Digisol DG-FS4526E Management Manual

MUSTANG 4000 SWITCH SERIES

DG-FS4526E

MANAGEMENT GUIDE

2012-04-12

As our products undergo continuous development the specifications are subject to change without prior notice

V1.0

M

ANAGEMENT

G

UIDE

DG-FS4526E ENHANCED FAST ETHERNET SWITCH

Layer 2 Switch
with 24 10/100BASE-TX (RJ-45) Ports,
and 2 Gigabit Combination Ports (RJ-45/SFP)

DG-FS4526E

E032011/ST-R01

149100000142A

ABOUT THIS GUIDE

PURPOSE This guide gives specific information on how to operate and use the

management functions of the switch.

AUDIENCE The guide is intended for use by network administrators who are

responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).

CONVENTIONS The following conventions are used throughout this guide to show

information:

N

OTE

:

Emphasizes important information or calls your attention to related

features or instructions.

C

AUTION

damage the system or equipment.

W

ARNING

:

Alerts you to a potential hazard that could cause loss of data, or

:

Alerts you to a potential hazard that could cause personal injury.

RELATED PUBLICATIONS The following publication details the hardware features of the switch,

including the physical and performance-related characteristics, and how to
install the switch:

The Installation Guide

Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.

REVISION HISTORY This section summarizes the changes in each revision of this guide.

APRIL 2012 REVISION

This is the first version of this guide.

– 3 –

A

BOUT THIS GUIDE

– 4 –

CONTENTS

ABOUT THIS GUIDE 3

C

ONTENTS 5

IGURES 35

F

T

ABLES 45

SECTION I GETTING STARTED 51

1INTRODUCTION 53

Key Features 53

Description of Software Features 54

System Defaults 59

2INITIAL SWITCH CONFIGURATION 63

Connecting to the Switch 63

Configuration Options 63

Required Connections 64

Remote Connections 65

Basic Configuration 66

Console Connection 66

Setting Passwords 66

Setting an IP Address 67

Downloading a Configuration File Referenced by a DHCP Server 73

Enabling SNMP Management Access 75

Managing System Files 77

Saving or Restoring Configuration Settings 78

SECTION II WEB CONFIGURATION 81

3USING THE WEB INTERFACE 83

Connecting to the Web Interface 83

Navigating the Web Browser Interface 84

– 5 –

C

ONTENTS

Home Page 84

Configuration Options 85

Panel Display 85

Main Menu 86

4BASIC MANAGEMENT TASKS 101

Displaying System Information 101

Displaying Hardware/Software Versions 102

Configuring Support for Jumbo Frames 104

Displaying Bridge Extension Capabilities 105

Managing System Files 106

Copying Files via FTP/TFTP or HTTP 106

Saving the Running Configuration to a Local File 108

Setting The Start-Up File 109

Showing System Files 110

Automatic Operation Code Upgrade 111

Setting the System Clock 115

Setting the Time Manually 115

Setting the SNTP Polling Interval 116

Specifying SNTP Time Servers 117

Setting the Time Zone 118

Console Port Settings 119

Telnet Settings 121

Displaying CPU Utilization 122

Displaying Memory Utilization 123

Resetting the System 124

5INTERFACE CONFIGURATION 129

Port Configuration 129

Configuring by Port List 129

Configuring by Port Range 132

Displaying Connection Status 133

Configuring Local Port Mirroring 134

Configuring Remote Port Mirroring 136

Showing Port or Trunk Statistics 140

Performing Cable Diagnostics 144

Trunk Configuration 146

Configuring a Static Trunk 147

– 6 –

C

ONTENTS

Configuring a Dynamic Trunk 149

Displaying LACP Port Counters 154

Displaying LACP Settings and Status for the Local Side 155

Displaying LACP Settings and Status for the Remote Side 157

Saving Power 158

Traffic Segmentation 160

Enabling Traffic Segmentation 160

Configuring Uplink and Downlink Ports 161

VLAN Trunking 164

6 VLAN CONFIGURATION 167

IEEE 802.1Q VLANs 167

Configuring VLAN Groups 170

Adding Static Members to VLANs 172

Configuring Dynamic VLAN Registration 177

IEEE 802.1Q Tunneling 181

Enabling QinQ Tunneling on the Switch 185

Adding an Interface to a QinQ Tunnel 186

Protocol VLANs 188

Configuring Protocol VLAN Groups 188

Mapping Protocol Groups to Interfaces 190

Configuring IP Subnet VLANs 192

Configuring MAC-based VLANs 194

Configuring VLAN Mirroring 196

7 ADDRESS TABLE SETTINGS 199

Setting Static Addresses 199

Changing the Aging Time 201

Displaying the Dynamic Address Table 202

Clearing the Dynamic Address Table 203

Configuring MAC Address Mirroring 204

8SPANNING TREE ALGORITHM 207

Overview 207

Configuring Loopback Detection 210

Configuring Global Settings for STA 211

Displaying Global Settings for STA 216

Configuring Interface Settings for STA 217

Displaying Interface Settings for STA 221

– 7 –

C

ONTENTS

Configuring Multiple Spanning Trees 224

Configuring Interface Settings for MSTP 228

9RATE LIMIT CONFIGURATION 231

10 S

TORM CONTROL CONFIGURATION 233

LASS OF SERVICE 235

11 C

Layer 2 Queue Settings 235

Setting the Default Priority for Interfaces 235

Selecting the Queue Mode 236

Mapping CoS Values to Egress Queues 239

Layer 3/4 Priority Settings 242

Mapping Layer 3/4 Priorities to CoS Values 242

Setting Priority Processing to DSCP or CoS 242

Mapping Ingress DSCP Values to Internal DSCP Values 243

Mapping CoS Priorities to Internal DSCP Values 246

12 QUALITY OF SERVICE 249

Overview 249

Configuring a Class Map 250

Creating QoS Policies 253

Attaching a Policy Map to a Port 263

13 VOIP TRAFFIC CONFIGURATION 265

Overview 265

Configuring VoIP Traffic 265

Configuring Telephony OUI 267

Configuring VoIP Traffic Ports 269

14 SECURITY MEASURES 271

AAA Authorization and Accounting 272

Configuring Local/Remote Logon Authentication 273

Configuring Remote Logon Authentication Servers 274

Configuring AAA Accounting 279

Configuring AAA Authorization 284

Configuring User Accounts 287

Web Authentication 289

Configuring Global Settings for Web Authentication 289

Configuring Interface Settings for Web Authentication 290

Network Access (MAC Address Authentication) 292

Configuring Global Settings for Network Access 294

– 8 –

C

ONTENTS

Configuring Network Access for Ports 295

Configuring Port Link Detection 297

Configuring a MAC Address Filter 298

Displaying Secure MAC Address Information 300

Configuring HTTPS 301

Configuring Global Settings for HTTPS 301

Replacing the Default Secure-site Certificate 303

Configuring the Secure Shell 304

Configuring the SSH Server 307

Generating the Host Key Pair 308

Importing User Public Keys 310

Access Control Lists 312

Setting A Time Range 313

Showing TCAM Utilization 316

Setting the ACL Name and Type 317

Configuring a Standard IPv4 ACL 319

Configuring an Extended IPv4 ACL 320

Configuring a Standard IPv6 ACL 323

Configuring an Extended IPv6 ACL 325

Configuring a MAC ACL 326

Configuring an ARP ACL 329

Binding a Port to an Access Control List 331

ARP Inspection 332

Configuring Global Settings for ARP Inspection 333

Configuring VLAN Settings for ARP Inspection 335

Configuring Interface Settings for ARP Inspection 337

Displaying ARP Inspection Statistics 338

Displaying the ARP Inspection Log 339

Filtering IP Addresses for Management Access 340

Configuring Port Security 342

Configuring 802.1X Port Authentication 344

Configuring 802.1X Global Settings 346

Configuring Port Authenticator Settings for 802.1X 347

Configuring Port Supplicant Settings for 802.1X 351

Displaying 802.1X Statistics 353

IP Source Guard 356

– 9 –

C

ONTENTS

Configuring Ports for IP Source Guard 356

Configuring Static Bindings for IP Source Guard 358

Displaying Information for Dynamic IP Source Guard Bindings 360

DHCP Snooping 362

DHCP Snooping Configuration 364

DHCP Snooping VLAN Configuration 365

Configuring Ports for DHCP Snooping 366

Displaying DHCP Snooping Binding Information 367

15 BASIC ADMINISTRATION PROTOCOLS 369

Configuring Event Logging 370

System Log Configuration 370

Remote Log Configuration 372

Sending Simple Mail Transfer Protocol Alerts 373

Link Layer Discovery Protocol 375

Setting LLDP Timing Attributes 375

Configuring LLDP Interface Attributes 377

Displaying LLDP Local Device Information 380

Displaying LLDP Remote Port Information 383

Displaying Device Statistics 388

Simple Network Management Protocol 389

Configuring Global Settings for SNMP 392

Setting the Local Engine ID 393

Specifying a Remote Engine ID 394

Setting SNMPv3 Views 395

Configuring SNMPv3 Groups 398

Setting Community Access Strings 401

Configuring Local SNMPv3 Users 403

Configuring Remote SNMPv3 Users 405

Specifying Trap Managers 408

Remote Monitoring 412

Configuring RMON Alarms 413

Configuring RMON Events 416

Configuring RMON History Samples 418

Configuring RMON Statistical Samples 421

Switch Clustering 424

Configuring General Settings for Clusters 424

– 10 –

C

ONTENTS

Cluster Member Configuration 426

Managing Cluster Members 427

Ethernet Ring Protection Switching 428

ERPS Configuration 431

ERPS Ring Configuration 432

Connectivity Fault Management 437

Configuring Global Settings for CFM 440

Configuring Interfaces for CFM 444

Configuring CFM Maintenance Domains 444

Configuring CFM Maintenance Associations 449

Configuring Maintenance End Points 454

Configuring Remote Maintenance End Points 456

Transmitting Link Trace Messages 458

Transmitting Loop Back Messages 460

Transmitting Delay-Measure Requests 462

Displaying Local MEPs 464

Displaying Details for Local MEPs 465

Displaying Local MIPs 467

Displaying Remote MEPs 468

Displaying Details for Remote MEPs 469

Displaying the Link Trace Cache 471

Displaying Fault Notification Settings 473

Displaying Continuity Check Errors 474

OAM Configuration 475

Enabling OAM on Local Ports 475

Displaying Statistics for OAM Messages 478

Displaying the OAM Event Log 479

Displaying the Status of Remote Interfaces 480

Configuring a Remote Loop Back Test 481

Displaying Results of Remote Loop Back Testing 483

16 IP CONFIGURATION 485

Using the Ping Function 485

Address Resolution Protocol 486

Setting the ARP Timeout 487

Displaying ARP Entries 488

Setting the Switch’s IP Address (IP Version 4) 489

– 11 –

C

ONTENTS

Configuring the IPv4 Default Gateway 489

Configuring IPv4 Interface Settings 490

Setting the Switch’s IP Address (IP Version 6) 493

Configuring the IPv6 Default Gateway 493

Configuring IPv6 Interface Settings 494

Configuring an IPv6 Address 497

Showing IPv6 Addresses 500

Showing the IPv6 Neighbor Cache 501

Showing IPv6 Statistics 503

Showing the MTU for Responding Destinations 508

17 IP SERVICES 509

Configuring General DNS Service Parameters 509

Configuring a List of Domain Names 510

Configuring a List of Name Servers 512

Configuring Static DNS Host to Address Entries 513

Displaying the DNS Cache 514

18 MULTICAST FILTERING 517

Overview 517

Layer 2 IGMP (Snooping and Query) 518

Configuring IGMP Snooping and Query Parameters 520

Specifying Static Interfaces for a Multicast Router 524

Assigning Interfaces to Multicast Services 525

Setting IGMP Snooping Status per Interface 528

Displaying Multicast Groups Discovered by IGMP Snooping 533

Filtering and Throttling IGMP Groups 534

Enabling IGMP Filtering and Throttling 534

Configuring IGMP Filter Profiles 535

Configuring IGMP Filtering and Throttling for Interfaces 537

Multicast VLAN Registration 539

Configuring Global MVR Settings 541

Configuring MVR Group Address Ranges 542

Configuring MVR Interface Status 543

Assigning Static Multicast Groups to Interfaces 546

Displaying MVR Receiver Groups 547

– 12 –

C

ONTENTS

SECTION III COMMAND LINE INTERFACE 549

19 USING THE COMMAND LINE INTERFACE 551

Accessing the CLI 551

Console Connection 551

Telnet Connection 552

Entering Commands 553

Keywords and Arguments 553

Minimum Abbreviation 553

Command Completion 553

Getting Help on Commands 554

Partial Keyword Lookup 555

Negating the Effect of Commands 556

Using Command History 556

Understanding Command Modes 556

Exec Commands 556

Configuration Commands 557

Command Line Processing 559

CLI Command Groups 560

20 GENERAL COMMANDS 563

prompt 563

reload (Global Configuration) 564

enable 565

quit 566

show history 566

configure 567

disable 568

reload (Privileged Exec) 568

show reload 569

end 569

exit 569

21 SYSTEM MANAGEMENT COMMANDS 571

Device Designation 571

hostname 572

Banner Information 572

banner configure 573

– 13 –

C

ONTENTS

banner configure company 574

banner configure dc-power-info 575

banner configure department 575

banner configure equipment-info 576

banner configure equipment-location 577

banner configure ip-lan 577

banner configure lp-number 578

banner configure manager-info 579

banner configure mux 579

banner configure note 580

show banner 581

System Status 581

show access-list tcam-utilization 582

show memory 582

show process cpu 583

show running-config 583

show startup-config 584

show system 585

show tech-support 586

show users 586

show version 587

Frame Size 588

jumbo frame 588

File Management 589

boot system 590

copy 591

delete 594

dir 594

whichboot 595

upgrade opcode auto 596

upgrade opcode path 597

Line 599

line 599

databits 600

exec-timeout 601

login 601

– 14 –

C

ONTENTS

parity 602

password 603

password-thresh 604

silent-time 605

speed 605

stopbits 606

timeout login response 606

disconnect 607

show line 608

Event Logging 608

logging facility 609

logging history 610

logging host 611

logging on 611

logging trap 612

clear log 612

show log 613

show logging 614

SMTP Alerts 615

logging sendmail 616

logging sendmail host 616

logging sendmail level 617

logging sendmail destination-email 617

logging sendmail source-email 618

show logging sendmail 618

Time 619

sntp client 619

sntp poll 620

sntp server 621

show sntp 621

clock timezone 622

calendar set 623

show calendar 623

Time Range 624

time-range 624

absolute 625

– 15 –

C

ONTENTS

periodic 625

show time-range 626

Switch Clustering 627

cluster 628

cluster commander 628

cluster ip-pool 629

cluster member 630

rcommand 630

show cluster 631

show cluster members 631

show cluster candidates 632

22 SNMP COMMANDS 633

snmp-server 634

snmp-server community 635

snmp-server contact 635

snmp-server location 636

show snmp 636

snmp-server enable traps 637

snmp-server host 638

snmp-server engine-id 641

snmp-server group 642

snmp-server user 643

snmp-server view 644

show snmp engine-id 645

show snmp group 646

show snmp user 647

show snmp view 648

nlm 648

snmp-server notify-filter 649

show nlm oper-status 650

show snmp notify-filter 651

23 REMOTE MONITORING COMMANDS 653

rmon alarm 654

rmon event 655

rmon collection history 656

rmon collection rmon1 657

– 16 –

C

ONTENTS

show rmon alarms 658

show rmon events 658

show rmon history 658

show rmon statistics 659

24 AUTHENTICATION COMMANDS 661

User Accounts 661

enable password 662

username 663

Authentication Sequence 664

authentication enable 664

authentication login 665

RADIUS Client 666

radius-server acct-port 666

radius-server auth-port 667

radius-server host 667

radius-server key 668

radius-server retransmit 668

radius-server timeout 669

show radius-server 669

TACACS+ Client 670

tacacs-server host 670

tacacs-server key 671

tacacs-server port 672

show tacacs-server 672

AAA 673

aaa accounting commands 673

aaa accounting dot1x 674

aaa accounting exec 675

aaa accounting update 676

aaa authorization exec 677

aaa group server 678

server 678

accounting dot1x 679

accounting exec 679

authorization exec 680

show accounting 680

– 17 –

C

ONTENTS

Web Server 681

ip http port 682

ip http server 682

ip http secure-server 683

ip http secure-port 684

Telnet Server 685

ip telnet max-sessions 685

ip telnet port 686

ip telnet server 686

show ip telnet 687

Secure Shell 687

ip ssh authentication-retries 690

ip ssh server 690

ip ssh server-key size 691

ip ssh timeout 692

delete public-key 692

ip ssh crypto host-key generate 693

ip ssh crypto zeroize 694

ip ssh save host-key 694

show ip ssh 695

show public-key 695

show ssh 696

802.1X Port Authentication 697

dot1x default 698

dot1x eapol-pass-through 698

dot1x system-auth-control 699

dot1x intrusion-action 699

dot1x max-req 700

dot1x operation-mode 700

dot1x port-control 701

dot1x re-authentication 702

dot1x timeout quiet-period 702

dot1x timeout re-authperiod 703

dot1x timeout supp-timeout 703

dot1x timeout tx-period 704

dot1x re-authenticate 704

– 18 –

C

ONTENTS

dot1x identity profile 705

dot1x max-start 706

dot1x pae supplicant 706

dot1x timeout auth-period 707

dot1x timeout held-period 707

dot1x timeout start-period 708

show dot1x 708

Management IP Filter 711

management 711

show management 712

25 GENERAL SECURITY MEASURES 715

Port Security 716

port security 716

Network Access (MAC Address Authentication) 718

network-access aging 719

network-access mac-filter 719

mac-authentication reauth-time 720

network-access dynamic-qos 721

network-access dynamic-vlan 722

network-access guest-vlan 723

network-access link-detection 723

network-access link-detection link-down 724

network-access link-detection link-up 724

network-access link-detection link-up-down 725

network-access max-mac-count 725

network-access mode mac-authentication 726

network-access port-mac-filter 727

mac-authentication intrusion-action 728

mac-authentication max-mac-count 728

clear network-access 729

show network-access 729

show network-access mac-address-table 730

show network-access mac-filter 731

Web Authentication 731

web-auth login-attempts 732

web-auth quiet-period 733

– 19 –

C

ONTENTS

web-auth session-timeout 733

web-auth system-auth-control 734

web-auth 734

web-auth re-authenticate (Port) 735

web-auth re-authenticate (IP) 735

show web-auth 736

show web-auth interface 736

show web-auth summary 737

DHCP Snooping 737

ip dhcp snooping 738

ip dhcp snooping database flash 740

ip dhcp snooping information option 740

ip dhcp snooping information policy 742

ip dhcp snooping verify mac-address 742

ip dhcp snooping vlan 743

ip dhcp snooping trust 744

clear ip dhcp snooping database flash 745

show ip dhcp snooping 745

show ip dhcp snooping binding 745

IP Source Guard 746

ip source-guard binding 746

ip source-guard 748

ip source-guard max-binding 749

show ip source-guard 750

show ip source-guard binding 750

ARP Inspection 751

ip arp inspection 752

ip arp inspection filter 753

ip arp inspection log-buffer logs 754

ip arp inspection validate 755

ip arp inspection vlan 755

ip arp inspection limit 756

ip arp inspection trust 757

show ip arp inspection configuration 758

show ip arp inspection interface 758

show ip arp inspection log 759

– 20 –

C

ONTENTS

show ip arp inspection statistics 759

show ip arp inspection vlan 759

26 ACCESS CONTROL LISTS 761

IPv4 ACLs 761

access-list ip 762

permit, deny (Standard IP ACL) 763

permit, deny (Extended IPv4 ACL) 764

ip access-group 766

show ip access-group 767

show ip access-list 767

IPv6 ACLs 768

access-list ipv6 768

permit, deny (Standard IPv6 ACL) 769

permit, deny (Extended IPv6 ACL) 770

show ipv6 access-list 772

ipv6 access-group 772

show ipv6 access-group 773

MAC ACLs 774

access-list mac 774

permit, deny
(MAC ACL) 775

mac access-group 777

show mac access-group 778

show mac access-list 778

ARP ACLs 779

access-list arp 779

permit, deny (ARP ACL) 780

show arp access-list 781

ACL Information 782

show access-group 782

show access-list 782

27 INTERFACE COMMANDS 783

interface 784

alias 785

capabilities 785

description 786

flowcontrol 787

– 21 –

C

ONTENTS

media-type 788

negotiation 789

shutdown 789

speed-duplex 790

switchport packet-rate 791

clear counters 792

show interfaces brief 793

show interfaces counters 793

show interfaces status 795

show interfaces switchport 796

show interfaces transceiver 797

test cable-diagnostics 798

show cable-diagnostics 799

power-save 800

show power-save 801

28 LINK AGGREGATION COMMANDS 803

port channel load-balance 804

channel-group 806

lacp 806

lacp admin-key (Ethernet Interface) 808

lacp port-priority 809

lacp system-priority 810

lacp admin-key (Port Channel) 810

show lacp 811

29 PORT MIRRORING COMMANDS 815

Local Port Mirroring Commands 815

port monitor 815

show port monitor 817

RSPAN Mirroring Commands 818

rspan source 819

rspan destination 820

rspan remote vlan 821

no rspan session 822

show rspan 823

30 RATE LIMIT COMMANDS 825

rate-limit 825

– 22 –

C

ONTENTS

31 AUTOMATIC TRAFFIC CONTROL COMMANDS 827

auto-traffic-control apply-timer 829

auto-traffic-control release-timer 830

auto-traffic-control 831

auto-traffic-control action 832

auto-traffic-control alarm-clear-threshold 833

auto-traffic-control alarm-fire-threshold 834

auto-traffic-control auto-control-release 835

auto-traffic-control control-release 835

snmp-server enable port-traps atc broadcast-alarm-clear 836

snmp-server enable port-traps atc broadcast-alarm-fire 836

snmp-server enable port-traps atc broadcast-control-apply 837

snmp-server enable port-traps atc broadcast-control-release 837

snmp-server enable port-traps atc multicast-alarm-clear 838

snmp-server enable port-traps atc multicast-alarm-fire 838

snmp-server enable port-traps atc multicast-control-apply 839

snmp-server enable port-traps atc multicast-control-release 839

show auto-traffic-control 840

show auto-traffic-control interface 840

32 ADDRESS TABLE COMMANDS 841

mac-address-table aging-time 841

mac-address-table static 842

clear mac-address-table dynamic 843

show mac-address-table 843

show mac-address-table aging-time 844

show mac-address-table count 845

33 SPANNING TREE COMMANDS 847

spanning-tree 848

spanning-tree cisco-prestandard 849

spanning-tree forward-time 849

spanning-tree hello-time 850

spanning-tree max-age 851

spanning-tree mode 851

spanning-tree pathcost method 853

spanning-tree priority 853

spanning-tree mst configuration 854

– 23 –

C

ONTENTS

spanning-tree system-bpdu-flooding 855

spanning-tree transmission-limit 855

max-hops 856

mst priority 856

mst vlan 857

name 858

revision 858

spanning-tree bpdu-filter 859

spanning-tree bpdu-guard 860

spanning-tree cost 861

spanning-tree edge-port 862

spanning-tree link-type 863

spanning-tree loopback-detection 863

spanning-tree loopback-detection release-mode 864

spanning-tree loopback-detection trap 865

spanning-tree mst cost 865

spanning-tree mst port-priority 866

spanning-tree port-bpdu-flooding 867

spanning-tree port-priority 868

spanning-tree root-guard 868

spanning-tree spanning-disabled 869

spanning-tree loopback-detection release 870

spanning-tree protocol-migration 870

show spanning-tree 871

show spanning-tree mst configuration 873

34 ERPS COMMANDS 875

erps 876

erps domain 877

control-vlan 877

enable 878

guard-timer 879

holdoff-timer 879

meg-level 880

node-id 881

ring-port 881

rpl owner 882

– 24 –

C

ONTENTS

wtr-timer 882

show erps 883

35 VLAN COMMANDS 887

GVRP and Bridge Extension Commands 888

bridge-ext gvrp 888

garp timer 889

switchport forbidden vlan 890

switchport gvrp 890

show bridge-ext 891

show garp timer 891

show gvrp configuration 892

Editing VLAN Groups 892

vlan database 893

vlan 893

Configuring VLAN Interfaces 894

interface vlan 895

switchport acceptable-frame-types 896

switchport allowed vlan 896

switchport ingress-filtering 897

switchport mode 898

switchport native vlan 899

vlan-trunking 900

Displaying VLAN Information 901

show vlan 901

Configuring IEEE 802.1Q Tunneling 902

dot1q-tunnel system-tunnel-control 903

switchport dot1q-tunnel mode 904

switchport dot1q-tunnel service match cvid 905

switchport dot1q-tunnel tpid 906

show dot1q-tunnel 907

Configuring L2CP Tunneling 908

l2protocol-tunnel tunnel-dmac 908

switchport l2protocol-tunnel 911

show l2protocol-tunnel 912

Configuring Port-based Traffic Segmentation 912

traffic-segmentation 912

– 25 –

C

ONTENTS

show traffic-segmentation 913

Configuring Protocol-based VLANs 914

protocol-vlan protocol-group (Configuring Groups) 915

protocol-vlan protocol-group (Configuring Interfaces) 915

show protocol-vlan protocol-group 916

show interfaces protocol-vlan protocol-group 917

Configuring IP Subnet VLANs 918

subnet-vlan 918

show subnet-vlan 919

Configuring MAC Based VLANs 920

mac-vlan 920

show mac-vlan 921

Configuring Voice VLANs 921

voice vlan 922

voice vlan aging 923

voice vlan mac-address 923

switchport voice vlan 924

switchport voice vlan priority 925

switchport voice vlan rule 925

switchport voice vlan security 926

show voice vlan 927

36 CLASS OF SERVICE COMMANDS 929

Priority Commands (Layer 2) 929

queue mode 930

queue weight 931

switchport priority default 932

show queue mode 933

show queue weight 933

Priority Commands (Layer 3 and 4) 934

qos map cos-dscp 934

qos map dscp-mutation 936

qos map phb-queue 937

qos map trust-mode 938

show qos map dscp-mutation 939

show qos map phb-queue 939

show qos map cos-dscp 940

– 26 –

C

ONTENTS

show qos map trust-mode 941

37 QUALITY OF SERVICE COMMANDS 943

class-map 944

description 945

match 946

rename 947

policy-map 947

class 948

police flow 949

police srtcm-color 951

police trtcm-color 953

set cos 955

set ip dscp 956

set phb 957

service-policy 958

show class-map 959

show policy-map 959

show policy-map interface 960

38 MULTICAST FILTERING COMMANDS 961

IGMP Snooping 961

ip igmp snooping 963

ip igmp snooping priority 963

ip igmp snooping proxy-reporting 964

ip igmp snooping querier 965

ip igmp snooping router-alert-option-check 965

ip igmp snooping router-port-expire-time 966

ip igmp snooping tcn-flood 966

ip igmp snooping tcn-query-solicit 968

ip igmp snooping unregistered-data-flood 968

ip igmp snooping unsolicited-report-interval 969

ip igmp snooping version 970

ip igmp snooping version-exclusive 970

ip igmp snooping vlan general-query-suppression 971

ip igmp snooping vlan immediate-leave 972

ip igmp snooping vlan last-memb-query-count 973

ip igmp snooping vlan last-memb-query-intvl 973

– 27 –

C

ONTENTS

ip igmp snooping vlan mrd 974

ip igmp snooping vlan proxy-address 975

ip igmp snooping vlan proxy-query-interval 976

ip igmp snooping vlan proxy-query-resp-intvl 977

ip igmp snooping vlan static 977

show ip igmp snooping 978

show ip igmp snooping group 979

Static Multicast Routing 980

ip igmp snooping vlan mrouter 980

show ip igmp snooping mrouter 981

IGMP Filtering and Throttling 981

ip igmp filter (Global Configuration) 982

ip igmp profile 983

permit, deny 983

range 984

ip igmp filter (Interface Configuration) 984

ip igmp max-groups 985

ip igmp max-groups action 986

show ip igmp filter 986

show ip igmp profile 987

show ip igmp throttle interface 987

Multicast VLAN Registration 988

mvr 989

mvr group 989

mvr priority 990

mvr upstream-source-ip 991

mvr vlan 991

mvr immediate-leave 992

mvr type 993

mvr vlan group 994

show mvr 995

39 LLDP COMMANDS 999

lldp 1001

lldp holdtime-multiplier 1001

lldp med-fast-start-count 1002

lldp notification-interval 1002

– 28 –

C

ONTENTS

lldp refresh-interval 1003

lldp reinit-delay 1003

lldp tx-delay 1004

lldp admin-status 1005

lldp basic-tlv management-ip-address 1005

lldp basic-tlv port-description 1006

lldp basic-tlv system-capabilities 1007

lldp basic-tlv system-description 1007

lldp basic-tlv system-name 1008

lldp dot1-tlv proto-ident 1008

lldp dot1-tlv proto-vid 1009

lldp dot1-tlv pvid 1009

lldp dot1-tlv vlan-name 1010

lldp dot3-tlv link-agg 1010

lldp dot3-tlv mac-phy 1011

lldp dot3-tlv max-frame 1011

lldp med-location civic-addr 1012

lldp med-notification 1013

lldp med-tlv inventory 1014

lldp med-tlv location 1015

lldp med-tlv med-cap 1015

lldp med-tlv network-policy 1016

lldp notification 1016

show lldp config 1017

show lldp info local-device 1018

show lldp info remote-device 1019

show lldp info statistics 1021

40 CFM COMMANDS 1023

ethernet cfm ais level 1026

ethernet cfm ais ma 1027

ethernet cfm ais period 1028

ethernet cfm ais suppress alarm 1028

ethernet cfm domain 1029

ethernet cfm enable 1031

ma index name vlan 1032

ma index name-format 1033

– 29 –

C

ONTENTS

ethernet cfm mep 1034

ethernet cfm port-enable 1035

clear ethernet cfm ais mpid 1035

show ethernet cfm configuration 1036

show ethernet cfm md 1038

show ethernet cfm ma 1038

show ethernet cfm maintenance-points local 1039

show ethernet cfm maintenance-points local detail mep 1040

show ethernet cfm maintenance-points remote detail 1041

ethernet cfm cc ma interval 1043

ethernet cfm cc enable 1044

snmp-server enable traps ethernet cfm cc 1045

mep archive-hold-time 1046

clear ethernet cfm maintenance-points remote 1046

clear ethernet cfm errors 1047

show ethernet cfm errors 1048

ethernet cfm mep crosscheck start-delay 1049

snmp-server enable traps ethernet cfm crosscheck 1049

mep crosscheck mpid 1050

ethernet cfm mep crosscheck 1051

show ethernet cfm maintenance-points remote crosscheck 1052

ethernet cfm linktrace cache 1052

ethernet cfm linktrace cache hold-time 1053

ethernet cfm linktrace cache size 1054

ethernet cfm linktrace 1055

clear ethernet cfm linktrace-cache 1056

show ethernet cfm linktrace-cache 1056

ethernet cfm loopback 1057

mep fault-notify lowest-priority 1058

mep fault-notify alarm-time 1060

mep fault-notify reset-time 1061

show ethernet cfm fault-notify-generator 1061

ethernet cfm delay-measure two-way 1062

41 OAM COMMANDS 1065

efm oam 1066

efm oam critical-link-event 1066

– 30 –

C

ONTENTS

efm oam link-monitor frame 1067

efm oam link-monitor frame threshold 1067

efm oam link-monitor frame window 1068

efm oam mode 1069

clear efm oam counters 1069

efm oam remote-loopback 1070

efm oam remote-loopback test 1071

show efm oam counters interface 1072

show efm oam event-log interface 1072

show efm oam remote-loopback interface 1073

show efm oam status interface 1073

show efm oam status remote interface 1074

42 DOMAIN NAME SERVICE COMMANDS 1075

ip domain-list 1075

ip domain-lookup 1076

ip domain-name 1077

ip host 1078

ip name-server 1079

ipv6 host 1080

clear dns cache 1080

clear host 1081

show dns 1081

show dns cache 1082

show hosts 1082

43 DHCP COMMANDS 1085

DHCP Client 1085

ip dhcp client class-id 1086

ip dhcp restart client 1086

ipv6 dhcp restart client vlan 1087

show ipv6 dhcp duid 1088

show ipv6 dhcp vlan 1089

44 IP INTERFACE COMMANDS 1091

IPv4 Interface 1091

Basic IPv4 Configuration 1092

ip address 1092

ip default-gateway 1093

– 31 –

C

ONTENTS

show ip default-gateway 1094

show ip interface 1094

traceroute 1095

ping 1096

ARP Configuration 1097

arp timeout 1097

clear arp-cache 1098

show arp 1098

IPv6 Interface 1099

ipv6 default-gateway 1100

ipv6 address 1101

ipv6 address autoconfig 1102

ipv6 address eui-64 1103

ipv6 address link-local 1105

ipv6 enable 1106

ipv6 mtu 1107

show ipv6 default-gateway 1108

show ipv6 interface 1109

show ipv6 mtu 1110

show ipv6 traffic 1111

clear ipv6 traffic 1115

ping6 1116

ipv6 nd dad attempts 1117

ipv6 nd ns-interval 1118

ipv6 nd reachable-time 1119

clear ipv6 neighbors 1120

show ipv6 neighbors 1120

SECTION IV APPENDICES 1123

ASOFTWARE SPECIFICATIONS 1125

Software Features 1125

Management Features 1126

Standards 1127

Management Information Bases 1128

BTROUBLESHOOTING 1131

– 32 –

C

ONTENTS

Problems Accessing the Management Interface 1131

Using System Logs 1132

CLICENSE INFORMATION 1133

The GNU General Public License 1133

GLOSSARY 1137

OMMAND LIST 1145

C

I

NDEX 1153

– 33 –

C

ONTENTS

– 34 –

FIGURES

Figure 1: Home Page 84

Figure 2: Front Panel Indicators 85

Figure 3: System Information 102

Figure 4: General Switch Information 103

Figure 5: Configuring Support for Jumbo Frames 104

Figure 6: Displaying Bridge Extension Configuration 106

Figure 7: Copy Firmware 108

Figure 8: Saving the Running Configuration 109

Figure 9: Setting Start-Up Files 110

Figure 10: Displaying System Files 110

Figure 11: Configuring Automatic Code Upgrade 114

Figure 12: Manually Setting the System Clock 116

Figure 13: Setting the Polling Interval for SNTP 117

Figure 14: Specifying SNTP Time Servers 117

Figure 15: Setting the Time Zone 118

Figure 16: Console Port Settings 120

Figure 17: Telnet Connection Settings 122

Figure 18: Displaying CPU Utilization 123

Figure 19: Displaying Memory Utilization 124

Figure 20: Restarting the Switch (Immediately) 126

Figure 21: Restarting the Switch (In) 126

Figure 22: Restarting the Switch (At) 127

Figure 23: Restarting the Switch (Regularly) 127

Figure 24: Configuring Connections by Port List 132

Figure 25: Configuring Connections by Port Range 133

Figure 26: Displaying Port Information 134

Figure 27: Configuring Local Port Mirroring 134

Figure 28: Configuring Local Port Mirroring 135

Figure 29: Displaying Local Port Mirror Sessions 136

Figure 30: Configuring Remote Port Mirroring 136

Figure 31: Configuring Remote Port Mirroring (Source) 139

– 35 –

F

IGURES

Figure 32: Configuring Remote Port Mirroring (Intermediate) 140

Figure 33: Configuring Remote Port Mirroring (Destination) 140

Figure 34: Showing Port Statistics (Table) 143

Figure 35: Showing Port Statistics (Chart) 144

Figure 36: Performing Cable Tests 145

Figure 37: Configuring Static Trunks 147

Figure 38: Creating Static Trunks 148

Figure 39: Adding Static Trunks Members 148

Figure 40: Configuring Connection Parameters for a Static Trunk 149

Figure 41: Showing Information for Static Trunks 149

Figure 42: Configuring Dynamic Trunks 149

Figure 43: Configuring the LACP Aggregator Admin Key 151

Figure 44: Enabling LACP on a Port 152

Figure 45: Configuring LACP Parameters on a Port 152

Figure 46: Showing Members of a Dynamic Trunk 153

Figure 47: Configuring Connection Settings for Dynamic Trunks 153

Figure 48: Displaying Connection Parameters for Dynamic Trunks 154

Figure 49: Displaying LACP Port Counters 155

Figure 50: Displaying LACP Port Internal Information 157

Figure 51: Displaying LACP Port Remote Information 158

Figure 52: Enabling Power Savings 160

Figure 53: Enabling Traffic Segmentation 161

Figure 54: Configuring Members for Traffic Segmentation 163

Figure 55: Showing Traffic Segmentation Members 163

Figure 56: Configuring VLAN Trunking 164

Figure 57: Configuring VLAN Trunking 165

Figure 58: VLAN Compliant and VLAN Non-compliant Devices 168

Figure 59: Using GVRP 170

Figure 60: Creating Static VLANs 171

Figure 61: Modifying Settings for Static VLANs 172

Figure 62: Showing Static VLANs 172

Figure 63: Configuring Static Members by VLAN Index 175

Figure 64: Configuring Static VLAN Members by Interface 176

Figure 65: Configuring Static VLAN Members by Interface Range 177

Figure 66: Configuring Global Status of GVRP 179

Figure 67: Configuring GVRP for an Interface 179

– 36 –

F

IGURES

Figure 68: Showing Dynamic VLANs Registered on the Switch 180

Figure 69: Showing the Members of a Dynamic VLAN 180

Figure 70: QinQ Operational Concept 182

Figure 71: Enabling QinQ Tunneling 186

Figure 72: Adding an Interface to a QinQ Tunnel 187

Figure 73: Configuring Protocol VLANs 189

Figure 74: Displaying Protocol VLANs 190

Figure 75: Assigning Interfaces to Protocol VLANs 191

Figure 76: Showing the Interface to Protocol Group Mapping 191

Figure 77: Configuring IP Subnet VLANs 193

Figure 78: Showing IP Subnet VLANs 193

Figure 79: Configuring MAC-Based VLANs 195

Figure 80: Showing MAC-Based VLANs 195

Figure 81: Configuring VLAN Mirroring 197

Figure 82: Showing the VLANs to Mirror 197

Figure 83: Configuring Static MAC Addresses 200

Figure 84: Displaying Static MAC Addresses 201

Figure 85: Setting the Address Aging Time 202

Figure 86: Displaying the Dynamic MAC Address Table 203

Figure 87: Clearing Entries in the Dynamic MAC Address Table 204

Figure 88: Mirroring Packets Based on the Source MAC Address 205

Figure 89: Showing the Source MAC Addresses to Mirror 206

Figure 90: STP Root Ports and Designated Ports 208

Figure 91: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 209

Figure 92: Common Internal Spanning Tree, Common Spanning Tree, Internal

Spanning Tree 209

Figure 93: Configuring Port Loopback Detection 211

Figure 94: Configuring Global Settings for STA (STP) 215

Figure 95: Configuring Global Settings for STA (RSTP) 215

Figure 96: Configuring Global Settings for STA (MSTP) 216

Figure 97: Displaying Global Settings for STA 217

Figure 98: Configuring Interface Settings for STA 221

Figure 99: STA Port Roles 223

Figure 100: Displaying Interface Settings for STA 223

Figure 101: Creating an MST Instance 225

Figure 102: Displaying MST Instances 226

Figure 103: Modifying the Priority for an MST Instance 226

– 37 –

F

IGURES

Figure 104: Displaying Global Settings for an MST Instance 227

Figure 105: Adding a VLAN to an MST Instance 227

Figure 106: Displaying Members of an MST Instance 228

Figure 107: Configuring MSTP Interface Settings 229

Figure 108: Displaying MSTP Interface Settings 230

Figure 109: Configuring Rate Limits 232

Figure 110: Configuring Storm Control 234

Figure 111: Setting the Default Port Priority 236

Figure 112: Setting the Queue Mode (Strict) 238

Figure 113: Setting the Queue Mode (WRR) 238

Figure 114: Setting the Queue Mode (Strict and WRR) 239

Figure 115: Mapping CoS Values to Egress Queues 241

Figure 116: Showing CoS Values to Egress Queue Mapping 241

Figure 117: Setting the Trust Mode 243

Figure 118: Configuring DSCP to DSCP Internal Mapping 245

Figure 119: Showing DSCP to DSCP Internal Mapping 245

Figure 120: Configuring CoS to DSCP Internal Mapping 247

Figure 121: Showing CoS to DSCP Internal Mapping 248

Figure 122: Configuring a Class Map 251

Figure 123: Showing Class Maps 252

Figure 124: Adding Rules to a Class Map 252

Figure 125: Showing the Rules for a Class Map 253

Figure 126: Configuring a Policy Map 261

Figure 127: Showing Policy Maps 261

Figure 128: Adding Rules to a Policy Map 262

Figure 129: Showing the Rules for a Policy Map 263

Figure 130: Attaching a Policy Map to a Port 264

Figure 131: Configuring a Voice VLAN 266

Figure 132: Configuring an OUI Telephony List 268

Figure 133: Showing an OUI Telephony List 268

Figure 134: Configuring Port Settings for a Voice VLAN 270

Figure 135: Configuring the Authentication Sequence 274

Figure 136: Authentication Server Operation 274

Figure 137: Configuring Remote Authentication Server (RADIUS) 277

Figure 138: Configuring Remote Authentication Server (TACACS+) 278

Figure 139: Configuring AAA Server Groups 278

– 38 –

F

IGURES

Figure 140: Showing AAA Server Groups 279

Figure 141: Configuring Global Settings for AAA Accounting 281

Figure 142: Configuring AAA Accounting Methods 282

Figure 143: Showing AAA Accounting Methods 282

Figure 144: Configuring AAA Accounting Service for 802.1X Service 283

Figure 145: Configuring AAA Accounting Service for Exec Service 283

Figure 146: Displaying a Summary of Applied AAA Accounting Methods 283

Figure 147: Displaying Statistics for AAA Accounting Sessions 284

Figure 148: Configuring AAA Authorization Methods 285

Figure 149: Showing AAA Authorization Methods 286

Figure 150: Configuring AAA Authorization Methods for Exec Service 286

Figure 151: Displaying the Applied AAA Authorization Method 287

Figure 152: Configuring User Accounts 288

Figure 153: Showing User Accounts 289

Figure 154: Configuring Global Settings for Web Authentication 290

Figure 155: Configuring Interface Settings for Web Authentication 291

Figure 156: Configuring Global Settings for Network Access 295

Figure 157: Configuring Interface Settings for Network Access 297

Figure 158: Configuring Link Detection for Network Access 298

Figure 159: Configuring a MAC Address Filter for Network Access 299

Figure 160: Showing the MAC Address Filter Table for Network Access 299

Figure 161: Showing Addresses Authenticated for Network Access 301

Figure 162: Configuring HTTPS 302

Figure 163: Downloading the Secure-Site Certificate 304

Figure 164: Configuring the SSH Server 308

Figure 165: Generating the SSH Host Key Pair 309

Figure 166: Showing the SSH Host Key Pair 310

Figure 167: Copying the SSH User’s Public Key 311

Figure 168: Showing the SSH User’s Public Key 312

Figure 169: Setting the Name of a Time Range 314

Figure 170: Showing a List of Time Ranges 314

Figure 171: Add a Rule to a Time Range 315

Figure 172: Showing the Rules Configured for a Time Range 315

Figure 173: Showing TCAM Utilization 317

Figure 174: Creating an ACL 318

Figure 175: Showing a List of ACLs 318

– 39 –

F

IGURES

Figure 176: Configuring a Standard IPv4 ACL 320

Figure 177: Configuring an Extended IPv4 ACL 323

Figure 178: Configuring a Standard IPv6 ACL 324

Figure 179: Configuring an Extended IPv6 ACL 326

Figure 180: Configuring a MAC ACL 328

Figure 181: Configuring a ARP ACL 330

Figure 182: Binding a Port to an ACL 332

Figure 183: Configuring Global Settings for ARP Inspection 335

Figure 184: Configuring VLAN Settings for ARP Inspection 337

Figure 185: Configuring Interface Settings for ARP Inspection 338

Figure 186: Displaying Statistics for ARP Inspection 339

Figure 187: Displaying the ARP Inspection Log 340

Figure 188: Creating an IP Address Filter for Management Access 341

Figure 189: Showing IP Addresses Authorized for Management Access 342

Figure 190: Configuring Port Security 344

Figure 191: Configuring Port Security 345

Figure 192: Configuring Global Settings for 802.1X Port Authentication 347

Figure 193: Configuring Interface Settings for 802.1X Port Authenticator 351

Figure 194: Configuring Interface Settings for 802.1X Port Supplicant 353

Figure 195: Showing Statistics for 802.1X Port Authenticator 355

Figure 196: Showing Statistics for 802.1X Port Supplicant 356

Figure 197: Setting the Filter Type for IP Source Guard 358

Figure 198: Configuring Static Bindings for IP Source Guard 360

Figure 199: Displaying Static Bindings for IP Source Guard 360

Figure 200: Showing the IP Source Guard Binding Table 361

Figure 201: Configuring Global Settings for DHCP Snooping 365

Figure 202: Configuring DHCP Snooping on a VLAN 366

Figure 203: Configuring the Port Mode for DHCP Snooping 367

Figure 204: Displaying the Binding Table for DHCP Snooping 368

Figure 205: Configuring Settings for System Memory Logs 371

Figure 206: Showing Error Messages Logged to System Memory 372

Figure 207: Configuring Settings for Remote Logging of Error Messages 373

Figure 208: Configuring SMTP Alert Messages 374

Figure 209: Configuring LLDP Timing Attributes 377

Figure 210: Configuring LLDP Interface Attributes 380

Figure 211: Displaying Local Device Information for LLDP (General) 382

– 40 –

F

IGURES

Figure 212: Displaying Local Device Information for LLDP (Port) 382

Figure 213: Displaying Remote Device Information for LLDP (Port) 387

Figure 214: Displaying Remote Device Information for LLDP (Port Details) 387

Figure 215: Displaying LLDP Device Statistics (General) 389

Figure 216: Displaying LLDP Device Statistics (Port) 389

Figure 217: Configuring Global Settings for SNMP 392

Figure 218: Configuring the Local Engine ID for SNMP 393

Figure 219: Configuring a Remote Engine ID for SNMP 395

Figure 220: Showing Remote Engine IDs for SNMP 395

Figure 221: Creating an SNMP View 396

Figure 222: Showing SNMP Views 397

Figure 223: Adding an OID Subtree to an SNMP View 397

Figure 224: Showing the OID Subtree Configured for SNMP Views 398

Figure 225: Creating an SNMP Group 400

Figure 226: Showing SNMP Groups 401

Figure 227: Setting Community Access Strings 402

Figure 228: Showing Community Access Strings 402

Figure 229: Configuring Local SNMPv3 Users 404

Figure 230: Showing Local SNMPv3 Users 405

Figure 231: Configuring Remote SNMPv3 Users 407

Figure 232: Showing Remote SNMPv3 Users 407

Figure 233: Configuring Trap Managers (SNMPv1) 411

Figure 234: Configuring Trap Managers (SNMPv2c) 411

Figure 235: Configuring Trap Managers (SNMPv3) 412

Figure 236: Showing Trap Managers 412

Figure 237: Configuring an RMON Alarm 415

Figure 238: Showing Configured RMON Alarms 415

Figure 239: Configuring an RMON Event 417

Figure 240: Showing Configured RMON Events 418

Figure 241: Configuring an RMON History Sample 419

Figure 242: Showing Configured RMON History Samples 420

Figure 243: Showing Collected RMON History Samples 420

Figure 244: Configuring an RMON Statistical Sample 422

Figure 245: Showing Configured RMON Statistical Samples 423

Figure 246: Showing Collected RMON Statistical Samples 423

Figure 247: Configuring a Switch Cluster 425

– 41 –

F

IGURES

Figure 248: Configuring a Cluster Members 426

Figure 249: Showing Cluster Members 427

Figure 250: Showing Cluster Candidates 427

Figure 251: Managing a Cluster Member 428

Figure 252: ERPS Ring Components 430

Figure 253: Setting ERPS Global Status 432

Figure 254: Creating an ERPS Ring 435

Figure 255: Creating an ERPS Ring 436

Figure 256: Showing Configured ERPS Rings 437

Figure 257: Single CFM Maintenance Domain 438

Figure 258: Multiple CFM Maintenance Domains 439

Figure 259: Configuring Global Settings for CFM 443

Figure 260: Configuring Interfaces for CFM 444

Figure 261: Configuring Maintenance Domains 448

Figure 262: Showing Maintenance Domains 448

Figure 263: Configuring Detailed Settings for Maintenance Domains 449

Figure 264: Configuring Maintenance Associations 452

Figure 265: Showing Maintenance Associations 453

Figure 266: Configuring Detailed Settings for Maintenance Associations 454

Figure 267: Configuring Maintenance End Points 455

Figure 268: Showing Maintenance End Points 456

Figure 269: Configuring Remote Maintenance End Points 457

Figure 270: Showing Remote Maintenance End Points 458

Figure 271: Transmitting Link Trace Messages 460

Figure 272: Transmitting Loopback Messages 462

Figure 273: Transmitting Delay-Measure Messages 464

Figure 274: Showing Information on Local MEPs 465

Figure 275: Showing Detailed Information on Local MEPs 467

Figure 276: Showing Information on Local MIPs 468

Figure 277: Showing Information on Remote MEPs 469

Figure 278: Showing Detailed Information on Remote MEPs 471

Figure 279: Showing the Link Trace Cache 473

Figure 280: Showing Settings for the Fault Notification Generator 474

Figure 281: Showing Continuity Check Errors 475

Figure 282: Enabling OAM for Local Ports 478

Figure 283: Displaying Statistics for OAM Messages 479

– 42 –

F

IGURES

Figure 284: Displaying the OAM Event Log 480

Figure 285: Displaying Status of Remote Interfaces 481

Figure 286: Running a Remote Loop Back Test 483

Figure 287: Displaying the Results of Remote Loop Back Testing 484

Figure 288: Pinging a Network Device 486

Figure 289: Setting the ARP Timeout 488

Figure 290: Displaying ARP Entries 488

Figure 291: Configuring the IPv4 Default Gateway 489

Figure 292: Configuring a Static IPv4 Address 491

Figure 293: Configuring a Dynamic IPv4 Address 492

Figure 294: Showing the IPv4 Address Configured for an Interface 493

Figure 295: Configuring the IPv6 Default Gateway 494

Figure 296: Configuring General Settings for an IPv6 Interface 497

Figure 297: Configuring an IPv6 Address 500

Figure 298: Showing Configured IPv6 Addresses 501

Figure 299: Showing IPv6 Neighbors 502

Figure 300: Showing IPv6 Statistics (IPv6) 507

Figure 301: Showing IPv6 Statistics (ICMPv6) 507

Figure 302: Showing IPv6 Statistics (UDP) 508

Figure 303: Showing Reported MTU Values 508

Figure 304: Configuring General Settings for DNS 510

Figure 305: Configuring a List of Domain Names for DNS 511

Figure 306: Showing the List of Domain Names for DNS 511

Figure 307: Configuring a List of Name Servers for DNS 512

Figure 308: Showing the List of Name Servers for DNS 513

Figure 309: Configuring Static Entries in the DNS Table 514

Figure 310: Showing Static Entries in the DNS Table 514

Figure 311: Showing Entries in the DNS Cache 515

Figure 312: Multicast Filtering Concept 517

Figure 313: Configuring General Settings for IGMP Snooping 523

Figure 314: Configuring a Static Interface for a Multicast Router 524

Figure 315: Showing Static Interfaces Attached a Multicast Router 525

Figure 316: Showing Current Interfaces Attached a Multicast Router 525

Figure 317: Assigning an Interface to a Multicast Service 526

Figure 318: Showing Static Interfaces Assigned to a Multicast Service 527

Figure 319: Showing Current Interfaces Assigned to a Multicast Service 527

– 43 –

F

IGURES

Figure 320: Configuring IGMP Snooping on a VLAN 532

Figure 321: Showing Interface Settings for IGMP Snooping 532

Figure 322: Showing Multicast Groups Learned by IGMP Snooping 533

Figure 323: Enabling IGMP Filtering and Throttling 535

Figure 324: Creating an IGMP Filtering Profile 536

Figure 325: Showing the IGMP Filtering Profiles Created 536

Figure 326: Adding Multicast Groups to an IGMP Filtering Profile 537

Figure 327: Showing the Groups Assigned to an IGMP Filtering Profile 537

Figure 328: Configuring IGMP Filtering and Throttling Interface Settings 539

Figure 329: MVR Concept 540

Figure 330: Configuring Global Settings for MVR 542

Figure 331: Configuring an MVR Group Address Range 543

Figure 332: Displaying MVR Group Address Ranges 543

Figure 333: Configuring Interface Settings for MVR 545

Figure 334: Assigning Static MVR Groups to a Port 547

Figure 335: Showing the Static MVR Groups Assigned to a Port 547

Figure 336: Displaying MVR Receiver Groups 548

Figure 337: Storm Control by Limiting the Traffic Rate 828

Figure 338: Storm Control by Shutting Down a Port 829

Figure 339: Configuring VLAN Trunking 900

– 44 –

TABLES

Table 1: Key Features 53

Table 2: System Defaults 59

Table 3: Options 60, 66 and 67 Statements 73

Table 4: Options 55 and 124 Statements 74

Table 5: Web Page Configuration Buttons 85

Table 6: Switch Main Menu 86

Table 7: Port Statistics 141

Table 8: LACP Port Counters 154

Table 9: LACP Internal Configuration Information 155

Table 10: LACP Internal Configuration Information 157

Table 11: Traffic Segmentation Forwarding 162

Table 12: Recommended STA Path Cost Range 218

Table 13: Default STA Path Costs 219

Table 14: IEEE 802.1p Egress Queue Priority Mapping 239

Table 15: CoS Priority Levels 239

Table 16: Mapping Internal Per-hop Behavior to Hardware Queues 240

Table 17: Default Mapping of DSCP Values to Internal PHB/Drop Values 244

Table 18: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 247

Table 19: Dynamic QoS Profiles 293

Table 20: HTTPS System Support 302

Table 21: ARP Inspection Statistics 338

Table 22: ARP Inspection Log 339

Table 23: 802.1X Statistics 353

Table 24: Logging Levels 370

Table 25: Chassis ID Subtype 381

Table 26: System Capabilities 381

Table 27: Port ID Subtype 383

Table 28: Remote Port Auto-Negotiation Advertised Capability 385

Table 29: SNMPv3 Security Models and Levels 390

Table 30: Supported Notification Messages 399

Table 31: Remote MEP Priority Levels 446

– 45 –

T

ABLES

Table 32: MEP Defect Descriptions 446

Table 33: OAM Operation State 476

Table 34: OAM Operation State 482

Table 35: Address Resolution Protocol 487

Table 36: Show IPv6 Neighbors - display description 501

Table 37: Show IPv6 Statistics - display description 503

Table 38: Show MTU - display description 508

Table 39: General Command Modes 556

Table 40: Configuration Command Modes 558

Table 41: Keystroke Commands 559

Table 42: Command Group Index 560

Table 43: General Commands 563

Table 44: System Management Commands 571

Table 45: Device Designation Commands 571

Table 46: Banner Commands 572

Table 47: System Status Commands 581

Table 48: Frame Size Commands 588

Table 49: Flash/File Commands 589

Table 50: File Directory Information 595

Table 51: Line Commands 599

Table 52: Event Logging Commands 608

Table 53: Logging Levels 610

Table 54: show logging flash/ram - display description 614

Table 55: show logging trap - display description 615

Table 56: Event Logging Commands 615

Table 57: Time Commands 619

Table 58: Time Range Commands 624

Table 59: Switch Cluster Commands 627

Table 60: SNMP Commands 633

Table 61: show snmp engine-id - display description 645

Table 62: show snmp group - display description 647

Table 63: show snmp user - display description 647

Table 64: show snmp view - display description 648

Table 65: RMON Commands 653

Table 66: Authentication Commands 661

Table 67: User Access Commands 661

– 46 –

T

ABLES

Table 68: Default Login Settings 663

Table 69: Authentication Sequence Commands 664

Table 70: RADIUS Client Commands 666

Table 71: TACACS+ Client Commands 670

Table 72: AAA Commands 673

Table 73: Web Server Commands 681

Table 74: HTTPS System Support 683

Table 75: Telnet Server Commands 685

Table 76: Secure Shell Commands 687

Table 77: show ssh - display description 696

Table 78: 802.1X Port Authentication Commands 697

Table 79: Management IP Filter Commands 711

Table 80: General Security Commands 715

Table 81: Management IP Filter Commands 716

Table 82: Network Access Commands 718

Table 83: Dynamic QoS Profiles 721

Table 84: Web Authentication 732

Table 85: DHCP Snooping Commands 737

Table 86: IP Source Guard Commands 746

Table 87: ARP Inspection Commands 751

Table 88: Access Control List Commands 761

Table 89: IPv4 ACL Commands 761

Table 90: IPv4 ACL Commands 768

Table 91: MAC ACL Commands 774

Table 92: ARP ACL Commands 779

Table 93: ACL Information Commands 782

Table 94: Interface Commands 783

Table 95: show interfaces switchport - display description 796

Table 96: Link Aggregation Commands 803

Table 97: show lacp counters - display description 812

Table 98: show lacp internal - display description 812

Table 99: show lacp neighbors - display description 813

Table 100: show lacp sysid - display description 814

Table 101: Port Mirroring Commands 815

Table 102: Mirror Port Commands 815

Table 103: RSPAN Commands 818

– 47 –

T

ABLES

Table 104: Rate Limit Commands 825

Table 105: ATC Commands 827

Table 106: Address Table Commands 841

Table 107: Spanning Tree Commands 847

Table 108: Recommended STA Path Cost Range 861

Table 109: Default STA Path Costs 861

Table 110: ERPS Commands 875

Table 111: show erps - summary display description 883

Table 112: show erps domain - detailed display description 884

Table 113: VLAN Commands 887

Table 114: GVRP and Bridge Extension Commands 888

Table 115: Commands for Editing VLAN Groups 892

Table 116: Commands for Configuring VLAN Interfaces 894

Table 117: Commands for Displaying VLAN Information 901

Table 118: 802.1Q Tunneling Commands 902

Table 119: L2 Protocol Tunnel Commands 908

Table 120: Commands for Configuring Traffic Segmentation 912

Table 121: Protocol-based VLAN Commands 914

Table 122: IP Subnet VLAN Commands 918

Table 123: MAC Based VLAN Commands 920

Table 124: Voice VLAN Commands 921

Table 125: Priority Commands 929

Table 126: Priority Commands (Layer 2) 929

Table 127: Priority Commands (Layer 3 and 4) 934

Table 128: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 935

Table 129: Default Mapping of DSCP Values to Internal PHB/Drop Values 936

Table 130: Mapping Internal Per-hop Behavior to Hardware Queues 937

Table 131: Quality of Service Commands 943

Table 132: Multicast Filtering Commands 961

Table 133: IGMP Snooping Commands 961

Table 134: Static Multicast Interface Commands 980

Table 135: IGMP Filtering and Throttling Commands 981

Table 136: Multicast VLAN Registration Commands 988

Table 137: show mvr - display description 996

Table 138: show mvr interface - display description 996

Table 139: show mvr members - display description 997

– 48 –

T

ABLES

Table 140: LLDP Commands 999

Table 141: LLDP MED Location CA Types 1012

Table 142: CFM Commands 1023

Table 143: show ethernet cfm configuration traps - display description 1037

Table 144: show ethernet cfm maintenance-points local detail mep - display 1041

Table 145: show ethernet cfm maintenance-points remote detail - display 1042

Table 146: show ethernet cfm errors - display description 1048

Table 147: show ethernet cfm linktrace-cache - display description 1056

Table 148: Remote MEP Priority Levels 1059

Table 149: MEP Defect Descriptions 1059

Table 150: show fault-notify-generator - display description 1062

Table 151: OAM Commands 1065

Table 152: Address Table Commands 1075

Table 153: show dns cache - display description 1082

Table 154: show hosts - display description 1083

Table 155: DHCP Commands 1085

Table 156: DHCP Client Commands 1085

Table 157: IP Interface Commands 1091

Table 158: IPv4 Interface Commands 1091

Table 159: Basic IP Configuration Commands 1092

Table 160: Address Resolution Protocol Commands 1097

Table 161: IPv6 Configuration Commands 1099

Table 162: show ipv6 interface - display description 1109

Table 163: show ipv6 mtu - display description 1111

Table 164: show ipv6 traffic - display description 1112

Table 165: show ipv6 neighbors - display description 1121

Table 166: Troubleshooting Chart 1131

– 49 –

T

ABLES

– 50 –

S

ECTION

GETTING STARTED

This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.

This section includes these chapters:

"Introduction" on page 53

"Initial Switch Configuration" on page 63

I

– 51 –

S

ECTION

I

| Getting Started

– 52 –

1 INTRODUCTION

This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.

KEY FEATURES

Table 1: Key Features

Feature Description

Configuration Backup
and Restore

Using management station or FTP/TFTP server

Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+

General Security
Measures

Access Control Lists Supports up to 512 rules, 64 ACLs, and a maximum of 64 rules for

DHCP Client

DNS Client and Proxy service

Port Configuration Speed, duplex mode, and flow control

Port Trunking Supports up to 5 trunks – static or dynamic trunking (LACP)

Port Mirroring 10 sessions, one or more source ports to one analysis port

Congestion Control Rate Limiting

Address Table 8K MAC addresses in the forwarding table, 1K static MAC

Port – IEEE 802.1X, MAC address filtering
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Tel n e t – SS H
Web – HTTPS

AAA
ARP Inspection
DHCP Snooping (with Option 82 relay information)
IP Source Guard
Port Authentication – IEEE 802.1X
Port Security – MAC address filtering

an ACL

Throttling for broadcast, multicast, unknown unicast storms
Random Early Detection

addresses, 255 L2 multicast groups

IP Version 4 and 6 Supports IPv4 and IPv6 addressing, and management

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

– 53 –

C

HAPTER

Description of Software Features

1

| Introduction

Table 1: Key Features (Continued)

Feature Description

Store-and-Forward
Switching

Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and

Supported to ensure wire-speed switching while eliminating bad
frames

Multiple Spanning Trees (MSTP)

Virtual LANs Up to 4093 using IEEE 802.1Q, port-based, protocol-based,

Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP

Quality of Service Supports Differentiated Services (DiffServ)

Link Layer Discovery
Protocol

Multicast Filtering Supports IGMP snooping and query, and Multicast VLAN

Switch Clustering Supports up to 36 member switches in a cluster

Connectivity Fault
Management

ERPS Supports Ethernet Ring Protection Switching for increased

Remote Device
Management

DESCRIPTION OF SOFTWARE FEATURES

The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Broadcast storm suppression prevents
broadcast traffic storms from engulfing the network. Untagged (port­based), tagged, and protocol-based VLANs, plus support for automatic
GVRP VLAN registration provide traffic security and efficient use of network
bandwidth. CoS priority queueing ensures the minimum delay for moving
real-time multimedia data across the network. While multicast filtering
provides support for real-time network applications.

voice VLANs, and QinQ tunnel

Precedence, or Differentiated Services Code Point (DSCP)

Used to discover basic information about neighboring devices

Registration

Connectivity monitoring using continuity check messages, fault
verification through loop back messages, and fault isolation by
examining end-to-end connections

availability of Ethernet rings (G.8032)

Supports OAM functions for attached CPEs

Some of the management features are briefly described below.

CONFIGURATION
BACKUP AND
RESTORE

You can save the current configuration settings to a file on the
management station (using the web interface) or an FTP/TFTP server
(using the web or console interface), and later download this file to restore
the switch configuration settings.

AUTHENTICATION This switch authenticates management access via the console port, Telnet,

or a web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or
TACACS+). Port-based authentication is also supported via the IEEE

– 54 –

C

HAPTER

Description of Software Features

802.1X protocol. This protocol uses Extensible Authentication Protocol over
LANs (EAPOL) to request user credentials from the 802.1X client, and then
uses the EAP between the switch and the authentication server to verify
the client’s right to access the network via an authentication server (i.e.,
RADIUS or TACACS+ server).

Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web
management access. MAC address filtering and IP source guard also
provide authenticated port access. While DHCP snooping is provided to
prevent malicious attacks from insecure ports.

1

| Introduction

ACCESS CONTROL
LISTS

ACLs provide packet filtering for IP frames (based on address, protocol,
TCP/UDP port number or TCP control code) or any frames (based on MAC
address or Ethernet type). ACLs can by used to improve performance by
blocking unnecessary network traffic or to implement security controls by
restricting access to specific network resources or protocols.

PORT CONFIGURATION You can manually configure the speed, duplex mode, and flow control used

on specific ports, or use auto-negotiation to detect the connection settings
used by the attached device. Use the full-duplex mode on ports whenever
possible to double the throughput of switch connections. Flow control
should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).

PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor port.

You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.

PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be

manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 12 trunks.

RATE LIMITING This feature controls the maximum rate for traffic transmitted or received

on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Packets that exceed the
acceptable amount of traffic are dropped.

– 55 –

C

HAPTER

Description of Software Features

1

| Introduction

STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents

traffic from overwhelming the network.When enabled on a port, the level of
broadcast traffic passing through the port is restricted. If broadcast traffic
rises above a pre-defined threshold, it will be throttled until the level falls
back beneath the threshold.

STATIC ADDRESSES A static address can be assigned to a specific interface on this switch.

Static addresses are bound to the assigned interface and will not be
moved. When a static address is seen on another interface, the address will
be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known
host to a specific port.

IP ADDRESS
FILTERING

Access to insecure ports can be controlled using DHCP Snooping which
filters ingress traffic based on static IP addresses and addresses stored in
the DHCP Snooping table. Traffic can also be restricted to specific source IP
addresses or source IP/MAC address pairs based on static entries or entries
stored in the DHCP Snooping table.

IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table

facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up
to 8K addresses.

STORE-AND-FORWARD
SWITCHING

The switch copies each frame into its memory before forwarding them to
another port. This ensures that all frames are a standard Ethernet size and
have been verified for accuracy with the cyclic redundancy check (CRC).
This prevents bad frames from entering the network and wasting
bandwidth.

To avoid dropping frames on congested ports, the switch provides 4 Mbits
for frame buffering. This buffer can queue packets awaiting transmission
on congested networks.

SPANNING TREE
ALGORITHM

The switch supports these spanning tree protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides

loop detection. When there are multiple physical paths between
segments, this protocol will choose a single path and disable all others
to ensure that only one route exists between any two stations on the
network. This prevents the creation of network loops. However, if the
chosen path should fail for any reason, an alternate path will be
activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol

reduces the convergence time for network topology changes to about 3
to 5 seconds, compared to 30 seconds or more for the older IEEE

– 56 –

C

HAPTER

Description of Software Features

802.1D STP standard. It is intended as a complete replacement for STP,
but can still interoperate with switches running the older standard by
automatically reconfiguring ports to STP-compliant mode if they detect
STP protocol messages from attached devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is

a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for
even faster convergence than RSTP by limiting the size of each region,
and prevents VLAN members from being segmented from the rest of
the group (as sometimes occurs with IEEE 802.1D STP).

1

| Introduction

CONNECTIVITY FAULT
MANAGEMENT

The switch provides connectivity fault monitoring for end-to-end
connections within a designated service area by using continuity check
messages which can detect faults in maintenance points, fault verification
through loop back messages, and fault isolation with link trace messages.

VIRTUAL LANS The switch supports up to 4093 VLANs. A Virtual LAN is a collection of

network nodes that share the same collision domain regardless of their
physical location or connection point in the network. The switch supports
tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN
groups can be dynamically learned via GVRP, or ports can be manually
assigned to a specific set of VLANs. This allows the switch to restrict traffic
to the VLAN groups to which a user has been assigned. By segmenting
your network into VLANs, you can:

Eliminate broadcast storms which severely degrade performance in a

flat network.

Simplify network management for node changes/moves by remotely

configuring VLAN membership for any port, rather than having to
manually change the network connection.

Provide data security by restricting all traffic to the originating VLAN,

except where a connection is explicitly defined via the switch's routing
service.

IEEE 802.1Q

UNNELING (QINQ)

T

Use private VLANs to restrict traffic to pass only between data ports

and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need to
be configured.

Use protocol VLANs to restrict traffic to specified interfaces based on

protocol type.

This feature is designed for service providers carrying traffic for multiple
customers across their networks. QinQ tunneling is used to maintain
customer-specific VLAN and Layer 2 protocol configurations even when
different customers use the same internal VLAN IDs. This is accomplished
by inserting Service Provider VLAN (SPVLAN) tags into the customer’s

– 57 –

C

HAPTER

Description of Software Features

1

| Introduction

frames when they enter the service provider’s network, and then stripping
the tags when the frames leave the network.

TRAFFIC
PRIORITIZATION

This switch prioritizes each packet based on the required level of service,
using four priority queues with strict priority, Weighted Round Robin
(WRR), or a combination of strict and weighted queuing. It uses IEEE

802.1p and 802.1Q tags to prioritize incoming traffic based on input from
the end-station application. These functions can
independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4
traffic to meet application requirements. Traffic can be prioritized based on
the priority bits in the IP frame’s Type of Service (ToS) octet using DSCP, or
IP Precedence. When these services are enabled, the priorities are mapped
to a Class of Service value by the switch, and the traffic then sent to the
corresponding output queue.

be used to provide

QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management

mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is
classified upon entry into the network based on access lists, IP Precedence
or DSCP values, or VLAN lists. Using access lists allows you select traffic
based on Layer 2, Layer 3, or Layer 4 information contained in each
packet. Based on network policies, different kinds of traffic can be marked
for different kinds of forwarding.

MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it

does not interfere with normal network traffic and to guarantee real-time
delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group
registration. It also supports Multicast VLAN Registration (MVR) which
allows common multicast traffic, such as television channels, to be
transmitted across a single network-wide multicast VLAN shared by hosts
residing in other standard or private VLAN groups, while preserving
security and data isolation for normal traffic.

LINK LAYER
DISCOVERY
PROTOCOL

LLDP is used to discover basic information about neighboring devices
within the local broadcast domain. LLDP is a Layer 2 protocol that
advertises information about the sending device and collects information
gathered from neighboring network nodes it discovers.

Advertised information is represented in Type Length Value (TLV) format
according to the IEEE 802.1ab standard, and can include details such as
device identification, capabilities and configuration settings. Media
Endpoint Discovery (LLDP-MED) is an extension of LLDP intended for
managing endpoint devices such as Voice over IP phones and network
switches. The LLDP-MED TLVs advertise information such as network
policy, power, inventory, and device location details. The LLDP and LLDP-

– 58 –

C

HAPTER

1

| Introduction

System Defaults

MED information can be used by SNMP applications to simplify
troubleshooting, enhance network management, and maintain an accurate
network topology.

ETHERNET RING
PROTECTION
SWITCHING

SYSTEM DEFAULTS

ERPS can also be used to increase the availability and robustness of
Ethernet rings, such as those used in Metropolitan Area Networks (MAN).
ERPS technology converges in a little over 50 ms. ERPS supports up to 255
nodes in the ring structure. And the convergence time is also independent
of the number of nodes in the ring.

The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should
be set as the startup configuration file.

The following table lists some of the basic system defaults.

Table 2: System Defaults

Function Parameter Default

Console Port Connection Baud Rate 115200 bps

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Authentication Privileged Exec Level Username “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from
Normal Exec Level

Password “admin”

Password “guest”

Password “super”

RADIUS Authentication Disabled

TACACS+ Authentication Disabled

802.1X Port Authentication Disabled

HTTPS Enabled

SSH Disabled

Port Security Disabled

IP Filtering Disabled

DHCP Snooping Disabled

– 59 –

C

HAPTER

1

| Introduction

System Defaults

Table 2: System Defaults (Continued)

Function Parameter Default

Web Management HTTP Server Enabled

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Server Port 443

SNMP SNMP Agent Enabled

Community Strings “public” (read only)

“private” (read/write)

Traps Authentication traps: enabled

SNMP V3 View: defaultview

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Port Trunking Static Trunks None

LACP (all ports) Disabled

Congestion Control Rate Limiting Disabled

Storm Control Broadcast: Enabled

OAM Status Disabled

Address Table Aging Time 300 seconds

Spanning Tree Algorithm Status Enabled, RSTP

Edge Ports Disabled

ERPS Status Disabled

LLDP Status Enabled

Link-up-down events: enabled

Group: public (read only);
private (read/write)

(64 kbits/sec)
Multicast: Disabled
Unknown Unicast: Disabled

(Defaults: RSTP standard)

Virtual LANs Default VLAN 1

PVID 1

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode) Hybrid

GVRP (global) Disabled

GVRP (port interface) Disabled

QinQ Tunneling Disabled

– 60 –

C

HAPTER

Table 2: System Defaults (Continued)

Function Parameter Default

Traffic Prioritization Ingress Port Priority 0

Queue Mode WRR

Queue Weight Queue: 0 1 2 3

Weight: 1 2 4 6

Class of Service Enabled

IP Precedence Priority Disabled

IP DSCP Priority Disabled

IP Settings Management. VLAN VLAN 1

IP Address DHCP assigned

Subnet Mask 255.255.255.0

Default Gateway 0.0.0.0

DHCP Client: Enabled

DNS Proxy service: Disabled

BOOTP Disabled

1

| Introduction

System Defaults

Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled

Multicast VLAN Registration Disabled

IGMP Proxy Reporting Enabled

System Log Status Enabled

Messages Logged to RAM Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

SMTP Email Alerts Event Handler Enabled (but no server defined)

SNTP Clock Synchronization Disabled

Switch Clustering Status Disabled

Commander Disabled

Querier: Disabled

– 61 –

C

HAPTER

1

| Introduction

System Defaults

– 62 –

2 INITIAL SWITCH CONFIGURATION

This chapter includes information on connecting to the switch and basic
configuration procedures.

CONNECTING TO THE SWITCH

The switch includes a built-in network management agent. The agent
offers a variety of management options, including SNMP, RMON and a web­based interface. A PC may also be connected directly to the switch for
configuration and monitoring via a command line interface (CLI).

N

OTE

:

An IPv4 address for this switch is obtained via DHCP by default. To

change this address, see "Setting an IP Address" on page 67.

CONFIGURATION OPTIONS

The switch’s HTTP web agent allows you to configure switch parameters,
monitor port connections, and display statistics using a standard web
browser such as Internet Explorer 5.x or above, Netscape 6.2 or above,
and Mozilla Firefox 2.0.0.0 or above. The switch’s web management
interface can be accessed from any computer attached to the network.

The CLI program can be accessed by a direct connection to the RS-232
serial console port on the switch, or remotely by a Telnet connection over
the network.

The switch’s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be managed
from any system in the network using network management software.

The switch’s web interface, console interface, and SNMP agent allow you to
perform the following management functions:

Set user names and passwords

Set an IP interface for

Configure SNMP parameters

Enable/disable any port

a management VLAN

Set the speed/duplex mode for any port

Configure the bandwidth of any port by limiting input or output rates

– 63 –

C

HAPTER

Connecting to the Switch

2

| Initial Switch Configuration

Control port access through IEEE 802.1X security or static address

filtering

Filter packets using Access Control Lists (ACLs)

Configure up to 256 IEEE 802.1Q VLANs

Enable GVRP automatic VLAN registration

Configure IGMP multicast filtering

Upload and download system firmware or configuration files via HTTP

(using the web interface) or FTP/TFTP (using the command line or web
interface)

Configure Spanning Tree parameters

Configure Class of Service (CoS) priority queuing

Configure static or LACP trunks (up to 5)

REQUIRED CONNECTIONS

Enable port mirroring

Set storm control on any port for excessive broadcast, multicast, or

unknown unicast traffic

Display system information and statistics

The switch provides an RS-232 serial port that enables a connection to a
PC or terminal for monitoring and configuring the switch. A null-modem
console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal emulation
program to the switch. You can use the console cable provided with this
package, or use a null-modem cable that complies with the wiring
assignments shown in the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC

running terminal emulation software, and tighten the captive retaining
screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the

switch.

3. Make sure the terminal emulation software is set as follows:

Select the appropriate serial port (COM port 1 or COM port 2).

Set the baud rate to 115200 bps.

Set the data format to 8 data bits, 1 stop bit, and no parity.

– 64 –

C

HAPTER

Set flow control to none.

Set the emulation mode to VT100.

When using HyperTerminal, select Terminal keys, not Windows

2

| Initial Switch Configuration

Connecting to the Switch

keys.

N

OTE

:

Once you have set up the terminal correctly, the console login screen

will be displayed.

For a description of how to use the CLI, see "Using the Command Line

Interface" on page 551. For a list of all the CLI commands and detailed

information on using the CLI, refer to "CLI Command Groups" on

page 560.

REMOTE CONNECTIONS

Prior to accessing the switch’s onboard agent via a network connection,
you must first configure it with a valid IP address, subnet mask, and
default gateway using a console connection, or DHCP protocol.

An IPv4 address for this switch is obtained via DHCP by default. To
manually configure this address or enable dynamic address assignment via
DHCP, see "Setting an IP Address" on page 67.

N

OTE

:

This switch supports four Telnet sessions or SSH sessions.

After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The
onboard configuration program can be accessed using Telnet from any
computer attached to the network. The switch can also be managed by any
computer using a web browser (Internet Explorer 5.0 or above, Netscape

6.2 or above, or Mozilla Firefox 2.0.0.0 or above), or from a network
computer using SNMP network management software.

The onboard program only provides access to basic configuration functions.
To access the full range of SNMP management functions, you must use
SNMP-based network management software.

– 65 –

C

HAPTER

Basic Configuration

2

| Initial Switch Configuration

BASIC CONFIGURATION

CONSOLE CONNECTION

The CLI program provides two different command levels — normal access
level (Normal Exec) and privileged access level (Privileged Exec). The
commands available at the Normal Exec level are a limited subset of those
available at the Privileged Exec level and allow you to only display
information and use basic utilities. To fully configure the switch
parameters, you must access the CLI at the Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords. The
switch has a default user name and password for each level. To log into the
CLI at the Privileged Exec level using the default user name and password,
perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access

Verification” procedure starts.

2. At the User Name prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters

are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt

indicating you have access at the Privileged Exec level.

SETTING PASSWORDS If this is your first time to log into the CLI program, you should define new

passwords for both default user names using the “username” command,
record them and put them in a safe place.

Passwords can consist of up to 32 alphanumeric characters and are case
sensitive. To prevent unauthorized access to the switch, set the passwords
as follows:

1. Open the console interface with the default user name and password

“admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec

level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec

level, where password is your new password. Press <Enter>.

– 66 –

C

HAPTER

Username: admin
Password:

CLI session with the DG-FS4526E is opened.
To end the CLI session, enter [Exit].

Console#configure
Console(config)#username guest password 0 [password]
Console(config)#username admin password 0 [password]
Console(config)#

2

| Initial Switch Configuration

Basic Configuration

SETTING AN IP ADDRESS

You must establish IP address information for the switch to obtain
management access through the network. This can be done in either of the
following ways:

Manual — You have to input the information, including IP address and

subnet mask. If your management station is not in the same IP subnet
as the switch, you will also need to specify the default gateway router.

Dynamic — The switch can send IPv4 configuration requests to BOOTP

or DHCP address allocation servers on the network, or can
automatically generate a unique IPv6 host address based on the local
subnet address prefix received in router advertisement messages. An
IPv6 link local address for use in a local network can also be
dynamically generated as described in "Obtaining an IPv6 Address" on

page 71.

The current software does not support DHCP for IPv6, so an IPv6 global

unicast address for use in a network containing more than one subnet
can only be manually configured as described in "Assigning an IPv6

Address" on page 68.

MANUAL CONFIGURATION

You can manually assign an IP address to the switch. You may also need to
specify a default gateway that resides between this device and
management stations that exist on another network segment. Valid IPv4
addresses consist of four decimal numbers, 0 to 255, separated by periods.
Anything outside this format will not be accepted by the CLI program.

N

OTE

:

The IPv4 address for this switch is obtained via DHCP by default.

ASSIGNING AN IPV4 ADDRESS

Before you can assign an IP address to the switch, you must obtain the
following information from your network administrator:

IP address for the switch

Network mask for this network

Default gateway for the network

– 67 –

C

HAPTER

Basic Configuration

2

| Initial Switch Configuration

To assign an IPv4 address to the switch, complete the following steps

1. From the Global Configuration mode prompt, type “interface vlan 1” to

access the interface-configuration mode. Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch

IP address and “netmask” is the network mask for the network. Press
<Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press

<Enter>.

4. To set the IP address of the default gateway for the network to which

the switch belongs, type “ip default-gateway gateway,” wh er e
“gateway” is the IP address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.5 255.255.255.0
Console(config-if)#exit
Console(config)#ip default-gateway 192.168.1.254

ASSIGNING AN IPV6 ADDRESS

This section describes how to configure a “link local” address for
connectivity within the local subnet only, and also how to configure a
“global unicast” address, including a network prefix for use on a multi­segment network and the host portion of the address.

An IPv6 prefix or address must be formatted according to RFC 2373 “IPv6
Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal
values. One double colon may be used to indicate the appropriate number
of zeros required to fill the undefined fields. For detailed information on the
other ways to assign IPv6 addresses, see "Setting the Switch’s IP Address

(IP Version 6)" on page 493.

Link Local Address — All link-local addresses must be configured with a
prefix of FE80. Remember that this address type makes the switch
accessible over IPv6 for all devices attached to the same local subnet only.
Also, if the switch detects that the address you configured conflicts with
that in use by another device on the subnet, it will stop using the address
in question, and automatically generate a link local address that does not
conflict with any other devices on the local subnet.

To configure an IPv6 link local address for the switch, complete the
following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to

access the interface-configuration mode. Press <Enter>.

2. Type “ipv6 address” followed by up to 8 colon-separated 16-bit

hexadecimal values for the ipv6-address similar to that shown in the
example, followed by the “link-local” command parameter. Then press
<Enter>.

– 68 –

C

HAPTER

Console(config)#interface vlan 1
Console(config-if)#ipv6 address FE80::260:3EFF:FE11:6700 link-local
Console(config-if)#ipv6 enable
Console(config-if)#end
Console#show ipv6 interface
VLAN 1 is up
IPv6 is enabled.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
(None)
Joined group address(es):
FF02::1:FF11:6700
FF02::1
IPv6 link MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 3.
ND retransmit interval is 1000 milliseconds

Console#

2

| Initial Switch Configuration

Basic Configuration

Address for Multi-segment Network — Before you can assign an IPv6
address to the switch that will be used to connect to a multi-segment
network, you must obtain the following information from your network
administrator:

Prefix for this network

IP address for the switch

Default gateway for the network

For networks that encompass several different subnets, you must define
the full address, including a network prefix and the host address for the
switch. You can specify either the full IPv6 address, or the IPv6 address
and prefix length. The prefix length for an IPv6 network is the number of
bits (from the left) of the prefix that form the network address, and is
expressed as a decimal number. For example, all IPv6 addresses that start
with the first byte of 73 (hexadecimal) could be expressed as
73:0:0:0:0:0:0:0/8 or 73::/8.

To generate an IPv6 global unicast address for the switch, complete the
following steps:

1. From the global configuration mode prompt, type “interface vlan 1” to

access the interface-configuration mode. Press <Enter>.

2. From the interface prompt, type “ipv6 address ipv6-address” or

“ipv6 address ipv6-address/prefix-length,” w h er e “ pr ef ix - le ng th ”
indicates the address bits used to form the network portion of the
address. (The network address starts from the left of the prefix and
should encompass some of the ipv6-address bits.) The remaining bits
are assigned to the host interface. Press <Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press

<Enter>.

– 69 –

C

HAPTER

Basic Configuration

2

| Initial Switch Configuration

4. To set the IP address of the IPv6 default gateway for the network to

which the switch belongs, type “ipv6 default-gateway gateway,” wh e re
“gateway” is the IPv6 address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1
Console(config-if)#ipv6 address 2001:DB8:2222:7272::/64
Console(config-if)#exit
Console(config)#ipv6 default-gateway 2001:DB8:2222:7272::254
Console(config)end
Console#show ipv6 interface
VLAN 1 is up
IPv6 is enabled.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64
Joined group address(es):
FF02::1:FF00:0
FF02::1:FF11:6700
FF02::1
IPv6 link MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 3.
ND retransmit interval is 1000 milliseconds

Console#show ipv6 default-gateway
ipv6 default gateway: 2001:DB8:2222:7272::254
Console#

DYNAMIC CONFIGURATION

Obtaining an IPv4 Address

If you select the “bootp” or “dhcp” option, the system will immediately
start broadcasting service requests. IP will be enabled but will not function
until a BOOTP or DHCP reply has been received. Requests are broadcast
every few minutes using exponential backoff until IP configuration
information is obtained from a BOOTP or DHCP server. BOOTP and DHCP
values can include the IP address, subnet mask, and default gateway. If
the DHCP/BOOTP server is slow to respond, you may need to use the “ip
dhcp restart client” command to re-start broadcasting service requests.

Note that the “ip dhcp restart client” command can also be used to start
broadcasting service requests for all VLANs configured to obtain address
assignments through BOOTP or DHCP. It may be necessary to use this
command when DHCP is configured on a VLAN, and the member ports
which were previously shut down are now enabled.

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6),
then the switch will start broadcasting service requests as soon as it is
powered on.

To automatically configure the switch by communicating with BOOTP or
DHCP address allocation servers on the network, complete the following
steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to

access the interface-configuration mode. Press <Enter>.

– 70 –

C

HAPTER

2

| Initial Switch Configuration

Basic Configuration

2. At the interface-configuration mode prompt, use one of the following

commands:

To obtain IP settings via DHCP, type “ip address dhcp” and press
<Enter>.

To obtain IP settings via BOOTP, type “ip address bootp” and press
<Enter>.

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

4. Wait a few minutes, and then check the IP configuration settings by

typing the “show ip interface” command. Press <Enter>.

5. Then save your configuration changes by typing “copy running-config

startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
Console(config-if)#end
Console#show ip interface
Loopback 0 is Administrative Up - Link Up
Address is 00-00-00-00-00-00
Index: 746, MTU: 0
Address Mode is User specified
VLAN 1 is Administrative Up - Link Up
Address is 00-17-7C-DA-FC-E8
Index: 1001, MTU: 1500
Address Mode is DHCP
IP Address: 192.168.0.2 Mask: 255.255.255.0
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.

\Write to FLASH finish.
Success.

OBTAINING AN IPV6 ADDRESS

Link Local Address — There are several ways to configure IPv6 addresses.
The simplest method is to automatically generate a “link local” address
(identified by an address prefix of FE80). This address type makes the
switch accessible over IPv6 for all devices attached to the same local
subnet.

To generate an IPv6 link local address for the switch, complete the
following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to

access the interface-configuration mode. Press <Enter>.

2. Type “ipv6 enable” and press <Enter>.

Console(config)#interface vlan 1
Console(config-if)#ipv6 enable
Console(config-if)#end

– 71 –

C

HAPTER

2

| Initial Switch Configuration

Basic Configuration

Console#show ipv6 interface
VLAN 1 is up
IPv6 is enabled.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64
Joined group address(es):
FF02::1:FF00:0
FF02::1:FF11:6700
FF02::1
IPv6 link MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 3.
ND retransmit interval is 1000 milliseconds

Console#

Address for Multi-segment Network — To generate an IPv6 address that
can be used in a network containing more than one subnet, the switch can
be configured to automatically generate a unique host address based on
the local subnet address prefix received in router advertisement messages.
(DHCP for IPv6 will also be supported in future software releases.)

To dynamically generate an IPv6 host address for the switch, complete the
following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to

access the interface-configuration mode. Press <Enter>.

2. From the interface prompt, type “ipv6 address autoconfig” and press

<Enter>.

3. Type “ipv6 enable” and press <Enter> to enable IPv6 on an interface

that has not been configured with an explicit IPv6 address.

Console(config)#interface vlan 1
Console(config-if)#ipv6 address autoconfig
Console(config-if)#ipv6 enable
Console(config-if)#end
Console#show ipv6 interface
VLAN 1 is up
IPv6 is enabled.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
2001:DB8:2222:7272:217:7CFF:FE00:FD/64, subnet is 2001:DB8:2222:7272::/

64[AUTOCONFIG]
valid lifetime 2591978 preferred lifetime 604778
Joined group address(es):
FF02::1:FF00:FD
FF02::1:FF11:6700
FF02::1
IPv6 link MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 3.
ND retransmit interval is 1000 milliseconds

Console#

– 72 –

C

HAPTER

2

| Initial Switch Configuration

Basic Configuration

DOWNLOADING A CONFIGURATION FILE REFERENCED BY A DHCP SERVER

Information passed on to the switch from a DHCP server may also include a
configuration file to be downloaded and the TFTP servers where that file
can be accessed. If the Factory Default Configuration file is used to
provision the switch at startup, in addition to requesting IP configuration
settings from the DHCP server, it will also ask for the name of a bootup
configuration file and TFTP servers where that file is stored.

If the switch receives information that allows it to download the remote
bootup file, it will save this file to a local buffer, and then restart the
provision process.

Note the following DHCP client behavior:

The bootup configuration file received from a TFTP server is stored on

the switch with the original file name. If this file name already exists in

the switch, the file is overwritten.

If the name of the bootup configuration file is the same as the Factory

Default Configuration file, the download procedure will be terminated,

and the switch will not send any further DHCP client requests.

If the switch fails to download the bootup configuration file based on

information passed by the DHCP server, it will not send any further

DHCP client requests.

If the switch does not receive a DHCP response prior to completing the

bootup process, it will continue to send a DHCP client request once a

minute. These requests will only be terminated if the switch’s address is

manually configured, but will resume if the address mode is set back to

DHCP.

To successfully transmit a bootup configuration file to the switch the DHCP
daemon (using a Linux based system for this example) must be configured
with the following information:

Options 60, 66 and 67 statements can be added to the daemon’s

configuration file.

Table 3: Options 60, 66 and 67 Statements

Option

Keyword Parameter

60 vendor-class-identifier a string indicating the vendor class identifier

66 tftp-server-name a string indicating the tftp server name

67 bootfile-name a string indicating the bootfile name

Statement

By default, DHCP option 66/67 parameters are not carried in a DHCP

server reply. To ask for a DHCP reply with option 66/67 information, the

DHCP client request sent by this switch includes a “parameter request

list” asking for this information. Besides, the client request also

includes a “vendor class identifier” that allows the DHCP server to

identify the device, and select the appropriate configuration file for

download. This information is included in Option 55 and 124.

– 73 –

C

HAPTER

Basic Configuration

2

| Initial Switch Configuration

Table 4: Options 55 and 124 Statements

Option

Keyword Parameter

55 dhcp-parameter-request-list a list of parameters, separated by ','

124 vendor-class-identifier a string indicating the vendor class identifier

Statement

The following configuration examples are provided for a Linux-based DHCP
daemon (dhcpd.conf file). The server will reply with Options 66/67
encapsulated in Option 43. Note that in the “Vendor class one” section,
if the DHCP request packet's vendor class identifier matches that specified
in this file, the server will send Option 43 encapsulating Option 66 and 67
in the DHCP reply packet. In the “Vendor class two” section, the server will
always send Option 66 and 67 to tell switch to download the “test2”
configuration file from server 192.168.255.101.

ddns-update-style ad-hoc;

default-lease-time 600;
max-lease-time 7200;

log-facility local7;

server-name "Server1";
Server-identifier 192.168.255.250;
#option 43 with encapsulated option 66, 67
option space dynamicProvision code width 1 length 1 hash size 2;
option dynamicProvision.tftp-server-name code 66 = text;
option dynamicProvision.bootfile-name code 67 = text;

subnet 192.168.255.0 netmask 255.255.255.0 {
range 192.168.255.160 192.168.255.200;
option routers 192.168.255.101;
option tftp-server-name "192.168.255.100";#Default Option 66
option bootfile-name "bootfile"; #Default Option 67
}

class "Option66,67_1" { #DHCP Option 60 Vendor class
one
match if option vendor-class-identifier = "dg-fs4526e.bix";
#option 43
option vendor-class-information code 43 = encapsulate

dynamicProvision;
#option 66 encapsulated in option 43
option vendor-class-information.tftp-server-name "192.168.255.100";
#option 67 encapsulated in option 43
option vendor-class-information.bootfile-name "test1"
}

class "Option66,67_2" { #DHCP Option 60 Vendor class
two
match if option vendor-class-identifier = "dg-fs4526e.bix";
option tftp-server-name "192.168.255.101";
option bootfile-name "test2";
}

– 74 –

C

HAPTER

N

OTE

:

Use “dg-fs4526e.bix” for the vendor-class-identifier in the

2

| Initial Switch Configuration

Basic Configuration

dhcpd.conf file.

ENABLING SNMP
M

ANAGEMENT A CCESS

The switch can be configured to accept management commands from
Simple Network Management Protocol (SNMP) applications. You can
configure the switch to respond to SNMP requests or generate SNMP traps.

When SNMP management stations send requests to the switch (either to
return information or to set a parameter), the switch provides the
requested data or sets the specified parameter. The switch can also be
configured to send information to SNMP managers (without being
requested by the managers) through trap messages, which inform the
manager that certain events have occurred.

The switch includes an SNMP agent that supports SNMP version 1, 2c, and
3 clients. To provide management access for version 1 or 2c clients, you
must specify a community string. The switch provides a default MIB View
(i.e., an SNMPv3 construct) for the default “public” community string that
provides read access to the entire MIB tree, and a default view for the
“private” community string that provides read/write access to the entire
MIB tree. However, you may assign new views to version 1 or 2c
community strings that suit your specific security requirements (see

"Setting SNMPv3 Views" on page 395).

COMMUNITY STRINGS (FOR SNMP VERSION 1 AND 2C CLIENTS)

Community strings are used to control management access to SNMP
version 1 and 2c stations, as well as to authorize SNMP stations to receive
trap messages from the switch. You therefore need to assign community
strings to specified users, and set the access level.

The default strings are:

public - with read-only access. Authorized management stations are

only able to retrieve MIB objects.

private - with read/write access. Authorized management stations are

able to both retrieve and modify MIB objects.

To prevent unauthorized access to the switch from SNMP version 1 or 2c
clients, it is recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type

“snmp-server community string mode,” where “string” is the
community access string and “mode” is rw (read/write) or ro (read
only). Press <Enter>. (Note that the default mode is read only.)

– 75 –

C

HAPTER

Basic Configuration

2

| Initial Switch Configuration

2. To remove an existing string, simply type “no snmp-server community

string,” where “string” is the community access string to remove. Press
<Enter>.

Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#

N

OTE

:

If you do not intend to support access to SNMP version 1 and 2c
clients, we recommend that you delete both of the default community
strings. If there are no community strings, then SNMP management access
from SNMP v1 and v2c clients is disabled.

TRAP RECEIVERS

You can also specify SNMP stations that are to receive traps from the
switch. To configure a trap receiver, use the “snmp-server host” command.
From the Privileged Exec level global configuration mode prompt, type:

“snmp-server host host-address community-string

[version {1 | 2c | 3 {auth | noauth | priv}}]”

where “host-address” is the IP address for the trap receiver, “community­string” specifies access rights for a version 1/2c host, or is the user name
of a version 3 host, “version” indicates the SNMP client version, and “auth |
noauth | priv” means that authentication, no authentication, or
authentication and privacy is used for v3 clients. Then press <Enter>. For
a more detailed description of these parameters, see "snmp-server host"

on page 638. The following example creates a trap host for each type of

SNMP client.

Console(config)#snmp-server host 10.1.19.23 batman
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#

CONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS

To configure management access for SNMPv3 clients, you need to first
create a view that defines the portions of MIB that the client can read or
write, assign the view to a group, and then assign the user to a group. The
following example creates one view called “mib-2” that includes the entire
MIB-2 tree branch, and then another view that includes the IEEE 802.1d
bridge MIB. It assigns these respective read and read/write views to a
group call “r&d” and specifies group authentication via MD5 or SHA. In the
last step, it assigns a v3 user to this group, indicating that MD5 will be

– 76 –

used for authentication, provides the password “greenpeace” for
authentication, and the password “einstien” for encryption.

Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included
Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included
Console(config)#snmp-server group r&d v3 auth mib-2 802.1d
Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv

des56 einstien

Console(config)#

For a more detailed explanation on how to configure the switch for access
from SNMP v3 clients, refer to "Simple Network Management Protocol" on

page 389, or refer to the specific CLI commands for SNMP starting on
page 633.

MANAGING SYSTEM FILES

The switch’s flash memory supports three types of system files that can be
managed by the CLI program, web interface, or SNMP. The switch’s file
system allows files to be uploaded and downloaded, copied, deleted, and
set as a start-up file.

C

HAPTER

2

| Initial Switch Configuration

Managing System Files

The types of files are:

Configuration — This file type stores system configuration information

and is created when configuration settings are saved. Saved
configuration files can be selected as a system start-up file or can be
uploaded via FTP/TFTP to a server for backup. The file named
“Factory_Default_Config.cfg” contains all the system default settings
and cannot be deleted from the system. If the system is booted with
the factory default settings, the switch will also create a file named
“startup1.cfg” that contains system settings for switch initialization,
including information about the unit identifier, and MAC address for the
switch. The configuration settings from the factory defaults
configuration file are copied to this file, which is then used to boot the
switch. See "Saving or Restoring Configuration Settings" on page 78 for
more information.

Operation Code — System software that is executed after boot-up,

also known as run-time code. This code runs the switch operations and
provides the CLI and web management interfaces. See "Managing

System Files" on page 106 for more information.

Diagnostic Code — Software that is run during system boot-up, also

known as POST (Power On Self-Test).

Due to the size limit of the flash memory, the switch supports only two
operation code files. However, you can have as many diagnostic code files
and configuration files as available flash memory space allows. The switch
has a total of 32 Mbytes of flash memory for system files.

– 77 –

C

HAPTER

Managing System Files

2

| Initial Switch Configuration

In the system flash memory, one file of each type must be set as the start­up file. During a system boot, the diagnostic and operation code files set as
the start-up file are run, and then the start-up configuration file is loaded.

Note that configuration files should be downloaded using a file name that
reflects the contents or usage of the file settings. If you download directly
to the running-config, the system will reboot, and the settings will have to
be copied from the running-config to a permanent file.

SAVING OR RESTORING CONFIGURATION SETTINGS

Configuration commands only modify the running configuration file and are
not saved when the switch is rebooted. To save all your configuration
changes in nonvolatile storage, you must copy the running configuration
file to the start-up configuration file using the “copy” command.

New startup configuration files must have a name specified. File names on
the switch are case-sensitive, can be from 1 to 31 characters, must not
contain slashes (\ or /), and the leading letter of the file name must not be
a period (.). (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

There can be more than one user-defined configuration file saved in the
switch’s flash memory, but only one is designated as the “startup” file that
is loaded when the switch boots. The copy running-config startup-
config command always sets the new file as the startup file. To select a
previously saved configuration file, use the boot system
config:<filename> command.

The maximum number of saved configuration files depends on available
flash memory. The amount of available flash memory can be checked by
using the dir command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config

startup-config” and press <Enter>.

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.

\Write to FLASH finish.
Success.

Console#

To restore configuration settings from a backup server, enter the following
command:

1. From the Privileged Exec mode prompt, type “copy tftp startup-config”

and press <Enter>.

– 78 –

C

HAPTER

2

| Initial Switch Configuration

Managing System Files

2. Enter the address of the TFTP server. Press <Enter>.

3. Enter the name of the startup file stored on the server. Press <Enter>.

4. Enter the name for the startup file on the switch. Press <Enter>.

Console#copy file startup-config
Console#copy tftp startup-config
TFTP server IP address: 192.168.0.4
Source configuration file name: startup-rd.cfg
Startup configuration file name [startup1.cfg]:

Success.
Console#

– 79 –

C

HAPTER

2

| Initial Switch Configuration

Managing System Files

– 80 –

S

ECTION

WEB CONFIGURATION

This section describes the basic switch features, along with a detailed
description of how to configure each feature via a web browser.

This section includes these chapters:

"Using the Web Interface" on page 83

"Basic Management Tasks" on page 101

"Interface Configuration" on page 129

"VLAN Configuration" on page 167

II

"Address Table Settings" on page 199

"Spanning Tree Algorithm" on page 207

"Rate Limit Configuration" on page 231

"Storm Control Configuration" on page 233

"Class of Service" on page 235

"Quality of Service" on page 249

"VoIP Traffic Configuration" on page 265

"Security Measures" on page 271

"Basic Administration Protocols" on page 369

"IP Configuration" on page 485

"IP Services" on page 509

"Multicast Filtering" on page 517

– 81 –

S

ECTION

II

| Web Configuration

– 82 –

3 USING THE WEB INTERFACE

This switch provides an embedded HTTP web agent. Using a web browser
you can configure the switch and view statistics to monitor network
activity. The web agent can be accessed by any computer on the network
using a standard web browser (Internet Explorer 5.0 or above, Netscape

6.2 or above, or Mozilla Firefox 2.0.0.0 or above).

N

OTE

:

You can also use the Command Line Interface (CLI) to manage the
switch over a serial connection to the console port or via Telnet. For more
information on using the CLI, refer to "Using the Command Line Interface"

on page 551.

CONNECTING TO THE WEB INTERFACE

Prior to accessing the switch from a web browser, be sure you have first
performed the following tasks:

1. Configure the switch with a valid IP address, subnet mask, and default

gateway using an out-of-band serial connection, BOOTP or DHCP
protocol. (See "Setting an IP Address" on page 67.)

2. Set user names and passwords using an out-of-band serial connection.

Access to the web agent is controlled by the same user names and
passwords as the onboard configuration program. (See "Setting

Passwords" on page 66.)

3. After you enter a user name and password, you will have access to the

system configuration program.

N

OTE

:

You are allowed three attempts to enter the correct password; on
the third failed attempt the current connection is terminated.

N

OTE

:

If you log into the web interface as guest (Normal Exec level), you
can view the configuration settings or change the guest password. If you
log in as “admin” (Privileged Exec level), you can change the settings on
any page.

N

OTE

:

If the path between your management station and this switch does
not pass through any device that uses the Spanning Tree Algorithm, then
you can set the switch port attached to your management station to fast

– 83 –

C

HAPTER

Navigating the Web Browser Interface

3

| Using the Web Interface

forwarding (i.e., enable Admin Edge Port) to improve the switch’s response
time to management commands issued through the web interface. See

"Configuring Interface Settings for STA" on page 217.

NAVIGATING THE WEB BROWSER INTERFACE

To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration
parameters and statistics. The default user name and password for the
administrator is “admin.”

HOME PAGE When your web browser connects with the switch’s web agent, the home

page is displayed as shown below. The home page displays the Main Menu
on the left side of the screen and System Information on the right side. The
Main Menu links are used to navigate to other menus, and display
configuration parameters and statistics.

Figure 1: Home Page

N

OTE

:

You can open a connection to the manufacturer’s web site by clicking
on the DIGISOL logo.

– 84 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

CONFIGURATION

OPTIONS

Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the
Apply button to confirm the new setting. The following table summarizes
the web page configuration buttons.

Table 5: Web Page Configuration Buttons

Button Action

Apply Sets specified values to the system.

Revert Cancels specified values and restores current

values prior to pressing “Apply.”

Displays help for the selected page.

Refreshes the current page.

Displays the site map.

Logs out of the management interface.

Sends mail to the manufacturer.

Links to the manufacture’s web site.

N

OTE

:

To ensure proper screen refresh, be sure that Internet Explorer 5.x
is configured as follows: Under the menu “Tools / Internet Options /
General / Temporary Internet Files / Settings,” the setting for item “Check
for newer versions of stored pages” should be “Every visit to the page.”

PANEL DISPLAY The web agent displays an image of the switch’s ports. The Mode can be

set to display different information for the ports, including Active (i.e., up
or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or
without flow control).

Figure 2: Front Panel Indicators

– 85 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

MAIN MENU Using the onboard web agent, you can define system parameters, manage

and control the switch, and all its ports, or monitor network conditions. The
following table briefly describes the selections available from this program.

Table 6: Switch Main Menu

Menu Description Page

System

General Provides basic system description, including contact information 101

Switch Shows the number of ports, hardware version, power status, and

firmware version numbers

IP Sets IPv4 address for management interface and gateway 489

Configure Global Sets IP address of the gateway router between this device and

management stations that exist on other network segments

Configure Interface Configures IP address for management access 490

Add Sets the IPv4 address for management access 490

Show Shows the IPv4 address for management access 490

Capability Enables support for jumbo frames;

shows the bridge extension parameters

File 106

Copy Allows the transfer and copying files 106

102

489

104,
105

Set Startup Sets the startup file 109

Show Shows the files stored in flash memory; allows deletion of files 110

Automatic Operation Code Upgrade Automatically upgrades operation code if a newer version is

found on the server

Time 115

Configure General

Manual Manually sets the current time 115

SNTP Configures SNTP polling interval 116

Configure Time Server Configures a list of SNTP servers 117

Configure Time Zone Sets the local time zone for the system clock 118

Console Sets console port connection parameters 119

Telnet Sets Telnet connection parameters 121

CPU Utilization Displays information on CPU utilization 122

Memory Status Shows memory utilization parameters 123

Reset Restarts the switch immediately, at a specified time, after a

Interface 129

Port 129

General

specified delay, or at a periodic interval

111

124

Configure by Port List Configures connection settings per port 129

Configure by Port Range Configures connection settings for a range of ports 132

Show Information Displays port connection status 133

– 86 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Mirror 134

Add Sets the source and target ports for mirroring 134

Show Shows the configured mirror sessions 134

Statistics Shows Interface, Etherlike, and RMON port statistics 140

Chart Shows Interface, Etherlike, and RMON port statistics 140

Cable Test Performs cable diagnostics for selected port to diagnose any cable

Trunk

Static 147

Configure Trunk 147

Add Creates a trunk, along with the first port member 147

Show Shows the configured trunk identifiers 147

Add Member Specifies ports to group into static trunks 147

faults (short, open etc.) and report the cable length

144

Show Member Shows the port members for the selected trunk 147

Configure General 147

Configure Configures trunk connection settings 147

Show Information Displays trunk connection settings 147

Dynamic 149

Configure Aggregator Configures administration key for specific LACP groups 149

Configure Aggregation Port 147

Configure 147

General Allows ports to dynamically join trunks 149

Actor Configures parameters for link aggregation group members on the

Partner Configures parameters for link aggregation group members on the

Show Information 154

Counters Displays statistics for LACP protocol messages 154

Internal Displays configuration settings and operational state for the local

Neighbors Displays configuration settings and operational state for the remote

Configure Trunk 149

local side

remote side

side of a link aggregation

side of a link aggregation

149

149

155

157

Configure Configures connection settings 149

Show Displays port connection status 149

Show Member Shows the active members in a trunk 149

Statistics Shows Interface, Etherlike, and RMON port statistics 140

Chart Shows Interface, Etherlike, and RMON port statistics 140

– 87 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Green Ethernet Adjusts the power provided to ports based on the length of the cable

RSPAN Mirrors traffic from remote switches for analysis at a destination

Traffic Segmentation 160

Configure Global Enables traffic segmentation globally 160

Configure Session Configures the uplink and down-link ports for a segmented group of

VLAN Trunking Allows unknown VLAN groups to pass through the specified

VLAN Virtual LAN 167

Static

Add Creates VLAN groups 170

Show Displays configured VLAN groups 170

Modify Configures group name and administrative status 170

used to connect to other devices

port on the local switch

ports

interface

158

136

161

164

Edit Member by VLAN Specifies VLAN attributes per VLAN 172

Edit Member by Interface Specifies VLAN attributes per interface 172

Edit Member by Interface Range Specifies VLAN attributes per interface range 172

Dynamic

Configure General Enables GVRP VLAN registration protocol globally 177

Configure Interface Configures GVRP status and timers per interface 177

Show Dynamic VLAN 177

Show VLAN Shows the VLANs this switch has joined through GVRP 177

Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP 177

Tunnel IEEE 802.1Q (QinQ) Tunneling 181

Configure Global Sets tunnel mode for the switch 185

Configure Interface Sets the tunnel mode for any participating interface 186

Protocol 188

Configure Protocol 188

Add Creates a protocol group, specifying supported protocols 188

Show Shows configured protocol groups 188

Configure Interface 190

Add Maps a protocol group to a VLAN 190

Show Shows the protocol groups mapped to each VLAN 190

IP Subnet 192

Add Maps IP subnet traffic to a VLAN 192

Show Shows IP subnet to VLAN mapping 192

– 88 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

MAC-Based 194

Add Maps traffic with specified source MAC address to a VLAN 194

Show Shows source MAC address to VLAN mapping 194

Mirror 196

Add Mirrors traffic from one or more source VLANs to a target port 196

Show Shows mirror list 196

MAC Address 199

Static 199

Add Configures static entries in the address table 199

Show Displays static entries in the address table 199

Dynamic

Configure Aging Sets timeout for dynamically learned entries 201

Show Dynamic MAC Displays dynamic entries in the address table 202

Clear Dynamic MAC Removes any learned entries from the forwarding database and

Mirror Mirrors traffic matching a specified source address from any port on

clears the transmit and receive counts for any static or system
configured entries

the switch to a target port

203

204

Spanning Tree 207

Loopback Detection Configures Loopback Detection parameters 210

STA Spanning Tree Algorithm

Configure Global

Configure Configures global bridge settings for STP, RSTP and MSTP 211

Show Information Displays STA values used for the bridge 216

Configure Interface

Configure Configures interface settings for STA 217

Show Information Displays interface settings for STA 221

MSTP Multiple Spanning Tree Algorithm 224

Configure Global 224

Add Configures initial VLAN and priority for an MST instance 224

Modify Configures the priority or an MST instance 224

Show Configures global settings for an MST instance 224

Add Member Adds VLAN members for an MST instance 224

Show Member Adds or deletes VLAN members for an MST instance 224

Show Information Displays MSTP values used for the bridge

Configure Interface 228

Configure Configures interface settings for an MST instance 228

Show Information Displays interface settings for an MST instance 228

– 89 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Traffic

Rate Limit Sets the input and output rate limits for a port 231

Storm Control Sets the broadcast storm threshold for each interface 233

Priority

Default Priority Sets the default priority for each port or trunk 235

Queue Sets queue mode for the switch; sets the service weight for each

Trust Mode Selects DSCP or CoS priority processing 242

DSCP to DSCP 243

Configure Maps DSCP values in incoming packets to per-hop behavior and

Show Shows the DSCP to DSCP mapping list 243

CoS to DSCP 246

queue that will use a weighted or hybrid mode

drop precedence values for internal priority processing

236

243

Configure Maps CoS/CFI values in incoming packets to per-hop behavior and

Show Shows the CoS to DSCP mapping list 246

PHB to Queue 239

Configure Maps internal per-hop behavior values to hardware queues 239

Show Shows the PHB to Queue mapping list 239

DiffServ 249

Configure Class 250

Add Creates a class map for a type of traffic 250

Show Shows configured class maps 250

Modify Modifies the name of a class map 250

Add Rule Configures the criteria used to classify ingress traffic 250

Show Rule Shows the traffic classification rules for a class map 250

Configure Policy 253

Add Creates a policy map to apply to multiple interfaces 253

Show Shows configured policy maps 253

Modify Modifies the name of a policy map 253

Add Rule Sets the boundary parameters used for monitoring inbound traffic,

Show Rule Shows the rules used to enforce bandwidth policing for a policy map253

drop precedence values for priority processing

and the action to take for conforming and non-conforming traffic

246

253

Configure Interface Applies a policy map to an ingress port 263

VoIP Voice over IP 265

Configure Global Configures auto-detection of VoIP traffic, sets the Voice VLAN, and

VLAN aging time

– 90 –

265

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Configure OUI 267

Add Maps the OUI in the source MAC address of ingress packets to the

Show Shows the OUI telephony list 267

Configure Interface Configures VoIP traffic settings for ports, including the way in which

Security 271

AAA Authentication, Authorization and Accounting 272

System Authentication Configures authentication sequence – local, RADIUS, and TACACS 273

Server 274

Configure Server Configures RADIUS and TACACS server message exchange settings274

Configure Group 274

Add Specifies a group of authentication servers and sets the priority

Show Shows the authentication server groups and priority sequence 274

Accounting Enables accounting of requested services for billing or security

Configure Global Specifies the interval at which the local accounting service updates

Configure Method 279

Add Configures accounting for various service types 279

Show Shows the accounting settings used for various service types 279

VoIP device manufacturer

a port is added to the Voice VLAN, filtering of non-VoIP packets, the
method of detecting VoIP traffic, and the priority assigned to the
voice traffic

sequence

purposes

information to the accounting server

267

269

274

279

279

Configure Service Sets the accounting method applied to specific interfaces for

Show Information 279

Summary Shows the configured accounting methods, and the methods

Statistics Shows basic accounting information recorded for user sessions 279

Authorization Enables authorization of requested services 284

Configure Method 284

Add Configures authorization for various service types 284

Show Shows the authorization settings used for various service types 284

Configure Service Sets the authorization method applied used for the console port,

Show Information Shows the configured authorization methods, and the methods

User Accounts 287

Add Configures user names, passwords, and access levels 287

Show Shows authorized users 287

Modify Modifies user attributes 287

802.1X, CLI command privilege levels for the console port, and for
Tel n e t

applied to specific interfaces

and for Telnet

applied to specific interfaces

279

279

284

284

– 91 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Web Authentication Allows authentication and access to the network when 802.1X or

Configure Global Configures general protocol settings 289

Configure Interface Enables Web Authentication for individual ports 290

Network Access MAC address-based network access authentication 292

Configure Global Enables aging for authenticated MAC addresses, and sets the time

Configure Interface 295

General Enables MAC authentication on a port; sets the maximum number

Link Detection Configures detection of changes in link status, and the response

Configure MAC Filter 298

Add Specifies MAC addresses exempt from authentication 298

Network Access authentication are infeasible or impractical

period after which a connected MAC address must be
reauthenticated

of address that can be authenticated, the guest VLAN, dynamic
VLAN and dynamic QoS

(i.e., send trap or shut down port)

289

294

295

297

Show Shows the list of exempt MAC addresses 298

Show Information Shows the authenticated MAC address list 300

HTTPS Secure HTTP 301

Configure Global Enables HTTPs, and specifies the UDP port to use 301

Copy Certificate Replaces the default secure-site certificate 303

SSH Secure Shell 304

Configure Global Configures SSH server settings 307

Configure Host Key 308

Generate Generates the host key pair (public and private) 308

Show Displays RSA and DSA host keys; deletes host keys 308

Configure User Key 310

Copy Imports user public keys from TFTP server 310

Show Displays RSA and DSA user keys; deletes user keys 310

ACL Access Control Lists 312

Configure Time Range Configures the time to apply an ACL 313

Add Specifies the name of a time range 313

Show Shows the name of configured time ranges 313

Add Rule 313

Absolute Sets exact time or time range 313

Periodic Sets a recurrent time 313

Show Rule Shows the time specified by a rule 313

Configure ACL 317

Show TCAM Shows utilization parameters for TCAM 316

– 92 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Add Adds an ACL based on IP or MAC address filtering 317

Show Shows the name and type of configured ACLs 317

Add Rule Configures packet filtering based on IP or MAC addresses and other

Show Rule Shows the rules specified for an ACL 317

Configure Interface Binds a port to the specified ACL and time range 331

ARP Inspection 332

packet attributes

317

Configure General Enables inspection globally, configures validation of additional

Configure VLAN Enables ARP inspection on specified VLANs 335

Configure Interface Sets the trust mode for ports, and sets the rate

Show Information

Show Statistics Displays statistics on the inspection process 338

Show Log Shows the inspection log list 339

IP Filter 340

Add Sets IP addresses of clients allowed management access via the

Show Shows the addresses to be allowed management access 340

Port Security Configures per port security, including status, response for security

Port Authentication IEEE 802.1X 344

Configure Global Enables authentication and EAPOL pass-through 346

Configure Interface Sets authentication parameters for individual ports 347

Show Statistics Displays protocol statistics for the selected port 353

IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table,

Port Configuration Enables IP source guard and selects filter type per port 356

Static Binding 358

address components, and sets the log rate for packet inspection

limit for packet inspection

web, SNMP, and Telnet

breach, and maximum allowed MAC addresses

or dynamic entries in the DHCP Snooping table

333

337

340

342

356

Add Adds static addresses to the source-guard binding table 358

Show Shows static addresses in the source-guard binding table 358

Dynamic Binding Displays the source-guard binding table for a selected interface 360

Administration 369

Log 370

System 370

Configure Global Stores error messages in local memory 370

Show System Logs Shows logged error messages 370

Remote Configures the logging of messages to a remote logging process 372

SMTP Sends an SMTP client message to a participating server 373

– 93 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

LLDP 375

Configure Global Configures global LLDP timing parameters 375

Configure Interface Sets the message transmission mode; enables SNMP notification;

Show Local Device Information 380

General Displays general information about the local device 380

Port/Trunk Displays information about each interface 380

Show Remote Device Information 383

Port/Trunk Displays information about a remote device connected to a port on

and sets the LLDP attributes to advertise

this switch

377

383

Port/Trunk Details Displays detailed information about a remote device connected to

Show Device Statistics 388

General Displays statistics for all connected remote devices 388

Port/Trunk Displays statistics for remote devices on a selected port or trunk 388

SNMP Simple Network Management Protocol 389

Configure Global Enables SNMP agent status, and sets related trap functions 392

Configure Engine 393

Set Engine ID Sets the SNMP v3 engine ID on this switch 393

Add Remote Engine Sets the SNMP v3 engine ID for a remote device 394

Show Remote Engine Shows configured engine ID for remote devices 394

Configure View 395

Add View Adds an SNMP v3 view of the OID MIB 395

Show View Shows configured SNMP v3 views 395

Add OID Subtree Specifies a part of the subtree for the selected view 395

Show OID Subtree Shows the subtrees assigned to each view 395

Configure Group 398

Add Adds a group with access policies for assigned users 398

Show Shows configured groups and access policies 398

Configure User

this switch

383

Add Community Configures community strings and access mode 401

Show Community Shows community strings and access mode 401

Add SNMPv3 Local User Configures SNMPv3 users on this switch 403

Show SNMPv3 Local User Shows SNMPv3 users configured on this switch 403

Change SNMPv3 Local User Group Assign a local user to a new group 403

Add SNMPv3 Remote User Configures SNMPv3 users from a remote device 405

Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device 403

– 94 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Configure Trap 408

Add Configures trap managers to receive messages on key events that

Show Shows configured trap managers 408

RMON Remote Monitoring 412

Configure Global

Add

Alarm Sets threshold bounds for a monitored variable 413

Event Creates a response event for an alarm 416

Show

Alarm Shows all configured alarms 413

Event Shows all configured events 416

Configure Interface

Add

History Periodically samples statistics on a physical interface 418

Statistics Enables collection of statistics on a physical interface 421

Show

History Shows sampling parameters for each entry in the history group 418

Statistics Shows sampling parameters for each entry in the statistics group 421

Show Details

History Shows sampled data for each entry in the history group 418

occur this switch

408

Statistics Shows sampled data for each entry in the history group 421

Cluster 424

Configure Global Globally enables clustering for the switch; sets Commander status 424

Configure Member Adds switch Members to the cluster 426

Show Member Shows cluster switch member; managed switch members 427

ERPS Ethernet Ring Protection Switching 428

Configure Global Activates ERPS globally 431

Configure Domain 432

Add Creates an ERPS ring 432

Show Shows list of configured ERPS rings, status, and settings 432

Configure Details Configures ring parameters 432

CFM Connectivity Fault Management 437

Configure Global Configures global settings, including administrative status, cross-

Configure Interface Configures administrative status on an interface 444

check start delay, link trace, and SNMP traps

– 95 –

440

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Configure MD Configure Maintenance Domains 444

Add Defines a portion of the network for which connectivity faults can

Configure Details Configures the archive hold time and fault notification settings 444

Show Shows list of configured maintenance domains 444

Configure MA Configure Maintenance Associations 449

Add Defines a unique CFM service instance, identified by its parent MD,

Configure Details Configures detailed settings, including continuity check status and

Show Shows list of configured maintenance associations 449

Configure MEP Configures Maintenance End Points 454

Add Configures MEPs at the domain boundary to provide management

Show Shows list of configured maintenance end points 454

Configure Remote MEP Configures Remote Maintenance End Points 456

Add Configures a static list of remote MEPs for comparison against

Show Shows list of configured remote maintenance end points 456

Tra nsmi t L i nk Tra ce S e n ds l i n k t ra c e mes s ages to isolate connectivity faults by

be managed, identified by an MD index, maintenance level, and the
MIP creation method

the MA index, the VLAN assigned to the MA, and the MIP creation
method

interval level, cross-check status, and alarm indication signal
parameters

access for each maintenance association

the MEPs learned through continuity check messages

tracing the path through a network to the designated target node

444

449

449

454

456

458

Transmit Loopback Sends loopback messages to isolate connectivity faults by

Transmit Delay Measure Sends periodic delay-measure requests to a specified MEP within a

Show Information

Show Local MEP Shows the MEPs configured on this device 464

Show Local MEP Details Displays detailed CFM information about a specified local MEP in the

Show Local MIP Shows the MIPs on this device discovered by the CFM protocol 467

Show Remote MEP Shows MEPs located on other devices which have been discovered

Show Remote MEP Details Displays detailed CFM information about a specified remote MEP in

Show Link Trace Cache Shows information about link trace operations launched from this

Show Fault Notification Generator Displays configuration settings for the fault notification generator 473

Show Continuity Check Error Displays CFM continuity check errors logged on this device 474

OAM Operation, Administration, and Maintenance

Interface Enables OAM on specified port, sets the mode to active or passive,

requesting a target node to echo the message back to the source

maintenance association

continuity check database

through continuity check messages, or statically configured in the
MEP database

the continuity check database

device

and enables the reporting of critical events or errored frame events

460

462

465

468

469

471

475

– 96 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Counters Displays statistics on OAM PDUs 478

Event Log Displays the log for recorded link events 479

Remote Interface Displays information about attached OAM-enabled devices 480

Remote Loopback

Remote Loopback Test Performs a loopback test on the specified port 481

Show Test Result Displays the results of remote loop back testing 483

IP 485

General

Ping Sends ICMP echo request packets to another node on the network 485

ARP Address Resolution Protocol 486

Configure General Sets the aging time for dynamic entries in the ARP cache 487

Show Information Shows entries in the Address Resolution Protocol (ARP) cache 488

IPv6 Configuration 493

Configure Global Sets an IPv6 default gateway for traffic with no known next hop 493

Configure Interface Configures IPv6 interface address using auto-configuration or link-

Add IPv6 Address Adds global unicast, EUI-64, or link-local IPv6 address to an

local address, and sets related protocol settings

interface

494

497

Show IPv6 Address Shows the IPv6 addresses assigned to an interface 500

Show IPv6 Neighbor Cache Displays information in the IPv6 neighbor discovery cache 501

Show Statistics 503

IPv6 Shows statistics about IPv6 traffic 503

ICMPv6 Shows statistics about ICMPv6 messages 503

UDP Shows statistics about UDP messages 503

Show MTU Shows the maximum transmission unit (MTU) cache for destinations

IP Service 509

DNS Domain Name Service

General 509

Configure Global Enables DNS lookup; defines the default domain name appended to

Add Domain Name Defines a list of domain names that can

Show Domain Names Shows the configured domain name list 510

Add Name Server Specifies IP address of name servers for dynamic lookup 512

Show Name Servers Shows the name server address list 512

Static Host Table 513

that have returned an ICMP packet-too-big message along with an
acceptable MTU to this switch

incomplete host names

be appended to incomplete host names

508

509

510

Add Configures static entries for domain name to address mapping 513

– 97 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Show Shows the list of static mapping entries 513

Modify Modifies the static address mapped to the selected host name 513

Cache Displays cache entries discovered by designated

name servers

DHCP Dynamic Host Configuration Protocol

Snooping 362

514

Configure Global Enables DHCP snooping globally, MAC-address verification,

Configure VLAN Enables DHCP snooping on a VLAN 365

Configure Interface Sets the trust mode for an interface 366

Show Information Displays the DHCP Snooping binding information 367

Multicast 517

IGMP Snooping 518

General Enables multicast filtering; configures parameters for multicast

Multicast Router 524

Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 524

Show Static Multicast Router Displays ports statically configured as attached to a neighboring

Show Current Multicast Router Displays ports attached to a neighboring multicast router, either

IGMP Member 525

Add Static Member Statically assigns multicast addresses to the selected VLAN 525

Show Static Member Shows multicast addresses statically configured on the selected

Show Current Member Shows multicast addresses associated with the selected VLAN,

Interface 528

Configure VLAN Configures IGMP snooping per VLAN interface 528

information option; and sets the information policy

snooping

multicast router

through static or dynamic configuration

VLAN

either through static or dynamic configuration

364

520

524

524

525

525

Show VLAN Information Shows IGMP snooping settings per VLAN interface 528

Forwarding Entry Displays the current multicast groups learned through IGMP

Filter 534

Configure General Enables IGMP filtering for the switch 534

Configure Profile 535

Add Adds IGMP filter profile; and sets access mode 535

Show Shows configured IGMP filter profiles 535

Add Multicast Group Range Assigns multicast groups to selected profile 535

Show Multicast Group Range Shows multicast groups assigned to a profile 535

Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling

Snooping

action

– 98 –

533

537

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

MVR Multicast VLAN Registration 539

Configure General Globally enables MVR, sets the MVR VLAN and forwarding priority 541

Configure Group Range 542

Add Configures multicast stream addresses 542

Show Shows multicast stream addresses 542

Configure Interface Configures MVR interface type and immediate leave mode; also

Configure Static Group Member 546

Add Statically assigns MVR multicast streams to an interface 546

Show Shows MVR multicast streams assigned to an interface 546

displays MVR operational and active status

543

Show Member Shows the multicast groups assigned to an MVR VLAN, the source

address of the multicast services, and the interfaces with active
subscribers

547

– 99 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

– 100 –