Digisol DG-GS1550 Management Manual
ta
Azteca 1000 Web Managed Switch Series
DG-GS1550
Layer 2 Gigabit Ethernet Web Managed Switch
MANAGEMENT GUIDE
v1.0
08-02-2012
As our products undergo continuous development the specifications are subject to change without prior notice
COPYRIGHT
Copyright © 2010 by SNSL. All rights reserved. No part of this publication may be
reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any
language or computer language, in any form or by any means, electronic, mechanical,
magnetic, optical, chemical, manual or otherwise, without the prior written permission
of SNSL.
SNSL makes no representations or warranties, either expressed or implied, with respect
to the contents hereof and specifically disclaims any warranties, merchantability or
fitness for any particular purpose. Any software described in this manual is sold or
licensed “as is”. Should the programs prove defective following their purchase, the
buyer (and not SNSL, its distributor, or its dealer) assumes the entire cost of all
necessary servicing, repair, and any incidental or consequential damages resulting from
any defect in the software. Further, SNSL reserves the right to revise this publication
and to make changes from time to time in the contents thereof without obligation to
notify any person of such revision or changes.
SNSL is an abbreviation of Smartlink Network Systems Ltd.
MANAGEMENT GUIDE
DG-GS1550 Gigabit Ethernet Switch
Layer 2 Workgroup Switch
with 46 10/100/1000BASE-T (RJ-45) Ports
and 4 Combination Gigabit (RJ-45/SFP) Ports
About This Guide
Purpose
This guide details the hardware features of the switch, including the physical and
performance-related characteristics, and how to install the switch.
Audience
The guide is intended for use by network administrators who are responsible for installing and setting
up network equipment; consequently, it assumes a basic working knowledge of LANs (Local Area
Networks).
Conventions
The following conventions are used throughout this guide to show information:
Note: Emphasizes important information or calls your attention to related features or
instructions.
Caution: Alerts you to a potential hazard that could cause loss of data, or damage the
system or equipment.
Warning: Alerts you to a potential hazard that could cause personal injury.
Related Publications
The following publication gives specific information on how to operate and use the
management functions of the switch:
Installation Guide
Also, as part of the switch’s software, there is an online web-based help that describes all
management related features.
Revision History
This section summarizes the changes in each revision of this guide.
February 2012 Revision
This is the first revision of this guide.
Contents
Chapter 1: Introduction 1-1
Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6
Chapter 2: Initial Configuration 2-1
Connecting to the Switch 2-1
Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3
Basic Configuration 2-3
Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4
Manual Configuration 2-4
Dynamic Configuration 2-5
Enabling SNMP Management Access 2-6
Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8
Managing System Files 2-8
Saving Configuration Settings 2-9
Chapter 3: Configuring the Switch 3-1
Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2
Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-11
Displaying System Information 3-11
Displaying Switch Hardware/Software Versions 3-13
Displaying Bridge Extension Capabilities 3-15
Setting the Switch’s IP Address 3-16
Manual Configuration 3-17
Using DHCP/BOOTP 3-18
Enabling Jumbo Frames 3-19
Managing Firmware 3-20
Downloading System Software from a Server 3-20
xi
Contents
Saving or Restoring Configuration Settings 3-22
Downloading Configuration Settings from a Server 3-23
Console Port Settings 3-24
Telnet Settings 3-26
Configuring Event Logging 3-28
System Log Configuration 3-28
Remote Log Configuration 3-29
Displaying Log Messages 3-31
Simple Mail Transfer Protocol 3-31
Resetting the System 3-33
Setting the System Clock 3-34
Setting the Time Manually 3-34
Configuring SNTP 3-34
Setting the Time Zone 3-35
Simple Network Management Protocol 3-36
Enabling the SNMP Agent 3-38
Setting Community Access Strings 3-38
Specifying Trap Managers and Trap Types 3-39
Configuring SNMPv3 Management Access 3-42
Setting the Local Engine ID 3-42
Specifying a Remote Engine ID 3-43
Configuring SNMPv3 Users 3-44
Configuring Remote SNMPv3 Users 3-46
Configuring SNMPv3 Groups 3-48
Setting SNMPv3 Views 3-51
User Authentication 3-53
Configuring User Accounts 3-53
Configuring Local/Remote Logon Authentication 3-55
Configuring Encryption Keys 3-58
AAA Authorization and Accounting 3-60
Configuring AAA RADIUS Group Settings 3-61
Configuring AAA TACACS+ Group Settings 3-62
Configuring AAA Accounting 3-62
AAA Accounting Update 3-64
AAA Accounting 802.1X Port Settings 3-65
AAA Accounting Exec Command Privileges 3-66
AAA Accounting Exec Settings 3-67
AAA Accounting Summary 3-67
Authorization Settings 3-69
Authorization EXEC Settings 3-70
Authorization Summary 3-71
Configuring HTTPS 3-72
Replacing the Default Secure-site Certificate 3-73
Configuring the Secure Shell 3-74
Generating the Host Key Pair 3-76
xii
Contents
Configuring the SSH Server 3-78
Configuring 802.1X Port Authentication 3-79
Displaying 802.1X Global Settings 3-80
Configuring 802.1X Global Settings 3-81
Configuring Port Settings for 802.1X 3-82
Displaying 802.1X Statistics 3-85
Filtering IP Addresses for Management Access 3-86
General Security Measures 3-88
Configuring Port Security 3-89
Network Access (MAC Address Authentication) 3-90
Configuring the MAC Authentication Reauthentication Time 3-91
Configuring MAC Authentication for Ports 3-92
Displaying Secure MAC Address Information 3-93
MAC Authentication 3-95
Configuring MAC Authentication Parameters for Ports 3-95
Access Control Lists 3-96
Setting the ACL Name and Type 3-96
Configuring a Standard IP ACL 3-98
Configuring an Extended IP ACL 3-99
Configuring a MAC ACL 3-101
Binding a Port to an Access Control List 3-103
DHCP Snooping 3-104
DHCP Snooping Configuration 3-105
DHCP Snooping VLAN Configuration 3-106
DHCP Snooping Information Option Configuration 3-107
DHCP Snooping Port Configuration 3-108
DHCP Snooping Binding Information 3-109
IP Source Guard 3-110
Configuring Ports for IP Source Guard 3-110
Configuring Static Binding for IP Source Guard 3-112
Displaying Information for Dynamic IP Source Guard Bindings 3-114
Port Configuration 3-115
Displaying Connection Status 3-115
Configuring Interface Connections 3-117
Creating Trunk Groups 3-119
Statically Configuring a Trunk 3-120
Enabling LACP on Selected Ports 3-122
Configuring Parameters for LACP Group Members 3-123
Displaying LACP Port Counters 3-125
Displaying LACP Settings and Status for the Local Side 3-127
Displaying LACP Settings and Status for the Remote Side 3-129
Setting Broadcast Storm Thresholds 3-130
Setting Multicast Storm Thresholds 3-132
Setting Unknown Unicast Storm Thresholds 3-133
Configuring Local Port Mirroring 3-134
xiii
Contents
Configuring Remote Port Mirroring 3-136
Configuring Rate Limits 3-140
Rate Limit Configuration 3-140
Showing Port Statistics 3-141
Address Table Settings 3-146
Setting Static Addresses 3-146
Displaying the Address Table 3-147
Changing the Aging Time 3-148
Spanning Tree Algorithm Configuration 3-149
Displaying Global Settings for STA 3-151
Configuring Global Settings for STA 3-154
Displaying Interface Settings for STA 3-158
Configuring Interface Settings for STA 3-161
Configuring Multiple Spanning Trees 3-165
Displaying Interface Settings for MSTP 3-168
Configuring Interface Settings for MSTP 3-170
VLAN Configuration 3-171
IEEE 802.1Q VLANs 3-171
Enabling or Disabling GVRP (Global Setting) 3-174
Displaying Basic VLAN Information 3-175
Displaying Current VLANs 3-176
Creating VLANs 3-177
Adding Static Members to VLANs (VLAN Index) 3-180
Adding Static Members to VLANs (Port Index) 3-182
Configuring VLAN Behavior for Interfaces 3-183
Configuring IEEE 802.1Q Tunneling 3-185
Enabling QinQ Tunneling on the Switch 3-188
Adding an Interface to a QinQ Tunnel 3-189
Traffic Segmentation 3-192
Configuring Global Settings for Traffic Segmentation 3-192
Configuring Traffic Segmentation Uplinks and Downlinks 3-193
Private VLANs 3-194
Displaying Current Private VLANs 3-194
Configuring Private VLANs 3-195
Associating VLANs 3-196
Displaying Private VLAN Interface Information 3-197
Configuring Private VLAN Interfaces 3-198
Protocol VLANs 3-199
Configuring Protocol VLAN Groups 3-200
Mapping Protocols to VLANs 3-201
Class of Service Configuration 3-203
Layer 2 Queue Settings 3-203
Setting the Default Priority for Interfaces 3-203
Mapping CoS Values to Egress Queues 3-205
Selecting the Queue Mode 3-207
xiv
Contents
Setting the Service Weight for Traffic Classes 3-208
Layer 3/4 Priority Settings 3-209
Mapping Layer 3/4 Priorities to CoS Values 3-209
Selecting IP Precedence/DSCP Priority 3-209
Mapping IP Precedence 3-210
Mapping DSCP Priority 3-211
Mapping IP Port Priority 3-213
Quality of Service 3-214
Configuring Quality of Service Parameters 3-215
Configuring a Class Map 3-215
Creating QoS Policies 3-218
Attaching a Policy Map to Ingress Queues 3-221
Multicast Filtering 3-222
Layer 2 IGMP (Snooping and Query) 3-223
Configuring IGMP Snooping and Query Parameters 3-224
Enabling IGMP Immediate Leave 3-226
Displaying Interfaces Attached to a Multicast Router 3-228
Specifying Static Interfaces for a Multicast Router 3-229
Displaying Port Members of Multicast Services 3-230
Assigning Ports to Multicast Services 3-231
IGMP Filtering and Throttling 3-232
Enabling IGMP Filtering and Throttling 3-232
Configuring IGMP Filter Profiles 3-233
Configuring IGMP Filtering and Throttling for Interfaces 3-235
Multicast VLAN Registration 3-237
Configuring Global MVR Settings 3-238
Displaying MVR Interface Status 3-240
Displaying Port Members of Multicast Groups 3-241
Configuring MVR Interface Status 3-242
Assigning Static Multicast Groups to Interfaces 3-244
Configuring Domain Name Service 3-245
Configuring General DNS Service Parameters 3-245
Configuring Static DNS Host to Address Entries 3-247
Displaying the DNS Cache 3-249
Switch Clustering 3-250
Cluster Configuration 3-250
Cluster Member Configuration 3-252
Displaying Information on Cluster Members 3-253
Cluster Candidate Information 3-254
Chapter 4: Command Line Interface 4-1
Using the Command Line Interface 4-1
Accessing the CLI 4-1
Console Connection 4-1
xv
Contents
Telnet Connection 4-2
Entering Commands 4-3
Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-6
Exec Commands 4-6
Configuration Commands 4-7
Command Line Processing 4-9
Command Groups 4-10
General Commands 4-11
enable 4-12
disable 4-12
configure 4-13
show history 4-13
reload (Privileged Exec) 4-14
reload (Global Configuration) 4-14
show reload 4-16
prompt 4-16
end 4-16
exit 4-17
quit 4-17
System Management Commands 4-18
Device Designation Commands 4-18
hostname 4-18
Banner Information Commands 4-19
banner configure 4-20
banner configure company 4-21
banner configure dc-power-info 4-21
banner configure department 4-22
banner configure equipment-info 4-23
banner configure equipment-location 4-23
banner configure ip-lan 4-24
banner configure lp-number 4-25
banner configure manager-info 4-25
banner configure mux 4-26
banner configure note 4-27
show banner 4-27
System Status Commands 4-28
show startup-config 4-28
xvi
Contents
show running-config 4-30
show system 4-32
show users 4-32
show version 4-33
Frame Size Commands 4-34
jumbo frame 4-34
File Management Commands 4-35
copy 4-36
delete 4-39
dir 4-39
whichboot 4-40
boot system 4-41
Line Commands 4-42
line 4-42
login 4-43
password 4-44
timeout login response 4-45
exec-timeout 4-45
password-thresh 4-46
silent-time 4-47
databits 4-47
parity 4-48
speed 4-49
stopbits 4-49
disconnect 4-50
show line 4-50
Event Logging Commands 4-51
logging on 4-52
logging history 4-53
logging host 4-54
logging facility 4-54
logging trap 4-55
clear log 4-55
show logging 4-56
show log 4-57
SMTP Alert Commands 4-58
logging sendmail host 4-58
logging sendmail level 4-59
logging sendmail source-email 4-60
logging sendmail destination-email 4-60
logging sendmail 4-61
show logging sendmail 4-61
Time Commands 4-62
sntp client 4-62
sntp server 4-63
xvii
Contents
sntp poll 4-64
show sntp 4-64
clock timezone 4-65
calendar set 4-66
show calendar 4-66
Switch Cluster Commands 4-67
cluster 4-67
cluster commander 4-68
cluster ip-pool 4-69
cluster member 4-69
rcommand 4-70
show cluster 4-70
show cluster members 4-71
show cluster candidates 4-71
SNMP Commands 4-72
snmp-server 4-73
show snmp 4-73
snmp-server community 4-74
snmp-server contact 4-75
snmp-server location 4-75
snmp-server host 4-76
snmp-server enable traps 4-78
snmp-server engine-id 4-79
show snmp engine-id 4-80
snmp-server view 4-80
show snmp view 4-81
snmp-server group 4-82
show snmp group 4-83
snmp-server user 4-84
show snmp user 4-85
Authentication Commands 4-86
User Account and Privilege Level Commands 4-87
username 4-87
enable password 4-88
privilege 4-89
privilege rerun 4-89
show privilege 4-90
Authentication Sequence 4-91
authentication login 4-91
authentication enable 4-92
RADIUS Client 4-93
radius-server host 4-93
radius-server port 4-94
radius-server key 4-94
radius-server retransmit 4-95
xviii
Contents
radius-server timeout 4-95
show radius-server 4-95
TACACS+ Client 4-96
tacacs-server host 4-97
tacacs-server port 4-97
tacacs-server key 4-98
tacacs-server retransmit 4-98
tacacs-server timeout 4-99
show tacacs-server 4-99
AAA Commands 4-100
aaa group server 4-100
server 4-101
aaa accounting dot1x 4-102
aaa accounting exec 4-103
aaa accounting commands 4-104
aaa accounting update 4-105
accounting dot1x 4-105
accounting exec 4-106
accounting commands 4-106
aaa authorization exec 4-107
authorization exec 4-108
show accounting 4-108
Web Server Commands 4-109
ip http port 4-109
ip http server 4-110
ip http secure-server 4-110
ip http secure-port 4-111
Telnet Server Commands 4-112
ip telnet server 4-112
Secure Shell Commands 4-113
ip ssh server 4-115
ip ssh timeout 4-116
ip ssh authentication-retries 4-116
ip ssh server-key size 4-117
delete public-key 4-117
ip ssh crypto host-key generate 4-118
ip ssh crypto zeroize 4-118
ip ssh save host-key 4-119
show ip ssh 4-119
show ssh 4-120
show public-key 4-121
802.1X Port Authentication 4-122
dot1x system-auth-control 4-122
dot1x eapol-pass-through 4-123
dot1x default 4-123
xix
Contents
dot1x max-req 4-124
dot1x port-control 4-124
dot1x operation-mode 4-125
dot1x re-authenticate 4-125
dot1x re-authentication 4-126
dot1x timeout quiet-period 4-127
dot1x timeout re-authperiod 4-127
dot1x timeout tx-period 4-128
dot1x timeout supp-timeout 4-128
dot1x intrusion-action 4-129
show dot1x 4-129
Management IP Filter Commands 4-132
management 4-132
show management 4-133
General Security Measures 4-134
Port Security Commands 4-135
port security 4-135
Network Access (MAC Address Authentication) 4-137
network-access max-mac-count 4-137
network-access mode 4-138
network-access dynamic-qos 4-139
network-access guest-vlan 4-140
mac-authentication reauth-time 4-140
mac-authentication intrusion-action 4-141
mac-authentication max-mac-count 4-141
show network-access 4-142
show network-access mac-address-table 4-143
DHCP Snooping Commands 4-144
ip dhcp snooping 4-144
ip dhcp snooping vlan 4-146
ip dhcp snooping trust 4-147
ip dhcp snooping verify mac-address 4-148
ip dhcp snooping information option 4-148
ip dhcp snooping information policy 4-149
show ip dhcp snooping 4-150
show ip dhcp snooping binding 4-150
IP Source Guard Commands 4-151
ip source-guard 4-151
ip source-guard binding 4-153
show ip source-guard 4-154
show ip source-guard binding 4-154
Access Control List Commands 4-155
IP ACLs 4-155
access-list ip 4-156
permit, deny (Standard ACL) 4-157
xx
Contents
permit, deny (Extended ACL) 4-158
show ip access-list 4-160
ip access-group 4-160
show ip access-group 4-161
MAC ACLs 4-161
access-list mac 4-162
permit, deny (MAC ACL) 4-162
show mac access-list 4-164
mac access-group 4-164
show mac access-group 4-165
ACL Information 4-166
show access-list 4-166
show access-group 4-166
Interface Commands 4-167
interface 4-167
description 4-168
speed-duplex 4-169
negotiation 4-170
capabilities 4-170
flowcontrol 4-171
media-type 4-172
shutdown 4-173
switchport packet-rate 4-173
clear counters 4-174
show interfaces brief 4-175
show interfaces status 4-175
show interfaces counters 4-176
show interfaces switchport 4-177
Link Aggregation Commands 4-180
channel-group 4-181
lacp 4-182
lacp system-priority 4-183
lacp admin-key (Ethernet Interface) 4-184
lacp admin-key (Port Channel) 4-185
lacp port-priority 4-186
show lacp 4-187
Mirror Port Commands 4-191
port monitor 4-191
show port monitor 4-192
RSPAN Mirroring Commands 4-193
rspan source 4-194
rspan destination 4-195
rspan remote vlan 4-196
no rspan session 4-197
show rspan 4-197
xxi
Contents
Rate Limit Commands 4-198
rate-limit 4-198
Address Table Commands 4-199
mac-address-table static 4-199
clear mac-address-table dynamic 4-200
show mac-address-table 4-201
mac-address-table aging-time 4-202
show mac-address-table aging-time 4-202
Spanning Tree Commands 4-203
spanning-tree 4-204
spanning-tree mode 4-204
spanning-tree forward-time 4-206
spanning-tree hello-time 4-206
spanning-tree max-age 4-207
spanning-tree priority 4-208
spanning-tree pathcost method 4-208
spanning-tree transmission-limit 4-209
spanning-tree mst-configuration 4-209
mst vlan 4-210
mst priority 4-211
name 4-211
revision 4-212
max-hops 4-212
spanning-tree spanning-disabled 4-213
spanning-tree cost 4-214
spanning-tree port-priority 4-215
spanning-tree edge-port 4-216
spanning-tree portfast 4-217
spanning-tree link-type 4-218
spanning-tree loopback-detection 4-219
spanning-tree loopback-detection release-mode 4-219
spanning-tree loopback-detection trap 4-220
spanning-tree mst cost 4-221
spanning-tree mst port-priority 4-222
spanning-tree protocol-migration 4-223
show spanning-tree 4-223
show spanning-tree mst configuration 4-225
VLAN Commands 4-226
GVRP and Bridge Extension Commands 4-226
bridge-ext gvrp 4-227
show bridge-ext 4-227
switchport gvrp 4-228
show gvrp configuration 4-228
garp timer 4-229
show garp timer 4-230
xxii
Contents
Editing VLAN Groups 4-230
vlan database 4-230
vlan 4-231
Configuring VLAN Interfaces 4-232
interface vlan 4-232
switchport mode 4-233
switchport acceptable-frame-types 4-234
switchport ingress-filtering 4-234
switchport native vlan 4-235
switchport allowed vlan 4-236
switchport forbidden vlan 4-237
Displaying VLAN Information 4-238
show vlan 4-238
Configuring IEEE 802.1Q Tunneling 4-239
dot1q-tunnel system-tunnel-control 4-240
switchport dot1q-tunnel mode 4-240
switchport dot1q-tunnel tpid 4-241
show dot1q-tunnel 4-242
Configuring Port-based Traffic Segmentation 4-243
pvlan 4-243
pvlan up-link/down-link 4-244
show pvlan 4-244
Configuring Private VLANs 4-245
private-vlan 4-246
private vlan association 4-247
switchport mode private-vlan 4-248
switchport private-vlan host-association 4-248
switchport private-vlan mapping 4-249
show vlan private-vlan 4-249
Configuring Protocol-based VLANs 4-250
protocol-vlan protocol-group (Configuring Groups) 4-251
protocol-vlan protocol-group (Configuring Interfaces) 4-251
show protocol-vlan protocol-group 4-252
show interfaces protocol-vlan protocol-group 4-253
Configuring Voice VLANs 4-254
voice vlan 4-254
voice vlan aging 4-255
voice vlan mac-address 4-256
switchport voice vlan 4-257
switchport voice vlan rule 4-257
switchport voice vlan security 4-258
switchport voice vlan priority 4-259
show voice vlan 4-259
LLDP Commands 4-260
lldp 4-262
xxiii
Contents
lldp holdtime-multiplier 4-262
lldp med-fast-start-count 4-263
lldp notification-interval 4-263
lldp refresh-interval 4-264
lldp reinit-delay 4-265
lldp tx-delay 4-265
lldp admin-status 4-266
lldp notification 4-266
lldp med-notification 4-267
lldp basic-tlv management-ip-address 4-268
lldp basic-tlv port-description 4-269
lldp basic-tlv system-capabilities 4-269
lldp basic-tlv system-description 4-270
lldp basic-tlv system-name 4-270
lldp dot1-tlv proto-ident 4-271
lldp dot1-tlv proto-vid 4-271
lldp dot1-tlv pvid 4-272
lldp dot1-tlv vlan-name 4-272
lldp dot3-tlv link-agg 4-273
lldp dot3-tlv mac-phy 4-273
lldp dot3-tlv max-frame 4-274
lldp med-tlv inventory 4-274
lldp med-tlv location 4-275
lldp med-tlv med-cap 4-275
lldp med-tlv network-policy 4-276
show lldp config 4-276
show lldp info local-device 4-278
show lldp info remote-device 4-279
show lldp info statistics 4-281
Class of Service Commands 4-282
Priority Commands (Layer 2) 4-282
queue mode 4-283
switchport priority default 4-283
queue bandwidth 4-284
queue cos-map 4-285
show queue mode 4-286
show queue bandwidth 4-287
show queue cos-map 4-287
Priority Commands (Layer 3 and 4) 4-288
map ip port (Global Configuration) 4-288
map ip port (Interface Configuration) 4-289
map ip precedence (Global Configuration) 4-289
map ip precedence (Interface Configuration) 4-290
map ip dscp (Global Configuration) 4-290
map ip dscp (Interface Configuration) 4-291
xxiv
Contents
show map ip port 4-292
show map ip precedence 4-293
show map ip dscp 4-293
Quality of Service Commands 4-295
class-map 4-296
match 4-297
rename 4-298
description 4-298
policy-map 4-299
class 4-299
set 4-300
police 4-301
service-policy 4-302
show class-map 4-303
show policy-map 4-303
show policy-map interface 4-304
Multicast Filtering Commands 4-305
IGMP Snooping Commands 4-305
ip igmp snooping 4-306
ip igmp snooping vlan static 4-306
ip igmp snooping version 4-307
ip igmp snooping leave-proxy 4-307
ip igmp snooping immediate-leave 4-308
show ip igmp snooping 4-309
show mac-address-table multicast 4-309
IGMP Query Commands (Layer 2) 4-310
ip igmp snooping querier 4-310
ip igmp snooping query-count 4-311
ip igmp snooping query-interval 4-312
ip igmp snooping query-max-response-time 4-312
ip igmp snooping router-port-expire-time 4-313
Static Multicast Routing Commands 4-314
ip igmp snooping vlan mrouter 4-314
show ip igmp snooping mrouter 4-315
IGMP Filtering and Throttling Commands 4-316
ip igmp filter (Global Configuration) 4-316
ip igmp profile 4-317
permit, deny 4-317
range 4-318
ip igmp filter (Interface Configuration) 4-318
ip igmp max-groups 4-319
ip igmp max-groups action 4-320
show ip igmp filter 4-320
show ip igmp profile 4-321
show ip igmp throttle interface 4-322
xxv
Contents
Multicast VLAN Registration Commands 4-323
mvr (Global Configuration) 4-323
mvr (Interface Configuration) 4-325
show mvr 4-326
Domain Name Service Commands 4-329
ip host 4-329
clear host 4-330
ip domain-name 4-330
ip domain-list 4-331
ip name-server 4-332
ip domain-lookup 4-333
show hosts 4-334
show dns 4-334
show dns cache 4-335
clear dns cache 4-335
IP Interface Commands 4-336
ip address 4-336
ip default-gateway 4-337
ip dhcp restart 4-338
show ip interface 4-338
show ip redirects 4-339
ping 4-339
show arp 4-340
clear arp-cache 4-341
Appendix A: Software Specifications A-1
Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3
Appendix B: Troubleshooting B-1
Problems Accessing the Management Interface B-1
Using System Logs B-2
Glossary
Index
xxvi
Tables
Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-6
Table 3-1 Configuration Options 3-3
Table 3-2 Main Menu 3-4
Table 3-3 Logging Levels 3-28
Table 3-5 Supported Notification Messages 3-48
Table 3-6 HTTPS System Support 3-72
Table 3-7 802.1X Statistics 3-85
Table 3-8 LACP Port Counters 3-125
Table 3-9 LACP Internal Configuration Information 3-127
Table 3-10 LACP Neighbor Configuration Information 3-129
Table 3-11 Port Statistics 3-141
Table 3-12 Recommended STA Path Cost Range 3-162
Table 3-13 Recommended STA Path Costs 3-162
Table 3-14 Default STA Path Costs 3-163
Table 3-15 Traffic Segmentation Forwarding 3-192
Table 3-16 Mapping CoS Values to Egress Queues 3-205
Table 3-17 CoS Priority Levels 3-205
Table 3-18 Mapping IP Precedence 3-210
Table 3-19 Mapping DSCP Priority Values 3-211
Table 4-1 Command Modes 4-6
Table 4-2 Configuration Modes 4-8
Table 4-3 Command Line Processing 4-9
Table 4-4 Command Groups 4-10
Table 4-5 General Commands 4-11
Table 4-6 System Management Commands 4-18
Table 4-7 Device Designation Commands 4-18
Table 4-8 Banner Commands 4-19
Table 4-9 System Status Commands 4-28
Table 4-10 Frame Size Commands 4-34
Table 4-11 Flash/File Commands 4-35
Table 4-12 File Directory Information 4-40
Table 4-13 Line Commands 4-42
Table 4-14 Event Logging Commands 4-51
Table 4-15 Logging Levels 4-53
Table 4-16 show logging flash/ram - display description 4-56
Table 4-17 show logging trap - display description 4-57
Table 4-18 SMTP Alert Commands 4-58
Table 4-19 Time Commands 4-62
Table 4-20 Switch Cluster Commands 4-67
Table 4-21 SNMP Commands 4-72
Table 4-22 show snmp engine-id - display description 4-80
xxvii
Tables
Table 4-23 show snmp view - display description 4-81
Table 4-24 show snmp group - display description 4-84
Table 4-26 Authentication Commands 4-86
Table 4-25 show snmp user - display description 4-86
Table 4-27 User Access Commands 4-87
Table 4-28 Default Login Settings 4-87
Table 4-29 Authentication Sequence 4-91
Table 4-30 RADIUS Client Commands 4-93
Table 4-31 TACACS Commands 4-96
Table 4-33 Web Server Commands 4-109
Table 4-34 HTTPS System Support 4-111
Table 4-35 Telnet Server Commands 4-112
Table 4-36 SSH Commands 4-113
Table 4-37 show ssh - display description 4-120
Table 4-38 802.1X Port Authentication 4-122
Table 4-39 IP Filter Commands 4-132
Table 4-40 Client Security Commands 4-134
Table 4-41 Port Security Commands 4-135
Table 4-42 Network Access 4-137
Table 4-43 Dynamic QoS Profiles 4-139
Table 4-44 DHCP Snooping Commands 4-144
Table 4-45 IP Source Guard Commands 4-151
Table 4-46 Access Control Lists 4-155
Table 4-47 IP ACLs 4-155
Table 4-48 MAC ACL Commands 4-161
Table 4-49 ACL Information 4-166
Table 4-50 Interface Commands 4-167
Table 4-51 Interfaces Switchport Statistics 4-178
Table 4-52 Link Aggregation Commands 4-180
Table 4-53 show lacp counters - display description 4-187
Table 4-54 show lacp internal - display description 4-188
Table 4-55 show lacp neighbors - display description 4-189
Table 4-56 show lacp sysid - display description 4-190
Table 4-57 Mirror Port Commands 4-191
Table 4-58 RSPAN Commands 4-193
Table 4-59 Rate Limit Commands 4-198
Table 4-60 Address Table Commands 4-199
Table 4-61 Spanning Tree Commands 4-203
Table 4-64 Default STA Path Costs 4-215
Table 4-65 VLANs 4-226
Table 4-66 GVRP and Bridge Extension Commands 4-226
Table 4-67 Editing VLAN Groups 4-230
Table 4-68 Configuring VLAN Interfaces 4-232
Table 4-69 Show VLAN Commands 4-238
Table 4-71 Traffic Segmentation Commands 4-243
xxviii
Ta bl e s
Table 4-72 Traffic Segmentation Forwarding 4-243
Table 4-73 Private VLAN Commands 4-245
Table 4-74 Protocol-based VLAN Commands 4-250
Table 4-75 Voice VLAN Commands 4-254
Table 4-76 LLDP Commands 4-260
Table 4-77 Priority Commands 4-282
Table 4-78 Priority Commands (Layer 2) 4-282
Table 4-79 Default CoS Values to Egress Queues 4-286
Table 4-80 Priority Commands (Layer 3 and 4) 4-288
Table 4-82 IP DSCP to CoS Vales 4-291
Table 4-83 Quality of Service Commands 4-295
Table 4-84 Multicast Filtering Commands 4-305
Table 4-85 IGMP Snooping Commands 4-305
Table 4-86 IGMP Query Commands (Layer 2) 4-310
Table 4-87 Static Multicast Routing Commands 4-314
Table 4-88 IGMP Filtering and Throttling Commands 4-316
Table 4-89 Multicast VLAN Registration Commands 4-323
Table 4-90 show mvr - display description 4-327
Table 4-91 show mvr interface - display description 4-327
Table 4-92 show mvr members - display description 4-328
Table 4-95 IP Interface Commands 4-336
Table B-1 Troubleshooting Chart B-1
xxix
Tables
xxx
Figures
Figure 3-1 Home Page 3-2
Figure 3-2 Panel Display 3-3
Figure 3-3 System Information 3-12
Figure 3-4 Switch Information 3-13
Figure 3-5 Bridge Extension Configuration 3-15
Figure 3-6 Manual IP Configuration 3-17
Figure 3-7 DHCP IP Configuration 3-18
Figure 3-8 Bridge Extension Configuration 3-19
Figure 3-9 Copy Firmware 3-21
Figure 3-10 Setting the Startup Code 3-21
Figure 3-11 Deleting Files 3-21
Figure 3-12 Downloading Configuration Settings for Startup 3-23
Figure 3-13 Setting the Startup Configuration Settings 3-23
Figure 3-14 Console Port Settings 3-25
Figure 3-15 Enabling Telnet 3-27
Figure 3-16 System Logs 3-29
Figure 3-17 Remote Logs 3-30
Figure 3-18 Displaying Logs 3-31
Figure 3-19 Enabling and Configuring SMTP 3-32
Figure 3-20 Resetting the System 3-33
Figure 3-21 SNTP Configuration 3-35
Figure 3-22 Setting the System Clock 3-36
Figure 3-23 Enabling SNMP Agent Status 3-38
Figure 3-24 Configuring SNMP Community Strings 3-39
Figure 3-25 Configuring IP Trap Managers 3-41
Figure 3-26 Setting an Engine ID 3-42
Figure 3-27 Setting a Remote Engine ID 3-43
Figure 3-28 Configuring SNMPv3 Users 3-45
Figure 3-29 Configuring Remote SNMPv3 Users 3-47
Figure 3-30 Configuring SNMPv3 Groups 3-50
Figure 3-31 Configuring SNMPv3 Views 3-51
Figure 3-32 Access Levels 3-54
Figure 3-33 Authentication Settings 3-57
Figure 3-34 Encryption Key Settings 3-59
Figure 3-35 AAA Radius Group Settings 3-61
Figure 3-36 AAA TACACS+ Group Settings 3-62
Figure 3-37 AAA Accounting Settings 3-63
Figure 3-38 AAA Accounting Update 3-64
Figure 3-39 AAA Accounting 802.1X Port Settings 3-65
Figure 3-40 AAA Accounting Exec Command Privileges 3-66
Figure 3-41 AAA Accounting Exec Settings 3-67
Figure 3-42 AAA Accounting Summary 3-68
xxxi
Figures
Figure 3-43 AAA Authorization Settings 3-70
Figure 3-44 AAA Authorization Exec Settings 3-70
Figure 3-45 AAA Authorization Summary 3-71
Figure 3-46 HTTPS Settings 3-73
Figure 3-47 SSH Host-Key Settings 3-77
Figure 3-48 SSH Server Settings 3-78
Figure 3-49 802.1X Global Information 3-80
Figure 3-50 802.1X Global Configuration 3-81
Figure 3-51 802.1X Port Configuration 3-83
Figure 3-52 Displaying 802.1X Port Statistics 3-85
Figure 3-53 Creating an IP Filter List 3-87
Figure 3-54 Configuring Port Security 3-90
Figure 3-55 Network Access Configuration 3-92
Figure 3-56 Network Access Port Configuration 3-93
Figure 3-57 Network Access MAC Address Information 3-94
Figure 3-58 MAC Authentication Port Configuration 3-95
Figure 3-59 Selecting ACL Type 3-97
Figure 3-60 Configuring Standard IP ACLs 3-98
Figure 3-61 Configuring Extended IP ACLs 3-100
Figure 3-62 Configuring MAC ACLs 3-102
Figure 3-63 Configuring ACL Port Binding 3-103
Figure 3-64 DHCP Snooping Configuration 3-105
Figure 3-65 DHCP Snooping VLAN Configuration 3-106
Figure 3-66 DHCP Snooping Information Option Configuration 3-108
Figure 3-67 DHCP Snooping Port Configuration 3-109
Figure 3-68 DHCP Snooping Binding Information 3-110
Figure 3-69 IP Source Guard Port Configuration 3-112
Figure 3-70 Static IP Source Guard Binding Configuration 3-113
Figure 3-71 Dynamic IP Source Guard Binding Information 3-114
Figure 3-72 Displaying Port/Trunk Information 3-115
Figure 3-73 Port/Trunk Configuration 3-119
Figure 3-74 Configuring Static Trunks 3-121
Figure 3-75 LACP Trunk Configuration 3-122
Figure 3-76 LACP Port Configuration 3-124
Figure 3-77 LACP - Port Counters Information 3-126
Figure 3-78 LACP - Port Internal Information 3-128
Figure 3-79 LACP - Port Neighbors Information 3-129
Figure 3-80 Port Broadcast Control 3-131
Figure 3-81 Port Multicast Control 3-132
Figure 3-82 Port Unknown Unicast Control 3-134
Figure 3-83 Mirror Port Configuration 3-135
Figure 3-84 RSPAN Configuration 3-139
Figure 3-85 Input Rate Limit Port Configuration 3-140
Figure 3-86 Port Statistics 3-144
Figure 3-87 Configuring a Static Address Table 3-146
xxxii
Figures
Figure 3-88 Configuring a Dynamic Address Table 3-147
Figure 3-89 Setting the Address Aging Time 3-148
Figure 3-90 Displaying Spanning Tree Information 3-153
Figure 3-91 Configuring Spanning Tree 3-157
Figure 3-92 Displaying Spanning Tree Port Information 3-160
Figure 3-93 Configuring Spanning Tree per Port 3-164
Figure 3-94 Configuring Multiple Spanning Trees 3-166
Figure 3-95 Displaying MSTP Interface Settings 3-168
Figure 3-96 Displaying MSTP Interface Settings 3-171
Figure 3-97 Globally Enabling GVRP 3-174
Figure 3-98 Displaying Basic VLAN Information 3-175
Figure 3-99 Displaying Current VLANs 3-176
Figure 3-100 Configuring a VLAN Static List 3-178
Figure 3-101 Configuring a VLAN Static Table 3-181
Figure 3-102 VLAN Static Membership by Port 3-182
Figure 3-103 Configuring VLANs per Port 3-184
Figure 3-104 .1Q Tunnel Status and Ethernet Type 3-189
Figure 3-105 Tunnel Port Configuration 3-190
Figure 3-106 Traffic Segmentation Status Configuration 3-192
Figure 3-107 Traffic Segmentation Link Status 3-193
Figure 3-108 Private VLAN Information 3-195
Figure 3-109 Private VLAN Configuration 3-196
Figure 3-110 Private VLAN Association 3-196
Figure 3-111 Private VLAN Port Information 3-197
Figure 3-112 Private VLAN Port Configuration 3-199
Figure 3-113 Protocol VLAN Configuration 3-200
Figure 3-114 Protocol VLAN Port Configuration 3-202
Figure 3-115 Port Priority Configuration 3-204
Figure 3-116 Traffic Classes 3-206
Figure 3-117 Queue Mode 3-207
Figure 3-118 Configuring Queue Scheduling 3-208
Figure 3-119 IP Precedence/DSCP Priority Status 3-209
Figure 3-120 Mapping IP Precedence Priority Values 3-210
Figure 3-121 Mapping IP DSCP Priority Values 3-212
Figure 3-122 IP Port Priority Status 3-213
Figure 3-123 IP Port Priority 3-213
Figure 3-124 Configuring Class Maps 3-217
Figure 3-125 Configuring Policy Maps 3-220
Figure 3-126 Service Policy Settings 3-221
Figure 3-127 IGMP Configuration 3-225
Figure 3-128 IGMP Immediate Leave 3-227
Figure 3-129 Displaying Multicast Router Port Information 3-228
Figure 3-130 Static Multicast Router Port Configuration 3-229
Figure 3-131 IP Multicast Registration Table 3-230
Figure 3-132 IGMP Member Port Table 3-231
xxxiii
Figures
Figure 3-133 Enabling IGMP Filtering and Throttling 3-233
Figure 3-134 IGMP Profile Configuration 3-234
Figure 3-135 IGMP Filter and Throttling Port Configuration 3-236
Figure 3-136 MVR Global Configuration 3-239
Figure 3-137 MVR Port Information 3-240
Figure 3-138 MVR Group IP Information 3-241
Figure 3-139 MVR Port Configuration 3-243
Figure 3-140 MVR Group Member Configuration 3-244
Figure 3-141 DNS General Configuration 3-246
Figure 3-142 DNS Static Host Table 3-248
Figure 3-143 DNS Cache 3-249
Figure 3-144 Cluster Member Choice 3-250
Figure 3-145 Cluster Configuration 3-251
Figure 3-146 Cluster Member Configuration 3-252
Figure 3-147 Cluster Member Information 3-253
Figure 3-148 Cluster Candidate Information 3-254
xxxiv
Chapter 1: Introduction
This switch provides a broad range of features for Layer 2 switching. It includes a
management agent that allows you to configure the features listed in this manual.
The default configuration can be used for most of the features provided by this
switch. However, there are many options that you should configure to maximize the
switch’s performance for your particular network environment.
Key Features
Table 1-1 Key Features
Feature Description
Configuration Backup and
Restore
Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+
General Security Measures AAA
Access Control Lists Supports up to 128 ACLs, 96 MAC rules, and 96 IP rules
DHCP Client
DNS Client and Proxy service
Port Configuration Speed, duplex mode and flow control
Port Trunking Supports up to 32 trunks using either static or dynamic trunking (LACP)
Port Mirroring One or more port mirrored to a single analysis port
RSPAN Mirroring Mirrors traffic from remote switches over a dedicated VLAN
Congestion Control Rate Limiting
Static Address Up to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward Switching Supported to ensure wire-speed switching while eliminating bad frames
Spanning Tree Algorithm Supports standard STP, and Rapid Spanning Tree Protocol (RSTP) and
Backup to TFTP server
Port – IEEE 802.1X, MAC address filtering
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Telnet – SSH
Web – HTTPS
DHCP Snooping (with Option 82 relay information)
IP Source Guard
Network Access – MAC Address Authentication
Port Authentication – IEEE 802.1X,
Port Security – MAC address filtering
Private VLANs
Throttling for broadcast, multicast, unknown unicast storms
Multiple Spanning Trees (MSTP)
1-1
Introduction
1
Table 1-1 Key Features (Continued)
Feature Description
Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based or private VLANs,
Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or
Qualify of Service Supports Differentiated Services (DiffServ)
Link Layer Discovery Protocol Used to discover basic information about neighboring devices
Multicast Filtering Supports IGMP snooping and query, profile filtering, as well as Multicast
Switch Clustering Supports up to 16 Member switches in a cluster
Tunneling Supports IEEE 802.1Q tunneling (QinQ)
and voice VLANs
Differentiated Services Code Point (DSCP), and TCP/UDP Port
VLAN Registration
Description of Software Features
The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Storm suppression prevents broadcast, multicast or unknown unicast
traffic storms from engulfing the network. Port-based, protocol based and private
VLANs, plus support for automatic GVRP VLAN registration provide traffic security
and efficient use of network bandwidth. CoS priority queueing ensures the minimum
delay for moving real-time multimedia data across the network. While multicast
filtering provides support for real-time network applications. Some of the
management features are briefly described below.
Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.
Authentication – This switch authenticates management access via the console
port, Telnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1X protocol. This
protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request
user credentials from the 802.1X client, and then verifies the client’s right to access
the network via an authentication server.
Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/web/Telnet management access.
MAC address filtering and IP source guard also provide authenticated port access.
While DHCP snooping is provided to prevent malicious attacks from insecure ports.
Access Control Lists – ACLs provide packet filtering for IP frames (based on
address, protocol, Layer 4 protocol port number or TCP control code) or any frames
1-2
Loading...