LevelOne
FGL-2870
24FE + 4GE Combo SFP
L2 SNMP Switch
User Manual
Version 1.0
Management Guide
Fast Ethernet Switch
Combo Layer 2 SNMP Switch
with 24 10/100BASE-T (RJ-45) Ports,
and 4 Combination Gigabit (RJ-45/SFP) Ports
FGL-2870 E122009-WM-R01 149100000059A
About This Guide
Purpose
This guide gives specific information on how to operate and use the management functions of the switch.
Audience
The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Conventions
The following conventions are used throughout this guide to show information:
Note: Emphasizes important information or calls your attention to related features or instructions.
Caution: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment.
Warning: Alerts you to a potential hazard that could cause personal injury.
Related Publications
The following publication details the hardware features of the switch, including the physical and performance-related characteristics, and how to install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help that describes all management related features.
Revision History
This section summarizes the changes in each revision of this guide.
December 2009 Revision
This is the first revision of this guide.
v
vi
Contents
Chapter 1: Introduction |
1-1 |
Key Features |
1-1 |
Description of Software Features |
1-2 |
System Defaults |
1-6 |
Chapter 2: Initial Configuration |
2-1 |
Connecting to the Switch |
2-1 |
Configuration Options |
2-1 |
Required Connections |
2-2 |
Remote Connections |
2-3 |
Basic Configuration |
2-3 |
Console Connection |
2-3 |
Setting Passwords |
2-4 |
Setting an IP Address |
2-4 |
Manual Configuration |
2-4 |
Dynamic Configuration |
2-5 |
Enabling SNMP Management Access |
2-6 |
Community Strings (for SNMP version 1 and 2c clients) |
2-6 |
Trap Receivers |
2-7 |
Configuring Access for SNMP Version 3 Clients |
2-8 |
Managing System Files |
2-8 |
Saving Configuration Settings |
2-9 |
Chapter 3: Configuring the Switch |
3-1 |
Using the Web Interface |
3-1 |
Navigating the Web Browser Interface |
3-2 |
Home Page |
3-2 |
Configuration Options |
3-3 |
Panel Display |
3-3 |
Main Menu |
3-4 |
Basic Configuration |
3-13 |
Displaying System Information |
3-13 |
Displaying Switch Hardware/Software Versions |
3-15 |
Displaying Bridge Extension Capabilities |
3-17 |
Setting the Switch’s IP Address |
3-18 |
Manual Configuration |
3-19 |
Using DHCP/BOOTP |
3-20 |
Enabling Jumbo Frames |
3-21 |
Managing Firmware |
3-22 |
Automatic Operation Code Upgrade |
3-22 |
vii
Contents |
|
Downloading System Software from a Server |
3-26 |
Saving or Restoring Configuration Settings |
3-28 |
Downloading Configuration Settings from a Server |
3-29 |
Uploading and Downloading Files Using HTTP |
3-30 |
Console Port Settings |
3-32 |
Telnet Settings |
3-34 |
Configuring Event Logging |
3-36 |
System Log Configuration |
3-36 |
Remote Log Configuration |
3-37 |
Displaying Log Messages |
3-39 |
Sending Simple Mail Transfer Protocol Alerts |
3-39 |
Resetting the System |
3-41 |
Setting the System Clock |
3-42 |
Setting the Time Manually |
3-43 |
Configuring SNTP |
3-43 |
Configuring NTP |
3-44 |
Setting the Time Zone |
3-46 |
Configuring Summer Time |
3-47 |
Simple Network Management Protocol |
3-49 |
Enabling the SNMP Agent |
3-51 |
Setting Community Access Strings |
3-51 |
Specifying Trap Managers and Trap Types |
3-52 |
Configuring SNMPv3 Management Access |
3-55 |
Setting the Local Engine ID |
3-55 |
Specifying a Remote Engine ID |
3-56 |
Configuring SNMPv3 Users |
3-57 |
Configuring Remote SNMPv3 Users |
3-59 |
Configuring SNMPv3 Groups |
3-61 |
Setting SNMPv3 Views |
3-64 |
Sampling Traffic Flows |
3-65 |
Configuring sFlow Global Parameters |
3-66 |
Configuring sFlow Port Parameters |
3-68 |
User Authentication |
3-70 |
Configuring User Accounts |
3-70 |
Configuring Local/Remote Logon Authentication |
3-72 |
Configuring Encryption Keys |
3-75 |
AAA Authorization and Accounting |
3-76 |
Configuring AAA RADIUS Group Settings |
3-77 |
Configuring AAA TACACS+ Group Settings |
3-78 |
Configuring AAA Accounting |
3-78 |
AAA Accounting Update |
3-80 |
AAA Accounting 802.1X Port Settings |
3-81 |
AAA Accounting Exec Command Privileges |
3-82 |
AAA Accounting Exec Settings |
3-83 |
AAA Accounting Summary |
3-83 |
viii
|
Contents |
Authorization Settings |
3-85 |
Authorization EXEC Settings |
3-86 |
Authorization Summary |
3-87 |
Configuring HTTPS |
3-88 |
Replacing the Default Secure-site Certificate |
3-89 |
Configuring the Secure Shell |
3-90 |
Generating the Host Key Pair |
3-93 |
Importing User Public Keys |
3-95 |
Configuring the SSH Server |
3-97 |
Configuring 802.1X Port Authentication |
3-99 |
Displaying 802.1X Global Settings |
3-100 |
Configuring 802.1X Global Settings |
3-101 |
Configuring Port Settings for 802.1X |
3-101 |
Displaying 802.1X Statistics |
3-105 |
Filtering IP Addresses for Management Access |
3-107 |
General Security Measures |
3-109 |
Configuring Port Security |
3-110 |
Web Authentication |
3-111 |
Configuring Web Authentication |
3-112 |
Configuring Web Authentication for Ports |
3-113 |
Displaying Web Authentication Port Information |
3-114 |
Re-authenticating Web Authenticated Ports |
3-114 |
Network Access (MAC Address Authentication) |
3-115 |
Configuring the MAC Authentication Reauthentication Time |
3-117 |
Configuring MAC Authentication for Ports |
3-118 |
Configuring Port Link Detection |
3-120 |
Displaying Secure MAC Address Information |
3-121 |
MAC Filter Configuration |
3-122 |
Access Control Lists |
3-124 |
Setting the ACL Name and Type |
3-125 |
Configuring a Standard IPv4 ACL |
3-126 |
Configuring an Extended IPv4 ACL |
3-127 |
Configuring a Standard IPv6 ACL |
3-129 |
Configuring an Extended IPv6 ACL |
3-130 |
Configuring a MAC ACL |
3-131 |
Configuring an ARP ACL |
3-133 |
Binding a Port to an Access Control List |
3-135 |
ARP Inspection |
3-136 |
Configuring ARP Inspection |
3-136 |
Displaying ARP Inspection Port Information |
3-141 |
DHCP Snooping |
3-143 |
DHCP Snooping Configuration |
3-144 |
DHCP Snooping VLAN Configuration |
3-145 |
DHCP Snooping Information Option Configuration |
3-146 |
Configuring Ports for DHCP Snooping |
3-147 |
ix
Contents |
|
Displaying DHCP Snooping Binding Information |
3-149 |
IP Source Guard |
3-150 |
Configuring Ports for IP Source Guard |
3-150 |
Configuring Static Binding for IP Source Guard |
3-152 |
Displaying Information for Dynamic IP Source Guard Bindings |
3-154 |
Port Configuration |
3-155 |
Displaying Connection Status |
3-155 |
Configuring Interface Connections |
3-157 |
Creating Trunk Groups |
3-160 |
Statically Configuring a Trunk |
3-161 |
Enabling LACP on Selected Ports |
3-162 |
Configuring Parameters for LACP Group Members |
3-164 |
Configuring Parameters for LACP Groups |
3-166 |
Displaying LACP Port Counters |
3-167 |
Displaying LACP Settings and Status for the Local Side |
3-168 |
Displaying LACP Settings and Status for the Remote Side |
3-170 |
Setting Broadcast Storm Thresholds |
3-172 |
Setting Multicast Storm Thresholds |
3-174 |
Setting Unknown Unicast Storm Thresholds |
3-175 |
Configuring Port Mirroring |
3-177 |
Configuring MAC Address Mirroring |
3-178 |
Configuring Rate Limits |
3-179 |
Rate Limit Configuration |
3-179 |
Showing Port Statistics |
3-180 |
Address Table Settings |
3-185 |
Setting Static Addresses |
3-185 |
Displaying the Address Table |
3-186 |
Changing the Aging Time |
3-187 |
Spanning Tree Algorithm Configuration |
3-188 |
Configuring Port and Trunk Loopback Detection |
3-190 |
Displaying Global Settings for STA |
3-191 |
Configuring Global Settings for STA |
3-194 |
Displaying Interface Settings for STA |
3-198 |
Configuring Interface Settings for STA |
3-201 |
Spanning Tree Edge Port Configuration |
3-204 |
VLAN Configuration |
3-206 |
IEEE 802.1Q VLANs |
3-206 |
Enabling or Disabling GVRP (Global Setting) |
3-209 |
Displaying Basic VLAN Information |
3-210 |
Displaying Current VLANs |
3-211 |
Creating VLANs |
3-212 |
Adding Static Members to VLANs (VLAN Index) |
3-214 |
Adding Static Members to VLANs (Port Index) |
3-216 |
Configuring VLAN Behavior for Interfaces |
3-217 |
Configuring IEEE 802.1Q Tunneling |
3-219 |
x
|
Contents |
Enabling QinQ Tunneling on the Switch |
3-223 |
Adding an Interface to a QinQ Tunnel |
3-224 |
Traffic Segmentation |
3-226 |
Configuring Global Settings for Traffic Segmentation |
3-226 |
Configuring Traffic Segmentation Sessions |
3-227 |
Private VLANs |
3-228 |
Displaying Current Private VLANs |
3-228 |
Configuring Private VLANs |
3-229 |
Associating VLANs |
3-230 |
Displaying Private VLAN Interface Information |
3-231 |
Configuring Private VLAN Interfaces |
3-232 |
Protocol VLANs |
3-233 |
Configuring Protocol VLAN Groups |
3-234 |
Mapping Protocols to VLANs |
3-235 |
Configuring VLAN Mirroring |
3-236 |
Configuring IP Subnet VLANs |
3-237 |
Configuring MAC-based VLANs |
3-238 |
Link Layer Discovery Protocol |
3-239 |
Setting LLDP Timing Attributes |
3-239 |
Configuring LLDP Interface Attributes |
3-241 |
Displaying LLDP Local Device Information |
3-244 |
Displaying LLDP Remote Port Information |
3-247 |
Displaying LLDP Remote Information Details |
3-248 |
Displaying Device Statistics |
3-250 |
Displaying Detailed Device Statistics |
3-251 |
Class of Service Configuration |
3-253 |
Layer 2 Queue Settings |
3-253 |
Setting the Default Priority for Interfaces |
3-253 |
Mapping CoS Values to Egress Queues |
3-255 |
Selecting the Queue Mode |
3-256 |
Displaying the Service Weight for Traffic Classes |
3-257 |
Layer 3/4 Priority Settings |
3-259 |
Mapping Layer 3/4 Priorities to CoS Values |
3-259 |
Enabling IP DSCP Priority |
3-259 |
Mapping DSCP Priority |
3-260 |
Quality of Service |
3-262 |
Configuring Quality of Service Parameters |
3-262 |
Configuring a Class Map |
3-263 |
Creating QoS Policies |
3-265 |
Attaching a Policy Map to Ingress Queues |
3-268 |
VoIP Traffic Configuration |
3-269 |
Configuring VoIP Traffic |
3-269 |
Configuring VoIP Traffic Ports |
3-270 |
Configuring Telephony OUI |
3-272 |
Multicast Filtering |
3-274 |
xi
Contents |
|
|
|
Layer 2 IGMP (Snooping and Query) |
3-275 |
|
Configuring IGMP Snooping and Query Parameters |
3-276 |
|
Enabling IGMP Immediate Leave |
3-278 |
|
Displaying Interfaces Attached to a Multicast Router |
3-280 |
|
Specifying Static Interfaces for a Multicast Router |
3-281 |
|
Displaying Port Members of Multicast Services |
3-282 |
|
Assigning Ports to Multicast Services |
3-283 |
|
IGMP Filtering and Throttling |
3-284 |
|
Enabling IGMP Filtering and Throttling |
3-284 |
|
Configuring IGMP Filter Profiles |
3-285 |
|
Configuring IGMP Filtering and Throttling for Interfaces |
3-287 |
|
Multicast VLAN Registration |
3-289 |
|
Configuring Global MVR Settings |
3-290 |
|
Displaying MVR Interface Status |
3-292 |
|
Displaying Port Members of Multicast Groups |
3-293 |
|
Configuring MVR Interface Status |
3-294 |
|
Assigning Static Multicast Groups to Interfaces |
3-296 |
|
Configuring MVR Receiver VLAN and Group Addresses |
3-297 |
|
Displaying MVR Receiver Groups |
3-298 |
|
Configuring Static MVR Receiver Group Members |
3-299 |
|
Domain Name Service |
3-300 |
|
Configuring General DNS Service Parameters |
3-300 |
|
Configuring Static DNS Host to Address Entries |
3-302 |
|
Displaying the DNS Cache |
3-304 |
|
Switch Clustering |
3-305 |
|
Configuring General Settings for Clusters |
3-305 |
|
Cluster Member Configuration |
3-307 |
|
Displaying Information on Cluster Members |
3-308 |
|
Cluster Candidate Information |
3-309 |
|
UPnP |
3-310 |
|
UPnP Configuration |
3-311 |
|
|
|
|
Chapter 4: Command Line Interface |
4-1 |
|
Using the Command Line Interface |
4-1 |
|
Accessing the CLI |
4-1 |
|
Console Connection |
4-1 |
|
Telnet Connection |
4-2 |
|
Entering Commands |
4-3 |
|
Keywords and Arguments |
4-3 |
|
Minimum Abbreviation |
4-3 |
|
Command Completion |
4-3 |
|
Getting Help on Commands |
4-3 |
|
Showing Commands |
4-4 |
|
Partial Keyword Lookup |
4-5 |
xii
|
Contents |
Negating the Effect of Commands |
4-5 |
Using Command History |
4-5 |
Understanding Command Modes |
4-6 |
Exec Commands |
4-6 |
Configuration Commands |
4-7 |
Command Line Processing |
4-9 |
Command Groups |
4-10 |
General Commands |
4-11 |
enable |
4-12 |
disable |
4-12 |
configure |
4-13 |
show history |
4-13 |
reload (Privileged Exec) |
4-14 |
reload (Global Configuration) |
4-14 |
show reload |
4-16 |
prompt |
4-16 |
end |
4-16 |
exit |
4-17 |
quit |
4-17 |
System Management Commands |
4-18 |
Device Designation Commands |
4-18 |
hostname |
4-18 |
Banner Information Commands |
4-19 |
banner configure |
4-20 |
banner configure company |
4-21 |
banner configure dc-power-info |
4-22 |
banner configure department |
4-22 |
banner configure equipment-info |
4-23 |
banner configure equipment-location |
4-24 |
banner configure ip-lan |
4-24 |
banner configure lp-number |
4-25 |
banner configure manager-info |
4-26 |
banner configure mux |
4-26 |
banner configure note |
4-27 |
show banner |
4-28 |
System Status Commands |
4-29 |
show startup-config |
4-29 |
show running-config |
4-30 |
show system |
4-33 |
show users |
4-33 |
show version |
4-34 |
Frame Size Commands |
4-35 |
jumbo frame |
4-35 |
File Management Commands |
4-36 |
copy |
4-37 |
xiii
Contents |
|
delete |
4-40 |
dir |
4-40 |
whichboot |
4-41 |
boot system |
4-42 |
upgrade opcode auto |
4-42 |
upgrade opcode path |
4-43 |
Line Commands |
4-44 |
line |
4-45 |
login |
4-46 |
password |
4-47 |
timeout login response |
4-48 |
exec-timeout |
4-48 |
password-thresh |
4-49 |
silent-time |
4-50 |
databits |
4-50 |
parity |
4-51 |
speed |
4-52 |
stopbits |
4-52 |
terminal length |
4-53 |
terminal width |
4-53 |
terminal escape-character |
4-54 |
terminal terminal-type |
4-54 |
terminal history |
4-55 |
disconnect |
4-55 |
show line |
4-56 |
Event Logging Commands |
4-57 |
logging on |
4-57 |
logging history |
4-58 |
logging host |
4-59 |
logging facility |
4-59 |
logging trap |
4-60 |
clear log |
4-60 |
show logging |
4-61 |
show log |
4-62 |
SMTP Alert Commands |
4-63 |
logging sendmail host |
4-63 |
logging sendmail level |
4-64 |
logging sendmail source-email |
4-64 |
logging sendmail destination-email |
4-65 |
logging sendmail |
4-65 |
show logging sendmail |
4-65 |
Time Commands |
4-67 |
sntp client |
4-68 |
sntp server |
4-69 |
sntp poll |
4-69 |
xiv
|
Contents |
show sntp |
4-70 |
ntp client |
4-70 |
ntp server |
4-71 |
ntp authenticate |
4-72 |
ntp authentication-key |
4-73 |
show ntp |
4-74 |
clock timezone-predefined |
4-74 |
clock timezone |
4-75 |
clock summer-time (date) |
4-76 |
clock summer-time (predefined) |
4-77 |
clock summer-time (recurring) |
4-78 |
calendar set |
4-79 |
show calendar |
4-80 |
Switch Cluster Commands |
4-80 |
cluster |
4-81 |
cluster commander |
4-81 |
cluster ip-pool |
4-82 |
cluster member |
4-83 |
rcommand |
4-83 |
show cluster |
4-84 |
show cluster members |
4-84 |
show cluster candidates |
4-84 |
UPnP Commands |
4-84 |
upnp device |
4-85 |
upnp device ttl |
4-85 |
upnp device advertise duration |
4-86 |
show upnp |
4-86 |
SNMP Commands |
4-87 |
snmp-server |
4-88 |
show snmp |
4-89 |
snmp-server community |
4-90 |
snmp-server contact |
4-90 |
snmp-server location |
4-91 |
snmp-server host |
4-92 |
snmp-server enable traps |
4-94 |
snmp-server engine-id |
4-95 |
show snmp engine-id |
4-96 |
snmp-server view |
4-96 |
show snmp view |
4-97 |
snmp-server group |
4-98 |
show snmp group |
4-99 |
snmp-server user |
4-100 |
show snmp user |
4-101 |
Flow Sampling Commands |
4-102 |
sflow |
4-103 |
xv
Contents |
|
sflow source |
4-103 |
sflow sample |
4-104 |
sflow polling-interval |
4-104 |
sflow owner |
4-105 |
sflow timeout |
4-105 |
sflow destination |
4-106 |
sflow max-header-size |
4-106 |
sflow max-datagram-size |
4-107 |
show sflow |
4-107 |
Authentication Commands |
4-108 |
User Account and Privilege Level Commands |
4-109 |
username |
4-109 |
enable password |
4-110 |
privilege |
4-111 |
privilege rerun |
4-112 |
show privilege |
4-112 |
Authentication Sequence |
4-113 |
authentication login |
4-113 |
authentication enable |
4-114 |
RADIUS Client |
4-115 |
radius-server host |
4-115 |
radius-server acct-port |
4-116 |
radius-server auth-port |
4-116 |
radius-server key |
4-117 |
radius-server retransmit |
4-117 |
radius-server timeout |
4-118 |
show radius-server |
4-119 |
TACACS+ Client |
4-119 |
tacacs-server host |
4-120 |
tacacs-server port |
4-120 |
tacacs-server key |
4-121 |
tacacs-server retransmit |
4-121 |
tacacs-server timeout |
4-122 |
show tacacs-server |
4-122 |
AAA Commands |
4-123 |
aaa group server |
4-123 |
server |
4-124 |
aaa accounting dot1x |
4-125 |
aaa accounting exec |
4-126 |
aaa accounting commands |
4-127 |
aaa accounting update |
4-128 |
accounting dot1x |
4-128 |
accounting exec |
4-129 |
accounting commands |
4-129 |
aaa authorization exec |
4-130 |
xvi
|
Contents |
authorization exec |
4-131 |
show accounting |
4-131 |
Web Server Commands |
4-132 |
ip http port |
4-132 |
ip http server |
4-133 |
ip http secure-server |
4-133 |
ip http secure-port |
4-134 |
Telnet Server Commands |
4-135 |
ip telnet server |
4-135 |
Secure Shell Commands |
4-136 |
ip ssh server |
4-138 |
ip ssh timeout |
4-139 |
ip ssh authentication-retries |
4-139 |
ip ssh server-key size |
4-140 |
delete public-key |
4-140 |
ip ssh crypto host-key generate |
4-141 |
ip ssh crypto zeroize |
4-141 |
ip ssh save host-key |
4-142 |
show ip ssh |
4-142 |
show ssh |
4-143 |
show public-key |
4-144 |
802.1X Port Authentication |
4-145 |
dot1x system-auth-control |
4-145 |
dot1x default |
4-146 |
dot1x max-req |
4-146 |
dot1x port-control |
4-146 |
dot1x operation-mode |
4-147 |
dot1x re-authenticate |
4-148 |
dot1x re-authentication |
4-149 |
dot1x timeout quiet-period |
4-149 |
dot1x timeout re-authperiod |
4-150 |
dot1x timeout tx-period |
4-150 |
dot1x timeout supp-timeout |
4-151 |
dot1x intrusion-action |
4-151 |
show dot1x |
4-152 |
Management IP Filter Commands |
4-155 |
management |
4-155 |
show management |
4-156 |
General Security Measures |
4-157 |
Port Security Commands |
4-158 |
port security |
4-158 |
Network Access (MAC Address Authentication) |
4-160 |
network-access aging |
4-161 |
network-access mac-filter |
4-161 |
network-access port-mac-filter |
4-162 |
xvii
Contents |
|
network-access max-mac-count |
4-162 |
network-access mode |
4-163 |
mac-authentication reauth-time |
4-164 |
mac-authentication intrusion-action |
4-165 |
mac-authentication max-mac-count |
4-165 |
network-access dynamic-vlan |
4-166 |
network-access guest-vlan |
4-166 |
network-access dynamic-qos |
4-167 |
network-access link-detection |
4-168 |
network-access link-detection link-down |
4-168 |
network-access link-detection link-up |
4-169 |
network-access link-detection link-up-down |
4-169 |
clear network-access |
4-170 |
show network-access |
4-170 |
show network-access mac-address-table |
4-171 |
show network-access mac-filter |
4-172 |
Web Authentication |
4-173 |
web-auth login-attempts |
4-173 |
web-auth quiet-period |
4-174 |
web-auth session-timeout |
4-174 |
web-auth system-auth-control |
4-175 |
web-auth |
4-175 |
web-auth re-authenticate (Port) |
4-176 |
web-auth re-authenticate (IP) |
4-176 |
show web-auth |
4-177 |
show web-auth interface |
4-177 |
show web-auth summary |
4-178 |
DHCP Snooping Commands |
4-178 |
ip dhcp snooping |
4-179 |
ip dhcp snooping vlan |
4-180 |
ip dhcp snooping trust |
4-181 |
ip dhcp snooping verify mac-address |
4-182 |
ip dhcp snooping information option |
4-183 |
ip dhcp snooping information policy |
4-184 |
ip dhcp snooping database flash |
4-184 |
clear ip dhcp snooping database flash |
4-185 |
show ip dhcp snooping |
4-185 |
show ip dhcp snooping binding |
4-185 |
IP Source Guard Commands |
4-186 |
ip source-guard |
4-186 |
ip source-guard binding |
4-188 |
show ip source-guard |
4-189 |
show ip source-guard binding |
4-189 |
ARP Inspection Commands |
4-190 |
ip arp inspection |
4-190 |
xviii
|
Contents |
ip arp inspection vlan |
4-191 |
ip arp inspection filter |
4-192 |
ip arp inspection validate |
4-193 |
ip arp inspection log-buffer logs |
4-194 |
ip arp inspection trust |
4-195 |
ip arp inspection limit |
4-195 |
show ip arp inspection configuration |
4-196 |
show ip arp inspection interface |
4-196 |
show ip arp inspection vlan |
4-197 |
show ip arp inspection log |
4-197 |
show ip arp inspection statistics |
4-198 |
Access Control List Commands |
4-198 |
IPv4 ACLs |
4-199 |
access-list rule-mode |
4-199 |
access-list ip |
4-200 |
permit, deny (Standard IPv4 ACL) |
4-201 |
permit, deny (Extended IPv4 ACL) |
4-202 |
show ip access-list |
4-204 |
ip access-group |
4-204 |
show ip access-group |
4-205 |
IPv6 ACLs |
4-205 |
access-list ipv6 |
4-206 |
permit, deny (Standard IPv6 ACL) |
4-207 |
permit, deny (Extended IPv6 ACL) |
4-208 |
show ipv6 access-list |
4-209 |
ipv6 access-group |
4-209 |
show ipv6 access-group |
4-210 |
ARP ACLs |
4-210 |
access-list arp |
4-211 |
permit, deny (ARP ACL) |
4-212 |
show arp access-list |
4-213 |
MAC ACLs |
4-214 |
access-list mac |
4-214 |
permit, deny (MAC ACL) |
4-215 |
show mac access-list |
4-216 |
mac access-group |
4-217 |
show mac access-group |
4-217 |
ACL Information |
4-218 |
show access-list |
4-218 |
show access-group |
4-218 |
Interface Commands |
4-219 |
interface |
4-220 |
description |
4-220 |
speed-duplex |
4-221 |
negotiation |
4-222 |
xix
Contents |
|
capabilities |
4-223 |
flowcontrol |
4-224 |
media-type |
4-225 |
giga-phy-mode |
4-225 |
shutdown |
4-226 |
switchport packet-rate |
4-227 |
clear counters |
4-228 |
show interfaces brief |
4-228 |
show interfaces status |
4-229 |
show interfaces counters |
4-230 |
show interfaces switchport |
4-231 |
Automatic Traffic Control Commands |
4-233 |
auto-traffic-control apply-timer |
4-236 |
auto-traffic-control release-timer |
4-237 |
auto-traffic-control |
4-238 |
auto-traffic-control alarm-fire-threshold |
4-238 |
auto-traffic-control alarm-clear-threshold |
4-239 |
auto-traffic-control action |
4-240 |
auto-traffic-control control-release |
4-241 |
auto-traffic-control auto-control-release |
4-242 |
snmp-server enable port-traps atc broadcast-alarm-fire |
4-242 |
snmp-server enable port-traps atc multicast-alarm-fire |
4-243 |
snmp-server enable port-traps atc broadcast-alarm-clear |
4-243 |
snmp-server enable port-traps atc multicast-alarm-clear |
4-244 |
snmp-server enable port-traps atc broadcast-control-apply |
4-244 |
snmp-server enable port-traps atc multicast-control-apply |
4-245 |
snmp-server enable port-traps atc broadcast-control-release |
4-245 |
snmp-server enable port-traps atc multicast-control-release |
4-246 |
show auto-traffic-control |
4-246 |
show auto-traffic-control interface |
4-247 |
Link Aggregation Commands |
4-248 |
channel-group |
4-249 |
lacp |
4-250 |
lacp system-priority |
4-251 |
lacp admin-key (Ethernet Interface) |
4-252 |
lacp admin-key (Port Channel) |
4-253 |
lacp port-priority |
4-254 |
lacp active/passive |
4-255 |
show lacp |
4-255 |
Mirror Port Commands |
4-260 |
port monitor |
4-260 |
show port monitor |
4-261 |
Rate Limit Commands |
4-263 |
rate-limit |
4-263 |
Address Table Commands |
4-264 |
xx
|
Contents |
mac-address-table static |
4-264 |
clear mac-address-table dynamic |
4-265 |
show mac-address-table |
4-266 |
mac-address-table aging-time |
4-267 |
show mac-address-table aging-time |
4-267 |
Spanning Tree Commands |
4-268 |
spanning-tree |
4-269 |
spanning-tree mode |
4-270 |
spanning-tree forward-time |
4-271 |
spanning-tree hello-time |
4-271 |
spanning-tree max-age |
4-272 |
spanning-tree priority |
4-273 |
spanning-tree system-bpdu-flooding |
4-273 |
spanning-tree pathcost method |
4-274 |
spanning-tree transmission-limit |
4-274 |
spanning-tree mst-configuration |
4-275 |
mst vlan |
4-275 |
mst priority |
4-276 |
name |
4-277 |
revision |
4-277 |
max-hops |
4-278 |
spanning-tree spanning-disabled |
4-278 |
spanning-tree cost |
4-279 |
spanning-tree port-priority |
4-280 |
spanning-tree edge-port |
4-281 |
spanning-tree portfast |
4-282 |
spanning-tree bpdu-filter |
4-283 |
spanning-tree bpdu-guard |
4-284 |
spanning-tree port-bpdu-flooding |
4-284 |
spanning-tree root-guard |
4-285 |
spanning-tree link-type |
4-286 |
spanning-tree loopback-detection |
4-286 |
spanning-tree loopback-detection release-mode |
4-287 |
spanning-tree loopback-detection trap |
4-288 |
spanning-tree mst cost |
4-288 |
spanning-tree mst port-priority |
4-289 |
spanning-tree protocol-migration |
4-290 |
show spanning-tree |
4-291 |
show spanning-tree mst configuration |
4-293 |
VLAN Commands |
4-293 |
GVRP and Bridge Extension Commands |
4-294 |
bridge-ext gvrp |
4-294 |
show bridge-ext |
4-295 |
switchport gvrp |
4-295 |
show gvrp configuration |
4-296 |
xxi
Contents |
|
garp timer |
4-296 |
show garp timer |
4-297 |
Editing VLAN Groups |
4-298 |
vlan database |
4-298 |
vlan |
4-299 |
Configuring VLAN Interfaces |
4-300 |
interface vlan |
4-300 |
switchport mode |
4-301 |
switchport acceptable-frame-types |
4-302 |
switchport ingress-filtering |
4-302 |
switchport native vlan |
4-303 |
switchport allowed vlan |
4-304 |
switchport forbidden vlan |
4-305 |
vlan-trunking |
4-305 |
Displaying VLAN Information |
4-307 |
show vlan |
4-307 |
Configuring IEEE 802.1Q Tunneling |
4-308 |
dot1q-tunnel system-tunnel-control |
4-309 |
switchport dot1q-tunnel mode |
4-309 |
switchport dot1q-tunnel tpid |
4-310 |
show dot1q-tunnel |
4-311 |
Configuring Port-based Traffic Segmentation |
4-312 |
pvlan |
4-312 |
pvlan uplink/downlink |
4-313 |
pvlan session |
4-314 |
pvlan up-to-up |
4-315 |
show pvlan |
4-315 |
Configuring Private VLANs |
4-316 |
private-vlan |
4-317 |
private vlan association |
4-318 |
switchport mode private-vlan |
4-318 |
switchport private-vlan host-association |
4-319 |
switchport private-vlan mapping |
4-320 |
show vlan private-vlan |
4-320 |
Configuring Protocol-based VLANs |
4-321 |
protocol-vlan protocol-group (Configuring Groups) |
4-322 |
protocol-vlan protocol-group (Configuring VLANs) |
4-322 |
show protocol-vlan protocol-group |
4-323 |
show protocol-vlan protocol-group-vid |
4-324 |
Configuring IP Subnet VLANs |
4-324 |
subnet-vlan |
4-325 |
show subnet-vlan |
4-325 |
Configuring MAC Based VLANs |
4-326 |
mac-vlan |
4-326 |
show mac-vlan |
4-327 |
xxii
|
Contents |
Configuring Voice VLANs |
4-328 |
voice vlan |
4-328 |
voice vlan aging |
4-329 |
voice vlan mac-address |
4-330 |
switchport voice vlan |
4-331 |
switchport voice vlan rule |
4-331 |
switchport voice vlan security |
4-332 |
switchport voice vlan priority |
4-333 |
show voice vlan |
4-333 |
LLDP Commands |
4-335 |
lldp |
4-337 |
lldp holdtime-multiplier |
4-337 |
lldp medFastStartCount |
4-338 |
lldp notification-interval |
4-338 |
lldp refresh-interval |
4-339 |
lldp reinit-delay |
4-339 |
lldp tx-delay |
4-340 |
lldp admin-status |
4-341 |
lldp notification |
4-341 |
lldp mednotification |
4-342 |
lldp basic-tlv management-ip-address |
4-343 |
lldp basic-tlv port-description |
4-343 |
lldp basic-tlv system-capabilities |
4-344 |
lldp basic-tlv system-description |
4-344 |
lldp basic-tlv system-name |
4-345 |
lldp dot1-tlv proto-ident |
4-345 |
lldp dot1-tlv proto-vid |
4-346 |
lldp dot1-tlv pvid |
4-346 |
lldp dot1-tlv vlan-name |
4-347 |
lldp dot3-tlv link-agg |
4-347 |
lldp dot3-tlv mac-phy |
4-348 |
lldp dot3-tlv max-frame |
4-348 |
lldp dot3-tlv poe |
4-349 |
lldp medtlv extpoe |
4-349 |
lldp medtlv inventory |
4-350 |
lldp medtlv location |
4-350 |
lldp medtlv med-cap |
4-351 |
lldp medtlv network-policy |
4-351 |
show lldp config |
4-352 |
show lldp info local-device |
4-354 |
show lldp info remote-device |
4-355 |
show lldp info statistics |
4-356 |
Class of Service Commands |
4-357 |
Priority Commands (Layer 2) |
4-357 |
queue mode |
4-357 |
xxiii
Contents |
|
switchport priority default |
4-358 |
queue cos-map |
4-359 |
show queue mode |
4-360 |
show queue bandwidth |
4-360 |
show queue cos-map |
4-361 |
Priority Commands (Layer 3 and 4) |
4-362 |
map ip dscp (Global Configuration) |
4-362 |
map ip dscp (Interface Configuration) |
4-362 |
show map ip dscp |
4-364 |
Quality of Service Commands |
4-365 |
class-map |
4-366 |
match |
4-367 |
rename |
4-368 |
description |
4-368 |
policy-map |
4-369 |
class |
4-369 |
set |
4-370 |
police |
4-371 |
service-policy |
4-372 |
show class-map |
4-372 |
show policy-map |
4-373 |
show policy-map interface |
4-373 |
Multicast Filtering Commands |
4-374 |
IGMP Snooping Commands |
4-374 |
ip igmp snooping |
4-375 |
ip igmp snooping vlan static |
4-375 |
ip igmp snooping version |
4-376 |
ip igmp snooping leave-proxy |
4-377 |
ip igmp snooping immediate-leave |
4-377 |
show ip igmp snooping |
4-378 |
show mac-address-table multicast |
4-379 |
IGMP Query Commands (Layer 2) |
4-379 |
ip igmp snooping querier |
4-380 |
ip igmp snooping query-count |
4-380 |
ip igmp snooping query-interval |
4-381 |
ip igmp snooping query-max-response-time |
4-381 |
ip igmp snooping router-port-expire-time |
4-382 |
Static Multicast Routing Commands |
4-383 |
ip igmp snooping vlan mrouter |
4-383 |
show ip igmp snooping mrouter |
4-384 |
IGMP Filtering and Throttling Commands |
4-385 |
ip igmp filter (Global Configuration) |
4-385 |
ip igmp profile |
4-386 |
permit, deny |
4-386 |
range |
4-387 |
xxiv
|
Contents |
|
ip igmp filter (Interface Configuration) |
4-387 |
|
ip igmp max-groups |
4-388 |
|
ip igmp max-groups action |
4-389 |
|
show ip igmp filter |
4-389 |
|
show ip igmp profile |
4-390 |
|
show ip igmp throttle interface |
4-390 |
|
Multicast VLAN Registration Commands |
4-391 |
|
mvr (Global Configuration) |
4-392 |
|
mvr (Interface Configuration) |
4-394 |
|
mvr immediate |
4-395 |
|
show mvr |
4-396 |
|
Domain Name Service Commands |
4-399 |
|
ip host |
4-399 |
|
clear host |
4-400 |
|
ip domain-name |
4-401 |
|
ip domain-list |
4-401 |
|
ip name-server |
4-402 |
|
ip domain-lookup |
4-403 |
|
show hosts |
4-404 |
|
show dns |
4-404 |
|
show dns cache |
4-405 |
|
clear dns cache |
4-405 |
|
IP Interface Commands |
4-406 |
|
ip address |
4-406 |
|
ip default-gateway |
4-407 |
|
ip dhcp restart |
4-408 |
|
show ip interface |
4-408 |
|
show ip redirects |
4-409 |
|
show arp |
4-409 |
|
ping |
4-409 |
|
|
|
|
Appendix A: Software Specifications |
A-1 |
|
Software Features |
A-1 |
|
Management Features |
A-2 |
|
Standards |
A-2 |
|
Management Information Bases |
A-3 |
|
|
|
|
Appendix B: Troubleshooting |
B-1 |
|
Problems Accessing the Management Interface |
B-1 |
|
Using System Logs |
B-2 |
Glossary
Index
xxv
Contents
xxvi
Tables
Table 1-1 |
Key Features |
1-1 |
Table 1-2 |
System Defaults |
1-6 |
Table 3-1 |
Configuration Options |
3-3 |
Table 3-2 |
Main Menu |
3-4 |
Table 3-3 |
Logging Levels |
3-36 |
Table 3-4 |
Supported Notification Messages |
3-61 |
Table 3-5 |
HTTPS System Support |
3-88 |
Table 3-6 |
802.1X Statistics |
3-105 |
Table 3-7 |
Dynamic QoS Profiles |
3-116 |
Table 3-8 |
LACP Port Counters |
3-167 |
Table 3-9 |
LACP Internal Configuration Information |
3-168 |
Table 3-10 |
LACP Neighbor Configuration Information |
3-170 |
Table 3-11 |
Port Statistics |
3-180 |
Table 3-12 |
Recommended STA Path Cost Range |
3-202 |
Table 3-13 |
Recommended STA Path Costs |
3-202 |
Table 3-14 |
Default STA Path Costs |
3-203 |
Table 3-15 |
Chassis ID Subtype |
3-244 |
Table 3-16 |
System Capabilities |
3-245 |
Table 3-17 |
Port ID Subtype |
3-248 |
Table 3-18 |
Mapping CoS Values to Egress Queues |
3-255 |
Table 3-19 |
CoS Priority Levels |
3-255 |
Table 3-20 |
Mapping DSCP Priority Values |
3-260 |
Table 4-1 |
Command Modes |
4-6 |
Table 4-2 |
Configuration Modes |
4-8 |
Table 4-3 |
Command Line Processing |
4-9 |
Table 4-4 |
Command Groups |
4-10 |
Table 4-5 |
General Commands |
4-11 |
Table 4-6 |
System Management Commands |
4-18 |
Table 4-7 |
Device Designation Commands |
4-18 |
Table 4-8 |
Banner Commands |
4-19 |
Table 4-9 |
System Status Commands |
4-29 |
Table 4-10 |
Frame Size Commands |
4-35 |
Table 4-11 |
Flash/File Commands |
4-36 |
Table 4-12 |
File Directory Information |
4-41 |
Table 4-13 |
Line Commands |
4-44 |
Table 4-14 |
Event Logging Commands |
4-57 |
Table 4-15 |
Logging Levels |
4-58 |
Table 4-16 |
show logging flash/ram - display description |
4-61 |
Table 4-17 |
SMTP Alert Commands |
4-63 |
Table 4-18 |
Time Commands |
4-67 |
Table 4-19 |
Predefined Summer-Time Parameters |
4-77 |
Table 4-20 |
Switch Cluster Commands |
4-80 |
xxvii
Tables |
|
|
Table 4-21 |
SNMP Commands |
4-87 |
Table 4-22 show snmp engine-id - display description |
4-96 |
|
Table 4-23 show snmp view - display description |
4-97 |
|
Table 4-24 show snmp group - display description |
4-100 |
|
Table 4-26 |
sFlow Commands |
4-102 |
Table 4-25 show snmp user - display description |
4-102 |
|
Table 4-27 |
Authentication Commands |
4-108 |
Table 4-28 User Access Commands |
4-109 |
|
Table 4-29 Default Login Settings |
4-109 |
|
Table 4-30 |
Authentication Sequence |
4-113 |
Table 4-31 RADIUS Client Commands |
4-115 |
|
Table 4-32 |
TACACS Commands |
4-119 |
Table 4-34 Web Server Commands |
4-132 |
|
Table 4-35 HTTPS System Support |
4-134 |
|
Table 4-36 Telnet Server Commands |
4-135 |
|
Table 4-37 |
SSH Commands |
4-136 |
Table 4-38 show ssh - display description |
4-143 |
|
Table 4-39 802.1X Port Authentication |
4-145 |
|
Table 4-40 IP Filter Commands |
4-155 |
|
Table 4-41 General Security Commands |
4-157 |
|
Table 4-42 Port Security Commands |
4-158 |
|
Table 4-43 |
Network Access |
4-160 |
Table 4-44 Dynamic QoS Profiles |
4-167 |
|
Table 4-45 |
Web Authentication |
4-173 |
Table 4-46 DHCP Snooping Commands |
4-178 |
|
Table 4-47 IP Source Guard Commands |
4-186 |
|
Table 4-48 ARP Inspection Commands |
4-190 |
|
Table 4-49 Access Control Lists |
4-198 |
|
Table 4-50 IPv4 ACL Commands |
4-199 |
|
Table 4-52 ARP ACL Commands |
4-210 |
|
Table 4-53 MAC ACL Commands |
4-214 |
|
Table 4-54 |
ACL Information |
4-218 |
Table 4-55 |
Interface Commands |
4-219 |
Table 4-56 Interfaces Switchport Statistics |
4-232 |
|
Table 4-57 |
ATC Commands |
4-233 |
Table 4-58 Link Aggregation Commands |
4-248 |
|
Table 4-59 show lacp counters - display description |
4-256 |
|
Table 4-60 show lacp internal - display description |
4-257 |
|
Table 4-61 show lacp neighbors - display description |
4-258 |
|
Table 4-62 show lacp sysid - display description |
4-259 |
|
Table 4-63 Mirror Port Commands |
4-260 |
|
Table 4-64 Rate Limit Commands |
4-263 |
|
Table 4-65 Address Table Commands |
4-264 |
|
Table 4-66 Spanning Tree Commands |
4-268 |
|
Table 4-69 Default STA Path Costs |
4-280 |
xxviii
|
|
Tables |
Table 4-70 |
VLAN Command Groups |
4-293 |
Table 4-71 |
GVRP and Bridge Extension Commands |
4-294 |
Table 4-72 |
Editing VLAN Groups |
4-298 |
Table 4-73 |
Configuring VLAN Interfaces |
4-300 |
Table 4-74 |
Show VLAN Commands |
4-307 |
Table 4-75 |
IEEE 802.1Q Tunneling Commands |
4-308 |
Table 4-76 |
Traffic Segmentation Commands |
4-312 |
Table 4-77 |
Traffic Segmentation Forwarding |
4-313 |
Table 4-78 |
Private VLAN Commands |
4-316 |
Table 4-79 |
Protocol-based VLAN Commands |
4-321 |
Table 4-80 |
IP Subnet VLAN Commands |
4-324 |
Table 4-81 |
IP Subnet VLAN Commands |
4-326 |
Table 4-82 |
Voice VLAN Commands |
4-328 |
Table 4-83 |
LLDP Commands |
4-335 |
Table 4-84 |
Priority Commands |
4-357 |
Table 4-85 |
Priority Commands (Layer 2) |
4-357 |
Table 4-86 |
Default CoS Values to Egress Queues |
4-359 |
Table 4-87 |
Priority Commands (Layer 3 and 4) |
4-362 |
Table 4-88 |
IP DSCP to CoS Vales |
4-363 |
Table 4-89 |
Quality of Service Commands |
4-365 |
Table 4-90 |
Multicast Filtering Commands |
4-374 |
Table 4-91 |
IGMP Snooping Commands |
4-374 |
Table 4-92 |
IGMP Query Commands (Layer 2) |
4-379 |
Table 4-93 |
Static Multicast Routing Commands |
4-383 |
Table 4-94 |
IGMP Filtering and Throttling Commands |
4-385 |
Table 4-95 |
Multicast VLAN Registration Commands |
4-391 |
Table 4-96 |
show mvr - display description |
4-397 |
Table 4-97 |
show mvr interface - display description |
4-397 |
Table 4-98 |
show mvr members - display description |
4-398 |
Table 4-100 |
DNS Commands |
4-399 |
Table 4-99 |
show mvr receiver members - display description |
4-399 |
Table 4-101 |
show dns cache - display description |
4-405 |
Table 4-102 |
IP Interface Commands |
4-406 |
Table B-1 |
Troubleshooting Chart |
B-1 |
xxix
Tables
xxx