MS453490M
10 Port Fast Ethernet Switch
Management Guide
MICROSENS GmbH & Co. KG - Kueferstraße 16 - 59067 Hamm / Germany - Tel. +49 23 81/94 52-0 - FAX -100 - www.microsens.com
M
ANAGEMENT
G
UIDE
MS453490M 10 PORT FAST ETHERNET SWITCH
Layer 2 Switch
with 8 10/100BASE-TX (RJ-45) Ports,
and 2 Gigabit Combination Ports (RJ-45/SFP)
MS453490M
E072010-CS-R01
149xxxxxxxxxx
ABOUT THIS GUIDE
PURPOSE This guide gives specific information on how to operate and use the
management functions of the switch.
AUDIENCE The guide is intended for use by network administrators who are
responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).
CONVENTIONS The following conventions are used throughout this guide to show
information:
N
OTE
:
Emphasizes important information or calls your attention to related
features or instructions.
C
AUTION
damage the system or equipment.
W
ARNING
:
Alerts you to a potential hazard that could cause loss of data, or
:
Alerts you to a potential hazard that could cause personal injury.
RELATED PUBLICATIONS The following publication details the hardware features of the switch,
including the physical and performance-related characteristics, and how to
install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.
REVISION HISTORY This section summarizes the changes in each revision of this guide.
JULY 2010 REVISION
This is the first version of this guide. This guide is valid for software release
v1.1.2.0.
– 3 –
A
BOUT THIS GUIDE
– 4 –
CONTENTS
ABOUT THIS GUIDE 3
ONTENTS 5
C
IGURES 31
F
ABLES 41
T
SECTION I GETTING STARTED 47
1INTRODUCTION 49
Key Features 49
Description of Software Features 50
Configuration Backup and Restore 50
Authentication 50
Access Control Lists 51
Port Configuration 51
Port Mirroring 51
Port Trunking 51
Rate Limiting 51
Storm Control 51
Static Addresses 51
IEEE 802.1D Bridge 52
Store-and-Forward Switching 52
Spanning Tree Algorithm 52
Virtual LANs 53
IEEE 802.1Q Tunneling (QinQ) 53
Traffic Prioritization 53
Quality of Service 54
Multicast Filtering 54
System Defaults 54
2INITIAL SWITCH CONFIGURATION 57
Connecting to the Switch 57
– 5 –
C
ONTENTS
Configuration Options 57
Required Connections 58
Remote Connections 59
Basic Configuration 60
Console Connection 60
Setting Passwords 60
Setting an IP Address 61
Enabling SNMP Management Access 66
Managing System Files 68
Saving or Restoring Configuration Settings 69
SECTION II WEB CONFIGURATION 71
3USING THE WEB INTERFACE 73
Connecting to the Web Interface 73
Navigating the Web Browser Interface 74
Home Page 74
Configuration Options 75
Panel Display 75
Main Menu 76
4BASIC MANAGEMENT TASKS 89
Displaying System Information 89
Displaying Hardware/Software Versions 90
Configuring Support for Jumbo Frames 92
Displaying Bridge Extension Capabilities 93
Managing System Files 94
Copying Files via FTP/TFTP or HTTP 94
Saving the Running Configuration to a Local File 96
Setting The Start-Up File 97
Showing System Files 98
Automatic Operation Code Upgrade 99
Setting the System Clock 103
Setting the Time Manually 103
Configuring SNTP 104
Specifying SNTP Time Servers 105
Setting the Time Zone 106
– 6 –
C
ONTENTS
Console Port Settings 107
Telnet Settings 109
Displaying CPU Utilization 110
Displaying Memory Utilization 111
Resetting the System 112
5INTERFACE CONFIGURATION 117
Port Configuration 117
Configuring by Port List 117
Configuring by Port Range 120
Displaying Connection Status 120
Configuring Local Port Mirroring 122
Configuring Remote Port Mirroring 124
Showing Port or Trunk Statistics 128
Performing Cable Diagnostics 132
Trunk Configuration 133
Configuring a Static Trunk 134
Configuring a Dynamic Trunk 137
Displaying LACP Port Counters 143
Displaying LACP Settings and Status for the Local Side 144
Displaying LACP Settings and Status for the Remote Side 146
Saving Power 148
Traffic Segmentation 150
Enabling Traffic Segmentation 150
Configuring Uplink and Downlink Ports 151
VLAN Trunking 152
6 VLAN CONFIGURATION 155
IEEE 802.1Q VLANs 155
Configuring VLAN Groups 158
Adding Static Members to VLANs 160
Configuring Dynamic VLAN Registration 165
IEEE 802.1Q Tunneling 168
Enabling QinQ Tunneling on the Switch 172
Adding an Interface to a QinQ Tunnel 173
Protocol VLANs 174
Configuring Protocol VLAN Groups 175
Mapping Protocol Groups to Interfaces 177
– 7 –
C
ONTENTS
Configuring IP Subnet VLANs 179
Configuring MAC-based VLANs 181
Configuring VLAN Mirroring 183
7ADDRESS TABLE SETTINGS 185
Configuring MAC Address Learning 185
Setting Static Addresses 187
Changing the Aging Time 188
Displaying the Dynamic Address Table 189
Clearing the Dynamic Address Table 190
Configuring MAC Address Mirroring 191
8SPANNING TREE ALGORITHM 193
Overview 193
Configuring Loopback Detection 196
Configuring Global Settings for STA 197
Displaying Global Settings for STA 202
Configuring Interface Settings for STA 203
Displaying Interface Settings for STA 207
Configuring Multiple Spanning Trees 209
Configuring Interface Settings for MSTP 213
9RATE LIMIT CONFIGURATION 217
TORM CONTROL CONFIGURATION 219
10 S
LASS OF SERVICE 221
11 C
Layer 2 Queue Settings 221
Setting the Default Priority for Interfaces 221
Selecting the Queue Mode 222
Mapping CoS Values to Egress Queues 225
Layer 3/4 Priority Settings 228
Setting Priority Processing to DSCP or CoS 228
Mapping Ingress DSCP Values to Internal DSCP Values 229
Mapping CoS Priorities to Internal DSCP Values 232
12 QUALITY OF SERVICE 235
Overview 235
Configuring a Class Map 236
Creating QoS Policies 239
Attaching a Policy Map to a Port 249
13 VOIP TRAFFIC CONFIGURATION 251
– 8 –
C
ONTENTS
Overview 251
Configuring VoIP Traffic 251
Configuring Telephony OUI 253
Configuring VoIP Traffic Ports 254
14 SECURITY MEASURES 257
AAA Authorization and Accounting 258
Configuring Local/Remote Logon Authentication 259
Configuring Remote Logon Authentication Servers 260
Configuring AAA Accounting 265
Configuring AAA Authorization 270
Configuring User Accounts 273
Web Authentication 274
Configuring Global Settings for Web Authentication 275
Configuring Interface Settings for Web Authentication 276
Network Access (MAC Address Authentication) 277
Configuring Global Settings for Network Access 279
Configuring Network Access for Ports 280
Configuring Port Link Detection 282
Configuring a MAC Address Filter 283
Displaying Secure MAC Address Information 285
Configuring HTTPS 286
Configuring Global Settings for HTTPS 286
Replacing the Default Secure-site Certificate 288
Configuring the Secure Shell 289
Configuring the SSH Server 292
Generating the Host Key Pair 293
Importing User Public Keys 295
Access Control Lists 297
Setting A Time Range 298
Showing TCAM Utilizaiton 301
Setting the ACL Name and Type 302
Configuring a Standard IPv4 ACL 304
Configuring an Extended IPv4 ACL 305
Configuring a MAC ACL 308
Configuring an ARP ACL 310
Binding a Port to an Access Control List 312
– 9 –
C
ONTENTS
ARP Inspection 313
Configuring Global Settings for ARP Inspection 314
Configuring VLAN Settings for ARP Inspection 316
Configuring Interface Settings for ARP Inspection 318
Displaying ARP Inspection Statistics 319
Displaying the ARP Inspection Log 320
Filtering IP Addresses for Management Access 321
Configuring Port Security 323
Configuring 802.1X Port Authentication 325
Configuring 802.1X Global Settings 326
Configuring Port Authenticator Settings for 802.1X 328
Configuring Port Supplicant Settings for 802.1X 332
Displaying 802.1X Statistics 334
IP Source Guard 337
Configuring Ports for IP Source Guard 337
Configuring Static Bindings for IP Source Guard 339
Displaying Information for Dynamic IP Source Guard Bindings 341
DHCP Snooping 342
DHCP Snooping Configuration 345
DHCP Snooping VLAN Configuration 346
Configuring Ports for DHCP Snooping 347
Displaying DHCP Snooping Binding Information 348
15 BASIC ADMINISTRATION PROTOCOLS 351
Configuring Event Logging 351
System Log Configuration 351
Remote Log Configuration 353
Sending Simple Mail Transfer Protocol Alerts 355
Link Layer Discovery Protocol 356
Setting LLDP Timing Attributes 356
Configuring LLDP Interface Attributes 358
Displaying LLDP Local Device Information 361
Displaying LLDP Remote Port Information 363
Displaying Device Statistics 368
Simple Network Management Protocol 369
Configuring Global Settings for SNMP 372
Setting the Local Engine ID 373
– 10 –
C
ONTENTS
Specifying a Remote Engine ID 374
Setting SNMPv3 Views 375
Configuring SNMPv3 Groups 378
Setting Community Access Strings 382
Configuring Local SNMPv3 Users 384
Configuring Remote SNMPv3 Users 386
Specifying Trap Managers 389
Remote Monitoring 393
Configuring RMON Alarms 394
Configuring RMON Events 397
Configuring RMON History Samples 399
Configuring RMON Statistical Samples 402
Switch Clustering 405
Configuring General Settings for Clusters 405
Cluster Member Configuration 407
Managing Cluster Members 408
16 IP CONFIGURATION 411
Using the Ping Function 411
Setting the Switch’s IP Address (IP Version 4) 412
Setting the Switch’s IP Address (IP Version 6) 415
Configuring the IPv6 Default Gateway 415
Configuring IPv6 Interface Settings 416
Configuring an IPv6 Address 419
Showing IPv6 Addresses 422
Showing the IPv6 Neighbor Cache 423
Showing IPv6 Statistics 425
Showing the MTU for Responding Destinations 430
17 IP SERVICES 433
Configuring General DNS Service Parameters 433
Configuring a List of Domain Names 434
Configuring a List of Name Servers 436
Configuring Static DNS Host to Address Entries 437
Displaying the DNS Cache 439
18 MULTICAST FILTERING 441
Overview 441
Layer 2 IGMP (Snooping and Query) 442
– 11 –
C
ONTENTS
Configuring IGMP Snooping and Query Parameters 444
Specifying Static Interfaces for a Multicast Router 447
Assigning Interfaces to Multicast Services 449
Setting IGMP Snooping Status per Interface 451
Displaying Multicast Groups Discovered by IGMP Snooping 457
Filtering and Throttling IGMP Groups 458
Enabling IGMP Filtering and Throttling 459
Configuring IGMP Filter Profiles 459
Configuring IGMP Filtering and Throttling for Interfaces 462
Multicast VLAN Registration 463
Configuring Global MVR Settings 465
Configuring MVR Interface Status 466
Assigning Static Multicast Groups to Interfaces 468
Displaying MVR Receiver Groups 470
SECTION III COMMAND LINE INTERFACE 471
19 USING THE COMMAND LINE INTERFACE 473
Accessing the CLI 473
Console Connection 473
Telnet Connection 474
Entering Commands 475
Keywords and Arguments 475
Minimum Abbreviation 475
Getting Help on Commands 476
Partial Keyword Lookup 477
Negating the Effect of Commands 477
Using Command History 477
Understanding Command Modes 478
Exec Commands 478
Configuration Commands 479
Command Line Processing 481
CLI Command Groups 482
20 GENERAL COMMANDS 485
prompt 485
reload (Global Configuration) 486
– 12 –
C
ONTENTS
enable 487
quit 488
show history 488
configure 489
disable 490
reload (Privileged Exec) 490
show reload 491
end 491
exit 491
21 SYSTEM MANAGEMENT COMMANDS 493
Device Designation 493
hostname 494
Banner Information 494
banner configure 495
banner configure company 496
banner configure dc-power-info 497
banner configure department 497
banner configure equipment-info 498
banner configure equipment-location 499
banner configure ip-lan 499
banner configure lp-number 500
banner configure manager-info 501
banner configure mux 501
banner configure note 502
show banner 503
System Status 503
show access-list tcam-utilization 504
show memory 504
show process cpu 504
show running-config 505
show startup-config 506
show system 507
show users 507
show version 508
Frame Size 509
jumbo frame 509
– 13 –
C
ONTENTS
File Management 510
boot system 511
copy 512
delete 515
dir 515
whichboot 516
upgrade opcode auto 517
upgrade opcode path 518
Line 520
line 520
databits 521
exec-timeout 522
login 522
parity 523
password 524
password-thresh 525
silent-time 526
speed 526
stopbits 527
timeout login response 527
disconnect 528
show line 529
Event Logging 529
logging facility 530
logging history 531
logging host 532
logging on 532
logging trap 533
clear log 533
show log 534
show logging 535
SMTP Alerts 536
logging sendmail 537
logging sendmail host 537
logging sendmail level 538
logging sendmail destination-email 538
– 14 –
C
ONTENTS
logging sendmail source-email 539
show logging sendmail 539
Time 540
sntp client 540
sntp poll 541
sntp server 542
show sntp 542
clock timezone 543
calendar set 544
show calendar 544
Time Range 545
time-range 545
absolute 546
periodic 546
show time-range 547
Switch Clustering 548
cluster 549
cluster commander 549
cluster ip-pool 550
cluster member 551
rcommand 551
show cluster 552
show cluster members 552
show cluster candidates 553
22 SNMP COMMANDS 555
snmp-server 556
snmp-server community 557
snmp-server contact 557
snmp-server location 558
show snmp 558
snmp-server enable traps 559
snmp-server host 560
snmp-server engine-id 563
snmp-server group 564
snmp-server user 565
snmp-server view 566
– 15 –
C
ONTENTS
show snmp engine-id 567
show snmp group 568
show snmp user 569
show snmp view 570
nlm 570
snmp-server notify-filter 571
show nlm oper-status 572
show snmp notify-filter 573
23 REMOTE MONITORING COMMANDS 575
rmon alarm 576
rmon event 577
rmon collection history 578
rmon collection stats 579
show rmon alarm 580
show rmon event 580
show rmon history 580
show rmon statistics 581
24 AUTHENTICATION COMMANDS 583
User Accounts 583
enable password 584
username 585
Authentication Sequence 586
authentication enable 586
authentication login 587
RADIUS Client 588
radius-server acct-port 588
radius-server auth-port 589
radius-server host 589
radius-server key 590
radius-server retransmit 590
radius-server timeout 591
show radius-server 591
TACACS+ Client 592
tacacs-server 592
tacacs-server host 593
tacacs-server key 593
– 16 –
C
ONTENTS
tacacs-server port 594
show tacacs-server 594
AAA 595
aaa accounting commands 595
aaa accounting dot1x 596
aaa accounting exec 597
aaa accounting update 598
aaa authorization exec 599
aaa group server 600
server 600
accounting dot1x 601
accounting exec 601
authorization exec 602
show accounting 602
Web Server 603
ip http port 604
ip http server 604
ip http secure-server 605
ip http secure-port 606
Telnet Server 607
ip telnet max-sessions 607
ip telnet port 608
ip telnet server 608
show ip telnet 609
Secure Shell 609
ip ssh authentication-retries 612
ip ssh server 612
ip ssh server-key size 613
ip ssh timeout 614
delete public-key 614
ip ssh crypto host-key generate 615
ip ssh crypto zeroize 616
ip ssh save host-key 616
show ip ssh 617
show public-key 617
show ssh 618
– 17 –
C
ONTENTS
802.1X Port Authentication 619
dot1x default 620
dot1x eapol-pass-through 620
dot1x system-auth-control 621
dot1x intrusion-action 621
dot1x max-req 622
dot1x operation-mode 622
dot1x port-control 623
dot1x re-authentication 624
dot1x timeout quiet-period 624
dot1x timeout re-authperiod 625
dot1x timeout supp-timeout 625
dot1x timeout tx-period 626
dot1x re-authenticate 626
dot1x identity profile 627
dot1x max-start 628
dot1x pae supplicant 628
dot1x timeout auth-period 629
dot1x timeout held-period 629
dot1x timeout start-period 630
show dot1x 630
Management IP Filter 633
management 633
show management 634
25 GENERAL SECURITY MEASURES 637
Port Security 638
mac-learning 638
port security 639
Network Access (MAC Address Authentication) 641
network-access aging 642
network-access mac-filter 642
mac-authentication reauth-time 643
network-access dynamic-qos 644
network-access dynamic-vlan 645
network-access guest-vlan 645
network-access link-detection 646
– 18 –
C
ONTENTS
network-access link-detection link-down 647
network-access link-detection link-up 647
network-access link-detection link-up-down 648
network-access max-mac-count 648
network-access mode mac-authentication 649
network-access port-mac-filter 650
mac-authentication intrusion-action 651
mac-authentication max-mac-count 651
show network-access 652
show network-access mac-address-table 653
show network-access mac-filter 654
Web Authentication 654
web-auth login-attempts 655
web-auth quiet-period 656
web-auth session-timeout 656
web-auth system-auth-control 657
web-auth 657
web-auth re-authenticate (Port) 658
web-auth re-authenticate (IP) 658
show web-auth 659
show web-auth interface 659
show web-auth summary 660
DHCP Snooping 660
ip dhcp snooping 661
ip dhcp snooping database flash 663
ip dhcp snooping information option 663
ip dhcp snooping information policy 664
ip dhcp snooping verify mac-address 665
ip dhcp snooping vlan 665
ip dhcp snooping trust 666
clear ip dhcp snooping database flash 667
show ip dhcp snooping 668
show ip dhcp snooping binding 668
IP Source Guard 669
ip source-guard binding 669
ip source-guard 670
– 19 –
C
ONTENTS
show ip source-guard 672
show ip source-guard binding 672
ARP Inspection 673
ip arp inspection 674
ip arp inspection filter 675
ip arp inspection log-buffer logs 676
ip arp inspection validate 677
ip arp inspection vlan 677
ip arp inspection limit 678
ip arp inspection trust 679
show ip arp inspection configuration 680
show ip arp inspection interface 680
show ip arp inspection log 681
show ip arp inspection statistics 681
show ip arp inspection vlan 681
26 ACCESS CONTROL LISTS 683
IPv4 ACLs 683
access-list ip 684
permit, deny (Standard IP ACL) 685
permit, deny (Extended IPv4 ACL) 686
ip access-group 688
show ip access-group 689
show ip access-list 689
MAC ACLs 690
access-list mac 690
permit, deny
(MAC ACL) 691
mac access-group 693
show mac access-group 694
show mac access-list 694
ARP ACLs 695
access-list arp 695
permit, deny (ARP ACL) 696
show arp access-list 697
ACL Information 698
show access-group 698
show access-list 698
– 20 –
C
ONTENTS
27 INTERFACE COMMANDS 699
interface 700
alias 700
capabilities 701
description 702
flowcontrol 703
media-type 704
negotiation 704
shutdown 705
speed-duplex 706
switchport packet-rate 707
clear counters 708
show interfaces brief 708
show interfaces counters 709
show interfaces status 710
show interfaces switchport 711
test cable-diagnostics 713
show cable-diagnostics 714
power-save 714
show power-save 715
28 LINK AGGREGATION COMMANDS 717
channel-group 718
lacp 719
lacp admin-key (Ethernet Interface) 720
lacp port-priority 721
lacp system-priority 722
lacp admin-key (Port Channel) 722
show lacp 723
29 PORT MIRRORING COMMANDS 727
Local Port Mirroring Commands 727
port monitor 727
show port monitor 729
RSPAN Mirroring Commands 729
rspan source 731
rspan destination 732
rspan remote vlan 733
– 21 –
C
ONTENTS
no rspan session 734
show rspan 735
30 RATE LIMIT COMMANDS 737
rate-limit 737
31 AUTOMATIC TRAFFIC CONTROL COMMANDS 739
auto-traffic-control apply-timer 741
auto-traffic-control release-timer 742
auto-traffic-control 743
auto-traffic-control action 744
auto-traffic-control alarm-clear-threshold 745
auto-traffic-control alarm-fire-threshold 746
auto-traffic-control control-release 746
auto-traffic-control auto-control-release 747
snmp-server enable port-traps atc broadcast-alarm-clear 747
snmp-server enable port-traps atc broadcast-alarm-fire 748
snmp-server enable port-traps atc broadcast-control-apply 748
snmp-server enable port-traps atc broadcast-control-release 749
snmp-server enable port-traps atc multicast-alarm-clear 749
snmp-server enable port-traps atc multicast-alarm-fire 750
snmp-server enable port-traps atc multicast-control-apply 750
snmp-server enable port-traps atc multicast-control-release 751
show auto-traffic-control 751
show auto-traffic-control interface 752
32 ADDRESS TABLE COMMANDS 753
mac-address-table aging-time 753
mac-address-table static 754
clear mac-address-table dynamic 755
show mac-address-table 755
show mac-address-table aging-time 756
33 SPANNING TREE COMMANDS 757
spanning-tree 758
spanning-tree forward-time 759
spanning-tree hello-time 759
spanning-tree max-age 760
spanning-tree mode 761
spanning-tree pathcost method 762
– 22 –
C
ONTENTS
spanning-tree priority 763
spanning-tree mst configuration 763
spanning-tree transmission-limit 764
max-hops 764
mst priority 765
mst vlan 766
name 766
revision 767
spanning-tree bpdu-filter 768
spanning-tree bpdu-guard 768
spanning-tree cost 769
spanning-tree edge-port 770
spanning-tree link-type 771
spanning-tree loopback-detection 772
spanning-tree loopback-detection release-mode 772
spanning-tree loopback-detection trap 773
spanning-tree mst cost 774
spanning-tree mst port-priority 775
spanning-tree port-priority 775
spanning-tree root-guard 776
spanning-tree spanning-disabled 777
spanning-tree loopback-detection release 777
spanning-tree protocol-migration 778
show spanning-tree 779
show spanning-tree mst configuration 780
34 VLAN COMMANDS 781
GVRP and Bridge Extension Commands 782
bridge-ext gvrp 782
garp timer 783
switchport forbidden vlan 784
switchport gvrp 784
show bridge-ext 785
show garp timer 785
show gvrp configuration 786
Editing VLAN Groups 786
vlan database 787
– 23 –
C
ONTENTS
vlan 787
Configuring VLAN Interfaces 788
interface vlan 789
switchport acceptable-frame-types 789
switchport allowed vlan 790
switchport ingress-filtering 791
switchport mode 792
switchport native vlan 793
vlan-trunking 793
Displaying VLAN Information 795
show vlan 795
Configuring IEEE 802.1Q Tunneling 796
dot1q-tunnel system-tunnel-control 797
switchport dot1q-tunnel mode 798
switchport dot1q-tunnel tpid 799
show dot1q-tunnel 799
Configuring Port-based Traffic Segmentation 800
traffic-segmentation 800
show traffic-segmentation 801
Configuring Protocol-based VLANs 802
protocol-vlan protocol-group (Configuring Groups) 803
protocol-vlan protocol-group (Configuring Interfaces) 803
show protocol-vlan protocol-group 804
show interfaces protocol-vlan protocol-group 805
Configuring IP Subnet VLANs 806
subnet-vlan 806
show subnet-vlan 807
Configuring MAC Based VLANs 808
mac-vlan 808
show mac-vlan 809
Configuring Voice VLANs 809
voice vlan 810
voice vlan aging 811
voice vlan mac-address 811
switchport voice vlan 812
switchport voice vlan priority 813
– 24 –
C
ONTENTS
switchport voice vlan rule 813
switchport voice vlan security 814
show voice vlan 815
35 CLASS OF SERVICE COMMANDS 817
Priority Commands (Layer 2) 817
queue mode 818
queue weight 819
switchport priority default 820
show queue mode 821
show queue weight 821
Priority Commands (Layer 3 and 4) 822
qos map cos-dscp 822
qos map dscp-mutation 824
qos map phb-queue 825
qos map trust-mode 826
show qos map dscp-mutation 827
show qos map phb-queue 827
show qos map cos-dscp 828
show qos map trust-mode 829
36 QUALITY OF SERVICE COMMANDS 831
class-map 832
description 833
match 834
rename 835
policy-map 835
class 836
police flow 837
police srtcm-color 839
police trtcm-color 841
set cos 843
set phb 844
service-policy 845
show class-map 846
show policy-map 846
show policy-map interface 847
37 MULTICAST FILTERING COMMANDS 849
– 25 –
C
ONTENTS
IGMP Snooping 849
ip igmp snooping 850
ip igmp snooping proxy-reporting 851
ip igmp snooping querier 852
ip igmp snooping router-alert-option-check 852
ip igmp snooping router-port-expire-time 853
ip igmp snooping tcn-flood 854
ip igmp snooping tcn-query-solicit 855
ip igmp snooping unregistered-data-flood 855
ip igmp snooping unsolicited-report-interval 856
ip igmp snooping version 857
ip igmp snooping version-exclusive 857
ip igmp snooping vlan general-query-suppression 858
ip igmp snooping vlan immediate-leave 859
ip igmp snooping vlan last-memb-query-count 860
ip igmp snooping vlan last-memb-query-intvl 860
ip igmp snooping vlan mrd 861
ip igmp snooping vlan proxy-address 862
ip igmp snooping vlan proxy-query-interval 863
ip igmp snooping vlan proxy-query-resp-intvl 864
ip igmp snooping vlan static 864
show ip igmp snooping 865
show ip igmp snooping group 866
Static Multicast Routing 867
ip igmp snooping vlan mrouter 867
show ip igmp snooping mrouter 868
IGMP Filtering and Throttling 868
ip igmp filter (Global Configuration) 869
ip igmp profile 870
permit, deny 870
range 871
ip igmp filter (Interface Configuration) 871
ip igmp max-groups 872
ip igmp max-groups action 873
show ip igmp filter 873
show ip igmp profile 874
– 26 –
C
ONTENTS
show ip igmp throttle interface 874
Multicast VLAN Registration 875
mvr 876
mvr immediate-leave 877
mvr type 878
mvr vlan group 879
show mvr 880
38 LLDP COMMANDS 883
lldp 884
lldp holdtime-multiplier 884
lldp notification-interval 885
lldp refresh-interval 886
lldp reinit-delay 886
lldp tx-delay 887
lldp admin-status 887
lldp basic-tlv management-ip-address 888
lldp basic-tlv port-description 889
lldp basic-tlv system-capabilities 889
lldp basic-tlv system-description 890
lldp basic-tlv system-name 890
lldp dot1-tlv proto-ident 891
lldp dot1-tlv proto-vid 891
lldp dot1-tlv pvid 892
lldp dot1-tlv vlan-name 892
lldp dot3-tlv link-agg 893
lldp dot3-tlv mac-phy 893
lldp dot3-tlv max-frame 894
lldp notification 894
show lldp config 895
show lldp info local-device 896
show lldp info remote-device 897
show lldp info statistics 898
39 DOMAIN NAME SERVICE COMMANDS 901
ip domain-list 901
ip domain-lookup 902
ip domain-name 903
– 27 –
C
ONTENTS
ip host 904
ip name-server 905
ipv6 host 906
clear dns cache 906
clear host 907
show dns 907
show dns cache 908
show hosts 908
40 DHCP COMMANDS 911
DHCP Client 911
ip dhcp client class-id 912
ip dhcp restart client 912
ipv6 dhcp restart client vlan 913
show ipv6 dhcp duid 914
show ipv6 dhcp vlan 915
41 IP INTERFACE COMMANDS 917
IPv4 Interface 917
Basic IPv4 Configuration 918
ip address 918
ip default-gateway 919
show ip default-gateway 920
show ip interface 920
traceroute 920
ping 921
ARP Configuration 923
arp timeout 923
clear arp-cache 924
show arp 924
IPv6 Interface 925
ipv6 default-gateway 926
ipv6 address 927
ipv6 address autoconfig 928
ipv6 address eui-64 929
ipv6 address link-local 931
ipv6 enable 932
ipv6 mtu 933
– 28 –
C
ONTENTS
show ipv6 default-gateway 934
show ipv6 interface 935
show ipv6 mtu 936
show ipv6 traffic 937
clear ipv6 traffic 941
ping6 942
ipv6 nd dad attempts 943
ipv6 nd ns-interval 944
ipv6 nd reachable-time 945
clear ipv6 neighbors 946
show ipv6 neighbors 946
SECTION IV APPENDICES 949
ASOFTWARE SPECIFICATIONS 951
Software Features 951
Management Features 952
Standards 953
Management Information Bases 953
BTROUBLESHOOTING 955
Problems Accessing the Management Interface 955
Using System Logs 956
CLICENSE INFORMATION 957
The GNU General Public License 957
GLOSSARY 961
OMMAND LIST 969
C
NDEX 975
I
– 29 –
C
ONTENTS
– 30 –
FIGURES
Figure 1: Home Page 74
Figure 2: Front Panel Indicators 75
Figure 3: System Information 90
Figure 4: General Switch Information 91
Figure 5: Configuring Support for Jumbo Frames 92
Figure 6: Displaying Bridge Extension Configuration 94
Figure 7: Copy Firmware 96
Figure 8: Saving the Running Configuration 97
Figure 9: Setting Start-Up Files 98
Figure 10: Displaying System Files 99
Figure 11: Configuring Automatic Code Upgrade 102
Figure 12: Manually Setting the System Clock 104
Figure 13: Setting the Polling Interval for SNTP 105
Figure 14: Specifying SNTP Time Servers 106
Figure 15: Setting the Time Zone 107
Figure 16: Console Port Settings 108
Figure 17: Telnet Connection Settings 110
Figure 18: Displaying CPU Utilization 111
Figure 19: Displaying Memory Utilization 111
Figure 20: Restarting the Switch (Immediately) 113
Figure 21: Restarting the Switch (In) 114
Figure 22: Restarting the Switch (At) 114
Figure 23: Restarting the Switch (Regularly) 115
Figure 24: Configuring Connections by Port List 119
Figure 25: Configuring Connections by Port Range 120
Figure 26: Displaying Port Information 121
Figure 27: Configuring Local Port Mirroring 122
Figure 28: Configuring Local Port Mirroring 123
Figure 29: Displaying Local Port Mirror Sessions 123
Figure 30: Configuring Remote Port Mirroring 124
Figure 31: Configuring Remote Port Mirroring (Source) 127
– 31 –
F
IGURES
Figure 32: Configuring Remote Port Mirroring (Intermediate) 127
Figure 33: Configuring Remote Port Mirroring (Destination) 128
Figure 34: Showing Port Statistics (Table) 131
Figure 35: Showing Port Statistics (Chart) 131
Figure 36: Performing Cable Tests 133
Figure 37: Configuring Static Trunks 134
Figure 38: Creating Static Trunks 135
Figure 39: Adding Static Trunks Members 136
Figure 40: Configuring Connection Parameters for a Static Trunk 136
Figure 41: Showing Information for Static Trunks 137
Figure 42: Configuring Dynamic Trunks 137
Figure 43: Configuring the LACP Aggregator Admin Key 139
Figure 44: Enabling LACP on a Port 140
Figure 45: Configuring LACP Parameters on a Port 141
Figure 46: Showing Members of a Dynamic Trunk 141
Figure 47: Configuring Connection Settings for Dynamic Trunks 142
Figure 48: Displaying Connection Parameters for Dynamic Trunks 142
Figure 49: Displaying LACP Port Counters 144
Figure 50: Displaying LACP Port Internal Information 146
Figure 51: Displaying LACP Port Remote Information 147
Figure 52: Enabling Power Savings 149
Figure 53: Enabling Traffic Segmentation 150
Figure 54: Configuring Members for Traffic Segmentation 151
Figure 55: Configuring VLAN Trunking 152
Figure 56: Configuring VLAN Trunking 153
Figure 57: VLAN Compliant and VLAN Non-compliant Devices 156
Figure 58: Using GVRP 158
Figure 59: Creating Static VLANs 159
Figure 60: Modifying Settings for Static VLANs 160
Figure 61: Showing Static VLANs 160
Figure 62: Configuring Static Members by VLAN Index 163
Figure 63: Configuring Static VLAN Members by Interface 164
Figure 64: Configuring Static VLAN Members by Interface Range 165
Figure 65: Configuring Global Status of GVRP 166
Figure 66: Configuring GVRP for an Interface 167
Figure 67: Showing Dynamic VLANs Registered on the Switch 167
– 32 –
F
IGURES
Figure 68: Showing the Members of a Dynamic VLAN 168
Figure 69: QinQ Operational Concept 169
Figure 70: Enabling QinQ Tunneling 173
Figure 71: Adding an Interface to a QinQ Tunnel 174
Figure 72: Configuring Protocol VLANs 176
Figure 73: Displaying Protocol VLANs 176
Figure 74: Assigning Interfaces to Protocol VLANs 178
Figure 75: Showing the Interface to Protocol Group Mapping 178
Figure 76: Configuring IP Subnet VLANs 180
Figure 77: Showing IP Subnet VLANs 180
Figure 78: Configuring MAC-Based VLANs 182
Figure 79: Showing MAC-Based VLANs 182
Figure 80: Configuring VLAN Mirroring 184
Figure 81: Showing the VLANs to Mirror 184
Figure 82: Configuring MAC Address Learning 186
Figure 83: Configuring Static MAC Addresses 188
Figure 84: Displaying Static MAC Addresses 188
Figure 85: Setting the Address Aging Time 189
Figure 86: Displaying the Dynamic MAC Address Table 190
Figure 87: Clearing Entries in the Dynamic MAC Address Table 191
Figure 88: Mirroring Packets Based on the Source MAC Address 192
Figure 89: Showing the Source MAC Addresses to Mirror 192
Figure 90: STP Root Ports and Designated Ports 194
Figure 91: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 195
Figure 92: Common Internal Spanning Tree, Common Spanning Tree, Internal
Spanning Tree 195
Figure 93: Configuring Port Loopback Detection 197
Figure 94: Configuring Global Settings for STA (STP) 200
Figure 95: Configuring Global Settings for STA (RSTP) 201
Figure 96: Configuring Global Settings for STA (MSTP) 201
Figure 97: Displaying Global Settings for STA 203
Figure 98: Configuring Interface Settings for STA 206
Figure 99: STA Port Roles 208
Figure 100: Displaying Interface Settings for STA 209
Figure 101: Creating an MST Instance 211
Figure 102: Displaying STA Settings for an MST Instance 211
Figure 103: Adding a VLAN to an MST Instance 212
– 33 –
F
IGURES
Figure 104: Displaying Members of an MST Instance 212
Figure 105: Configuring MSTP Interface Settings 214
Figure 106: Displaying MSTP Interface Settings 215
Figure 107: Configuring Rate Limits 218
Figure 108: Configuring Broadcast Storm Control 220
Figure 109: Setting the Default Port Priority 222
Figure 110: Setting the Queue Mode (Strict) 224
Figure 111: Setting the Queue Mode (WRR) 224
Figure 112: Setting the Queue Mode (Strict and WRR) 225
Figure 113: Mapping CoS Values to Egress Queues 227
Figure 114: Showing CoS Values to Egress Queues 227
Figure 115: Setting the Trust Mode 229
Figure 116: Configuring DSCP to DSCP Internal Mapping 231
Figure 117: Showing DSCP to DSCP Internal Mapping 231
Figure 118: Configuring CoS to DSCP Internal Mapping 233
Figure 119: Showing CoS to DSCP Internal Mapping 234
Figure 120: Configuring a Class Map 237
Figure 121: Showing Class Maps 238
Figure 122: Adding Rules to a Class Map 238
Figure 123: Showing the Rules for a Class Map 239
Figure 124: Configuring a Policy Map 247
Figure 125: Showing Policy Maps 247
Figure 126: Adding Rules to a Policy Map 248
Figure 127: Showing the Rules for a Policy Map 249
Figure 128: Attaching a Policy Map to a Port 250
Figure 129: Configuring a Voice VLAN 252
Figure 130: Configuring an OUI Telephony List 254
Figure 131: Showing an OUI Telephony List 254
Figure 132: Configuring Port Settings for a Voice VLAN 256
Figure 133: Configuring the Authentication Sequence 260
Figure 134: Authentication Server Operation 260
Figure 135: Configuring Remote Authentication Server (RADIUS) 263
Figure 136: Configuring Remote Authentication Server (TACACS+) 263
Figure 137: Configuring AAA Server Groups 264
Figure 138: Showing AAA Server Groups 265
Figure 139: Configuring Global Settings for AAA Accounting 267
– 34 –
F
IGURES
Figure 140: Configuring AAA Accounting Methods 267
Figure 141: Showing AAA Accounting Methods 268
Figure 142: Configuring AAA Accounting Service for 802.1X Service 268
Figure 143: Configuring AAA Accounting Service for Exec Service 269
Figure 144: Displaying a Summary of Applied AAA Accounting Methods 269
Figure 145: Displaying Statistics for AAA Accounting Sessions 269
Figure 146: Configuring AAA Authorization Methods 271
Figure 147: Showing AAA Authorization Methods 271
Figure 148: Configuring AAA Authorization Methods for Exec Service 272
Figure 149: Displaying the Applied AAA Authorization Method 272
Figure 150: Configuring User Accounts 274
Figure 151: Showing User Accounts 274
Figure 152: Configuring Global Settings for Web Authentication 276
Figure 153: Configuring Interface Settings for Web Authentication 277
Figure 154: Configuring Global Settings for Network Access 280
Figure 155: Configuring Interface Settings for Network Access 282
Figure 156: Configuring Link Detection for Network Access 283
Figure 157: Configuring a MAC Address Filter for Network Access 284
Figure 158: Showing the MAC Address Filter Table for Network Access 284
Figure 159: Showing Addresses Authenticated for Network Access 286
Figure 160: Configuring HTTPS 287
Figure 161: Downloading the Secure-Site Certificate 289
Figure 162: Configuring the SSH Server 293
Figure 163: Generating the SSH Host Key Pair 294
Figure 164: Showing the SSH Host Key Pair 295
Figure 165: Copying the SSH User’s Public Key 296
Figure 166: Showing the SSH User’s Public Key 297
Figure 167: Setting the Name of a Time Range 299
Figure 168: Showing a List of Time Ranges 299
Figure 169: Add a Rule to a Time Range 300
Figure 170: Showing the Rules Configured for a Time Range 300
Figure 171: Showing TCAM Utilization 302
Figure 172: Creating an ACL 303
Figure 173: Showing a List of ACLs 303
Figure 174: Configuring a Standard IPv4 ACL 305
Figure 175: Configuring an Extended IPv4 ACL 307
– 35 –
F
IGURES
Figure 176: Configuring a MAC ACL 309
Figure 177: Configuring a ARP ACL 311
Figure 178: Binding a Port to an ACL 313
Figure 179: Configuring Global Settings for ARP Inspection 316
Figure 180: Configuring VLAN Settings for ARP Inspection 318
Figure 181: Configuring Interface Settings for ARP Inspection 319
Figure 182: Displaying Statistics for ARP Inspection 320
Figure 183: Displaying the ARP Inspection Log 321
Figure 184: Creating an IP Address Filter for Management Access 322
Figure 185: Showing IP Addresses Authorized for Management Access 323
Figure 186: Configuring Port Security 325
Figure 187: Configuring Port Security 326
Figure 188: Configuring Global Settings for 802.1X Port Authentication 328
Figure 189: Configuring Interface Settings for 802.1X Port Authenticator 332
Figure 190: Configuring Interface Settings for 802.1X Port Supplicant 334
Figure 191: Showing Statistics for 802.1X Port Authenticator 336
Figure 192: Showing Statistics for 802.1X Port Supplicant 337
Figure 193: Setting the Filter Type for IP Source Guard 339
Figure 194: Configuring Static Bindings for IP Source Guard 340
Figure 195: Displaying Static Bindings for IP Source Guard 341
Figure 196: Showing the IP Source Guard Binding Table 342
Figure 197: Configuring Global Settings for DHCP Snooping 346
Figure 198: Configuring DHCP Snooping on a VLAN 347
Figure 199: Configuring the Port Mode for DHCP Snooping 348
Figure 200: Displaying the Binding Table for DHCP Snooping 349
Figure 201: Configuring Settings for System Memory Logs 353
Figure 202: Showing Error Messages Looged to System Memory 353
Figure 203: Configuring Settings for Remote Logging of Error Messages 354
Figure 204: Configuring SMTP Alert Messages 356
Figure 205: Configuring LLDP Timing Attributes 358
Figure 206: Configuring LLDP Interface Attributes 361
Figure 207: Displaying Local Device Information for LLDP (General) 363
Figure 208: Displaying Local Device Information for LLDP (Port) 363
Figure 209: Displaying Remote Device Information for LLDP (Port) 367
Figure 210: Displaying Remote Device Information for LLDP (Port Details) 367
Figure 211: Displaying LLDP Device Statistics (General) 369
– 36 –
F
IGURES
Figure 212: Displaying LLDP Device Statistics (Port) 369
Figure 213: Configuring Global Settings for SNMP 372
Figure 214: Configuring the Local Engine ID for SNMP 373
Figure 215: Configuring a Remote Engine ID for SNMP 375
Figure 216: Showing Remote Engine IDs for SNMP 375
Figure 217: Creating an SNMP View 376
Figure 218: Showing SNMP Views 377
Figure 219: Adding an OID Subtree to an SNMP View 377
Figure 220: Showing the OID Subtree Configured for SNMP Views 378
Figure 221: Creating an SNMP Group 381
Figure 222: Showing SNMP Groups 382
Figure 223: Setting Community Access Strings 383
Figure 224: Showing Community Access Strings 383
Figure 225: Configuring Local SNMPv3 Users 385
Figure 226: Showing Local SNMPv3 Users 386
Figure 227: Configuring Remote SNMPv3 Users 388
Figure 228: Showing Remote SNMPv3 Users 388
Figure 229: Configuring Trap Managers (SNMPv1) 392
Figure 230: Configuring Trap Managers (SNMPv2c) 392
Figure 231: Configuring Trap Managers (SNMPv3) 393
Figure 232: Showing Trap Managers 393
Figure 233: Configuring an RMON Alarm 396
Figure 234: Showing Configured RMON Alarms 396
Figure 235: Configuring an RMON Event 398
Figure 236: Showing Configured RMON Events 399
Figure 237: Configuring an RMON History Sample 400
Figure 238: Showing Configured RMON History Samples 401
Figure 239: Showing Collected RMON History Samples 401
Figure 240: Configuring an RMON Statistical Sample 403
Figure 241: Showing Configured RMON Statistical Samples 404
Figure 242: Showing Collected RMON Statistical Samples 404
Figure 243: Configuring a Switch Cluster 406
Figure 244: Configuring a Cluster Members 407
Figure 245: Showing Cluster Members 408
Figure 246: Showing Cluster Candidates 408
Figure 247: Managing a Cluster Member 409
– 37 –
F
IGURES
Figure 248: Pnging a Network Device 412
Figure 249: Configuring a Static IPv4 Address 414
Figure 250: Configuring a Dynamic IPv4 Address 414
Figure 251: Configuring the IPv6 Default Gateway 416
Figure 252: Configuring General Settings for an IPv6 Interface 419
Figure 253: Configuring an IPv6 Address 422
Figure 254: Showing Configured IPv6 Addresses 423
Figure 255: Showing IPv6 Neighbors 424
Figure 256: Showing IPv6 Statistics (IPv6) 429
Figure 257: Showing IPv6 Statistics (ICMPv6) 429
Figure 258: Showing IPv6 Statistics (UDP) 430
Figure 259: Showing Reported MTU Values 431
Figure 260: Configuring General Settings for DNS 434
Figure 261: Configuring a List of Domain Names for DNS 435
Figure 262: Showing the List of Domain Names for DNS 435
Figure 263: Configuring a List of Name Servers for DNS 436
Figure 264: Showing the List of Name Servers for DNS 437
Figure 265: Configuring Static Entries in the DNS Table 438
Figure 266: Showing Static Entries in the DNS Table 438
Figure 267: Showing Entries in the DNS Cache 439
Figure 268: Multicast Filtering Concept 441
Figure 269: Configuring General Settings for IGMP Snooping 447
Figure 270: Configuring a Static Interface for a Multicast Router 448
Figure 271: Showing Static Interfaces Attached a Multicast Router 449
Figure 272: Showing Current Interfaces Attached a Multicast Router 449
Figure 273: Assigning an Interface to a Multicast Service 450
Figure 274: Showing Static Interfaces Assigned to a Multicast Service 451
Figure 275: Showing Current Interfaces Assigned to a Multicast Service 451
Figure 276: Configuring IGMP Snooping on an Interface 456
Figure 277: Showing Interface Settings for IGMP Snooping 457
Figure 278: Showing Multicast Groups Learned by IGMP Snooping 458
Figure 279: Enabling IGMP Filtering and Throttling 459
Figure 280: Creating an IGMP Filtering Profile 460
Figure 281: Showing the IGMP Filtering Profiles Created 461
Figure 282: Adding Multicast Groups to an IGMP Filtering Profile 461
Figure 283: Showing the Groups Assigned to an IGMP Filtering Profile 462
– 38 –
F
IGURES
Figure 284: Configuring IGMP Filtering and Throttling Interface Settings 463
Figure 285: MVR Concept 464
Figure 286: Configuring Global Settings for MVR 466
Figure 287: Configuring Interface Settings for MVR 468
Figure 288: Assigning Static MVR Groups to a Port 469
Figure 289: Showing the Static MVR Groups Assigned to a Port 469
Figure 290: Displaying MVR Receiver Groups 470
Figure 291: Storm Control by Limiting the Traffic Rate 740
Figure 292: Storm Control by Shutting Down a Port 741
Figure 293: Configuring VLAN Trunking 794
– 39 –
F
IGURES
– 40 –
TABLES
Table 1: Key Features 49
Table 2: System Defaults 54
Table 3: Web Page Configuration Buttons 75
Table 4: Switch Main Menu 76
Table 5: Port Statistics 128
Table 6: LACP Port Counters 143
Table 7: LACP Internal Configuration Information 144
Table 8: LACP Internal Configuration Information 146
Table 9: Recommended STA Path Cost Range 204
Table 10: Recommended STA Path Costs 204
Table 11: Default STA Path Costs 204
Table 12: IEEE 802.1p Egress Queue Priority Mapping 225
Table 13: CoS Priority Levels 225
Table 14: Mapping Internal Per-hop Behavior to Hardware Queues 226
Table 15: Default Mapping of DSCP Values to Internal PHB/Drop Values 230
Table 16: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 233
Table 17: Dynamic QoS Profiles 278
Table 18: HTTPS System Support 287
Table 19: ARP Inspection Statistics 319
Table 20: ARP Inspection Log 320
Table 21: 802.1X Statistics 334
Table 22: Logging Levels 352
Table 23: Chassis ID Subtype 361
Table 24: System Capabilities 362
Table 25: Port ID Subtype 364
Table 26: Remote Port Auto-Negotiation Advertised Capability 365
Table 27: SNMPv3 Security Models and Levels 370
Table 28: Supported Notification Messages 379
Table 29: Show IPv6 Neighbors - display description 423
Table 30: Show IPv6 Statistics - display description 425
Table 31: Show MTU - display description 430
– 41 –
T
ABLES
Table 32: General Command Modes 478
Table 33: Configuration Command Modes 480
Table 34: Keystroke Commands 481
Table 35: Command Group Index 482
Table 36: General Commands 485
Table 37: System Management Commands 493
Table 38: Device Designation Commands 493
Table 39: Banner Commands 494
Table 40: System Status Commands 503
Table 41: Frame Size Commands 509
Table 42: Flash/File Commands 510
Table 43: File Directory Information 516
Table 44: Line Commands 520
Table 45: Event Logging Commands 529
Table 46: Logging Levels 531
Table 47: show logging flash/ram - display description 535
Table 48: show logging trap - display description 536
Table 49: Event Logging Commands 536
Table 50: Time Commands 540
Table 51: Time Range Commands 545
Table 52: Switch Cluster Commands 548
Table 53: SNMP Commands 555
Table 54: show snmp engine-id - display description 567
Table 55: show snmp group - display description 569
Table 56: show snmp user - display description 569
Table 57: show snmp view - display description 570
Table 58: RMON Commands 575
Table 59: Authentication Commands 583
Table 60: User Access Commands 583
Table 61: Default Login Settings 585
Table 62: Authentication Sequence Commands 586
Table 63: RADIUS Client Commands 588
Table 64: TACACS+ Client Commands 592
Table 65: AAA Commands 595
Table 66: Web Server Commands 603
Table 67: HTTPS System Support 605
– 42 –
T
ABLES
Table 68: Telnet Server Commands 607
Table 69: Secure Shell Commands 609
Table 70: show ssh - display description 618
Table 71: 802.1X Port Authentication Commands 619
Table 72: Management IP Filter Commands 633
Table 73: General Security Commands 637
Table 74: Management IP Filter Commands 638
Table 75: Network Access Commands 641
Table 76: Dynamic QoS Profiles 644
Table 77: Web Authentication 654
Table 78: DHCP Snooping Commands 660
Table 79: IP Source Guard Commands 669
Table 80: ARP Inspection Commands 673
Table 81: Access Control List Commands 683
Table 82: IPv4 ACL Commands 683
Table 83: MAC ACL Commands 690
Table 84: ARP ACL Commands 695
Table 85: ACL Information Commands 698
Table 86: Interface Commands 699
Table 87: show interfaces switchport - display description 712
Table 88: Link Aggregation Commands 717
Table 89: show lacp counters - display description 724
Table 90: show lacp internal - display description 724
Table 91: show lacp neighbors - display description 725
Table 92: show lacp sysid - display description 726
Table 93: Port Mirroring Commands 727
Table 94: Mirror Port Commands 727
Table 95: RSPAN Commands 729
Table 96: Rate Limit Commands 737
Table 97: ATC Commands 739
Table 98: Address Table Commands 753
Table 99: Spanning Tree Commands 757
Table 100: Recommended STA Path Cost Range 769
Table 101: Recommended STA Path Cost 769
Table 102: Default STA Path Costs 770
Table 103: VLAN Commands 781
– 43 –
T
ABLES
Table 104: GVRP and Bridge Extension Commands 782
Table 105: Commands for Editing VLAN Groups 786
Table 106: Commands for Configuring VLAN Interfaces 788
Table 107: Commands for Displaying VLAN Information 795
Table 108: 802.1Q Tunneling Commands 796
Table 109: Commands for Configuring Traffic Segmentation 800
Table 110: Protocol-based VLAN Commands 802
Table 111: IP Subnet VLAN Commands 806
Table 112: MAC Based VLAN Commands 808
Table 113: Voice VLAN Commands 809
Table 114: Priority Commands 817
Table 115: Priority Commands (Layer 2) 817
Table 116: Priority Commands (Layer 3 and 4) 822
Table 117: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 823
Table 118: Default Mapping of DSCP Values to Internal PHB/Drop Values 824
Table 119: Mapping Internal Per-hop Behavior to Hardware Queues 825
Table 120: Quality of Service Commands 831
Table 121: Multicast Filtering Commands 849
Table 122: IGMP Snooping Commands 849
Table 123: Static Multicast Interface Commands 867
Table 124: IGMP Filtering and Throttling Commands 868
Table 125: Multicast VLAN Registration Commands 875
Table 126: show mvr - display description 880
Table 127: show mvr interface - display description 881
Table 128: show mvr members - display description 881
Table 129: LLDP Commands 883
Table 130: Address Table Commands 901
Table 131: show dns cache - display description 908
Table 132: show hosts - display description 909
Table 133: DHCP Commands 911
Table 134: DHCP Client Commands 911
Table 135: IP Interface Commands 917
Table 136: IPv4 Interface Commands 917
Table 137: Basic IP Configuration Commands 918
Table 138: Address Resolution Protocol Commands 923
Table 139: IPv6 Configuration Commands 925
– 44 –
T
ABLES
Table 140: show ipv6 interface - display description 935
Table 141: show ipv6 mtu - display description 937
Table 142: show ipv6 traffic - display description 938
Table 143: show ipv6 neighbors - display description 947
Table 144: Troubleshooting Chart 955
– 45 –
T
ABLES
– 46 –
S
ECTION
GETTING STARTED
This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.
This section includes these chapters:
◆ "Introduction" on page 49
◆ "Initial Switch Configuration" on page 57
I
– 47 –
S
ECTION
I
| Getting Started
– 48 –
1 INTRODUCTION
This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.
KEY FEATURES
Table 1: Key Features
Feature Description
Configuration Backup
and Restore
Using management station or FTP/TFTP server
Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+
General Security
Measures
Access Control Lists Supports up to 512 rules, 64 ACLs,
DHCP Client
DNS Client and Proxy service
Port Configuration Speed and duplex mode and flow control
Port Trunking Supports up to 8 trunks – static or dynamic trunking (LACP)
Port Mirroring 10 sessions, one or more source ports to one analysis port
Congestion Control Rate Limiting
Address Table 8K MAC addresses in the forwarding table, 1K static MAC
Web – HTTPS
Tel n e t – S S H
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
Private VLANs
Port Authentication
Port Security
DHCP Snooping
IP Source Guard
and a maximum of 32 rules for an ACL
Throttling for broadcast, multicast, unknown unicast storms
Random Early Detection
addresses, 255 L2 multicast groups
IP Version 4 and 6 Supports IPv4 and IPv6 addressing, and management
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Supported to ensure wire-speed switching while eliminating bad
frames
– 49 –
C
HAPTER
Description of Software Features
1
| Introduction
Table 1: Key Features (Continued)
Feature Description
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and
Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based, private
Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP
Qualify of Service Supports Differentiated Services (DiffServ)
Link Layer Discovery
Protocol
Multicast Filtering Supports IGMP snooping and query, and Multicast VLAN
DESCRIPTION OF SOFTWARE FEATURES
The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Broadcast storm suppression prevents
broadcast traffic storms from engulfing the network. Untagged (portbased), tagged, and protocol-based VLANs, plus support for automatic
GVRP VLAN registration provide traffic security and efficient use of network
bandwidth. CoS priority queueing ensures the minimum delay for moving
real-time multimedia data across the network. While multicast filtering
provides support for real-time network applications.
Multiple Spanning Trees (MSTP)
VLANs, voice VLANs, and QinQ tunnel
Precedence, or Differentiated Services Code Point (DSCP)
Used to discover basic information about neighboring devices
Registration
Some of the management features are briefly described below.
CONFIGURATION
BACKUP AND
RESTORE
You can save the current configuration settings to a file on the
management station (using the web interface) or an FTP/TFTP server
(using the web or console interface), and later download this file to restore
the switch configuration settings.
AUTHENTICATION This switch authenticates management access via the console port, Telnet,
or a web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or
TACACS+). Port-based authentication is also supported via the IEEE
802.1X protocol. This protocol uses Extensible Authentication Protocol over
LANs (EAPOL) to request user credentials from the 802.1X client, and then
uses the EAP between the switch and the authentication server to verify
the client’s right to access the network via an authentication server (i.e.,
RADIUS or TACACS+ server).
Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for web/SNMP/Telnet/web
management access, and MAC address filtering for port access.
– 50 –
C
HAPTER
Description of Software Features
1
| Introduction
ACCESS CONTROL
LISTS
ACLs provide packet filtering for IP frames (based on address, protocol,
TCP/UDP port number or TCP control code) or any frames (based on MAC
address or Ethernet type). ACLs can by used to improve performance by
blocking unnecessary network traffic or to implement security controls by
restricting access to specific network resources or protocols.
PORT CONFIGURATION You can manually configure the speed and duplex mode, and flow control
used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports
whenever possible to double the throughput of switch connections. Flow
control should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).
PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor port.
You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.
PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be
manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 12 trunks.
RATE LIMITING This feature controls the maximum rate for traffic transmitted or received
on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Traffic that falls within
the rate limit is transmitted, while packets that exceed the acceptable
amount of traffic are dropped.
STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents
traffic from overwhelming the network.When enabled on a port, the level of
broadcast traffic passing through the port is restricted. If broadcast traffic
rises above a pre-defined threshold, it will be throttled until the level falls
back beneath the threshold.
STATIC ADDRESSES A static address can be assigned to a specific interface on this switch.
Static addresses are bound to the assigned interface and will not be
moved. When a static address is seen on another interface, the address will
be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known
host to a specific port.
– 51 –
C
HAPTER
Description of Software Features
1
| Introduction
IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table
facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up
to 8K addresses.
STORE-AND-FORWARD
SWITCHING
SPANNING TREE
ALGORITHM
The switch copies each frame into its memory before forwarding them to
another port. This ensures that all frames are a standard Ethernet size and
have been verified for accuracy with the cyclic redundancy check (CRC).
This prevents bad frames from entering the network and wasting
bandwidth.
To avoid dropping frames on congested ports, the switch provides 4 Mbits
for frame buffering. This buffer can queue packets awaiting transmission
on congested networks.
The switch supports these spanning tree protocols:
◆ Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides
loop detection. When there are multiple physical paths between
segments, this protocol will choose a single path and disable all others
to ensure that only one route exists between any two stations on the
network. This prevents the creation of network loops. However, if the
chosen path should fail for any reason, an alternate path will be
activated to maintain the connection.
◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to about 3
to 5 seconds, compared to 30 seconds or more for the older IEEE
802.1D STP standard. It is intended as a complete replacement for STP,
but can still interoperate with switches running the older standard by
automatically reconfiguring ports to STP-compliant mode if they detect
STP protocol messages from attached devices.
◆ Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is
a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for
even faster convergence than RSTP by limiting the size of each region,
and prevents VLAN members from being segmented from the rest of
the group (as sometimes occurs with IEEE 802.1D STP).
– 52 –
C
HAPTER
Description of Software Features
1
| Introduction
VIRTUAL LANS The switch supports up to 255 VLANs. A Virtual LAN is a collection of
network nodes that share the same collision domain regardless of their
physical location or connection point in the network. The switch supports
tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN
groups can be dynamically learned via GVRP, or ports can be manually
assigned to a specific set of VLANs. This allows the switch to restrict traffic
to the VLAN groups to which a user has been assigned. By segmenting
your network into VLANs, you can:
◆ Eliminate broadcast storms which severely degrade performance in a
flat network.
◆ Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.
◆ Provide data security by restricting all traffic to the originating VLAN,
except where a connection is explicitly defined via the switch's routing
service.
IEEE 802.1Q
TUNNELING (QINQ)
TRAFFIC
PRIORITIZATION
◆ Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need to
be configured.
◆ Use protocol VLANs to restrict traffic to specified interfaces based on
protocol type.
This feature is designed for service providers carrying traffic for multiple
customers across their networks. QinQ tunneling is used to maintain
customer-specific VLAN and Layer 2 protocol configurations even when
different customers use the same internal VLAN IDs. This is accomplished
by inserting Service Provider VLAN (SPVLAN) tags into the customer’s
frames when they enter the service provider’s network, and then stripping
the tags when the frames leave the network.
This switch prioritizes each packet based on the required level of service,
using four priority queues with strict priority, Weighted Round Robin
(WRR), Deficit Round-Robin (DRR) scheduling, or a combination of strict
and weighted queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize
incoming traffic based on input from the end-station application. These
functions can
data and best-effort data.
be used to provide independent priorities for delay-sensitive
This switch also supports several common methods of prioritizing layer 3/4
traffic to meet application requirements. Traffic can be prioritized based on
the priority bits in the IP frame’s Type of Service (ToS) octet using DSCP, or
IP Precedence. When these services are enabled, the priorities are mapped
to a Class of Service value by the switch, and the traffic then sent to the
corresponding output queue.
– 53 –
C
HAPTER
System Defaults
1
| Introduction
QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management
mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is
classified upon entry into the network based on access lists, IP Precedence
or DSCP values, or VLAN lists. Using access lists allows you select traffic
based on Layer 2, Layer 3, or Layer 4 information contained in each
packet. Based on network policies, different kinds of traffic can be marked
for different kinds of forwarding.
MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it
does not interfere with normal network traffic and to guarantee real-time
delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group
registration.
SYSTEM DEFAULTS
The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should
be set as the startup configuration file.
The following table lists some of the basic system defaults.
Table 2: System Defaults
Function Parameter Default
Console Port Connection Baud Rate 115200 bps
Data bits 8
Stop bits 1
Parity none
Local Console Timeout 0 (disabled)
Authentication Privileged Exec Level Username “admin”
Normal Exec Level Username “guest”
Enable Privileged Exec from
Normal Exec Level
RADIUS Authentication Disabled
TACACS+ Authentication Disabled
Password “admin”
Password “guest”
Password “super”
802.1X Port Authentication Disabled
HTTPS Enabled
SSH Disabled
Port Security Disabled
IP Filtering Disabled
– 54 –
C
HAPTER
Table 2: System Defaults (Continued)
Function Parameter Default
Web Management HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Enabled
HTTP Secure Server Port 443
SNMP SNMP Agent Enabled
1
| Introduction
System Defaults
Community Strings “public” (read only)
Traps Authentication traps: enabled
SNMP V3 View: defaultview
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
Po r t Trunking S t a t i c Tr u nks Non e
LACP (all ports) Disabled
Congestion Control Rate Limiting Disabled
Storm Control Broadcast: Enabled
Address Table Aging Time 300 seconds
Spanning Tree Algorithm Status Enabled, RSTP
Edge Ports Disabled
“private” (read/write)
Link-up-down events: enabled
Group: public (read only);
private (read/write)
(64 kbits/sec)
Multicast: Disabled
Unknown Unicast: Disabled
(Defaults: RSTP standard)
LLDP Status Enabled
Virtual LANs Default VLAN 1
PVID 1
Acceptable Frame Type All
Ingress Filtering Disabled
Switchport Mode (Egress Mode) Hybrid
GVRP (global) Disabled
GVRP (port interface) Disabled
QinQ Tunneling Disabled
– 55 –
C
HAPTER
1
| Introduction
System Defaults
Table 2: System Defaults (Continued)
Function Parameter Default
Traffic Prioritization Ingress Port Priority 0
Queue Mode WRR
Queue Weight Queue: 0 1 2 3
Class of Service Enabled
IP Precedence Priority Disabled
IP DSCP Priority Disabled
IP Settings Management. VLAN VLAN 1
IP Address DHCP assigned
Subnet Mask 255.255.255.0
Default Gateway 0.0.0.0
DHCP Client: Enabled
DNS Proxy service: Disabled
BOOTP Disabled
Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled
IGMP Proxy Reporting Enabled
System Log Status Enabled
Messages Logged to RAM Levels 0-7 (all)
Messages Logged to Flash Levels 0-3
SMTP Email Alerts Event Handler Enabled (but no server defined)
Weight: 1 2 4 6
Querier: Disabled
SNTP Clock Synchronization Disabled
– 56 –
2 INITIAL SWITCH CONFIGURATION
This chapter includes information on connecting to the switch and basic
configuration procedures.
CONNECTING TO THE SWITCH
The switch includes a built-in network management agent. The agent
offers a variety of management options, including SNMP, RMON and a webbased interface. A PC may also be connected directly to the switch for
configuration and monitoring via a command line interface (CLI).
N
OTE
:
An IPv4 address for this switch is obtained via DHCP by default. To
change this address, see "Setting an IP Address" on page 61.
CONFIGURATION
OPTIONS
The switch’s HTTP web agent allows you to configure switch parameters,
monitor port connections, and display statistics using a standard web
browser such as Internet Explorer 5.x or above, Netscape 6.2 or above,
and Mozilla Firefox 2.0.0.0 or above. The switch’s web management
interface can be accessed from any computer attached to the network.
The CLI program can be accessed by a direct connection to the RS-232
serial console port on the switch, or remotely by a Telnet connection over
the network.
The switch’s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be managed
from any system in the network using network management software.
The switch’s web interface, console interface, and SNMP agent allow you to
perform the following management functions:
◆ Set user names and passwords
◆ Set an IP interface for
◆ Configure SNMP parameters
◆ Enable/disable any port
a management VLAN
◆ Set the speed/duplex mode for any port
◆ Configure the bandwidth of any port by limiting input or output rates
– 57 –
C
HAPTER
Connecting to the Switch
2
| Initial Switch Configuration
◆ Control port access through IEEE 802.1X security or static address
filtering
◆ Filter packets using Access Control Lists (ACLs)
◆ Configure up to 256 IEEE 802.1Q VLANs
◆ Enable GVRP automatic VLAN registration
◆ Configure IGMP multicast filtering
◆ Upload and download system firmware or configuration files via HTTP
(using the web interface) or FTP/TFTP (using the command line or web
interface)
◆ Configure Spanning Tree parameters
◆ Configure Class of Service (CoS) priority queuing
◆ Configure static or LACP trunks (up to 8)
REQUIRED
CONNECTIONS
◆ Enable port mirroring
◆ Set storm control on any port for excessive broadcast, multicast, or
unknown unicast traffic
◆ Display system information and statistics
The switch provides an RS-232 serial port that enables a connection to a
PC or terminal for monitoring and configuring the switch. A null-modem
console cable is provided with the switch.
Attach a VT100-compatible terminal, or a PC running a terminal emulation
program to the switch. You can use the console cable provided with this
package, or use a null-modem cable that complies with the wiring
assignments shown in the Installation Guide.
To connect a terminal to the console port, complete the following steps:
1. Connect the console cable to the serial port on a terminal, or a PC
running terminal emulation software, and tighten the captive retaining
screws on the DB-9 connector.
2. Connect the other end of the cable to the RS-232 serial port on the
switch.
3. Make sure the terminal emulation software is set as follows:
■
Select the appropriate serial port (COM port 1 or COM port 2).
■
Set the baud rates to 115200 bps.
■
Set the data format to 8 data bits, 1 stop bit, and no parity.
– 58 –
C
HAPTER
■
Set flow control to none.
■
Set the emulation mode to VT100.
■
When using HyperTerminal, select Terminal keys, not Windows
2
| Initial Switch Configuration
Connecting to the Switch
keys.
N
OTE
:
Once you have set up the terminal correctly, the console login screen
will be displayed.
For a description of how to use the CLI, see "Using the Command Line
Interface" on page 473. For a list of all the CLI commands and detailed
information on using the CLI, refer to "CLI Command Groups" on
page 482.
REMOTE
CONNECTIONS
Prior to accessing the switch’s onboard agent via a network connection,
you must first configure it with a valid IP address, subnet mask, and
default gateway using a console connection, or DHCP protocol.
An IPv4 address for this switch is obtained via DHCP by default. To
manually configure this address or enable dynamic address assignment via
DHCP, see "Setting an IP Address" on page 61.
N
OTE
:
This switch supports four Telnet sessions or SSH sessions.
After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The
onboard configuration program can be accessed using Telnet from any
computer attached to the network. The switch can also be managed by any
computer using a web browser (Internet Explorer 5.0 or above, Netscape
6.2 or above, or Mozilla Firefox 2.0.0.0 or above), or from a network
computer using SNMP network management software.
The onboard program only provides access to basic configuration functions.
To access the full range of SNMP management functions, you must use
SNMP-based network management software.
– 59 –
C
HAPTER
Basic Configuration
2
| Initial Switch Configuration
BASIC CONFIGURATION
CONSOLE
CONNECTION
The CLI program provides two different command levels — normal access
level (Normal Exec) and privileged access level (Privileged Exec). The
commands available at the Normal Exec level are a limited subset of those
available at the Privileged Exec level and allow you to only display
information and use basic utilities. To fully configure the switch
parameters, you must access the CLI at the Privileged Exec level.
Access to both CLI levels are controlled by user names and passwords. The
switch has a default user name and password for each level. To log into the
CLI at the Privileged Exec level using the default user name and password,
perform these steps:
1. To initiate your console connection, press <Enter>. The “User Access
Verification” procedure starts.
2. At the User Name prompt, enter “admin.”
3. At the Password prompt, also enter “admin.” (The password characters
are not displayed on the console screen.)
4. The session is opened and the CLI displays the “Console#” prompt
indicating you have access at the Privileged Exec level.
SETTING PASSWORDS If this is your first time to log into the CLI program, you should define new
passwords for both default user names using the "username" command,
record them and put them in a safe place.
Passwords can consist of up to 32 alphanumeric characters and are case
sensitive. To prevent unauthorized access to the switch, set the passwords
as follows:
1. Open the console interface with the default user name and password
“admin” to access the Privileged Exec level.
2. Type “configure” and press <Enter>.
3. Type “username guest password 0 password,” for the Normal Exec
level, where password is your new password. Press <Enter>.
4. Type “username admin password 0 password,” for the Privileged Exec
level, where password is your new password. Press <Enter>.
Username: admin
Password:
CLI session with the MS453490M is opened.
To end the CLI session, enter [Exit].
– 60 –
C
HAPTER
Console#configure
Console(config)#username guest password 0 [password]
Console(config)#username admin password 0 [password]
Console(config)#
2
| Initial Switch Configuration
Basic Configuration
SETTING AN IP
DDRESS
A
You must establish IP address information for the switch to obtain
management access through the network. This can be done in either of the
following ways:
◆ Manual — You have to input the information, including IP address and
subnet mask. If your management station is not in the same IP subnet
as the switch, you will also need to specify the default gateway router.
◆ Dynamic — The switch can send IPv4 configuration requests to BOOTP
or DHCP address allocation servers on the network, or can
automatically generate a unique IPv6 host address based on the local
subnet address prefix received in router advertisement messages.
MANUAL CONFIGURATION
You can manually assign an IP address to the switch. You may also need to
specify a default gateway that resides between this device and
management stations that exist on another network segment. Valid IPv4
addresses consist of four decimal numbers, 0 to 255, separated by periods.
Anything outside this format will not be accepted by the CLI program.
N
OTE
:
The IP address for this switch is obtained via DHCP by default.
ASSIGNING AN IPV4 ADDRESS
Before you can assign an IP address to the switch, you must obtain the
following information from your network administrator:
◆ IP address for the switch
◆ Network mask for this network
◆ Default gateway for the network
To assign an IPv4 address to the switch, complete the following steps
1. From the Global Configuration mode prompt, type “interface vlan 1” to
access the interface-configuration mode. Press <Enter>.
2. Type “ip address ip-address netmask,” where “ip-address” is the switch
IP address and “netmask” is the network mask for the network. Press
<Enter>.
3. Type “exit” to return to the global configuration mode prompt. Press
<Enter>.
– 61 –
C
HAPTER
Basic Configuration
2
| Initial Switch Configuration
4. To set the IP address of the default gateway for the network to which
the switch belongs, type “ip default-gateway gateway,” where
“gateway” is the IP address of the default gateway. Press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.5 255.255.255.0
Console(config-if)#exit
Console(config)#ip default-gateway 192.168.1.254
ASSIGNING AN IPV6 ADDRESS
This section describes how to configure a “link local” address for
connectivity within the local subnet only, and also how to configure a
“global unicast” address, including a network prefix for use on a multisegment network and the host portion of the address.
An IPv6 prefix or address must be formatted according to RFC 2373 “IPv6
Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal
values. One double colon may be used to indicate the appropriate number
of zeros required to fill the undefined fields. For detailed information on the
other ways to assign IPv6 addresses, see "Setting the Switch’s IP Address
(IP Version 6)" on page 415.
Link Local Address — All link-local addresses must be configured with a
prefix of FE80. Remember that this address type makes the switch
accessible over IPv6 for all devices attached to the same local subnet only.
Also, if the switch detects that the address you configured conflicts with
that in use by another device on the subnet, it will stop using the address
in question, and automatically generate a link local address that does not
conflict with any other devices on the local subnet.
To configure an IPv6 link local address for the switch, complete the
following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to
access the interface-configuration mode. Press <Enter>.
2. Type “ipv6 address” followed by up to 8 colon-separated 16-bit
hexadecimal values for the ipv6-address similar to that shown in the
example, followed by the “link-local” command parameter. Then press
<Enter>.
Console(config)#interface vlan 1
Console(config-if)#ipv6 address FE80::260:3EFF:FE11:6700 link-local
Console(config-if)#end
Console#show ipv6 interface
IPv6 is stale.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
(None)
Joined group address(es):
FF02::1:FF11:6700
FF02::1
IPv6 link MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 3.
– 62 –
C
HAPTER
ND retransmit interval is 1000 milliseconds
Console#
2
| Initial Switch Configuration
Basic Configuration
Address for Multi-segment Network — Before you can assign an IPv6
address to the switch that will be used to connect to a multi-segment
network, you must obtain the following information from your network
administrator:
◆ Prefix for this network
◆ IP address for the switch
◆ Default gateway for the network
For networks that encompass several different subnets, you must define
the full address, including a network prefix and the host address for the
switch. You can specify either the full IPv6 address, or the IPv6 address
and prefix length. The prefix length for an IPv6 network is the number of
bits (from the left) of the prefix that form the network address, and is
expressed as a decimal number. For example, all IPv6 addresses that start
with the first byte of 73 (hexadecimal) could be expressed as
73:0:0:0:0:0:0:0/8 or 73::/8.
To generate an IPv6 global unicast address for the switch, complete the
following steps:
1. From the global configuration mode prompt, type “interface vlan 1” to
access the interface-configuration mode. Press <Enter>.
2. From the interface prompt, type “ipv6 address ipv6-address” or
“ipv6 address ipv6-address/prefix-length,” where “prefix-length”
indicates the address bits used to form the network portion of the
address. (The network address starts from the left of the prefix and
should encompass some of the ipv6-address bits.) The remaining bits
are assigned to the host interface. Press <Enter>.
3. Type “exit” to return to the global configuration mode prompt. Press
<Enter>.
4. To set the IP address of the IPv6 default gateway for the network to
which the switch belongs, type “ipv6 default-gateway gateway,” where
“gateway” is the IPv6 address of the default gateway. Press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ipv6 address 2001:DB8:2222:7272::/64
Console(config-if)#exit
Console(config)#ipv6 default-gateway 2001:DB8:2222:7272::254
Console(config)end
Console#show ipv6 interface
Vlan 1 is up
IPv6 is stale.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
– 63 –
C
HAPTER
Basic Configuration
2
| Initial Switch Configuration
2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64
Joined group address(es):
FF02::1:FF00:0
FF02::1:FF11:6700
FF02::1
IPv6 link MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 3.
Console#show ipv6 default-gateway
ipv6 default gateway: 2001:DB8:2222:7272::254
Console#
DYNAMIC CONFIGURATION
Obtaining an IPv4 Address
If you select the “bootp” or “dhcp” option, the system will immediately
start broadcasting service requests. IP will be enabled but will not function
until a BOOTP or DHCP reply has been received. Requests are broadcast
every few minutes using exponential backoff until IP configuration
information is obtained from a BOOTP or DHCP server. BOOTP and DHCP
values can include the IP address, subnet mask, and default gateway. If
the DHCP/BOOTP server is slow to respond, you may need to use the “ip
dhcp restart client” command to re-start broadcasting service requests.
Note that the “ip dhcp restart client” command can also be used to start
broadcasting service requests for all VLANs configured to obtain address
assignments through BOOTP or DHCP. It may be necessary to use this
command when DHCP is configured on a VLAN, and the member ports
which were previously shut down are now enabled.
If the “bootp” or “dhcp” option is saved to the startup-config file (step 6),
then the switch will start broadcasting service requests as soon as it is
powered on.
To automatically configure the switch by communicating with BOOTP or
DHCP address allocation servers on the network, complete the following
steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to
access the interface-configuration mode. Press <Enter>.
2. At the interface-configuration mode prompt, use one of the following
commands:
■
To obtain IP settings via DHCP, type “ip address dhcp” and press
<Enter>.
■
To obtain IP settings via BOOTP, type “ip address bootp” and press
<Enter>.
3. Type “end” to return to the Privileged Exec mode. Press <Enter>.
4. Wait a few minutes, and then check the IP configuration settings by
typing the “show ip interface” command. Press <Enter>.
– 64 –
C
HAPTER
2
| Initial Switch Configuration
Basic Configuration
5. Then save your configuration changes by typing “copy running-config
startup-config.” Enter the startup file name and press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
Console(config-if)#end
Console#show ip interface
IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1,
and address mode: DHCP
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.
\Write to FLASH finish.
Success.
OBTAINING AN IPV6 ADDRESS
Link Local Address — There are several ways to configure IPv6 addresses.
The simplest method is to automatically generate a “link local” address
(identified by an address prefix of FE80). This address type makes the
switch accessible over IPv6 for all devices attached to the same local
subnet.
To generate an IPv6 link local address for the switch, complete the
following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to
access the interface-configuration mode. Press <Enter>.
2. Type “ipv6 enable” and press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ipv6 enable
Console(config-if)#end
Console#show ipv6 interface
Vlan 1 is up
IPv6 is enable.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64
Joined group address(es):
FF02::1:FF00:0
FF02::1:FF11:6700
FF02::1
IPv6 link MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 3.
ND retransmit interval is 1000 milliseconds
Console#
Address for Multi-segment Network — To generate an IPv6 address that
can be used in a network containing more than one subnet, the switch can
be configured to automatically generate a unique host address based on
the local subnet address prefix received in router advertisement messages.
(DHCP for IPv6 will also be supported in future software releases.)
– 65 –
C
HAPTER
Basic Configuration
2
| Initial Switch Configuration
To dynamically generate an IPv6 host address for the switch, complete the
following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to
access the interface-configuration mode. Press <Enter>.
2. From the interface prompt, type “ipv6 address autoconfig” and press
<Enter>.
3. Type “ipv6 enable” and press <Enter> to enable IPv6 on an interface
that has not been configured with an explicit IPv6 address.
Console(config)#interface vlan 1
Console(config-if)#ipv6 address autoconfig
Console(config-if)#ipv6 enable
Console(config-if)#end
Console#show ipv6 interface
Vlan 1 is up
IPv6 is enable.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
2001:DB8:2222:7272:2E0:CFF:FE00:FD/64, subnet is 2001:DB8:2222:7272::/
64[AUTOCONFIG]
valid lifetime 2591978 preferred lifetime 604778
Joined group address(es):
FF02::1:FF00:FD
FF02::1:FF11:6700
FF02::1
IPv6 link MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 3.
ND retransmit interval is 1000 milliseconds
ENABLING SNMP
MANAGEMENT ACCESS
Console#
The switch can be configured to accept management commands from
Simple Network Management Protocol (SNMP) applications. You can
configure the switch to respond to SNMP requests or generate SNMP traps.
When SNMP management stations send requests to the switch (either to
return information or to set a parameter), the switch provides the
requested data or sets the specified parameter. The switch can also be
configured to send information to SNMP managers (without being
requested by the managers) through trap messages, which inform the
manager that certain events have occurred.
The switch includes an SNMP agent that supports SNMP version 1, 2c, and
3 clients. To provide management access for version 1 or 2c clients, you
must specify a community string. The switch provides a default MIB View
(i.e., an SNMPv3 construct) for the default “public” community string that
provides read access to the entire MIB tree, and a default view for the
“private” community string that provides read/write access to the entire
MIB tree. However, you may assign new views to version 1 or 2c
community strings that suit your specific security requirements (see
"Setting SNMPv3 Views" on page 375).
– 66 –
C
HAPTER
2
| Initial Switch Configuration
Basic Configuration
COMMUNITY STRINGS (FOR SNMP VERSION 1 AND 2C CLIENTS)
Community strings are used to control management access to SNMP
version 1 and 2c stations, as well as to authorize SNMP stations to receive
trap messages from the switch. You therefore need to assign community
strings to specified users, and set the access level.
The default strings are:
◆ public - with read-only access. Authorized management stations are
only able to retrieve MIB objects.
◆ private - with read/write access. Authorized management stations are
able to both retrieve and modify MIB objects.
To prevent unauthorized access to the switch from SNMP version 1 or 2c
clients, it is recommended that you change the default community strings.
To configure a community string, complete the following steps:
1. From the Privileged Exec level global configuration mode prompt, type
“snmp-server community string mode,” where “string” is the
community access string and “mode” is rw (read/write) or ro (read
only). Press <Enter>. (Note that the default mode is read only.)
2. To remove an existing string, simply type “no snmp-server community
string,” where “string” is the community access string to remove. Press
<Enter>.
Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#
N
OTE
:
If you do not intend to support access to SNMP version 1 and 2c
clients, we recommend that you delete both of the default community
strings. If there are no community strings, then SNMP management access
from SNMP v1 and v2c clients is disabled.
TRAP RECEIVERS
You can also specify SNMP stations that are to receive traps from the
switch. To configure a trap receiver, use the “snmp-server host” command.
From the Privileged Exec level global configuration mode prompt, type:
“snmp-server host host-address community-string
[version {1 | 2c | 3 {auth | noauth | priv}}]”
where “host-address” is the IP address for the trap receiver, “communitystring” specifies access rights for a version 1/2c host, or is the user name
of a version 3 host, “version” indicates the SNMP client version, and “auth |
noauth | priv” means that authentication, no authentication, or
– 67 –
C
HAPTER
Managing System Files
2
| Initial Switch Configuration
authentication and privacy is used for v3 clients. Then press <Enter>. For
a more detailed description of these parameters, see "snmp-server host"
on page 560. The following example creates a trap host for each type of
SNMP client.
Console(config)#snmp-server host 10.1.19.23 batman
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#
CONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS
To configure management access for SNMPv3 clients, you need to first
create a view that defines the portions of MIB that the client can read or
write, assign the view to a group, and then assign the user to a group. The
following example creates one view called “mib-2” that includes the entire
MIB-2 tree branch, and then another view that includes the IEEE 802.1d
bridge MIB. It assigns these respective read and read/write views to a
group call “r&d” and specifies group authentication via MD5 or SHA. In the
last step, it assigns a v3 user to this group, indicating that MD5 will be
used for authentication, provides the password “greenpeace” for
authentication, and the password “einstien” for encryption.
Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included
Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included
Console(config)#snmp-server group r&d v3 auth mib-2 802.1d
Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv
des56 einstien
Console(config)#
For a more detailed explanation on how to configure the switch for access
from SNMP v3 clients, refer to "Simple Network Management Protocol" on
page 369, or refer to the specific CLI commands for SNMP starting on
page 555.
MANAGING SYSTEM FILES
The switch’s flash memory supports three types of system files that can be
managed by the CLI program, web interface, or SNMP. The switch’s file
system allows files to be uploaded and downloaded, copied, deleted, and
set as a start-up file.
The types of files are:
◆ Configuration — This file type stores system configuration information
and is created when configuration settings are saved. Saved
configuration files can be selected as a system start-up file or can be
uploaded via FTP/TFTP to a server for backup. The file named
“Factory_Default_Config.cfg” contains all the system default settings
and cannot be deleted from the system. If the system is booted with
the factory default settings, the switch will also create a file named
– 68 –
C
HAPTER
“startup1.cfg” that contains system settings for switch initialization,
including information about the unit identifier, and MAC address for the
switch. The configuration settings from the factory defaults
configuration file are copied to this file, which is then used to boot the
switch. See "Saving or Restoring Configuration Settings" on page 69 for
more information.
◆ Operation Code — System software that is executed after boot-up,
also known as run-time code. This code runs the switch operations and
provides the CLI and web management interfaces. See "Managing
System Files" on page 94 for more information.
◆ Diagnostic Code — Software that is run during system boot-up, also
known as POST (Power On Self-Test).
Due to the size limit of the flash memory, the switch supports only two
operation code files. However, you can have as many diagnostic code files
and configuration files as available flash memory space allows. The switch
has a total of 32 Mbytes of flash memory for system files.
In the system flash memory, one file of each type must be set as the startup file. During a system boot, the diagnostic and operation code files set as
the start-up file are run, and then the start-up configuration file is loaded.
2
| Initial Switch Configuration
Managing System Files
SAVING OR
RESTORING
CONFIGURATION
SETTINGS
Note that configuration files should be downloaded using a file name that
reflects the contents or usage of the file settings. If you download directly
to the running-config, the system will reboot, and the settings will have to
be copied from the running-config to a permanent file.
Configuration commands only modify the running configuration file and are
not saved when the switch is rebooted. To save all your configuration
changes in nonvolatile storage, you must copy the running configuration
file to the start-up configuration file using the “copy” command.
New startup configuration files must have a name specified. File names on
the switch are case-sensitive, can be from 1 to 31 characters, must not
contain slashes (\ or /), and the leading letter of the file name must not be
a period (.). (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
There can be more than one user-defined configuration file saved in the
switch’s flash memory, but only one is designated as the “startup” file that
is loaded when the switch boots. The copy running-config startup-
config command always sets the new file as the startup file. To select a
previously saved configuration file, use the boot system
config:<filename> command.
The maximum number of saved configuration files depends on available
flash memory. The amount of available flash memory can be checked by
using the dir command.
– 69 –
C
HAPTER
Managing System Files
2
| Initial Switch Configuration
To save the current configuration settings, enter the following command:
1. From the Privileged Exec mode prompt, type “copy running-config
startup-config” and press <Enter>.
2. Enter the name of the start-up file. Press <Enter>.
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.
\Write to FLASH finish.
Success.
Console#
To restore configuration settings from a backup server, enter the following
command:
1. From the Privileged Exec mode prompt, type “copy tftp startup-config”
and press <Enter>.
2. Enter the address of the TFTP server. Press <Enter>.
3. Enter the name of the startup file stored on the server. Press <Enter>.
4. Enter the name for the startup file on the switch. Press <Enter>.
Console#copy file startup-config
Console#copy tftp startup-config
TFTP server IP address: 192.168.0.4
Source configuration file name: startup-rd.cfg
Startup configuration file name [startup1.cfg]:
Success.
Console#
– 70 –
S
ECTION
WEB CONFIGURATION
This section describes the basic switch features, along with a detailed
description of how to configure each feature via a web browser.
This section includes these chapters:
◆ "Using the Web Interface" on page 73
◆ "Basic Management Tasks" on page 89
◆ "Interface Configuration" on page 117
◆ "VLAN Configuration" on page 155
II
◆ "Address Table Settings" on page 185
◆ "Spanning Tree Algorithm" on page 193
◆ "Rate Limit Configuration" on page 217
◆ "Storm Control Configuration" on page 219
◆ "Class of Service" on page 221
◆ "Quality of Service" on page 235
◆ "VoIP Traffic Configuration" on page 251
◆ "Security Measures" on page 257
◆ "Basic Administration Protocols" on page 351
◆ "IP Configuration" on page 411
◆ "IP Services" on page 433
◆ "Multicast Filtering" on page 441
– 71 –
S
ECTION
II
| Web Configuration
– 72 –
3 USING THE WEB INTERFACE
This switch provides an embedded HTTP web agent. Using a web browser
you can configure the switch and view statistics to monitor network
activity. The web agent can be accessed by any computer on the network
using a standard web browser (Internet Explorer 5.0 or above, Netscape
6.2 or above, or Mozilla Firefox 2.0.0.0 or above).
N
OTE
:
You can also use the Command Line Interface (CLI) to manage the
switch over a serial connection to the console port or via Telnet. For more
information on using the CLI, refer to "Using the Command Line Interface"
on page 473.
CONNECTING TO THE WEB INTERFACE
Prior to accessing the switch from a web browser, be sure you have first
performed the following tasks:
1. Configure the switch with a valid IP address, subnet mask, and default
gateway using an out-of-band serial connection, BOOTP or DHCP
protocol. (See "Setting an IP Address" on page 61.)
2. Set user names and passwords using an out-of-band serial connection.
Access to the web agent is controlled by the same user names and
passwords as the onboard configuration program. (See "Setting
Passwords" on page 60.)
3. After you enter a user name and password, you will have access to the
system configuration program.
N
OTE
:
You are allowed three attempts to enter the correct password; on
the third failed attempt the current connection is terminated.
N
OTE
:
If you log into the web interface as guest (Normal Exec level), you
can view the configuration settings or change the guest password. If you
log in as “admin” (Privileged Exec level), you can change the settings on
any page.
N
OTE
:
If the path between your management station and this switch does
not pass through any device that uses the Spanning Tree Algorithm, then
you can set the switch port attached to your management station to fast
– 73 –
C
HAPTER
Navigating the Web Browser Interface
3
| Using the Web Interface
forwarding (i.e., enable Admin Edge Port) to improve the switch’s response
time to management commands issued through the web interface. See
"Configuring Interface Settings for STA" on page 203.
NAVIGATING THE WEB BROWSER INTERFACE
To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration
parameters and statistics. The default user name and password for the
administrator is “admin.”
HOME PAGE When your web browser connects with the switch’s web agent, the home
page is displayed as shown below. The home page displays the Main Menu
on the left side of the screen and System Information on the right side. The
Main Menu links are used to navigate to other menus, and display
configuration parameters and statistics.
Figure 1: Home Page
N
OTE
:
You can open a connection to the manufacturer’s web site by clicking
on the Microsens logo.
– 74 –
C
HAPTER
Navigating the Web Browser Interface
3
| Using the Web Interface
CONFIGURATION
OPTIONS
Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the
Apply button to confirm the new setting. The following table summarizes
the web page configuration buttons.
Table 3: Web Page Configuration Buttons
Button Action
Apply Sets specified values to the system.
Revert Cancels specified values and restores current
Help Links directly to web help.
N
OTE
:
To ensure proper screen refresh, be sure that Internet Explorer 5.x
values prior to pressing “Apply.”
is configured as follows: Under the menu “Tools / Internet Options /
General / Temporary Internet Files / Settings,” the setting for item “Check
for newer versions of stored pages” should be “Every visit to the page.”
N
OTE
:
When using Internet Explorer 5.0, you may have to manually refresh
the screen after making configuration changes by pressing the browser’s
refresh button.
PANEL DISPLAY The web agent displays an image of the switch’s ports. The Mode can be
set to display different information for the ports, including Active (i.e., up
or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or
without flow control).
Figure 2: Front Panel Indicators
– 75 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
MAIN MENU Using the onboard web agent, you can define system parameters, manage
and control the switch, and all its ports, or monitor network conditions. The
following table briefly describes the selections available from this program.
Table 4: Switch Main Menu
Menu Description Page
System
General Provides basic system description, including contact information 89
Switch Shows the number of ports, hardware version, power status, and
firmware version numbers
IP Sets the IPv4 address for management access 412
Capability Enables support for jumbo frames;
shows the bridge extension parameters
File 94
Copy Allows the transfer and copying files 94
Set Startup Sets the startup file 97
Show Shows the files stored in flash memory; allows deletion of files 98
Automatic Operation Code Upgrade Automatically upgrades operation code if a newer version is
found on the server
Time 103
Configure General
Manual Manually sets the current time 103
SNTP Configures SNTP polling interval 104
Configure Time Server Configures a list of SNTP servers 105
Configure Time Zone Sets the local time zone for the system clock 106
Console Sets console port connection parameters 107
Telnet Sets Telnet connection parameters 109
90
92,
93
99
CPU Utilization Displays information on CPU utilization 110
Memory Status Shows memory utilization parameters 111
Reset Restarts the switch immediately, at a specified time, after a
specified delay, or at a periodic interval
Interface 117
Port 117
General
Configure by Port List Configures connection settings per port 117
Configure by Port Range Configures connection settings for a range of ports 120
Show Information Displays port connection status 120
Mirror 122
Add Sets the source and target ports for mirroring 122
Show Shows the configured mirror sessions 122
Statistics Shows Interface, Etherlike, and RMON port statistics 128
– 76 –
112
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Chart Shows Interface, Etherlike, and RMON port statistics 128
Cable Test Performs cable diagnostics for selected port to diagnose any cable
faults (short, open etc.) and report the cable length
Tru n k
Static 134
Configure Trunk 134
Add Creates a trunk, along with the first port member 134
Show Shows the configured trunk identifiers 134
Add Member Specifies ports to group into static trunks 134
Show Member Shows the port members for the selected trunk 134
Configure General 134
Configure Configures trunk connection settings 134
Show Information Displays trunk connection settings 134
Dynamic 137
132
Configure Aggregator Configures administration key for specific LACP groups 137
Configure Aggregation Port 134
Configure 134
General Allows ports to dynamically join trunks 137
Actor Configures parameters for link aggregation group members on the
Partner Configures parameters for link aggregation group members on the
Show Information 143
Counters Displays statistics for LACP protocol messages 143
Internal Displays configuration settings and operational state for the local
Neighbors Displays configuration settings and operational state for the remote
Configure Trunk 137
Configure Configures connection settings 137
Show Displays port connection status 137
Show Member Shows the active members in a trunk 137
Statistics Shows Interface, Etherlike, and RMON port statistics 128
Chart Shows Interface, Etherlike, and RMON port statistics 128
local side
remote side
side of a link aggregation
side of a link aggregation
137
137
144
146
Green Ethernet Adjusts the power provided to ports based on the length of the cable
RSPAN Mirrors traffic from remote switches for analysis at a destination
Traffic Segmentation 150
Configure Global Enables traffic segmentation globally 150
used to connect to other devices
port on the local switch
– 77 –
148
124
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Configure Session Configures the uplink and down-link ports for a segmented group of
VLAN Trunking Allows unknown VLAN groups to pass through the specified
VLAN Virtual LAN 155
Static
Add Creates VLAN groups 158
Show Displays configured VLAN groups 158
Modify Configures group name and administrative status 158
Edit Member by VLAN Specifies VLAN attributes per VLAN 160
Edit Member by Interface Specifies VLAN attributes per interface 160
Edit Member by Interface Range Specifies VLAN attributes per interface range 160
Dynamic
Configure General Enables GVRP VLAN registration protocol globally 165
Configure Interface Configures GVRP status and timers per interface 165
Show Dynamic VLAN 165
Show VLAN Shows the VLANs this switch has joined through GVRP 165
Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP 165
Tunnel IEEE 802.1Q (QinQ) Tunneling 168
Configure Global Sets tunnel mode for the switch 172
ports
interface
151
152
Configure Interface Sets the tunnel mode for any participating interface 173
Protocol 174
Configure Protocol 175
Add Creates a protocol group, specifying supported protocols 175
Show Shows configured protocol groups 175
Configure Interface 177
Add Maps a protocol group to a VLAN 177
Show Shows the protocol groups mapped to each VLAN 177
IP Subnet 179
Add Maps IP subnet traffic to a VLAN 179
Show Shows IP subnet to VLAN mapping 179
MAC-Based 181
Add Maps traffic with specified source MAC address to a VLAN 181
Show Shows source MAC address to VLAN mapping 181
Mirror 183
Add Mirrors traffic from one or more source VLANs to a target port 183
Show Shows mirror list 183
– 78 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
MAC Address 185
Learning Status Enables MAC address learning on selected interfaces 185
Static 187
Add Configures static entries in the address table 187
Show Displays static entries in the address table 187
Dynamic
Configure Aging Sets timeout for dynamically learned entries 188
Show Dynamic MAC Displays dynamic entries in the address table 189
Clear Dynamic MAC Removes any learned entries from the forwarding database and
Mirror Mirrors traffic matching a specified source address from any port on
Spanning Tree 193
Loopback Detection Configures Loopback Detection parameters 196
STA Spanning Tree Algorithm
Configure Global
Configure Configures global bridge settings for STP, RSTP and MSTP 197
Show Information Displays STA values used for the bridge 202
Configure Interface
Configure Configures interface settings for STA 203
Show Inform at on Displays interface settings for STA 207
MSTP Multiple Spanning Tree Algorithm 209
Configure Global 209
Add Configures initial VLAN and priority for an MST instance 209
Modify Configures the priority or an MST instance 209
Show Configures global settings for an MST instance 209
clears the transmit and receive counts for any static or system
configured entries
the switch to a target port
190
191
Add Member Adds VLAN members for an MST instance 209
Show Member Adds or deletes VLAN members for an MST instance 209
Show Information Displays MSTP values used for the bridge
Configure Interface 213
Configure Configures interface settings for an MST instance 213
Show Information Displays interface settings for an MST instance 213
Traffic
Rate Limit Sets the input and output rate limits for a port 217
Storm Control Sets the broadcast storm threshold for each interface 219
– 79 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Priority
Default Priority Sets the default priority for each port or trunk 221
Queue Sets queue mode for the switch; sets the service weight for each
Trust Mode Selects DSCP or CoS priority processing 228
DSCP to DSCP 229
Add Maps DSCP values in incoming packets to per-hop behavior and
Show Shows the DSCP to DSCP mapping list 229
CoS to DSCP 232
Add Maps CoS/CFI values in incoming packets to per-hop behavior and
Show Shows the CoS to DSCP mapping list 232
PHB to Queue 225
Add Maps internal per-hop behavior values to hardware queues 225
Show Shows the PHB to Queue mapping list 225
DiffServ 235
Configure Class 236
Add Creates a class map for a type of traffic 236
Show Shows configured class maps 236
Modify Modifies the name of a class map 236
queue that will use a weighted or hybrid mode
drop precedence values for internal priority processing
drop precedence values for priority processing
222
229
232
Add Rule Configures the criteria used to classify ingress traffic 236
Show Rule Shows the traffic classification rules for a class map 236
Configure Policy 239
Add Creates a policy map to apply to multiple interfaces 239
Show Shows configured policy maps 239
Modify Modifies the name of a policy map 239
Add Rule Sets the boundary parameters used for monitoring inbound traffic,
Show Rule Shows the rules used to enforce bandwidth policing for a policy map239
Configure Interface Applies a policy map to an ingress port 249
VoIP Voi ce over IP 251
Configure Global Configures auto-detection of VoIP traffic, sets the Voice VLAN, and
Configure OUI 253
Add Maps the OUI in the source MAC address of ingress packets to the
Show Shows the OUI telephony list 253
and the action to take for conforming and non-conforming traffic
VLAN aging time
VoIP device manufacturer
239
251
253
– 80 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Configure Interface Configures VoIP traffic settings for ports, including the way in which
Security 257
AAA Authentication, Authorization and Accounting 258
System Authentication Configures authentication sequence – local, RADIUS, and TACACS 259
Server 260
Configure Server Configures RADIUS and TACACS server message exchange settings260
Configure Group 260
Add Specifies a group of authentication servers and sets the priority
Show Shows the authentication server groups and priority sequence 260
Accounting Enables accounting of requested services for billing or security
Configure Global Specifies the interval at which the local accounting service updates
Configure Method 265
Add Configures accounting for various service types 265
Show Shows the accounting settings used for various service types 265
Configure Service Sets the accounting method applied to specific interfaces for
a port is added to the Voice VLAN, filtering of non-VoIP packets, the
method of detecting VoIP traffic, and the priority assigned to the
voice traffic
sequence
purposes
information to the accounting server
802.1X, CLI command privilege levels for the console port, and for
Tel n e t
254
260
265
265
265
Show Information 265
Summary Shows the configured accounting methods, and the methods
Statistics Shows basic accounting information recorded for user sessions 265
Authorization Enables authorization of requested services 270
Configure Method 270
Add Configures authorization for various service types 270
Show Shows the authorization settings used for various service types 270
Configure Service Sets the authorization method applied used for the console port,
Show Information Shows the configured authorization methods, and the methods
User Accounts 273
Add Configures user names, passwords, and access levels 273
Show Shows authorized users 273
Modify Modifies user attributes 273
Web Authentication Allows authentication and access to the network when 802.1X or
Configure Global Configures general protocol settings 275
Configure Interface Enables Web Authentication for individual ports 276
applied to specific interfaces
and for Telnet
applied to specific interfaces
Network Access authentication are infeasible or impractical
265
270
270
274
– 81 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Network Access MAC address-based network access authentication 277
Configure Global Enables aging for authenticated MAC addresses, and sets the time
period after which a connected MAC address must be
reauthenticated
Configure Interface 280
279
General Enables MAC authentication on a port; sets the maximum number
Link Detection Configures detection of changes in link status, and the response
Configure MAC Filter 283
Add Specifies MAC addresses exempt from authentication 283
Show Shows the list of exempt MAC addresses 283
Show Information Shows the authenticated MAC address list 285
HTTPS Secure HTTP 286
Configure Global Enables HTTPs, and specifies the UDP port to use 286
Copy Certificate Replaces the default secure-site certificate 288
SSH Secure Shell 289
Configure Global Configures SSH server settings 292
Configure Host Key 293
Generate Generates the host key pair (public and private) 293
Show Displays RSA and DSA host keys; deletes host keys 293
Configure User Key 295
Copy Imports user public keys from TFTP server 295
of address that can be authenticated, the guest VLAN, dynamic
VLAN and dynamic QoS
(i.e., send trap or shut down port)
280
282
Show Displays RSA and DSA user keys; deletes user keys 295
ACL Access Control Lists 297
Configure Time Range Configures the time to apply an ACL 298
Add Specifies the name of a time range 298
Show Shows the name of configured time ranges 298
Add Rule 298
Absolute Sets exact time or time range 298
Periodic Sets a recurrent time 298
Show Rule Shows the time specified by a rule 298
Configure ACL 302
Show TCAM Shows utilization parameters for TCAM 301
Add Adds an ACL based on IP or MAC address filtering 302
Show Shows the name and type of configured ACLs 302
Add Rule Configures packet filtering based on IP or MAC addresses and other
packet attributes
– 82 –
302
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show Rule Shows the rules specified for an ACL 302
Configure Interface Binds a port to the specified ACL and time range 312
ARP Inspection 313
Configure General Enables inspection globally, configures validation of additional
Configure VLAN Enables ARP inspection on specified VLANs 316
Configure Interface Sets the trust mode for ports, and sets the rate
Show Information
Show Statistics Displays statistics on the inspection process 319
Show Log Shows the inspection log list 320
IP Filter 321
Add Sets IP addresses of clients allowed management access via the
Show Shows the addresses to be allowed management access 321
Port Security Configures per port security, including status, response for security
Port Authentication IEEE 802.1X 325
Configure Global Enables authentication and EAPOL pass-through 326
Configure Interface Sets authentication parameters for individual ports 328
Show Statistics Displays protocol statistics for the selected port 334
IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table,
address components, and sets the log rate for packet inspection
limit for packet inspection
web, SNMP, and Telnet
breach, and maximum allowed MAC addresses
or dynamic entries in the DHCP Snooping table
314
318
321
323
337
Port Configuration Enables IP source guard and selects filter type per port 337
Static Binding 339
Add Adds a static addresses to the source-guard binding table 339
Show Shows static addresses in the source-guard binding table 339
Dynamic Binding Displays the source-guard binding table for a selected interface 341
Administration 351
Log 351
System 351
Configure Global Stores error messages in local memory 351
Show System Logs Shows logged error messages 351
Remote Configures the logging of messages to a remote logging process 353
SMTP Sends an SMTP client message to a participating server 355
LLDP 356
Configure Global Configures global LLDP timing parameters 356
Configure Interface Sets the message transmission mode; enables SNMP notification;
and sets the LLDP attributes to advertise
358
– 83 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show Local Device Information 361
General Displays general information about the local device 361
Port/Trunk Displays information about each interface 361
Show Remote Device Information 363
Port/Trunk Displays information about a remote device connected to a port on
this switch
363
Port/Trunk Details Displays detailed information about a remote device connected to
Show Device Statistics 368
General Displays statistics for all connected remote devices 368
Port/Trunk Displays statistics for remote devices on a selected port or trunk 368
SNMP Simple Network Management Protocol 369
Configure Global Enables SNMP agent status, and sets related trap functions 372
Configure Engine 373
Set Engine ID Sets the SNMP v3 engine ID on this switch 373
Add Remote Engine Sets the SNMP v3 engine ID for a remote device 374
Show Remote Engine Shows configured engine ID for remote devices 374
Configure View 375
Add View Adds an SNMP v3 view of the OID MIB 375
Show View Shows configured SNMP v3 views 375
Add OID Subtree Specifies a part of the subtree for the selected view 375
Show OID Subtree Shows the subtrees assigned to each view 375
Configure Group 378
Add Adds a group with access policies for assigned users 378
this switch
363
Show Shows configured groups and access policies 378
Configure User
Add Community Configures community strings and access mode 382
Show Community Shows community strings and access mode 382
Add SNMPv3 Local User Configures SNMPv3 users on this switch 384
Show SNMPv3 Local User Shows SNMPv3 users configured on this switch 384
Change SNMPv3 Local User Group Assign a local user to a new group 384
Add SNMPv3 Remote User Configures SNMPv3 users from a remote device 386
Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device 384
Configure Trap 389
Add Configures trap managers to receive messages on key events that
Show Shows configured trap managers 389
occur this switch
– 84 –
389
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
RMON Remote Monitoring 393
Configure Global
Add
Alarm Sets threshold bounds for a monitored variable 394
Event Creates a response event for an alarm 397
Show
Alarm Shows all configured alarms 394
Event Shows all configured events 397
Configure Interface
Add
History Periodically samples statistics on a physical interface 399
Statistics Enables collection of statistics on a physical interface 402
Show
History Shows sampling parameters for each entry in the history group 399
Statistics Shows sampling parameters for each entry in the statistics group 402
Show Details
History Shows sampled data for each entry in the history group 399
Statistics Shows sampled data for each entry in the history group 402
Cluster 405
Configure Global Globally enables clustering for the switch; sets Commander status 405
Configure Member Adds switch Members to the cluster 407
Show Member Shows cluster switch member; managed switch members 408
IP 411
General
Ping Sends ICMP echo request packets to another node on the network 411
IPv6 Configuration 415
Configure Global Sets an IPv6 default gateway for traffic with no known next hop 415
Configure Interface Configures IPv6 interface address using auto-configuration or link-
Add IPv6 Address Adds an global unicast, EUI-64, or link-local IPv6 address to an
Show IPv6 Address Show the IPv6 addresses assigned to an interface 422
Show IPv6 Neighbor Cache Displays information in the IPv6 neighbor discovery cache 423
local address, and sets related protocol settings
interface
416
419
Show Statistics 425
IPv6 Shows statistics about IPv6 traffic 425
ICMPv6 Shows statistics about ICMPv6 messages 425
UDP Shows statistics about UDP messages 425
– 85 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show MTU Shows the maximum transmission unit (MTU) cache for destinations
IP Service 433
DNS Domain Name Service
General 433
Configure Global Enables DNS lookup; defines the default domain name appended to
Add Domain Name Defines a list of domain names that can
Show Domain Names Shows the configured domain name list 434
Add Name Server Specifies IP address of name servers for dynamic lookup 436
Show Name Servers Shows the name server address list 436
Static Host Table 437
Add Configures static entries for domain name to address mapping 437
Show Shows the list of static mapping entries 437
Modify Modifies the static address mapped to the selected host name 437
Cache Displays cache entries discovered by designated
DHCP Dynamic Host Configuration Protocol
Snooping 342
that have returned an ICMP packet-too-big message along with an
acceptable MTU to this switch
incomplete host names
be appended to incomplete host names
name servers
430
433
434
439
Configure Global Enables DHCP snooping globally, MAC-address verification,
Configure VLAN Enables DHCP snooping on a VLAN 346
Configure Interface Sets the trust mode for an interface 347
Show Information Displays the DHCP Snooping binding information 348
Multicast 441
IGMP Snooping 442
General Enables multicast filtering; configures parameters for multicast
Multicast Router 447
Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 447
Show Static Multicast Router Displays ports statically configured as attached to a neighboring
Show Current Multicast Router Displays ports attached to a neighboring multicast router, either
IGMP Member 449
Add Static Member Statically assigns multicast addresses to the selected VLAN 449
Show Static Member Shows multicast addresses statically configured on the selected
Show Current Member Shows multicast addresses associated with the selected VLAN,
information option; and sets the information policy
snooping
multicast router
through static or dynamic configuration
VLAN
either through static or dynamic configuration
345
444
447
447
449
449
– 86 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Interface 451
Configure Configures IGMP snooping per VLAN interface 451
Show Shows IGMP snooping settings per VLAN interface 451
Forwarding Entry Displays the current multicast groups learned through IGMP
Filter 458
Configure General Enables IGMP filtering for the switch 459
Configure Profile 459
Add Adds IGMP filter profile; and sets access mode 459
Show Shows configured IGMP filter profiles 459
Add Multicast Group Range Assigns multicast groups to selected profile 459
Show Multicast Group Range Shows multicast groups assigned to a profile 459
Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling
MVR Multicast VLAN Registration 463
Configure General Globally enables MVR, sets the MVR VLAN, adds multicast
Configure Interface Configures MVR interface type and immediate leave mode; also
Configure Static Group Member 468
Add Statically assigns MVR multicast streams to an interface 468
Show Shows MVR multicast streams assigned to an interface 468
Show Member Shows the multicast groups assigned to an MVR VLAN, the source
Snooping
action
stream addresses
displays MVR operational and active status
address of the multicast services, and the interfaces with active
subscribers
457
462
465
466
470
– 87 –
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
– 88 –
4 BASIC MANAGEMENT TASKS
This chapter describes the following topics:
◆ Displaying System Information – Provides basic system description,
including contact information.
◆ Displaying Hardware/Software Versions – Shows the hardware version,
power status, and firmware versions
◆ Configuring Support for Jumbo Frames – Enables support for jumbo
frames.
◆ Displaying Bridge Extension Capabilities – Shows the bridge extension
parameters.
◆ Managing System Files – Describes how to upgrade operating software
or configuration files, and set the system start-up files.
◆ Setting the System Clock – Sets the current time manually or through
specified SNTP servers.
◆ Console Port Settings – Sets console port connection parameters.
◆ Telnet Settings – Sets Telnet connection parameters.
◆ Displaying CPU Utilization – Displays information on CPU utilization.
◆ Displaying Memory Utilization – Shows memory utilization parameters.
◆ Resetting the System – Restarts the switch immediately, at a specified
time, after a specified delay, or at a periodic interval.
DISPLAYING SYSTEM INFORMATION
Use the System > General page to identify the system by displaying
information such as the device name, location and contact information.
CLI REFERENCES
◆ "System Management Commands" on page 493
◆ "SNMP Commands" on page 555
– 89 –
C
HAPTER
Displaying Hardware/Software Versions
4
| Basic Management Tasks
PARAMETERS
These parameters are displayed:
◆ System Description – Brief description of device type.
◆ System Object ID – MIB II object ID for switch’s network
management subsystem.
◆ System Up Time – Length of time the management agent has been
up.
◆ System Name – Name assigned to the switch system.
◆ System Location – Specifies the system location.
◆ System Contact – Administrator responsible for the system.
WEB INTERFACE
To configure general system information:
1. Click System, General.
2. Specify the system name, location, and contact information for the
system administrator.
3. Click Apply.
Figure 3: System Information
DISPLAYING HARDWARE/SOFTWARE VERSIONS
Use the System > Switch page to display hardware/firmware version
numbers for the main board and management software, as well as the
power status of the system.
CLI REFERENCES
◆ "System Management Commands" on page 493
– 90 –
C
HAPTER
Displaying Hardware/Software Versions
4
| Basic Management Tasks
PARAMETERS
The following parameters are displayed:
Main Board Information
◆ Serial Number – The serial number of the switch.
◆ Number of Ports – Number of built-in ports.
◆ Hardware Version – Hardware version of the main board.
◆ Internal Power Status – Displays the status of the internal power
supply.
Management Software Information
◆ Role – Shows that this switch is operating as Master or Slave.
◆ EPLD Version – Version number of EEPROM Programmable Logic
Device.
◆ Loader Version – Version number of loader code.
◆ Diagnostics Code Version – Version of Power-On Self-Test (POST)
and boot code.
◆ Operation Code Version – Version number of runtime code.
WEB INTERFACE
To view hardware and software version information, Click System, then
Switch.
Figure 4: General Switch Information
– 91 –
C
HAPTER
Configuring Support for Jumbo Frames
4
| Basic Management Tasks
CONFIGURING SUPPORT FOR JUMBO FRAMES
Use the System > Capability page to configure support for jumbo frames.
The switch provides more efficient throughput for large sequential data
transfers by supporting jumbo frames up to 9216 bytes for Gigabit
Ethernet. Compared to standard Ethernet frames that run only up to
1.5 KB, using jumbo frames significantly reduces the per-packet overhead
required to process protocol encapsulation fields.
CLI REFERENCES
◆ "System Management Commands" on page 493
USAGE GUIDELINES
To use jumbo frames, both the source and destination end nodes (such as
a computer or server) must support this feature. Also, when the connection
is operating at full duplex, all switches in the network between the two end
nodes must be able to accept the extended frame size. And for half-duplex
connections, all devices in the collision domain would need to support
jumbo frames.
PARAMETERS
The following parameters are displayed:
◆ Jumbo Frame – Configures support for jumbo frames.
(Default: Disabled)
WEB INTERFACE
To configure support for jumbo frames:
1. Click System, then Capability.
2. Enable or disable support for jumbo frames.
3. Click Apply.
Figure 5: Configuring Support for Jumbo Frames
– 92 –
DISPLAYING BRIDGE EXTENSION CAPABILITIES
Use the System > Capability page to display settings based on the Bridge
MIB. The Bridge MIB includes extensions for managed devices that support
Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these
extensions to display default settings for the key variables.
CLI REFERENCES
◆ "GVRP and Bridge Extension Commands" on page 782
PARAMETERS
The following parameters are displayed:
◆ Extended Multicast Filtering Services – This switch does not
support the filtering of individual multicast addresses based on GMRP
(GARP Multicast Registration Protocol).
◆ Traffic Classes – This switch provides mapping of user priorities to
multiple traffic classes. (Refer to "Class of Service" on page 221.)
C
HAPTER
Displaying Bridge Extension Capabilities
4
| Basic Management Tasks
◆ Static Entry Individual Port – This switch allows static filtering for
unicast and multicast addresses. (Refer to "Setting Static Addresses"
on page 187.)
◆ VLAN Version Number – Based on IEEE 802.1Q, “1” indicates Bridges
that support only single spanning tree (SST) operation, and “2”
indicates Bridges that support multiple spanning tree (MST) operation.
◆ VLAN Learning – This switch uses Independent VLAN Learning (IVL),
where each port maintains its own filtering database.
◆ Local VLAN Capable – This switch does not support multiple local
bridges outside of the scope of 802.1Q defined VLANs.
◆ Configurable PVID Tagging – This switch allows you to override the
default Port VLAN ID (PVID used in frame tags) and egress status
(VLAN-Tagged or Untagged) on each port. (Refer to "VLAN
Configuration" on page 155.)
◆ Max Supported VLAN Numbers – The maximum number of VLANs
supported on this switch.
◆ Max Supported VLAN ID – The maximum configurable VLAN
identifier supported on this switch.
◆ GMRP – GARP Multicast Registration Protocol (GMRP) allows network
devices to register end stations with multicast groups. This switch does
not support GMRP; it uses the Internet Group Management Protocol
(IGMP) to provide automatic multicast filtering.
– 93 –
C
HAPTER
Managing System Files
4
| Basic Management Tasks
WEB INTERFACE
To view Bridge Extension information:
1. Click System, then Capability.
Figure 6: Displaying Bridge Extension Configuration
MANAGING SYSTEM FILES
This section describes how to upgrade the switch operating software or
configuration files, and set the system start-up files.
COPYING FILES VIA
FTP/TFTP OR HTTP
Use the System > File (Copy) page to upload/download firmware or
configuration settings using FTP, TFTP or HTTP. By backing up a file to an
FTP/TFTP server or management station, that file can later be downloaded
to the switch to restore operation. Specify the method of file transfer, along
with the file type and file names as required.
You can also set the switch to use new firmware or configuration settings
without overwriting the current version. Just download the file using a
different name from the current version, and then set the new file as the
startup file.
– 94 –
C
HAPTER
4
| Basic Management Tasks
Managing System Files
CLI REFERENCES
◆ "copy" on page 512
PARAMETERS
The following parameters are displayed:
◆ Copy Type – The firmware copy operation includes these options:
■
FTP Upgrade – Copies a file from an FTP server to the switch.
■
FTP Download – Copies a file from the switch to an FTP server.
■
TFTP Upgrade – Copies a file from a TFTP server to the switch.
■
TFTP Download – Copies a file from the switch to a TFTP server.
■
HTTP Upgrade – Copies a file from a management station to the
switch.
■
HTTP Download – Copies a file from the switch to a management
station
◆ FTP/TFTP Server IP Address – The IP address of an FTP/TFTP server.
◆ User Name – The user name for FTP server access.
◆ Password – The password for FTP server access.
◆ File Type – Specify Operation Code to copy firmware.
◆ File Name –
The file name should not contain slashes (\ or /),
the
leading letter of the file name should not be a period (.), and the
maximum length for file names is 31 characters for files on the switch.
(Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
N
OTE
:
Up to two copies of the system software (i.e., the runtime firmware)
can be stored in the file directory on the switch.
N
OTE
:
The maximum number of user-defined configuration files is limited
only by available flash memory space.
N
OTE
:
The file “Factory_Default_Config.cfg” can be copied to a TFTP server
or management station, but cannot be used as the destination file name on
the switch.
WEB INTERFACE
To copy firmware files:
1. Click System, then File.
2. Select Copy from the Action list.
– 95 –
C
HAPTER
Managing System Files
4
| Basic Management Tasks
3. Select FTP Upgrade, HTTP Upgrade, or TFTP Upgrade as the file transfer
method.
4. If FTP or TFTP Upgrade is used, enter the IP address of the file server.
5. If FTP Upgrade is used, enter the user name and password for your
account on the FTP server.
6. Set the file type to Operation Code.
7. Enter the name of the file to download.
8. Select a file on the switch to overwrite or specify a new file name.
9. Then click Apply.
Figure 7: Copy Firmware
SAVING THE RUNNING
CONFIGURATION TO A
LOCAL FILE
If you replaced a file currently used for startup and want to start using the
new file, reboot the system via the System > Reset menu.
Use the System > File (Copy) page to save the current configuration
settings to a local file on the switch. The configuration settings are not
automatically saved by the system for subsequent use when the switch is
rebooted. You must save these settings to the current startup file, or to
another file which can be subsequently set as the startup file.
CLI REFERENCES
◆ "copy" on page 512
PARAMETERS
The following parameters are displayed:
◆ Copy Type – The copy operation includes this option:
■
Running-Config – Copies the current configuration settings to a local
file on the switch.
– 96 –
C
HAPTER
◆ Destination File Name – Copy to the currently designated startup
file, or to a new file.
the leading letter of the file name should not be a period (.), and the
maximum length for file names is 31 characters for files on the switch.
(Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
N
OTE
:
The maximum number of user-defined configuration files is limited
only by available flash memory space.
The file name should not contain slashes (\ or /),
4
| Basic Management Tasks
Managing System Files
WEB INTERFACE
To save the running configuration file:
1. Click System, then File.
2. Select Copy from the Action list.
3. Select Running-Config from the Copy Type list.
SETTING THE START-
U
P FILE
4. Select the current startup file on the switch to overwrite or specify a
new file name.
5. Then click Apply.
Figure 8: Saving the Running Configuration
If you replaced a file currently used for startup and want to start using the
new file, reboot the system via the System > Reset menu.
Use the System > File (Set Start-Up) page to specify the firmware or
configuration file to use for system initialization.
CLI REFERENCES
◆ "whichboot" on page 516
◆ "boot system" on page 511
– 97 –
C
HAPTER
Managing System Files
4
| Basic Management Tasks
WEB INTERFACE
To set a file to use for system initialization:
1. Click System, then File.
2. Select Set Start-Up from the Action list.
3. Mark the operation code or configuration file to be used at startup
4. Then click Apply.
Figure 9: Setting Start-Up Files
SHOWING SYSTEM
FILES
To start using the new firmware or configuration settings, reboot the
system via the System > Reset menu.
Use the System > File (Show) page to show the files in the system
directory, or to delete a file.
N
OTE
:
Files designated for start-up, and the Factory_Default_Config.cfg
file, cannot be deleted.
CLI REFERENCES
◆ "dir" on page 515
◆ "delete" on page 515
WEB INTERFACE
To show the system files:
1. Click System, then File.
2. Select Show from the Action list.
3. To delete a file, mark it in the File List and click Delete.
– 98 –
Figure 10: Displaying System Files
C
HAPTER
4
| Basic Management Tasks
Managing System Files
AUTOMATIC
OPERATION CODE
UPGRADE
Use the System > File (Automatic Operation Code Upgrade) page to
automatically download an operation code file when a file newer than the
currently installed one is discovered on the file server. After the file is
transferred from the server and successfully written to the file system, it is
automatically set as the startup file, and the switch is rebooted.
CLI REFERENCES
◆ "upgrade opcode auto" on page 517
◆ "upgrade opcode path" on page 518
USAGE GUIDELINES
◆ If this feature is enabled, the switch searches the defined URL once
during the bootup sequence.
◆ FTP (port 21) and TFTP (port 69) are both supported. Note that the
TCP/UDP port bindings cannot be modified to support servers listening
on non-standard ports.
◆ The host portion of the upgrade file location URL must be a valid IPv4
IP address. DNS host names are not recognized. Valid IP addresses
consist of four numbers, 0 to 255, separated by periods.
◆ The path to the directory must also be defined. If the file is stored in
the root directory for the FTP/TFTP service, then use the “/” to indicate
this (e.g., ftp://192.168.0.1/).
◆ The file name must not be included in the upgrade file location URL.
The file name of the code stored on the remote server must be
ms453490m.bix (using upper case and lower case letters exactly as
indicated here). Enter the file name for other switches described in this
manual exactly as shown on the web interface.
◆ The FTP connection is made with PASV mode enabled. PASV mode is
needed to traverse some fire walls, even if FTP traffic is not blocked.
PASV mode cannot be disabled.
◆ The switch-based search function is case-insensitive in that it will
accept a file name in upper or lower case (i.e., the switch will accept
MS453490M.BIX from the server even though MS453490M.bix was
– 99 –
C
HAPTER
Managing System Files
4
| Basic Management Tasks
requested). However, keep in mind that the file systems of many
operating systems such as Unix and most Unix-like systems (FreeBSD,
NetBSD, OpenBSD, and most Linux distributions, etc.) are casesensitive, meaning that two files in the same directory, ms453490m.bix
and MS453490M.bix are considered to be unique files. Thus, if the
upgrade file is stored as MS453490M.bix (or even Ms453490m.bix) on
a case-sensitive server, then the switch (requesting ms453490m.bix)
will not be upgraded because the server does not recognize the
requested file name and the stored file name as being equal. A notable
exception in the list of case-sensitive Unix-like operating systems is
Mac OS X, which by default is case-insensitive. Please check the
documentation for your server’s operating system if you are unsure of
its file system’s behavior.
◆ Note that the switch itself does not distinguish between upper and
lower-case file names, and only checks to see if the file stored on the
server is more recent than the current runtime image.
◆ If two operation code image files are already stored on the switch’s file
system, then the non-startup image is deleted before the upgrade
image is transferred.
◆ The automatic upgrade process will take place in the background
without impeding normal operations (data switching, etc.) of the
switch.
◆ During the automatic search and transfer process, the administrator
cannot transfer or update another operation code image, configuration
file, public key, or HTTPS certificate (i.e., no other concurrent file
management operations are possible).
◆ The upgrade operation code image is set as the startup image after it
has been successfully written to the file system.
◆ The switch will send an SNMP trap and make a log entry upon all
upgrade successes and failures.
◆ The switch will immediately restart after the upgrade file is successfully
written to the file system and set as the startup image.
PARAMETERS
The following parameters are displayed:
◆ Automatic Opcode Upgrade – Enables the switch to search for an
upgraded operation code file during the switch bootup process.
(Default: Disabled)
◆ Automatic Upgrade Location URL – Defines where the switch should
search for the operation code upgrade file. The last character of this
URL must be a forward slash (“/”). The ms453490m.bix filename must
not be included since it is automatically appended by the switch.
(Options: ftp, tftp)
– 100 –
Loading...