ip igmp filter 4-302

xv

Contents

show ip igmp profile 4-302
show ip igmp throttle interface 4-303

Multicast VLAN Registration Commands 4-304

mvr (Global Configuration) 4-304
mvr (Interface Configuration) 4-305
show mvr 4-307

IP Interface Commands 4-309

ip address 4-309
ip default-gateway 4-310
ip dhcp restart 4-311
show ip interface 4-311
show ip redirects 4-312
ping 4-312

IP Source Guard Commands 4-313

ip source-guard 4-313
ip source-guard binding 4-315
show ip source-guard 4-316
show ip source-guard binding 4-316

DHCP Snooping Commands 4-317

ip dhcp snooping 4-317
ip dhcp snooping vlan 4-319
ip dhcp snooping trust 4-320
ip dhcp snooping verify mac-address 4-321
ip dhcp snooping information option 4-321
ip dhcp snooping information policy 4-322
ip dhcp snooping database flash 4-323
show ip dhcp snooping 4-323
show ip dhcp snooping binding 4-324

IP Cluster Commands 4-324

cluster 4-324
cluster commander 4-325
cluster ip-pool 4-326
cluster member 4-326
rcommand 4-327
show cluster 4-327
show cluster members 4-328
show cluster candidates 4-328

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3

xvi

Contents

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xvii

Contents

xviii

Tables

Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-6
Table 3-1 Configuration Options 3-3
Table 3-2 Main Menu 3-4
Table 3-3 Logging Levels 3-29
Table 3-5 Supported Notification Messages 3-47
Table 3-6 HTTPS System Support 3-69
Table 3-7 802.1X Statistics 3-87
Table 3-8 LACP Port Counters 3-120
Table 3-9 LACP Internal Configuration Information 3-122
Table 3-10 LACP Neighbor Configuration Information 3-124
Table 3-11 Port Statistics 3-129
Table 3-12 Mapping CoS Values to Egress Queues 3-193
Table 3-13 CoS Priority Levels 3-193
Table 3-14 Mapping DSCP Priority Values 3-198
Table 4-1 Command Modes 4-7
Table 4-2 Configuration Modes 4-8
Table 4-3 Command Line Processing 4-10
Table 4-4 Command Groups 4-11
Table 4-5 Line Commands 4-12
Table 4-6 General Commands 4-21
Table 4-7 System Management Commands 4-27
Table 4-8 Device Designation Commands 4-27
Table 4-9 Banner Commands 4-28
Table 4-10 User Access Commands 4-38
Table 4-11 Default Login Settings 4-38
Table 4-12 IP Filter Commands 4-40
Table 4-13 Web Server Commands 4-42
Table 4-14 HTTPS System Support 4-43
Table 4-15 Telnet Server Commands 4-45
Table 4-16 SSH Commands 4-46
Table 4-17 show ssh - display description 4-53
Table 4-18 Event Logging Commands 4-55
Table 4-19 Logging Levels 4-56
Table 4-20 show logging flash/ram - display description 4-59
Table 4-21 show logging trap - display description 4-60
Table 4-22 SMTP Alert Commands 4-61
Table 4-23 Time Commands 4-65
Table 4-24 Predefined Summer-Time Parameters 4-75
Table 4-25 System Status Commands 4-78
Table 4-26 Frame Size Commands 4-84
Table 4-27 Flash/File Commands 4-85

xix

Tables

Table 4-28 File Directory Information 4-89
Table 4-29 Authentication Commands 4-91
Table 4-30 Authentication Sequence 4-91
Table 4-31 RADIUS Client Commands 4-94
Table 4-32 TACACS Commands 4-98
Table 4-34 Port Security Commands 4-111
Table 4-35 802.1X Port Authentication 4-112
Table 4-36 Network Access 4-121
Table 4-37 Web Authentication 4-130
Table 4-38 Access Control Lists 4-139
Table 4-39 IP ACLs 4-140
Table 4-40 MAC ACL Commands 4-144
Table 4-41 ACL Information 4-149
Table 4-42 SNMP Commands 4-150
Table 4-43 show snmp engine-id - display description 4-158
Table 4-44 show snmp view - display description 4-160
Table 4-45 show snmp group - display description 4-163
Table 4-46 show snmp user - display description 4-165
Table 4-47 Interface Commands 4-166
Table 4-48 Interfaces Switchport Statistics 4-176
Table 4-49 Mirror Port Commands 4-177
Table 4-50 Rate Limit Commands 4-179
Table 4-51 Link Aggregation Commands 4-180
Table 4-52 show lacp counters - display description 4-187
Table 4-53 show lacp internal - display description 4-188
Table 4-54 show lacp neighbors - display description 4-189
Table 4-55 show lacp sysid - display description 4-189
Table 4-56 Address Table Commands 4-190
Table 4-57 LLDP Commands 4-193
Table 4-58 Spanning Tree Commands 4-217
Table 4-59 VLANs 4-238
Table 4-60 GVRP and Bridge Extension Commands 4-238
Table 4-61 Editing VLAN Groups 4-242
Table 4-62 Configuring VLAN Interfaces 4-244
Table 4-63 Show VLAN Commands 4-250
Table 4-64 IEEE 802.1Q Tunneling Commands 4-251
Table 4-65 Private VLAN Commands 4-254
Table 4-66 Protocol-based VLAN Commands 4-261
Table 4-67 Priority Commands 4-264
Table 4-68 Priority Commands (Layer 2) 4-264
Table 4-69 Default CoS Values to Egress Queues 4-267
Table 4-70 Priority Commands (Layer 3 and 4) 4-269
Table 4-71 IP DSCP to CoS Vales 4-270
Table 4-72 Quality of Service Commands 4-272
Table 4-73 Voice VLAN Commands 4-280

xx

Tables

Table 4-74 Multicast Filtering Commands 4-287
Table 4-75 IGMP Snooping Commands 4-287
Table 4-76 IGMP Query Commands (Layer 2) 4-292
Table 4-77 Static Multicast Routing Commands 4-295
Table 4-78 IGMP Filtering and Throttling Commands 4-297
Table 4-79 Multicast VLAN Registration Commands 4-304
Table 4-80 show mvr - display description 4-307
Table 4-81 show mvr interface - display description 4-308
Table 4-82 show mvr members - display description 4-308
Table 4-83 IP Interface Commands 4-309
Table 4-84 IP Source Guard Commands 4-313
Table 4-85 DHCP Snooping Commands 4-317
Table 4-86 Switch Cluster Commands 4-324
Table B-1 Troubleshooting Chart B-1

xxi

Tables

xxii

Figures

Figure 3-1 Home Page 3-2
Figure 3-2 Panel Display 3-3
Figure 3-3 System Information 3-12
Figure 3-4 Switch Information 3-14
Figure 3-5 Bridge Extension Configuration 3-15
Figure 3-6 Manual IP Configuration 3-17
Figure 3-7 DHCP IP Configuration 3-18
Figure 3-8 Jumbo Frames Configuration 3-19
Figure 3-9 Copy Firmware 3-20
Figure 3-10 Setting the Startup Code 3-20
Figure 3-11 Deleting Files 3-21
Figure 3-12 Downloading Configuration Settings for Startup 3-22
Figure 3-13 Setting the Startup Configuration Settings 3-23
Figure 3-14 Console Port Settings 3-24
Figure 3-15 Enabling Telnet 3-26
Figure 3-16 Displaying Logs 3-28
Figure 3-17 System Logs 3-29
Figure 3-18 Remote Logs 3-31
Figure 3-19 Enabling and Configuring SMTP 3-32
Figure 3-20 Resetting the System 3-33
Figure 3-21 SNTP Configuration 3-35
Figure 3-22 NTP Client Configuration 3-36
Figure 3-23 Setting the System Clock 3-38
Figure 3-24 Configuring SNMP Community Strings 3-40
Figure 3-25 Configuring IP Trap Managers 3-41
Figure 3-26 Enabling SNMP Agent Status 3-42
Figure 3-27 Setting an Engine ID 3-43
Figure 3-28 Setting a Remote Engine ID 3-43
Figure 3-29 Configuring SNMPv3 Users 3-45
Figure 3-30 Configuring Remote SNMPv3 Users 3-46
Figure 3-31 Configuring SNMPv3 Groups 3-49
Figure 3-32 Configuring SNMPv3 Views 3-50
Figure 3-33 Access Levels 3-52
Figure 3-34 Authentication Settings 3-55
Figure 3-35 Encryption Key Settings 3-57
Figure 3-36 AAA Radius Group Settings 3-59
Figure 3-37 AAA TACACS+ Group Settings 3-60
Figure 3-38 AAA Accounting Settings 3-61
Figure 3-39 AAA Accounting Update 3-62
Figure 3-40 AAA Accounting 802.1X Port Settings 3-63
Figure 3-41 AAA Accounting Exec Command Privileges 3-64
Figure 3-42 AAA Accounting Exec Settings 3-65

xxiii

Figures

Figure 3-43 AAA Accounting Summary 3-66
Figure 3-44 AAA Authorization Settings 3-67
Figure 3-45 AAA Authorization Exec Settings 3-68
Figure 3-46 AAA Authorization Summary 3-69
Figure 3-47 HTTPS Settings 3-70
Figure 3-48 HTTPS Settings 3-71
Figure 3-49 SSH Server Settings 3-74
Figure 3-50 SSH Host-Key Settings 3-76
Figure 3-51 SSH User Public-Key Settings 3-78
Figure 3-52 Configuring Port Security 3-81
Figure 3-53 802.1X Global Information 3-83
Figure 3-54 802.1X Global Configuration 3-84
Figure 3-55 802.1X Port Configuration 3-85
Figure 3-56 Displaying 802.1X Port Statistics 3-88
Figure 3-57 Web Authentication Configuration 3-89
Figure 3-58 Web Authentication Port Configuration 3-90
Figure 3-59 Web Authentication Port Information 3-92
Figure 3-60 Web Authentication Port Re-authentication 3-92
Figure 3-61 Network Access Configuration 3-94
Figure 3-62 Network Access Port Configuration 3-95
Figure 3-63 Network Access Port Link Detection Configuration 3-97
Figure 3-64 Network Access MAC Address Information 3-98
Figure 3-65 MAC Authentication Port Configuration 3-99
Figure 3-66 Selecting ACL Type 3-101
Figure 3-67 Configuring Standard IP ACLs 3-102
Figure 3-68 Configuring Extended IP ACLs 3-104
Figure 3-69 Configuring MAC ACLs 3-106
Figure 3-70 Configuring ACL Port Binding 3-107
Figure 3-71 Creating an IP Filter List 3-109
Figure 3-72 Displaying Port/Trunk Information 3-110
Figure 3-73 Port/Trunk Configuration 3-113
Figure 3-74 Configuring Static Trunks 3-115
Figure 3-75 LACP Trunk Configuration 3-117
Figure 3-76 LACP Port Configuration 3-119
Figure 3-77 LACP - Port Counters Information 3-121
Figure 3-78 LACP - Port Internal Information 3-123
Figure 3-79 LACP - Port Neighbors Information 3-124
Figure 3-80 Port Broadcast Control 3-126
Figure 3-81 Mirror Port Configuration 3-127
Figure 3-82 Input Rate Limit Port Configuration 3-128
Figure 3-83 Port Statistics 3-132
Figure 3-84 Configuring a Static Address Table 3-134
Figure 3-85 Configuring a Dynamic Address Table 3-135
Figure 3-86 Setting the Address Aging Time 3-136
Figure 3-87 Displaying Spanning Tree Information 3-140

xxiv