Digisol DG-FS4528P Management Manual

TM

DG-FS4528P

Layer 2 Fast Ethernet Managed POE Switch

Management Guide

V1.0

2011-12-12

MUSTANG 4000 Managed Switch Series

As our product undergoes continuous development the specifications are subject to change without prior notice

Management Guide

M

ANAGEMENT

G

UIDE

FAST ETHERNET SWITCH

DG-FS4528P
Layer 2 Workgroup Switch
with Power over Ethernet,
24 10/100BASE-TX (RJ-45) Ports,
2 10/100/1000BASE-T (RJ-45) Ports
and 2 Gigabit Combination Ports (RJ-45/SFP)

DG-FS4528P

ABOUT THIS GUIDE

PURPOSE This guide gives specific information on how to operate and use the

management functions of the switch.

AUDIENCE The guide is intended for use by network administrators who are

responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).

CONVENTIONS The following conventions are used throughout this guide to show

information:

N

OTE

:

Emphasizes important information or calls your attention to related

features or instructions.

C

AUTION

damage the system or equipment.

W

ARNING

:

Alerts you to a potential hazard that could cause loss of data, or

:

Alerts you to a potential hazard that could cause personal injury.

RELATED PUBLICATIONS The following publication details the hardware features of the switch,

including the physical and performance-related characteristics, and how to
install the switch:

The Installation Guide

Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.

DECEMBER 2010 REVISION

This is the first revision of this guide.

– 5 –

CONTENTS

ABOUT THIS GUIDE 5

C

ONTENTS 6

IGURES 34

F

T

ABLES 41

SECTION I GETTING STARTED 46

1INTRODUCTION 47

Key Features 47

Description of Software Features 48

System Defaults 53

2INITIAL SWITCH CONFIGURATION 56

Connecting to the Switch 56

Configuration Options 56

Required Connections 57

Remote Connections 58

Basic Configuration 59

Console Connection 59

Setting Passwords 59

Setting an IP Address 60

Manual Configuration 60

Dynamic Configuration 61

Downloading a Configuration File Referenced by a DHCP Server 62

Enabling SNMP Management Access 64

Community Strings (for SNMP version 1 and 2c clients) 65

Trap Receivers 65

Configuring Access for SNMP Version 3 Clients 66

Managing System Files 66

Saving or Restoring Configuration Settings 67

Configuring Power over Ethernet 68

– 6 –

C

ONTENTS

SECTION II WEB CONFIGURATION 70

3USING THE WEB INTERFACE 71

Connecting to the Web Interface 71

Navigating the Web Browser Interface 72

Home Page 72

Configuration Options 73

Panel Display 73

Main Menu 74

4BASIC MANAGEMENT TASKS 83

Displaying System Information 84

Displaying Switch Hardware/Software Versions 85

Displaying Bridge Extension Capabilities 87

Setting the Switch’s IP Address 88

Configuring Support for Jumbo Frames 93

Displaying CPU Utilization 94

Displaying Memory Utilization 95

Managing System Files 96

Automatic Operation Code Upgrade 96

Copying Operation Code via FTP or TFTP 100

Saving or Restoring Configuration Settings 102

Copying Files Using HTTP 104

Deleting Files 106

Setting The Start-Up File 106

Console Port Settings 107

Telnet Settings 109

Configuring Event Logging 110

System Log Configuration 110

Remote Log Configuration 112

Sending Simple Mail Transfer Protocol Alerts 114

Resetting the System 115

Setting the System Clock 117

Setting the Time Manually 117

Configuring SNTP 118

Configuring NTP 119

Setting the Time Zone 121

– 7 –

C

ONTENTS

Configuring Summer Time 122

UPnP 124

UPnP Configuration 125

Switch Clustering 126

Configuring General Settings for Clusters 127

Cluster Member Configuration 128

Displaying Information on Cluster Members 129

Cluster Candidate Information 130

5SIMPLE NETWORK MANAGEMENT PROTOCOL 131

Overview 131

Setting Community Access Strings 133

Specifying Trap Managers and Trap Types 135

Configuring MAC Notification Traps for Interfaces 138

Enabling the SNMP Agent 139

Setting the Local Engine ID 140

Specifying a Remote Engine ID 141

Configuring Local SNMPv3 Users 142

Configuring Remote SNMPv3 Users 143

Configuring SNMPv3 Groups 146

Setting SNMPv3 Views 149

6SAMPLING TRAFFIC FLOWS 151

Overview 151

Configuring sFlow Global Parameters 152

Configuring sFlow Port Parameters 153

7SECURITY MEASURES 155

Configuring User Accounts 156

Configuring Local/Remote Logon Authentication 157

Configuring Encryption Keys 161

AAA Authorization and Accounting 162

Configuring AAA RADIUS Group Settings 163

Configuring AAA TACACS+ Group Settings 164

Configuring AAA Accounting Settings 165

Configuring AAA Accounting Update Time 167

AAA Accounting 802.1X Port Settings 167

Configuring AAA Accounting Exec Command Privileges 168

Configuring AAA Accounting Exec Settings 169

– 8 –

C

ONTENTS

Displaying the AAA Accounting Summary 170

Configuring Authorization Settings 171

Configuring Authorization EXEC Settings 172

Authorization Summary 173

Configuring HTTPS 174

Configuring Global Settings for HTTPS 174

Replacing the Default Secure-site Certificate 175

Configuring the Secure Shell 177

Configuring the SSH Server 180

Generating the Host Key Pair 181

Importing User Public Keys 183

Configuring Port Security 185

Configuring 802.1X Port Authentication 187

Displaying 802.1X Global Settings 188

Configuring 802.1X Global Settings 189

Configuring Authenticator Port Settings for 802.1X 190

Configuring Supplicant Port Settings for 802.1X 192

Displaying 802.1X Authenticator Statistics 194

Displaying 802.1X Supplicant Statistics 196

Web Authentication 197

Configuring Global Settings for Web Authentication 198

Configuring Interface Settings for Web Authentication 199

Displaying Web Authentication Port Information 199

Re-authenticating Web Authenticated Ports 200

Network Access (MAC Address Authentication) 201

Configuring Global Settings for Network Access 204

Configuring Network Access for Ports 205

Configuring Port Link Detection 206

Displaying Secure MAC Address Information 207

Configuring a MAC Address Filter 209

Access Control Lists 210

Setting the ACL Name and Type 211

Configuring a Standard IPv4 ACL 212

Configuring an Extended IPv4 ACL 213

Configuring a Standard IPv6 ACL 216

Configuring an Extended IPv6 ACL 217

– 9 –

C

ONTENTS

Configuring a MAC ACL 218

Configuring an ARP ACL 220

Binding a Port to an Access Control List 222

Showing TCAM Utilization 223

ARP Inspection 224

Configuring Global Settings for ARP Inspection 225

Configuring VLAN Settings for ARP Inspection 227

Configuring Interface Settings for ARP Inspection 229

Displaying the ARP Inspection Log 230

Displaying ARP Inspection Statistics 231

Filtering IP Addresses for Management Access 232

DHCP Snooping 234

DHCP Snooping Configuration 236

DHCP Snooping VLAN Configuration 236

DHCP Snooping Information Option Configuration 237

Configuring Ports for DHCP Snooping 240

Displaying DHCP Snooping Binding Information 241

IP Source Guard 242

Configuring Ports for IP Source Guard 242

Configuring Static Bindings for IP Source Guard 244

Displaying Information for Dynamic IP Source Guard Bindings 246

8INTERFACE CONFIGURATION 248

Port Configuration 248

Displaying Connection Status 248

Configuring Interface Connections 249

Trunk Configuration 252

Configuring a Static Trunk 253

Enabling LACP on Selected Ports 255

Configuring Parameters for LACP Group Members 256

Configuring Parameters for LACP Groups 258

Displaying LACP Port Counters 259

Displaying LACP Settings and Status for the Local Side 260

Displaying LACP Settings and Status for the Remote Side 262

Storm Control Configuration 263

Setting Broadcast Storm Thresholds 264

Setting Multicast Storm Thresholds 265

– 10 –

C

ONTENTS

Setting Unknown Unicast Storm Thresholds 266

Mirror Configuration 268

Configuring Port Mirroring 268

Configuring MAC Address Mirroring 269

Configuring Rate Limits 271

VLAN Trunking 272

Performing Cable Diagnostics 274

Showing Port or Trunk Statistics 275

9POWER OVER ETHERNET SETTINGS 280

Overview 280

Switch Power Status 281

Setting a Switch Power Budget 281

Displaying Port Power Status 282

Configuring Port PoE Power 283

10 ADDRESS TABLE SETTINGS 285

Setting Static Addresses 285

Displaying the Dynamic Address Table 287

Changing the Aging Time 288

11 SPANNING TREE ALGORITHM 290

Overview 290

Configuring Loopback Detection 293

Displaying Global Settings for STA 294

Configuring Global Settings for STA 296

Displaying Interface Settings for STA 300

Configuring Interface Settings for STA 303

Spanning Tree Edge Port Configuration 306

Configuring Multiple Spanning Trees 308

Displaying Interface Settings for MSTP 310

Configuring Interface Settings for MSTP 311

12 LAYER 2 PROTOCOL TUNNELING 313

Overview 313

Configuring the Tunnel Address for Uplink Traffic 313

Enabling Tunneling for Interfaces 314

13 VLAN CONFIGURATION 318

IEEE 802.1Q VLANs 318

Configuring Global Settings for Dynamic VLAN Registration 322

– 11 –

C

ONTENTS

Displaying Basic VLAN Information 322

Displaying Current VLANs 323

Configuring VLAN Groups 324

Adding Static Members to VLANs 325

Adding VLAN Groups to Interfaces 327

Configuring VLAN Attributes for Interfaces 328

IEEE 802.1Q Tunneling 330

Enabling QinQ Tunneling on the Switch 334

Adding an Interface to a QinQ Tunnel 335

Traffic Segmentation 336

Configuring Global Settings 336

Configuring Uplink and Downlink Ports 337

Private VLANs 338

Displaying Private VLANs 339

Creating Private VLANs 340

Associating Private VLANs 341

Displaying Private VLAN Interface Information 341

Configuring Private VLAN Interfaces 343

Protocol VLANs 344

Configuring Protocol VLAN Groups 345

Mapping Protocol Groups to VLANs 346

Configuring VLAN Mirroring 347

Configuring IP Subnet VLANs 349

Configuring MAC-based VLANs 350

14 LINK LAYER DISCOVERY PROTOCOL 352

Overview 352

Setting LLDP Timing Attributes 353

Configuring LLDP Interface Attributes 355

Displaying LLDP Local Device Information 358

Displaying LLDP Remote Port Information 360

Displaying LLDP Remote Information Details 361

Displaying Device Statistics 363

Displaying Detailed Device Statistics 364

15 CLASS OF SERVICE 366

Layer 2 Queue Settings 366

Setting the Default Priority for Interfaces 366

– 12 –

C

ONTENTS

Mapping CoS Values to Egress Queues 367

Selecting the Queue Mode 369

Displaying the Service Weight for Traffic Classes 370

Layer 3/4 Priority Settings 371

Enabling IP DSCP Priority 371

Mapping DSCP Priority 372

16 QUALITY OF SERVICE 374

Overview 374

Configuring a Class Map 375

Creating QoS Policies 378

Attaching a Policy Map to a Port 382

17 VOIP TRAFFIC CONFIGURATION 384

Overview 384

Configuring VoIP Traffic 385

Configuring VoIP Traffic Ports 386

Configuring Telephony OUI 388

18 MULTICAST FILTERING 390

Overview 390

Layer 2 IGMP (Snooping and Query) 391

Configuring IGMP Snooping and Query Parameters 392

Enabling IGMP Immediate Leave 394

Displaying Interfaces Attached to a Multicast Router 396

Specifying Static Interfaces for a Multicast Router 396

Displaying Port Members of Multicast Services 397

Assigning Interfaces to Multicast Services 398

Filtering and Throttling IGMP Groups 399

Enabling IGMP Filtering and Throttling 400

Configuring IGMP Filter Profiles 401

Configuring IGMP Filtering and Throttling for Interfaces 402

Multicast VLAN Registration 404

Configuring Global MVR Settings 405

Displaying MVR Interface Status 406

Displaying Port Members of Multicast Groups 407

Configuring MVR Interface Status 408

Assigning Static Multicast Groups to Interfaces 410

Configuring MVR Receiver VLAN and Group Addresses 411

– 13 –

C

ONTENTS

Displaying MVR Receiver Groups 412

Configuring Static MVR Receiver Group Members 413

19 DOMAIN NAME SERVICE 415

Configuring General DNS Service Parameters 415

Configuring Static DNS Host to Address Entries 417

Displaying the DNS Cache 418

SECTION III COMMAND LINE INTERFACE 420

20 USING THE COMMAND LINE INTERFACE 422

Accessing the CLI 422

Console Connection 422

Telnet Connection 423

Entering Commands 424

Keywords and Arguments 424

Minimum Abbreviation 424

Command Completion 424

Getting Help on Commands 425

Showing Commands 425

Partial Keyword Lookup 426

Negating the Effect of Commands 427

Using Command History 427

Understanding Command Modes 427

Exec Commands 427

Configuration Commands 428

Command Line Processing 430

Output Modifiers and Redirection 431

CLI Command Groups 431

21 GENERAL COMMANDS 434

prompt 434

reload (Global Configuration) 435

enable 436

quit 437

show history 437

configure 438

disable 439

– 14 –

C

ONTENTS

reload (Privileged Exec) 439

show reload 440

end 440

exit 440

22 SYSTEM MANAGEMENT COMMANDS 442

Device Designation 442

hostname 443

Banner Information 443

banner configure 444

banner configure company 445

banner configure dc-power-info 446

banner configure department 446

banner configure equipment-info 447

banner configure equipment-location 448

banner configure ip-lan 448

banner configure lp-number 449

banner configure manager-info 450

banner configure mux 450

banner configure note 451

show banner 452

System Status 452

show access-list tcam-utilization 453

show memory 453

show process cpu 453

show running-config 454

show startup-config 455

show system 456

show tech-support 457

show users 457

show version 458

Frame Size 459

jumbo frame 459

File Management 460

boot system 461

copy 462

delete 465

– 15 –

C

ONTENTS

delete non-active 465

dir 466

whichboot 467

upgrade opcode auto 467

upgrade opcode path 469

show upgrade 470

Line 470

line 471

databits 472

exec-timeout 472

login 473

parity 474

password 475

password-thresh 476

silent-time 476

speed 477

stopbits 478

timeout login response 478

disconnect 479

show line 479

Event Logging 480

logging facility 481

logging history 481

logging host 482

logging on 483

logging trap 483

clear log 484

show log 485

show logging 485

SMTP Alerts 487

logging sendmail 487

logging sendmail destination-email 487

logging sendmail host 488

logging sendmail level 489

logging sendmail source-email 489

show logging sendmail 490

– 16 –

C

ONTENTS

Time 490

sntp client 491

sntp poll 492

sntp server 492

show sntp 493

ntp authenticate 494

ntp authentication-key 494

ntp client 495

ntp server 496

show ntp 497

clock summer-time (date) 498

clock summer-time (predefined) 499

clock summer-time (recurring) 500

clock timezone 502

clock timezone-predefined 502

calendar set 503

show calendar 504

Time Range 504

time-range 504

absolute 505

periodic 506

show time-range 507

Switch Clustering 507

cluster 508

cluster commander 509

cluster ip-pool 509

cluster member 510

rcommand 511

show cluster 511

show cluster members 512

show cluster candidates 512

UPnP 512

upnp device 513

upnp device ttl 513

upnp device advertise duration 514

show upnp 514

– 17 –

C

ONTENTS

23 SNMP COMMANDS 516

snmp-server 517

snmp-server community 518

snmp-server contact 518

snmp-server location 519

show snmp 519

snmp-server engine-id 520

snmp-server group 522

snmp-server user 523

snmp-server view 524

show snmp engine-id 525

show snmp group 526

show snmp user 527

show snmp view 528

snmp-server enable traps 528

snmp-server host 530

snmp-server enable traps mac-notification 532

snmp-server enable port-traps mac-notification 533

show snmp-server enable port-traps interface 534

24 FLOW SAMPLING COMMANDS 535

sflow 535

sflow source 536

sflow sample 537

sflow polling-interval 537

sflow owner 538

sflow timeout 538

sflow destination 539

sflow max-header-size 539

sflow max-datagram-size 540

show sflow 540

25 AUTHENTICATION COMMANDS 542

User Accounts 543

enable password 543

username 544

Authentication Sequence 545

authentication enable 545

– 18 –

C

ONTENTS

authentication login 546

RADIUS Client 547

radius-server acct-port 547

radius-server auth-port 548

radius-server host 548

radius-server key 549

radius-server retransmit 550

radius-server timeout 550

show radius-server 551

TACACS+ Client 551

tacacs-server 552

tacacs-server host 552

tacacs-server key 553

tacacs-server port 553

tacacs-server retransmit 554

tacacs-server timeout 554

show tacacs-server 555

AAA 555

aaa accounting commands 556

aaa accounting dot1x 557

aaa accounting exec 558

aaa accounting update 559

aaa authorization exec 559

aaa group server 560

server 561

accounting dot1x 561

accounting commands 562

accounting exec 562

authorization exec 563

show accounting 564

Web Server 565

ip http port 565

ip http secure-port 566

ip http secure-server 566

ip http server 568

Telnet Server 568

– 19 –

C

ONTENTS

ip telnet server 569

Secure Shell 569

ip ssh authentication-retries 572

ip ssh server 573

ip ssh server-key size 573

ip ssh timeout 574

delete public-key 575

ip ssh crypto host-key generate 575

ip ssh crypto zeroize 576

ip ssh save host-key 577

show ip ssh 577

show public-key 577

show ssh 578

802.1X Port Authentication 579

dot1x default 580

dot1x eapol-pass-through 580

dot1x system-auth-control 581

dot1x intrusion-action 581

dot1x max-req 582

dot1x operation-mode 582

dot1x port-control 583

dot1x re-authentication 584

dot1x timeout quiet-period 584

dot1x timeout re-authperiod 585

dot1x timeout supp-timeout 585

dot1x timeout tx-period 586

dot1x re-authenticate 586

dot1x identity profile 587

dot1x max-start 588

dot1x pae supplicant 588

dot1x timeout auth-period 589

dot1x timeout held-period 589

dot1x timeout start-period 590

show dot1x 590

Management IP Filter 593

management 593

– 20 –

C

ONTENTS

show management 594

PPPoE Intermediate Agent 595

pppoe intermediate-agent 596

pppoe intermediate-agent format-type 596

pppoe intermediate-agent port-enable 597

pppoe intermediate-agent port-format-type 598

pppoe intermediate-agent trust 599

pppoe intermediate-agent vendor-tag strip 599

clear pppoe intermediate-agent statistics 600

show pppoe intermediate-agent info 600

show pppoe intermediate-agent statistics 601

26 GENERAL SECURITY MEASURES 602

Port Security 603

port security 603

Network Access (MAC Address Authentication) 605

network-access aging 606

network-access mac-filter 606

mac-authentication reauth-time 607

network-access dynamic-qos 608

network-access dynamic-vlan 609

network-access guest-vlan 609

network-access link-detection 610

network-access link-detection link-down 611

network-access link-detection link-up 611

network-access link-detection link-up-down 612

network-access max-mac-count 612

network-access mode mac-authentication 613

network-access port-mac-filter 614

mac-authentication intrusion-action 615

mac-authentication max-mac-count 615

clear network-access mac-address-table 616

show network-access 616

show network-access mac-address-table 617

show network-access mac-filter 618

Web Authentication 618

web-auth login-attempts 619

– 21 –

C

ONTENTS

web-auth quiet-period 620

web-auth session-timeout 620

web-auth system-auth-control 621

web-auth 621

web-auth re-authenticate (Port) 622

web-auth re-authenticate (IP) 622

show web-auth 623

show web-auth interface 623

show web-auth summary 624

DHCP Snooping 624

ip dhcp snooping 625

ip dhcp snooping information option 627

ip dhcp snooping information policy 628

ip dhcp snooping verify mac-address 629

ip dhcp snooping vlan 630

ip dhcp snooping information option circuit-id string 631

ip dhcp snooping trust 631

clear ip dhcp snooping database flash 632

ip dhcp snooping database flash 632

show ip dhcp snooping 633

show ip dhcp snooping binding 633

IP Source Guard 634

ip source-guard binding 634

ip source-guard 636

ip source-guard max-binding 637

show ip source-guard 638

show ip source-guard binding 638

ARP Inspection 639

ip arp inspection 640

ip arp inspection filter 641

ip arp inspection log-buffer logs 642

ip arp inspection validate 643

ip arp inspection vlan 643

ip arp inspection limit 644

ip arp inspection trust 645

show ip arp inspection configuration 646

– 22 –

C

ONTENTS

show ip arp inspection interface 646

show ip arp inspection log 647

show ip arp inspection statistics 647

show ip arp inspection vlan 647

27 ACCESS CONTROL LISTS 649

IPv4 ACLs 649

access-list ip 650

access-list rule-mode 651

permit, deny (Standard IP ACL) 652

permit, deny (Extended IPv4 ACL) 653

ip access-group 655

show ip access-group 656

show ip access-list 656

IPv6 ACLs 657

access-list ipv6 657

permit, deny (Standard IPv6 ACL) 658

permit, deny (Extended IPv6 ACL) 659

show ipv6 access-list 660

ipv6 access-group 661

show ipv6 access-group 662

MAC ACLs 662

access-list mac 662

permit, deny
(MAC ACL) 663

mac access-group 665

show mac access-group 666

show mac access-list 666

ARP ACLs 667

access-list arp 667

permit, deny (ARP ACL) 668

show arp access-list 669

ACL Information 670

show access-group 670

show access-list 670

28 INTERFACE COMMANDS 671

interface 672

capabilities 672

– 23 –

C

ONTENTS

description 673

flowcontrol 674

giga-phy-mode 675

mdix 676

media-type 677

negotiation 678

shutdown 678

speed-duplex 679

switchport packet-rate 680

clear counters 681

show interfaces brief 682

show interfaces counters 682

show interfaces status 684

show interfaces switchport 685

show interfaces transceiver 687

test cable-diagnostics tdr interface 688

show cable-diagnostics 689

29 LINK AGGREGATION COMMANDS 690

channel-group 691

lacp 692

lacp admin-key (Ethernet Interface) 693

lacp mode 694

lacp port-priority 695

lacp system-priority 696

lacp admin-key (Port Channel) 696

show lacp 697

30 POWER OVER ETHERNET COMMANDS 701

power mainpower maximum allocation 701

power inline compatible 702

power inline 703

power inline maximum allocation 704

power inline overload-auto-recover 704

power inline priority 705

show power inline status 706

show power mainpower 707

31 PORT MIRRORING COMMANDS 708

– 24 –

C

ONTENTS

port monitor 708

show port monitor 709

32 RATE LIMIT COMMANDS 711

rate-limit 711

33 AUTOMATIC TRAFFIC CONTROL COMMANDS 713

auto-traffic-control apply-timer 715

auto-traffic-control release-timer 716

auto-traffic-control 717

auto-traffic-control action 718

auto-traffic-control alarm-clear-threshold 719

auto-traffic-control alarm-fire-threshold 720

auto-traffic-control control-release 720

auto-traffic-control auto-control-release 721

snmp-server enable port-traps atc broadcast-alarm-clear 721

snmp-server enable port-traps atc broadcast-alarm-fire 722

snmp-server enable port-traps atc broadcast-control-apply 722

snmp-server enable port-traps atc broadcast-control-release 723

snmp-server enable port-traps atc multicast-alarm-clear 723

snmp-server enable port-traps atc multicast-alarm-fire 724

snmp-server enable port-traps atc multicast-control-apply 724

snmp-server enable port-traps atc multicast-control-release 725

show auto-traffic-control 725

show auto-traffic-control interface 726

34 LOOPBACK DETECTION COMMANDS 727

loopback-detection 728

loopback-detection mode 728

loopback-detection recover-time 729

loopback-detection transmit-interval 730

loopback-detection release 730

show loopback-detection 730

35 ADDRESS TABLE COMMANDS 732

mac-address-table aging-time 732

mac-address-table static 733

clear mac-address-table dynamic 734

show mac-address-table 734

show mac-address-table aging-time 735

– 25 –

C

ONTENTS

36 SPANNING TREE COMMANDS 736

spanning-tree 737

spanning-tree cisco-prestandard 738

spanning-tree forward-time 738

spanning-tree hello-time 739

spanning-tree max-age 740

spanning-tree mode 740

spanning-tree pathcost method 742

spanning-tree priority 742

spanning-tree mst configuration 743

spanning-tree system-bpdu-flooding 744

spanning-tree transmission-limit 744

max-hops 745

mst priority 745

mst vlan 746

name 747

revision 747

spanning-tree bpdu-filter 748

spanning-tree bpdu-guard 749

spanning-tree cost 750

spanning-tree edge-port 751

spanning-tree link-type 752

spanning-tree loopback-detection 753

spanning-tree loopback-detection release-mode 754

spanning-tree loopback-detection trap 755

spanning-tree mst cost 755

spanning-tree mst port-priority 756

spanning-tree portfast 757

spanning-tree port-bpdu-flooding 758

spanning-tree port-priority 758

spanning-tree root-guard 759

spanning-tree spanning-disabled 760

spanning-tree loopback-detection release 760

spanning-tree protocol-migration 761

show spanning-tree 762

show spanning-tree mst configuration 764

– 26 –

C

ONTENTS

37 EAPS COMMANDS 765

eaps 770

eaps domain 771

control-vlan 771

enable 772

failtime 772

hellotime 773

mode 774

port 775

protect-vlan 776

show eaps 776

38 ERPS COMMANDS 779

erps 782

erps domain 783

control-vlan 783

enable 784

guard-timer 785

holdoff-timer 785

meg-level 786

node-id 787

ring-port 787

rpl owner 788

wtr-timer 788

show erps 789

39 VLAN COMMANDS 792

GVRP and Bridge Extension Commands 793

bridge-ext gvrp 793

garp timer 794

switchport forbidden vlan 795

switchport gvrp 795

show bridge-ext 796

show garp timer 796

show gvrp configuration 797

Editing VLAN Groups 797

vlan database 798

vlan 798

– 27 –

C

ONTENTS

Configuring VLAN Interfaces 799

interface vlan 800

switchport acceptable-frame-types 800

switchport allowed vlan 801

switchport ingress-filtering 802

switchport mode 803

switchport native vlan 804

vlan-trunking 804

Displaying VLAN Information 806

show vlan 806

Configuring IEEE 802.1Q Tunneling 807

dot1q-tunnel system-tunnel-control 808

switchport dot1q-tunnel mode 809

switchport dot1q-tunnel service match cvid 810

switchport dot1q-tunnel tpid 811

show dot1q-tunnel 811

Configuring L2CP Tunneling 812

l2protocol-tunnel tunnel-dmac 812

switchport l2protocol-tunnel 813

show l2protocol-tunnel 816

Configuring Port-based Traffic Segmentation 816

pvlan 816

pvlan uplink/downlink 817

pvlan session 818

pvlan up-to-up 819

show pvlan 819

Configuring Private VLANs 820

private-vlan 821

private vlan association 822

switchport mode private-vlan 823

switchport private-vlan host-association 823

switchport private-vlan mapping 824

show vlan private-vlan 825

Configuring Protocol-based VLANs 825

protocol-vlan protocol-group (Configuring Groups) 826

protocol-vlan protocol-group (Configuring Interfaces) 827

– 28 –

C

ONTENTS

show protocol-vlan protocol-group 828

show protocol-vlan protocol-group-vid 829

Configuring IP Subnet VLANs 829

subnet-vlan 830

show subnet-vlan 831

Configuring MAC Based VLANs 831

mac-vlan 832

show mac-vlan 832

Configuring Voice VLANs 833

voice vlan 833

voice vlan aging 834

voice vlan mac-address 835

switchport voice vlan 836

switchport voice vlan priority 836

switchport voice vlan rule 837

switchport voice vlan security 838

show voice vlan 838

40 CLASS OF SERVICE COMMANDS 840

Priority Commands (Layer 2) 840

queue mode 841

queue cos-map 842

switchport priority default 843

show queue bandwidth 844

show queue cos-map 844

show queue mode 845

Priority Commands (Layer 3 and 4) 845

map ip dscp (Global Configuration) 845

map ip dscp (Interface Configuration) 846

show map ip dscp 847

41 QUALITY OF SERVICE COMMANDS 848

class-map 849

description 850

match 850

rename 852

policy-map 852

class 853

– 29 –

C

ONTENTS

police 854

set 855

service-policy 855

show class-map 856

show policy-map 857

show policy-map interface 857

42 MULTICAST FILTERING COMMANDS 859

IGMP Snooping 859

ip igmp snooping 860

ip igmp snooping leave-proxy 860

ip igmp snooping priority 861

ip igmp snooping version 862

ip igmp snooping vlan static 862

ip igmp snooping immediate-leave 863

show ip igmp snooping 864

show ip igmp snooping groups 864

show mac-address-table multicast 865

IGMP Query Commands 866

ip igmp snooping querier 866

ip igmp snooping query-count 867

ip igmp snooping query-interval 867

ip igmp snooping query-max-response-time 868

ip igmp snooping router-port-expire-time 869

Static Multicast Routing 869

ip igmp snooping vlan mrouter 870

show ip igmp snooping mrouter 870

IGMP Filtering and Throttling 871

ip igmp filter (Global Configuration) 872

ip igmp profile 872

permit, deny 873

range 873

ip igmp filter (Interface Configuration) 874

ip igmp max-groups 875

ip igmp max-groups action 875

show ip igmp filter 876

show ip igmp profile 877

– 30 –

C

ONTENTS

show ip igmp throttle interface 877

Multicast VLAN Registration 878

mvr 879

mvr group 879

mvr priority 880

mvr receiver-group 881

mvr receiver-vlan 881

mvr unspecified-source-ip 882

mvr vlan 883

mvr group 883

mvr immediate 884

mvr static-receiver-group 885

mvr type 886

show mvr 887

43 MLD SNOOPING COMMANDS 891

ipv6 mld snooping 892

ipv6 mld snooping robustness 892

ipv6 mld snooping router-port-expire-time 893

ipv6 mld snooping unknown-multicast mode 893

ipv6 mld snooping version 894

ipv6 mld snooping vlan mrouter 894

ipv6 mld snooping vlan static 895

ipv6 mld snooping immediate-leave 896

show ipv6 mld snooping 896

show ipv6 mld snooping group 897

show ipv6 mld snooping mrouter 897

44 LLDP COMMANDS 898

lldp 900

lldp holdtime-multiplier 900

lldp med-fast-start-count 901

lldp notification-interval 901

lldp refresh-interval 902

lldp reinit-delay 902

lldp tx-delay 903

lldp admin-status 904

lldp basic-tlv management-ip-address 904

– 31 –

C

ONTENTS

lldp basic-tlv port-description 905

lldp basic-tlv system-capabilities 906

lldp basic-tlv system-description 906

lldp basic-tlv system-name 907

lldp dot1-tlv proto-ident 907

lldp dot1-tlv proto-vid 908

lldp dot1-tlv pvid 908

lldp dot1-tlv vlan-name 909

lldp dot3-tlv link-agg 909

lldp dot3-tlv mac-phy 910

lldp dot3-tlv max-frame 910

lldp dot3-tlv poe 911

lldp med-notification 911

lldp med-tlv extpoe 912

lldp med-tlv inventory 912

lldp med-tlv location 913

lldp med-tlv med-cap 913

lldp med-tlv network-policy 914

lldp notification 914

show lldp config 915

show lldp info local-device 917

show lldp info remote-device 918

show lldp info statistics 919

45 DOMAIN NAME SERVICE COMMANDS 921

ip domain-list 921

ip domain-lookup 922

ip domain-name 923

ip host 924

ip name-server 925

clear dns cache 926

clear host 926

show dns 927

show dns cache 927

show hosts 928

46 DHCP COMMANDS 929

DHCP Client 929

– 32 –

C

ONTENTS

ip dhcp client class-id 929

ip dhcp restart 930

DHCP Relay 931

ip dhcp relay server 931

ip dhcp relay information option 932

ip dhcp relay information policy 935

show ip dhcp relay 936

47 IP INTERFACE COMMANDS 937

ip address 938

ip default-gateway 939

show ip interface 940

show ip redirects 940

ping 940

clear arp-cache 942

show arp 942

SECTION IV APPENDICES 943

ASOFTWARE SPECIFICATIONS 944

Software Features 944

Management Features 945

Standards 946

Management Information Bases 947

BTROUBLESHOOTING 948

Problems Accessing the Management Interface 948

Using System Logs 949

GLOSSARY 950

C

OMMAND LIST 958

NDEX 965

I

– 33 –

FIGURES

Figure 1: Home Page 72

Figure 2: Front Panel Indicators 73

Figure 3: System Information 85

Figure 4: General Switch Information 86

Figure 5: Displaying Bridge Extension Configuration 88

Figure 6: Configuring a Static IP Address 92

Figure 7: Configuring a Dynamic IPv4 Address 92

Figure 8: Configuring Support for Jumbo Frames 94

Figure 9: Displaying CPU Utilization 95

Figure 10: Displaying Memory Utilization 96

Figure 11: Configuring Automatic Code Upgrade 100

Figure 12: Copying Firmware 102

Figure 13: Copying Configuration Settings 104

Figure 14: Uploading Files Using HTTP 105

Figure 15: Downloading Files Using HTTP 105

Figure 16: Deleting Files 106

Figure 17: Setting the Start-up Code 107

Figure 18: Console Port Settings 108

Figure 19: Telnet Connection Settings 110

Figure 20: Configuring Settings for System Memory Logs 112

Figure 21: Showing Error Messages Logged to System Memory 112

Figure 22: Configuring Settings for Remote Logging of Error Messages 113

Figure 23: Configuring SMTP Alert Messages 115

Figure 24: Restarting the Switch 116

Figure 25: Manually Setting the System Clock 118

Figure 26: Configuring SNTP 119

Figure 27: Configuring NTP 120

Figure 28: Setting the Time Zone 122

Figure 29: Configuring Summer Time 124

Figure 30: Displaying UPnP Devices in Windows XP 125

Figure 31: Configuring UPnP 126

– 34 –

F

IGURES

Figure 32: Choosing a Cluster Member to Manage 127

Figure 33: Configuring a Switch Cluster 128

Figure 34: Configuring Cluster Members 129

Figure 35: Showing Cluster Members 129

Figure 36: Showing Cluster Candidates 130

Figure 37: Setting Community Access Strings 134

Figure 38: Configuring Trap Managers 138

Figure 39: Configuring MAC Notification for Interfaces 139

Figure 40: Enabling the SNMP Agent 139

Figure 41: Configuring the Local Engine ID for SNMP 140

Figure 42: Configuring a Remote Engine ID for SNMP 141

Figure 43: Configuring Local SNMPv3 Users 143

Figure 44: Configuring Remote SNMPv3 Users 145

Figure 45: Creating an SNMP Group 149

Figure 46: Creating an SNMP View 150

Figure 47: Configuring Global Settings for sFlow 153

Figure 48: Configuring Global Settings for sFlow 154

Figure 49: Configuring User Accounts 157

Figure 50: Authentication Server Operation 158

Figure 51: Configuring Authentication Settings 160

Figure 52: Configuring Encryption Keys 162

Figure 53: Configuring AAA RADIUS Server Groups 164

Figure 54: Configuring AAA TACACS+ Server Groups 165

Figure 55: Configuring the Methods Used for AAA Accounting 166

Figure 56: Configuring the Update Interval for AAA Accounting 167

Figure 57: Configuring 802.1X Port Settings for the Accounting Method 168

Figure 58: Configuring AAA Accounting Service for CLI Privilege Levels 169

Figure 59: Configuring AAA Accounting Service for Exec Service 169

Figure 60: Displaying a Summary of Applied AAA Accounting Methods 171

Figure 61: Configuring AAA Authorization Methods 172

Figure 62: Configuring AAA Authorization Methods for Exec Service 173

Figure 63: Displaying the Applied AAA Authorization Method 174

Figure 64: Configuring HTTPS 175

Figure 65: Downloading the Secure-Site Certificate 177

Figure 66: Configuring the SSH Server 181

Figure 67: Generating the SSH Host Key Pair 182

– 35 –

F

IGURES

Figure 68: Copying the SSH User’s Public Key 184

Figure 69: Configuring Port Security 186

Figure 70: Configuring Port Security 187

Figure 71: Displaying Global Settings for 802.1X Port Authentication 189

Figure 72: Configuring Global Settings for 802.1X Port Authentication 190

Figure 73: Configuring Interface Settings for 802.1X Port Authenticator 192

Figure 74: Configuring Interface Settings for 802.1X Port Supplicant 194

Figure 75: Showing Statistics for 802.1X Port Authenticator 195

Figure 76: Showing Statistics for 802.1X Port Supplicant 197

Figure 77: Configuring Global Settings for Web Authentication 198

Figure 78: Configuring Interface Settings for Web Authentication 199

Figure 79: Displaying Web Authentication Information for a Port 200

Figure 80: Re-authenticating a Web-Authenticated Host 201

Figure 81: Configuring Global Settings for Network Access 204

Figure 82: Configuring Interface Settings for Network Access 206

Figure 83: Configuring Link Detection for Network Access 207

Figure 84: Showing Addresses Authenticated for Network Access 209

Figure 85: Configuring a MAC Address Filter for Network Access 210

Figure 86: Creating an ACL 212

Figure 87: Configuring a Standard IPv4 ACL 213

Figure 88: Configuring an Extended IPv4 ACL 215

Figure 89: Configuring a Standard IPv6 ACL 217

Figure 90: Configuring an Extended IPv6 ACL 218

Figure 91: Configuring a MAC ACL 220

Figure 92: Configuring a ARP ACL 222

Figure 93: Binding a Port to an ACL 223

Figure 94: Showing TCAM Utilization 224

Figure 95: Configuring Global Settings for ARP Inspection 227

Figure 96: Configuring VLAN Settings for ARP Inspection 228

Figure 97: Configuring Interface Settings for ARP Inspection 230

Figure 98: Displaying the ARP Inspection Log 231

Figure 99: Displaying Statistics for ARP Inspection 232

Figure 100: Creating an IP Address Filter for Management Access 234

Figure 101: Configuring Global Settings for DHCP Snooping 236

Figure 102: Configuring DHCP Snooping on a VLAN 237

Figure 103: Configuring DHCP Snooping Information Option 240

– 36 –

F

IGURES

Figure 104: Configuring the Port Mode for DHCP Snooping 241

Figure 105: Displaying the Binding Table for DHCP Snooping 242

Figure 106: Setting the Filter Type for IP Source Guard 244

Figure 107: Configuring Static Bindings for IP Source Guard 245

Figure 108: Showing the IP Source Guard Binding Table 247

Figure 109: Displaying Port Information 249

Figure 110: Configuring Interface Connections 252

Figure 111: Configuring Static Trunks 253

Figure 112: Creating Static Trunks 254

Figure 113: Configuring Dynamic Trunks 255

Figure 114: Enabling LACP on a Port 256

Figure 115: Configuring LACP Parameters on a Port 258

Figure 116: Configuring the LACP Aggregator Admin Key 259

Figure 117: Displaying LACP Port Counters 260

Figure 118: Displaying LACP Port Internal Information 261

Figure 119: Displaying LACP Port Remote Information 263

Figure 120: Configuring Broadcast Storm Control 265

Figure 121: Configuring Multicast Storm Control 266

Figure 122: Configuring Unknown Unicast Storm Control 267

Figure 123: Configuring Port Mirroring 268

Figure 124: Configuring Port Mirroring 269

Figure 125: Mirroring Packets Based on the Source MAC Address 270

Figure 126: Configuring Rate Limits 272

Figure 127: Configuring VLAN Trunking 272

Figure 128: Configuring VLAN Trunking 273

Figure 129: Performing Cable Tests 275

Figure 130: Showing Port Statistics 279

Figure 131: Displaying the Global PoE Status 281

Figure 132: Setting the Switch Power Budget 282

Figure 133: Displaying Port PoE Status 283

Figure 134: Configuring Port PoE Power 284

Figure 135: Configuring Static MAC Addresses 286

Figure 136: Displaying the Dynamic MAC Address Table 288

Figure 137: Setting the Address Aging Time 289

Figure 138: STP Root Ports and Designated Ports 291

Figure 139: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 292

– 37 –

F

IGURES

Figure 140: Common Internal Spanning Tree, Common Spanning Tree, Internal

Spanning Tree 292

Figure 141: Configuring Port Loopback Detection 294

Figure 142: Displaying Global Settings for STA 295

Figure 143: Configuring Global Settings for STA 300

Figure 144: STA Port Roles 302

Figure 145: Displaying Interface Settings for STA 302

Figure 146: Configuring Interface Settings for STA 305

Figure 147: Configuring Edge Port Settings for STA 307

Figure 148: Creating an MST Instance 309

Figure 149: Displaying MSTP Interface Settings 310

Figure 150: Configuring MSTP Interface Settings 312

Figure 151: Setting the Layer 2 Protocol Tunnel Address 314

Figure 152: Enabling Layer 2 Protocol Tunneling 317

Figure 153: VLAN Compliant and VLAN Non-compliant Devices 320

Figure 154: Using GVRP 321

Figure 155: Configuring Global Status of GVRP 322

Figure 156: Displaying Basic VLAN Information 323

Figure 157: Displaying Current VLANs 324

Figure 158: Creating Static VLANs 325

Figure 159: Adding Static Members to VLANs 327

Figure 160: Adding VLAN Groups to an Interface 328

Figure 161: Adding VLAN Groups to an Interface 330

Figure 162: QinQ Operational Concept 331

Figure 163: Enabling QinQ Tunneling 335

Figure 164: Adding an Interface to a QinQ Tunnel 336

Figure 165: Configuring Global Settings for Traffic Segmentation 337

Figure 166: Configuring Members for Traffic Segmentation 338

Figure 167: Showing Private VLANs 339

Figure 168: Configuring Private VLANs 340

Figure 169: Associating Private VLANs 341

Figure 170: Displaying Private VLAN Interfaces 342

Figure 171: Configuring Interfaces for Private VLANs 344

Figure 172: Configuring Protocol VLANs 346

Figure 173: Assigning Protocols to VLANs 347

Figure 174: Configuring VLAN Mirroring 348

Figure 175: Configuring IP Subnet VLANs 350

– 38 –

F

IGURES

Figure 176: Configuring MAC-Based VLANs 351

Figure 177: Configuring LLDP Timing Attributes 354

Figure 178: Configuring LLDP Interface Attributes 358

Figure 179: Displaying Local Device Information for LLDP 360

Figure 180: Displaying Remote Device Information for LLDP 361

Figure 181: Displaying Remote Device Information Details for LLDP 363

Figure 182: Displaying LLDP Device Statistics 364

Figure 183: Displaying LLDP Detailed Device Statistics 365

Figure 184: Setting the Default Port Priority 367

Figure 185: Mapping CoS Values to Egress Queues 369

Figure 186: Setting the Queue Mode 370

Figure 187: Showing the Queue Bandwidth Allocation 371

Figure 188: Setting IP DSCP Priority Status 372

Figure 189: Mapping IP DSCP Priority Values 373

Figure 190: Creating a Class Map 377

Figure 191: Adding Rules to a Class Map 378

Figure 192: Creating a Policy Map 381

Figure 193: Adding Rules to a Policy Map 382

Figure 194: Attaching a Policy Map to a Port 383

Figure 195: Configuring a Voice VLAN 386

Figure 196: Configuring Port Settings for a Voice VLAN 387

Figure 197: Configuring an OUI Telephony List 388

Figure 198: Multicast Filtering Concept 390

Figure 199: Configuring General Settings for IGMP Snooping 394

Figure 200: Enabling IGMP Immediate Leave 395

Figure 201: Showing Static Interfaces Attached a Multicast Router 396

Figure 202: Configuring a Static Interface for a Multicast Router 397

Figure 203: Showing Port Members of Multicast Services 398

Figure 204: Assigning an Interface to a Multicast Service 399

Figure 205: Enabling IGMP Filtering and Throttling 401

Figure 206: Configuring an IGMP Filtering Profile 402

Figure 207: Configuring IGMP Filtering and Throttling Interface Settings 403

Figure 208: MVR Concept 404

Figure 209: Configuring Global Settings for MVR 406

Figure 210: Displaying MVR Interface Status 407

Figure 211: Displaying Port Members of Multicast Groups 408

– 39 –

F

IGURES

Figure 212: Configuring Interface Settings for MVR 410

Figure 213: Assigning Static MVR Groups to a Port 411

Figure 214: Configuring MVR Receiver VLAN and Group Addresses 412

Figure 215: Displaying MVR Receiver Groups 413

Figure 216: Configuring Static MVR Receiver Group Members 414

Figure 217: Configuring General Settings for DNS 416

Figure 218: Configuring Static Entries in the DNS Table 418

Figure 219: Showing Entries in the DNS Cache 419

Figure 220: Storm Control by Limiting the Traffic Rate 714

Figure 221: Storm Control by Shutting Down a Port 715

Figure 222: Configuring VLAN Trunking 805

– 40 –

TABLES

Table 1: Key Features 47

Table 2: System Defaults 53

Table 3: Options 60, 66 and 67 Statements 63

Table 4: Options 55 and 124 Statements 63

Table 5: Web Page Configuration Buttons 73

Table 6: Switch Main Menu 74

Table 7: Inserting Option 82 Information 89

Table 8: Logging Levels 111

Table 9: SNMPv3 Security Models and Levels 132

Table 10: Supported Notification Messages 147

Table 11: sFlow Groups and Port Members 152

Table 12: HTTPS System Support 175

Table 13: 802.1X Authenticator Statistics 194

Table 14: 802.1X Supplicant Statistics 196

Table 15: Dynamic QoS Profiles 202

Table 16: ARP Inspection Log 230

Table 17: ARP Inspection Statistics 231

Table 18: LACP Port Counters 259

Table 19: LACP Internal Configuration Information 260

Table 20: LACP Internal Configuration Information 262

Table 21: Port Statistics 276

Table 22: Recommended STA Path Cost Range 304

Table 23: Recommended STA Path Costs 304

Table 24: Default STA Path Costs 304

Table 25: Chassis ID Subtype 358

Table 26: System Capabilities 359

Table 27: Port ID Subtype 361

Table 28: IEEE 802.1p Egress Queue Priority Mapping 367

Table 29: CoS Priority Levels 368

Table 30: Mapping DSCP Priority Values 372

Table 31: General Command Modes 427

– 41 –

T

ABLES

Table 32: Configuration Command Modes 429

Table 33: Keystroke Commands 430

Table 34: Command Group Index 431

Table 35: General Commands 434

Table 36: System Management Commands 442

Table 37: Device Designation Commands 442

Table 38: Banner Commands 443

Table 39: System Status Commands 452

Table 40: Frame Size Commands 459

Table 41: Flash/File Commands 460

Table 42: File Directory Information 466

Table 43: Line Commands 470

Table 44: Event Logging Commands 480

Table 45: Logging Levels 481

Table 46: show logging flash/ram - display description 486

Table 47: show logging trap - display description 486

Table 48: Event Logging Commands 487

Table 49: Time Commands 490

Table 50: Predefined Summer-Time Parameters 500

Table 51: Time Range Commands 504

Table 52: Switch Cluster Commands 507

Table 53: UPnP Commands 512

Table 54: SNMP Commands 516

Table 55: show snmp engine-id - display description 525

Table 56: show snmp group - display description 526

Table 57: show snmp user - display description 527

Table 58: show snmp view - display description 528

Table 59: sFlow Commands 535

Table 60: Authentication Commands 542

Table 61: User Access Commands 543

Table 62: Default Login Settings 544

Table 63: Authentication Sequence Commands 545

Table 64: RADIUS Client Commands 547

Table 65: TACACS+ Client Commands 551

Table 66: AAA Commands 555

Table 67: Web Server Commands 565

– 42 –

T

ABLES

Table 68: HTTPS System Support 567

Table 69: Telnet Server Commands 568

Table 70: Secure Shell Commands 569

Table 71: show ssh - display description 578

Table 72: 802.1X Port Authentication Commands 579

Table 73: Management IP Filter Commands 593

Table 74: PPPoE Intermediate Agent Commands 595

Table 75: show pppoe intermediate-agent statistics - display description 601

Table 76: General Security Commands 602

Table 77: Management IP Filter Commands 603

Table 78: Network Access Commands 605

Table 79: Dynamic QoS Profiles 608

Table 80: Web Authentication 619

Table 81: DHCP Snooping Commands 624

Table 82: IP Source Guard Commands 634

Table 83: ARP Inspection Commands 639

Table 84: Access Control List Commands 649

Table 85: IPv4 ACL Commands 649

Table 86: IPv4 ACL Commands 657

Table 87: MAC ACL Commands 662

Table 88: ARP ACL Commands 667

Table 89: ACL Information Commands 670

Table 90: Interface Commands 671

Table 91: show interfaces switchport - display description 686

Table 92: Link Aggregation Commands 690

Table 93: show lacp counters - display description 698

Table 94: show lacp internal - display description 698

Table 95: show lacp neighbors - display description 699

Table 96: show lacp sysid - display description 700

Table 97: PoE Commands 701

Table 98: show power inline status - display description 706

Table 99: show power mainpower - display description 707

Table 100: Mirror Port Commands 708

Table 101: Rate Limit Commands 711

Table 102: ATC Commands 713

Table 103: Loopback Detection Commands 727

– 43 –

T

ABLES

Table 104: Address Table Commands 732

Table 105: Spanning Tree Commands 736

Table 106: Recommended STA Path Cost Range 750

Table 107: Recommended STA Path Cost 750

Table 108: Default STA Path Costs 750

Table 109: EAPS Commands 768

Table 110: show eaps - summary display description 777

Table 111: show eaps - detailed display description 778

Table 112: ERPS Commands 781

Table 113: show erps - summary display description 789

Table 114: show erps domain - detailed display description 790

Table 115: VLAN Commands 792

Table 116: GVRP and Bridge Extension Commands 793

Table 117: Commands for Editing VLAN Groups 797

Table 118: Commands for Configuring VLAN Interfaces 799

Table 119: Commands for Displaying VLAN Information 806

Table 120: 802.1Q Tunneling Commands 807

Table 121: L2CP Tunnel Commands 812

Table 122: Traffic Segmentation Commands 816

Table 123: Traffic Segmentation Forwarding 817

Table 124: Private VLAN Commands 820

Table 125: Protocol-based VLAN Commands 825

Table 126: IP Subnet VLAN Commands 829

Table 127: MAC Based VLAN Commands 831

Table 128: Voice VLAN Commands 833

Table 129: Priority Commands 840

Table 130: Priority Commands (Layer 2) 840

Table 131: Default CoS Values to Egress Queues 842

Table 132: Priority Commands (Layer 3 and 4) 845

Table 133: IP DSCP to CoS Vales 846

Table 134: Quality of Service Commands 848

Table 135: Multicast Filtering Commands 859

Table 136: IGMP Snooping Commands 859

Table 137: IGMP Query Commands 866

Table 138: Static Multicast Interface Commands 869

Table 139: IGMP Filtering and Throttling Commands 871

– 44 –

T

ABLES

Table 140: Multicast VLAN Registration Commands 878

Table 141: show mvr - display description 888

Table 142: show mvr interface - display description 888

Table 143: show mvr members - display description 889

Table 144: show mvr receiver members - display description 890

Table 145: MLD Snooping Commands 891

Table 146: LLDP Commands 898

Table 147: Address Table Commands 921

Table 148: show dns cache - display description 927

Table 149: DHCP Commands 929

Table 150: DHCP Client Commands 929

Table 151: DHCP Relay Commands 931

Table 152: Inserting Option 82 Information - display description 933

Table 153: Basic IP Configuration Commands 937

Table 154: Troubleshooting Chart 948

– 45 –

S

ECTION

GETTING STARTED

This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.

This section includes these chapters:

"Introduction" on page 47

"Initial Switch Configuration" on page 56

I

– 46 –

1 INTRODUCTION

This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.

The Fast Ethernet ports on this switch also supports the IEEE 802.3af
Power-over-Ethernet (PoE) standard that enables DC power to be supplied
to attached devices over the connecting Ethernet cable.

KEY FEATURES

Table 1: Key Features

Feature Description

Power over Ethernet Powers attached devices using IEEE 802.3af Power over Ethernet

Configuration Backup
and Restore

Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+

General Security
Measures

Access Control Lists Supports IP and MAC ACLs, 100 rules per system

DHCP Client

DNS Client and Proxy service

Port Configuration Speed and duplex mode and flow control

Using management station or FTP/TFTP server

Port – IEEE 802.1X, MAC address filtering
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Tel n e t – S S H
Web – HTTPS

AAA
ARP inspection
DHCP Snooping (with Option 82 relay information)
IP Source Guard
Network Access – MAC Address Authentication
Private VLANs
Port Authentication – IEEE 802.1X
Port Security – MAC address filtering
Web Authentication – Web access with RADIUS Authentication

Port Trunking Supports up to 8 trunks – static or dynamic trunking (LACP)

Port Mirroring One or more source ports to one analysis port

Congestion Control Rate Limiting

Throttling for broadcast, multicast, unknown unicast storms

– 47 –

C

HAPTER

Description of Software Features

Table 1: Key Features (Continued)

Feature Description

Address Table 8K MAC addresses in the forwarding table, 1K static MAC

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward
Switching

Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and

addresses, 256 L2 multicast groups

Supported to ensure wire-speed switching while eliminating bad
frames

Multiple Spanning Trees (MSTP)

1

| Introduction

Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, private

Traffic Prioritization Default port priority, traffic class map, queue scheduling, or

Qualify of Service Supports Differentiated Services (DiffServ)

Link Layer Discovery
Protocol

Multicast Filtering Supports IGMP snooping, query, profile filtering, MLD snooping,

Switch Clustering Supports up to 36 member switches in a cluster

Tunneling Supports IEEE 802.1Q tunneling (QinQ)

DESCRIPTION OF SOFTWARE FEATURES

The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Storm suppression prevents broadcast,
multicast or unknown unicast traffic storms from engulfing the network.
Port-based, protocol based and private VLANs, plus support for automatic
GVRP VLAN registration provide traffic security and efficient use of network
bandwidth. CoS priority queueing ensures the minimum delay for moving
real-time multimedia data across the network. While multicast filtering
provides support for real-time network applications. Some of the
management features are briefly described below.

VLANs, and voice VLANs

Differentiated Services Code Point (DSCP)

Used to discover basic information about neighboring devices

and Multicast VLAN Registration

CONFIGURATION

BACKUP AND

RESTORE

You can save the current configuration settings to a file on the
management station (using the web interface) or an FTP/TFTP server
(using the web or console interface), and later download this file to restore
the switch configuration settings.

AUTHENTICATION This switch authenticates management access via the console port, Telnet,

or a web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or
TACACS+). Port-based authentication is also supported via the IEEE

802.1X protocol. This protocol uses Extensible Authentication Protocol over
LANs (EAPOL) to request user credentials from the 802.1X client, and then
verifies the client’s right to access the network via an authentication server.

– 48 –

C

HAPTER

Description of Software Features

Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web
management access. MAC address filtering and IP source guard also
provide authenticated port access. While DHCP snooping is provided to
prevent malicious attacks from insecure ports

1

| Introduction

ACCESS CONTROL

LISTS

ACLs provide packet filtering for IPv4 frames (based on address, protocol,
Layer 4 protocol port number or TCP control code), IPv6 frames (based on
address, next header type, or flow label), or any frames (based on MAC
address or Ethernet type). ACLs can be used to improve performance by
blocking unnecessary network traffic or to implement security controls by
restricting access to specific network resources or protocols.

PORT CONFIGURATION You can manually configure the speed, duplex mode, and flow control used

on specific ports, or use auto-negotiation to detect the connection settings
used by the attached device. Use full-duplex mode on ports whenever
possible to double the throughput of switch connections. Flow control
should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).

RATE LIMITING This feature controls the maximum rate for traffic transmitted or received

on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Packets that exceed the
acceptable amount of traffic are dropped.

PORT MIRRORING The switch can unobtrusively mirror traffic from any port, VLAN or packets

with a specified MAC address to a monitor port. You can then attach a
protocol analyzer or RMON probe to this port to perform traffic analysis and
verify connection integrity.

PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be

manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 8 trunks.

STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents

traffic from overwhelming the network.When enabled on a port, the level of
traffic passing through the port is restricted. If traffic rises above a pre­defined threshold, it will be throttled until the level falls back beneath the
threshold.

– 49 –

C

HAPTER

Description of Software Features

1

| Introduction

STATIC ADDRESSES A static address can be assigned to a specific interface on this switch.

Static addresses are bound to the assigned interface and will not be
moved. When a static address is seen on another interface, the address will
be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known
host to a specific port.

IP ADDRESS

FILTERING

Access to insecure ports can be controlled using DHCP Snooping which
filters ingress traffic based on static IP addresses and addresses stored in
the DHCP Snooping table. Traffic can also be restricted to specific source IP
addresses or source IP/MAC address pairs based on static entries or entries
stored in the DHCP Snooping table.

IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table

facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up
to 8K addresses.

STORE-AND-FORWARD

SWITCHING

The switch copies each frame into its memory before forwarding them to
another port. This ensures that all frames are a standard Ethernet size and
have been verified for accuracy with the cyclic redundancy check (CRC).
This prevents bad frames from entering the network and wasting
bandwidth.

To avoid dropping frames on congested ports, the switch provides 4 Mbits
for frame buffering. This buffer can queue packets awaiting transmission
on congested networks.

SPANNING TREE

ALGORITHM

The switch supports these spanning tree protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides

loop detection. When there are multiple physical paths between
segments, this protocol will choose a single path and disable all others
to ensure that only one route exists between any two stations on the
network. This prevents the creation of network loops. However, if the
chosen path should fail for any reason, an alternate path will be
activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1D-2004) – This protocol

reduces the convergence time for network topology changes to about 3
to 5 seconds, compared to 30 seconds or more for the older IEEE

802.1D STP standard. It is intended as a complete replacement for STP,
but can still interoperate with switches running the older standard by
automatically reconfiguring ports to STP-compliant mode if they detect
STP protocol messages from attached devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1D-2004) – This

protocol is a direct extension of RSTP. It can provide an independent
spanning tree for different VLANs. It simplifies network management,

– 50 –

C

HAPTER

Description of Software Features

provides for even faster convergence than RSTP by limiting the size of
each region, and prevents VLAN members from being segmented from
the rest of the group (as sometimes occurs with IEEE 802.1D STP).

1

| Introduction

VIRTUAL LANS The switch supports up to 255 VLANs. A Virtual LAN is a collection of

network nodes that share the same collision domain regardless of their
physical location or connection point in the network. The switch supports
tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN
groups can be dynamically learned via GVRP, or ports can be manually
assigned to a specific set of VLANs. This allows the switch to restrict traffic
to the VLAN groups to which a user has been assigned. By segmenting
your network into VLANs, you can:

Eliminate broadcast storms which severely degrade performance in a

flat network.

Simplify network management for node changes/moves by remotely

configuring VLAN membership for any port, rather than having to
manually change the network connection.

TRAFFIC

PRIORITIZATION

Provide data security by restricting all traffic to the originating VLAN.

Use private VLANs to restrict traffic to pass only between data ports

and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need to
be configured.

Use protocol VLANs to restrict traffic to specified interfaces based on

protocol type.

N

OTE

:

The switch allows 255 user-manageable VLANs. One other VLAN

(VLAN ID 4093) is reserved for switch clustering.

This switch prioritizes each packet based on the required level of service,
using four priority queues with strict or Weighted Round Robin Queuing. It
uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
provide independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4
traffic to meet application requirements. Traffic can be prioritized based on
the DSCP field in the IP frame. When these services are enabled, the
priorities are mapped to a Class of Service value by the switch, and the
traffic then sent to the corresponding output queue.

be used to

QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management

mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is

– 51 –

C

HAPTER

Description of Software Features

classified upon entry into the network based on access lists, IP Precedence
or DSCP values, or VLAN lists. Using access lists allows you select traffic
based on Layer 2, Layer 3, or Layer 4 information contained in each
packet. Based on network policies, different kinds of traffic can be marked
for different kinds of forwarding.

1

| Introduction

MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it

does not interfere with normal network traffic and to guarantee real-time
delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group
registration for IPv4 traffic, and MLD Snooping for IPv6 traffic. It also
supports Multicast VLAN Registration (MVR) which allows common
multicast traffic, such as television channels, to be transmitted across a
single network-wide multicast VLAN shared by hosts residing in other
standard or private VLAN groups, while preserving security and data
isolation for normal traffic.

IEEE 802.1Q

TUNNELING (QINQ)

LINK LAYER

DISCOVERY

PROTOCOL

This feature is designed for service providers carrying traffic for multiple
customers across their networks. QinQ tunneling is used to maintain
customer-specific VLAN and Layer 2 protocol configurations even when
different customers use the same internal VLAN IDs. This is accomplished
by inserting Service Provider VLAN (SPVLAN) tags into the customer’s
frames when they enter the service provider’s network, and then stripping
the tags when the frames leave the network.

LLDP is used to discover basic information about neighboring devices
within the local broadcast domain. LLDP is a Layer 2 protocol that
advertises information about the sending device and collects information
gathered from neighboring network nodes it discovers.

Advertised information is represented in Type Length Value (TLV) format
according to the IEEE 802.1ab standard, and can include details such as
device identification, capabilities and configuration settings. Media
Endpoint Discovery (LLDP-MED) is an extension of LLDP intended for
managing endpoint devices such as Voice over IP phones and network
switches. The LLDP-MED TLVs advertise information such as network
policy, power, inventory, and device location details. The LLDP and LLDP­MED information can be used by SNMP applications to simplify
troubleshooting, enhance network management, and maintain an accurate
network topology.

– 52 –

SYSTEM DEFAULTS

C

HAPTER

1

| Introduction

System Defaults

The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should
be set as the startup configuration file.

The following table lists some of the basic system defaults.

Table 2: System Defaults

Function Parameter Default

Console Port Connection Baud Rate 9600 bps

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Authentication and
Security Measures

Privileged Exec Level Username “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from
Normal Exec Level

Password “admin”

Password “guest”

Password “super”

RADIUS Authentication Disabled

TACACS+ Authentication Disabled

802.1X Port Authentication Disabled

Web Authentication Disabled

MAC Authentication Disabled

HTTPS Enabled

SSH Disabled

Port Security Disabled

IP Filtering Disabled

DHCP Snooping Disabled

IP Source Guard Disabled (all ports)

Web Management HTTP Server Enabled

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Server Port 443

– 53 –

C

HAPTER

Table 2: System Defaults (Continued)

Function Parameter Default

SNMP SNMP Agent Enabled

1

| Introduction

System Defaults

Community Strings “public” (read only)

Traps Authentication traps: enabled

SNMP V3 View: defaultview

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Port Trunking Static Trunks None

LACP (all ports) Disabled

Congestion Control Rate Limiting Disabled

Storm Control Broadcast: Enabled

Address Table Aging Time 300 seconds

Spanning Tree Algorithm Status Enabled, RSTP

Edge Ports Disabled

LLDP Status Enabled

“private” (read/write)

Link-up-down events: enabled

Group: public (read only);
private (read/write)

(64 kbits/sec)
Multicast: Disabled
Unknown Unicast: Disabled

(Defaults: RSTP standard)

Virtual LANs Default VLAN 1

PVID 1

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode) Hybrid: tagged/untagged

GVRP (global) Disabled

GVRP (port interface) Disabled

QinQ Tunneling Disabled

Traffic Prioritization Ingress Port Priority 0

Queue Mode WRR

Queue Weight Queue: 0 1 2 3

Class of Service Enabled

IP DSCP Priority Disabled

frames

Weight: 1 2 4 8

– 54 –

C

HAPTER

Table 2: System Defaults (Continued)

Function Parameter Default

IP Settings Management VLAN VLAN 1

IP Address DHCP assigned

Subnet Mask 255.255.255.0

Default Gateway 0.0.0.0

DHCP Client: Enabled

DNS Proxy service: Disabled

BOOTP Disabled

1

| Introduction

System Defaults

Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled

Multicast VLAN Registration Disabled

MLD Snooping Disabled

System Log Status Enabled

Messages Logged to RAM Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

SMTP Email Alerts Event Handler Enabled (but no server defined)

SNTP Clock Synchronization Disabled

NTP Clock Synchronization Disabled

Switch Clustering Status Enabled

Commander Disabled

Querier: Disabled

– 55 –

2 INITIAL SWITCH CONFIGURATION

This chapter includes information on connecting to the switch and basic
configuration procedures.

CONNECTING TO THE SWITCH

The switch includes a built-in network management agent. The agent
offers a variety of management options, including SNMP, RMON (Groups 1,
2, 3, 9) and a web-based interface. A PC may also be connected directly to
the switch for configuration and monitoring via a command line interface
(CLI).

N

OTE

:

An IP address for this switch is obtained via DHCP by default. To

change this address, see “Setting an IP Address.”

CONFIGURATION

OPTIONS

The switch’s HTTP web agent allows you to configure switch parameters,
monitor port connections, and display statistics using a standard web
browser such as Internet Explorer 5.x or above, Netscape 6.2 or above,
and Mozilla Firefox 2.0.0.0 or above. The switch’s web management
interface can be accessed from any computer attached to the network.

The CLI program can be accessed by a direct connection to the RS-232
serial console port on the switch, or remotely by a Telnet or Secure Shell
(SSH) connection over the network.

The switch’s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be managed
from any system in the network using network management software.

The switch’s web interface, console interface, and SNMP agent allow you to
perform management functions such as those shown below:

Set user names and passwords

Set an IP interface for

Configure SNMP parameters

Enable/disable any port

a management VLAN

Set the speed/duplex mode for any port

– 56 –

C

HAPTER

2

| Initial Switch Configuration

Connecting to the Switch

Configure the bandwidth of any port by limiting input or output rates

Control port access through IEEE 802.1X security or static address

filtering

Filter packets using Access Control Lists (ACLs)

Configure up to 255 IEEE 802.1Q VLANs

Enable GVRP automatic VLAN registration

Configure IGMP multicast filtering

Upload and download system firmware or configuration files via HTTP

(using the web interface) or FTP/TFTP (using the command line or web
interface)

Configure Spanning Tree parameters

Configure Class of Service (CoS) priority queuing

REQUIRED

CONNECTIONS

Configure static or LACP trunks (up to 8)

Enable port mirroring

Set storm control on any port for excessive broadcast, multicast, or

unknown unicast traffic

Display system information and statistics

The switch provides an RS-232 serial port that enables a connection to a
PC or terminal for monitoring and configuring the switch. A null-modem
console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal emulation
program to the switch. You can use the console cable provided with this
package, or use a null-modem cable that complies with the wiring
assignments shown in the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC

running terminal emulation software, and tighten the captive retaining
screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the

switch.

3. Make sure the terminal emulation software is set as follows:

Select the appropriate serial port (COM port 1 or COM port 2).

Set the baud rate to 9600 bps.

– 57 –

C

HAPTER

Set the data format to 8 data bits, 1 stop bit, and no parity.

Set flow control to none.

Set the emulation mode to VT100.

When using HyperTerminal, select Terminal keys, not Windows

2

| Initial Switch Configuration

Connecting to the Switch

keys.

N

OTE

:

Once you have set up the terminal correctly, the console login screen

will be displayed.

For a description of how to use the CLI, see “Using the Command Line

Interface.” For a list of all the CLI commands and detailed information on

using the CLI, refer to “CLI Command Groups.”

REMOTE

CONNECTIONS

Prior to accessing the switch’s onboard agent via a network connection,
you must first configure it with a valid IP address, subnet mask, and
default gateway using a console connection, or DHCP protocol.

The IP address for this switch is obtained via DHCP by default. To manually
configure this address or enable dynamic address assignment via DHCP,
see “Setting an IP Address.”

N

OTE

:

This switch supports four concurrent Telnet or SSH sessions.

After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The
command-line interface can be accessed using Telnet from any computer
attached to the network. The switch can also be managed by any computer
using a web browser (Internet Explorer 5.0 or above, Netscape 6.2 or
above, or Mozilla Firefox 2.0.0.0 or above), or from a network computer
using SNMP network management software.

The onboard program only provides access to basic configuration functions.
To access the full range of SNMP management functions, you must use
SNMP-based network management software.

– 58 –

BASIC CONFIGURATION

C

HAPTER

2

| Initial Switch Configuration

Basic Configuration

CONSOLE

CONNECTION

The CLI program provides two different command levels — normal access
level (Normal Exec) and privileged access level (Privileged Exec). The
commands available at the Normal Exec level are a limited subset of those
available at the Privileged Exec level and allow you to only display
information and use basic utilities. To fully configure the switch
parameters, you must access the CLI at the Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords. The
switch has a default user name and password for each level. To log into the
CLI at the Privileged Exec level using the default user name and password,
perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access

Verification” procedure starts.

2. At the User Name prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters

are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt

indicating you have access at the Privileged Exec level.

SETTING PASSWORDS If this is your first time to log into the CLI program, you should define new

passwords for both default user names using the “username” command,
record them and put them in a safe place.

Passwords can consist of up to 32 alphanumeric characters and are case
sensitive. To prevent unauthorized access to the switch, set the passwords
as follows:

1. Open the console interface with the default user name and password

“admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec

level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec

level, where password is your new password. Press <Enter>.

Username: admin
Password:

CLI session with the DG-FS4528P is opened.
To end the CLI session, enter [Exit].

– 59 –

C

HAPTER

Console#configure
Console(config)#username guest password 0 [password]
Console(config)#username admin password 0 [password]
Console(config)#

2

| Initial Switch Configuration

Basic Configuration

SETTING AN IP

DDRESS

A

You must establish IP address information for the switch to obtain
management access through the network. This can be done in either of the
following ways:

Manual — You have to input the information, including IP address and

subnet mask. If your management station is not in the same IP subnet
as the switch, you will also need to specify the default gateway router.

Dynamic — The switch can send IP configuration requests to BOOTP or

DHCP address allocation servers on the network.

MANUAL CONFIGURATION

You can manually assign an IP address to the switch. You may also need to
specify a default gateway that resides between this device and
management stations that exist on another network segment. Valid IP
addresses consist of four decimal numbers, 0 to 255, separated by periods.
Anything outside this format will not be accepted by the CLI program.

N

OTE

:

The IP address for this switch is obtained via DHCP by default.

Before you can assign an IP address to the switch, you must obtain the
following information from your network administrator:

IP address for the switch

Network mask for this network

Default gateway for the network

To assign an IP address to the switch, complete the following steps

1. From the Global Configuration mode prompt, type “interface vlan 1” to

access the interface-configuration mode. Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch

IP address and “netmask” is the network mask for the network. Press
<Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press

<Enter>.

4. To set the IP address of the default gateway for the network to which

the switch belongs, type “ip default-gateway gateway,” wh er e
“gateway” is the IP address of the default gateway. Press <Enter>.

– 60 –

C

HAPTER

Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.5 255.255.255.0
Console(config-if)#exit
Console(config)#ip default-gateway 192.168.1.254

2

| Initial Switch Configuration

Basic Configuration

DYNAMIC CONFIGURATION

Obtaining an IPv4 Address

If you select the “bootp” or “dhcp” option, the system will immediately
start broadcasting service requests. IP will be enabled but will not function
until a BOOTP or DHCP reply has been received. Requests are broadcast
every few minutes using exponential backoff until IP configuration
information is obtained from a BOOTP or DHCP server. BOOTP and DHCP
values can include the IP address, subnet mask, and default gateway. If
the DHCP/BOOTP server is slow to respond, you may need to use the “ip
dhcp restart” command to re-start broadcasting service requests.

Note that the “ip dhcp restart” command can be used to start broadcasting
service requests for any VLAN configured to obtain address assignments
through BOOTP or DHCP. It may be necessary to use this command when
DHCP is configured on a VLAN, and the member ports which were
previously shut down are now enabled.

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6),
then the switch will start broadcasting service requests as soon as it is
powered on.

To automatically configure the switch by communicating with BOOTP or
DHCP address allocation servers on the network, complete the following
steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to

access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following

commands:

To obtain IP settings via DHCP, type “ip address dhcp” and press
<Enter>.

To obtain IP settings via BOOTP, type “ip address bootp” and press
<Enter>.

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

4. Wait a few minutes, and then check the IP configuration settings by

typing the “show ip interface” command. Press <Enter>.

5. Then save your configuration changes by typing “copy running-config

startup-config.” Enter the startup file name and press <Enter>.

– 61 –

C

HAPTER

Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
Console(config-if)#end
Console#show ip interface
IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1,
and address mode: DHCP
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.

\Write to FLASH finish.
Success.

2

| Initial Switch Configuration

Basic Configuration

DOWNLOADING A CONFIGURATION FILE REFERENCED BY A DHCP SERVER

Information passed on to the switch from a DHCP server may also include a
configuration file to be downloaded and the TFTP servers where that file
can be accessed. If the Factory Default Configuration file is used to
provision the switch at startup, in addition to requesting IP configuration
settings from the DHCP server, it will also ask for the name of a bootup
configuration file and TFTP servers where that file is stored.

If the switch receives information that allows it to download the remote
bootup file, it will save this file to a local buffer, and then restart the
provision process.

Note the following DHCP client behavior:

The bootup configuration file received from a TFTP server is stored on

the switch with the original file name. If this file name already exists in
the switch, the file is overwritten.

If the name of the bootup configuration file is the same as the Factory

Default Configuration file, the download procedure will be terminated,
and the switch will not send any further DHCP client requests.

If the switch fails to download the bootup configuration file based on

information passed by the DHCP server, it will not send any further
DHCP client requests.

If the switch does not receive a DHCP response prior to completing the

bootup process, it will continue to send a DHCP client request once a
minute. These requests will only be terminated if the switch’s address is
manually configured, but will resume if the address mode is set back to
DHCP.

– 62 –

C

HAPTER

2

| Initial Switch Configuration

Basic Configuration

To successfully transmit a bootup configuration file to the switch the DHCP
daemon (using a Linux based system for this example) must be configured
with the following information:

Options 60, 66 and 67 statements can be added to the daemon’s

configuration file.

Table 3: Options 60, 66 and 67 Statements

Option

Keyword Parameter

60 vendor-class-identifier a string indicating the vendor class identifier

66 tftp-server-name a string indicating the tftp server name

67 bootfile-name a string indicating the bootfile name

Statement

By default, DHCP option 66/67 parameters are not carried in a DHCP

server reply. To ask for a DHCP reply with option 66/67 information, the
DHCP client request sent by this switch includes a “parameter request
list” asking for this information. Besides, the client request also
includes a “vendor class identifier” that allows the DHCP server to
identify the device, and select the appropriate configuration file for
download. This information is included in Option 55 and 124.

Table 4: Options 55 and 124 Statements

Option

Keyword Parameter

55 dhcp-parameter-request-list a list of parameters, separated by ','

124 vendor-class-identifier a string indicating the vendor class identifier

Statement

The following configuration examples are provided for a Linux-based DHCP
daemon (dhcpd.conf file). The server will reply with Options 66/67
encapsulated in Option 43. Note that in the “Vendor class two” section, the
server still sends Option 43 telling the switch to download the test2
configuration file from the server 192.168.255.101.

ddns-update-style ad-hoc;

default-lease-time 600;
max-lease-time 7200;

log-facility local7;

server-name "Server1";
Server-identifier 192.168.255.250;
#option 43 with encapsulated option 66, 67
option space dynamicProvision code width 1 length 1 hash size 2;
option dynamicProvision.tftp-server-name code 66 = text;
option dynamicProvision.bootfile-name code 67 = text;

subnet 192.168.255.0 netmask 255.255.255.0 {
range 192.168.255.160 192.168.255.200;
option routers 192.168.255.101;

– 63 –

C

HAPTER

option tftp-server-name "192.168.255.100";#Default Option 66
option bootfile-name "bootfile"; #Default Option 67
}

class "Option66,67_1" { #DHCP Option 60 Vendor class
one
match if option vendor-class-identifier = "DG-FS4528P";
option dhcp-parameter-request-list 1,43,66,67;
#option 43
option vendor-class-information code 43 = encapsulate

dynamicProvision;
#option 66 encapsulated in option 43
option vendor-class-information.tftp-server-name "192.168.255.100";
#option 67 encapsulated in option 43
option vendor-class-information.bootfile-name "test1"
}

class "Option66,67_2" { #DHCP Option 60 Vendor class
two
match if option vendor-class-identifier = "DG-FS4528P";
option dhcp-parameter-request-list 1,43,66,67;
option tftp-server-name "192.168.255.101";
option bootfile-name "test2";
}

2

| Initial Switch Configuration

Basic Configuration

ENABLING SNMP

MANAGEMENT ACCESS

N

OTE

:

Use “DG-FS4528P” for the vendor-class-identifier in the dhcpd.conf

file.

The switch can be configured to accept management commands from
Simple Network Management Protocol (SNMP) applications. You can
configure the switch to respond to SNMP requests or generate SNMP traps.

When SNMP management stations send requests to the switch (either to
return information or to set a parameter), the switch provides the
requested data or sets the specified parameter. The switch can also be
configured to send information to SNMP managers (without being
requested by the managers) through trap messages, which inform the
manager that certain events have occurred.

The switch includes an SNMP agent that supports SNMP version 1, 2c, and
3 clients. To provide management access for version 1 or 2c clients, you
must specify a community string. The switch provides a default MIB View
(i.e., an SNMPv3 construct) for the default “public” community string that
provides read access to the entire MIB tree, and a default view for the
“private” community string that provides read/write access to the entire
MIB tree. However, you may assign new views to version 1 or 2c
community strings that suit your specific security requirements (see

"Setting SNMPv3 Views").

– 64 –

C

HAPTER

2

| Initial Switch Configuration

Basic Configuration

COMMUNITY STRINGS (FOR SNMP VERSION 1 AND 2C CLIENTS)

Community strings are used to control management access to SNMP
version 1 and 2c stations, as well as to authorize SNMP stations to receive
trap messages from the switch. You therefore need to assign community
strings to specified users, and set the access level.

The default strings are:

public - with read-only access. Authorized management stations are

only able to retrieve MIB objects.

private - with read/write access. Authorized management stations are

able to both retrieve and modify MIB objects.

To prevent unauthorized access to the switch from SNMP version 1 or 2c
clients, it is recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type

“snmp-server community string mode,” where “string” is the
community access string and “mode” is rw (read/write) or ro (read
only). Press <Enter>. (Note that the default mode is read only.)

2. To remove an existing string, simply type “no snmp-server community

string,” where “string” is the community access string to remove. Press
<Enter>.

Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#

N

OTE

:

If you do not intend to support access to SNMP version 1 and 2c
clients, we recommend that you delete both of the default community
strings. If there are no community strings, then SNMP management access
from SNMP v1 and v2c clients is disabled.

TRAP RECEIVERS

You can also specify SNMP stations that are to receive traps from the
switch. To configure a trap receiver, use the “snmp-server host” command.
From the Privileged Exec level global configuration mode prompt, type:

“snmp-server host host-address community-string

[version {1 | 2c | 3 {auth | noauth | priv}}]”

where “host-address” is the IP address for the trap receiver, “community­string” specifies access rights for a version 1/2c host, or is the user name
of a version 3 host, “version” indicates the SNMP client version, and “auth |
noauth | priv” means that authentication, no authentication, or

– 65 –

C

HAPTER

2

| Initial Switch Configuration

Managing System Files

authentication and privacy is used for v3 clients. Then press <Enter>. For
a more detailed description of these parameters, see “snmp-server host.”
The following example creates a trap host for each type of SNMP client.

Console(config)#snmp-server host 10.1.19.23 batman
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#

CONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS

To configure management access for SNMPv3 clients, you need to first
create a view that defines the portions of MIB that the client can read or
write, assign the view to a group, and then assign the user to a group. The
following example creates one view called “mib-2” that includes the entire
MIB-2 tree branch, and then another view that includes the IEEE 802.1D
bridge MIB. It assigns these respective read and read/write views to a
group call “r&d” and specifies group authentication via MD5 or SHA. In the
last step, it assigns a v3 user to this group, indicating that MD5 will be
used for authentication, provides the password “greenpeace” for
authentication, and the password “einstien” for encryption.

Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included
Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included
Console(config)#snmp-server group r&d v3 auth mib-2 802.1d
Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv

des56 einstien

Console(config)#

For a more detailed explanation on how to configure the switch for access
from SNMPv3 clients, refer to “Simple Network Management Protocol,” o r
refer to the specific CLI commands for SNMP starting on page 516.

MANAGING SYSTEM FILES

The switch’s flash memory supports three types of system files that can be
managed by the CLI program, web interface, or SNMP. The switch’s file
system allows files to be uploaded and downloaded, copied, deleted, and
set as a start-up file.

The types of files are:

Configuration — This file type stores system configuration information

and is created when configuration settings are saved. Saved
configuration files can be selected as a system start-up file or can be
uploaded via FTP/TFTP to a server for backup. The file named
“Factory_Default_Config.cfg” contains all the system default settings
and cannot be deleted from the system. If the system is booted with
the factory default settings, the switch will also create a file named
“startup1.cfg” that contains system settings for switch initialization,
including information about the unit identifier, and MAC address for the

– 66 –

C

HAPTER

switch. The configuration settings from the factory defaults
configuration file are copied to this file, which is then used to boot the
switch. See "Saving or Restoring Configuration Settings" for more
information.

Operation Code — System software that is executed after boot-up,

also known as run-time code. This code runs the switch operations and
provides the CLI and web management interfaces. See "Managing

System Files" for more information.

Diagnostic Code — Software that is run during system boot-up, also

known as POST (Power On Self-Test).

Due to the size limit of the flash memory, the switch supports only two
operation code files. However, you can have as many diagnostic code files
and configuration files as available flash memory space allows. The switch
has a total of 16 Mbytes of flash memory for system files.

In the system flash memory, one file of each type must be set as the start­up file. During a system boot, the diagnostic and operation code files set as
the start-up file are run, and then the start-up configuration file is loaded.

2

| Initial Switch Configuration

Managing System Files

SAVING OR

RESTORING

CONFIGURATION

SETTINGS

Note that configuration files should be downloaded using a file name that
reflects the contents or usage of the file settings. If you download directly
to the running-config, the system will reboot, and the settings will have to
be copied from the running-config to a permanent file.

Configuration commands only modify the running configuration file and are
not saved when the switch is rebooted. To save all your configuration
changes in nonvolatile storage, you must copy the running configuration
file to the start-up configuration file using the “copy” command.

New startup configuration files must have a name specified. File names on
the switch are case-sensitive, can be from 1 to 31 characters, must not
contain slashes (\ or /), and the leading letter of the file name must not be
a period (.). (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

There can be more than one user-defined configuration file saved in the
switch’s flash memory, but only one is designated as the “startup” file that
is loaded when the switch boots. The copy running-config startup-
config command always sets the new file as the startup file. To select a
previously saved configuration file, use the boot system
config:<filename> command.

The maximum number of saved configuration files depends on available
flash memory with each configuration file normally requiring less than 20
kbytes. The amount of available flash memory can be checked by using the
dir command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config

startup-config” and press <Enter>.

– 67 –

C

HAPTER

2

| Initial Switch Configuration

Configuring Power over Ethernet

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.

\Write to FLASH finish.
Success.

To restore configuration settings from a backup server, enter the following
command:

1. From the Privileged Exec mode prompt, type “copy tftp startup-config”

and press <Enter>.

2. Enter the address of the TFTP server. Press <Enter>.

3. Enter the name of the startup file stored on the server. Press <Enter>.

4. Enter the name for the startup file on the switch. Press <Enter>.

Console#copy file startup-config
Console#copy tftp startup-config
TFTP server IP address: 192.168.0.4
Source configuration file name: startup-rd.cfg
Startup configuration file name [startup1.cfg]:

Success.
Console#

CONFIGURING POWER OVER ETHERNET

This switch supports the IEEE 802.3af Power-over-Ethernet (PoE) standard
that enables DC power to be supplied to attached devices over the wire
pairs in the connecting Ethernet cable. Any 802.3af compliant device
attached to a port can directly draw power from the switch over the
Ethernet cable without requiring its own separate power source. This
capability gives network administrators centralized power control for
devices such as IP phones and wireless access points, which translates into
greater network availability.

A maximum PoE power budget for the switch (power available to all switch
ports) can be defined so that power can be centrally managed, preventing
overload conditions at the power source. If the power demand from
devices connected to the switch exceeds the power budget setting, the
switch uses port power priority settings to limit the supplied power.

In the example below, the power mainpower maximum allocation CLI
command is used to set the PoE power budget for the switch. (Range: 37 ­180 watts). If devices connected to the switch require more power than the
switch budget, the port power priority settings are used to control the

– 68 –

C

HAPTER

2

| Initial Switch Configuration

Configuring Power over Ethernet

supplied power. See "Setting a Switch Power Budget" on page 281 for
details.

Console(config)#power mainpower maximum allocation 180
Console(config)#

PoE is enabled for all ports by default. Power can be disabled for a port by
using the no form of the power inline CLI command, as shown in the
example below.

Console(config)#interface ethernet 1/2
Console(config-if)#no power inline
Console(config-if)#

– 69 –

S

ECTION

WEB CONFIGURATION

This section describes the basic switch features, along with a detailed
description of how to configure each feature via a web browser.

This section includes these chapters:

"Using the Web Interface" on page 71

"Basic Management Tasks" on page 83

"Simple Network Management Protocol" on page 131

"Sampling Traffic Flows" on page 151

II

"Security Measures" on page 155

"Interface Configuration" on page 248

"Power Over Ethernet Settings" on page 280

"Address Table Settings" on page 285

"Spanning Tree Algorithm" on page 290

"Layer 2 Protocol Tunneling" on page 313

"VLAN Configuration" on page 318

"Link Layer Discovery Protocol" on page 352

"Class of Service" on page 366

"Quality of Service" on page 374

"VoIP Traffic Configuration" on page 384

"Multicast Filtering" on page 390

"Domain Name Service" on page 415

– 70 –

3 USING THE WEB INTERFACE

This switch provides an embedded HTTP web agent. Using a web browser
you can configure the switch and view statistics to monitor network
activity. The web agent can be accessed by any computer on the network
using a standard web browser (Internet Explorer 5.0 or above, Netscape

6.2 or above, or Mozilla Firefox 2.0.0.0 or above).

N

OTE

:

You can also use the Command Line Interface (CLI) to manage the
switch over a serial connection to the console port or via Telnet. For more
information on using the CLI, refer to “Using the Command Line Interface.”

CONNECTING TO THE WEB INTERFACE

Prior to accessing the switch from a web browser, be sure you have first
performed the following tasks:

1. Configure the switch with a valid IP address, subnet mask, and default

gateway using an out-of-band serial connection, BOOTP or DHCP
protocol. (See “Setting an IP Address.”)

2. Set user names and passwords using an out-of-band serial connection.

Access to the web agent is controlled by the same user names and
passwords as the onboard configuration program. (See “Setting

Passwords.”)

3. After you enter a user name and password, you will have access to the

system configuration program.

N

OTE

:

You are allowed three attempts to enter the correct password; on
the third failed attempt the current connection is terminated.

N

OTE

:

If you log into the web interface as guest (Normal Exec level), you
can view the configuration settings or change the guest password. If you
log in as “admin” (Privileged Exec level), you can change the settings on
any page.

N

OTE

:

If the path between your management station and this switch does
not pass through any device that uses the Spanning Tree Algorithm, then
you can set the switch port attached to your management station to fast
forwarding (i.e., enable Admin Edge Port) to improve the switch’s response
time to management commands issued through the web interface. See
“Configuring Interface Settings for STA.”

– 71 –

NAVIGATING THE WEB BROWSER INTERFACE

To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration
parameters and statistics. The default user name and password for the
administrator is “admin.”

HOME PAGE When your web browser connects with the switch’s web agent, the home

page is displayed as shown below. The home page displays the Main Menu
on the left side of the screen and System Information on the right side. The
Main Menu links are used to navigate to other menus, and display
configuration parameters and statistics.

Figure 1: Home Page

C

HAPTER

Navigating the Web Browser Interface

3

| Using the Web Interface

N

OTE

:

You can open a connection to the manufacturer’s web site by clicking
on the DIGISOL logo.

– 72 –

C

HAPTER

Navigating the Web Browser Interface

3

| Using the Web Interface

CONFIGURATION

OPTIONS

Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the
Apply button to confirm the new setting. The following table summarizes
the web page configuration buttons.

Table 5: Web Page Configuration Buttons

Button Action

Apply Sets specified values to the system.

Revert Cancels specified values and restores current

Help Links directly to web help.

N

OTE

:

To ensure proper screen refresh, be sure that Internet Explorer 5.x

values prior to pressing “Apply.”

is configured as follows: Under the menu “Tools / Internet Options /
General / Temporary Internet Files / Settings,” the setting for item “Check
for newer versions of stored pages” should be “Every visit to the page.”

N

OTE

:

When using Internet Explor er 5.0, you may h ave to manually refresh
the screen after making configuration changes by pressing the browser’s
refresh button.

PANEL DISPLAY The web agent displays an image of the switch’s ports. The Mode can be

set to display different information for the ports, including Active (i.e., up
or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or
without flow control).

Figure 2: Front Panel Indicators

– 73 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

MAIN MENU Using the onboard web agent, you can define system parameters, manage

and control the switch, and all its ports, or monitor network conditions. The
following table briefly describes the selections available from this program.

Table 6: Switch Main Menu

Menu Description Page

System

System Information Provides basic system description, including contact information 84

Switch Information Shows the number of ports, hardware version, power status, and

Bridge Extension Configuration Shows the bridge extension parameters 87

IP Configuration Sets the IP address for management access 88

Jumbo Frames Enables jumbo frame packets. 93

Resource

CPU Status Displays information on CPU utilization; also sets thresholds for

firmware version numbers

CPU utilization alarm

85

94

Memory Status Displays information on memory utilization; also sets thresholds

File Management 96

Automatic Operation Code Upgrade Automatically upgrades operation code if a newer version is

Copy Operation Allows the transfer and copying of files 100

HTTP Upgrade Copies operation code or configuration files from management

HTTP Download Copies operation code or configuration files from the switch to the

Delete Allows deletion of files from the flash memory 106

Set Start-Up Sets the startup file 106

Line

Console Sets console port connection parameters 107

Tel n e t S e t s Te l n et c o nn e c ti o n pa r a m et e r s 109

Log 110

Logs Stores and displays error messages 110

System Logs Sends error messages to a logging process 110

Remote Logs Configures the logging of messages to a remote logging process 112

SMTP Sends an SMTP client message to a participating server. 114

Reset Restarts the switch immediately, or after a specified delay 115

SNTP Simple Network Time Protocol

for memory utilization alarm

found on the server

station to the switch

management station

95

96

104

104

Current Time Manually sets the current time 117

Configuration Configures SNTP and NTP client settings, including broadcast

Time Zone Sets the local time zone for the system clock 121

mode, authentication parameters or a specified list of servers

– 74 –

118

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Summer Time Configures summer time settings 122

SNMP Simple Network Management Protocol 131

Configuration Configures community strings and related trap functions 133

Port Configuration Enables traps when changes occur for dynamic addresses in the

Trunk Configuration Enables traps when changes occur for dynamic addresses in the

Agent Status Enables or disables SNMP Agent Status 139

SNMPv3

Engine ID Sets the SNMP v3 engine ID on this switch 140

Remote Engine ID Sets the SNMP v3 engine ID for a remote device 141

Users Configures SNMP v3 users on this switch 142

Remote Users Configures SNMP v3 users from a remote device 143

Groups Configures SNMP v3 groups 146

Views Configures SNMP v3 views 149

MAC address table for a port

MAC address table for a trunk

138

138

sFlow Samples traffic flows, and forwards data to designated collector 151

Configuration Globally enables flow sampling, enables sampling per port, and

Port Configuration Sets destination parameters, payload parameters, and sampling

Security 155

User Accounts Configures user names, passwords, and access levels 156

Authentication Settings Configures authentication sequence – local, RADIUS, TACACS 157

Encryption Key Configures RADIUS and TACACS encryption key settings 161

AAA Authentication, Authorization and Accounting 162

RADIUS Group Settings Defines the configured RADIUS servers to use for accounting,

TACACS+ Group Settings Defines the configured TACACS+ servers to use for accounting,

Accounting Enables accounting of requested services for billing or security

Settings Configures accounting of requested services for billing or

Periodic Update Specifies the interval at which the local accounting service updates

802.1X Port Settings Applies the specified accounting method to an interface 167

Command Privileges Specifies a method name to apply to commands entered at

Exec Settings Specifies console or Telnet authentication method 169

Summary Displays configured accounting methods and statistics 170

sets the sampling rate per port

interval

and sets the priority sequence

and sets the priority sequence

purposes

security purposes

information to the accounting server

specific CLI privilege levels

152

153

163

164

165

167

168

– 75 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Authorization Enables authorization of requested services

Settings Configures authorization for various service types 171

EXEC Settings Specifies console or Telnet authorization method 172

Summary Displays authorization information 173

HTTPS Settings Configures secure HTTP settings; replaces the default secure-site

SSH Secure Shell 177

Settings Configures Secure Shell server settings 180

Host-Key Settings Generates the host key pair (public and private) 181

User Public-Key Settings Imports user public keys from TFTP server 183

Port Security Configures per port security, including status, response for

802.1X Port authentication 187

Information Displays global configuration settings 188

Configuration Enables authentication and EAPOL pass-through 189

Authenticator Port Configuration Sets authentication parameters for individual ports 190

Supplicant Port Configuration Sets port settings for supplicant requests issued from a port to an

Authenticator Statistics Displays dot1x authenticator statistics for the selected port 194

Supplicant Statistics Displays dot1x supplicant statistics for the selected port 196

Web Authentication Allows authentication and access to the network when 802.1X or

Configuration Configures general protocol settings 198

Port Configuration Enables Web Authentication for individual ports 199

certificate

security breach, and maximum allowed MAC addresses

authenticator on another device

Network Access authentication are infeasible or impractical

174

185

192

197

Port Information Displays status information for individual ports 199

Re-authentication Forces a host to re-authenticate itself immediately 200

Network Access MAC address-based network access authentication 201

Configuration Enables aging for authenticated MAC addresses, and sets the time

Port Configuration Enables MAC authentication on a port; sets the maximum number

Port Link Detection Configuration Configures detection of changes in link status, and the response

MAC Address Information Shows the authenticated MAC address list 207

MAC Filter Configuration Specifies MAC addresses exempt from authentication 209

ACL Access Control Lists 210

Configuration Configures packet filtering based on IP or MAC addresses 211

Port Binding Binds a port to the specified ACL 222

TCAM Utilization Shows utilization parameters for TCAM 223

period after which a connected MAC address must be
reauthenticated

of address that can be authenticated, the guest VLAN, dynamic
VLAN and dynamic QoS

(i.e., send trap or shut down port)

– 76 –

204

205

206

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

ARP Inspection Validates the MAC-to-IP address bindings in ARP packets 224

Configuration Enables inspection globally, configures validation of additional

VLAN Configuration Enables ARP inspection on specified VLANs 227

Port Configuration Sets the trust mode for ports, and sets the rate limit for packet

Log Information Displays information on results of inspection process 230

Statistics Displays statistics on the inspection process 231

IP Filter Sets IP addresses of clients allowed management access via the

Port 248

Port Information Displays port connection status 248

Trunk Information Displays trunk connection status 248

Port Configuration Configures port connection settings 249

Trunk Configuration Configures trunk connection settings 249

Trunk Membership Specifies ports to group into static trunks 253

LACP Link Aggregation Control Protocol

Configuration Allows ports to dynamically join trunks 255

Aggregation Port Configures parameters for link aggregation group members 256

Aggregation Group Configures the administration key for specific LACP groups 258

Port Counters Information Displays statistics for LACP protocol messages 259

address components, and sets the log rate for packet inspection

inspection

web, SNMP, and Telnet

225

229

232

Port Internal Information Displays configuration settings and operational state for the local

Port Neighbors Information Displays configuration settings and operational state for the

Port Broadcast Control Sets the broadcast storm threshold for each port 264

Trunk Broadcast Control Sets the broadcast storm threshold for each trunk 264

Port Multicast Control Sets the multicast storm threshold for each port 265

Trunk Multicast Control Sets the multicast storm threshold for each trunk 265

Port Unknown Unicast Control Sets the unknown unicast storm threshold for each port 266

Trunk Unknown Unicast Control Sets the unknown unicast storm threshold for each trunk 266

Mirror Port Configuration Sets the source and target ports for mirroring 268

MAC Mirror Configuration Sets a MAC address for packets to be mirrored from any source

Rate Limit 271

Input Port Configuration Sets the input rate limit for each port 271

Input Trunk Configuration Sets the input rate limit for each trunk 271

Output Port Configuration Sets the output rate limit for ports 271

Output Trunk Configuration Sets the output rate limit for trunks 271

side of a link aggregation

remote side of a link aggregation

port other than the target port to the specified destination port

260

262

269

– 77 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Port VLAN Trunking Allows unknown VLAN groups to pass through the specified port 272

Trunk VLAN Trunking Allows unknown VLAN groups to pass through the specified trunk 272

Cable Test Performs cable diagnostics for selected port to diagnose any cable

Port Statistics Shows Interface, Etherlike, and RMON port statistics 275

PoE Power over Ethernet 280

Power Status Displays the status of global power parameters 281

Power Configuration Configures the power budget for the switch 281

Power Port Status Displays the status of port power parameters 282

Power Port Configuration Configures port power parameters 283

Address Table 285

Static Addresses Configures static entries in the address table 285

Dynamic Addresses Displays dynamic entries in the address table 287

faults (short, open etc.) and report the cable length

274

Address Aging Sets timeout for dynamically learned entries 288

Spanning Tree 290

Port Loopback Detection Configures Port Loopback Detection parameters 293

Trunk Loopback Detection Configures Trunk Loopback Detection parameters 293

STA Spanning Tree Algorithm 293

Information Displays STA values used for the bridge 294

Configuration Configures global bridge settings for STP, RSTP and MSTP 296

Port Information Displays individual port settings for STA 300

Trunk Information Displays individual trunk settings for STA 300

Port Configuration Configures individual port settings for STA 303

Trunk Configuration Configures individual trunk settings for STA 303

Port Edge Port Configuration Sets an interface to function as an edge port, either manually or

Trunk Edge Port Configuration Sets an interface to function as an edge port, either manually or

MSTP Multiple Spanning Tree Protocol

VLAN Configuration Configures priority and VLANs for a spanning tree instance 308

Port Information Displays port settings for a specified MST instance 310

Trunk Information Displays trunk settings for a specified MST instance 310

Port Configuration Configures port settings for a specified MST instance 311

by automatic configuration

by automatic configuration

306

306

Trunk Configuration Configures trunk settings for a specified MST instance 311

L2 Protocol Tunnel Passes specified protocol packet types belonging to the same

customer transparently across a service provider’s network

Configuration Configures the destination address for PDU tunneling 313

Port Configuration Enables Layer 2 Protocol Tunneling for the specified protocol

– 78 –

313

314

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Trunk Configuration Enables Layer 2 Protocol Tunneling for the specified protocol 314

VLAN Virtual LAN 318

802.1Q VLAN IEEE 802.1Q VLANs 318

GVRP Status Enables GVRP VLAN registration protocol globally 322

Basic Information Displays information on the VLAN type supported by this switch 322

Current Table Shows the current port members of each VLAN and whether or

Static List Used to create or remove VLAN groups 324

Static Table Modifies the settings for an existing VLAN 325

Static Membership by Port Configures membership type for interfaces, including tagged,

Port Configuration Specifies default PVID, VLAN attributes; as well as GVRP

not the port is tagged or untagged

untagged or forbidden

status and timers per port

323

327

328

Trunk Configuration Specifies default PVID, VLAN attributes; as well as GVRP

Tunnel Configuration Enables 802.1Q (QinQ) Tunneling 334

Tunnel Port Configuration Sets the tunnel mode for an interface 335

Tunnel Trunk Configuration Sets the tunnel mode for an interface 335

Traffic Segmentation Configures traffic segmentation for different client sessions based

Status Enables traffic segmentation, and blocks or forwards traffic

Session Configuration Creates a client session, and assigns the downlink and uplink

Private VLAN 338

Information Displays Private VLAN feature information 339

Configuration This page is used to create/remove primary or community VLANs 340

Association Each community VLAN must be associated with a primary VLAN 341

Port Information Shows VLAN port type, and associated primary or secondary

Port Configuration Sets the private VLAN interface type, and associates the

Trunk Information Shows VLAN port type, and associated primary or secondary

Trunk Configuration Sets the private VLAN interface type, and associates the

status and timers per trunk

on specified downlink and uplink ports

between uplink ports assigned to different client sessions

ports to service the traffic

VLANs

interfaces with a private VLAN

VLANs

interfaces with a private VLAN

328

336

336

337

341

343

341

343

Protocol VLAN 344

Configuration Creates a protocol group, specifying the supported protocols 345

System Configuration Maps a protocol group to a VLAN 346

VLAN Mirror Configuration Mirrors traffic from one or more source VLANs to a target port 347

IP Subnet VLAN 349

Configuration Maps IP subnet traffic to a VLAN 349

– 79 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

MAC-based VLAN 350

Configuration Maps traffic with specified source MAC address to a VLAN 350

LLDP Link Layer Discovery Protocol 352

Configuration Configures global LLDP timing parameters 353

Port Configuration Sets the message transmission mode; enables SNMP notification;

Trunk Configuration Sets the message transmission mode; enables SNMP notification;

Local Information Displays general information about the local device 358

Remote Port Information Displays information about a remote device connected to a port on

Remote Trunk Information Displays information about a remote device connected to a trunk

Remote Information Details Displays detailed information about a remote device connected to

Device Statistics Displays statistics for all connected remote devices 363

Device Statistics Details Displays statistics for remote devices on a selected port or trunk 364

Priority 366

Default Port Priority Sets the default priority for each port 366

Default Trunk Priority Sets the default priority for each trunk 366

Traffic Classes Maps IEEE 802.1p priority tags to output queues 367

Traffic Classes Status Enables/disables traffic class priorities (not implemented) NA

Queue Mode Sets queue mode to strict priority or Weighted Round-Robin 369

Queue Scheduling Configures Weighted Round Robin queueing 370

and sets the LLDP attributes to advertise for ports

and sets the LLDP attributes to advertise for trunks

this switch

on this switch

this switch

355

355

360

360

361

IP DSCP Priority Status Globally selects DSCP Priority, or disables it. 371

IP DSCP Priority Sets IP Differentiated Services Code Point priority, mapping a

QoS Quality of Service 374

DiffServ Configure QoS classification criteria and service policies 374

Class Map Creates a class map for a type of traffic 375

Policy Map Creates a policy map for multiple interfaces 378

Service Policy Applies a policy map defined to an ingress port 382

VoIP Traffic Setting 384

Configuration Configures auto-detection of VoIP traffic, sets the Voice VLAN,

Port Configuration Configures VoIP traffic settings for ports, including the way in

OUI Configuration Maps the OUI in the source MAC address of ingress packets to the

DSCP tag to a class-of-service value

nd VLAN aging time

which a port is added to the Voice VLAN, filtering of non-VoIP
packets, the method of detecting VoIP traffic, and the priority
assigned to the voice traffic

VoIP device manufacturer

– 80 –

372

385

386

388

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

IGMP Snooping 390

IGMP Configuration Enables multicast filtering; configures parameters for multicast

IGMP Immediate Leave Configures immediate leave for multicast services no longer

Multicast Router Port Information Displays the ports that are attached to a neighboring multicast

Static Multicast Router Port Configuration Assigns ports that are attached to a neighboring multicast router 396

IP Multicast Registration Table Displays all multicast groups active on this switch, including

IGMP Member Port Table Statically assigns multicast addresses to the selected VLAN 398

IGMP Filter Configuration Enables IGMP filtering for the switch 400

IGMP Filter Profile Configuration Configures IGMP filter profiles, controlling groups and access mode 401

IGMP Filter/Throttling Port Configuration Assigns IGMP filter profiles to port interfaces and sets throttling

IGMP Filter/Throttling Trunk Configuration Assigns IGMP filter profiles to trunk interfaces and sets throttling

MVR Multicast VLAN Registration 404

Configuration Globally enables MVR, sets the MVR VLAN, adds multicast stream

Port Information Displays MVR interface type, MVR operational and activity status,

Trunk Information Displays MVR interface type, MVR operational and activity status,

query

required

router for each VLAN ID

multicast IP addresses and VLAN ID

action

action

addresses

and immediate leave status

and immediate leave status

392

394

396

397

402

402

405

406

406

Group IP Information Displays the ports attached to an MVR multicast stream 407

Port Configuration Configures MVR interface type and immediate leave status 408

Trunk Configuration Configures MVR interface type and immediate leave status 408

Group Member Configuration Statically assigns MVR multicast streams to an interface 410

Receiver Configuration Permits forwarding of tagged multicast traffic by specifying MVR

Receiver Group IP Information Displays ports assigned to MVR receiver groups 412

Receiver Group Member Configuration Statically assigns MVR receiver groups to selected ports 412

DNS Domain Name Service 415

General Configuration Enables DNS; configures domain name and domain list; and

Static Host Table Configures static entries for domain name to address mapping 417

Cache Displays cache entries discovered by designated name servers 418

DHCP Snooping 234

Configuration Enables DHCP Snooping and DHCP Snooping MAC-Address

VLAN Configuration Enables DHCP Snooping for a VLAN 236

receiver VLAN and MVR receiver groups

specifies IP address of name servers for dynamic lookup

Verification

411

415

236

– 81 –

C

HAPTER

3

| Using the Web Interface

Navigating the Web Browser Interface

Table 6: Switch Main Menu (Continued)

Menu Description Page

Information Option Configuration Enables DHCP Snooping Information Option; and sets the

information policy

Port Configuration Sets the trust mode for an interface 240

Binding Information Displays the DHCP Snooping binding information 241

237

IP Source Guard Filters IP traffic based on static entries in the IP Source Guard

Port Configuration Enables IP source guard and selects filter type per port 242

Static Configuration Adds a static addresses to the source-guard binding table 244

Dynamic Information Displays the source-guard binding table for a selected interface 246

UPNP Universal Plug and Play 124

Configuration Enables UPNP and defines timeout values 125

Cluster 126

Configuration Globally enables clustering for the switch; sets Commander status 127

Member Configuration Adds switch Members to the cluster 128

Member Information Displays cluster Member switch information 129

Candidate Information Displays network Candidate switch information 129

table, or dynamic entries in the DHCP Snooping table

242

– 82 –

4 BASIC MANAGEMENT TASKS

This chapter describes the following topics:

Displaying System Information – Provides basic system description,

including contact information.

Displaying Switch Hardware/Software Versions – Shows the hardware

version, power status, and firmware versions

Displaying Bridge Extension Capabilities – Shows the bridge extension

parameters.

IP Configuration – Sets an IP address for management access.

Configuring Support for Jumbo Frames – Enables support for jumbo

frames.

Checking System Resources – Displays information on CPU and

memory utilization parameters.

Managing System Files – Describes how to upgrade operating software

or configuration files, and set the system start-up files.

Configuring Console and Telnet Settings – Sets console port and Telnet

connection parameters.

Logging Events – Sets conditions for logging event messages to system

memory or flash memory, configures conditions for sending trap
messages to remote log servers, and configures trap reporting to
remote hosts using Simple Mail Transfer Protocol (SMTP).

Resetting the System – Restarts the switch immediately, at a specified

time, after a specified delay, or at a periodic interval.

Setting the System Clock – Sets the current time manually or through

specified SNTP servers.

UPnP – Configures Universal Plug-and-Play functionality on the switch.

Switch Clustering – Configures centralized management by a single unit

over a group of switches connected to the same local network

– 83 –

DISPLAYING SYSTEM INFORMATION

Use the System > System Information page to identify the system by
displaying information such as the device name, location and contact
information.

CLI REFERENCES

"System Management Commands" on page 442
"SNMP Commands" on page 516

PARAMETERS

These parameters are displayed in the web interface:

System Name – Name assigned to the switch.

Object ID – MIB II object ID for switch’s network management

subsystem.

Location – Specifies the system location.

C

HAPTER

4

| Basic Management Tasks

Displaying System Information

Contact – Administrator responsible for the system.

System Up Time – Length of time the management agent has been

up.

WEB INTERFACE

To configure general system information:

1. Click System, General.

2. Specify the system name, location, and contact information for the

system administrator.

3. Click Apply.

– 84 –

Figure 3: System Information

C

HAPTER

Displaying Switch Hardware/Software Versions

4

| Basic Management Tasks

N

OTE

:

This page also
Command Line Interface via Telnet

includes a Telnet button that allows access to the

.

DISPLAYING SWITCH HARDWARE/SOFTWARE VERSIONS

Use the System > Switch Information page to display hardware/firmware
version numbers for the main board and management software, as well as
the power status of the system.

CLI REFERENCES

"System Management Commands" on page 442

PARAMETERS

The following parameters are displayed in the web interface:

Main Board

Serial Number – The serial number of the switch.

Number of Ports – Number of built-in ports.

Hardware Version – Hardware version of the main board.

Chip Device ID – Identifier for basic MAC/Physical Layer switch chip.

Internal Power Status – Displays the status of the internal power

supply.

– 85 –

C

HAPTER

Displaying Switch Hardware/Software Versions

4

| Basic Management Tasks

Management Software

EPLD Version – Version number of EEPROM Programmable Logic

Device.

Loader Version – Version number of loader code.

Boot-ROM Version – Version of Power-On Self-Test (POST) and boot

code.

Operation Code Version – Version number of runtime code.

Role – Shows that this switch is operating as Master or Slave.

WEB INTERFACE

To view hardware and software version information.

1. Click System, then Switch Information.

Figure 4: General Switch Information

– 86 –

DISPLAYING BRIDGE EXTENSION CAPABILITIES

Use the System > Bridge Extension Configuration page to display settings
based on the Bridge MIB. The Bridge MIB includes extensions for managed
devices that support Multicast Filtering, Traffic Classes, and Virtual LANs.
You can access these extensions to display default settings for the key
variables.

CLI REFERENCES

"GVRP and Bridge Extension Commands" on page 793

PARAMETERS

The following parameters are displayed in the web interface:

Extended Multicast Filtering Services – This switch does not

support the filtering of individual multicast addresses based on GMRP
(GARP Multicast Registration Protocol).

Traffic Classes – This switch provides mapping of user priorities to

multiple traffic classes. (Refer to "Class of Service" on page 366.)

C

HAPTER

Displaying Bridge Extension Capabilities

4

| Basic Management Tasks

Static Entry Individual Port – This switch allows static filtering for

unicast and multicast addresses. (Refer to "Setting Static Addresses"

on page 285.)

VLAN Learning – This switch uses Independent VLAN Learning (IVL),

where each port maintains its own filtering database.

Configurable PVID Tagging – This switch allows you to override the

default Port VLAN ID (PVID used in frame tags) and egress status
(VLAN-Tagged or Untagged) on each port. (Refer to "VLAN

Configuration" on page 318.)

Local VLAN Capable – This switch does not support multiple local

bridges outside of the scope of 802.1Q defined VLANs.

GMRP – GARP Multicast Registration Protocol (GMRP) allows network

devices to register end stations with multicast groups. This switch does
not support GMRP; it uses the Internet Group Management Protocol
(IGMP) to provide automatic multicast filtering.

– 87 –

C

HAPTER

4

| Basic Management Tasks

Setting the Switch’s IP Address

WEB INTERFACE

To view Bridge Extension information:

1. Click System, then Bridge Extension Configuration.

Figure 5: Displaying Bridge Extension Configuration

SETTING THE SWITCH’S IP ADDRESS

Use the System > IP Configuration page to configure an IP address for
management access over the network. An IP address is obtained via DHCP
by default for VLAN 1. To configure a static address, you need to change
the switch’s default settings to values that are compatible with your
network. You may also need to a establish a default gateway between the
switch and management stations that exist on another network segment.

You can direct the device to obtain an address from a BOOTP or DHCP
server, or manually configure a static IP address. Valid IP addresses consist
of four decimal numbers, 0 to 255, separated by periods. Anything other
than this format will not be accepted.

CLI REFERENCES

"DHCP Client" on page 929
"IP Interface Commands" on page 937

PARAMETERS

These parameters are displayed:

Management VLAN – ID of the configured VLAN (1-4094). By default,

all ports on the switch are members of VLAN 1. However, the
management station can be attached to a port belonging to any VLAN,
as long as that VLAN has been assigned an IP address.

IP Address Mode – Specifies whether IP functionality is enabled via

manual configuration (Static), Dynamic Host Configuration Protocol
(DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will

– 88 –

C

HAPTER

4

| Basic Management Tasks

Setting the Switch’s IP Address

not function until a reply has been received from the server. Requests
will be broadcast periodically by the switch for an IP address. DHCP/
BOOTP responses can include the IP address, subnet mask, and default
gateway. (Default: Static)

IP Address – Address of the VLAN to which the management station is

attached. Valid IP addresses consist of four numbers, 0 to 255,
separated by periods. (Default: 0.0.0.0)

Subnet Mask – This mask identifies the host address bits used for

routing to specific subnets. (Default: 255.0.0.00)

Gateway IP Address – IP address of the gateway router between the

switch and management stations that exist on other network
segments. (Default: 0.0.0.0)

MAC Address – The physical layer address for this switch.

DHCP Relay Option 82 – Enables relay agent information option for

sending information about its DHCP clients to the DHCP server.

DHCP provides a relay agent information option for sending information
about its DHCP clients to the DHCP server. Also known as DHCP Option
82, it allows compatible DHCP servers to use this information when
assigning IP addresses, or to set other services or policies for clients.

When Option 82 is enabled, the requesting client (or an intermediate
relay agent that has used the information fields to describe itself) can
be identified in the DHCP request packets forwarded by the switch and
in reply packets sent back from the DHCP server. Depending on the
selected frame format for the remote-id set by the ip dhcp relay

information option command, this information may specify the MAC

address or IP address of the requesting device (that is, the relay agent
in this context).

By default, the relay agent also fills in the Option 82 circuit-id field with
information indicating the local interface over which the switch received
the DHCP client request, including the stack unit, port, and VLAN ID.

If Option 82 is enabled on the switch, client information will be included
in any relayed request packet received over any VLAN according to this
criteria.

Table 7: Inserting Option 82 Information

*

DHCP Relay

Disabled Enabled Circuit-id and remote-id are added to the

Enabled Enabled Circuit-id and remote-id are added to the

DHCP Option 82 Action

Option 82 packet, but the gateway
Internet address is not included.

option 82 packet, and the gateway
Internet address is included.

* DHCP Relay is enabled if a DHCP relay server is specified.

– 89 –

C

HAPTER

4

| Basic Management Tasks

Setting the Switch’s IP Address

DHCP request packets are flooded onto the VLAN which received the

request if DHCP relay service is enabled on the switch, and the request
packet contains a valid (i.e., non-zero) relay agent address field.

DHCP reply packets received by the relay agent are handled as follows:

1. When the relay agent receives a DHCP reply packet with Option 82

information on the management VLAN, it first ensures that the
packet is destined for it, and then removes the Option 82 field from
the packet.

2. If the DHCP packet’s broadcast flag is on, the switch uses the

circuit-id information contained in the option 82 information fields
to identify the VLAN connected to the requesting client and then
broadcasts the DHCP reply packet to this VLAN. If the DHCP
packet’s broadcast flag is off, the switch uses the circuit-id
information in option 82 fields to identify the interface connected to
the requesting client and unicasts the reply packet to the client

DHCP reply packets are flooded onto the VLAN which received the reply

if DHCP relay service is enabled
apply

:

and any of the following situations

The reply packet does not contain Option 82 information.

The reply packet contains a valid relay agent address field (that is
not the address of this switch), or receives a reply packet with a
zero relay agent address through the management VLAN.

The reply packet is received on a non-management VLAN.

DHCP Relay Option 82 Policy – Specifies how to handle DHCP client

request packets which already contain Option 82 information:

Drop – Floods the request packet onto the VLAN that received the
original request instead of relaying it.

Keep – Retains the Option 82 information in the client request,
inserts the relay agent’s address, and unicasts the packet to the
DHCP server.

When the Option 82 policy is set to “keep” the original information
in the request packet, the frame type specified by the ip dhcp relay

information option command is ignored.

Replace – Replaces the Option 82 information circuit-id and
remote-id fields in the client’s request with information provided by
the relay agent itself, inserts the relay agent’s address, and unicasts
the packet to the DHCP server. (This is the default policy.)

– 90 –

C

HAPTER

4

| Basic Management Tasks

Setting the Switch’s IP Address

DHCP Relay Server – Specifies the DHCP servers to be used by the

switch’s DHCP relay agent in order of preference.

This switch supports DHCP relay service for attached host devices. If
DHCP relay is enabled (by specifying the address for at least one DHCP
server), and this switch sees a DHCP request broadcast, it inserts its
own IP address into the request so that the DHCP server will know the
subnet where the client is located. Then, the switch forwards the packet
to the DHCP server. When the server receives the DHCP request, it
allocates a free IP address for the DHCP client from its defined scope
for the DHCP client’s subnet, and sends a DHCP response back to the
DHCP relay agent (i.e., this switch). This switch then passes the DHCP
response received from the server to the client.

You must specify the IP address for at least one DHCP server.
Otherwise, the switch’s DHCP relay agent will not forward client
requests to a DHCP server.

DHCP Relay Option 82 Sub-option Format – Disables use of sub-

type and sub-length fields in circuit-ID (CID) and remote-ID (RID) in
Option 82 information.

DHCP Relay Option 82 Remote ID – Specifies the frame format to

use for the remote-id when Option 82 information is generated by the
switch.

MAC-HEX - Includes a MAC address field for the relay agent in
hexadecimal format (that is, the MAC address of the switch’s CPU).

MAC-ACSII - Includes a MAC address field for the relay agent in
ASCII format (that is, the MAC address of the switch’s CPU).

IP-HEX - Includes the IP address field for the relay agent in
hexadecimal format (that is, the IP address of the management
interface).

IP-ASCII - Includes the IP address field for the relay agent in
ASCII format (that is, the IP address of the management interface).

String - An arbitrary string inserted into the remote identifier field.
(Range: 1-32 characters)

Restart DHCP – Requests a new IP address from the DHCP server.

WEB INTERFACE

To set a static address for the switch:

1. Click System, IP Configuration.

2. Select the VLAN through which the management station is attached,

set the IP Address Mode to “Static,” enter the IP address, subnet mask

– 91 –

C

HAPTER

4

| Basic Management Tasks

Setting the Switch’s IP Address

and gateway. Specify the required settings for DHCP Relay Option.
Enter the DHCP Relay Servers to use in order of preference.

3. Click Apply.

Figure 6: Configuring a Static IP Address

To obtain an dynamic address through DHCP/BOOTP for the switch:

1. Click System, IP Configuration.

2. Select the VLAN through which the management station is attached,

set the IP Address Mode to “DHCP” or “BOOTP.”

3. Click Apply to save your changes.

4. Then click Restart DHCP to immediately request a new address.

Figure 7: Configuring a Dynamic IPv4 Address

– 92 –

C

HAPTER

Configuring Support for Jumbo Frames

N

OTE

:

The switch will also broadcast a request for IP configuration settings

4

| Basic Management Tasks

on each power reset.

N

OTE

:

If you lose the management connection, make a console connection
to the switch and enter “show ip interface” to determine the new switch
address.

Renewing DCHP – DHCP may lease addresses to clients indefinitely or for
a specific period of time. If the address expires or the switch is moved to
another network segment, you will lose management access to the switch.
In this case, you can reboot the switch or submit a client request to restart
DHCP service via the CLI.

If the address assigned by DHCP is no longer functioning, you will not be
able to renew the IP settings via the web interface. You can only restart
DHCP service via the web interface if the current address is still available.

CONFIGURING SUPPORT FOR JUMBO FRAMES

Use the System > Jumbo Frames page to configure support for jumbo
frames. The switch provides more efficient throughput for large sequential
data transfers by supporting jumbo frames up to 10 KB for the Gigabit
Ethernet ports. Compared to standard Ethernet frames that run only up to

1.5 KB, using jumbo frames significantly reduces the per-packet overhead
required to process protocol encapsulation fields.

CLI REFERENCES

"System Management Commands" on page 442

USAGE GUIDELINES

To use jumbo frames, both the source and destination end nodes (such as
a computer or server) must support this feature. Also, when the connection
is operating at full duplex, all switches in the network between the two end
nodes must be able to accept the extended frame size. And for half-duplex
connections, all devices in the collision domain would need to support
jumbo frames.

PARAMETERS

The following parameters are displayed in the web interface:

Jumbo Packet Status – Configures support for jumbo frames.

(Default: Disabled)

WEB INTERFACE

To configure support for jumbo frames:

1. Click System, then Jumbo Frames.

2. Enable or disable support for jumbo frames.

– 93 –

3. Click Apply.

Figure 8: Configuring Support for Jumbo Frames

DISPLAYING CPU UTILIZATION

Use the System > Resource > CPU Status page to display information on
CPU utilization; or to set thresholds for the CPU utilization alarm.

CLI REFERENCES

"show process cpu" on page 453

C

HAPTER

4

| Basic Management Tasks

Displaying CPU Utilization

PARAMETERS

The following parameters are displayed in the web interface:

Current CPU Utilization – CPU utilization over the past 5 seconds.

Maximum CPU Utilization – Peak CPU utilization over past 60

seconds.

Average CPU Utilization – Average CPU utilization over past 60

seconds.

CPU Peak Time – Time when CPU reached peak utilization since last

reset.

CPU Peak Duration – Duration CPU ran at peak utilization since

system boot.

CPU Utilization Rising Threshold

1

– Rising threshold for CPU

utilization alarm. (Range: 1-100%; Default: 90%)

CPU Utilization Falling Threshold

1

– Falling threshold for CPU

utilization alarm. (Range: 1-100%; Default: 70%)

WEB INTERFACE

To display CPU utilization:

1. Click System, Resource, then CPU Status.

2. Modify threshold values for the CPU utilization alarm if required.

1. Once the rising alarm threshold is exceeded, utilization must drop beneath the falling
threshold before the alarm is terminated, and then exceed the rising threshold again
before another alarm is triggered.

– 94 –

3. Click Apply.

Figure 9: Displaying CPU Utilization

C

HAPTER

4

| Basic Management Tasks

Displaying Memory Utilization

DISPLAYING MEMORY UTILIZATION

Use the System > Resource > Memory Status page to display memory
utilization parameters; or to set thresholds for the memory utilization
alarm.

CLI REFERENCES

"show memory" on page 453

PARAMETERS

The following parameters are displayed in the web interface:

Total Size – Total amount of memory provided by the system.

Allocated Size – Amount of memory allocated to active processes.

Free Size – Amount of memory currently free for use.

Free Percent – Percentage of free memory compared to total memory.

Utilization Raising Threshold

utilization alarm. (Range: 1-100%; Default: 90%)

Utilization Falling Threshold

utilization alarm. (Range: 1-100%; Default: 90%)

1

– Rising threshold for memory

1

– Falling threshold for memory

WEB INTERFACE

To display memory utilization:

1. Click System, Resource, then Memory Status.

2. Modify threshold values for the memory utilization alarm if required.

3. Click Apply.

– 95 –

Figure 10: Displaying Memory Utilization

MANAGING SYSTEM FILES

This section describes how to upgrade the switch operating software or
configuration files, and set the system start-up files.

C

HAPTER

4

| Basic Management Tasks

Managing System Files

AUTOMATIC

OPERATION CODE

UPGRADE

The system can be configured to automatically download an operation code
file when a file newer than the currently installed one is discovered on the
file server. After the file is transferred from the server and successfully
written to the file system, it is automatically set as the startup file, and the
switch is rebooted.

CLI REFERENCES

"upgrade opcode auto" on page 467
"upgrade opcode path" on page 469
"show upgrade" on page 470

COMMAND USAGE

If this feature is enabled, the switch searches the defined URL once

during the bootup sequence.

FTP (port 21) and TFTP (port 69) are both supported. Note that the

TCP/UDP port bindings cannot be modified to support servers listening
on non-standard ports.

The host portion of the upgrade file location URL must be a valid IPv4

IP address. DNS host names are not recognized. Valid IP addresses
consist of four numbers, 0 to 255, separated by periods.

The path to the directory must also be defined. If the file is stored in

the root directory for the FTP/TFTP service, then use the “/” to indicate
this (e.g., ftp://192.168.0.1/).

The file name must not be included in the upgrade file location URL.

The file name of the code stored on the remote server must be DG-

– 96 –

C

HAPTER

4

| Basic Management Tasks

Managing System Files

FS4528P.bix (using upper case and lower case letters exactly as
indicated here).

The FTP connection is made with PASV mode enabled. PASV mode is

needed to traverse some fire walls, even if FTP traffic is not blocked.
PASV mode cannot be disabled.

The switch-based search function is case-insensitive in that it will

accept a file name in upper or lower case (i.e., the switch will accept
DG-FS4528P.BIX from the server even though dg-fs5628p.bix was
requested). However, keep in mind that the file systems of many
operating systems such as Unix and most Unix-like systems (FreeBSD,
NetBSD, OpenBSD, and most Linux distributions, etc.) are case­sensitive, meaning that two files in the same directory, dg-fs5628p.bix
and DG-FS4528P.BIX are considered to be unique files. Thus, if the
upgrade file is stored as DG-FS4528P.BIX (or even dg-fs5628p.bix) on
a case-sensitive server, then the switch (requesting dg-fs5628p.bix)
will not be upgraded because the server does not recognize the
requested file name and the stored file name as being equal. A notable
exception in the list of case-sensitive Unix-like operating systems is
Mac OS X, which by default is case-insensitive. Please check the
documentation for your server’s operating system if you are unsure of
its file system’s behavior.

Note that the switch itself does not distinguish between upper and
lower-case file names, and only checks to see if the file stored on the
server is more recent than the current runtime image.

If two operation code image files are already stored on the switch’s file

system, then the non-startup image is deleted before the upgrade
image is transferred.

The automatic upgrade process will take place in the background

without impeding normal operations (data switching, etc.) of the
switch.

During the automatic search and transfer process, the administrator

cannot transfer or update another operation code image, configuration
file, public key, or HTTPS certificate (i.e., no other concurrent file
management operations are possible).

The upgrade operation code image is set as the startup image after it

has been successfully written to the file system.

The switch will send an SNMP trap and make a log entry upon all

upgrade successes and failures.

The switch will immediately restart after the upgrade file is successfully

written to the file system and set as the startup image.

– 97 –

C

HAPTER

4

| Basic Management Tasks

Managing System Files

PARAMETERS

The following parameters are displayed in the web interface:

Automatic Opcode Upgrade – Enables the switch to search for an

upgraded operation code file during the switch bootup process.

Enabled check box – Defines the state of this feature.
(Default: Disabled)

Automatic Upgrade Location URL – Defines where the switch should

search for the operation code upgrade file. The last character of this
URL must be a forward slash (“/”). The DG-FS4528P.bix filename must
not be included since it is automatically appended by the switch.
(Options: ftp, tftp)

The following syntax must be observed:

tftp://host[/filedir]/

tftp:// – Defines TFTP protocol for the server connection.
host – Defines the IP address of the TFTP server. Valid IP addresses

consist of four numbers, 0 to 255, separated by periods. DNS host
names are not recognized.
filedir – Defines the directory, relative to the TFTP server root,
where the upgrade file can be found. Nested directory structures
are accepted. The directory name must be separated from the host,
and in nested directory structures, from the parent directory, with a
prepended forward slash “/”.
/ – The forward slash must be the last character of the URL.

ftp://[username[:password@]]host[/filedir]/

ftp:// – Defines FTP protocol for the server connection.

username – Defines the user name for the FTP connection. If the
user name is omitted, then “anonymous” is the assumed user name
for the connection.
password – Defines the password for the FTP connection. To
differentiate the password from the user name and host portions of
the URL, a colon (:) must precede the password, and an “at” symbol
(@), must follow the password. If the password is omitted, then “”
(an empty string) is the assumed password for the connection.
host – Defines the IP address of the FTP server. Valid IP addresses
consist of four numbers, 0 to 255, separated by periods. DNS host
names are not recognized.
filedir – Defines the directory, relative to the FTP server root, where
the upgrade file can be found. Nested directory structures are
accepted. The directory name must be separated from the host, and
in nested directory structures, from the parent directory, with a
prepended forward slash “/”.
/ – The forward slash must be the last character of the URL.

File Name – The name of the operation code file on the file TFTP or

FTP server. Remember that this name should not be included in the

– 98 –

C

HAPTER

4

| Basic Management Tasks

Managing System Files

upgrade path of the preceding item since it is automatically appended
by the switch.

EXAMPLES

The following examples demonstrate the URL syntax for a TFTP server

at IP address 192.168.0.1 with the operation code image stored in
various locations:

tftp://192.168.0.1/

The image file is in the TFTP root directory.

tftp://192.168.0.1/switch-opcode/

The image file is in the “switch-opcode” directory, relative to the
TFTP root.

tftp://192.168.0.1/switches/opcode/

The image file is in the “opcode” directory, which is within the
“switches” parent directory, relative to the TFTP root.

The following examples demonstrate the URL syntax for an FTP server

at IP address 192.168.0.1 with various user name, password and file
location options presented:

ftp://192.168.0.1/
The user name and password are empty, so “anonymous” will be
the user name and the password will be blank. The image file is in
the FTP root directory.

ftp://switches:upgrade@192.168.0.1/
The user name is “switches” and the password is “upgrade”. The
image file is in the FTP root.

ftp://switches:upgrade@192.168.0.1/switches/opcode/

The user name is “switches” and the password is “upgrade”. The
image file is in the “opcode” directory, which is within the “switches”
parent directory, relative to the FTP root.

WEB INTERFACE

To automatically download an operation code file from a file server:

1. Click System, File Management, then Automatic Operation Code

Upgrade.

2. Check the Automatic Opcode Upgrade box, enter the URL of the FTP or

TFTP server, the path and directory containing the operation code.

3. Click Apply.

– 99 –

C

HAPTER

Figure 11: Configuring Automatic Code Upgrade

4

| Basic Management Tasks

Managing System Files

If a new image is found at the specified location, the following type of
messages will be displayed on the console interface during bootup.

.
.
.

Automatic Upgrade is looking for a new image
New image detected: current version 1.1.1.0; new version 1.1.1.2
Image upgrade in progress
The switch will restart after upgrade succeeds
Downloading new image
Flash programming started
Flash programming completed
The switch will now restart

.
.
.

COPYING OPERATION

CODE VIA FTP OR

TFTP

Use the System > File (Copy) page to upload/download firmware or
configuration settings using FTP or TFTP. By backing up a file to an FTP or
TFTP server or management station, that file can later be downloaded to
the switch to restore operation. Specify the method of file transfer, along
with the file type and file names as required.

You can also set the switch to use new firmware or configuration settings
without overwriting the current version. Just download the file using a
different name from the current version, and then set the new file as the
startup file.

N

OTE

:

You can also download and upload files to the switch using HTTP, see

"Copying Files Using HTTP" on page 104.

CLI REFERENCES

"copy" on page 462
"dir" on page 466

PARAMETERS

The following parameters are displayed in the web interface:

File Transfer Method – The firmware copy operation includes these

options:

file to file – Copies a file within the switch directory, assigning it a
new name.

– 100 –