Accton Technology ES4548D, ES4524D, Direk Tronik 24-48-Port User Manual

ES4524D
ES4548D

Powered by Accton

24/48-Port
Gigabit Ethernet Switch

Management Guide

e-mail: info@direktronik.se
tel: 08-52 400 700 fax: 08-520 18121

Management Guide

ES4524D Gigabit Ethernet Switch

Layer 2 Switch
with 20 10/100/1000BASE-T (RJ-45) Ports,
and 4 Gigabit Combination Ports (RJ-45/SFP)

ES4548D Gigabit Ethernet Switch

Layer 2 Switch
with 44 10/100/1000BASE-T (RJ-45) Ports,
and 4 Gigabit Combination Ports (RJ-45/SFP)

ES4524D
ES4548D
F0.0.0.4 E112006-CS-R01
149100030400A

Contents

Section I: Getting Started

Chapter 1: Introduction 1-1

Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-2

Basic Configuration 2-3

Console Connection 2-3
Setting Passwords 2-3
Setting an IP Address 2-4

Manual Configuration 2-4
Dynamic Configuration 2-8

Enabling SNMP Management Access 2-10

Community Strings (for SNMP version 1 and 2c clients) 2-10
Trap Receivers 2-11
Configuring Access for SNMP Version 3 Clients 2-12

Managing System Files 2-12

Saving Configuration Settings 2-13

Section II: Switch Management

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4

Chapter 4: Basic System Settings 4-1

Displaying System Information 4-1
Displaying Switch Hardware/Software Versions 4-3
Displaying Bridge Extension Capabilities 4-5
Configuring Support for Jumbo Frames 4-6
Renumbering the Stack 4-7
Resetting the System 4-7

v

Contents

Chapter 5: Setting an IP Address 5-1

Setting the Switch’s IP Address (IP Version 4) 5-1

Manual Configuration 5-2
Using DHCP/BOOTP 5-3

Setting the Switch’s IP Address (IP Version 6) 5-4

Configuring an IPv6 Address 5-4
Configuring an IPv6 General Network Prefix 5-10
Configuring the Neighbor Detection Protocol and Static Entries 5-11

Chapter 6: Managing System Files 6-1

Managing Firmware 6-1

Downloading System Software from a Server 6-2

Saving or Restoring Configuration Settings 6-4

Downloading Configuration Settings from a Server 6-5

Chapter 7: Console Port Settings 7-1

Chapter 8: Telnet Settings 8-1

Chapter 9: Configuring Event Logging 9-1

System Log Configuration 9-1
Remote Log Configuration 9-2
Displaying Log Messages 9-4
Sending Simple Mail Transfer Protocol Alerts 9-4

Chapter 10: Setting the System Clock 10-1

Configuring SNTP 10-1
Setting the Time Zone 10-2

Chapter 11: Simple Network Management Protocol 11-1

SNMP Overview 11-1
Enabling the SNMP Agent 11-2
Setting Community Access Strings 11-3
Specifying Trap Managers and Trap Types 11-4
Configuring SNMPv3 Management Access 11-6

Setting a Local Engine ID 11-7
Specifying a Remote Engine ID 11-7
Configuring SNMPv3 Users 11-8
Configuring Remote SNMPv3 Users 11-10
Configuring SNMPv3 Groups 11-12
Setting SNMPv3 Views 11-16

Chapter 12: User Authentication 12-1

Configuring User Accounts 12-1
Configuring Local/Remote Logon Authentication 12-2
Configuring HTTPS 12-5

Replacing the Default Secure-site Certificate 12-6

Configuring the Secure Shell 12-8

Generating the Host Key Pair 12-10

vi

Contents

Configuring the SSH Server 12-12

Filtering IP Addresses for Management Access 12-13

Chapter 13: Configuring Port Security 13-1

Chapter 14: Configuring 802.1X Port Authentication 14-1

Displaying 802.1X Global Settings 14-2
Configuring 802.1X Global Settings 14-3
Configuring Port Settings for 802.1X 14-3
Displaying 802.1X Statistics 14-6

Chapter 15: Access Control Lists 15-1

Overview 15-1
Setting an ACL Name and Type 15-1
Configuring a Standard IPv4 ACL 15-2
Configuring an Extended IPv4 ACL 15-3
Configuring a MAC ACL 15-6
Configuring a Standard IPv6 ACL 15-7
Configuring an Extended IPv6 ACL 15-8
Binding a Port to an Access Control List 15-11

Chapter 16: Port Configuration 16-1

Displaying Connection Status 16-1
Configuring Interface Connections 16-4
Showing Port Statistics 16-6

Chapter 17: Creating Trunk Groups 17-1

Statically Configuring a Trunk 17-2
Setting a Load-Balance Mode for Trunks 17-3
Enabling LACP on Selected Ports 17-5
Configuring LACP Parameters 17-7
Displaying LACP Port Counters 17-9
Displaying LACP Settings and Status for the Local Side 17-11
Displaying LACP Settings and Status for the Remote Side 17-13

Chapter 18: Broadcast Storm Control 18-1

Setting Broadcast Storm Thresholds 18-1

Chapter 19: Configuring Port Mirroring 19-1

Chapter 20: Configuring Rate Limits 20-1

Chapter 21: Address Table Settings 21-1

Setting Static Addresses 21-1
Displaying the Address Table 21-2
Changing the Aging Time 21-4

Chapter 22: Spanning Tree Algorithm Configuration 22-1

Overview 22-1
Displaying Global Settings 22-3

vii

Contents

Configuring Global Settings 22-6
Displaying Interface Settings 22-10
Configuring Interface Settings 22-13
Configuring Multiple Spanning Trees 22-15
Displaying Interface Settings for MSTP 22-18
Configuring Interface Settings for MSTP 22-19

Chapter 23: VLAN Configuration 23-1

Assigning Ports to VLANs 23-1
Enabling or Disabling GVRP (Global Setting) 23-4
Displaying Basic VLAN Information 23-4
Displaying Current VLANs 23-5
Creating VLANs 23-6
Adding Static Members to VLANs (VLAN Index) 23-7
Adding Static Members to VLANs (Port Index) 23-9
Configuring VLAN Behavior for Interfaces 23-10
Configuring IEEE 802.1Q Tunneling 23-12

Enabling QinQ Tunneling on the Switch 23-16
Adding an Interface to a QinQ Tunnel 23-17

Chapter 24: Configuring Private VLANs 24-1

Enabling Private VLANs 24-1
Configuring Uplink and Downlink Ports 24-2

Chapter 25: Configuring Protocol-Based VLANs 25-1

Configuring Protocol Groups 25-1
Mapping Protocols to VLANs 25-2

Chapter 26: Class of Service Configuration 26-1

Layer 2 Queue Settings 26-1

Setting the Default Priority for Interfaces 26-1
Mapping CoS Values to Egress Queues 26-3
Selecting the Queue Mode 26-4
Setting the Service Weight for Traffic Classes 26-5

Layer 3/4 Priority Settings 26-7

Mapping Layer 3/4 Priorities to CoS Values 26-7
Selecting IP Precedence/DSCP Priority 26-7
Mapping IP Precedence 26-8
Mapping DSCP Priority 26-9
Mapping IP Port Priority 26-11

Chapter 27: Quality of Service 27-1

Configuring Quality of Service Parameters 27-1
Configuring a Class Map 27-2
Creating QoS Policies 27-4
Attaching a Policy Map to Ingress Queues 27-7

viii

Contents

Chapter 28: Multicast Filtering 28-1

Layer 2 IGMP (Snooping and Query) 28-1

Configuring IGMP Snooping and Query Parameters 28-2
Displaying Interfaces Attached to a Multicast Router 28-4
Specifying Static Interfaces for a Multicast Router 28-5
Displaying Port Members of Multicast Services 28-6
Assigning Ports to Multicast Services 28-7

Chapter 29: Configuring Domain Name Service 29-1

Configuring General DNS Service Parameters 29-1
Configuring Static DNS Host to Address Entries 29-3
Displaying the DNS Cache 29-5

Chapter 30: Switch Clustering 30-1

Cluster Configuration 30-1
Cluster Member Configuration 30-2
Cluster Member Information 30-3
Cluster Candidate Information 30-4

Section III: Command Line Interface

Chapter 31: Using the Command Line Interface 31-1

Accessing the CLI 31-1

Console Connection 31-1
Telnet Connection 31-1

Entering Commands 31-3

Keywords and Arguments 31-3
Minimum Abbreviation 31-3
Command Completion 31-3
Getting Help on Commands 31-3

Showing Commands 31-4
Partial Keyword Lookup 31-5
Negating the Effect of Commands 31-5
Using Command History 31-5
Understanding Command Modes 31-6
Exec Commands 31-6
Configuration Commands 31-7
Command Line Processing 31-9

Chapter 32: CLI Command Groups 32-1

Chapter 33: General Commands 33-1

enable 33-1
disable 33-2
configure 33-2
show history 33-3
prompt 33-4

ix

Contents

end 33-4
exit 33-4
quit 33-5

Chapter 34: System Management Commands 34-1

hostname 34-1
reload 34-2
switch renumber 34-2
jumbo frame 34-3
show startup-config 34-3
show running-config 34-5
show system 34-7
show users 34-7
show version 34-8

Chapter 35: File Management Commands 35-1

copy 35-2
delete 35-4
dir 35-5
whichboot 35-6
boot system 35-7

Chapter 36: Line Commands 36-1

line 36-1
login 36-2
password 36-3
timeout login response 36-4
exec-timeout 36-4
password-thresh 36-5
silent-time 36-6
databits 36-6
parity 36-7
speed 36-8
stopbits 36-8
disconnect 36-9
show line 36-9

Chapter 37: Event Logging Commands 37-1

logging on 37-1
logging history 37-2
logging host 37-3
logging facility 37-3
logging trap 37-4
clear log 37-5
show logging 37-5
show log 37-7

x

Contents

Chapter 38: SMTP Alert Commands 38-1

logging sendmail host 38-1
logging sendmail level 38-2
logging sendmail source-email 38-2
logging sendmail destination-email 38-3
logging sendmail 38-3
show logging sendmail 38-4

Chapter 39: Time Commands 39-1

sntp client 39-1
sntp server 39-2
sntp poll 39-3
show sntp 39-3
clock timezone 39-4
calendar set 39-5
show calendar 39-5

Chapter 40: SNMP Commands 40-1

snmp-server 40-2
show snmp 40-2
snmp-server community 40-3
snmp-server contact 40-4
snmp-server location 40-4
snmp-server host 40-5
snmp-server enable traps 40-7
snmp-server engine-id 40-8
show snmp engine-id 40-9
snmp-server view 40-10
show snmp view 40-11
snmp-server group 40-11
show snmp group 40-13
snmp-server user 40-14
show snmp user 40-15

Chapter 41: User Authentication Commands 41-1

User Account Commands 41-1

username 41-1
enable password 41-2

Authentication Sequence 41-3

authentication login 41-3
authentication enable 41-4

RADIUS Client 41-5

radius-server host 41-6
radius-server port 41-6
radius-server key 41-7
radius-server retransmit 41-7

xi

Contents

radius-server timeout 41-8
show radius-server 41-8

TACACS+ Client 41-9

tacacs-server host 41-9
tacacs-server port 41-9
tacacs-server key 41-10
show tacacs-server 41-10

Web Server Commands 41-11

ip http port 41-11
ip http server 41-11
ip http secure-server 41-12
ip http secure-port 41-13

Telnet Server Commands 41-14

ip telnet server 41-14

Secure Shell Commands 41-15

ip ssh server 41-17
ip ssh timeout 41-18
ip ssh authentication-retries 41-19
ip ssh server-key size 41-19
delete public-key 41-20
ip ssh crypto host-key generate 41-20
ip ssh crypto zeroize 41-21
ip ssh save host-key 41-21
show ip ssh 41-22
show ssh 41-22
show public-key 41-23

IP Filter Commands 41-24

management 41-24
show management 41-25

Chapter 42: Port Security Commands 42-1

port security 42-1

Chapter 43: 802.1X Port Authentication 43-1

dot1x system-auth-control 43-1
dot1x default 43-2
dot1x max-req 43-2
dot1x port-control 43-2
dot1x operation-mode 43-3
dot1x re-authenticate 43-4
dot1x re-authentication 43-4
dot1x timeout quiet-period 43-5
dot1x timeout re-authperiod 43-5
dot1x timeout tx-period 43-6
show dot1x 43-6

xii

Contents

Chapter 44: Access Control List Commands 44-1

IPv4 ACLs 44-1

access-list ip 44-2
permit, deny (Standard IPv4 ACL) 44-2
permit, deny (Extended IPv4 ACL) 44-3
show ip access-list 44-5
ip access-group 44-6
show ip access-group 44-6

IPv6 ACLs 44-7

access-list ipv6 44-7
permit, deny (Standard IPv6 ACL) 44-8
permit, deny (Extended IPv6 ACL) 44-9
show ipv6 access-list 44-10
ipv6 access-group 44-11
show ipv6 access-group 44-11

MAC ACLs 44-12

access-list mac 44-12
permit, deny (MAC ACL) 44-13
show mac access-list 44-14
mac access-group 44-15
show mac access-group 44-15

ACL Information 44-16

show access-list 44-16
show access-group 44-16

Chapter 45: Interface Commands 45-1

interface 45-1
description 45-2
speed-duplex 45-2
negotiation 45-3
capabilities 45-4
flowcontrol 45-5
media-type 45-6
shutdown 45-6
clear counters 45-7
show interfaces status 45-8
show interfaces counters 45-9
show interfaces switchport 45-10

Chapter 46: Link Aggregation Commands 46-1

channel-group 46-2
port channel load-balance 46-3
lacp 46-4
lacp system-priority 46-5
lacp admin-key (Ethernet Interface) 46-6
lacp admin-key (Port Channel) 46-7

xiii

Contents

lacp port-priority 46-8
show lacp 46-8
show port-channel load-balance 46-11

Chapter 47: Broadcast Storm Control Commands 47-1

switchport broadcast packet-rate 47-1

Chapter 48: Mirror Port Commands 48-1

port monitor 48-1
show port monitor 48-2

Chapter 49: Rate Limit Commands 49-1

rate-limit 49-1

Chapter 50: Address Table Commands 50-1

mac-address-table static 50-1
clear mac-address-table dynamic 50-2
show mac-address-table 50-3
mac-address-table aging-time 50-4
show mac-address-table aging-time 50-4

Chapter 51: Spanning Tree Commands 51-1

spanning-tree 51-2
spanning-tree mode 51-2
spanning-tree forward-time 51-3
spanning-tree hello-time 51-4
spanning-tree max-age 51-5
spanning-tree priority 51-5
spanning-tree pathcost method 51-6
spanning-tree transmission-limit 51-7
spanning-tree mst-configuration 51-7
mst vlan 51-8
mst priority 51-9
name 51-9
revision 51-10
max-hops 51-11
spanning-tree spanning-disabled 51-11
spanning-tree cost 51-12
spanning-tree port-priority 51-13
spanning-tree edge-port 51-13
spanning-tree portfast 51-14
spanning-tree link-type 51-15
spanning-tree mst cost 51-16
spanning-tree mst port-priority 51-17
spanning-tree protocol-migration 51-17
show spanning-tree 51-18
show spanning-tree mst configuration 51-20

xiv

Contents

Chapter 52: VLAN Commands 52-1

GVRP and Bridge Extension Commands 52-1

bridge-ext gvrp 52-2
show bridge-ext 52-2
switchport gvrp 52-3
show gvrp configuration 52-3
garp timer 52-4
show garp timer 52-5

Editing VLAN Groups 52-5

vlan database 52-5
vlan 52-6

Configuring VLAN Interfaces 52-7

interface vlan 52-7
switchport mode 52-8
switchport acceptable-frame-types 52-9
switchport ingress-filtering 52-9
switchport native vlan 52-10
switchport allowed vlan 52-11
switchport forbidden vlan 52-12

Configuring IEEE 802.1Q Tunneling 52-13

dot1q-tunnel system-tunnel-control 52-14
switchport dot1q-tunnel mode 52-14
switchport dot1q-tunnel tpid 52-15
show dot1q-tunnel 52-16

Displaying VLAN Information 52-16

show vlan 52-17

Chapter 53: Private VLAN Commands 53-1

pvlan 53-1
show pvlan 53-2

Chapter 54: Protocol-based VLAN Commands 54-1

protocol-vlan protocol-group (Configuring Groups) 54-1
protocol-vlan protocol-group (Configuring Interfaces) 54-2
show protocol-vlan protocol-group 54-3
show interfaces protocol-vlan protocol-group 54-4

Chapter 55: Class of Service Commands 55-1

Priority Commands (Layer 2) 55-1

queue mode 55-2
switchport priority default 55-3
queue bandwidth 55-4
queue cos-map 55-4
show queue mode 55-5
show queue bandwidth 55-6
show queue cos-map 55-6

xv

Contents

Priority Commands (Layer 3 and 4) 55-7

map ip port (Global Configuration) 55-7
map ip port (Interface Configuration) 55-8
map ip precedence (Global Configuration) 55-8
map ip precedence (Interface Configuration) 55-9
map ip dscp (Global Configuration) 55-10
map ip dscp (Interface Configuration) 55-10
show map ip port 55-11
show map ip precedence 55-12
show map ip dscp 55-13

Chapter 56: Quality of Service Commands 56-1

class-map 56-2
match 56-3
policy-map 56-4
class 56-4
set 56-5
police 56-6
service-policy 56-7
show class-map 56-8
show policy-map 56-8
show policy-map interface 56-9

Chapter 57: Multicast Filtering Commands 57-1

IGMP Snooping Commands 57-1

ip igmp snooping 57-1
ip igmp snooping vlan static 57-2
ip igmp snooping version 57-2
show ip igmp snooping 57-3
show mac-address-table multicast 57-3

IGMP Query Commands 57-4

ip igmp snooping querier 57-4
ip igmp snooping query-count 57-5
ip igmp snooping query-interval 57-5
ip igmp snooping query-max-response-time 57-6
ip igmp snooping router-port-expire-time 57-7

Static Multicast Routing Commands 57-8

ip igmp snooping vlan mrouter 57-8
show ip igmp snooping mrouter 57-9

Chapter 58: Domain Name Service Commands 58-1

ip host 58-1
clear host 58-2
ip domain-name 58-3
ip domain-list 58-3
ip name-server 58-4

xvi

Contents

ip domain-lookup 58-5
show hosts 58-6
show dns 58-7
show dns cache 58-7
clear dns cache 58-8

Chapter 59: IPv4 Interface Commands 59-1

ip address 59-1
ip default-gateway 59-2
ip dhcp restart 59-3
show ip interface 59-4
show ip redirects 59-4
ping 59-5

Chapter 60: IPv6 Interface Commands 60-1

ipv6 enable 60-2
ipv6 general-prefix 60-3
show ipv6 general-prefix 60-4
ipv6 address 60-4
ipv6 address autoconfig 60-6
ipv6 address eui-64 60-7
ipv6 address link-local 60-9
show ipv6 interface 60-10
ipv6 default-gateway 60-12
show ipv6 default-gateway 60-12
ipv6 mtu 60-13
show ipv6 mtu 60-14
show ipv6 traffic 60-14
clear ipv6 traffic 60-20
ping ipv6 60-21
ipv6 neighbor 60-22
ipv6 nd dad attempts 60-23
ipv6 nd ns interval 60-25
show ipv6 neighbors 60-26
clear ipv6 neighbors 60-27

Chapter 61: Switch Cluster Commands 61-1

cluster 61-1
cluster commander 61-2
cluster ip-pool 61-2
cluster member 61-3
rcommand 61-4
show cluster 61-4
show cluster members 61-5
show cluster candidates 61-5

xvii

Contents

Section IV: Appendices

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xviii

Tables

Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-6
Table 3-1 Web Page Configuration Buttons 3-3
Table 3-2 Switch Main Menu 3-4
Table 9-1 Logging Levels 9-1
Table 11-1 SNMPv3 Security Models and Levels 11-2
Table 11-2 Supported Notification Messages 11-13
Table 12-1 HTTPS System Support 12-6
Table 14-1 802.1X Statistics 14-6
Table 16-1 Port Statistics 16-6
Table 17-1 LACP Port Counters 17-9
Table 17-2 LACP Internal Configuration Information 17-11
Table 17-3 LACP Neighbor Configuration Information 17-13
Table 26-1 Mapping CoS Values to Egress Queues 26-3
Table 26-2 CoS Priority Levels 26-3
Table 26-3 Mapping IP Precedence 26-8
Table 26-4 Mapping DSCP Priority 26-9
Table 31-1 General Command Modes 31-6
Table 31-2 Configuration Command Modes 31-8
Table 31-3 Keystroke Commands 31-9
Table 32-1 Command Group Index 32-1
Table 33-1 General Commands 33-1
Table 34-1 System Management Commands 34-1
Table 35-1 Flash/File Commands 35-1
Table 35-2 File Directory Information 35-6
Table 36-1 Line Commands 36-1
Table 37-1 Event Logging Commands 37-1
Table 37-2 Logging Levels 37-2
Table 37-3 show logging flash/ram - display description 37-6
Table 37-4 show logging trap - display description 37-6
Table 38-1 SMTP Alert Commands 38-1
Table 39-1 Time Commands 39-1
Table 40-1 SNMP Commands 40-1
Table 40-2 show snmp engine-id - display description 40-9
Table 40-3 show snmp view - display description 40-11
Table 40-4 show snmp group - display description 40-13
Table 40-5 show snmp user - display description 40-16
Table 41-1 Authentication Commands 41-1
Table 41-2 User Access Commands 41-1
Table 41-3 Default Login Settings 41-2
Table 41-4 Authentication Sequence Commands 41-3

xix

Tables

Table 41-5 RADIUS Client Commands 41-5
Table 41-6 TACACS+ Client Commands 41-9
Table 41-7 Web Server Commands 41-11
Table 41-8 HTTPS System Support 41-13
Table 41-9 Telnet Server Commands 41-14
Table 41-10 Secure Shell Commands 41-15
Table 41-11 show ssh - display description 41-22
Table 41-12 IP Filter Commands 41-24
Table 42-1 Port Security Commands 42-1
Table 43-1 802.1X Port Authentication Commands 43-1
Table 44-1 Access Control List Commands 44-1
Table 44-2 IPv4 ACL Commands 44-1
Table 44-3 IPv6 ACL Commands 44-7
Table 44-4 MAC ACL Commands 44-12
Table 44-5 ACL Information Commands 44-16
Table 45-1 Interface Commands 45-1
Table 45-2 show interfaces switchport - display description 45-10
Table 46-1 Link Aggregation Commands 46-1
Table 46-2 show lacp counters - display description 46-9
Table 46-3 show lacp internal - display description 46-10
Table 46-4 show lacp neighbors - display description 46-10
Table 46-5 show lacp sysid - display description 46-11
Table 47-1 Broadcast Storm Control Commands 47-1
Table 48-1 Mirror Port Commands 48-1
Table 49-1 Rate Limit Commands 49-1
Table 50-1 Address Table Commands 50-1
Table 51-1 Spanning Tree Commands 51-1
Table 52-1 VLAN Commands 52-1
Table 52-2 GVRP and Bridge Extension Commands 52-1
Table 52-3 Commands for Editing VLAN Groups 52-5
Table 52-4 Commands for Configuring VLAN Interfaces 52-7
Table 52-1 IEEE 802.1Q Tunneling Commands 52-13
Table 52-1 Commands for Displaying VLAN Information 52-16
Table 53-1 Private VLAN Commands 53-1
Table 54-1 Protocol-based VLAN Commands 54-1
Table 55-1 Priority Commands 55-1
Table 55-2 Priority Commands (Layer 2) 55-1
Table 55-3 Default CoS Priority Levels 55-5
Table 55-4 Priority Commands (Layer 3 and 4) 55-7
Table 55-5 Mapping IP Precedence to CoS Values 55-9
Table 55-6 Mapping IP DSCP to CoS Values 55-11
Table 56-1 Quality of Service Commands 56-1
Table 57-1 Multicast Filtering Commands 57-1
Table 57-2 IGMP Snooping Commands 57-1
Table 57-3 IGMP Query Commands 57-4

xx

Tables

Table 57-4 Static Multicast Routing Commands 57-8
Table 58-1 DNS Commands 58-1
Table 58-2 show dns cache - display description 58-7
Table 59-1 IPv4 Configuration Commands 59-1
Table 60-1 IPv6 Configuration Commands 60-1
Table 60-2 show ipv6 interface - display description 60-10
Table 60-3 show ipv6 mtu - display description 60-14
Table 60-4 show ipv6 traffic - display description 60-16
Table 60-5 show ipv6 neighbors - display description 60-26
Table 61-1 Switch Cluster Commands 61-1
Table B-1 Troubleshooting Chart B-1

xxi

Tables

xxii

Figures

Figure 3-1 Home Page 3-2
Figure 3-2 Front Panel Indicators 3-3
Figure 4-1 System Information 4-2
Figure 4-2 Switch Information 4-4
Figure 4-3 Displaying Bridge Extension Configuration 4-5
Figure 4-4 Configuring Support for Jumbo Frames 4-6
Figure 4-5 Renumbering the Stack 4-7
Figure 4-6 Resetting the System 4-7
Figure 5-1 IPv4 Interface Configuration - Manual 5-2
Figure 5-2 IPv4 Interface Configuration - DHCP 5-3
Figure 5-3 IPv6 Interface Configuration 5-9
Figure 5-4 IPv6 General Prefix Configuration 5-11
Figure 5-5 IPv6 Neighbor Detection and Neighbor Cache 5-14
Figure 6-1 Copy Firmware 6-2
Figure 6-2 Setting the Startup Code 6-2
Figure 6-3 Deleting Files 6-3
Figure 6-4 Downloading Configuration Settings for Start-Up 6-5
Figure 6-5 Setting the Startup Configuration Settings 6-5
Figure 7-1 Configuring the Console Port 7-2
Figure 8-1 Configuring the Telnet Interface 8-2
Figure 9-1 System Logs 9-2
Figure 9-2 Remote Logs 9-3
Figure 9-3 Displaying Logs 9-4
Figure 9-4 Enabling and Configuring SMTP Alerts 9-5
Figure 10-1 SNTP Configuration 10-1
Figure 10-2 Clock Time Zone 10-2
Figure 11-1 Enabling the SNMP Agent 11-2
Figure 11-2 Configuring SNMP Community Strings 11-3
Figure 11-3 Configuring SNMP Trap Managers 11-6
Figure 11-4 Setting the SNMPv3 Engine ID 11-7
Figure 11-5 Setting an Engine ID 11-8
Figure 11-6 Configuring SNMPv3 Users 11-9
Figure 11-7 Configuring Remote SNMPv3 Users 11-11
Figure 11-8 Configuring SNMPv3 Groups 11-15
Figure 11-9 Configuring SNMPv3 Views 11-16
Figure 12-1 User Accounts 12-2
Figure 12-2 Authentication Server Settings 12-4
Figure 12-3 HTTPS Settings 12-6
Figure 12-4 Copy HTTPS Certificate 12-7
Figure 12-5 SSH Host-Key Settings 12-11
Figure 12-6 SSH Server Settings 12-12

xxiii

Figures

Figure 12-7 IP Filter 12-14
Figure 13-1 Port Security 13-2
Figure 14-1 802.1X Global Information 14-2
Figure 14-2 802.1X Global Configuration 14-3
Figure 14-3 802.1X Port Configuration 14-4
Figure 14-4 802.1X Port Statistics 14-7
Figure 15-1 Selecting ACL Type 15-2
Figure 15-2 ACL Configuration - Standard IPv4 15-3
Figure 15-3 ACL Configuration - Extended IPv4 15-5
Figure 15-4 ACL Configuration - MAC 15-7
Figure 15-5 ACL Configuration - Standard IPv6 15-8
Figure 15-6 ACL Configuration - Extended IPv6 15-10
Figure 15-7 ACL Port Binding 15-11
Figure 16-1 Port - Port Information 16-1
Figure 16-2 Port - Port Configuration 16-5
Figure 16-3 Port Statistics 16-9
Figure 17-1 Static Trunk Configuration 17-2
Figure 17-2 Trunk Load Balance Mode 17-4
Figure 17-3 LACP Trunk Configuration 17-6
Figure 17-4 LACP - Aggregation Port 17-8
Figure 17-5 LACP - Port Counters Information 17-10
Figure 17-6 LACP - Port Internal Information 17-12
Figure 17-7 LACP - Port Neighbors Information 17-13
Figure 18-1 Port Broadcast Control 18-1
Figure 19-1 Mirror Port Configuration 19-2
Figure 20-1 Rate Limit Configuration 20-1
Figure 21-1 Static Addresses 21-1
Figure 21-2 Dynamic Addresses 21-3
Figure 21-3 Address Aging 21-4
Figure 22-1 STA Information 22-5
Figure 22-2 STA Global Configuration 22-9
Figure 22-3 STA Port Information 22-12
Figure 22-4 STA Port Configuration 22-15
Figure 22-5 MSTP VLAN Configuration 22-16
Figure 22-6 MSTP Port Information 22-18
Figure 22-7 MSTP Port Configuration 22-20
Figure 23-1 Globally Enabling GVRP 23-4
Figure 23-2 VLAN Basic Information 23-4
Figure 23-3 VLAN Current Table 23-5
Figure 23-4 VLAN Static List - Creating VLANs 23-7
Figure 23-5 VLAN Static Table - Adding Static Members 23-8
Figure 23-6 VLAN Static Membership by Port 23-9
Figure 23-7 VLAN Port Configuration 23-11
Figure 23-1 802.1Q Tunnel Status 23-16
Figure 23-1 Tunnel Port Configuration 23-18

xxiv

Figures

Figure 24-1 Private VLAN Status 24-1
Figure 24-2 Private VLAN Link Status 24-2
Figure 25-1 Protocol VLAN Configuration 25-2
Figure 25-2 Protocol VLAN Port Configuration 25-3
Figure 26-1 Default Port Priority 26-2
Figure 26-2 Traffic Classes 26-4
Figure 26-3 Queue Mode 26-5
Figure 26-4 Queue Scheduling 26-6
Figure 26-5 IP Precedence/DSCP Priority Status 26-7
Figure 26-6 IP Precedence Priority 26-8
Figure 26-7 IP DSCP Priority 26-10
Figure 26-8 IP Port Priority Status 26-11
Figure 26-9 IP Port Priority 26-11
Figure 27-1 Configuring Class Maps 27-3
Figure 27-2 Configuring Policy Maps 27-6
Figure 27-3 Service Policy Settings 27-7
Figure 28-1 IGMP Configuration 28-3
Figure 28-2 Multicast Router Port Information 28-4
Figure 28-3 Static Multicast Router Port Configuration 28-5
Figure 28-4 IP Multicast Registration Table 28-6
Figure 28-5 IGMP Member Port Table 28-7
Figure 29-1 DNS General Configuration 29-2
Figure 29-2 DNS Static Host Table 29-4
Figure 29-3 DNS Cache 29-5
Figure 30-1 Cluster Configuration 30-2
Figure 30-2 Cluster Member Configuration 30-3
Figure 30-3 Cluster Member Information 30-3
Figure 30-4 Cluster Candidate Information 30-4

xxv

Figures

xxvi

Section I: Getting Started

This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings required to
access the management interface.

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Getting Started

Chapter 1: Introduction

This switch provides a broad range of features for Layer 2 switching. It includes a
management agent that allows you to configure the features listed in this manual.
The default configuration can be used for most of the features provided by this
switch. However, there are many options that you should configure to maximize the
switch’s performance for your particular network environment.

Key Features

Table 1-1 Key Features

Feature Description

Configuration Backup
and Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control Lists Supports up to 32 ACLs, 96 MAC rules, 96 IP rules, and 96 IPv6 rules

DHCP Client Supported

DNS Proxy service

Port Configuration Speed and duplex mode and flow control

Rate Limiting Input and output rate limiting per port

Port Mirroring One or more ports mirrored to single analysis port

Port Trunking Supports up to 24 trunks using either static or dynamic trunking (LACP)

Broadcast Storm
Control

Address Table Up to 8K MAC addresses in the forwarding table, 1024 static MAC addresses

IP Version 4 and 6 Supports IPv4 and IPv6 addressing, management, and QoS

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward
Switching

Spanning Tree
Algorithm

Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based, private VLANs, and

Backup to TFTP server

Web – HTTPS
Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering

Supported

Supported to ensure wire-speed switching while eliminating bad frames

Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple
Spanning Trees (MSTP)

802.1Q tunneling (QinQ)

1-1

Introduction

1

Table 1-1 Key Features (Continued)

Feature Description

Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or

Qualify of Service Supports Differentiated Services (DiffServ)

Multicast Filtering Supports IGMP snooping and query

Switch Clustering Supports up to 36 member switches in a cluster

Differentiated Services Code Point (DSCP), and TCP/UDP Port

Description of Software Features

The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Broadcast storm suppression prevents broadcast traffic storms from
engulfing the network. Untagged (port-based), tagged, and protocol-based VLANs,
plus support for automatic GVRP VLAN registration provide traffic security and
efficient use of network bandwidth. CoS priority queueing ensures the minimum
delay for moving real-time multimedia data across the network. While multicast
filtering provides support for real-time network applications. Some of the
management features are briefly described below.

Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.

Authentication – This switch authenticates management access via the console
port, Telnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1X protocol. This
protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request
user credentials from the 802.1X client, and then uses the EAP between the switch
and the authentication server to verify the client’s right to access the network via an
authentication server (i.e., RADIUS server).

Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/web/Telnet management access,
and MAC address filtering for port access.

Access Control Lists – ACLs provide packet filtering for IP frames (based on
address, protocol, TCP/UDP port number or TCP control code) or any frames
(based on MAC address or Ethernet type). ACLs can by used to improve
performance by blocking unnecessary network traffic or to implement security
controls by restricting access to specific network resources or protocols.

1-2