Microsoft ES4612 User Manual
e
t
h
e
r
e
i
s
n
o
e
d
g
e
l
i
m
i
t
t
h
e
r
e
i
s
n
o
p
e
r
m
a
n
e
n
t
c
o
r
e
r
o
c
t
n
e
n
a
m
r
e
p
o
n
s
i
e
r
e
h
t
t
i
m
i
l
e
g
d
e
o
n
s
i
e
r
e
h
t
Gigabit Ethernet Switch
Management Guide
Management Guide
Gigabit Ethernet Switch
Layer 3 Workgroup Switch with 8 SFP Ports,
and 4 Gigabit Combination (RJ-45/SFP) Ports
ES4612
F1.0.2.5 E092004-R01
150000046400A
Contents
Chapter 1: Introduction 1-1
Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6
Chapter 2: Initial Configuration 2-1
Connecting to the Switch 2-1
Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3
Basic Configuration 2-3
Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4
Manual Configuration 2-4
Dynamic Configuration 2-5
Enabling SNMP Management Access 2-6
Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8
Saving Configuration Settings 2-8
Managing System Files 2-9
Chapter 3: Configuring the Switch 3-1
Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2
Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-11
Displaying System Information 3-11
Displaying Switch Hardware/Software Versions 3-12
Displaying Bridge Extension Capabilities 3-14
Setting the Switch’s IP Address 3-15
Manual Configuration 3-16
Using DHCP/BOOTP 3-18
Managing Firmware 3-19
Downloading System Software from a Server 3-20
Saving or Restoring Configuration Settings 3-22
Downloading Configuration Settings from a Server 3-23
v
Contents
Console Port Settings 3-24
Telnet Settings 3-26
Configuring Event Logging 3-28
System Log Configuration 3-28
Remote Log Configuration 3-30
Displaying Log Messages 3-32
Resetting the System 3-32
Setting the System Clock 3-33
Configuring SNTP 3-33
Setting the Time Zone 3-34
Simple Network Management Protocol 3-35
Enabling the SNMP Agent 3-36
Setting Community Access Strings 3-36
Specifying Trap Managers and Trap Types 3-37
Configuring SNMPv3 Management Access 3-38
Setting an Engine ID 3-38
Configuring SNMPv3 Users 3-39
Configuring SNMPv3 Groups 3-41
Setting SNMPv3 Views 3-43
User Authentication 3-44
Configuring User Accounts 3-44
Configuring Local/Remote Logon Authentication 3-46
Configuring HTTPS 3-48
Replacing the Default Secure-site Certificate 3-49
Configuring the Secure Shell 3-50
Generating the Host Key Pair 3-52
Configuring the SSH Server 3-54
Configuring Port Security 3-55
Configuring 802.1x Port Authentication 3-57
Displaying 802.1x Global Settings 3-58
Configuring 802.1x Global Settings 3-60
Configuring Port Authorization Mode 3-61
Displaying 802.1x Statistics 3-62
Filtering IP Addresses for Management Access 3-64
Access Control Lists 3-66
Configuring Access Control Lists 3-66
Setting the ACL Name and Type 3-67
Configuring a Standard IP ACL 3-67
Configuring an Extended IP ACL 3-69
Configuring a MAC ACL 3-71
Configuring ACL Masks 3-73
Specifying the Mask Type 3-73
Configuring an IP ACL Mask 3-74
Configuring a MAC ACL Mask 3-76
Binding a Port to an Access Control List 3-77
vi
Contents
Port Configuration 3-78
Displaying Connection Status 3-78
Configuring Interface Connections 3-81
Creating Trunk Groups 3-83
Statically Configuring a Trunk 3-84
Enabling LACP on Selected Ports 3-85
Configuring LACP Parameters 3-87
Displaying LACP Port Counters 3-89
Displaying LACP Settings and Status for the Local Side 3-90
Displaying LACP Settings and Status for the Remote Side 3-92
Setting Broadcast Storm Thresholds 3-93
Configuring Port Mirroring 3-95
Configuring Rate Limits 3-96
Showing Port Statistics 3-97
Address Table Settings 3-101
Setting Static Addresses 3-101
Displaying the Address Table 3-102
Changing the Aging Time 3-104
Spanning Tree Algorithm Configuration 3-104
Displaying Global Settings 3-105
Configuring Global Settings 3-108
Displaying Interface Settings 3-112
Configuring Interface Settings 3-115
Configuring Multiple Spanning Trees 3-117
Displaying Interface Settings for MSTP 3-120
Configuring Interface Settings for MSTP 3-121
VLAN Configuration 3-123
Configuring IEEE 802.1Q VLANs 3-123
Enabling or Disabling GVRP (Global Setting) 3-126
Displaying Basic VLAN Information 3-126
Displaying Current VLANs 3-127
Creating VLANs 3-128
Adding Static Members to VLANs (VLAN Index) 3-129
Adding Static Members to VLANs (Port Index) 3-131
Configuring VLAN Behavior for Interfaces 3-132
Configuring Private VLANs 3-134
Enabling Private VLANs 3-134
Configuring Uplink and Downlink Ports 3-135
Configuring Protocol-Based VLANs 3-135
Configuring Protocol Groups 3-136
Mapping Protocols to VLANs 3-136
Class of Service Configuration 3-138
Layer 2 Queue Settings 3-138
Setting the Default Priority for Interfaces 3-138
Mapping CoS Values to Egress Queues 3-140
vii
Contents
Selecting the Queue Mode 3-142
Setting the Service Weight for Traffic Classes 3-142
Layer 3/4 Priority Settings 3-144
Mapping Layer 3/4 Priorities to CoS Values 3-144
Selecting IP Precedence/DSCP Priority 3-144
Mapping IP Precedence 3-145
Mapping DSCP Priority 3-146
Mapping IP Port Priority 3-148
Mapping CoS Values to ACLs 3-149
Changing Priorities Based on ACL Rules 3-150
Multicast Filtering 3-152
IGMP Protocol 3-152
Layer 2 IGMP (Snooping and Query) 3-153
Configuring IGMP Snooping and Query Parameters 3-154
Displaying Interfaces Attached to a Multicast Router 3-156
Specifying Static Interfaces for a Multicast Router 3-157
Displaying Port Members of Multicast Services 3-158
Assigning Ports to Multicast Services 3-159
Layer 3 IGMP (Query used with Multicast Routing) 3-160
Configuring IGMP Interface Parameters 3-160
Displaying Multicast Group Information 3-163
Configuring Domain Name Service 3-164
Configuring General DNS Server Parameters 3-164
Configuring Static DNS Host to Address Entries 3-166
Displaying the DNS Cache 3-168
Dynamic Host Configuration Protocol 3-169
Configuring DHCP Relay Service 3-169
Configuring the DHCP Server 3-171
Enabling the Server, Setting Excluded Addresses 3-171
Configuring Address Pools 3-173
Displaying Address Bindings 3-177
Configuring Router Redundancy 3-178
Virtual Router Redundancy Protocol 3-179
Configuring VRRP Groups 3-179
Displaying VRRP Global Statistics 3-184
Displaying VRRP Group Statistics 3-185
Hot Standby Router Protocol 3-186
Configuring HSRP Groups 3-186
IP Routing 3-193
Overview 3-193
Initial Configuration 3-193
IP Switching 3-194
Routing Path Management 3-195
Routing Protocols 3-195
Basic IP Interface Configuration 3-196
viii
Contents
Configuring IP Routing Interfaces 3-197
Address Resolution Protocol 3-199
Proxy ARP 3-199
Basic ARP Configuration 3-200
Configuring Static ARP Addresses 3-201
Displaying Dynamically Learned ARP Entries 3-202
Displaying Local ARP Entries 3-203
Displaying ARP Statistics 3-204
Displaying Statistics for IP Protocols 3-205
IP Statistics 3-205
ICMP Statistics 3-207
UDP Statistics 3-209
TCP Statistics 3-210
Configuring Static Routes 3-211
Displaying the Routing Table 3-212
Configuring the Routing Information Protocol 3-213
Configuring General Protocol Settings 3-214
Specifying Network Interfaces for RIP 3-216
Configuring Network Interfaces for RIP 3-217
Displaying RIP Information and Statistics 3-220
Configuring the Open Shortest Path First Protocol 3-223
Configuring General Protocol Settings 3-224
Configuring OSPF Areas 3-227
Configuring Area Ranges (Route Summarization for ABRs) 3-230
Configuring OSPF Interfaces 3-232
Configuring Virtual Links 3-236
Configuring Network Area Addresses 3-238
Configuring Summary Addresses (for External AS Routes) 3-241
Redistributing External Routes 3-242
Configuring NSSA Settings 3-243
Displaying Link State Database Information 3-245
Displaying Information on Border Routers 3-247
Displaying Information on Neighbor Routers 3-248
Multicast Routing 3-249
Configuring Global Settings for Multicast Routing 3-249
Displaying the Multicast Routing Table 3-250
Configuring DVMRP 3-253
Configuring Global DVMRP Settings 3-253
Configuring DVMRP Interface Settings 3-256
Displaying Neighbor Information 3-258
Displaying the Routing Table 3-259
Configuring PIM-DM 3-260
Configuring Global PIM-DM Settings 3-260
Configuring PIM-DM Interface Settings 3-261
Displaying Interface Information 3-264
ix
Contents
Displaying Neighbor Information 3-264
Chapter 4: Command Line Interface 4-1
Using the Command Line Interface 4-1
Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-1
Entering Commands 4-3
Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-6
Exec Commands 4-6
Configuration Commands 4-7
Command Line Processing 4-9
Command Groups 4-10
Line Commands 4-11
line 4-12
login 4-12
password 4-13
timeout login response 4-14
exec-timeout 4-15
password-thresh 4-15
silent-time 4-16
databits 4-17
parity 4-17
speed 4-18
stopbits 4-18
disconnect 4-19
show line 4-19
General Commands 4-20
enable 4-21
disable 4-21
configure 4-22
show history 4-22
reload 4-23
end 4-24
exit 4-24
quit 4-24
x
Contents
System Management Commands 4-25
Device Designation Commands 4-25
prompt 4-26
hostname 4-26
User Access Commands 4-27
username 4-27
enable password 4-28
IP Filter Commands 4-29
management 4-29
show management 4-30
Web Server Commands 4-31
ip http port 4-31
ip http server 4-31
ip http secure-server 4-32
ip http secure-port 4-33
Telnet Server Commands 4-34
ip telnet port 4-34
ip telnet server 4-34
Secure Shell Commands 4-35
ip ssh server 4-37
ip ssh timeout 4-38
ip ssh authentication-retries 4-38
ip ssh server-key size 4-39
delete public-key 4-39
ip ssh crypto host-key generate 4-40
ip ssh crypto zeroize 4-40
ip ssh save host-key 4-41
show ip ssh 4-41
show ssh 4-42
show public-key 4-43
Event Logging Commands 4-44
logging on 4-44
logging history 4-45
logging host 4-46
logging facility 4-46
logging trap 4-47
clear logging 4-47
show logging 4-48
SMTP Alert Commands 4-49
logging sendmail host 4-50
logging sendmail level 4-50
logging sendmail source-email 4-51
logging sendmail destination-email 4-51
logging sendmail 4-52
show logging sendmail 4-52
xi
Contents
Time Commands 4-53
sntp client 4-53
sntp server 4-54
sntp poll 4-55
show sntp 4-55
clock timezone 4-56
calendar set 4-57
show calendar 4-57
System Status Commands 4-58
show startup-config 4-58
show running-config 4-59
show system 4-61
show users 4-62
show version 4-62
Frame Size Commands 4-63
jumbo frame 4-63
Flash/File Commands 4-64
copy 4-64
delete 4-67
dir 4-67
whichboot 4-68
boot system 4-69
Authentication Commands 4-70
Authentication Sequence 4-70
authentication login 4-70
authentication enable 4-71
RADIUS Client 4-72
radius-server host 4-72
radius-server port 4-73
radius-server key 4-73
radius-server retransmit 4-74
radius-server timeout 4-74
show radius-server 4-74
TACACS+ Client 4-75
tacacs-server host 4-75
tacacs-server port 4-76
tacacs-server key 4-76
show tacacs-server 4-77
Port Security Commands 4-77
port security 4-78
802.1x Port Authentication 4-79
authentication dot1x default 4-80
dot1x default 4-80
dot1x max-req 4-80
dot1x port-control 4-81
xii
Contents
dot1x operation-mode 4-82
dot1x re-authenticate 4-82
dot1x re-authentication 4-83
dot1x timeout quiet-period 4-83
dot1x timeout re-authperiod 4-84
dot1x timeout tx-period 4-84
show dot1x 4-85
Access Control List Commands 4-87
IP ACLs 4-88
access-list ip 4-89
permit, deny (Standard ACL) 4-90
permit, deny (Extended ACL) 4-91
show ip access-list 4-93
access-list ip mask-precedence 4-93
mask (IP ACL) 4-94
show access-list ip mask-precedence 4-97
ip access-group 4-98
show ip access-group 4-98
map access-list ip 4-99
show map access-list ip 4-100
match access-list ip 4-100
show marking 4-101
MAC ACLs 4-102
access-list mac 4-102
permit, deny (MAC ACL) 4-103
show mac access-list 4-104
access-list mac mask-precedence 4-105
mask (MAC ACL) 4-106
show access-list mac mask-precedence 4-108
mac access-group 4-108
show mac access-group 4-109
map access-list mac 4-109
show map access-list mac 4-110
match access-list mac 4-111
ACL Information 4-112
show access-list 4-112
show access-group 4-112
SNMP Commands 4-113
snmp-server 4-113
show snmp 4-114
snmp-server community 4-115
snmp-server contact 4-115
snmp-server location 4-116
snmp-server host 4-117
snmp-server enable traps 4-118
xiii
Contents
snmp-server engine-id 4-119
show snmp engine-id 4-119
snmp-server view 4-120
show snmp view 4-121
snmp-server group 4-121
show snmp group 4-123
snmp-server user 4-124
show snmp user 4-125
snmp ip filter 4-125
DHCP Commands 4-126
DHCP Client 4-126
ip dhcp client-identifier 4-127
ip dhcp restart client 4-127
DHCP Relay 4-128
ip dhcp restart relay 4-128
ip dhcp relay server 4-129
DHCP Server 4-130
service dhcp 4-130
ip dhcp excluded-address 4-131
ip dhcp pool 4-131
network 4-132
default-router 4-133
domain-name 4-133
dns-server 4-134
next-server 4-134
bootfile 4-135
netbios-name-server 4-135
netbios-node-type 4-136
lease 4-136
host 4-137
client-identifier 4-138
hardware-address 4-139
clear ip dhcp binding 4-139
show ip dhcp binding 4-140
DNS Commands 4-141
ip host 4-141
clear host 4-142
ip domain-name 4-142
ip domain-list 4-143
ip name-server 4-144
ip domain-lookup 4-145
show hosts 4-146
show dns 4-147
show dns cache 4-147
clear dns cache 4-148
xiv
Contents
Interface Commands 4-149
interface 4-149
description 4-150
speed-duplex 4-150
negotiation 4-151
capabilities 4-152
media-type 4-154
shutdown 4-154
switchport broadcast packet-rate 4-155
clear counters 4-156
show interfaces status 4-157
show interfaces counters 4-158
show interfaces switchport 4-159
Mirror Port Commands 4-160
port monitor 4-160
show port monitor 4-161
Rate Limit Commands 4-162
rate-limit 4-162
Link Aggregation Commands 4-163
channel-group 4-164
lacp 4-164
Address Table Commands 4-166
mac-address-table static 4-166
clear mac-address-table dynamic 4-167
show mac-address-table 4-167
mac-address-table aging-time 4-168
show mac-address-table aging-time 4-169
Spanning Tree Commands 4-169
spanning-tree 4-170
spanning-tree mode 4-171
spanning-tree forward-time 4-172
spanning-tree hello-time 4-173
spanning-tree max-age 4-173
spanning-tree priority 4-174
spanning-tree pathcost method 4-174
spanning-tree transmission-limit 4-175
spanning-tree mst-configuration 4-175
mst vlan 4-176
mst priority 4-177
name 4-177
revision 4-178
max-hops 4-179
spanning-tree spanning-disabled 4-179
spanning-tree cost 4-180
spanning-tree port-priority 4-180
xv
Contents
spanning-tree edge-port 4-181
spanning-tree portfast 4-182
spanning-tree link-type 4-183
spanning-tree mst cost 4-183
spanning-tree mst port-priority 4-184
spanning-tree protocol-migration 4-185
show spanning-tree 4-186
show spanning-tree mst configuration 4-188
VLAN Commands 4-188
Editing VLAN Groups 4-189
vlan database 4-189
vlan 4-190
Configuring VLAN Interfaces 4-191
interface vlan 4-191
switchport mode 4-192
switchport acceptable-frame-types 4-192
switchport ingress-filtering 4-193
switchport native vlan 4-194
switchport allowed vlan 4-195
switchport forbidden vlan 4-196
Displaying VLAN Information 4-197
show vlan 4-197
Configuring Private VLANs 4-198
pvlan 4-198
show pvlan 4-199
Configuring Protocol-based VLANs 4-199
protocol-vlan protocol-group (Configuring Groups) 4-200
protocol-vlan protocol-group (Configuring Interfaces) 4-200
show protocol-vlan protocol-group 4-201
show interfaces protocol-vlan protocol-group 4-202
GVRP and Bridge Extension Commands 4-203
bridge-ext gvrp 4-203
show bridge-ext 4-204
switchport gvrp 4-204
show gvrp configuration 4-205
garp timer 4-205
show garp timer 4-206
Priority Commands 4-207
Priority Commands (Layer 2) 4-207
queue mode 4-208
switchport priority default 4-209
queue bandwidth 4-210
queue cos-map 4-210
show queue mode 4-211
show queue bandwidth 4-212
xvi
Contents
show queue cos-map 4-212
Priority Commands (Layer 3 and 4) 4-213
map ip port (Global Configuration) 4-213
map ip port (Interface Configuration) 4-214
map ip precedence (Global Configuration) 4-214
map ip precedence (Interface Configuration) 4-215
map ip dscp (Global Configuration) 4-216
map ip dscp (Interface Configuration) 4-216
show map ip port 4-217
show map ip precedence 4-218
show map ip dscp 4-219
Multicast Filtering Commands 4-220
IGMP Snooping Commands 4-221
ip igmp snooping 4-221
ip igmp snooping vlan static 4-221
ip igmp snooping version 4-222
show ip igmp snooping 4-222
show mac-address-table multicast 4-223
IGMP Query Commands (Layer 2) 4-224
ip igmp snooping querier 4-224
ip igmp snooping query-count 4-224
ip igmp snooping query-interval 4-225
ip igmp snooping query-max-response-time 4-226
ip igmp snooping router-port-expire-time 4-226
Static Multicast Routing Commands 4-227
ip igmp snooping vlan mrouter 4-227
show ip igmp snooping mrouter 4-228
IGMP Commands (Layer 3) 4-229
ip igmp 4-229
ip igmp robustval 4-230
ip igmp query-interval 4-231
ip igmp max-resp-interval 4-231
ip igmp last-memb-query-interval 4-232
ip igmp version 4-233
show ip igmp interface 4-233
clear ip igmp group 4-234
show ip igmp groups 4-235
IP Interface Commands 4-236
Basic IP Configuration 4-236
ip address 4-236
ip default-gateway 4-238
show ip interface 4-239
show ip redirects 4-239
ping 4-239
Address Resolution Protocol (ARP) 4-241
xvii
Contents
arp 4-241
arp-timeout 4-242
clear arp-cache 4-242
show arp 4-242
ip proxy-arp 4-243
IP Routing Commands 4-244
Global Routing Configuration 4-244
ip routing 4-244
ip route 4-245
clear ip route 4-246
show ip route 4-246
show ip host-route 4-247
show ip traffic 4-248
Routing Information Protocol (RIP) 4-248
router rip 4-249
timers basic 4-249
network 4-250
neighbor 4-251
version 4-252
ip rip receive version 4-253
ip rip send version 4-254
ip split-horizon 4-255
ip rip authentication key 4-255
ip rip authentication mode 4-256
show rip globals 4-257
show ip rip 4-257
Open Shortest Path First (OSPF) 4-259
router ospf 4-260
router-id 4-260
compatible rfc1583 4-261
default-information originate 4-262
timers spf 4-263
area range 4-264
area default-cost 4-264
summary-address 4-265
redistribute 4-266
network area 4-267
area stub 4-268
area nssa 4-269
area virtual-link 4-270
ip ospf authentication 4-272
ip ospf authentication-key 4-273
ip ospf message-digest-key 4-274
ip ospf cost 4-275
ip ospf dead-interval 4-275
xviii
Contents
ip ospf hello-interval 4-276
ip ospf priority 4-276
ip ospf retransmit-interval 4-277
ip ospf transmit-delay 4-278
show ip ospf 4-278
show ip ospf border-routers 4-279
show ip ospf database 4-280
show ip ospf interface 4-288
show ip ospf neighbor 4-289
show ip ospf summary-address 4-290
show ip ospf virtual-links 4-290
Multicast Routing Commands 4-291
Static Multicast Routing Commands 4-291
ip igmp snooping vlan mrouter 4-291
show ip igmp snooping mrouter 4-292
General Multicast Routing Commands 4-293
ip multicast-routing 4-293
show ip mroute 4-293
DVMRP Multicast Routing Commands 4-295
router dvmrp 4-295
probe-interval 4-296
nbr-timeout 4-297
report-interval 4-297
flash-update-interval 4-298
prune-lifetime 4-298
default-gateway 4-299
ip dvmrp 4-299
ip dvmrp metric 4-300
clear ip dvmrp route 4-301
show router dvmrp 4-301
show ip dvmrp route 4-302
show ip dvmrp neighbor 4-303
show ip dvmrp interface 4-303
PIM-DM Multicast Routing Commands 4-304
router pim 4-304
ip pim dense-mode 4-305
ip pim hello-interval 4-306
ip pim hello-holdtime 4-306
ip pim trigger-hello-interval 4-307
ip pim join-prune-holdtime 4-307
ip pim graft-retry-interval 4-308
ip pim max-graft-retries 4-309
show router pim 4-309
show ip pim interface 4-309
show ip pim neighbor 4-310
xix
Contents
Router Redundancy Commands 4-311
Virtual Router Redundancy Protocol Commands 4-311
vrrp ip 4-312
vrrp authentication 4-313
vrrp priority 4-313
vrrp timers advertise 4-314
vrrp preempt 4-315
show vrrp 4-316
show vrrp interface 4-318
show vrrp router counters 4-318
show vrrp interface counters 4-319
clear vrrp router counters 4-319
clear vrrp interface counters 4-319
Hot Standby Router Protocol Commands 4-320
standby ip 4-321
standby priority 4-322
standby preempt 4-323
standby authentication 4-324
standby timers 4-325
standby track 4-326
show standby 4-327
show standby interface 4-329
Appendix A: Software Specifications A-1
Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3
Appendix B: Troubleshooting B-1
Problems Accessing the Management Interface B-1
Using System Logs B-2
Glossary
Index
xx
Tables
Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-6
Table 3-1 Web Page Configuration Buttons 3-3
Table 3-2 Switch Main Menu 3-4
Table 3-3 Logging Levels 3-29
Table 3-4 SNMPv3 Security Models and Levels 3-35
Table 3-5 HTTPS System Support 3-49
Table 3-6 802.1x Statistics 3-62
Table 3-7 LACP Port Counters 3-89
Table 3-8 Internal Configuration Information 3-90
Table 3-9 Neighbor Configuration Information 3-92
Table 3-10 Port Statistics 3-97
Table 3-11 Mapping CoS Values to Egress Queues 3-140
Table 3-12 CoS Priority Levels 3-140
Table 3-13 Mapping IP Precedence 3-145
Table 3-14 Mapping DSCP Priority 3-146
Table 3-15 Mapping CoS Values to IP ACLs 3-149
Table 3-16 Address Resolution Protocol 3-199
Table 3-17 ARP Statistics 3-204
Table 3-18 IP Statistics 3-205
Table 3-19 ICMP Statistics 3-207
Table 3-20 USP Statistics 3-209
Table 3-21 TCP Statistics 3-210
Table 3-22 RIP Information and Statistics 3-220
Table 4-1 General Command Modes 4-6
Table 4-2 Configuration Command Modes 4-8
Table 4-3 Keystroke Commands 4-9
Table 4-4 Command Group Index 4-10
Table 4-5 Line Commands 4-11
Table 4-6 General Commands 4-20
Table 4-7 System Management Commands 4-25
Table 4-8 Device Designation Commands 4-25
Table 4-9 User Access Commands 4-27
Table 4-10 Default Login Settings 4-27
Table 4-11 IP Filter Commands 4-29
Table 4-12 Web Server Commands 4-31
Table 4-13 HTTPS System Support 4-32
Table 4-14 Secure Shell Commands 4-35
Table 4-15 show ssh - display description 4-42
Table 4-16 Event Logging Commands 4-44
Table 4-17 Logging Levels 4-45
xxi
Tables
Table 4-18 show logging flash - display description 4-48
Table 4-19 show logging trap - display description 4-49
Table 4-20 SMTP Alert Commands 4-49
Table 4-21 Time Commands 4-53
Table 4-22 System Status Commands 4-58
Table 4-23 Frame Size Commands 4-63
Table 4-24 Flash/File Commands 4-64
Table 4-25 File Directory Information 4-68
Table 4-26 Authentication Commands 4-70
Table 4-27 Authentication Sequence Commands 4-70
Table 4-28 RADIUS Client Commands 4-72
Table 4-29 TACACS+ Client Commands 4-75
Table 4-30 Port Security Commands 4-77
Table 4-31 802.1x Port Authentication Commands 4-79
Table 4-32 Access Control List Commands 4-88
Table 4-33 IP ACL Commands 4-88
Table 4-34 Mapping CoS Values to IP ACLs 4-99
Table 4-35 MAC ACL Commands 4-102
Table 4-36 Mapping CoS Values to MAC ACLs 4-109
Table 4-37 ACL Information Commands 4-112
Table 4-38 SNMP Commands 4-113
Table 4-39 show snmp engine-id - display description 4-120
Table 4-40 show snmp view - display description 4-121
Table 4-41 show snmp group - display description 4-124
Table 4-42 show snmp user - display description 4-125
Table 4-43 DHCP Commands 4-126
Table 4-44 DHCP Client Commands 4-126
Table 4-45 DHCP Relay Commands 4-128
Table 4-46 DHCP Server Commands 4-130
Table 4-47 DNS Commands 4-141
Table 4-48 show dns cache - display description 4-147
Table 4-49 Interface Commands 4-149
Table 4-50 show interfaces switchport - display description 4-159
Table 4-51 Mirror Port Commands 4-160
Table 4-52 Rate Limit Commands 4-162
Table 4-53 Link Aggregation Commands 4-163
Table 4-54 Address Table Commands 4-166
Table 4-55 Spanning Tree Commands 4-169
Table 4-56 VLAN Commands 4-188
Table 4-57 Commands for Editing VLAN Groups 4-189
Table 4-58 Commands for Configuring VLAN Interfaces 4-191
Table 4-59 Commands for Displaying VLAN Information 4-197
Table 4-60 Private VLAN Commands 4-198
Table 4-61 Protocol-based VLAN Commands 4-199
Table 4-62 GVRP and Bridge Extension Commands 4-203
xxii
Tables
Table 4-63 Priority Commands 4-207
Table 4-64 Priority Commands (Layer 2) 4-207
Table 4-65 Default CoS Priority Levels 4-211
Table 4-66 Priority Commands (Layer 3 and 4) 4-213
Table 4-67 Mapping IP Precedence to CoS Values 4-215
Table 4-68 Mapping IP DSCP to CoS Values 4-217
Table 4-69 Multicast Filtering Commands 4-220
Table 4-70 IGMP Snooping Commands 4-221
Table 4-71 IGMP Query Commands (Layer 2) 4-224
Table 4-72 Static Multicast Routing Commands 4-227
Table 4-73 IGMP Commands (Layer 3) 4-229
Table 4-74 show ip igmp groups - display description 4-235
Table 4-75 IP Interface Commands 4-236
Table 4-76 Basic IP Configuration Commands 4-236
Table 4-77 Address Resolution Protocol Commands 4-241
Table 4-78 IP Routing Commands 4-244
Table 4-79 Global Routing Configuration Commands 4-244
Table 4-80 show ip route - display description 4-247
Table 4-81 show ip host-route - display description 4-247
Table 4-82 Routing Information Protocol Commands 4-248
Table 4-83 show rip globals - display description 4-257
Table 4-84 show ip rip - display description 4-258
Table 4-85 Open Shortest Path First Commands 4-259
Table 4-87 show ip ospf border-routers - display description 4-279
Table 4-86 show ip ospf - display description 4-279
Table 4-88 show ip ospf database - display description 4-281
Table 4-89 show ip ospf asbr-summary - display description 4-282
Table 4-90 show ip ospf database-summary - display description 4-283
Table 4-91 show ip ospf external - display description 4-284
Table 4-92 show ip ospf network - display description 4-285
Table 4-93 show ip ospf router - display description 4-286
Table 4-94 show ip ospf summary - display description 4-287
Table 4-95 show ip ospf interface - display description 4-288
Table 4-96 show ip ospf neighbor - display description 4-289
Table 4-97 show ip ospf virtual-links - display description 4-290
Table 4-98 Multicast Routing Commands 4-291
Table 4-99 Static Multicast Routing Commands 4-291
Table 4-100 General Multicast Routing Commands 4-293
Table 4-101 show ip mroute - display description 4-294
Table 4-102 DVMRP Multicast Routing Commands 4-295
Table 4-103 show ip dvmrp route - display description 4-302
Table 4-104 show ip dvmrp neighbor - display description 4-303
Table 4-105 PIM-DM Multicast Routing Commands 4-304
Table 4-106 show ip pim neighbor - display description 4-310
Table 4-107 Router Redundancy Commands 4-311
xxiii
Tables
Table 4-108 VRRP Commands 4-311
Table 4-110 show vrrp brief - display description 4-317
Table 4-109 show vrrp - display description 4-317
Table 4-111 HSRP Commands 4-320
Table 4-112 show standby - display description 4-327
Table 4-113 show standby brief - display description 4-328
Table B-1 Troubleshooting Chart B-1
xxiv
Figures
Figure 3-1 Home Page 3-2
Figure 3-2 Front Panel Indicators 3-3
Figure 3-3 System Information 3-11
Figure 3-4 Switch Information 3-13
Figure 3-5 Bridge Extension Configuration 3-14
Figure 3-6 IP Interface Configuration - Manual 3-16
Figure 3-7 Default Gateway 3-17
Figure 3-8 IP Interface Configuration - DHCP 3-18
Figure 3-9 Copy Firmware 3-20
Figure 3-10 Setting the Startup Code 3-20
Figure 3-11 Deleting Files 3-21
Figure 3-12 Copy Configuration Settings 3-23
Figure 3-13 Setting the Startup Configuration Settings 3-23
Figure 3-14 Configuring the Console Port 3-25
Figure 3-15 Configuring the Telnet Interface 3-27
Figure 3-16 System Logs 3-29
Figure 3-17 Remote Logs 3-31
Figure 3-18 Displaying Logs 3-32
Figure 3-19 Resetting the System 3-32
Figure 3-20 SNTP Configuration 3-33
Figure 3-21 Clock Time Zone 3-34
Figure 3-22 Enabling the SNMP Agent 3-36
Figure 3-23 Configuring SNMP Community Strings 3-37
Figure 3-24 Configuring SNMP Trap Managers 3-38
Figure 3-25 Setting the SNMPv3 Engine ID 3-39
Figure 3-26 Configuring SNMPv3 Users 3-40
Figure 3-27 Configuring SNMPv3 Groups 3-42
Figure 3-28 Configuring SNMPv3 Views 3-43
Figure 3-29 User Accounts 3-45
Figure 3-30 Authentication Server Settings 3-47
Figure 3-31 HTTPS Settings 3-49
Figure 3-32 SSH Host-Key Settings 3-53
Figure 3-33 SSH Server Settings 3-54
Figure 3-34 Port Security 3-56
Figure 3-35 802.1X Information 3-59
Figure 3-36 802.1X Configuration 3-61
Figure 3-37 802.1X Port Configuration 3-62
Figure 3-38 802.1X Statistics 3-63
Figure 3-39 IP Filter 3-65
Figure 3-40 ACL Configuration 3-67
Figure 3-41 ACL Configuration - Standard IP 3-68
xxv
Figures
Figure 3-42 ACL Configuration - Extended IP 3-70
Figure 3-43 ACL Configuration - MAC 3-72
Figure 3-44 ACL Mask Configuration 3-73
Figure 3-45 ACL Mask Configuration - IP 3-75
Figure 3-46 ACL Mask Configuration - MAC 3-76
Figure 3-47 ACL Port Binding 3-78
Figure 3-48 Port - Port Information 3-79
Figure 3-49 Port - Port Configuration 3-82
Figure 3-50 Static Trunk Configuration 3-84
Figure 3-51 LACP Trunk Configuration 3-86
Figure 3-52 LACP - Aggregation Port 3-88
Figure 3-53 LACP - Port Counters Information 3-89
Figure 3-54 LACP - Port Internal Information 3-91
Figure 3-55 LACP - Port Neighbors Information 3-92
Figure 3-56 Port Broadcast Control 3-93
Figure 3-57 Mirror Port Configuration 3-95
Figure 3-58 Rate Limit Configuration 3-96
Figure 3-59 Port Statistics 3-100
Figure 3-60 Static Addresses 3-102
Figure 3-61 Dynamic Addresses 3-103
Figure 3-62 Address Aging 3-104
Figure 3-63 STA Information 3-107
Figure 3-64 STA Configuration 3-111
Figure 3-65 STA Port Information 3-114
Figure 3-66 STA Port Configuration 3-117
Figure 3-67 MSTP VLAN Configuration 3-118
Figure 3-68 MSTP Port Information 3-120
Figure 3-69 MSTP Port Configuration 3-122
Figure 3-70 Enabling GVRP 3-126
Figure 3-71 VLAN Basic Information 3-126
Figure 3-72 VLAN Current Table 3-127
Figure 3-73 VLAN Static List - Creating VLANs 3-129
Figure 3-74 VLAN Static Table - Adding Static Members 3-130
Figure 3-75 VLAN Static Membership 3-131
Figure 3-76 VLAN Port Configuration 3-133
Figure 3-77 Private VLAN Status 3-134
Figure 3-78 Private VLAN Link Status 3-135
Figure 3-79 Protocol VLAN Configuration 3-136
Figure 3-80 Protocol VLAN Port Configuration 3-137
Figure 3-81 Default Port Priority 3-139
Figure 3-82 Traffic Classes 3-141
Figure 3-83 Queue Mode 3-142
Figure 3-84 Queue Scheduling 3-143
Figure 3-85 IP Precedence/DSCP Priority Status 3-144
Figure 3-86 IP Precedence Priority 3-145
xxvi
Figures
Figure 3-87 IP DSCP Priority 3-147
Figure 3-88 IP Port Priority Status 3-148
Figure 3-89 IP Port Priority 3-148
Figure 3-90 ACL CoS Priority 3-150
Figure 3-91 ACL Marker 3-151
Figure 3-92 IGMP Configuration 3-155
Figure 3-93 Multicast Router Port Information 3-156
Figure 3-94 Static Multicast Router Port Configuration 3-157
Figure 3-95 IP Multicast Registration Table 3-158
Figure 3-96 IGMP Member Port Table 3-159
Figure 3-97 IGMP Interface Settings 3-162
Figure 3-98 IGMP Group Membership 3-163
Figure 3-99 DNS General Configuration 3-165
Figure 3-100 DNS Static Host Table 3-167
Figure 3-101 DNS Cache 3-168
Figure 3-102 DHCP Relay Configuration 3-170
Figure 3-103 DHCP Server General Configuration 3-172
Figure 3-104 DHCP Server Pool Configuration 3-174
Figure 3-105 DHCP Server Pool - Network Configuration 3-175
Figure 3-106 DHCP Server Pool - Host Configuration 3-176
Figure 3-107 DHCP Server - IP Binding 3-177
Figure 3-108 VRRP Group Configuration 3-182
Figure 3-109 VRRP Group Configuration Detail 3-183
Figure 3-110 VRRP Global Statistics 3-184
Figure 3-111 VRRP Group Statistics 3-186
Figure 3-112 HSRP Group Configuration 3-190
Figure 3-113 HSRP Group Configuration Detail 3-191
Figure 3-114 IP Global Settings 3-196
Figure 3-115 IP Routing Interface 3-198
Figure 3-116 ARP General 3-200
Figure 3-117 ARP Static Addresses 3-201
Figure 3-118 ARP Dynamic Addresses 3-202
Figure 3-119 ARP Other Addresses 3-203
Figure 3-120 ARP Statistics 3-204
Figure 3-121 IP Statistics 3-207
Figure 3-122 ICMP Statistics 3-208
Figure 3-123 UDP Statistics 3-209
Figure 3-124 TCP Statistics 3-210
Figure 3-125 IP Static Routes 3-211
Figure 3-126 IP Routing Table 3-212
Figure 3-127 RIP General Settings 3-215
Figure 3-128 RIP Network Addresses 3-216
Figure 3-129 RIP Interface Settings 3-219
Figure 3-130 RIP Statistics 3-221
Figure 3-131 OSPF General Configuration 3-226
xxvii
Figures
Figure 3-132 OSPF Area Configuration 3-229
Figure 3-133 OSPF Range Configuration 3-231
Figure 3-134 OSPF Interface Configuration 3-234
Figure 3-135 OSPF Interface Configuration - Detailed 3-235
Figure 3-136 OSPF Virtual Link Configuration 3-237
Figure 3-137 OSPF Network Area Address Configuration 3-239
Figure 3-138 OSPF Summary Address Configuration 3-241
Figure 3-139 OSPF Redistribute Configuration 3-243
Figure 3-140 OSPF NSSA Settings 3-244
Figure 3-141 OSPF Link State Database Information 3-246
Figure 3-142 OSPF Border Router Information 3-247
Figure 3-143 OSPF Neighbor Information 3-248
Figure 3-144 Multicast Routing General Settings 3-249
Figure 3-145 Multicast Routing Table 3-251
Figure 3-146 DVMRP General Settings 3-256
Figure 3-147 DVMRP Interface Settings 3-257
Figure 3-148 DVMRP Neighbor Information 3-258
Figure 3-149 DVMRP Routing Table 3-259
Figure 3-150 PIM-DM General Settings 3-261
Figure 3-151 PIM-DM Interface Settings 3-263
Figure 3-152 PIM-DM Interface Information 3-264
Figure 3-153 PIM-DM Neighbor Information 3-265
xxviii
Chapter 1: Introduction
This switch provides a broad range of features for Layer 2 switching and Layer 3
routing. It includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the features
provided by this switch. However, there are many options that you should configure
to maximize the switch’s performance for your particular network environment.
Key Features
Table 1-1 Key Features
Feature Description
Configuration Backup
and Restore
Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+
Access Control Lists Supports up to 32 IP or MAC ACLs
DHCP Client, Relay
and Server
DNS Server Supported
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input and output rate limiting per port
Port Mirroring One or more ports mirrored to single analysis port
Port Trunking Supports up to 6 trunks using either static or dynamic trunking (LACP)
Broadcast Storm
Control
Address Table Up to 16K MAC addresses in the forwarding table, 1024 static MAC addresses;
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Spanning Tree
Protocol
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private VLANs
Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or
Backup to TFTP server
Web – HTTPS; Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1x, MAC address filtering
Supported
Supported
Up to 4K IP entries in ARP cache, 2045 IP entries in routing table, 128 static IP
routes
Supported to ensure wire-speed switching while eliminating bad frames
Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple
Spanning Trees (MSTP)
Differentiated Services Code Point (DSCP), and TCP/UDP Port
1-1
Introduction
1
Table 1-1 Key Features (Continued)
Feature Description
Router Redundancy Router backup is provided with the Virtual Router Redundancy Protocol (VRRP)
IP Routing Routing Information Protocol (RIP), Open Shortest Path First (OSPF), static routes
ARP Static and dynamic address configuration, proxy ARP
Multicast Filtering Supports IGMP snooping and query for Layer 2, and IGMP for Layer 3
Multicast Routing Supports DVMRP and PIM-DM
and the Hot Standby Router Protocol (HSRP)
Description of Software Features
The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Broadcast storm suppression prevents broadcast traffic storms from
engulfing the network. Untagged (port-based), tagged, and protocol-based VLANs,
plus support for automatic GVRP VLAN registration provide traffic security and
efficient use of network bandwidth. CoS priority queueing ensures the minimum
delay for moving real-time multimedia data across the network. While multicast
filtering and routing provides support for real-time network applications. Some of the
management features are briefly described below.
Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.
Authentication – This switch authenticates management access via the console
port, Telnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1x protocol. This
protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request
user credentials from the 802.1x client, and then uses the EAP between the switch
and the authentication server to verify the client’s right to access the network via an
authentication server (i.e., RADIUS server).
Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/web/Telnet management access,
and MAC address filtering for port access.
Access Control Lists – ACLs provide packet filtering for IP frames (based on
address, protocol, TCP/UDP port number or TCP control code) or any frames
(based on MAC address or Ethernet type). ACLs can by used to improve
performance by blocking unnecessary network traffic or to implement security
controls by restricting access to specific network resources or protocols.
1-2
Loading...