Page 1
1
www.edge-core.com
ES3628EA L3 24 10/100
Ports + 4GE Fast Ethernet
Switch
Page 2
2
Preface
ES3628EA L3 Fast Ethernet Switch is a high performance routing switch released
by Edge-Core that can be deployed as an aggregation device for enterprise and campus
networks.ES3628EA L3 Fast Ethernet Switch support a variety of network interfaces from
100Mb to 1000Mb Ethernet.
We are providing this manual for your better understanding, use and maintenance of
the ES3628EA L3 Fast Ethernet Switch. We strongly recommend you to read through
this manual carefully before installation and configuration to avoid possible malfunction or
damage to the switch. Furthermore, we sincerely hope our products and services satisfy
you.
Page 3
3
Content
CHAPTER 1 SWITCH MANAGEMENT.........................................................................................17
1.1 MANAGEMENT OPTIONS........................................................................................... 17
1.1.1 Out-Of-Band Management.............................................................................. 17
1.1.2 In-band Management...................................................................................... 21
1.1.3 Management Via Telnet .................................................................................. 21
1.1.4 Management Via HTTP................................................................................... 23
1.2 MANAGEMENT INTERFACE ........................................................................................ 26
1.2.1 CLI Interface ................................................................................................... 26
1.2.2 Configuration Modes....................................................................................... 26
1.2.3 Configuration Syntax....................................................................................... 29
1.2.4 Shortcut Key Support...................................................................................... 30
1.2.5 Help Function.................................................................................................. 30
1.2.6 Input Verification ............................................................................................. 31
1.2.7 Fuzzy Match Support ...................................................................................... 31
1.3 WEB MANAGEMENT ................................................................................................. 32
1.3.1 Main Page....................................................................................................... 32
1.3.2 Module Front Panel......................................................................................... 32
CHAPTER 2 BASIC SWITCH CONFIGURATION........................................................................34
2.1 BASIC SWITCH CONFIGURATION COMMANDS............................................................. 34
2.1.1 Commands For Basic Configuration ............................................................... 34
2.2 MONITOR AND DEBUG COMMAND.............................................................................. 48
2.2.1 Ping................................................................................................................. 48
2.2.2 Ping6............................................................................................................... 48
2.2.3 Telnet .............................................................................................................. 48
2.2.4 SSH ................................................................................................................ 51
2.2.5 Traceroute....................................................................................................... 54
2.2.6 Traceroute6..................................................................................................... 55
2.2.7 Show............................................................................................................... 55
2.2.8 Debug ............................................................................................................. 61
2.2.9 System log ...................................................................................................... 61
2.3 CONFIGURATE SWITCH IP ADDRESSES...................................................................... 66
2.3.1 Switch IP Addresses Configuration Task List .................................................. 67
2.3.2 Commands For Configuring Switch IP ............................................................ 67
2.4 SNMP CONFIGURATION ........................................................................................... 69
Page 4
4
2.4.1 Introduction To SNMP ..................................................................................... 69
2.4.2 SNMP Configuration Task List......................................................................... 71
2.4.3 Commands For SNMP.................................................................................... 73
2.4.4 Typical SNMP Configuration Examples........................................................... 83
2.4.5 SNMP Troubleshooting ................................................................................... 84
2.5 SWITCH UPGRADE ................................................................................................... 85
2.5.1 Switch System Files........................................................................................ 85
2.5.2 BootROM Upgrade ......................................................................................... 86
2.5.3 FTP/TFTP Upgrade......................................................................................... 88
2.5.4 FTP/TFTP Configuration Examples ................................................................ 96
2.5.5 FTP/TFTP Troubleshooting ........................................................................... 100
2.6 JUMBO CONFIGURATION......................................................................................... 102
2.6.1 Jumbo Introduction ....................................................................................... 102
2.6.2 Jumbo Configuration Task Sequence............................................................ 102
2.6.3 Commands for Jumbo................................................................................... 102
2.7 TACACS+ CONFIGURATION ................................................................................... 103
2.7.1 TACACS+ Introduction .................................................................................. 103
2.7.2 TACACS+ Configurations.............................................................................. 103
2.7.3 Commands for TACACS+ ............................................................................. 104
2.7.4 Typical TACACS+ Scenarios......................................................................... 106
2.7.5 TACACS+ Troubleshooting ........................................................................... 106
2.8 WEB MANAGEMENT ............................................................................................... 107
2.8.1 Switch Basic Configuration ........................................................................... 107
2.8.2 SNMP Configuration ..................................................................................... 107
2.8.3 Switch upgrade ..............................................................................................110
2.8.4 Commands for Monitor And Debug ................................................................113
2.8.5 Switch Maintenance.......................................................................................114
2.8.6 Telnet server configuration .............................................................................115
2.8.7 Telnet server user configuration .....................................................................11 5
2.8.8 Telnet security IP............................................................................................115
CHAPTER 3 PORT CONFIGURATION........................................................................................117
3.1 INTRODUCTION TO PORT .........................................................................................117
3.2 PORT CONFIGURATION............................................................................................117
3.2.1 Network Port Configuration............................................................................117
3.2.2 VLAN Interface Configuration ....................................................................... 124
3.3 PORT MIRRORING CONFIGURATION......................................................................... 126
3.3.1 Introduction to Port Mirroring......................................................................... 126
3.3.2 Port Mirroring Configuration Task List ........................................................... 127
Page 5
5
3.3.3 Commands for Mirroring Configuration ......................................................... 127
3.3.4 Device Mirroring Troubleshooting ................................................................. 128
3.4 PORT CONFIGURATION EXAMPLE............................................................................ 129
3.5 PORT TROUBLESHOOTING...................................................................................... 130
3.6 WEB MANAGEMENT ............................................................................................... 130
3.6.1 Ethernet port configuration............................................................................ 130
3.6.2 Physical port configuration............................................................................ 130
3.6.3 Bandwidth control ......................................................................................... 131
3.6.4 Vlan interface configuration........................................................................... 132
3.6.5 Allocate IP address for L3 port ...................................................................... 132
3.6.6 L3 port IP addr mode configuration............................................................... 132
3.6.7 Port mirroring configuration........................................................................... 133
3.6.8 Mirror configuration ....................................................................................... 133
3.6.9 Port debug and maintenance ........................................................................ 133
3.6.10 Show port information ................................................................................. 133
CHAPTER 4 PORT CHAN NEL CONFIGURA TIO N....................................................................135
4.1 INTRODUCTION TO PORT CHANNEL ......................................................................... 135
4.2 PORT CHANNEL CONFIGURATION TASK LIST ............................................................ 136
4.3 COMMANDS FOR PORT CHANNEL............................................................................. 137
4.3.1 debug lacp .................................................................................................... 137
4.3.2 port-group ..................................................................................................... 137
4.3.3 port-group mode ........................................................................................... 138
4.3.4 interface port-channel ................................................................................... 139
4.3.5 show port-group ............................................................................................ 139
4.4 PORT CHANNEL EXAMPLE ...................................................................................... 143
4.5 PORT CHANNEL TROUBLESHOOTING....................................................................... 145
4.6 WEB MANAGEMENT ............................................................................................... 146
4.6.1 LACP port group configuration...................................................................... 146
4.6.2 LACP port configuration................................................................................ 146
CHAPTER 5 VLAN CONFIGURATION........................................................................................148
5.1 VLAN CONFIGURATION.......................................................................................... 148
5.1.1 Introduction To VLAN .................................................................................... 148
5.1.2 VLAN Configuration Task List ....................................................................... 149
5.1.3 Commands For Vlan Configuration............................................................... 150
5.1.4 Typical VLAN Application .............................................................................. 156
5.2 GVRP CONFIGURATION ......................................................................................... 158
5.2.1 Introduction to GVRP .................................................................................... 158
Page 6
6
5.2.2 GVRP Configuration Task List....................................................................... 158
5.2.3 Commands for GVRP ................................................................................... 159
5.2.4 Typical GVRP Application ............................................................................. 162
5.2.5 GVRP Troubleshooting ................................................................................. 164
5.3 DOT1Q-TUNNEL CONFIGURATION............................................................................ 164
5.3.1 Dot1q-tunnel Introduction.............................................................................. 164
5.3.2 Dot1q-tunnel Configuration ........................................................................... 166
5.3.3 Dot1q-Tunnel Configuration Command......................................................... 166
5.3.4 Typical Applications Of The Dot1q-tunnel ..................................................... 168
5.3.5 Dot1q-tunnel Troubleshooting ....................................................................... 169
5.4 DYNAMIC VLAN CONFIGURATION ........................................................................... 169
5.4.1 Dynamic VLAN Introduction .......................................................................... 169
5.4.2 Dynamic VLAN Configuration ....................................................................... 170
5.4.3 Dynamic VLAN Troubleshooting ................................................................... 171
CHAPTER 6 MAC TABLE CONFIGURATION............................................................................173
6.1 INTRODUCTION TO MAC TABLE............................................................................... 173
6.1.1 Obtaining MAC Table .................................................................................... 173
6.1.2 Forward or Filter............................................................................................ 175
6.2 MAC ADDRESS TABLE CONFIGURATION TASK LIST .................................................. 176
6.3 COMMANDS FOR MAC ADDRESS TABLE CONFIGURATION .......................................... 177
6.3.1 mac-address-table ........................................................................................ 177
6.3.2 show mac-address-table............................................................................... 177
6.4 TYPICAL CONFIGURATION EXAMPLES ...................................................................... 178
6.5 TROUBLESHOOTING ............................................................................................... 179
6.6 MAC ADDRESS FUNCTION EXTENSION ................................................................... 179
6.6.1 MAC Address Binding................................................................................... 179
CHAPTER 7 MSTP CONFIGURATION ........................................................................................187
7.1 MSTP INTRODUCTION............................................................................................ 187
7.1.1 MSTP Region................................................................................................ 187
7.1.2 Port Roles ..................................................................................................... 189
7.1.3 MSTP Load Balance ..................................................................................... 189
7.2 MSTP CONFIGURATION TASK LIST.......................................................................... 189
7.3 COMMANDS FOR MSTP ......................................................................................... 193
7.3.1 abort.............................................................................................................. 193
7.3.2 exit ................................................................................................................ 193
7.3.3 instance vlan ................................................................................................. 194
7.3.4 name............................................................................................................. 194
Page 7
7
7.3.5 revision-level ................................................................................................. 195
7.3.6 spanning-tree ................................................................................................ 195
7.3.7 spanning-tree format..................................................................................... 196
7.3.8 spanning-tree forward-time ........................................................................... 197
7.3.9 spanning-tree hello-time................................................................................ 197
7.3.10 spanning-tree link-type p2p......................................................................... 197
7.3.11 spanning-tree maxage................................................................................. 198
7.3.12 spanning-tree max-hop ............................................................................... 198
7.3.13 spanning-tree mcheck................................................................................. 199
7.3.14 spanning-tree mode .................................................................................... 199
7.3.15 spanning-tree mst configuration.................................................................. 200
7.3.16 spanning-tree mst cost................................................................................ 200
7.3.17 spanning-tree mst port-priority .................................................................... 201
7.3.18 spanning-tree mst priority............................................................................ 201
7.3.19 spanning-tree portfast ................................................................................. 202
7.3.20 spanning-tree digest-snooping.................................................................... 202
7.3.21 spanning-tree tcflush (global mode)............................................................ 203
7.3.22 spanning-tree tcflush (port mode) ............................................................... 203
7.4 MSTP EXAMPLE.................................................................................................... 204
7.5 MSTP TROUBLESHOOTING .................................................................................... 209
7.5.1 Commands for Monitor And Debug ............................................................... 209
7.6 WEB MANAGEMENT ............................................................................................... 213
7.6.1 MSTP field operation..................................................................................... 213
7.6.2 MSTP port operation..................................................................................... 214
7.6.3 MSTP global control...................................................................................... 215
7.6.4 Show MSTP setting....................................................................................... 216
CHAPTER 8 QOS CONFIGURATION........................................................................................218
8.1 INTRODUCTION TO QOS ......................................................................................... 218
8.1.1 QoS Terms .................................................................................................... 218
8.1.2 QoS Implementation ..................................................................................... 219
8.1.3 Basic QoS Model .......................................................................................... 220
8.2 QOS CONFIGURATION TASK LIST ............................................................................ 223
8.3 COMMANDS FOR QOS............................................................................................ 227
8.3.1 class.............................................................................................................. 227
8.3.2 class-map...................................................................................................... 227
8.3.3 match ............................................................................................................ 228
8.3.4 set ................................................................................................................. 229
8.3.5 mls qos.......................................................................................................... 229
Page 8
8
8.3.6 mls qos cos................................................................................................... 229
8.3.7 mls qos aggregate-policer............................................................................. 230
8.3.8 mls qos trust.................................................................................................. 231
8.3.9 mls qos dscp-mutation .................................................................................. 231
8.3.10 mls qos map................................................................................................ 232
8.3.11 police ........................................................................................................... 233
8.3.12 police aggregate ......................................................................................... 234
8.3.13 policy-map................................................................................................... 234
8.3.14 queue mode ................................................................................................ 235
8.3.15 service-policy .............................................................................................. 235
8.3.16 queue bandwidth......................................................................................... 236
8.3.17 wrr-queue cos-map ..................................................................................... 236
8.4 QOS EXAMPLE ...................................................................................................... 236
8.5 QOS TROUBLESHOOTING ....................................................................................... 239
8.5.1 Commands for Monitor And Debug ............................................................... 240
CHAPTER 9 L3 FORWARD CONFIGURATION.........................................................................245
9.1 LAYE R 3 INTERFACE............................................................................................... 245
9.1.1 Introduction to Layer 3 Interface ................................................................... 245
9.1.2 Layer 3 Interface Configuration Task List ...................................................... 245
9.1.3 Commands for Layer 3 Interface................................................................... 246
9.2 IP CONFIGURATION ................................................................................................ 246
9.2.1 Introduction to IPv4, IPv6.............................................................................. 246
9.2.2 IP Configuration ............................................................................................ 249
9.2.3 IP Configuration Examples............................................................................ 262
9.2.4 IP Troubleshooting ........................................................................................ 267
9.3 IP FORWARDING .................................................................................................... 277
9.3.1 Introduction to IP Forwarding........................................................................ 277
9.3.2 IP Route Aggregation Configuration Task ..................................................... 277
9.3.3 Commands for IP Route Aggregation............................................................ 277
9.4 ARP ..................................................................................................................... 278
9.4.1 Introduction to ARP....................................................................................... 278
9.4.2 ARP Configuration Task List.......................................................................... 278
9.4.3 Commands for ARP Configuration ................................................................ 279
CHAPTER 10 DHCP CONFIGURATION......................................................................................283
10.1 INTRODUCTION TO DHCP..................................................................................... 283
10.2 DHCP SERVER CONFIGURATION .......................................................................... 284
10.2.1 DHCP Sever Configuration Task List .......................................................... 284
Page 9
9
10.2.2 DHCP Server Configuration Commands..................................................... 286
10.3 DHCP RELAY CONFIGURATION............................................................................. 294
10.3.1 DHCP Relay Configuration Task List........................................................... 295
10.3.2 DHCP Relay Configuration Commands ...................................................... 296
10.4 DHCP CONFIGURATION EXAMPLE ........................................................................ 298
10.5 DHCP TROUBLESHOOTING .................................................................................. 301
10.5.1 Commands for Monitor and Debug ............................................................. 301
10.6 WEB MANAGEMENT ............................................................................................. 304
10.6.1 DHCP server configuration ......................................................................... 304
10.6.2 DHCP debugging ........................................................................................ 309
CHAPTER 11 SNTP CONFIGURATION .......................................................................................311
11.1 INTRODUCTION TO SNTP ......................................................................................311
11.2 COMMANDS FOR SNTP........................................................................................ 312
11.2.1 Clock timezone............................................................................................ 312
11.2.2 sntp server .................................................................................................. 313
11.2.3 sntp poll ....................................................................................................... 313
11.2.4 debug sntp .................................................................................................. 313
11.2.5 show sntp .................................................................................................... 314
11.3 TYPICAL SNTP CONFIGURATION EXAMPLES .......................................................... 314
11.4 WEB MANAGEMENT.............................................................................................. 315
11.4.1 SNMP/NTP server configuration ................................................................. 315
11.4.2 Request interval configuration ..................................................................... 315
11.4.3 Time difference............................................................................................ 315
11.4.4 Show SNTP................................................................................................. 316
CHAPTER 12 PREVENT ARP, ND SPOOFING CONFIGURATION ........................................317
12.1 OVERVIEW........................................................................................................... 317
12.1.1 ARP ( Address Resolution Protocol)............................................................ 317
12.1.2 ARP Spoofing.............................................................................................. 317
12.1.3 How to prevent void ARP/ND Spoofing for our Layer 3 Switch ................... 318
12.2 PREVENT ARP, ND SPOOFING CONFIGURATION..................................................... 318
12.2.1 Prevent ARP, ND Spoofing Configuration Task List..................................... 318
12.3 COMMANDS FOR PREVENTING ARP, ND SPOOFING............................................... 319
12.3.1 ip arp-security updateprotect....................................................................... 319
12.3.2 ipv6 nd-security updateprotect .................................................................... 320
12.3.3 ip arp-security learnprotect.......................................................................... 320
12.3.4 ipv6 nd learnprotect .................................................................................... 320
12.3.5 ip arp-security convert................................................................................. 321
Page 10
10
12.3.6 ipv6 nd-security convert .............................................................................. 321
12.3.7 clear ip arp dynamic.................................................................................... 321
12.3.8 clear ipv6 nd dynamic ................................................................................. 321
12.4 PREVENT ARP, ND SPOOFING EXAMPLE............................................................... 322
CHAPTER 13 ROUTING PR OTOCOL..........................................................................................324
13.1 ROUTING PROTOCOL OVERVIEW........................................................................... 324
13.1.1 Routing Table .............................................................................................. 325
13.2 IP ROUTING POLICY............................................................................................. 326
13.2.1 Introduction To Routing Policy..................................................................... 326
13.2.2 IP Routing Policy Configuration Task List.................................................... 328
13.2.3 Commands for Routing Policy..................................................................... 332
13.2.4 Configuration Examples.............................................................................. 344
13.2.5 Troubleshooting .......................................................................................... 345
13.3 STATI C ROUTE ..................................................................................................... 348
13.3.1 Introduction to Static Route......................................................................... 348
13.3.2 Introduction to Default Route ...................................................................... 348
13.3.3 Static Route Configuration Task List............................................................ 349
13.3.4 Commands for Static Route ........................................................................ 349
13.3.5 Configuration Examples.............................................................................. 353
13.4 RIP..................................................................................................................... 354
13.4.1 Introduction to RIP ...................................................................................... 354
13.4.2 RIP Configuration Task List......................................................................... 356
13.4.3 Commands for RIP ..................................................................................... 361
13.4.4 RIP Examples ............................................................................................. 377
13.4.5 RIP Troubleshooting.................................................................................... 380
13.5 RIPNG ................................................................................................................ 385
13.5.1 Introduction to RIPng .................................................................................. 385
13.5.2 RIPng Configuration Task List ..................................................................... 387
13.5.3 Commands For RIPng ................................................................................ 390
13.5.4 RIPng Configuration Examples ................................................................... 396
13.5.5 RIPng Troubleshooting................................................................................ 397
13.6 OSPF................................................................................................................. 401
13.6.1 Introduction to OSPF .................................................................................. 401
13.6.2 OSPF Configuration Task List ..................................................................... 405
13.6.3 Commands for OSPF.................................................................................. 409
13.6.4 OSPF Example ........................................................................................... 430
13.6.5 OSPF Troubleshooting................................................................................ 439
13.7 OSPFV3............................................................................................................. 447
Page 11
11
13.7.1 Introduction to OSPFv3............................................................................... 447
13.7.2 OSPFv3 Configuration Task List ................................................................. 451
13.7.3 Commands for OSPFV3 ............................................................................. 455
13.7.4 OSPFv3 Examples...................................................................................... 465
13.7.5 OSPFv3 Troubleshooting............................................................................ 467
13.8 BGP ................................................................................................................... 475
13.8.1 BGP Introduction......................................................................................... 475
13.8.2 BGP Configuration Task List ....................................................................... 478
13.8.3 Commands for BGP.................................................................................... 491
13.8.4 Configuration Examples of BGP ................................................................. 530
13.8.5 BGP Troubleshooting .................................................................................. 538
13.9 MBGP4+ ............................................................................................................ 550
13.9.1 MBGP4+ Introduction.................................................................................. 550
13.9.2 MBGP4+ Configures Mission List ............................................................... 550
13.9.3 MBGP4+ Examples..................................................................................... 550
13.9.4 MBGP4+ Troubleshooting........................................................................... 552
CHAPTER 14 IGMP SNOOPING....................................................................................................553
14.1 INTRODUCTION TO IGMP SNOOPING..................................................................... 553
14.2 IGMP SNOOPING CONFIGURATION TASK............................................................... 553
14.3 COMMANDS FOR IGMP SNOOPING ....................................................................... 555
14.3.1 ip igmp snooping vlan ................................................................................. 555
14.3.2 ip igmp snooping vlan immediate-leave ...................................................... 555
14.3.3 ip igmp snooping vlan l2-general-querier .................................................... 555
14.3.4 ip igmp snooping vlan limit.......................................................................... 556
14.3.5 ip igmp snooping vlan mrouter-port interface .............................................. 556
14.3.6 ip igmp snooping vlan mrpt ......................................................................... 557
14.3.7 ip igmp snooping vlan query-interval........................................................... 557
14.3.8 ip igmp snooping vlan query-mrsp .............................................................. 558
14.3.9 ip igmp snooping vlan query-robustness..................................................... 558
14.3.10 ip igmp snooping vlan suppression-query-time ......................................... 558
14.4 IGMP SNOOPING EXAMPLE.................................................................................. 559
14.5 IGMP SNOOPING TROUBLESHOOTING .................................................................. 561
14.5.1 Commands for Monitor And Debug............................................................. 561
CHAPTER 15 MULTICAST VLAN.................................................................................................565
15.1 INTRODUCTIONS TO MULTICAST VLAN.................................................................. 565
15.2 MULTICAST VLAN CONFIGURATION TASK.............................................................. 565
15.3 COMMANDS FOR MULTICAST VLAN...................................................................... 566
Page 12
12
15.3.1 multicast-vlan .............................................................................................. 566
15.3.2 multicast-vlan association<vlan-list>........................................................... 566
15.4 EXAMPLES OF MULTICAST VLAN.......................................................................... 567
CHAPTER 16 IPV4 MULTICAST PROTOCOL...........................................................................569
16.1 IPV4 MULTICAST PROTOCOL OVERVIEW................................................................ 569
16.1.1 Introduction to Multicast .............................................................................. 569
16.1.2 Multicast Address........................................................................................ 570
16.1.3 IP Multicast Packet Transmission................................................................ 571
16.1.4 IP Multicast Application ............................................................................... 572
16.2 PIM-DM ............................................................................................................. 572
16.2.1 Introduction to PIM-DM ............................................................................... 572
16.2.2 PIM-DM Configuration Task List.................................................................. 573
16.2.3 Commands for PIM-DM .............................................................................. 575
16.2.4 PIM-DM Configuration Examples................................................................ 576
16.2.5 PIM-DM Troubleshooting ............................................................................ 577
16.3 PIM-SM.............................................................................................................. 580
16.3.1 Introduction to PIM-SM ............................................................................... 580
16.3.2 PIM-SM Configuration Task List .................................................................. 581
16.3.3 Commands for PIM-SM............................................................................... 584
16.3.4 PIM-SM Configuration Examples ................................................................ 593
16.3.5 PIM-SM Troubleshooting............................................................................. 595
16.4 DVMRP.............................................................................................................. 604
16.4.1 Introduction to DVMRP ............................................................................... 604
16.4.2 Configuration Task List................................................................................ 605
16.4.3 Commands for DVMRP............................................................................... 607
16.4.4 DVMRP Configuration Examples ................................................................ 610
16.4.5 DVMRP Troubleshooting..............................................................................611
16.5 ECSCM.............................................................................................................. 615
16.5.1 Introduction to ECSCM ............................................................................... 615
16.5.2 ECSCM Configuration Task List .................................................................. 616
16.5.3 Commands for ECSCM............................................................................... 619
16.5.4 ECSCM Configuration Examples ................................................................ 624
16.5.5 ECSCM Troubleshooting............................................................................. 625
16.6 IGMP ................................................................................................................. 627
16.6.1 Introduction to IGMP ................................................................................... 627
16.6.2 Configuration Task List................................................................................ 629
16.6.3 Commands for IGMP .................................................................................. 631
16.6.4 IGMP Configuration Example...................................................................... 636
Page 13
13
16.6.5 IGMP Troubleshooting ................................................................................ 637
CHAPTER 17 IPV6 MULTICAST PROTOCOL...........................................................................641
17.1 PIM-DM6............................................................................................................ 641
17.1.1 Introduction to PIM-DM6 ............................................................................. 641
17.1.2 PIM-DM Configuration Task List.................................................................. 642
17.1.3 Commands for PIM-DM6 ............................................................................ 644
17.1.4 PIM-DM Typical Application ........................................................................ 647
17.1.5 PIM-DM Troubleshooting ............................................................................ 648
17.2 PIM-SM6............................................................................................................ 651
17.2.1 Introduction to PIM-SM6 ............................................................................. 651
17.2.2 PIM-SM Configuration Task List .................................................................. 653
17.2.3 Commands for PIM-SM............................................................................... 655
17.2.4 PIM-SM Typical Application......................................................................... 663
17.2.5 PIM-SM Troubleshooting............................................................................. 665
17.3 MLD ................................................................................................................... 675
17.3.1 Introduction to MLD..................................................................................... 675
17.3.2 MLD Configuration Task List ....................................................................... 675
17.3.3 Commands for MLD.................................................................................... 677
17.3.4 MLD Typical Application .............................................................................. 682
17.3.5 MLD Troubleshooting.................................................................................. 683
CHAPTER 18 ACL CONFIGURATION.........................................................................................687
18.1 INTRODUCTION TO ACL........................................................................................ 687
18.1.1 Access-list................................................................................................... 687
18.1.2 Access-group .............................................................................................. 687
18.1.3 Access-list Action and Global Default Action ............................................... 688
18.2 ACL CONFIGURATION........................................................................................... 688
18.2.1 ACL Configuration Task Sequence.............................................................. 688
18.2.2 Commands for ACL..................................................................................... 700
18.3 ACL EXAMPLE ..................................................................................................... 719
18.4 ACL TROUBLESHOOTING...................................................................................... 720
18.4.1 Commands for Monitor And Debug............................................................. 721
18.5 WEB MANAGEMENT ............................................................................................. 724
18.5.1 Numeric standard ACL configuration........................................................... 724
18.5.2 Delete numeric IP ACL................................................................................ 725
18.5.3 Configure the numeric extended ACL ......................................................... 725
18.5.4 Configure and delete the standard ACL name ............................................ 727
18.5.5 Configure extended ACL name configuration.............................................. 728
Page 14
14
18.5.6 Firewall configuration .................................................................................. 728
18.5.7 ACL port binding.......................................................................................... 728
CHAPTER 19 802.1X CONFIGURATION .....................................................................................730
19.1 INTRODUCTION TO 802.1X .................................................................................... 730
19.2 802.1X CONFIGURATION TASK LIST....................................................................... 731
19.3 COMMANDS FOR 802.1X ...................................................................................... 735
19.3.1 aaa enable .................................................................................................. 735
19.3.2 aaa-accounting enable................................................................................ 735
19.3.3 dot1x accept-mac........................................................................................ 736
19.3.4 dot1x eapor enable ..................................................................................... 736
19.3.5 dot1x enable ............................................................................................... 737
19.3.6 dot1x macfilter enable................................................................................. 737
19.3.7 dot1x max-req ............................................................................................. 738
19.3.8 dot1x max-user ........................................................................................... 738
19.3.9 dot1x port-control ........................................................................................ 738
19.3.10 dot1x port-method..................................................................................... 739
19.3.11 dot1x re-authenticate................................................................................. 739
19.3.12 dot1x re-authentication.............................................................................. 740
19.3.13 dot1x timeout quiet-period......................................................................... 740
19.3.14 dot1x timeout re-authperiod ...................................................................... 740
19.3.15 dot1x timeout tx-period.............................................................................. 741
19.3.16 radius-server accounting host ................................................................... 741
19.3.17 radius-server authentication host .............................................................. 742
19.3.18 radius-server dead-time ............................................................................ 743
19.3.19 radius-server key ...................................................................................... 743
19.3.20 radius-server retransmit ............................................................................ 744
19.3.21 radius-server timeout ................................................................................ 744
19.4 802.1X APPLICATION EXAMPLE ............................................................................. 745
19.5 802.1X TROUBLESHOOTING ................................................................................. 745
19.5.1 Commands for Monitor and debug.............................................................. 746
19.6 WEB MANAGEMENT ............................................................................................. 752
19.6.1 RADIUS client configuration........................................................................ 752
19.6.2 802.1X configuration ................................................................................... 754
CHAPTER 20 VRRP CONFIGURATION......................................................................................758
20.1 INTRODUCTION TO VRRP..................................................................................... 758
20.2 CONFIGURATION TASK LIST .................................................................................. 759
20.3 COMMANDS FOR VRRP ....................................................................................... 761
Page 15
15
20.3.1 advertisement-interval................................................................................. 761
20.3.2 circuit-failover.............................................................................................. 761
20.3.3 debug vrrp................................................................................................... 762
20.3.4 disable......................................................................................................... 762
20.3.5 enable ......................................................................................................... 763
20.3.6 interface ...................................................................................................... 763
20.3.7 preempt-mode............................................................................................. 763
20.3.8 priority ......................................................................................................... 764
20.3.9 router vrrp ................................................................................................... 764
20.3.10 show vrrp .................................................................................................. 765
20.3.11 virtual-ip..................................................................................................... 765
20.4 TYPICAL VRRP SCENARIO ................................................................................... 766
20.5 VRRP TROUBLESHOOTING .................................................................................. 767
20.6 WEB MANAGEMENT ............................................................................................. 767
20.6.1 Create VRRP Number................................................................................. 767
20.6.2 Configure VRRP Dummy IP........................................................................ 768
20.6.3 Configure VRRP Port.................................................................................. 768
20.6.4 Activate Virtual Router................................................................................. 768
20.6.5 Configure Preemptive Mode For VRRP ...................................................... 768
20.6.6 Configure VRRP priority.............................................................................. 769
20.6.7 Configure VRRP Timer interval ................................................................... 769
20.6.8 Configure VRRP Interface Monitor.............................................................. 769
20.6.9 Configure Authentication Mode For VRRP.................................................. 769
CHAPTER 21 MRPP CONFIGURATION......................................................................................771
21.1 MRPP INTRODUCTION ......................................................................................... 771
21.1.1 Conception Introduction .............................................................................. 771
21.1.2 MRPP Protocol Packet Types ..................................................................... 772
21.1.3 MRPP Protocol Operation System.............................................................. 773
21.2 MRPP CONFIGURATION TASK LIST ....................................................................... 774
21.3 COMMANDS FOR MRPP ...................................................................................... 775
21.3.1 clear mrpp statistics .................................................................................... 775
21.3.2 control-vlan ................................................................................................. 775
21.3.3 debug mrpp................................................................................................. 776
21.3.4 enable ......................................................................................................... 776
21.3.5 fail-timer ...................................................................................................... 777
21.3.6 hello-timer ................................................................................................... 777
21.3.7 mrpp enable ................................................................................................ 778
21.3.8 mrpp ring..................................................................................................... 778
Page 16
16
21.3.9 node-mode.................................................................................................. 779
21.3.10 primary-port............................................................................................... 779
21.3.11 secondary-port .......................................................................................... 779
21.3.12 show mrpp ................................................................................................ 780
21.3.13 show mrpp statistics.................................................................................. 780
21.4 MRPP TYPICAL SCENARIO.................................................................................... 780
21.4.1 MRPP typical scenario 1............................................................................. 780
21.4.2 MRPP typical scenario 2............................................................................. 782
21.4.3 MRPP typical scenario 3............................................................................. 786
21.5 MRPP TROUBLESHOOTING .................................................................................. 789
CHAPTER 22 CLUSTER CONFIGURATION ..............................................................................790
22.1 INTRODUCTION TO CLUSTER NETWORK MANAGEMENT ............................................ 790
22.2 CLUSTER NETWORK MANAGEMENT CONFIGURATION SEQUENCE............................ 791
22.3 COMMANDS FOR CLUSTER.................................................................................... 793
22.3.1 cluster run ................................................................................................... 793
22.3.2 cluster register timer ................................................................................... 793
22.3.3 cluster ip-pool.............................................................................................. 794
22.3.4 cluster commander ..................................................................................... 794
22.3.5 cluster member ........................................................................................... 795
22.3.6 cluster auto-add enable............................................................................... 795
22.3.7 rcommand member..................................................................................... 796
22.3.8 rcommand commander ............................................................................... 796
22.3.9 cluster reset member .................................................................................. 797
22.3.10 cluster update member ............................................................................. 797
22.3.11 cluster holdtime ......................................................................................... 798
22.3.12 cluster heartbeat ....................................................................................... 798
22.3.13 clear cluster candidate-table ..................................................................... 799
22.4 EXAMPLES OF CLUSTER ADMINISTRATION ............................................................. 799
22.5 CLUSTER ADMINISTRATION TROUBLESHOOTING..................................................... 800
22.5.1 Cluster Administration Debugging and Monitoring Command..................... 800
Page 17
17
Chapter 1 Switch Management
1.1 Management Options
After purchasing the switch, the user needs to configure the switch for network
management. ES3628EA Switch provides two management options: in-band
management and out-of-band management.
1.1.1 Out-Of-Band Management
Out-of-band management is the management through Console interface. Generally,
the user will use out-of-band management for the initial switch configuration, or when
in-band management is not available. For instance, the user must assign an IP address
to the switch via the Console interface to be able to access the switch through Telnet.
The procedures for managing the switch via Console interface are listed below:
Step 1: setting up the environment:
Fig 1-1 Out-of-band Management Configuration Environment
As shown in Fig 1-1, the serial port (RS-232) is connected to the switch with the
serial cable provided. The table below lists all the devices used in the connection.
Device Name Description
PC machine Has functional keyboard and RS-232, with terminal
emulator installed, such as HyperTerminal included in
Windows 9x/NT/2000/XP.
connect with serial port
Page 18
18
Serial port cable One end attach to the RS-232 serial port, the other end to
the Console port.
ES3628EA Functional Console port required.
Step 2 Entering the HyperTerminal
Open the HyperTerminal included in Windows after the connection established. The
example below is based on the HyperTerminal included in Windows XP.
1) Click Start menu - All Programs -Accessories -Communication - HyperTerminal.
Fig 1-2 Opening HyperTerminal
2) Type a name for opening HyperTerminal, such as “Switch”.
Fig 1-3 Opening HyperTerminal
3) In the “Connecting using” drop-list, select the RS-232 serial port used by the PC, e.g.
Page 19
19
COM1, and click “OK”.
Fig 1-4 Opening HyperTerminal
4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for
“Parity checksum”, “1” for stop bit and “none” for traffic control; or, you can also click
“Restore default” and click “OK”.
Fig 1-5 Opening HyperTerminal
Step 3 Entering switch CLI interface:
Power on the switch, the following appears in the HyperTerminal windows, that is the
Page 20
20
CLI configuration mode for ES3628EA Switch.
ES3628EA Management Switchcol on Interface Ethernet1
Copyright (c) 2001-2006 by Accton Technology Corporation.to DOWNs
2, chan
%Ja
%Jan 01 00:00:23 2006
All rights reserved.rface Ethernet0/0/28
Testing RAM...ttime=0. msrne
67,108,864 RAM OK. to U
Initializing...
----192
UP
o
Attaching to file system ... %LINEPROTO-5-UPDOWN: Line p
Loading nos.img ... done.t0/ackets received, 0% pac
Starting at 0x10000...
Attaching to file system ...te to DOWNn/avg/max = 0/0/0a
Switch Settings 00:00:25 2006
vlan mac: 00-03-0F-13-25-98otocol on Interface Etherne
serial number: 106120000004open requested file for rea
manufacture date: 0000/00/000/1, changed state to UPNEPR
Current time is SUN JAN 01 00:0
Copyright (C) 2001-2007 by Accton Technology Corp.e protocol on Interface Ethernet0/
[Boot]:
All rights reserved.
ate to 100M
http://www.edge-core.com/9,
The user can now enter commands to manage the switch. For a detailed description
for the commands, please refer to the following chapters.
Page 21
21
1.1.2 In-band Management
In-band management refers to the management by login to the switch using
Telnet. In-band management enables management of the switch for some devices
attached to the switch. In the case when in-band management fails due to switch
configuration changes, out-of-band management can be used for configuring and
managing the switch.
1.1.3 Management Via Telnet
To manage the switch with Telnet, the following conditions should be met:
1) Switch has an IP address configured
2) The host IP address (Telnet client) and the switch’s VLAN interface IP address is
in the same network segment.
3) If not 2), Telnet client can connect to an IP address of the switch via other
devices, such as a router.
ES3628EA Switch is a Layer 3 switch that can be configured with several IP
addresses. The following example assumes the shipment status of the switch where only
VLAN1 exists in the system.
The following describes the steps for a Telnet client to connect to the switch’s VLAN1
interface by Telnet.
Fig 1-6 Manage the switch by Telnet
Step 1: Configure the IP addresses for the switch
First is the configuration of host IP address. This should be within the same network
segment as the switch VLAN1 interface IP address. Suppose the switch VLAN interface
IP address 10.1.128.251/24. Then, a possible host IP address is 10.1.128.252/24. Run
Page 22
22
“ping 10.1.128.251” from the host and verify the result, check for reasons if ping failed.
The IP address configuration commands for VLAN1 interface are listed below.
Before in-band management, the switch must be configured with an IP address by
out-of-band management (i.e. Console mode), The configuration commands are as
follows (All switch configuration prompts are assumed to be “switch” hereafter if not
otherwise specified):
Switch>
Switch>en
Switch#config
Switch(Config)#interface vlan 1
Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.0
Switch(Config-If-Vlan1)#no shutdown
Step 2: Run Telnet Client program.
Run Telnet client program included in Windows with the specified Telnet target.
Fig 1-7 Run telnet client program included in Windows
Step 3: Login to the switch
Login to the Telnet configuration interface.Valid login name and password are
required, otherwise the switch will reject Telnet access. This is a method to protect the
switch from unauthorized access. As a result, when Telnet is enabled for configuring and
managing the switch, username and password for authorized Telnet users must be
configured with the following command:
username <user> password {0|7} <password>.
Assume an authorized user in the switch has a username of “test”, and password of
“test”, the configuration procedure should like the following:
Switch
>en
Switch#config
Switch(Config)#username test password 0 test
Page 23
23
Enter valid login name and password in the Telnet configuration interface, Telnet
user will be able to enter the switch’s CLI configuration interface. The commands used in
the Telnet CLI interface after login is the same as that in the Console interface.
Fig 1-8 Telnet Configuration Interface
1.1.4 Management Via HTTP
To manage the switch via HTTP, the following conditions should be met:
1) Switch has an IP address configured
2) The host IP address (HTTP client) and the switch’s VLAN interface IP address
are in the same network segment;
3) If 2) is not met, HTTP client should connect to an IP address of the switch via
other devices, such as a router.
Similar to management via Telnet, as soon as the host succeeds to ping an IP
address of the switch and to type the right login password, it can access the switch via
HTTP. The configuration list is as below:
Step 1: Configure the IP addresses for the switch and start the HTTP function on the
switch.
For configuring the IP address on the switch through out-of-band management, see
the relevant chapter.
To enable the WEB configuration, users should type the CLI command ip http
Page 24
24
server in the global mode as below:
Switch
>en
Switch#config
Switch(Config)#ip http server
Step 2: Run HTTP protocol on the host.
Open the Web browser on the host and type the IP address of the switch. Or run
directly the HTTP protocol on the Windows. For example, the IP address of the switch is
“10.1.128.251”.
Fig 1-9 Run HTTP Protocol
When accessing a switch with IPv6 address, it is recommended to use the Firefox
browser with 1.5 or later version. For example, if the IPv6 address of the switch is
“3ffe:506:1:2::3”, enter the switch address at the address bar: http://[3ffe:506:1:2::3],
where the address should be in the square brackets.
Step 3: Logon to the switch
To logon to the HTTP configuration interface, valid login user name and password
are required; otherwise the switch will reject HTTP access. This is a method to protect
the switch from the unauthorized access. Consequently, in order to configure the switch
via HTTP, username and password for authorized HTTP users must be configured with
the following command in the global mode:
username <username> password <show_flag> <password>.
Suppose an authorized user in the switch has a username as “test”, and password
as “test”. The configuration procedure is as below:
Switch
>en
Switch#config
Switch(Config)# username test password 0 test
The Web login interface is as below:
Page 25
25
Fig 1-10 Web Login Interface
Input the right username and password, and then the main Web configuration
interface is shown as below.
Fig 1-11 Main Web Configuration Interface
Page 26
26
1.2 Management Interface
1.2.1 CLI Interface
CLI interface is familiar to most users. As before mentioned, out-of-band
management and Telnet login are all performed through CLI interface to manage the
switch.
CLI Interface is supported by Shell program, which consists of a set of configuration
commands. Those commands are categorized according to their functions in switch
configuration and management. Each category represents a different configuration mode.
The Shell for the switch is described below:
z Configuration Modes
z Configuration Syntax
z Shortcut keys
z Help function
z Input verification
z Fuzzy match support
1.2.2 Configuration Modes
Fig 1-12 Shell Configuration Modes
1.2.2.1 User Mode
User Mode
Admin Mode
Global Mode
Interface Mode
Vlan Mode
DHCP address pool
configuration mode
Route configuration
mode
ACL configuration
mode
Page 27
27
On entering the CLI interface, entering user entry system first. If as common user, it
is defaulted to User Mode. The prompt shown is “Switch>“, the symbol “>“ is the prompt
for User Mode. When disable command is run under Admin Mode, it will also return to
the User Mode.
Under User Mode, no configuration to the switch is allowed, only clock time and
version information of the switch can be queries.
1.2.2.2 Admin Mode
To Admin Mode sees the following: In user entry system, if as Admin user, it is
defaulted to Admin Mode. Admin Mode prompt “Switch#” can be entered under the User
Mode by running the enable command and entering corresponding access levels admin
user password, if a password has been set. Or, when exit command is run under Global
Mode, it will also return to the Admin Mode. ES3628EA Switch also provides a shortcut
key sequence "Ctrl+z”, this allows an easy way to exit to Admin Mode from any
configuration mode (except User Mode).
Under Admin Mode, when disable command is run, it will return to User Mode. When
exit command is run, it will exit the entry and enter user entry system direct. Next users
can reenter the system on entering corresponding user name and password.
Under Admin Mode, the user can query the switch configuration information,
connection status and traffic statistics of all ports; and the user can further enter the
Global Mode from Admin Mode to modify all configurations of the switch. For this reason,
a password must be set for entering Admin mode to prevent unauthorized access and
malicious modification to the switch.
1.2.2.3 Global Mode
Type the config command under Admin Mode will enter the Global Mode prompt
“Switch(Config)#”. Use the exit command under other configuration modes such as
Interface Mode, VLAN mode will return to Global Mode.
The user can perform global configuration settings under Global Mode, such as MAC
Table, Port Mirroring, VLAN creation, IGMP Snooping start, GVRP and STP, etc. And the
user can go further to Interface Mode for configuration of all the interfaces.
1.2.2.4 Interface Mode
Use the interface command under Global Mode can enter the interface mode
specified. ES3628EA Switch provides three interface type: VLAN interface, Ethernet port
and port-channel, and accordingly the three interface configuration modes.
Interface Type Entry Prompt Operates Exit
VLAN Type interface Switch(Config-If- Configure Use the exit
Page 28
28
Interface vlan <Vlan-id>
command under
Global Mode.
Vlanx)# switch IPs, etc
command to
return to
Global Mode.
Ethernet Port Type interface
ethernet
<interface-list>
command under
Global Mode.
Switch(Configethernetxx)#
Configure
supported
duplex mode,
speed, etc.
of Ethernet
Port.
Use the exit
command to
return to
Global Mode.
port-channel Type interface
port-channel
<port-channel-nu
mber> command
under Global
Mode.
Switch(Config-ifport-channelx)#
Configure
port-channel
related
settings such
as duplex
mode, speed,
etc.
Use the exit
command to
return to
Global Mode.
1.2.2.5 VLAN Mode
Using the vlan <vlan-id> command under Global Mode can enter the corresponding
VLAN Mode. Under VLAN Mode the user can configure all member ports of the
corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode.
1.2.2.6 DHCP Address Pool Mode
Type the ip dhcp pool <name> command under Global Mode will enter the DHCP
Address Pool Mode prompt “Switch(Config-<name>-dhcp)#”. DHCP address pool
properties can be configured under DHCP Address Pool Mode. Run the exit command to
exit the DHCP Address Pool Mode to Global Mode.
1.2.2.7 Route Mode
Routing
Protocol
Entry Prompt Operates Exit
RIP
Routing
Protocol
Type router
rip
command
under
Global
Mode.
Switch(Config-Router-Rip)# Configure
RIP protocol
parameters.
Use the
“exit”
command to
return to
Global
Mode.
Page 29
29
OSPF
Routing
Protocol
Type router
ospf
command
under
Global
Mode.
Switch(Config-Router-Ospf)# Configure
OSPF
protocol
parameters.
Use the
“exit”
command to
return to
Global
Mode.
1.2.2.8 ACL Mode
ACL type Entry Prompt Operates Exit
Standard IP
ACL Mode
Type
access-list ip
command
under Global
Mode.
Switch(Config-Std-Nacla)#
Configure
parameters
for
Standard
IP ACL
Mode
Use the “exit”
command to
return to
Global Mode.
Extended IP
ACL Mode
Type
access-list ip
command
under Global
Mode.
Switch(Config-Ext-Naclb)#
Configure
parameters
for
Extended
IP ACL
Mode
Use the “exit”
command to
return to
Global Mode.
1.2.3 Configuration Syntax
ES3628EA Switch provides various configuration commands. Although all the
commands are different, they all abide by the syntax for ES3628EA Switch configuration
commands. The general commands format of ES3628EA Switch is shown below:
cmdtxt <variable> { enum1 | … | enumN } [option]
Conventions: cmdtxt in bold font indicates a command keyword; <variable> indicates a
variable parameter; {enum1 | … | enumN } indicates a mandatory parameter that should
be selected from the parameter set enum1~enumN; and the square bracket ([ ]) in
[option] indicate an optional parameter. There may be combinations of “< >“, “{ }” and
“[ ]” in the command line, such as [<variable>],{enum1 <variable>| enum2}, [option1
[option2]] ,etc.
Here are examples for some actual configuration commands:
y show calendar, no parameters required. This is a command with only a keyword and
Page 30
30
no parameter, just type in the command to run.
y vlan <vlan-id>, parameter values are required after the keyword.
y duplex {auto|full|half}, user can enter duplex half, duplex full or duplex auto for this
command.
y snmp-server community <string>{ro|rw}, the followings are possible:
snmp-server community <string> ro
snmp-server community <string> rw
1.2.4 Shortcut Key Support
ES3628EA Switch provides several shortcut keys to facilitate user configuration,
such as up, down, left, right and Blank Space. If the terminal does not recognize Up and
Down keys, ctrl +p and ctrl +n can be used instead.
Key(s) Function
Back Space Delete a character before the cursor, and the cursor moves back.
Up “↑” Show previous command entered. Up to ten recently entered
commands can be shown.
Down “↓” Show next command entered. When use the Up key to get
previously entered commands, you can use the Down key to
return to the next command
Left “←” The cursor moves one character to
the left.
Right “→” The cursor moves one character to
the right.
You can use the Left and
Right key to modify an
entered command.
Ctrl +p The same as Up key “↑”.
Ctrl +n The same as Down key “↓”.
Ctrl +b The same as Left key “←”.
Ctrl +f The same as Right key “→”.
Ctrl +z Return to the Admin Mode directly from the other configuration
modes ( except User Mode).
Ctrl +c Break the ongoing command process, such as ping or other
command execution.
Tab When a string for a command or keyword is entered, the Tab can
be used to complete the command or keyword if there is no
conflict.
1.2.5 Help Function
Page 31
31
There are two ways in ES3628EA Switch for the user to access help information: the
“help” command and the “?”.
Access to Help Usage and function
Help Under any command line prompt, type in “help” and press Enter will
get a brief description of the associated help system.
“?” 1. Under any command line prompt, enter “?” to get a command list
of the current mode and related brief description.
2. Enter a “?” after the command keyword with a embedded space. If
the position should be a parameter, a description of that parameter
type, scope, etc, will be returned; if the position should be a keyword,
then a set of keywords with brief description will be returned; if the
output is “<cr>“, then the command is complete, press Enter to run
the command.
3. A “?” immediately following a string. This will display all the
commands that begin with that string.
1.2.6 Input Verification
Returned Information: success
All commands entered through keyboards undergo syntax check by the Shell.
Nothing will be returned if the user entered a correct command under corresponding
modes and the execution is successful.
Returned Information: error
Output error message Explanation
Unrecognized command or illegal
parameter!
The entered command does not exist, or there
is error in parameter scope, type or format.
Ambiguous command At least two interpretations is possible basing on
the current input.
Invalid command or parameter The command is recognized, but no valid
parameter record is found.
This command is not exist in current
mode
The command is recognized, but this command
can not be used under current mode.
Please configure precursor
command "*" at first !
The command is recognized, but the
prerequisite command has not been configured.
syntax error : missing '"' before the
end of command line!
Quotation marks are not used in pairs.
1.2.7 Fuzzy Match Support
Page 32
32
ES3628EA switch shell support fuzzy match in searching command and keyword.
Shell will recognize commands or keywords correctly if the entered string causes no
conflict.
For example:
1. For command “show interfaces status Ethernet 0/0/1”, typing “sh in status E 0/0/1”
will work
2. However, for command “show running-config”, the system will report a “> Ambiguous
command!” error if only “show r” is entered, as Shell is unable to tell whether it is
“show run” or “show running-config”. Therefore, Shell will only recognize the
command if “sh ru” is entered.
1.3 Web Management
1.3.1 Main Page
ES3628EA switch routing switch provides HTTP web management function and
users can configure and monitor the status of the switch through the web interface.
To manage the switch through web browser use the following steps:
Configure valid IP address, mask and confirm gateway for the switch.
1. Configure web user management and its password
2. Connect to the switch using the web browser. Enter the username and password to
proceed to web management.
1.3.2 Module Front Panel
When entering username, password and passing authentication, you will see the
following web management main page. On the left of the management page is the main
management menu and on the right of the page system information and command
parameter are displayed. Click the main menu link to browse other management links
and to display configuration and statistic information.
Page 33
33
Fig 1-13 Module Front Panel
Page 34
34
Chapter 2 Basic Switch Configuration
2.1 Basic Switch Configuration Commands
Basic switch configuration includes commands for entering and exiting the admin
mode, commands for entering and exiting interface mode, for configuring and displaying
the switch clock, for displaying the version information of the switch system, etc.
Command Explanation
Normal User Mode/ Admin Mode
enable
disable
The User uses enable command to step into
admin mode from normal user mode. The
disable command is for exiting admin mode.
Admin Mode
config [terminal] Enter global mode from admin mode
Various Modes
Exit
Exit current mode and enter previous mode,
such as using this command in global mode
to go back to admin mode, and back to
normal user mode from admin mode
Admin Mode
calendar set <HH:MM:SS>
<YYYY.MM.DD>
Set system date and time
Show version 1 Display version information of the switch
set default Restore to the factory default
Write
Flash Memory
Save current configuration parameters to
Flash Memory
Reload Hot reset the switch
2.1.1 Commands For Basic Configuration
2.1.1.1 authentication login
Command: authentication login {local | radius | local radius | radius local}
Page 35
35
no authentication login
Function: Configure the authentication mode and priority on Telnet Server for remote
login users; the “no authentication login” command restores to the default login
authentication mode.
Default: Default login authentication mode is local.
Command mode: Global mode
Usage guide: When using authentication modes combinations, the mode at the first of
the queue is with the highest priority which receding accordingly. When a user passes
authentication mode with higher priority, the login will be granted without proceeding to
other modes with lower priority. It is to be noted that to login in only one authentication
mode is required. When using radius authentication, the AAA function must be enabled
and radius server be configured.
Example: Configure the remote login authentication mode to radius
Switch(Config)#authentication login radius
2.1.1.2 calendar set
Command: calendar set <HH> <MM> <SS> {<DD> <MON> <YYYY> | <MON> <DD>
<YYYY>}
Function: Set system date and time.
Parameter: <HH> <MM> <SS> is the current time, and the valid scope for HH is 0 to 23,
MM and SS 0 to 59; <DD> <MON> <YYYY> or <MON> <DD> <YYYY> is the current
date, month and year or the current year, month and date, and the valid scope for YYYY
is 1970~2100, MON meaning month, and DD between 1 to 31.
Command mode: Admin Mode
Default: upon first time start-up, it is defaulted to 2001.1.1 0: 0: 0.
Usage guide: The switch can not continue timing with power off, hence the current date
and time must be first set at environments where exact time is required.
Example: To set the switch current date and time to 2002.8.1 23: 0: 0:
Switch# calendar set 23 0 0 august 1 2002
2.1.1.3 config
Command: config [terminal]
Function: Enter Global Mode from Admin Mode.
Parameter: [terminal] indicates terminal configuration.
Command mode: Admin Mode
Example:
Switch#configdebug ssh-server
Page 36
36
2.1.1.4 debug ssh-server
Command: debug ssh-server
no debug ssh-server
Function: Display SSH server debugging information; the “no debug ssh-server”
command stops displaying SSH server debugging information.
Default: This function is disabled by default.
Command mode: Admin Mode
2.1.1.5 dir
Command: dir
Function: Display the files and their sizes in the Flash memory.
Command mode: Admin Mode
Example: Check for files and their sizes in the Flash memory.
Switch#dir
boot.rom 329,828 1900-01-01 00: 00: 00 --SH
boot.conf 94 1900-01-01 00: 00: 00 --SH
nos.img 2,449,496 1980-01-01 00: 01: 06 ----
startup-config 2,064 1980-01-01 00: 30: 12 ----
2.1.1.6 enable
Command: enable
Function: Enter Admin Mode from User Mode.
Command mode: User Mode
Usage Guide: To prevent unauthorized access of non-admin user, user authentication is
required (i.e. Admin user password is required) when entering Admin Mode from User
Mode. If the correct Admin user password is entered, Admin Mode access is granted; if 3
consecutive entry of Admin user password are all wrong, it remains in the User Mode.
Set the Admin user password under Global Mode with “enable password” command.
Example:
Switch>enable
password: ***** (admin)
Switch#
2.1.1.7 enable password
Command: enable password [8] <password>
no enable password
Function: Configure the password used for enter Admin Mode from the User Mode,
Page 37
37
The “no enable password” command deletes this password
Parameter: password is the configured code. Encryption will be performed by entering 8.
Command mode: Global Mode
Default: This password is empty by system default
Usage Guide: Configure this password to prevent unauthorized entering Admin Mode. It
is recommended to set the password at the initial switch configuration. Also, it is
recommended to exit Admin Mode with “exit” command when the administrator needs to
leave the terminal for a long time.
Example: Set the Admin user password to “admin”.
Switch(Config)#enable password 8 admin
2.1.1.8 exec-timeout
Command: exec-timeout <minutes > [<seconds>]
no exec-timeout
Function:Configure the timeout of exiting admin mode. The “no exec-timeout”
command restores the default value.
Parameters: < minute > is the time value shown in minute and ranges between
0~35791.<seconds> is the time value shown in seconds and ranges between
0~2147483
Command mode: Global mode
Default: Default timeout is 10 minutes.
Usage guide:To secure the switch, as well to prevent malicious actions from
unauthorized user, the time will be count from the last configuration the admin had made,
and the system will exit the admin mode at due time. It is required to enter admin code
and password to enter the admin mode again. The timeout timer will be disabled when
the timeout is set to 0.
Example: Set the admin mode timeout value to 6 minutes
Switch(Config)#exec-timeout 6
2.1.1.9 exit
Command: exit
Function: Quit current mode and return to it’s previous mode.
Command mode: All Modes
Usage Guide: This command is to quit current mode and return to it’s previous mode.
Example: Quit global mode to it’s previous mode
Switch(Config)#exit
Switch#
Page 38
38
2.1.1.10 help
Command: help
Function: Output brief description of the command interpreter help system.
Command mode: All configuration modes.
Usage Guide: An instant online help provided by the switch. Help command displays
information about the whole help system, including complete help and partial help. The
user can type in ? any time to get online help.
Example:
Switch>help
enable -- Enable Admin mode
exit -- Exit telnet session
help -- help
show -- Show running system information
2.1.1.11 hostname
Command: hostname <hostname>
Function: Set the prompt in the switch command line interface.
Parameter <hostname> is the string for the prompt, up to 30 characters are allowed.
Command mode: Global Mode
Default: The default prompt is ES3628EA switch.
Usage Guide: With this command, the user can set the CLI prompt of the switch
according to their own requirements.
Example: Set the prompt to “Test”.
Switch(Config)#hostname Test
2.1.1.12 ip host
Command: ip host <hostname> <ip_addr>
no ip host <hostname>
Function: Set the mapping relationship between the host and IP address; the “no ip
host” parameter of this command will delete the mapping.
Parameter: <hostname> is the host name, up to 15 characters are allowed; <ip_addr>
is the corresponding IP address for the host name, takes a dot decimal format.
Command mode: Global Mode
Usage Guide: Set the association between host and IP address, which can be used in
commands like “ping <host>“.
Example: Set IP address of a host with the hostname of “taiwan” to 200.121.1.1.
Switch(Config)#ip host taiwan 200.121.1.1
Page 39
39
2.1.1.13 ipv6 host
Command: ipv6 host <hostname> <ipv6_addr>
no ipv6 host <hostname>
Function: Configure the mapping relationship between the IPv6 address and the host;
the “no ipv6 host <hostname>” command deletes this mapping relationship
Parameter : <hostname> is the name of the host,containing max 15
characters;<ipv6_addr> is the IPv6 address corresponding to the host name.
Command Mode: Global Mode
Usage Guide: Configure a fixed corresponding relationship between the host and the
IPv6 address, applicable in commands such as “traceroute6 <host>”, etc.
Example: Set the IPv6 address of the host named beijing to 2001:1:2:3::1
Switch(Config)#ipv6 host beijing 2001:1:2:3::1
2.1.1.14 ip http server
Command: ip http server
no ip http server
Function: Enable Web configuration; the “no ip http server” command disables Web
configuration
Command mode: Global mode
Usage guide: Web configuation is for supplying a interface configured with HTTP for
the user, which is straight and visual, esay to understand. This command functions equal
to selection [2] of the main menu in Setup mode to configure the Web Server.
Example: Enable Web Server function and enable Web configurations.
Switch(Config)#ip http server
2.1.1.15 login
Command: login
no login
Function: login enable password authentication ,no login command cancels the login
configuration
Command mode: Global mode
Default: no login by default
Usage guide:By using this command, users have to enter the password set by password
command to enter normal user mode with console; no login cancels this restriction
Example: Enable password
Switch(Config)#login
2.1.1.16 language
Page 40
40
Command: language {chinese|english}
Function: Set the language for displaying the help information.
Parameter: Chinese for Chinese display; English for English display.
Command mode: Admin Mode
Default: The default setting is English display.
Usage Guide: ES3628EA switch provides help information in two languages, the user
can select the language according to their preference. After the system restart, the help
information display will revert to English.
2.1.1.17 login local
Command:login local
no login
Function: Login enables local user name and password identification, no login cancels
login local configuration.
Command Mode: Global Mode
Default: System Default is no login.
Usage Guide: The command enable the user access in common mode of shell, types in
user name and password configured by username command, and then can access in
common user mode through level configured by the command. No login cancels login
local configuration.
Notice: Executing the command, it insures that priority of one user is 15, if it uses
username command configuration to login. Only this can ensure that the user accesses
from common mode to admin mode and modify system configuration after the user pass
the shell login identification. If there is no user of priority 15, the user can not access in
admin and global mode.
Example: Enable local use password identification
Switch(Config)#login local
2.1.1.18 password
Command: password <password>
no password
Function: Configure the password used for enter normal user mode on the console. The
“no password” command deletes this password
Parameter: password is the configured code. Encryption will be performed by entering 8
Command mode: Global mode
Default: This password is empty by system default
Usage guide: When both this password and login command are configured, users have
to enter the password set by password command to enter normal user mode on console
Page 41
41
Example:
Switch(Config)#password 8 test
Switch(Config)#login
2.1.1.19 ping
Command: ping [<ip-addr> | <host>|vrf|]
Function: The switch send ICMP packet to remote devices to verify the connectivity
between the switch and remote devices.
Parameter: <ip-addr> is the target host IP address for ping, in dot decimal format.
<host> is the target host name for ping.
<vrf>VPN Routing/Forwarding instance.it is useful only when VR is
configured.
Default: Send 5 ICMP packets of 56 bytes each, timeout in 2 seconds.
Command mode: Admin Mode
Usage Guide: When the user types in the ping command and press Enter, the system
will provide an interactive mode for configuration, and the user can choose all the
parameters for ping.
Example:
Example 1: Default parameter for ping.
Switch#ping 10.1.128.160
Type ^c to abort.
Sending 5 56-byte ICMP Echoes to 10.1.128.160, timeout is 2 seconds.
...!!
Success rate is 40 percent (2/5), round-trip min/avg/max = 1/0 ms
As shown in the above example, the switch pings a device with an IP address of
10.1.128.160, three ICMP request packets sent without receiving corresponding reply
packets (i.e. ping failed), the last two packets are replied successfully, the successful rate
is 40%. The switch represent ping failure with a “.”, for unreachable target; and ping
success with “!” , for reachable target.
Switch#ping
VRF name:
Target IP address: 10.1.128.160
Repeat count [5]: 100
Datagram size in byte [56]: 1000
Timeout in milli-seconds [2000]: 500
Extended commands [n]: n
Displayed information Explanation
VRF name: VPN Routing/Forwarding instance
Page 42
42
Target IP address: Target IP address
Repeat count [5] Packet number, the default is 5
Datagram size in byte [56] ICMP packet size the default is 56 bytes
Timeout in milli-seconds [2000]: Timeout (in milliseconds,) the default is 2
seconds.
Extended commands [n]: Whether to change the other options or not
2.1.1.20 ping6
Command: ping6 [<dst-ipv6-address> | host <hostname> | src < src-ipv6-address >
{<dst- ipv6-address > | host <hostname>} ]
Function: Verify the accessibility of the network
Parameter:<dst- ipv6-address > is the destination IPv6 address,< src-ipv6-address >
is the source IPv6 address,<hostname> is the host name of the remote host,containing
no more than 30 characters.
Default: None
Command Mode: User Mode
Usage Guide: Ping6 followed by IPv6 address is the default configuration. Ping6 function
can configure the parameters of the ping packets on users’ demands. When the
ipv6-address is the local link address, a vlan interface name is needed to be specified.
When specifying source IPv6 address, the sent icmp query packets will use specified
source IPv6 address as the source address of the ping packets.
Example:
(1) Default parameters of the ping6 program
Switch>ping6 2001:1:2::4
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 2001:1:2::4, timeout is 2 seconds.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/320/1600 ms
(2) Specify source IPv6 address when using ping6
switch>ping6 src 2001:1:2::3 2001:1:2::4
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 2001:1:2::4, using src address 2001:1:2::3, timeout is
2 seconds.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
(3) Modify ping6 parameter with the help of the ping6 program
switch>ping6
Target IPv6 address:fe80::2d0:59ff:feb8:3b27
Page 43
43
Output Interface: vlan1
Use source address option[n]:y
Source IPv6 address: fe80::203:fff:fe0b:16e3
Repeat count [5]:
Datagram size in byte [56]:
Timeout in milli-seconds [2000]:
Extended commands [n]:
Type ^c to abort.
Sending 5 56-byte ICMP Echos to fe80::2d0:59ff:feb8:3b27, using src address
fe80::203:fff:fe0b:16e3, timeout is 2 seconds.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =1/4/16 ms
Displayed Information Explanation
ping6 Run ping6 function
Target IPv6 address Destination IPv6 address
Output Interface Name of Vlan interface,required to be
specified when destination address is a
local link address
Use source IPv6 address [n]: Use source IPv6 address, not used by
default
Source IPv6 address Source IPv6 IP address
Repeat count[5] Number of ping packets to be sent,5 by
default
Datagram size in byte[56] Size of Ping packet,56 by default
Timeout in milli-seconds[2000] Permitted delay time, 2 seconds by default
Extended commands[n] Configuration of extended parameter, not
applied by default
! Indicate the network is accessible
. Indicate the network is inaccessible
Success rate is 100 percent (8/8),
round-trip min/avg/max = 1/1/1 ms
Statistic information,indicating that ping
packets has succeeded in arriving in 100%
without any packet lost
2.1.1.21 reload
Command: reload
Page 44
44
Function: Warm reset the switch.
Command mode: Admin Mode
Usage Guide: The user can use this command to restart the switch without power off.
2.1.1.22 service password-encryption
Command: service password-encryption
no service password-encryption
Function: Encrypt system password. The “no service password-encryption” command
cancels the encryption
Command mode: Global mode
Default: no service password-encryption by system default
Usage guide: The current unencrypted passwords as well as the coming passwords
configured by password, enable password and username command will be encrypted by
executed this command. no service password-encryption cancels this function however
encrypted passwords remain unchanged.
Example: Encrypt system passwords
Switch(Config)#service password-encryption
2.1.1.23 service terminal-length
Command: service terminal-length <0-512>
no service terminal-length
Function: Configure the columns of characters displayed in each screen on terminal
(vty). The “no service terminal-length” command cancels the screen shifting operation.
Parameter: Columns of characters displayed on each screen of vty, ranging between
0-512.
Command mode: Global mode
Usage guide: Configure the columns of characters displayed on each screen of the
terminal. The columns of characters displayed on each screen on the telent.ssh client
and the Console will be following this configuration.
Example: Set the number of vty threads to 20.
Switch(Config)#service terminal-length 20
2.1.1.24 set default
Command: set default
Function: Reset the switch to factory settings.
Command mode: Admin Mode
Usage Guide: Reset the switch to factory settings. That is to say, all configurations made
Page 45
45
by the user to the switch will disappear. When the switch is restarted, the prompt will be
the same as when the switch was powered on for the first time.
Note: After the command, “write” command must be executed to save the operation. The
switch will reset to factory settings after restart.
Example:
Switch#set default
Are you sure? [Y/N] = y
Switch#write
Switch#reload
2.1.1.25 setup
Command: setup
Function: Enter the Setup Mode of the switch.
Command mode: Admin Mode
Usage Guide: ES3628EA switch provides a Setup Mode, in which the user can configure
IP addresses, etc.
2.1.1.26 terminal length
Command: terminal length <0-512>
terminal no length
Function: Set columns of characters displayed in each screen on terminal; the “terminal
no length” cancels the screen switching operation and display content once in all.
Parameter: Columns of characters displayed in each screen, ranging between 0-512 (0
refers to non-stop display)
Command mode: Admin mode
Default: Default columns is 25
Usage guide: Set columns of characters displayed in each screen on terminal, so that
the-More-message will be shown when displayed information exceeds the screen. Press
any key to show information in next screen. 25 columns by default
Example: Configure treads in each display to 20
Switch#terminal length 20
2.1.1.27 terminal monitor
Command: terminal monitor
terminal no monitor
Function: Copy debugging messages to current display terminal; the “terminal no
monitor” command restores to the default value
Command mode: Admin mode
Page 46
46
Usage guide: Configures whether the current debugging messages is displayed on this
terminal. If this command is configured on telnet or ssh clients, debug messages will be
sent to that client. The debug message is displayed on console by default
Example: Switch#terminal monitor
2.1.1.28 traceroute
Command: traceroute {<ip-addr> | host <hostname> }[hops <hops>] [timeout
<timeout> ]
Function: This command is tests the gateway passed in the route of a packet from the
source device to the target device. This can be used to test connectivity and locate a
failed sector.
Parameter: <ip-addr> is the target host IP address in dot decimal format. <hostname>
is the hostname for the remote host. <hops> is the maximum gateway number allowed
by Traceroute command. <timeout> Is the timeout value for test packets in milliseconds,
between 100 -10000.
Default: The default maximum gateway number is 16, timeout in 2000 ms.
Command mode: Admin Mode
Usage Guide: Traceroute is usually used to locate the problem for unreachable network
nodes.
2.1.1.29 cli username
Command:cli username <username> [privilege < privilege >] [ password (0|7)
<password>]
no cli username <username>
Function: Configure shell user and priority shell by logging in user name and password.
Parameter: Username is the user name, privilege is the highest level executed by the
user, level is 1 to 15, default is 1, and password is user password, if input option 7 on
password setting, the password is encrypted; if input option 0, the password is not
processed.
Command Mode: Global Mode
Usage Guide: Currently there are two priorities 1 and 15 of registered commands in
system. The command of priority 1 often registers in common user mode and admin
mode. The command of priority 15 registers in other modes, except for common user
mode. The command configures user, priority and password. After executing login local
command, it can control that users must use configured user name and password to
access common user mode of shell. Only the user of priority 15 can access admin mode
by enable command. If the priority of identified user by login local is less than 15, the
user can not access in admin mode, other than common user mode.
Page 47
47
Notice: The user can log in use name and priority after the command configures, before
login local command is executed (Enable username and password), it insures that priority
of one user is maximum 15, so that users could log in by this username and access in
admin mode and global mode to modify system configuration, otherwise, users only
access in common mode, not admin mode to take the users effect.
Example: Configure an administrator user admin, priority is 15, configure two common
users, priority is 1, and enable local user name and password identification.
Switch(Config)#cli username admin privilege 15 password 0 admin
Switch(Config)#cli username user1 privilege 1 password 7 user1
Switch(Config)#cli username user2 password 0 user2
Switch(Config)#login local
2.1.1.30 username password
Command: username <user_name> password <show_flag> <pass_word>
no uername <user_name>
Function: Configure username and password for logging on the switch; the “no
username <user_name>“ command deletes the user.
Parameter: <user_name> is the username. It can’t exceed 16 characters; <show_flag>
can be either 0 or 7. 0 is used to display unencrypted username and password, whereas
7 is used to display encrypted username and password; <pass_word> is password. It
can’t exceed 16 characters;
Command mode: Global Mode
Default: The username and password are null by default.
Usage Guide: This command can be used to set the username for logging on the switch
and set the password as null.
Example: Set username as “admin” and set password as “admin”
Switch(Config)#username admin password 0 admin
Switch(Config)#
2.1.1.31 username nopassword
Command: username <user_name> nopassword
Function: Set the username for logging on the switch and set the password as null.
Parameter: <user_name> is the username. It can’t exceed 16 characters.
Command mode: Global Mode
Usage Guide: This command is used to set the username for logging on the switch and
set the password as null.
Example: Set username as “admin” and set password as null.
Switch(Config)#username admin nopassword
Page 48
48
2.1.1.32 write
Command: write
Function: Save the currently configured parameters to the Flash memory.
Command mode: Admin Mode
Usage Guide: After a set of configuration with desired functions, the setting should be
saved to the Flash memory, so that the system can revert to the saved configuration
automatically in the case of accidentally powered off or power failure. This is the
equivalent to the copy running-config startup-config command.
Example:Save the current configuration
Switch#write
2.2 Monitor and Debug Command
When the users configures the switch, they will need to verify whether the
configurations are correct and the switch is operating as expected, and in network failure,
the users will also need to diagnostic the problem. ES3628EA switch provides various
debug commands including ping, telnet, show and debug, etc. to help the users to check
system configuration, operating status and locate problem causes.
2.2.1 Ping
Ping command is mainly used for sending ICMP query packet from the switches to
remote devices, also for check the accessibility between the switch and the remote
device. Refer to the Ping command chapter in the Command Manual for explanations of
various parameters and options of the Ping command.
2.2.2 Ping6
Ping6 command is mainly used by the switch to send ICMPv6 query packet to the
remote equipment, verifying the accessibility between the switch and the remote
equipment. Options and explanations of the parameters of the Ping6 command please
refer to Ping6 command chapter in the command manual.
2.2.3 Telnet
2.2.3.1 Introduction To Telnet
Page 49
49
Telnet is a simple remote terminal protocol for remote login. Using Telnet, the user
can login to a remote host with its IP address of hostname from his own workstation.
Telnet can send the user’s keystrokes to the remote host and send the remote host
output to the user’s screen through TCP connection. This is a transparent service, as to
the user, the keyboard and monitor seems to be connected to the remote host directly.
Telnet employs the Client-Server mode, the local system is the Telnet client and the
remote host is the Telnet server. ES3628EA switch can be either the Telnet Server or the
Telnet client.
When ES3628EA switch is used as the Telnet server, the user can use the Telnet
client program included in Windows or the other operation systems to login to ES3628EA
switch, as described earlier in the In-band management section. As a Telnet server,
ES3628EA switch allows up to 5 telnet client TCP connections.
And as Telnet client, using telnet command under Admin Mode allows the user to
login to the other remote hosts. ES3628EA switch can only establish TCP connection to
one remote host. If a connection to another remote host is desired, the current TCP
connection must be dropped.
2.2.3.2 Telnet Configuration Task List
1. Configuring Telnet Server
2. Telnet to a remote host from the switch.
1. Configuration of Telnet Server
Command Explanation
Global Mode
ip telnet server
no ip telnet server
Enable the Telnet server function in the
switch: the “no ip telnet server”
command disables the Telnet function.
telnet-server securityip <ip-addr>
no telnet-server securityip <ip-addr>
Configure the secure IP address to
login to the switch through Telnet: the
“no telnet-server securityip
<ip-addr>“ command deletes the
authorized Telnet secure address.
Admin Mode
monitor
no monitor
Display debug information for Telnet
client login to the switch; the “no
monitor” command disables the
debug information.
2. Telnet to a remote host from the switch
Page 50
50
2.2.3.3 Commands for Telnet
2.2.3.3.1 telnet
Command: telnet {<ip-addr> | <ipv6-addr> | host <hostname>} [<port>]
Function: Log on the remote host by Telnet
Parameter:<ip-addr> is the IP address of the remote host,shown in dotted decimal
notation;<ipv6-addr> is the IPv6 address of the remote host;<hostname> is the name of
the remote host,containing max 30 characters;<port> is the port number,ranging
between 0~65535.
Command Mode: Admin Mode
Usage Guide: This command is used when the switch is applied as Telnet client, for
logging on remote host to configure. When a switch is applied as a Telnet client, it can
only establish one TCP connection with the remote host. To connect to another remote
host, the current TCP connection must be disconnected with a hotkey “CTRL+ |”. To
telnet a host name, mapping relationship between the host name and the IP/IPv6
address should be previously configured. For required commands please refer to ip host
and ipv6 host. In case a host corresponds to both an IPv4 and an IPv6 addresses, the
IPv6 should be preferred when telneting this host name.
Example:
(1) The switch Telnets to a remote host whose IP address is 20.1.1.1
Switch#telnet 20.1.1.1 23
(2) The switch Telnets to a remote host whose IPv6 address is 3ffe:506:1:2::3
Switch#telnet 3ffe:506:1:2::3
(3) Configure the mapping relationship between the host name ipv6host and the IPv6
address 3ffe:506:1:2::3, and then telnet to host ipv6host
Switch#config
Switch(Config)# ipv6 host ipv6host 3ffe:506:1:2::3
Switch#telnet host ipv6host
2.2.3.3.2 ip telnet server
Command: ip telnet server
no ip telnet server
Function: Enable the Telnet server function in the switch: the “no ip telnet server”
command disables the Telnet function in the switch.
Command Explanation
Admin Mode
telnet [<ip-addr>] [<port>]
Login to a remote host with the
Telnet client included in the switch.
Page 51
51
Default: Telnet server function is enabled by default.
Command mode: Global Mode
Usage Guide: This command is available in Console only. The administrator can use this
command to enable or disable the Telnet client to login to the switch.
Example: Disable the Telnet server function in the switch.
Switch(Config)#no ip telnet server
2.2.3.3.3 telnet-server securityip
Command: telnet-server securityip <ip-addr>
no telnet-server securityip <ip-addr>
Function: Configure the secure IP address of Telnet client allowed to login to the switch;
the “no telnet-server securityip <ip-addr>“ command deletes the authorized Telnet
secure address.
Parameter: <ip-addr> is the secure IP address allowed to access the switch, in dot
decimal format.
Default: no secure IP address is set by default.
Command mode: Global Mode
Usage Guide: When no secure IP is configured, the IP addresses of Telnet clients
connecting to the switch will not be limited; if a secure IP address is configured, only
hosts with the secure IP address is allowed to connect to the switch through Telnet for
configuration. The switch allows multiple secure IP addresses.
Example: Set 192.168.1.21 as a secure IP address.
Switch(Config)#telnet-server securityip 192.168.1.21
2.2.4 SSH
2.2.4.1 Introduction to SSH
SSH (Secure Shell) is a protocol which ensures a secure remote access connection
to network devices. It is based on the reliable TCP/IP protocol. By conducting the
mechanism such as key distribution, authentication and encryption between SSH server
and SSH client, a secure connection is established. The information transferred on this
connection is protected from being intercepted and decrypted. The switch meets the
requirements of SSH2.0. It supports SSH2.0 client software such as SSH Secure Client
and putty. Users can run the above software to manage the switch remotely.
The switch presently supports RSA authentication, 3DES cryptography protocol and
SSH user password authentication etc.
2.2.4.2 SSH Server Configuration Task List
Page 52
52
1. SSH Server Configuration
Command Explanation
Global Mode
ssh-server enable
no ssh-server enable
Enable SSH function on the switch; the
“no ssh-server enable” command
disables SSH function.
ssh-user <user-name> password {0|7}
<password>
no ssh-user <user-name>
Configure the username and password of
SSH client software for logging on the
switch; the “no ssh-user
<user-name>“ command deletes the
username.
ssh-server timeout <timeout>
no ssh-server timeout
Configure timeout value for SSH
authentication; the “no ssh-server
timeout” command restores the default
timeout value for SSH authentication.
ssh-server authentication-retires <
authentication-retires>
no ssh-server authentication-retries
Configure the number of times for
retrying SSH authentication; the “no
ssh-server authentication-retries”
command restores the default number of
times for retrying SSH authentication.
ssh-server host-key create rsa
modulus <moduls>
Generate the new RSA host key on the
SSH server.
Admin Mode
monitor
no monitor
Display SSH debug information on the
SSH client side; the “no monitor”
command stops displaying SSH debug
information on the SSH client side.
2.2.4.3 Commands for SSH
2.2.4.3.1 ssh-server authentication-retries
Command: ssh-server authentication-retries < authentication-retries >
no ssh-server authentication-retries
Function: Configure the number of times for retrying SSH authentication; the “no
ssh-server authentication-retries” command restores the default number of times for
retrying SSH authentication.
Parameter: < authentication-retries > is the number of times for retrying authentication;
valid range is 1 to 10.
Command mode: Global Mode
Page 53
53
Default: The number of times for retrying SSH authentication is 3 by default.
Example: Set the number of times for retrying SSH authentication to 5.
Switch(Config)#ssh-server authentication-retries 5
2.2.4.3.2 ssh-server enable
Command: ssh-server enable
no ssh-server enable
Function: Enable SSH function on the switch; the “no ssh-server enable” command
disables SSH function.
Command mode: Global Mode
Default: SSH function is disabled by default.
Usage Guide: In order that the SSH client can log on the switch, the users need to
configure the SSH user and enable SSH function on the switch.
Example: Enable SSH function on the switch.
Switch(Config)#ssh-server enable
2.2.4.3.3 ssh-server host-key create rsa
Command: ssh-server host-key create rsa [modulus < modulus >]
Function: Generate new RSA host key
Parameter: modulus is the modulus which is used to compute the host key; valid range
is 768 to 2048. The default value is 1024.
Command mode: Global Mode
Default: The system uses the key generated when the ssh-server is started at the first
time.
Usage Guide: This command is used to generate the new host key. When SSH client
logs on the server, the new host key is used for authentication. After the new host key is
generated and “write” command is used to save the configuration, the system uses this
key for authentication all the time. Because it takes quite a long time to compute the new
key and some clients are not compatible with the key generated by the modulus 2048, it
is recommended to use the key which is generated by the default modulus 1024.
Example: Generate new host key.
Switch(Config)#ssh-server host-key create rsa
2.2.4.3.4 ssh-server timeout
Command: ssh-server timeout <timeout>
no ssh-server timeout
Function: Configure timeout value for SSH authentication; the “no ssh-server timeout”
command restores the default timeout value for SSH authentication.
Parameter: <timeout> is timeout value; valid range is 10 to 600 seconds.
Command mode: Global Mode
Page 54
54
Default: SSH authentication timeout is 180 seconds by default.
Example: Set SSH authentication timeout to 240 seconds.
Switch(Config)#ssh-server timeout 240
2.2.4.3.5 ssh-user
Command: ssh-user <username> password {0|7} <password>
no ssh-user <username>
Function: Configure the username and password of SSH client software for logging on
the switch; the “no ssh-user <user-name>“ command deletes the username.
Parameter: <username> is SSH client username. It can’t exceed 16 characters;
<password> is SSH client password. It can’t exceed 8 characters; 0|7 stand for
unencrypted password and encrypted password.
Command mode: Global Mode
Default: There are no SSH username and password by default.
Usage Guide: This command is used to configure the authorized SSH client. Any
unauthorized SSH clients can’t log on and configure the switch. When the switch is a
SSH server, it can have maximum three users and it allows maximum three users to
connect to it at the same time.
Example: Set a SSH client which has “switch” as username and “switch” as password.
Switch(Config)#ssh-user switch password 0 switch
2.2.4.4 Typical SSH Server Configuration
Example 1:
Requirement: Enable SSH server on the switch, and run SSH2.0 client software
such as Secure shell client and putty on the terminal. Log on the switch by using the
username and password from the client.
Configure the IP address, add SSH user and enable SSH service on the switch.
SSH2.0 client can log on the switch by using the username and password to configure
the switch.
Switch(Config)#interface vlan 1
Switch(Config-Vlan-1)#ip address 100.100.100.200 255.255.255.0
Switch(Config-Vlan-1)#exit
Switch(Config)#ssh-user test password 0 test
Switch(Config)#ssh-server enable
2.2.5 Traceroute
Page 55
55
Trace route command is for testing the gateways through which the data packets
travels from the source device to the destination device, so to check the network
accessibility and locate the network failure.
Execution procedure of the Trace route command consists of: first a data packet with
TTL at 1 is sent to the destination address, if the first hop returns an ICMP error message
to inform this packet can not be sent (due to TTL timeout), a data packet with TTL at 2 will
be sent. Also the send hop may be a TTL timeout return, but the procedure will carries on
till the data packet is sent to its destination. These procedures is for recording every
source address which returned ICMP TTL timeout message, so to describe a path the IP
data packets traveled to reach the destination
2.2.6 Traceroute6
The Traceroute6 function is used on testing the gateways passed through by the
data packets from the source equipment to the destination equipment, to verify the
accessibility and locate the network failure. The principle of the Traceroute6 under IPv6 is
the same as that under IPv4, which adopts the hop limit field of the ICMPv6 and IPv6
header. First, Traceroute6 sends an IPv6 datagram (including source address,
destination address and packet sent time) whose HOPLIMIT is set to 1. When first route
on the path receives this datagram, it minus the HOPLIMIT by 1 and the HOPLIMIT is
now 0. So the router will discard this datagram and returns with a 「ICMPv6 time
exceeded」 message (including the source address of the IPv6 packet, all content in the
IPv6 packet and the IPv6 address of the router). Upon receiving this message, the
Traceroute6 sends another datagram of which the HOPLIMIT is increased to 2 so to
discover the second router. Plus 1 to the HOPLIMIT every time to discover another router,
the Traceroute6 repeat this action till certain datagram reaches the destination.
Traceroute6 Options and explanations of the parameters of the Traceroute6
command please refer to traceroute6 command chapter in the command manual.
2.2.7 Show
show command is used to display information about the system , port and protocol
operation. This part introduces the show command that displays system information,
other show commands will be discussed in other chapters.
Admin Mode
show calendar Display current system clock
show debugging Display the debugging state
Page 56
56
dir
Display the files and the sizes saved in the
flash
show history
Display the recent user input history
command
show memory Display content in specified memory area
show running-config
Display the switch parameter configuration
validating at current operation state.
show startup-config
Display the switch parameter configuration
written in the Flash Memory at current
operation state, which is normally the
configuration file applied in next time the
switch starts up
show switchport interface
[ethernet <interface-list>]
Display the VLAN port mode and the
belonging VLAN number of the switch as well
as the Trunk port information
show tcp
Display the TCP connection status
established currently on the switch
show udp
Display the UDP connection status
established currently on the switch
show telnet login
Display the information of the Telnet client
which currently establishes a Telnet
connection with the switch
show telnet user
Display the information of all the Telnet clients
which are authorized to access the switch
through Telnet.
Show tech-support
Display the operation information and the
state of each task running on the switch. It is
used by the technicians to diagnose whether
the switch operates properly.
show version Display the version of the switch
2.2.7.1 Commands for Show
2.2.7.1.1 show calendar
Command: show calendar
Function: Display the system clock.
Command mode: Admin Mode
Usage Guide: The user can use this command to check system date and time so that
Page 57
57
the system clock can be adjusted in time if inaccuracy occurs.
Example:
Switch#show calendar
Current time is TUE AUG 22 11: 00: 01 2002
2.2.7.1.2 show debugging
Command: show debugging
Function: Display the debug switch status.
Usage Guide: If the user need to check what debug switches have been enabled, show
debugging command can be executed.
Command mode: Admin Mode
Example: Check for currently enabled debug switch.
Switch#show debugging
STP:
Stp input packet debugging is on
Stp output packet debugging is on
Stp basic debugging is on
2.2.7.1.3 show history
Command: show history
Function: Display the recent user command history,.
Command mode: Admin Mode
Usage Guide: The system holds up to 10 commands the user entered, the user can use
the UP/DOWN key or their equivalent (ctrl+p and ctrl+n) to access the command history.
Example:
Switch#show history
enable
config
interface Ethernet 0/0/3
enable
dir
show ftp
2.2.7.1.4 show memory
Command: show memory
Function: Display the contents in the memory.
Command mode: Admin Mode
Usage Guide: This command is used for switch debug purposes. The command will
interactively prompt the user to enter start address of the desired information in the
memory and output word number. The displayed information consists of three parts:
Page 58
58
address, Hex view of the information and character view.
Example:
Switch#show memory
start address : 0x2100
number of words[64]:
002100: 0000 0000 0000 0000 0000 0000 0000 0000 *................*
002110: 0000 0000 0000 0000 0000 0000 0000 0000 *................*
002120: 0000 0000 0000 0000 0000 0000 0000 0000 *................*
002130: 0000 0000 0000 0000 0000 0000 0000 0000 *................*
002140: 0000 0000 0000 0000 0000 0000 0000 0000 *................*
002150: 0000 0000 0000 0000 0000 0000 0000 0000 *................*
002160: 0000 0000 0000 0000 0000 0000 0000 0000 *................*
002170: 0000 0000 0000 0000 0000 0000 0000 0000 *................*
2.2.7.1.5 show running-config
Command: show running-config
Function: Display the current active configuration parameters for the switch.
Default: If the active configuration parameters are the same as the default operating
parameters, nothing will be displayed.
Command mode: Admin Mode
Usage Guide: When the user finishes a set of configuration and needs to verify the
configuration, show running-config command can be used to display the current active
parameters.
Example:
Switch#show running-config
2.2.7.1.6 show ssh-server
Command: show ssh-server
Function: Display SSH state and users which log on currently.
Command mode: Admin Mode
Example:
Switch#show ssh-server
ssh-server is enabled
connection version state user name
1 2.0 session started test
2.2.7.1.7 show ssh-user
Command: show ssh-user
Function: Display the configured SSH usernames.
Parameter: Admin Mode
Page 59
59
Example:
Switch#show ssh-user
test
2.2.7.1.8 show startup-config
Command: show startup-config
Function: Display the switch parameter configurations written into the Flash memory at
the current operation; those are usually also the configuration files used for the next
power-up.
Default: If the configuration parameters read from the Flash are the same as the default
operating parameter, nothing will be displayed.
Command mode: Admin Mode
Usage Guide: The show running-config command differs from show startup-config in
that when the user finishes a set of configurations, show running-config displays the
added-on configurations whilst show startup-config won’t display any configurations.
However, if write command is executed to save the active configuration to the Flash
memory, the displays of show running-config and show startup-config will be the
same.
2.2.7.1.9 show interface switchport
Command: show interface switchport [ethernet <interface-list>]
Function: Show the VLAN port mode, VLAN number and Trunk port messages of the
VLAN port mode on the switch.
Parameter: <interface-list> is the port number or port list, which could be any port
information existing in the switch
Command mode: Admin mode
Example: Show VLAN messages of port Ethernet 0/0/1.
Switch#show interface switchport Ethernet 0/0/1
Ethernet0/0/1
Type :Universal
Mac addr num :-1
Mode :Access
Port VID :1
Trunk allowed Vlan :ALL
Displayed Information Description
Ethernet0/0/1 Corresponding interface number of the Ethernet
Type Current interface type
Page 60
60
Mac addr num Number of interfaces with MAC address learning
ability
Mode :Access Current interface VLAN mode
Port VID :1 Current VLAN number the interface belongs
Trunk allowed Vlan :ALL VLAN permitted by Trunk.
2.2.7.1.10 show users
Command: show users
Function: Display all user information that can login the switch .
Command mode: Admin Mode
Usage Guide: This command can be used to check for all user information that can login
the switch.
Example:
Switch#show users
User level havePasword
admin 0 1
Online user info: user ip login time(second) usertype
2.2.7.1.11 show tcp
Command: show tcp
Function: Display the current TCP connection status established to the switch.
Command mode: Admin Mode
Example:
Switch#show tcp
LocalAddress LocalPort ForeignAddress ForeignPort State
0.0.0.0 23 0.0.0.0 0 LISTEN
0.0.0.0 80 0.0.0.0 0 LISTEN
Displayed information Description
LocalAddress Local address of the TCP connection.
LocalPort Local pot number of the TCP connection.
ForeignAddress Remote address of the TCP connection.
ForeignPort Remote port number of the TCP connection.
State Current status of the TCP connection.
2.2.7.1.12 show udp
Command: show udp
Function: Display the current UDP connection status established to the switch.
Command mode: Admin Mode
Example:
Switch#show udp
Page 61
61
LocalAddress LocalPort ForeignAddress ForeignPort State
0.0.0.0 161 0.0.0.0 0 CLOSED
0.0.0.0 123 0.0.0.0 0 CLOSED
0.0.0.0 1985 0.0.0.0 0 CLOSED
Displayed information Description
LocalAddress Local address of the udp connection.
LocalPort Local pot number of the udp connection.
ForeignAddress Remote address of the udp connection.
ForeignPort Remote port number of the udp connection.
State Current status of the udp connection.
2.2.7.1.13 show version
Command: show version<unit>
Parameter: where the range of unit is 1
Function: Display the switch version.
Default: The default value for <unit> is 1
Command mode: Admin Mode
Usage Guide: Use this command to view the version information for the switch, including
hardware version and software version.
Example:
Switch#show ver 1
ES3628EA Device, Aug 21 2007 18:18:44
HardWare version is 0.0.0, SoftWare version is ES3628EA_Vco.5.3.0.33, BootRom
version is ES3628EA_1.3.2
Copyright (C) 2001-2007 by Accton Technology Corp.
All rights reserved.
Uptime is 0 weeks, 0 days, 0 hours, 43 minutes
2.2.8 Debug
All the protocols ES3628EA switch supports have their corresponding debug
commands. The users can use the information from debug commands for
troubleshooting. Debug commands for their corresponding protocols will be introduced in
the later chapters.
2.2.9 System log
2.2.9.1 System Log Introduction
Page 62
62
The system log takes all information output under it control, while making detailed
catalogue, so to select the information effectively. Combining with Debug programs, it will
provide a powerful support to the network administrator and developer in monitoring the
network operation state and locating the network failures.
The switch system log has following characteristics
z Log output from four directions (or log channels) of the Console, Telnet terminal
and monitor, log buffer zone, and log host.
z The log information is classified to four level of severities by which the
information will be filtered
z According to the severity level the log information can be auto outputted to
corresponding log channel.
2.2.9.1.1 Log Output Channel
So far the system log can be outputted the log information through four channels
z Through Console port to the local console
z Output the log information to remote Telnet terminal or monitor, this function is
good for remote maintenance.
z Assign a proper log buffer zone inside the switch, for record the log information
permanently or temporarily
z Configure the log host, the log system will directly send the log information to
the log host, and save it in files to be viewed at any time
Among above log channels, users rarely use the console monitor, but will commonly
choose the Telnet terminal to monitor the system operation status. However information
outputted from these channels are of low traffic capacity and can not be recorded for later
view. The other two channels---the log buffer zone and log host channel are two
important channels
SDRAM (Synchronous Dynamic Random Access Memory) and NVRAM (Non
Vulnerable Random Access Memory) is provided inside the switch as two part of the log
buffer zone, The two buffer zone record the log information in a circuit working pattern,
namely when log information need to be recorded exceeds the buffer size, the oldest log
information will be erased and replaced by the new log information, information saved in
NVRAM will stay permanently while those in SDRAM will lost when the system restarts or
encounter an power failure. Information in the log buffer zone is critical for monitoring the
system operation and detecting abnormal states.
Note: the NVRAM log buffer may not exist on some switches, which only
have the SDRAM log buffer zone
It is recommended to use the system log server. By configuring the log host
on the switch, the log can be sent to the log server for future examination
Page 63
63
2.2.9.1.2 Format And Severity Of The Log Information
The log information format is compatible with the BSD syslog protocol, so we can
record and analyze the log by the syslog (system log protect session) on the
UNIX/LINUX, as well as syslog similar applications on PC.
The log information is classified into eight classes by severity or emergency
procedure. One level per value and the higher the emergency level the log information
has, the smaller its value will be. For example, the level of critical is 2, and warning is 4,
debugging is leveled at 7, so the critical is higher than warnings which no doubt is high
than debugging. The rule applied in filtering the log information by severity level is that:
only the log information with level equal to or higher than the threshold will be outputted.
So when the severity threshold is set to debugging, all information will be outputted and if
set to critical, only critical, alerts and emergencies will be outputted.
Follow table summarized the log information severity level and brief description.
Note: these severity levels are in accordance with the standard UNIX/LINUX syslog
Table 1-1 Severity of the log
ٛ information
Severity Value Description
emergencies 0
System is unusable
alerts 1
Action must be taken immediately
critical 2
Critical conditions
errors 3
Error conditions
warnings 4
Warning conditions
notifications 5
Normal but significant condition
informational 6
Informational messages
debugging 7
Debug-level messages
Right now the switch can generate information of following four levels
z Restart the switch, mission abnormal, hot plug on the CHASSIS switch chips are
classified critical
z Up/down switch, topology change, aggregate port state change of the interface
are classified warnings
z Outputted information from the CLI command is classified informational
z Information from the debugging of CLI command is classified debugging
Log information can be automatically sent to corresponding channels with regard to
respective severity levels. Amongst the debugging information can only be sent to the
monitor. Those with the Informational level can only be sent to current monitor terminal,
such as the information from the Telnet terminal configuration command can only be
Page 64
64
transmitted to the Telnet terminal. Warnings information can be sent to all terminal with
also saved in the SDRAM log buffer zone. And the critical information can be save both in
SDRAM and the NVRAM (if exists) besides sent to all terminals. To check the log save in
SDRAM and the NVRAM, we can use the show logging buffered command. To clear the
log save in NVRAM and SDRAM log buffer zone, we can use the clear logging command
2.2.9.2 System Log Configuration
2.2.9.2.1 System Log Configuration Task Sequence
1. Display and clear log buffer zone
2. Configure the log host output channel
1. Display and clear log buffer zone
Command Description
Admin Mode
show logging buffered|level{critical |
warnings} |range <begin-index> <end-index>]
Show detailed log information in
the log buffer channel
clear logging { sdram | nvram } Clear log buffer zone information
2. Configure the log host output channel
Command Description
Global Mode
logging {<ipv4-addr> | <ipv6-addr>} [ facility
<local-number> ] [level <severity>]
no logging {<ipv4-addr> |
<ipv6-addr>}[ facility <local-number>]
Enable the output channel of the
log host. The “no” form of this
command will disable the output
at the output channel of the log
host.
2.2.9.2.2 System Log Configuration Command
2.2.9.2.2.1 show logging buffered
Command: show logging buffered [level { critical | warnings} | range <begin-index>
<end-index>]
Function: This command displays the detailed information in the log buffer channel. This
command is not supported on low end switches
Parameter: <begin-index> is the index start value of the log message, the valid range is
1-65535,<end-index> is the index end value of the log message, the valid range is
1-65535.
Command Mode:Admin Mode
Default:No parameter specified indicates all the critical log information will be displayed.
Usage Guide:Warning and critical log information is saved in the buffer zone. When
Page 65
65
displayed to the terminal, their display format should be: index ID time <level> module
ID [mission name] log information.
2.2.9.2.2.2 clear logging
Command: clear logging { sdram | nvram }
Function: This command is used to clear all the information in the log buffer zone.
Command Mode:Admin Mode
Usage Guide: When the old information in the log buffer zone is no longer concerned,
we can use this command to clear all the information
example:Clear all information in the log buffer zone sdram
Switch# clear logging sdram
2.2.9.2.2.3 logging host
Command: logging {<ipv4-addr> | <ipv6-addr>} [ facility <local-number> ] [level
<severity>]
no logging {<ipv4-addr> | <ipv6-addr>}[ facility <local-number> ]
Function: The command is used to configure the output channel of the log host. The
“no” form of this command will disable the output at the log host output channel
Parameter: <ipv4-addr> is the IPv4 address of the host,<ipv6-addr> is the IPv6
address of the host;<local-number> is the recording equipment of the host with a valid
range of local0 ~ local7,which is in accordance with the facility defined in the
RFC3164;<severity> is the severity threshold of the log information severity level,The
rule of the log information output is explained as follows:only those with a level equal to
or higher than the threshold will be outputted. For detailed description on the severity
please refer to the operation manual.
Command Mode:Global Mode
Default: No log information output to the log host by default. The default recorder of the
log host is the local0, the default severity level is warnings
Usage Guide:Only when the log host is configured by the logging command, this
command will be available. We can configure many IPv4 and IPv6 log hosts.
Example 1:Send the log information with a severity level equal to or higher than
warning to the log server with an IPv4 address of 100.100.100.5, and save to the log
recording equipment local1
Switch(Config)# logging 100.100.100.5 facility local1 level warnings
Example 2:Send the log information with a severity level equal to or higher than
informational to the log server with an IPv6 address of 3ffe:506:1:2::3, and save to the log
recording equipment local1
Switch(Config)# logging 3ffe:506:1:2::3 facility local5 level informational
Page 66
66
2.2.9.3 System Log Configuration Example
Example 1:When managing VLAN the IPv4 address of the switch is 100.100.100.1, and
the IPv4 address of the remote log server is 100.100.100.5. It is required to send the
log information with a severity equal to or higher than warnings to this log server and
save in the log record equipment local1
Configuration procedure:
Switch(Config)#interface Ethernet 0/0/1
Switch(Config-Ethernet0/0/1)#ip address 100.100.100.1 255.255.255.0
Switch(Config-Ethernet0/0/1)#exit
Switch(Config)#logging 100.100.100.5 facility local1 level warnings
Example 2:When managing VLAN the IPv6 address of the switch is 3ffe:506::1, and the
IPv4 address of the remote log server is 3ffe:506::4. It is required to send the log
information with a severity equal to or higher than critical to this log server and save the
log in the record equipment local7.
Configuration procedure
Switch(Config)#interface Ethernet 0/0/1
Switch(Config-Ethernet0/0/1)#ipv6 address 3ffe:506::1/64
Switch(Config-Ethernet0/0/1)#exit
Switch(Config)#logging 3ffe:506::4 facility local7 level warnings
2.3 Configurate Switch IP Addresses
All Ethernet ports of ES3628EA switch is default to Data Link layer ports and perform
layer 2 forwarding. VLAN interface represent a Layer 3 interface function which can be
assigned an IP address, which is also the IP address of the switch. All VLAN interface
related configuration commands can be configured under VLAN Mode. ES3628EA switch
provides three IP address configuration methods:
& Manual
& BootP
& DHCP
Manual configuration of IP address is assign an IP address manually for the switch.
In BootP/DHCP mode, the switch operates as a BootP/DHCP client, send broadcast
packets of BootPRequest to the BootP/DHCP servers, and the BootP/DHCP servers
assign the address on receiving the request. In addition, ES3628EA switch can act as a
DHCP server, and dynamically assign network parameters such as IP addresses,
gateway addresses and DNS server addresses to DHCP clients DHCP Server
configuration is detailed in later chapters.
Page 67
67
2.3.1 Switch IP Addresses Configuration Task List
1. Manual configuration
2. BootP configuration
3. DHCP configuration
1. Manual configuration
Command Explanation
ip address <ip_address> <mask>
[secondary]
no ip address <ip_address> <mask>
[secondary]
Configure the VLAN interface IP address;
the “no ip address <ip_address> <mask>
[secondary]” command deletes VLAN
interface IP address.
2. BootP configuration
Command Explanation
ip address bootp-client
no ip address bootp-client
Enable the switch to be a BootP client and
obtain IP address and gateway address
through BootP negotiation; the “no ip
address bootp-client” command
disables the BootP client function.
3.DHCP
Command Explanation
ip address dhcp-client
no ip address dhcp-client
Enable the switch to be a DHCP client and
obtain IP address and gateway address
through DHCP negotiation; the “no ip
address dhcp-client ” command disables
the DHCP client function.
2.3.2 Commands For Configuring Switch IP
2.3.2.1 ip address
Command: ip address <ip-address> <mask> [secondary]
no ip address [<ip-address> <mask>] [secondary]
Function: Set the IP address and mask for the specified VLAN interface; the “no ip
address <ip address> <mask> [secondary]” command deletes the specified IP
address setting.
Parameter: <ip-address> is the IP address in dot decimal format; <mask> is the subnet
mask in dot decimal format; [secondary] indicates the IP configured is a secondary IP
Page 68
68
address.
Default: No IP address is configured upon switch shipment.
Command mode: Interface Mode
Usage Guide: A VLAN interface must be created first before the user can assign an IP
address to the switch.
Example: Set 10.1.128.1/24 as the IP address of VLAN1 interface.
Switch(Config)#interface vlan 1
Switch(Config-If-Vlan1)#ip address 10.1.128.1 255.255.255.0
Switch(Config-If-Vlan1)#exit
2.3.2.2 ip address bootp-client
Command: ip address bootp-client
no address ip bootp-client
Function: Enable the switch to be a BootP client and obtain IP address and gateway
address through BootP negotiation; the “no ip address bootp-client” command disables
the BootP client function and releases the IP address obtained in BootP .
Default: BootP client function is disabled by default.
Command mode: Interface Mode
Usage Guide: Obtaining IP address through BootP, Manual configuration and DHCP are
mutually exclusive, enabling any 2 methods for obtaining IP address is not allowed. Note:
To obtain IP address via DHCP, a DHCP server or a BootP server is required in the
network.
Example: Get IP address through BootP.
Switch(Config)#interface vlan 1
Switch(Config-If-Vlan1)#ip address bootp-client
Switch (Config-If-Vlan1)#exit
2.3.2.3 ip address dhcp-client
Command: ip address dhcp-client
no address ip dhcp-client
Function: Enables the switch to be a DHCP client and obtain IP address and gateway
address through DHCP negotiation; the “no ip dhcp -client” command disables the
DHCP client function and releases the IP address obtained in DHCP. Note: To obtain IP
address via DHCP, a DHCP server is required in the network.
Default: the DHCP client function is disabled by default.
Command mode: Interface Mode
Usage Guide: Obtaining IP address by DHCP, Manual configuration and BootP are
Page 69
69
mutually exclusive, enabling any 2 methods for obtaining an IP address is not allowed.
Example: Getting an IP address through DHCP.
Switch (Config)#interface vlan 1
Switch (Config-If-Vlan1)#ip address dhcp-client
Switch (Config-If-Vlan1)#exit
2.4 SNMP Configuration
2.4.1 Introduction To SNMP
SNMP (Simple Network Management Protocol) is a standard network management
protocol widely used in computer network management. SNMP is an evolving protocol.
SNMP v1 [RFC1157] is the first version of SNMP which is adapted by vast numbers of
manufacturers for its simplicity and easy implementation; SNMP v2c is an enhanced
version of SNMP v1, which supports layered network management; SNMP v3
strengthens the security by adding USM (User-based Security Mode) and VACM
(View-based Access Control Model).
SNMP protocol provides a simple way of exchange network management
information between two points in the network. SNMP employs a polling mechanism of
message query, and transmits messages through UDP (a connectionless transport layer
protocol). Therefore it is well supported by the existing computer networks.
SNMP protocol employs a station-agent mode. There are two parts in this structure:
NMS (Network Management Station) and Agent. NMS is the workstation on which SNMP
client program is running. It is the core on the SNMP network management. Agent is the
server software runs on the devices which need to be managed. NMS manages all the
managed objects through Agents. The switch supports Agent function.
The communication between NMS and Agent functions in Client/Server mode by
exchanging standard messages. NMS sends request and the Agent responds. There are
seven types of SNMP message:
z Get-Request
z Get-Response
z Get-Next-Request
z Get-Bulk-Request
z Set-Request
z Trap
z Inform-Request
NMS sends queries to the Agent with Get-Request, Get-Next-Request,
Page 70
70
Get-Bulk-Request and Set-Request messages; and the Agent, upon receiving the
requests, replies with Get-Response message. On some special situations, like network
device ports are on Up/Down status or the network topology changes, Agents can send
Trap messages to NMS to inform the abnormal events. Besides, NMS can also be set to
alert to some abnormal events by enabling RMON function. When alert events are
triggered, Agents will send Trap messages or log the event according to the settings.
Inform-Request is mainly used for inter-NMS communication in the layered network
management.
USM ensures the transfer security by well-designed encryption and authentication.
USM encrypts the messages according to the user typed password. This mechanism
ensures that the messages can’t be viewed on transmission. And USM authentication
ensures that the messages can’t be changed on transmission. USM employs DES-CBC
cryptography. And HMAC-MD5 and HMAC-SHA are used for authentication.
VACM is used to classify the users’ access permission. It puts the users with the
same access permission in the same group. Users can’t conduct the operation which is
not authorized.
Introduction to MIB
The network management information accessed by NMS is well defined and
organized in a Management Information Base (MIB). MIB is pre-defined information
which can be accessed by network management protocols. It is in layered and structured
form. The pre-defined management information can be obtained from monitored network
devices. ISO ASN.1 defines a tree structure for MID. Each MIB organizes all the available
information with this tree structure. And each node on this tree contains an OID (Object
Identifier) and a brief description about the node. OID is a set of integers divided by
periods. It identifies the node and can be used to locate the node in a MID tree structure,
shown in the figure below:
Fig 2-1 ASN.1 Tree Instance
Page 71
71
In this figure, the OID of the object A is 1.2.1.1. NMS can locate this object through
this unique OID and gets the standard variables of the object. MIB defines a set of
standard variables for monitored network devices by following this structure.
If the variable information of Agent MIB needs to be browsed, the MIB browse
software needs to be run on the NMS. MIB in the Agent usually consists of public MIB
and private MIB. The public MIB contains public network management information that
can be accessed by all NMS; private MIB contains specific information which can be
viewed and controlled by the support of the manufacturers
MIB-I [RFC1156] is the first implemented public MIB of SNMP, and is replaced by
MIB-II [RFC1213]. MIB-II expands MIB-I and keeps the OID of MIB tree in MIB-I. MIB-II
contains sub-trees which are called groups. Objects in those groups cover all the
functional domains in network management. NMS obtains the network management
information by visiting the MIB of SNMP Agent.
The switch can operate as a SNMP Agent, and supports both SNMP v1/v2c and
SNMP v3. The switch supports basic MIB-II, RMON public MIB and other public MID
such as BRIDGE MIB. Besides, the switch supports self-defined private MIB.
Introduction to RMON
RMON is the most important expansion of the standard SNMP. RMON is a set of
MIB definitions, used to define standard network monitor functions and interfaces,
enabling the communication between SNMP management terminals and remote monitors.
RMON provides a highly efficient method to monitor actions inside the subnets.
MID of RMON consists of 10 groups. The switch supports the most frequently used
group 1, 2, 3 and 9:
Statistics: Maintain basic usage and error statistics for each subnet monitored by
the Agent.
History: Record periodical statistic samples available from Statistics.
Alarm: Allow management console users to set any count or integer for sample
intervals and alert thresholds for RMON Agent records.
Event: A list of all events generated by RMON Agent.
Alarm depends on the implementation of Event. Statistics and History display some
current or history subnet statistics. Alarm and Event provide a method to monitor any
integer data change in the network, and provide some alerts upon abnormal events
(sending Trap or record in logs).
2.4.2 SNMP Configuration Task List
1. Enable or disable SNMP Agent server function
2. Configure SNMP community string
Page 72
72
3. Configure IP address of SNMP management base
4. Configure engine ID
5. Configure user
6. Configure group
7. Configure view
8. Configuring TRAP
9. Enable/Disable RMON
1. Enable or disable SNMP Agent server function
Command Explanation
snmp-server
no snmp-server
Enable the SNMP Agent function on the
switch; the “no snmp-server” command
disables the SNMP Agent function on the
switch.
2. Configure SNMP community string
Command Explanation
snmp-server community <string>
{ro|rw}
no snmp-server community <string>
Configure the community string for the
switch; the “no snmp-server community
<string>“ command deletes the configured
community string.
3. Configure IP address of SNMP management base
Command Explanation
snmp-server securityip
{<ipv4-address>| <ipv6-address>}
no snmp-server securityip
{<ipv4-address>| <ipv6-address>}
Configure the secure IPv4/IPv6 address
which is allowed to access the switch on
the NMS; the “no snmp-server securityip
{<ipv4-address>| <ipv6-address>}
“ command deletes configured secure
address.
snmp-server SecurityIP enable
snmp-server SecurityIP disable
Enable or disable secure IP address check
function on the NMS.
4. Configure engine ID
Command Explanation
snmp-server engineid < engine-string >
no snmp-server engineid <
engine-string >
Configure the local engine ID on the
switch. This command is used for SNMP
v3.
5. Configure user
Command Explanation
snmp-server user <user-string>
<group-string> [[encrypted] {auth
Add a user to a SNMP group. This
command is used to configure USM for
Page 73
73
{md5|sha} <password-string>}]
no snmp-server user <user-string>
<group-string>
SNMP v3.
6. Configure group
Command Explanation
snmp-server group <group-string>
{NoauthNopriv|AuthNopriv|AuthPriv}
[[read <read-string>] [write
<write-string>] [notify <notify-string>]]
no snmp-server group <group-string>
{NoauthNopriv|AuthNopriv|AuthPriv}
Set the group information on the switch.
This command is used to configure VACM
for SNMP v3.
7. Configure view
Command Explanation
snmp-server view <view-string>
<oid-string> {include|exclude}
no snmp-server view <view-string>
Configure view on the switch. This
command is used for SNMP v3.
8. Configuring TRAP
Command Explanation
snmp-server enable traps
no snmp-server enable traps
Enable the switch to send Trap message.
This command is used for SNMP v1/v2/v3.
Command: snmp-server host
{<ipv4-addr>|<ipv6-addr>}
{v1|v2c|{v3
{NoauthNopriv|AuthNopriv|AuthPriv}}}
<user-string>
no snmp-server host
{<ipv4-addr>|<ipv6-addr>} {v1|v2c|{v3
{NoauthNopriv|AuthNopriv |AuthPriv}}}
<user-string>
Set the host IPv4/IPv6 address which is
used to receive SNMP Trap information.
For SNMP v1/v2, this command also
configures Trap community string; for
SNMP v3, this command also configures
Trap user name and security level.
9. Enable/Disable RMON
Command Explanation
rmon enable
no rmon enable
Enable/disable RMON.
2.4.3 Commands For SNMP
2.4.3.1 rmon
Page 74
74
Command: rmon enable
no rmon enable
Function: Enable RMON; the “no rmon enable” command disables RMON.
Command mode: Global Mode
Default: RMON is disabled by default.
Example 1: Enable RMON
Switch(config)#rmon enable
Example 2: Disable RMON
Switch(config)#no rmon enable
2.4.3.2 show snmp
Command: show snmp
Function: Display all SNMP counter information.
Command mode: Admin Mode
Example:
Switch#show snmp
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Max packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Get-response PDUs
0 SNMP trap PDUs
Displayed information Explanation
snmp packets input Total number of SNMP packet inputs.
bad snmp version errors Number of version information error
packets.
unknown community name Number of community name error
Page 75
75
packets.
illegal operation for community name
supplied
Number of permission for community
name error packets.
encoding errors Number of encoding error packets.
number of requested variables Number of variables requested by NMS.
number of altered variables Number of variables set by NMS.
get-request PDUs Number of packets received by “get”
requests.
get-next PDUs Number of packets received by “getnext”
requests.
set-request PDUs Number of packets received by “set”
requests.
snmp packets output Total number of SNMP packet outputs.
too big errors Number of “Too_ big” error SNMP
packets.
maximum packet size Maximum length of SNMP packets.
no such name errors Number of packets requesting for
non-existent MIB objects.
bad values errors Number of “Bad_values” error SNMP
packets.
general errors Number of “General_errors” error SNMP
packets.
response PDUs Number of response packets sent.
trap PDUs Number of Trap packets sent.
2.4.3.3 show snmp status
Command: show snmp status
Function: Display SNMP configuration information.
Command mode: Admin Mode
Example:
Switch#show snmp status
Trap enable
RMON enable
Community Information:
V1/V2c Trap Host Information:
V3 Trap Host Information:
Security IP Information:
Page 76
76
Displayed information Description
Community string Community string
Community access Community access permission
Trap-rec-address IP address which is used to receive Trap.
Trap enable Enable or disable to send Trap.
SecurityIP IP address of the NMS which is allowed
to access Agent
2.4.3.4 snmp-server community
Command: snmp-server community <string> {ro|rw}
no snmp-server community <string>
Function: Configure the community string for the switch; the “no snmp-server
community <string>“ command deletes the configured community string.
Parameter: <string> is the community string set; ro|rw is the specified access mode to
MIB, ro for read-only and rw for read-write.
Command mode: Global Mode
Usage Guide: The switch supports up to 4 community strings.
Example 1: Add a community string named “private” with read-write permission.
Switch(config)#snmp-server community private rw
Example 2: Add a community string named “public” with read-only permission.
Switch(config)#snmp-server community public ro
Example 3: Modify the read-write community string named “private” to read-only.
Switch(config)#snmp-server community private ro
Example 4: Delete community string “private”.
Switch(config)#no snmp-server community private
2.4.3.5 snmp-server
Command: snmp-server
no snmp-server
Function: Enable the SNMP proxy server function on the switch. The “no snmp-server”
command disables the SNMP proxy server function
Command mode: Global mode
Default: SNMP proxy server function is disabled by system default.
Usage guide: To perform configuration management on the switch with network manage
software, the SNMP proxy server function has to be enabled with this command.
Example: Enable the SNMP proxy server function on the switch.
Page 77
77
Switch(Config)#snmp-server
2.4.3.6 snmp-server enable traps
Command: snmp-server enable traps
no snmp-server enable traps
Function: Enable the switch to send Trap message; the “no snmp-server enable traps”
command disables the switch to send Trap message.
Command mode: Global Mode
Default: Trap message is disabled by default.
Usage Guide: When Trap message is enabled, if Down/Up in device ports or of system
occurs, the device will send Trap messages to NMS that receives Trap messages.
Example 1: Enable to send Trap messages.
Switch(config)#snmp-server enable traps
Example 2: Disable to send Trap messages.
Switch(config)#no snmp-server enable trap
2.4.3.7 snmp-server host
Command: snmp-server host {<ipv4-addr>|<ipv6-addr>} {v1|v2c|{v3
{NoauthNopriv|AuthNopriv|AuthPriv}}} <user-string>
no snmp-server host {<ipv4-addr>|<ipv6-addr>} {v1|v2c|{v3
{NoauthNopriv|AuthNopriv |AuthPriv}}} <user-string>
Function: As for the v1/v2c versions this command configures the IP address and trap
community character string of the network manage station receiving the SNMP Trap
message. And for v3 version, this command is used for receiving the network manage
station IP address and the Trap user name and safety level; the “no” form of this
command cancels this IP address.
Command Mode: Global Mode
Parameter: <ipv4-addr>|<ipv6-addr> is the IP address of the NMS managing station
which receives Trap message.
v1|v2c|v3 is the version number when sending the trap
NoauthNopriv|AuthNopriv|AuthPriv is the safety level v3 trap is applied, which may be
non encrypted and non authentication, non encrypted and authentication, encrypted and
authentication.
<user-string> is the community character string applied when sending the Trap
message at v1/v2, and will be the user name at v3
Usage Guide:The Community character string configured in this command is the default
community string of the RMON event group. If the RMON event group has no community
character string configured, the community character string configured in this command
Page 78
78
will be applied when sending the Trap of RMON, and if the community character string is
configured, its configuration will be applied when sending the RMON trap.
Example:
Configure an IP address to receive Trap
Switch(config)#snmp-server host 1.1.1.5 v1 usertrap
Delete a Trap receiving IP address
Switch(config)#no snmp-server host 1.1.1.5 v1 usertrap
Configure a Trap receiving IPv6 address
Switch(config)#snmp-server host 2001:1:2:3::1 v1 usertrap
Delete a Trap receiving IPv6 address
Switch(config)#no snmp-server host 2001:1:2:3::1 v1 usertrap
2.4.3.8 debug snmp mib
Command: debug snmp mib
no debug snmp mib
Function:Enable the SNMP mib debugging; the " no debug snmp mib” command
disables the debugging
Command Mode: Admin Mode
Usage Guide: When user encounters problems in applying SNMP, the SNMP debugging
is available to locate the problem causes.
Example:
Switch#debug snmp mib
2.4.3.9 debug snmp keneral
Command: debug snmp keneral
no debug snmp keneral
Function:Enable the SNMP keneral debugging; the “no debug snmp keneral”
command disables the debugging function
Command Mode: Admin Mode
Usage Guide:When user encounters problems in applying SNMP, the SNMP debugging
is available to locate the problem causes.
Example:
Switch#debug snmp keneral
2.4.3.10 show snmp engineid
Command: show snmp engineid
Function:Display the engine ID commands
Command Mode: Admin Mode
Page 79
79
Example:
Switch#show snmp engineid
SNMP engineID:3138633303f1276c Engine Boots is:1
Displayed Information Explanation
SNMP engineID Engine number
Engine Boots Engine boot counts
2.4.3.11 show snmp group
Command: show snmp group
Function: Display the group information commands
Command Mode: Admin Mode
Example:
Switch#show snmp group
Group Name:initial Security Level:noAuthnoPriv
Read View:one
Write View:<no writeview specified>
Notify View:one
Displayed Information Explanation
Group Name Group name
Security level Security level
Read View Read view name
Write View Write view name
Notify View Notify view name
<no writeview specified> No view name specified by the user
2.4.3.12 show snmp mib
Command: show snmp mib
Function: Display all MIB supported by the switch
Command Mode: Admin Mode
2.4.3.13 show snmp user
Command: show snmp user
Function:Display the user information commands
Command Mode: Admin Mode
Example:
Switch#show snmp user
User name: initialsha
Page 80
80
Engine ID: 1234567890
Auth Protocol:MD5 Priv Protocol:DES-CBC
Row status:active
Displayed Information Explanation
User name User name
Engine ID Engine ID
Priv Protocol Employed encryption algorithm
Auth Protocol Employed identification algorithm
Row status User state
2.4.3.14 show snmp view
Command: show snmp view
Function:Display the view information commands.
Command Mode: Admin Mode
Example:
Switch#show snmp view
View Name:readview 1. -Included active
1.3. - Excluded active
Displayed Information Explanation
View Name View name
1.and1.3. OID number
Included The view includes sub trees rooted by
this OID
Excluded The view does not include sub trees
rooted by this OID
active State
2.4.3.15 snmp-server engineid
Command: snmp-server engineid < engine-string >
no snmp-server engineid < engine-string >
Function: Configure the engine ID; the “no" form of this command restores to the default
engine ID
Command Mode:Global mode
Parameter:<engine-string> is the engine ID shown in 1-32 digit hex characters
Default:Default value is the company ID plus local MAC address
Usage Guide:
Page 81
81
Example: Set current engine ID to A66688999F
Switch(config)#snmp-server engineid A66688999F
Restore the default engine ID
Switch(config)#no snmp-server engineid A66688999F
2.4.3.16 snmp-server group
Command: snmp-server group <group-string>
{NoauthNopriv|AuthNopriv|AuthPriv} [[read <read-string>] [write
<write-string>] [notify <notify-string>]]
no snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv}
Function:This command is used to configure a new group; the “no” form of this
command deletes this group.
Command Mode: Global Mode
Parameter:<group-string > group name which includes 1-32 characters
NoauthNopriv Applies the non recognizing and non encrypting safety level
AuthNopriv Applies the recognizing but non encrypting safety level
AuthPriv Applies the recognizing and encrypting safety level
Name of readable view which includes 1-32 characters
Name of writable view which includes 1-32 characters
Name of trappable view which includes 1-32 characters
Usage Guide:There is a default view “v1defaultviewname” in the system. It is
recommended to use this view as the view name of the notification. If the read or write
view name is empty, corresponding operation will be disabled.
Example:Create a group Company Group, with the safety level of recognizing
andencrypting, the read viewname is readview, and the writing is disabled.
Switch (Config)#snmp-server group Company Group AuthPriv read readview
deletet group
Switch (Config)#no snmp-server group Company Group AuthPriv
2.4.3.17 snmp-server SecurityIP enable
Command: snmp-server SecurityIP enable
snmp-server SecurityIP disable
Function: Enable/disable the safety IP address authentication on NMS manage station
Command Mode:Global Mode
Default: Enable the safety IP address authentication function
Example:
Disable the safety IP address authentication function
Switch(config)#snmp-server securityip disable
Page 82
82
2.4.3.18 snmp-server view
Command: snmp-server view <view-string> <oid-string> {include|exclude}
no snmp-server view <view-string>
Function: This command is used to create or renew the view information; the “no" form
of this command deletes the view information
Command Mode:Global Mode
Parameter: <view-string> view name, containing 1-32 characters;
<oid-string>is OID number or corresponding node name, containing 1-255 characters.
include|exclude , include/exclude this OID
Usage Guide: The command supports not only the input using the character string of the
variable OID as parameter. But also supports the input using the node name of the
parameter
Example:
Create a view, the name is readview, including iso node but not including the iso.3 node
Switch (Config)#snmp-server view readview iso include
Switch (Config)#snmp-server view readview iso.3 exclude
Delete the view
Switch (Config)#no snmp-server view readview
2.4.3.19 snmp-server user
Command:snmp-server user <user-string> <group-string> [[encrypted] {auth
{md5|sha} <password-string>}]
no snmp-server user <user-string> <group-string>
Function: Add a new user to an SNMP group; the "no” form of this command deletes this
user
Command Mode:Global Mode
Parameter: <user-string> is the user name containing 1-32 characters
<group-string> is the name of the group the user belongs to, containing 1-32 characters
encrypted use DES for the packet encryption
auth perform packet authentication
md5 packet authentication using HMAC MD5 algorithm
sha packet authentication using HMAC SHA algorithm
<password-string> user password,containing 1-32 character
Usage Guide: If the encryption and authentication is not selected, the default settings
will be no encryption and no authentication. If the encryption is selected, the
authentication must be done. When deleting a user, if correct username and incorrect
group name is inputted, the user can still be deleted.
Example: Add a new user tester in the UserGroup with an encryption safety level and
Page 83
83
HMAC md5 for authentication, the password is hello.
Switch (Config)#snmp-server user tester UserGroup encrypted auth md5 hello
deletes an User
Switch (Config)#no snmp-server user tester UserGroup
2.4.3.20 snmp-server securityip
Command:snmp-server securityip {<ipv4-address>| <ipv6-address>}
no snmp-server securityip {<ipv4-address>| <ipv6-address>}
Function: Configure to permit to access security IPv4 or IPv6 address of the switch
NMS administration station; the“no snmp-server securityip {<ipv4-address>|
<ipv6-address>}”command deletes configured security IPv4 or IPv6 address.
Command Mode: Global Mode
Parameter: <ipv4-address> is NMS security IPv4 address, point separated decimal
format
<ipv6-address> is NMS security IPv6 address, colon separated hex format.
Usage Guide: It is only the consistency between NMS administration station IPv4 or
IPv6 address and security IPv4 or IPv6 address configured by the command,
so it send SNMP package could be processed by switch, the command only
applies to SNMP.
Example:
Configure security IP address of NMS administration station
Switch(config)#snmp-server securityip 1.1.1.5
Delete security IPv6 address
Switch(config)#no snmp-server securityip 2001::1
2.4.4 Typical SNMP Configuration Examples
1.1.1.5
1.1.1.9
Page 84
84
Fig 2-2 Typical SNMP Configuration
The IP address of the NMS is 1.1.1.5; the IP address of the switch (Agent) is 1.1.1.9
Scenario 1: The NMS network administrative software uses SNMP protocol to obtain
data from the switch.
The configuration on the switch is listed below:
Switch(config)#snmp-server
Switch(Config)#snmp-server community private rw
Switch(Config)#snmp-server community public ro
Switch(Config)#snmp-server securityip 1.1.1.5
The NMS can use “private” as the community string to access the switch with read-write
permission, or use “public” as the community string to access the switch with read-only
permission.
Scenario 2: NMS will receive Trap messages from the switch (Note: NMS may have
community string verification for the Trap messages. In this scenario, the NMS uses a
Trap verification community string of “ectrap”).
The configuration on the switch is listed below:
Switch(config)#snmp-server
Switch(Config)#snmp-server host 1.1.1.5 ectrap
Switch(Config)#snmp-server enable traps
Scenario 3: NMS uses SNMP v3 to obtain information from the switch.
The configuration on the switch is listed below:
Switch(config)#snmp-server
Switch (Config)#snmp-server user tester UserGroup encrypted auth md5 hello
Switch (Config)#snmp-server group UserGroup AuthPriv read max write max notify max
Switch (Config)#snmp-server view max 1 include
Scenario 4: NMS wants to receive the v3Trap messages sent by the switch.
The configuration on the switch is listed below:
Switch(config)#snmp-server
Switch(config)#snmp-server host 10.1.1.2 v3 AuthPriv tester
Switch(config)#snmp-server enable traps
2.4.5 SNMP Troubleshooting
When users configure the SNMP, the SNMP server may fail to run properly due to
physical connection failure and wrong configuration, etc. Users can troubleshoot the
problems by following the guide below:
Good condition of the physical connection.
Interface and datalink layer protocol is Up (use the “show interface” command), and
Page 85
85
the connection between the switch and host can be verified by ping ( use “ping”
command).
The switch enabled SNMP Agent server function (use “snmp-server” command)
Secure IP for NMS (use “snmp-server securityip” command) and community string
(use “snmp-server community” command) are correctly configured, as any of them
fails, SNMP will not be able to communicate with NMS properly.
If Trap function is required, remember to enable Trap (use “snmp-server enable
traps” command). and remember to properly configure the target host IP address
and community string for Trap (use “snmp-server host” command) to ensure Trap
message can be sent to the specified host.
If RMON function is required, RMON must be enabled first (use “rmon enable”
command).
Use “show snmp” command to verify sent and received SNMP messages; Use
“show snmp status” command to verify SNMP configuration information; Use “debug
snmp packet” to enable SNMP debug function and verify debug information.
If users still can’t solve the SNMP problems, Please contact our technical and
service center.
2.5 Switch Upgrade
ES3628EA switch provides two ways for switch upgrade: BootROM upgrade and the
TFTP/FTP upgrade under Shell.
2.5.1 Switch System Files
The system files includes system image file and boot file. The updating of the switch
is to update the two files by overwrite the old files with the new ones.
The system image files refers to the compressed files of the switch hardware drivers,
and software support program, etc, namely what we usually call the IMG update file. The
IMG file can only be saved in the FLASH with a defined name of nos.img
The boot file is for initiating the switch, namely what we usually call the ROM update
file ((It can be compressed into IMG file if it is of large size). The boot file can only be
saved in the ROM in which the file name is defined as boot.rom
The update method of the system image file and the boot file is the same. The
switch supplies the user with two modes of updating: 1. BootROM mode; 2. TFTP and
FTP update at Shell mode. This two update method will be explained in details in
following two sections.
Page 86
86
2.5.2 BootROM Upgrade
There are two methods for BootROM upgrade: TFTP and FTP, which can be
selected at BootROM command settings.
Fig 2-3 Typical topology for switch upgrade in BootROM mode
The upgrade procedures are listed below:
Step 1:
As shown in the figure, a PC is used as the console for the switch. A console cable is
used to connect PC to the management port on the switch. The PC should have
FTP/TFTP server software installed and has the image file required for the upgrade.
Step 2:
Press “ctrl+b” on switch boot up until the switch enters BootROM monitor mode. The
operation result is shown below:
ES3628EA Management Switch
Copyright (c) 2001-2006 by Accton Technology Corporation.
All rights reserved.
Testing RAM...
67,108,864 RAM OK.
Loading BootROM...
Starting BootRom...
Attaching to file system ... done.
216.13 BogoMIPS
Creation date: Jan 15 2007, 19:42:14
cable
connection
Console cable
connection
Page 87
87
Attached TCP/IP interface to sc0.
[Boot]:
Step 3:
Under BootROM mode, run “setconfig” to set the IP address and mask of the switch
under BootROM mode, server IP address and mask, and select TFTP or FTP upgrade.
Suppose the switch address is 192.168.1.2/24, and PC address is 192.168.1.66/24, and
select TFTP upgrade, the configuration should like:
[Boot]: setconfig
Host IP Address: 10.1.1.1 192.168.1.2
Server IP Address: 10.1.1.2 192.168.1.66
FTP(1) or TFTP(2): 1 2
Network interface configure OK.
[Boot]:
Step 4:
Enable FTP/TFTP server in the PC. For TFTP, run TFTP server program; for FTP, run
FTP server program. Before start downloading upgrade file to the switch, verify the
connectivity between the server and the switch by ping from the server. If ping succeeds,
run “load” command in the BootROM mode from the switch; if it fails, perform
troubleshooting to find out the cause. The following is the configuration for the system
update image file.
[Boot]: load nos.img
Loading...
entry = 0x10010
size = 0x1077f8
Step 5:
Execute “write nos.img” in BootROM mode. The following saves the system update
image file.
[Boot]: write nos.img
Programming...
Program OK.
[Boot]:
Step 6:
After successful upgrade, execute “run” command in BootROM mode to return to CLI
configuration interface.
[Boot]: run(or reboot)
Page 88
88
Other commands in BootROM mode
1. DIR command
Used to list existing files in the FLASH.
[Boot]: dir
boot.rom 327,440 1900-01-01 00: 00: 00 --SH
boot.conf 83 1900-01-01 00: 00: 00 --SH
nos.img 2,431,631 1980-01-01 00: 21: 34 ----
startup-config 2,922 1980-01-01 00: 09: 14 ----
temp.image 2,431,631 1980-01-01 00: 00: 32 ----
2. CONFIG RUN command
Used to set the IMAGE file to run upon system start-up, and the configuration file to run
upon configuration recovery.
[Boot]: config run
Boot File: [nos.img] nos1.image
Config File: [boot.conf]
2.5.3 FTP/TFTP Upgrade
2.5.3.1 Introduction To FTP/TFTP
FTP(File Transfer Protocol)/TFTP(Trivial File Transfer Protocol) are both file transfer
protocols that belonging to fourth layer(application layer) of the TCP/IP protocol stack,
used for transferring files between hosts, hosts and switches. Both of them transfer files
in a client-server model. Their differences are listed below.
FTP builds upon TCP to provide reliable connection-oriented data stream transfer
service. However, it does not provide file access authorization and uses simple
authentication mechanism(transfers username and password in plain text for
authentication). When using FTP to transfer files, two connections need to be established
between the client and the server: a management connection and a data connection. A
transfer request should be sent by the FTP client to establish management connection on
port 21 in the server, and negotiate a data connection through the management
connection.
There are two types of data connections: active connection and passive connection.
In active connection, the client transmits its address and port number for data
transmission to the sever, the management connection maintains until data transfer is
complete. Then, using the address and port number provided by the client, the server
establishes data connection on port 20 (if not engaged) to transfer data; if port 20 is
engaged, the server automatically generates some other port number to establish data
Page 89
89
connection.
In passive connection, the client, through management connection, notify the server
to establish a passive connection. The server then creates its own data listening port and
informs the client about the port, and the client establishes data connection to the
specified port.
As data connection is established through the specified address and port, there is a
third party to provide data connection service.
TFTP builds upon UDP, providing unreliable data stream transfer service with no
user authentication or permission-based file access authorization. It ensures correct data
transmission by sending and acknowledging mechanism and retransmission of time-out
packets. The advantage of TFTP over FTP is that it is a simple and low overhead file
transfer service.
ES3628EA switch can operate as either FTP/TFTP client or server. When
ES3628EA switch operates as a FTP/TFTP client, configuration files or system files can
be downloaded from the remote FTP/TFTP servers(can be hosts or other switches)
without affecting its normal operation. And file list can also be retrieved from the server in
ftp client mode. Of course, ES3628EA switch can also upload current configuration files
or system files to the remote FTP/TFTP servers(can be hosts or other switches). When
ES3628EA switch operates as a FTP/TFTP server, it can provide file upload and
download service for authorized FTP/TFTP clients, as file list service as FTP server.
Here are some terms frequently used in FTP/TFTP.
ROM: Short for EPROM, erasable read-only memory. EPROM is repalced by FLASH
memory in ES3628EA switch.
SDRAM: RAM memory in the switch, used for system software operation and
configuration sequence storage.
FLASH: Flash memory used to save system file and configuration file
System file: including system image file and boot file.
System image file: refers to the compressed file for switch hardware driver and software
support program, usually refer to as IMAGE upgrade file. In ES3628EA switch, the
system image file is allowed to save in FLASH only. ES3628EA switch mandates the
name of system image file to be uploaded via FTP in Global Mode to be nos.img, other
IMAGE system files will be rejected.
Boot file: refers to the file initializes the switch, also referred to as the ROM upgrade file
(Large size file can be compressed as IMAGE file). In ES3628EA switch, the boot file is
allowed to save in ROM only. ES3628EA switch mandates the name of the boot file to be
boot.rom.
Configuration file: including start up configuration file and running configuration file. The
distinction between start up configuration file and running configuration file can facilitate
Page 90
90
the backup and update of the configurations.
Start up configuration file: refers to the configuration sequence used in switch start up.
ES3628EA switch start up configuration file stores in FLASH only, corresponding to the
so called configuration save. To prevent illicit file upload and easier configuration,
ES3628EA switch mandates the name of start up configuration file to be startup-config.
Running configuration file: refers to the running configuration sequence use in the
switch. In ES3628EA switch, the running configuration file stores in the RAM. In the
current version, the running configuration sequence running-config can be saved from
the RAM to FLASH by write command or copy running-config startup-config
command, so that the running configuration sequence becomes the start up configuration
file, which is called configuration save. To prevent illicit file upload and easier
configuration, ES3628EA switch mandates the name of running configuration file to be
running-config.
Factory configuration file: The configuration file shipped with ES3628EA switch in the
name of factory-config. Run set default and write, and restart the switch, factory
configuration file will be loaded to overwrite current start up configuration file.
2.5.3.2 FTP/TFTP Configuration
The configurations of ES3628EA switch as FTP and TFTP clients are almost the
same, so the configuration procedures for FTP and TFTP are described together in this
manual.
2.5.3.2.1 FTP/TFTP Configuration Task List
1. FTP/TFTP client configuration
Upload/download the configuration file or system file.
(1) For FTP client, server file list can be checked.
2. FTP server configuration
(1) Start FTP server
(2) Configure FTP login username and password
(3) Modify FTP server connection idle time
(4) Shut down FTP server
3. TFTP server configuration
(1) Start TFTP server
(2) Configure TFTP server connection idle time
(3) Configure retransmission times before timeout for packets without
acknowledgement
(4) Shut down TFTP server
1. FTP/TFTP client configuration
(1)FTP/TFTP client upload/download file
Page 91
91
Command Explanation
Admin Mode
copy <source-url> <destination-url>
[ascii | binary]
FTP/TFTP client upload/download file
(2)For FTP client, server file list can be checked.
Global Mode
dir <ftpServerUrl>
For FTP client, server file list can be
checked.
FtpServerUrl format looks like: ftp: //user:
password@IP Address
2. FTP server configuration
(1)Start FTP server
Command Explanation
Global Mode
ftp-server enable
no ftp-server enable
Start FTP server, the “no ftp-server enable”
command shuts down FTP server and
prevents FTP user from logging in.
(2)Modify FTP server connection idle time
Command Explanation
Global Mode
ftp-server timeout <seconds>
Set connection idle time
3. TFTP server configuration
(1)Start TFTP server
Command Explanation
Global Mode
tftp-server enable
no tftp-server enable
Start TFTP server, the “no ftp-server enable”
command shuts down TFTP server and
prevents TFTP user from logging in.
(2)Modify TFTP server connection idle time
Command Explanation
Global Mode
tftp-server
retransmission-number <
number >
Set maximum retransmission time within
timeout interval.
(3)Modify TFTP server connection retransmission time
Command Explanation
Page 92
92
Global Mode
tftp-server
retransmission-number <
number >
Set maximum retransmission time within
timeout interval.
2.5.3.2.2 Commands for Switch Upgrade
2.5.3.2.2.1 copy(FTP)
Command: copy <source-url> <destination-url> [ascii | binary]
Function: Download files to the FTP client.
Parameter: <source-url> is the location of the source files or directories to be
copied;<destination-url> is the destination address to which the files or directories to be
copied;forms of <source-url> and <destination-url> vary depending on different
locations of the files or directories. ascii indicates the ASCII standard will be
adopted;binary indicates that the binary system will be adopted in the file transmission
(default transmission method).When URL represents an FTP address, its form should
be:
ftp://<username>:<password>@{<ipaddress>|<ipv6address>|<hostname> }/<filename>,a
mongst <username> is the FTP user name,<password> is the FTP user
password,<ipaddress>|<ipv6address> is the IPv4 or IPv6 address of the FTP
server/client,<hostname> is the name of the host mapping with the IPv6 address,it does
not support the file download and upload with hosts mapping with IPv4
addresses,<filename> is the name of the FTP upload/download file.
Special keywords of the filename
Keywords Source or destination addresses
running-config Running configuration files
startup-config Startup configuration files
nos.img System files
nos.rom System startup files
Command Mode: Admin Mode
Usage Guide: This command supports command line hints,namely if the user can enter
commands in following forms: copy <filename> ftp:// or copy ftp:// <filename> and
press Enter,following hints will be provided by the system:
ftp server ip/ipv6 address [x.x.x.x]/[x:x::x:x] >
ftp username>
ftp password>
ftp filename>
Requesting for FTP server address, user name, password and file name
Page 93
93
Examples:
(1)Save images in the FLASH to the FTP server of 2004:1:2:3::6
Switch#copy nos.img ftp://username:password@2004:1:2:3::6/ nos.img
(2)Obtain system file nos.img from the FTP server 2004:1:2:3::6
Switch#copy ftp:// username:password@2004:1:2:3::6/nos.img nos.img
(3)Save the running configuration files
Switch#copy running-config startup-config
2.5.3.2.2.2 copy(TFTP)
Command: copy <source-url> <destination-url> [ascii | binary]
Function: Download files to the TFTP client
Parameter:<source-url> is the location of the source files or directories to be cop
ied;<destination-url> is the destination address to which the files or directories to
be copied;forms of <source-url> and <destination-url> vary depending on different
locations of the files or directories. ascii indicates the ASCII standard will be adop
ted;binary indicates that the binary system will be adopted in the file transmission
(default transmission method).When URL represents an TFTP address, its form s
hould be: tftp://{<ipaddress>|<ipv6address>|<hostname> }/<filename>,amongst <ipaddr
ess>|<ipv6address> is the IPv4 or IPv6 address of the TFTP server/client,<hostnam
e> is the name of the host mapping with the IPv6 address,it does not support the
file download and upload with hosts mapping with IPv4 addresses,<filename> is the
name of the TFTP upload/download file.
Special keyword of the filename
Keywords Source or destination addresses
running-config Running configuration files
startup-config Startup configuration files
nos.img System files
nos.rom System startup files
Command Mode: Admin Mode
Usage Guide: This command supports command line hints,namely if the user can enter
commands in following forms: copy <filename> tftp:// or copy tftp:// <filename> and
press Enter,following hints will be provided by the system:
tftp server ip/ipv6 address[x.x.x.x]/[x:x::x:x]>
tftp filename>
Requesting for TFTP server address, file name
Example:
Page 94
94
(1)Save images in the FLASH to the TFTP server of 2004:1:2:3::6
Switch#copy nos.img tftp:// 2004:1:2:3::6/ nos.img
(2)Obtain system file nos.img from the TFTP server 2004:1:2:3::6
Switch#copy tftp:// 2004:1:2:3::6/nos.img nos.img
(3)Save running configuration files
Switch#copy running-config startup-config
2.5.3.2.2.3 dir
Command: dir <ftp-server-url>
Function: Browse the file list on the FTP server.
Parameter:The form of < ftp-server-url > is:ftp://<username>:<password>@{<ipv
4address>|<ipv6address>},amongst <username> is the FTP user name,<password> i
s the FTP user password,
{<ipv4address>|<ipv6address>} is the IPv4 or IPv6 address of the FTP server.
Command Mode: Global Mode
Example: Browse the list of the files on the server with the FTP client
Switch(Config)# dir ftp://user:password@IPv6 Address.
2.5.3.2.2.4 ftp-server enable
Command: ftp-server enable
no ftp-server enable
Function: Start FTP server, the “no ftp-server enable” command shuts down FTP
server and prevents FTP user from logging in.
Default: FTP server is not started by default.
Command mode: Global Mode
Usage Guide: When FTP server function is enabled, the switch can still perform ftp client
functions. FTP server is not started by default.
Example: enable FTP server service.
Switch#config
Switch(Config)# ftp-server enable
2.5.3.2.2.5 ftp-server timeout
Command: ftp-server timeout <seconds>
Function: Set data connection idle time
Parameter: < seconds> is the idle time threshold ( in seconds) for FTP connection, the
valid range is 5 to 3600.
Default: The system default is 600 seconds.
Command mode: Global Mode
Page 95
95
Usage Guide: When FTP data connection idle time exceeds this limit, the FTP
management connection will be disconnected.
Example: Modify the idle threshold to 100 seconds.
Switch#config
Switch(Config)#ftp-server timeout 100
2.5.3.2.2.6 show ftp
Command: show ftp
Function: display the parameter settings for the FTP server
Command mode: Admin Mode
Default: No display by default.
Example:
Switch#show ftp
Timeout : 600
Displayed information Description
Timeout Timeout time.
2.5.3.2.2.7 show tftp
Command: show tftp
Function: display the parameter settings for the TFTP server
Default: No display by default.
Command mode: Admin Mode
Example:
Switch#show tftp
timeout : 60
Retry Times : 10
Displayed information Explanation
Timeout Timeout time.
Retry Times Retransmission times.
2.5.3.2.2.8 tftp-server enable
Command: tftp-server enable
no tftp-server enable
Function: Start TFTP server, the “no ftp-server enable” command shuts down TFTP
server and prevents TFTP user from logging in.
Default: TFTP server is not started by default.
Command mode: Global Mode
Page 96
96
Usage Guide: When TFTP server function is enabled, the switch can still perform tftp
client functions. TFTP server is not started by default.
Example: enable TFTP server service.
Switch#config
Switch(Config)#tftp-server enable
2.5.3.2.2.9 tftp-server retransmission-number
Command: tftp-server retransmission-number <number>
Function: Set the retransmission time for TFTP server
Parameter: < number> is the time to re-transfer, the valid range is 1 to 20.
Default: The default value is 5 retransmission.
Command mode: Global Mode
Example: Modify the retransmission to 10 times.
Switch#config
Switch(Config)#tftp-server retransmission-number 10
2.5.3.2.2.10 tftp-server transmission-timeout
Command: tftp-server transmission-timeout <seconds>
Function: Set the transmission timeout value for TFTP server
Parameter: < seconds> is the timeout value, the valid range is 5 to 3600s.
Default: The system default timeout setting is 600 seconds.
Command mode: Global Mode
Example: Modify the timeout value to 60 seconds.
Switch#config
Switch(Config)#tftp-server transmission-timeout 60
2.5.4 FTP/TFTP Configuration Examples
Page 97
97
Fig 2-4 Download nos.img file as FTP/TFTP client
Scenario 1: The switch is used as FTP/TFTP client. The switch connects from one
of its ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; the
switch acts as a FTP/TFTP client, the IP address of the switch management VLAN is
10.1.1.2. Download “nos.img” file in the computer to the switch.
FTP Configuration
Computer side configuration:
Start the FTP server software on the computer and set the username “Switch”, and
the password “switch”. Place the “12_30_nos.img” file to the appropriate FTP server
directory on the computer.
The configuration procedures of the switch is listed below:
Switch(Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#exit
Switch#copy ftp: //Switch:switch@10.1.1.1/12_30_nos.img nos.img
With the above commands, the switch will have the “nos.img” file in the computer
downloaded to the FLASH.
TFTP Configuration
Computer side configuration:
Start TFTP server software on the computer and place the “nos.img” file to the
appropriate TFTP server directory on the computer.
The configuration procedures of the switch is listed below:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
computer
10.1.1.1
Switch
10.1.1.2
Page 98
98
Switch (Config-If-Vlan1)#exit
Switch (Config)#exit
Switch#copy tftp: //10.1.1.1/12_30_nos.img nos.img
Scenario 2: The switch is used as FTP server. The switch operates as the FTP server
and connects from one of its ports to a computer, which is a FTP client. Transfer the
“nos.img” file in the switch to the computer and save as 12_25_nos.img.
The configuration procedures of the switch is listed below:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#ftp-server enable
Switch(Config)# username Switch password 0 Admin
Computer side configuration:
Login to the switch with any FTP client software, with the username “Admin” and
password “switch”, use the command “get nos.img 12_25_nos.img” to download
“nos.img” file from the switch to the computer.
Scenario 3: The switch is used as TFTP server. The switch operates as the TFTP server
and connects from one of its ports to a computer, which is a TFTP client. Transfer the
“nos.img” file in the switch to the computer.
The configuration procedures of the switch is listed below:
Switch(Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#tftp-server enable
Computer side configuration:
Login to the switch with any TFTP client software, use the “tftp” command to download
“nos.img” file from the switch to the computer.
Scenario 4: The switch is used as FTP/TFTP client. The switch connects from one of its
ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; several
switch user profile configuration files are saved in the computer. The switch operates as
the FTP/TFTP client, the management VLAN IP address is 10.1.1.2. Download switch
user profile configuration files from the computer to the switch FLASH.
FTP Configuration
Computer side configuration:
Start the FTP server software on the computer and set the username “Switch”, and the
Page 99
99
password “Admin”. Save “nos.img”, “boot.rom” and “startup-config” in the appropriate
FTP server directory on the computer.
The configuration procedures of the switch is listed below:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#exit
Switch#copy ftp: //Switch: Admin@10.1.1.1/nos.img nos.img
Switch#copy ftp: //Switch: Admin@10.1.1.1/boot.rom boot.rom
Switch#copy ftp: //Switch: Admin@10.1.1.1/startup-config startup-config
With the above commands, the switch will have the user profile configuration file in the
computer downloaded to the FLASH.
TFTP Configuration
Computer side configuration:
Start TFTP server software on the computer and place “nos.img”, “boot.rom” and
“startup-config” to the appropriate TFTP server directory on the computer.
The configuration procedures of the switch is listed below:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#exit
Switch#copy tftp: //10.1.1.1/ nos.img nos.img
Switch#copy tftp: //10.1.1.1/ boot.rom boot.rom
Switch#copy tftp: //10.1.1.1/ startup-config startup-config
Scenario 5: ES3628EA switch acts as FTP client to view file list on the FTP server.
Synchronization conditions: The switch connects to a computer by an Ethernet port, the
computer is a FTP server with an IP address of 10.1.1.1; the switch acts as a FTP client,
and the IP address of the switch management VLAN1 interface is 10.1.1.2.
FTP Configuration
PC side:
Start the FTP server software on the PC and set the username “Switch”, and the
password “Admin”.
ES3628EA switch:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Page 100
100
Switch (Config-If-Vlan1)#exit
Switch (Config)#dir ftp: //Switch: Admin@10.1.1.1
220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
331 User name okay, need password.
230 User logged in, proceed.
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
recv total = 480
nos.img
nos.rom
parsecommandline.cpp
position.doc
qmdict.zip
shell maintenance statistics.xls
… (some display omitted here)
show.txt
snmp.TXT
226 Transfer complete.
Switch (Config)#
2.5.5 FTP/TFTP Troubleshooting
2.5.5.1 FTP Troubleshooting
When upload/download system file with FTP protocol, the connectivity of the link
must be ensured, i.e., use the “Ping” command to verify the connectivity between the
FTP client and server before running the FTP program. If ping fails, you will need to
check for appropriate troubleshooting information to recover the link connectivity.
& The following is what the message displays when files are successfully transferred.
Otherwise, please verify link connectivity and retry “copy” command again.
220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
331 User name okay, need password.
230 User logged in, proceed.
200 PORT Command successful.
nos.img file length = 1526021
read file ok
send file
150 Opening ASCII mode data connection for nos.img.
Loading...