Powered by Accton
ES3628C
24 10/100 Ports + 4GE
Intelligent Layer 2/3/4
Fast Ethernet Switch
Management Guide
www.edge-core.com
Management Guide
Fast Ethernet Switch
Layer 3 Standalone Switch with
24 100BASE-TX (RJ-45) Ports,
2 1000BASE-T (RJ-45) Ports, and
2 SFP Slots
ES3628C
F3.1.0.18 E032005-R01
149100005100H
Contents
Chapter 1: Introduction 1-1
Key Features 1-1
Description of Software Features 1-2
System Defaults 1-7
Chapter 2: Initial Configuration 2-1
Connecting to the Switch 2-1
Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3
Basic Configuration 2-3
Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4
Manual Configuration 2-4
Dynamic Configuration 2-5
Enabling SNMP Management Access 2-6
Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8
Saving Configuration Settings 2-8
Managing System Files 2-9
Chapter 3: Configuring the Switch 3-1
Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2
Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-12
Displaying System Information 3-12
Displaying Switch Hardware/Software Versions 3-13
Displaying Bridge Extension Capabilities 3-15
Configuring Support for Jumbo Frames 3-16
Setting the Switch’s IP Address 3-17
Manual Configuration 3-18
Using DHCP/BOOTP 3-19
Managing Firmware 3-20
Downloading System Software from a Server 3-21
v
Contents
Saving or Restoring Configuration Settings 3-23
Downloading Configuration Settings from a Server 3-24
Console Port Settings 3-25
Telnet Settings 3-27
Configuring Event Logging 3-29
System Log Configuration 3-29
Remote Log Configuration 3-30
Displaying Log Messages 3-32
Sending Simple Mail Transfer Protocol Alerts 3-32
Resetting the System 3-34
Setting the System Clock 3-35
Configuring SNTP 3-35
Setting the Time Zone 3-36
Simple Network Management Protocol 3-37
Enabling the SNMP Agent 3-38
Setting Community Access Strings 3-39
Specifying Trap Managers and Trap Types 3-40
Configuring SNMPv3 Management Access 3-42
Setting a Local Engine ID 3-43
Specifying a Remote Engine ID 3-43
Configuring SNMPv3 Users 3-44
Configuring Remote SNMPv3 Users 3-46
Configuring SNMPv3 Groups 3-48
Setting SNMPv3 Views 3-52
User Authentication 3-53
Configuring User Accounts 3-53
Configuring Local/Remote Logon Authentication 3-55
Configuring HTTPS 3-58
Replacing the Default Secure-site Certificate 3-59
Configuring the Secure Shell 3-60
Generating the Host Key Pair 3-61
Configuring the SSH Server 3-63
Configuring Port Security 3-65
Configuring 802.1X Port Authentication 3-67
Displaying 802.1X Global Settings 3-68
Configuring 802.1X Global Settings 3-69
Configuring Port Settings for 802.1X 3-69
Displaying 802.1X Statistics 3-72
Filtering IP Addresses for Management Access 3-74
Access Control Lists 3-76
Configuring Access Control Lists 3-76
Setting the ACL Name and Type 3-77
Configuring a Standard IP ACL 3-77
Configuring an Extended IP ACL 3-78
Configuring a MAC ACL 3-81
vi
Contents
Configuring ACL Masks 3-83
Specifying the Mask Type 3-83
Configuring an IP ACL Mask 3-84
Configuring a MAC ACL Mask 3-86
Binding a Port to an Access Control List 3-87
Port Configuration 3-88
Displaying Connection Status 3-88
Configuring Interface Connections 3-91
Creating Trunk Groups 3-93
Statically Configuring a Trunk 3-94
Enabling LACP on Selected Ports 3-95
Configuring LACP Parameters 3-98
Displaying LACP Port Counters 3-101
Displaying LACP Settings and Status for the Local Side 3-102
Displaying LACP Settings and Status for the Remote Side 3-104
Setting Broadcast Storm Thresholds 3-105
Configuring Port Mirroring 3-107
Configuring Rate Limits 3-108
Showing Port Statistics 3-109
Address Table Settings 3-113
Setting Static Addresses 3-113
Displaying the Address Table 3-114
Changing the Aging Time 3-116
Spanning Tree Algorithm Configuration 3-116
Displaying Global Settings 3-117
Configuring Global Settings 3-120
Displaying Interface Settings 3-124
Configuring Interface Settings 3-127
Configuring Multiple Spanning Trees 3-129
Displaying Interface Settings for MSTP 3-132
Configuring Interface Settings for MSTP 3-133
VLAN Configuration 3-135
IEEE 802.1Q VLANs 3-135
Enabling or Disabling GVRP (Global Setting) 3-138
Displaying Basic VLAN Information 3-138
Displaying Current VLANs 3-139
Creating VLANs 3-140
Adding Static Members to VLANs (VLAN Index) 3-141
Adding Static Members to VLANs (Port Index) 3-143
Configuring VLAN Behavior for Interfaces 3-144
Configuring Private VLANs 3-146
Enabling Private VLANs 3-146
Configuring Uplink and Downlink Ports 3-147
Configuring Protocol-Based VLANs 3-147
Configuring Protocol Groups 3-148
vii
Contents
Mapping Protocols to VLANs 3-149
Class of Service Configuration 3-150
Layer 2 Queue Settings 3-150
Setting the Default Priority for Interfaces 3-150
Mapping CoS Values to Egress Queues 3-152
Selecting the Queue Mode 3-154
Setting the Service Weight for Traffic Classes 3-154
Layer 3/4 Priority Settings 3-156
Mapping Layer 3/4 Priorities to CoS Values 3-156
Selecting IP Precedence/DSCP Priority 3-156
Mapping IP Precedence 3-157
Mapping DSCP Priority 3-158
Mapping IP Port Priority 3-160
Quality of Service 3-161
Configuring Quality of Service Parameters 3-162
Configuring a Class Map 3-162
Creating QoS Policies 3-165
Attaching a Policy Map to Ingress Queues 3-168
Multicast Filtering 3-169
IGMP Protocol 3-169
Layer 2 IGMP (Snooping and Query) 3-170
Configuring IGMP Snooping and Query Parameters 3-171
Displaying Interfaces Attached to a Multicast Router 3-173
Specifying Static Interfaces for a Multicast Router 3-174
Displaying Port Members of Multicast Services 3-175
Assigning Ports to Multicast Services 3-176
Layer 3 IGMP (Query used with Multicast Routing) 3-177
Configuring IGMP Interface Parameters 3-177
Displaying Multicast Group Information 3-181
Configuring Domain Name Service 3-182
Configuring General DNS Server Parameters 3-182
Configuring Static DNS Host to Address Entries 3-184
Displaying the DNS Cache 3-186
Dynamic Host Configuration Protocol 3-187
Configuring DHCP Relay Service 3-187
Configuring the DHCP Server 3-189
Enabling the Server, Setting Excluded Addresses 3-189
Configuring Address Pools 3-191
Displaying Address Bindings 3-195
Configuring Router Redundancy 3-196
Virtual Router Redundancy Protocol 3-197
Configuring VRRP Groups 3-197
Displaying VRRP Global Statistics 3-202
Displaying VRRP Group Statistics 3-203
viii
Contents
IP Routing 3-205
Overview 3-205
Initial Configuration 3-205
IP Switching 3-206
Routing Path Management 3-207
Routing Protocols 3-207
Basic IP Interface Configuration 3-208
Configuring IP Routing Interfaces 3-209
Address Resolution Protocol 3-211
Proxy ARP 3-211
Basic ARP Configuration 3-212
Configuring Static ARP Addresses 3-213
Displaying Dynamically Learned ARP Entries 3-214
Displaying Local ARP Entries 3-215
Displaying ARP Statistics 3-216
Displaying Statistics for IP Protocols 3-217
IP Statistics 3-217
ICMP Statistics 3-219
UDP Statistics 3-221
TCP Statistics 3-222
Configuring Static Routes 3-223
Displaying the Routing Table 3-224
Configuring the Routing Information Protocol 3-225
Configuring General Protocol Settings 3-226
Specifying Network Interfaces for RIP 3-228
Configuring Network Interfaces for RIP 3-229
Displaying RIP Information and Statistics 3-232
Configuring the Open Shortest Path First Protocol 3-235
Configuring General Protocol Settings 3-236
Configuring OSPF Areas 3-239
Configuring Area Ranges (Route Summarization for ABRs) 3-242
Configuring OSPF Interfaces 3-244
Configuring Virtual Links 3-248
Configuring Network Area Addresses 3-250
Configuring Summary Addresses (for External AS Routes) 3-253
Redistributing External Routes 3-254
Configuring NSSA Settings 3-255
Displaying Link State Database Information 3-257
Displaying Information on Border Routers 3-259
Displaying Information on Neighbor Routers 3-260
Multicast Routing 3-261
Configuring Global Settings for Multicast Routing 3-261
Displaying the Multicast Routing Table 3-262
Configuring DVMRP 3-265
Configuring Global DVMRP Settings 3-265
ix
Contents
Configuring DVMRP Interface Settings 3-268
Displaying Neighbor Information 3-270
Displaying the Routing Table 3-271
Configuring PIM-DM 3-272
Configuring Global PIM-DM Settings 3-272
Configuring PIM-DM Interface Settings 3-273
Displaying Interface Information 3-276
Displaying Neighbor Information 3-276
Chapter 4: Command Line Interface 4-1
Using the Command Line Interface 4-1
Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-1
Entering Commands 4-3
Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-6
Exec Commands 4-6
Configuration Commands 4-7
Command Line Processing 4-9
Command Groups 4-10
Line Commands 4-11
line 4-12
login 4-12
password 4-13
timeout login response 4-14
exec-timeout 4-15
password-thresh 4-15
silent-time 4-16
databits 4-17
parity 4-17
speed 4-18
stopbits 4-18
disconnect 4-19
show line 4-19
General Commands 4-20
enable 4-20
x
Contents
disable 4-21
configure 4-22
show history 4-22
reload 4-23
end 4-23
exit 4-24
quit 4-24
System Management Commands 4-25
Device Designation Commands 4-25
prompt 4-25
hostname 4-26
User Access Commands 4-27
username 4-27
enable password 4-28
IP Filter Commands 4-29
management 4-29
show management 4-30
Web Server Commands 4-31
ip http port 4-31
ip http server 4-31
ip http secure-server 4-32
ip http secure-port 4-33
Telnet Server Commands 4-34
ip telnet server 4-34
Secure Shell Commands 4-34
ip ssh server 4-37
ip ssh timeout 4-37
ip ssh authentication-retries 4-38
ip ssh server-key size 4-38
delete public-key 4-39
ip ssh crypto host-key generate 4-39
ip ssh crypto zeroize 4-40
ip ssh save host-key 4-41
show ip ssh 4-41
show ssh 4-41
show public-key 4-42
Event Logging Commands 4-43
logging on 4-43
logging history 4-44
logging host 4-45
logging facility 4-45
logging trap 4-46
clear log 4-47
show logging 4-47
show log 4-49
xi
Contents
SMTP Alert Commands 4-49
logging sendmail host 4-50
logging sendmail level 4-50
logging sendmail source-email 4-51
logging sendmail destination-email 4-51
logging sendmail 4-52
show logging sendmail 4-52
Time Commands 4-53
sntp client 4-53
sntp server 4-54
sntp poll 4-55
show sntp 4-55
clock timezone 4-56
calendar set 4-56
show calendar 4-57
System Status Commands 4-57
show startup-config 4-57
show running-config 4-59
show system 4-60
show users 4-61
show version 4-62
Frame Size Commands 4-63
jumbo frame 4-63
Flash/File Commands 4-64
copy 4-64
delete 4-66
dir 4-67
whichboot 4-68
boot system 4-68
Authentication Commands 4-69
Authentication Sequence 4-70
authentication login 4-70
authentication enable 4-71
RADIUS Client 4-72
radius-server host 4-72
radius-server port 4-73
radius-server key 4-73
radius-server retransmit 4-74
radius-server timeout 4-74
show radius-server 4-74
TACACS+ Client 4-75
tacacs-server host 4-75
tacacs-server port 4-76
tacacs-server key 4-76
show tacacs-server 4-77
xii
Contents
Port Security Commands 4-77
port security 4-78
802.1X Port Authentication 4-79
dot1x system-auth-control 4-80
dot1x default 4-80
dot1x max-req 4-80
dot1x port-control 4-81
dot1x operation-mode 4-81
dot1x re-authenticate 4-82
dot1x re-authentication 4-82
dot1x timeout quiet-period 4-83
dot1x timeout re-authperiod 4-83
dot1x timeout tx-period 4-84
show dot1x 4-84
Access Control List Commands 4-87
IP ACLs 4-88
access-list ip 4-89
permit, deny (Standard ACL) 4-89
permit, deny (Extended ACL) 4-90
show ip access-list 4-92
access-list ip mask-precedence 4-93
mask (IP ACL) 4-93
show access-list ip mask-precedence 4-97
ip access-group 4-98
show ip access-group 4-98
MAC ACLs 4-99
access-list mac 4-99
permit, deny (MAC ACL) 4-100
show mac access-list 4-101
access-list mac mask-precedence 4-102
mask (MAC ACL) 4-102
show access-list mac mask-precedence 4-104
mac access-group 4-105
show mac access-group 4-105
ACL Information 4-106
show access-list 4-106
show access-group 4-106
SNMP Commands 4-107
snmp-server 4-107
show snmp 4-108
snmp-server community 4-109
snmp-server contact 4-109
snmp-server location 4-110
snmp-server host 4-110
snmp-server enable traps 4-112
xiii
Contents
snmp-server engine-id 4-113
show snmp engine-id 4-114
snmp-server view 4-115
show snmp view 4-116
snmp-server group 4-116
show snmp group 4-117
snmp-server user 4-118
show snmp user 4-120
DHCP Commands 4-121
DHCP Client 4-121
ip dhcp client-identifier 4-121
ip dhcp restart client 4-122
DHCP Relay 4-123
ip dhcp restart relay 4-123
ip dhcp relay server 4-124
DHCP Server 4-124
service dhcp 4-125
ip dhcp excluded-address 4-125
ip dhcp pool 4-126
network 4-127
default-router 4-127
domain-name 4-128
dns-server 4-128
next-server 4-129
bootfile 4-129
netbios-name-server 4-130
netbios-node-type 4-131
lease 4-131
host 4-132
client-identifier 4-133
hardware-address 4-134
clear ip dhcp binding 4-134
show ip dhcp binding 4-135
DNS Commands 4-136
ip host 4-136
clear host 4-137
ip domain-name 4-137
ip domain-list 4-138
ip name-server 4-139
ip domain-lookup 4-140
show hosts 4-141
show dns 4-141
show dns cache 4-142
clear dns cache 4-142
xiv
Contents
Interface Commands 4-143
interface 4-143
description 4-144
speed-duplex 4-144
negotiation 4-145
capabilities 4-146
shutdown 4-148
switchport broadcast packet-rate 4-148
clear counters 4-149
show interfaces status 4-150
show interfaces counters 4-151
show interfaces switchport 4-152
Mirror Port Commands 4-154
port monitor 4-154
show port monitor 4-155
Rate Limit Commands 4-156
rate-limit 4-156
Link Aggregation Commands 4-157
channel-group 4-158
lacp 4-159
lacp system-priority 4-160
lacp admin-key (Ethernet Interface) 4-161
lacp admin-key (Port Channel) 4-161
lacp port-priority 4-162
show lacp 4-163
Address Table Commands 4-166
mac-address-table static 4-167
clear mac-address-table dynamic 4-168
show mac-address-table 4-168
mac-address-table aging-time 4-169
show mac-address-table aging-time 4-169
Spanning Tree Commands 4-170
spanning-tree 4-171
spanning-tree mode 4-171
spanning-tree forward-time 4-172
spanning-tree hello-time 4-173
spanning-tree max-age 4-173
spanning-tree priority 4-174
spanning-tree pathcost method 4-175
spanning-tree transmission-limit 4-175
spanning-tree mst-configuration 4-176
mst vlan 4-176
mst priority 4-177
name 4-177
revision 4-178
xv
Contents
max-hops 4-179
spanning-tree spanning-disabled 4-179
spanning-tree cost 4-180
spanning-tree port-priority 4-180
spanning-tree edge-port 4-181
spanning-tree portfast 4-182
spanning-tree link-type 4-183
spanning-tree mst cost 4-183
spanning-tree mst port-priority 4-184
spanning-tree protocol-migration 4-185
show spanning-tree 4-186
show spanning-tree mst configuration 4-188
VLAN Commands 4-188
Editing VLAN Groups 4-188
vlan database 4-189
vlan 4-189
Configuring VLAN Interfaces 4-190
interface vlan 4-190
switchport mode 4-191
switchport acceptable-frame-types 4-192
switchport ingress-filtering 4-192
switchport native vlan 4-193
switchport allowed vlan 4-194
switchport forbidden vlan 4-195
Displaying VLAN Information 4-195
show vlan 4-196
Configuring Private VLANs 4-197
pvlan 4-197
show pvlan 4-198
Configuring Protocol-based VLANs 4-198
protocol-vlan protocol-group (Configuring Groups) 4-199
protocol-vlan protocol-group (Configuring Interfaces) 4-199
show protocol-vlan protocol-group 4-200
show interfaces protocol-vlan protocol-group 4-201
GVRP and Bridge Extension Commands 4-202
bridge-ext gvrp 4-202
show bridge-ext 4-203
switchport gvrp 4-203
show gvrp configuration 4-204
garp timer 4-204
show garp timer 4-205
Priority Commands 4-206
Priority Commands (Layer 2) 4-206
queue mode 4-207
switchport priority default 4-207
xvi
Contents
queue bandwidth 4-208
queue cos-map 4-209
show queue mode 4-210
show queue bandwidth 4-210
show queue cos-map 4-211
Priority Commands (Layer 3 and 4) 4-212
map ip port (Global Configuration) 4-212
map ip port (Interface Configuration) 4-212
map ip precedence (Global Configuration) 4-213
map ip precedence (Interface Configuration) 4-214
map ip dscp (Global Configuration) 4-214
map ip dscp (Interface Configuration) 4-215
show map ip port 4-216
show map ip precedence 4-217
show map ip dscp 4-218
Quality of Service Commands 4-219
class-map 4-220
match 4-221
policy-map 4-222
class 4-223
set 4-224
police 4-224
service-policy 4-225
show class-map 4-226
show policy-map 4-226
show policy-map interface 4-227
Multicast Filtering Commands 4-228
IGMP Snooping Commands 4-228
ip igmp snooping 4-228
ip igmp snooping vlan static 4-229
ip igmp snooping version 4-229
show ip igmp snooping 4-230
show mac-address-table multicast 4-230
IGMP Query Commands (Layer 2) 4-231
ip igmp snooping querier 4-231
ip igmp snooping query-count 4-232
ip igmp snooping query-interval 4-232
ip igmp snooping query-max-response-time 4-233
ip igmp snooping router-port-expire-time 4-234
Static Multicast Routing Commands 4-234
ip igmp snooping vlan mrouter 4-235
show ip igmp snooping mrouter 4-235
IGMP Commands (Layer 3) 4-236
ip igmp 4-236
ip igmp robustval 4-237
xvii
Contents
ip igmp query-interval 4-238
ip igmp max-resp-interval 4-238
ip igmp last-memb-query-interval 4-239
ip igmp version 4-240
show ip igmp interface 4-240
clear ip igmp group 4-241
show ip igmp groups 4-241
IP Interface Commands 4-243
Basic IP Configuration 4-243
ip address 4-243
ip default-gateway 4-245
show ip interface 4-245
show ip redirects 4-246
ping 4-246
Address Resolution Protocol (ARP) 4-247
arp 4-247
arp-timeout 4-248
clear arp-cache 4-249
show arp 4-249
ip proxy-arp 4-250
IP Routing Commands 4-250
Global Routing Configuration 4-251
ip routing 4-251
ip route 4-251
clear ip route 4-252
show ip route 4-253
show ip host-route 4-254
show ip traffic 4-255
Routing Information Protocol (RIP) 4-256
router rip 4-256
timers basic 4-257
network 4-258
neighbor 4-258
version 4-259
ip rip receive version 4-260
ip rip send version 4-261
ip split-horizon 4-262
ip rip authentication key 4-262
ip rip authentication mode 4-263
show rip globals 4-264
show ip rip 4-264
Open Shortest Path First (OSPF) 4-266
router ospf 4-267
router-id 4-267
compatible rfc1583 4-268
xviii
Contents
default-information originate 4-269
timers spf 4-270
area range 4-270
area default-cost 4-271
summary-address 4-272
redistribute 4-272
network area 4-273
area stub 4-274
area nssa 4-275
area virtual-link 4-276
ip ospf authentication 4-278
ip ospf authentication-key 4-279
ip ospf message-digest-key 4-280
ip ospf cost 4-281
ip ospf dead-interval 4-281
ip ospf hello-interval 4-282
ip ospf priority 4-282
ip ospf retransmit-interval 4-283
ip ospf transmit-delay 4-284
show ip ospf 4-284
show ip ospf border-routers 4-285
show ip ospf database 4-286
show ip ospf interface 4-294
show ip ospf neighbor 4-295
show ip ospf summary-address 4-296
show ip ospf virtual-links 4-296
Multicast Routing Commands 4-297
Static Multicast Routing Commands 4-297
ip igmp snooping vlan mrouter 4-297
show ip igmp snooping mrouter 4-298
General Multicast Routing Commands 4-299
ip multicast-routing 4-299
show ip mroute 4-299
DVMRP Multicast Routing Commands 4-301
router dvmrp 4-301
probe-interval 4-302
nbr-timeout 4-303
report-interval 4-303
flash-update-interval 4-304
prune-lifetime 4-304
default-gateway 4-305
ip dvmrp 4-305
ip dvmrp metric 4-306
clear ip dvmrp route 4-307
show router dvmrp 4-307
xix
Contents
show ip dvmrp route 4-308
show ip dvmrp neighbor 4-309
show ip dvmrp interface 4-309
PIM-DM Multicast Routing Commands 4-310
router pim 4-310
ip pim dense-mode 4-311
ip pim hello-interval 4-312
ip pim hello-holdtime 4-312
ip pim trigger-hello-interval 4-313
ip pim join-prune-holdtime 4-313
ip pim graft-retry-interval 4-314
ip pim max-graft-retries 4-314
show router pim 4-315
show ip pim interface 4-315
show ip pim neighbor 4-316
Router Redundancy Commands 4-316
Virtual Router Redundancy Protocol Commands 4-317
vrrp ip 4-317
vrrp authentication 4-318
vrrp priority 4-319
vrrp timers advertise 4-320
vrrp preempt 4-320
show vrrp 4-321
show vrrp interface 4-323
show vrrp router counters 4-324
show vrrp interface counters 4-324
clear vrrp router counters 4-325
clear vrrp interface counters 4-325
Appendix A: Software Specifications A-1
Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3
Appendix B: Troubleshooting B-1
Problems Accessing the Management Interface B-1
Using System Logs B-2
Glossary
Index
xx
Tables
Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-7
Table 3-1 Web Page Configuration Buttons 3-3
Table 3-2 Switch Main Menu 3-4
Table 3-3 Logging Levels 3-29
Table 3-4 SNMPv3 Security Models and Levels 3-38
Table 3-5 Supported Notification Messages 3-49
Table 3-6 HTTPS System Support 3-58
Table 3-7 802.1X Statistics 3-72
Table 3-8 LACP Port Counters 3-101
Table 3-9 LACP Internal Configuration Information 3-102
Table 3-10 LACP Neighbor Configuration Information 3-104
Table 3-11 Port Statistics 3-109
Table 3-12 Mapping CoS Values to Egress Queues 3-152
Table 3-13 CoS Priority Levels 3-152
Table 3-14 Mapping IP Precedence 3-157
Table 3-15 Mapping DSCP Priority 3-158
Table 3-16 Address Resolution Protocol 3-211
Table 3-17 ARP Statistics 3-216
Table 3-18 IP Statistics 3-217
Table 3-19 ICMP Statistics 3-219
Table 3-20 USP Statistics 3-221
Table 3-21 TCP Statistics 3-222
Table 3-22 RIP Information and Statistics 3-232
Table 4-1 General Command Modes 4-6
Table 4-2 Configuration Command Modes 4-8
Table 4-3 Keystroke Commands 4-9
Table 4-4 Command Group Index 4-10
Table 4-5 Line Commands 4-11
Table 4-6 General Commands 4-20
Table 4-7 System Management Commands 4-25
Table 4-8 Device Designation Commands 4-25
Table 4-9 User Access Commands 4-27
Table 4-10 Default Login Settings 4-27
Table 4-11 IP Filter Commands 4-29
Table 4-12 Web Server Commands 4-31
Table 4-13 HTTPS System Support 4-32
Table 4-14 Telnet Server Commands 4-34
Table 4-15 Secure Shell Commands 4-35
Table 4-16 show ssh - display description 4-42
Table 4-17 Event Logging Commands 4-43
xxi
Tables
Table 4-18 Logging Levels 4-44
Table 4-19 show logging flash/ram - display description 4-48
Table 4-20 show logging trap - display description 4-48
Table 4-21 SMTP Alert Commands 4-49
Table 4-22 Time Commands 4-53
Table 4-23 System Status Commands 4-57
Table 4-24 Frame Size Commands 4-63
Table 4-25 Flash/File Commands 4-64
Table 4-26 File Directory Information 4-67
Table 4-27 Authentication Commands 4-69
Table 4-28 Authentication Sequence Commands 4-70
Table 4-29 RADIUS Client Commands 4-72
Table 4-30 TACACS+ Client Commands 4-75
Table 4-31 Port Security Commands 4-77
Table 4-32 802.1X Port Authentication Commands 4-79
Table 4-33 Access Control List Commands 4-88
Table 4-34 IP ACL Commands 4-88
Table 4-35 MAC ACL Commands 4-99
Table 4-36 ACL Information Commands 4-106
Table 4-37 SNMP Commands 4-107
Table 4-38 show snmp engine-id - display description 4-114
Table 4-39 show snmp view - display description 4-116
Table 4-40 show snmp group - display description 4-118
Table 4-41 show snmp user - display description 4-120
Table 4-42 DHCP Commands 4-121
Table 4-43 DHCP Client Commands 4-121
Table 4-44 DHCP Relay Commands 4-123
Table 4-45 DHCP Server Commands 4-124
Table 4-46 DNS Commands 4-136
Table 4-47 show dns cache - display description 4-142
Table 4-48 Interface Commands 4-143
Table 4-49 show interfaces switchport - display description 4-153
Table 4-50 Mirror Port Commands 4-154
Table 4-51 Rate Limit Commands 4-156
Table 4-52 Link Aggregation Commands 4-157
Table 4-53 show lacp counters - display description 4-163
Table 4-54 show lacp internal - display description 4-164
Table 4-55 show lacp neighbors - display description 4-165
Table 4-57 Address Table Commands 4-166
Table 4-56 show lacp sysid - display description 4-166
Table 4-58 Spanning Tree Commands 4-170
Table 4-59 VLAN Commands 4-188
Table 4-60 Commands for Editing VLAN Groups 4-188
Table 4-61 Commands for Configuring VLAN Interfaces 4-190
Table 4-62 Commands for Displaying VLAN Information 4-195
xxii
Tables
Table 4-63 Private VLAN Commands 4-197
Table 4-64 Protocol-based VLAN Commands 4-198
Table 4-65 GVRP and Bridge Extension Commands 4-202
Table 4-66 Priority Commands 4-206
Table 4-67 Priority Commands (Layer 2) 4-206
Table 4-68 Default CoS Priority Levels 4-209
Table 4-69 Priority Commands (Layer 3 and 4) 4-212
Table 4-70 Mapping IP Precedence to CoS Values 4-214
Table 4-71 Mapping IP DSCP to CoS Values 4-215
Table 4-72 Quality of Service Commands 4-219
Table 4-73 Multicast Filtering Commands 4-228
Table 4-74 IGMP Snooping Commands 4-228
Table 4-75 IGMP Query Commands (Layer 2) 4-231
Table 4-76 Static Multicast Routing Commands 4-234
Table 4-77 IGMP Commands (Layer 3) 4-236
Table 4-78 show ip igmp groups - display description 4-242
Table 4-79 IP Interface Commands 4-243
Table 4-80 Basic IP Configuration Commands 4-243
Table 4-81 Address Resolution Protocol Commands 4-247
Table 4-82 IP Routing Commands 4-250
Table 4-83 Global Routing Configuration Commands 4-251
Table 4-84 show ip route - display description 4-253
Table 4-85 show ip host-route - display description 4-254
Table 4-86 Routing Information Protocol Commands 4-256
Table 4-87 show rip globals - display description 4-264
Table 4-88 show ip rip - display description 4-265
Table 4-89 Open Shortest Path First Commands 4-266
Table 4-91 show ip ospf border-routers - display description 4-285
Table 4-90 show ip ospf - display description 4-285
Table 4-92 show ip ospf database - display description 4-287
Table 4-93 show ip ospf asbr-summary - display description 4-288
Table 4-94 show ip ospf database-summary - display description 4-289
Table 4-95 show ip ospf external - display description 4-290
Table 4-96 show ip ospf network - display description 4-291
Table 4-97 show ip ospf router - display description 4-292
Table 4-98 show ip ospf summary - display description 4-293
Table 4-99 show ip ospf interface - display description 4-294
Table 4-100 show ip ospf neighbor - display description 4-295
Table 4-101 show ip ospf virtual-links - display description 4-296
Table 4-102 Multicast Routing Commands 4-297
Table 4-103 Static Multicast Routing Commands 4-297
Table 4-104 General Multicast Routing Commands 4-299
Table 4-105 show ip mroute - display description 4-300
Table 4-106 DVMRP Multicast Routing Commands 4-301
Table 4-107 show ip dvmrp route - display description 4-308
xxiii
Tables
Table 4-108 show ip dvmrp neighbor - display description 4-309
Table 4-109 PIM-DM Multicast Routing Commands 4-310
Table 4-110 show ip pim neighbor - display description 4-316
Table 4-111 Router Redundancy Commands 4-316
Table 4-112 VRRP Commands 4-317
Table 4-113 show vrrp - display description 4-322
Table 4-114 show vrrp brief - display description 4-323
Table B-1 Troubleshooting Chart B-1
xxiv
Figures
Figure 3-1 Home Page 3-2
Figure 3-2 Front Panel Indicators 3-3
Figure 3-3 System Information 3-12
Figure 3-4 Switch Information 3-14
Figure 3-5 Displaying Bridge Extension Configuration 3-15
Figure 3-6 Configuring Support for Jumbo Frames 3-16
Figure 3-7 IP Interface Configuration - Manual 3-18
Figure 3-8 Default Gateway 3-18
Figure 3-9 IP Interface Configuration - DHCP 3-19
Figure 3-10 Copy Firmware 3-21
Figure 3-11 Setting the Startup Code 3-21
Figure 3-12 Deleting Files 3-22
Figure 3-13 Downloading Configuration Settings for Start-Up 3-24
Figure 3-14 Setting the Startup Configuration Settings 3-24
Figure 3-15 Configuring the Console Port 3-26
Figure 3-16 Configuring the Telnet Interface 3-28
Figure 3-17 System Logs 3-30
Figure 3-18 Remote Logs 3-31
Figure 3-19 Displaying Logs 3-32
Figure 3-20 Enabling and Configuring SMTP Alerts 3-33
Figure 3-21 Resetting the System 3-34
Figure 3-22 SNTP Configuration 3-35
Figure 3-23 Clock Time Zone 3-36
Figure 3-24 Enabling the SNMP Agent 3-38
Figure 3-25 Configuring SNMP Community Strings 3-39
Figure 3-26 Configuring SNMP Trap Managers 3-42
Figure 3-27 Setting the SNMPv3 Engine ID 3-43
Figure 3-28 Setting an Engine ID 3-44
Figure 3-29 Configuring SNMPv3 Users 3-45
Figure 3-30 Configuring Remote SNMPv3 Users 3-47
Figure 3-31 Configuring SNMPv3 Groups 3-51
Figure 3-32 Configuring SNMPv3 Views 3-52
Figure 3-33 User Accounts 3-54
Figure 3-34 Authentication Server Settings 3-57
Figure 3-35 HTTPS Settings 3-59
Figure 3-36 SSH Host-Key Settings 3-62
Figure 3-37 SSH Server Settings 3-64
Figure 3-38 Port Security 3-66
Figure 3-39 802.1X Global Information 3-68
Figure 3-40 802.1X Global Configuration 3-69
Figure 3-41 802.1X Port Configuration 3-70
xxv
Figures
Figure 3-42 802.1X Port Statistics 3-73
Figure 3-43 IP Filter 3-75
Figure 3-44 Selecting ACL Type 3-77
Figure 3-45 ACL Configuration - Standard IP 3-78
Figure 3-46 ACL Configuration - Extended IP 3-80
Figure 3-47 ACL Configuration - MAC 3-82
Figure 3-48 Selecting ACL Mask Types 3-83
Figure 3-49 ACL Mask Configuration - IP 3-85
Figure 3-50 ACL Mask Configuration - MAC 3-86
Figure 3-51 ACL Port Binding 3-88
Figure 3-52 Port - Port Information 3-89
Figure 3-53 Port - Port Configuration 3-92
Figure 3-54 Static Trunk Configuration 3-94
Figure 3-55 LACP Trunk Configuration 3-96
Figure 3-56 LACP - Aggregation Port 3-99
Figure 3-57 LACP - Port Counters Information 3-101
Figure 3-58 LACP - Port Internal Information 3-103
Figure 3-59 LACP - Port Neighbors Information 3-104
Figure 3-60 Port Broadcast Control 3-106
Figure 3-61 Mirror Port Configuration 3-107
Figure 3-62 Rate Limit Configuration 3-108
Figure 3-63 Port Statistics 3-112
Figure 3-64 Static Addresses 3-114
Figure 3-65 Dynamic Addresses 3-115
Figure 3-66 Address Aging 3-116
Figure 3-67 STA Information 3-119
Figure 3-68 STA Global Configuration 3-123
Figure 3-69 STA Port Information 3-126
Figure 3-70 STA Port Configuration 3-129
Figure 3-71 MSTP VLAN Configuration 3-130
Figure 3-72 MSTP Port Information 3-132
Figure 3-73 MSTP Port Configuration 3-134
Figure 3-74 Globally Enabling GVRP 3-138
Figure 3-75 VLAN Basic Information 3-138
Figure 3-76 VLAN Current Table 3-139
Figure 3-77 VLAN Static List - Creating VLANs 3-141
Figure 3-78 VLAN Static Table - Adding Static Members 3-142
Figure 3-79 VLAN Static Membership by Port 3-143
Figure 3-80 VLAN Port Configuration 3-145
Figure 3-81 Private VLAN Status 3-146
Figure 3-82 Private VLAN Link Status 3-147
Figure 3-83 Protocol VLAN Configuration 3-148
Figure 3-84 Protocol VLAN Port Configuration 3-149
Figure 3-85 Default Port Priority 3-151
Figure 3-86 Traffic Classes 3-153
xxvi
Figures
Figure 3-87 Queue Mode 3-154
Figure 3-88 Queue Scheduling 3-155
Figure 3-89 IP Precedence/DSCP Priority Status 3-156
Figure 3-90 IP Precedence Priority 3-157
Figure 3-91 IP DSCP Priority 3-159
Figure 3-92 IP Port Priority Status 3-160
Figure 3-93 IP Port Priority 3-160
Figure 3-94 Configuring Class Maps 3-164
Figure 3-95 Configuring Policy Maps 3-167
Figure 3-96 Service Policy Settings 3-168
Figure 3-97 IGMP Configuration 3-172
Figure 3-98 Multicast Router Port Information 3-173
Figure 3-99 Static Multicast Router Port Configuration 3-174
Figure 3-100 IP Multicast Registration Table 3-175
Figure 3-101 IGMP Member Port Table 3-176
Figure 3-102 IGMP Interface Settings 3-180
Figure 3-103 IGMP Group Membership 3-181
Figure 3-104 DNS General Configuration 3-183
Figure 3-105 DNS Static Host Table 3-185
Figure 3-106 DNS Cache 3-186
Figure 3-107 DHCP Relay Configuration 3-188
Figure 3-108 DHCP Server General Configuration 3-190
Figure 3-109 DHCP Server Pool Configuration 3-192
Figure 3-110 DHCP Server Pool - Network Configuration 3-193
Figure 3-111 DHCP Server Pool - Host Configuration 3-194
Figure 3-112 DHCP Server - IP Binding 3-195
Figure 3-113 VRRP Group Configuration 3-200
Figure 3-114 VRRP Group Configuration Detail 3-201
Figure 3-115 VRRP Global Statistics 3-202
Figure 3-116 VRRP Group Statistics 3-204
Figure 3-117 IP Global Settings 3-208
Figure 3-118 IP Routing Interface 3-210
Figure 3-119 ARP General 3-212
Figure 3-120 ARP Static Addresses 3-213
Figure 3-121 ARP Dynamic Addresses 3-214
Figure 3-122 ARP Other Addresses 3-215
Figure 3-123 ARP Statistics 3-216
Figure 3-124 IP Statistics 3-219
Figure 3-125 ICMP Statistics 3-220
Figure 3-126 UDP Statistics 3-221
Figure 3-127 TCP Statistics 3-222
Figure 3-128 IP Static Routes 3-223
Figure 3-129 IP Routing Table 3-224
Figure 3-130 RIP General Settings 3-227
Figure 3-131 RIP Network Addresses 3-228
xxvii
Figures
Figure 3-132 RIP Interface Settings 3-231
Figure 3-133 RIP Statistics 3-233
Figure 3-134 OSPF General Configuration 3-238
Figure 3-135 OSPF Area Configuration 3-241
Figure 3-136 OSPF Range Configuration 3-243
Figure 3-137 OSPF Interface Configuration 3-246
Figure 3-138 OSPF Interface Configuration - Detailed 3-247
Figure 3-139 OSPF Virtual Link Configuration 3-249
Figure 3-140 OSPF Network Area Address Configuration 3-251
Figure 3-141 OSPF Summary Address Configuration 3-253
Figure 3-142 OSPF Redistribute Configuration 3-255
Figure 3-143 OSPF NSSA Settings 3-256
Figure 3-144 OSPF Link State Database Information 3-258
Figure 3-145 OSPF Border Router Information 3-259
Figure 3-146 OSPF Neighbor Information 3-260
Figure 3-147 Multicast Routing General Settings 3-261
Figure 3-148 Multicast Routing Table 3-263
Figure 3-149 DVMRP General Settings 3-268
Figure 3-150 DVMRP Interface Settings 3-269
Figure 3-151 DVMRP Neighbor Information 3-270
Figure 3-152 DVMRP Routing Table 3-271
Figure 3-153 PIM-DM General Settings 3-273
Figure 3-154 PIM-DM Interface Settings 3-275
Figure 3-155 PIM-DM Interface Information 3-276
Figure 3-156 PIM-DM Neighbor Information 3-277
xxviii
Chapter 1: Introduction
This switch provides a broad range of features for Layer 2 switching and Layer 3
routing. It includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the features
provided by this switch. However, there are many options that you should configure
to maximize the switch’s performance for your particular network environment.
Key Features
Table 1-1 Key Features
Feature Description
Configuration Backup
and Restore
Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+
Access Control Lists Supports IP or MAC ACLs
DHCP Client, Relay
and Server
DNS Server Supported
Port Configuration Speed and duplex mode and flow control
Rate Limiting Input and output rate limiting per port
Port Mirroring Single session, one source port to one analysis port
Port Trunking Supports up to 12 trunks using either static or dynamic trunking (LACP)
Broadcast Storm
Control
Address Table Up to 16K MAC addresses in forwarding table, 1024 static MAC addresses;
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Spanning Tree
Algorithm
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private VLANs
Backup to TFTP server
Web – SSL/HTTPS; Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
Fast Ethernet ports - 157 lists, 4 masks shared by 8-port groups
Gigabit Ethernet ports - 29 lists, 4 masks
Supported
Supported
Up to 4K IP entries in ARP cache, 16K IP entries in routing table, 256 static IP routes
Supported to ensure wire-speed switching while eliminating bad frames
Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple
Spanning Trees (MSTP)
1-1
Introduction
1
Table 1-1 Key Features (Continued)
Feature Description
Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or
Qualify of Service Supports Differentiated Services (DiffServ)
Router Redundancy Router backup is provided with the Virtual Router Redundancy Protocol (VRRP)
IP Routing Routing Information Protocol (RIP), Open Shortest Path First (OSPF), static routes
ARP Static and dynamic address configuration, proxy ARP
Multicast Filtering Supports IGMP snooping and query for Layer 2, and IGMP for Layer 3
Multicast Routing Supports DVMRP and PIM-DM
Differentiated Services Code Point (DSCP), and TCP/UDP Port
Description of Software Features
The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Broadcast storm suppression prevents broadcast traffic storms from
engulfing the network. Untagged (port-based), tagged, and protocol-based VLANs,
plus support for automatic GVRP VLAN registration provide traffic security and
efficient use of network bandwidth. CoS priority queueing ensures the minimum
delay for moving real-time multimedia data across the network. While multicast
filtering and routing provides support for real-time network applications. Some of the
management features are briefly described below.
Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.
Authentication – This switch authenticates management access via the console
port, Telnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1X protocol. This
protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request
user credentials from the 802.1X client, and then uses the EAP between the switch
and the authentication server to verify the client’s right to access the network via an
authentication server (i.e., RADIUS server).
Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/web/Telnet management access,
and MAC address filtering for port access.
1-2
Loading...