How it Works
QTECH
Loading...
QSW-2800
User Manual [ru]
293 pgs4.96 Mb0
User Manual
415 pgs6.18 Mb0

QTECH QSW-2800 User Manual

1
Content
CONTENT ........................................................................................................... 1
CHAPTER 1 SWITCH MANAGEMENT ............................................................ 1-1
1.1.1 Out-Of-Band Management ............................................................................ 1-1
1.1.2 In-band Management ..................................................................................... 1-4
1.2.1 Configuration Modes ..................................................................................... 1-9
1.2.2 Configuration Syntax .................................................................................. 1-11
1.2.3 Shortcut Key Support.................................................................................. 1-12
1.2.4 Help Function ............................................................................................... 1-12
1.2.5 Input Verification ......................................................................................... 1-13
1.2.6 Fuzzy Match Support ................................................................................... 1-13
CHAPTER 2 BASIC SWITCH CONFIGURATION .......................................... 2-15
2.2.1 Telnet ............................................................................................................ 2-16
2.2.2 SSH ............................................................................................................... 2-18
2.3.1 Switch IP Addresses Configuration Task List ........................................... 2-19
2.4.1 Introduction to SNMP .................................................................................. 2-21
2.4.2 Introduction to MIB ...................................................................................... 2-22
2.4.3 Introduction to RMON ................................................................................. 2-23
2.4.4 SNMP Configuration .................................................................................... 2-23
2.4.5 Typical SNMP Configuration Examples ..................................................... 2-26
2.4.6 SNMP Troubleshooting ............................................................................... 2-27
2.5.1 Switch System Files .................................................................................... 2-28
2.5.2 BootROM Upgrade....................................................................................... 2-28
2.5.3 FTP/TFTP Upgrade ...................................................................................... 2-31
CHAPTER 3 CLUSTER CONFIGURATION ................................................... 3-40
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
2
CHAPTER 4 PORT CONFIGURATION .......................................................... 4-45
CHAPTER 5 PORT ISOLATION FUNCTION CONFIGURATION ................... 5-49
CHAPTER 6 PORT LOOPBACK DETECTION FUNCTION CONFIGURATION 6­51
CHAPTER 7 ULDP FUNCTION CONFIGURATION ....................................... 7-55
CHAPTER 8 LLDP FUNCTION OPERATION CONFIGURATION ................. 8-62
CHAPTER 9 PORT CHANNEL CONFIGURATION ........................................ 9-67
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
3
9.2.1 Static LACP Aggregation ............................................................................ 9-69
9.2.2 Dynamic LACP Aggregation ....................................................................... 9-69
CHAPTER 10 JUMBO CONFIGURATION ................................................... 10-74
CHAPTER 11 EFM OAM CONFIGURATION ............................................... 11-75
CHAPTER 12 PORT SECURITY .................................................................. 12-83
CHAPTER 13 DDM CONFIGURATION ........................................................ 13-86
13.1.1 Brief Introduction to DDM ....................................................................... 13-86
13.1.2 DDM Function .......................................................................................... 13-87
CHAPTER 14 LLDP-MED ............................................................................ 14-94
CHAPTER 15 BPDU-TUNNEL CONFIGURATION .................................... 15-100
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
4
15.1.1 bpdu-tunnel function ............................................................................. 15-100
15.1.2 Background of bpdu-tunnel .................................................................. 15-100
CHAPTER 16 VLAN CONFIGURATION .................................................... 16-103
16.1.1 Introduction to VLAN ............................................................................. 16-103
16.1.2 VLAN Configuration Task List .............................................................. 16-104
16.1.3 Typical VLAN Application ..................................................................... 16-107
16.1.4 Typical Application of Hybrid Port ....................................................... 16-108
16.2.1 Introduction to Dot1q-tunnel ................................................................ 16-110
16.2.2 Dot1q-tunnel Configuration .................................................................. 16-112
16.2.3 Typical Applications of the Dot1q-tunnel ............................................ 16-112
16.2.4 Dot1q-tunnel Troubleshooting ............................................................. 16-113
16.3.1 Introduction to Selective QinQ ............................................................. 16-113
16.3.2 Selective QinQ Configuration ............................................................... 16-113
16.3.3 Typical Applications of Selective QinQ................................................ 16-114
16.3.4 Selective QinQ Troubleshooting .......................................................... 16-116
16.4.1 Introduction to VLAN-translation ......................................................... 16-116
16.4.2 VLAN-translation Configuration ........................................................... 16-116
16.4.3 Typical application of VLAN-translation .............................................. 16-117
16.4.4 VLAN-translation Troubleshooting ...................................................... 16-118
16.5.1 Introduction to Multi-to-One VLAN Translation .................................. 16-119
16.5.2 Multi-to-One VLAN Translation Configuration .................................... 16-119
16.5.3 Typical application of Multi-to-One VLAN Translation ....................... 16-119
16.5.4 Multi-to-One VLAN Translation Troubleshooting ................................ 16-121
16.6.1 Introduction to Dynamic VLAN ............................................................. 16-121
16.6.2 Dynamic VLAN Configuration .............................................................. 16-121
16.6.3 Typical Application of the Dynamic VLAN ........................................... 16-122
16.6.4 Dynamic VLAN Troubleshooting .......................................................... 16-123
16.7.1 Introduction to GVRP ............................................................................ 16-124
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
5
16.7.2 GVRP Configuration Task List .............................................................. 16-125
16.7.3 Example of GVRP .................................................................................. 16-126
16.7.4 GVRP Troubleshooting ......................................................................... 16-127
CHAPTER 17 MAC TABLE CONFIGURATION ......................................... 17-128
17.1.1 Obtaining MAC Table ............................................................................. 17-128
17.1.2 Forward or Filter .................................................................................... 17-130
17.5.1 MAC Address Binding ................................................................ ........... 17-133
17.6.1 Introduction to MAC Notification.......................................................... 17-135
17.6.2 MAC Notification Configuration ........................................................... 17-135
17.6.3 MAC Notification Example .................................................................... 17-137
17.6.4 MAC Notification Troubleshooting ....................................................... 17-137
CHAPTER 18 MSTP CONFIGURATION .................................................... 18-138
18.1.1 MSTP Region ......................................................................................... 18-138
18.1.2 Port Roles ............................................................................................... 18-140
18.1.3 MSTP Load Balance .............................................................................. 18-140
CHAPTER 19 QOS CONFIGURATION ...................................................... 19-150
19.1.1 QoS Terms .............................................................................................. 19-150
19.1.2 QoS Implementation .............................................................................. 19-151
19.1.3 Basic QoS Model ................................................................................... 19-152
CHAPTER 20 FLOW-BASED REDIRECTION ........................................... 20-162
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
6
CHAPTER 21 FLEXIBLE QINQ CONFIGURATION ................................... 21-164
21.1.1 QinQ Technique ..................................................................................... 21-164
21.1.2 Basic QinQ ............................................................................................. 21-164
21.1.3 Flexible QinQ ......................................................................................... 21-164
CHAPTER 22 LAYER 3 MANAGEMENT CONFIGURATION .................... 22-169
22.1.1 Introduction to Layer 3 Management Interface ................................... 22-169
22.1.2 Layer 3 Interface Configuration Task List ........................................... 22-169
22.2.1 Introduction to IPv4, IPv6 ...................................................................... 22-170
22.2.2 IP Configuration ..................................................................................... 22-172
22.2.3 IPv6 Troubleshooting ............................................................................ 22-174
22.3.1 Introduction to ARP ............................................................................... 22-174
22.3.2 ARP Configuration Task List................................................................. 22-174
22.3.3 ARP Troubleshooting ............................................................................ 22-174
CHAPTER 23 ARP SCANNING PREVENTION FUNCTION CONFIGURATION
................................................................................................................... 23-176
CHAPTER 24 PREVENT ARP SPOOFING CONFIGURATION ................. 24-180
24.1.1 ARP (Address Resolution Protocol)..................................................... 24-180
24.1.2 ARP Spoofing ......................................................................................... 24-180
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
7
24.1.3 How to prevent void ARP Spoofing ...................................................... 24-180
CHAPTER 25 ARP GUARD CONFIGURATION ........................................ 25-184
CHAPTER 26 GRATUITOUS ARP CONFIGURATION .............................. 26-186
CHAPTER 27 DHCP CONFIGURATION .................................................... 27-189
CHAPTER 28 DHCPV6 CONFIGURATION ............................................... 28-199
CHAPTER 29 DHCP OPTION 82 CONFIGURATION ................................ 29-208
29.2.1 Option 82 Working Mechanism ............................................................ 29-209
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
8
CHAPTER 30 DHCP OPTION 60 AND OPTION 43 ................................... 30-216
CHAPTER 31 DHCPV6 OPTION37, 38...................................................... 31-218
31.3.1 DHCPv6 Snooping option37, 38 Example ........................................... 31-223
31.3.2 DHCPv6 Relay option37, 38 Example .................................................. 31-225
CHAPTER 32 DHCP SNOOPING CONFIGURATION ................................ 32-227
32.4.1 Monitor and Debug Information ........................................................... 32-233
32.4.2 DHCP Snooping Troubleshooting Help ............................................... 32-233
CHAPTER 33 DHCP SNOOPING OPTION 82 CONFIGURATION ............ 33-234
33.1.1 DHCP option 82 Message Structure ..................................................... 33-234
33.1.2 DHCP Snooping option 82 Working Mechanism ................................ 33-235
CHAPTER 34 IPV4 MULTICAST PROTOCOL .......................................... 34-239
34.1.1 Introduction to Multicast ....................................................................... 34-239
34.1.2 Multicast Address .................................................................................. 34-240
34.1.3 IP Multicast Packet Transmission ........................................................ 34-241
34.1.4 IP Multicast Application ........................................................................ 34-241
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
9
34.2.1 Introduction to DCSCM ......................................................................... 34-242
34.2.2 DCSCM Configuration Task List ........................................................... 34-242
34.2.3 DCSCM Configuration Examples ......................................................... 34-245
34.2.4 DCSCM Troubleshooting ...................................................................... 34-246
34.3.1 Introduction to IGMP Snooping ............................................................ 34-246
34.3.2 IGMP Snooping Configuration Task List ............................................. 34-247
34.3.3 IGMP Snooping Examples .................................................................... 34-249
34.3.4 IGMP Snooping Troubleshooting ......................................................... 34-251
CHAPTER 35 IPV6 MULTICAST PROTOCOL .......................................... 35-252
35.1.1 Introduction to MLD Snooping ............................................................. 35-252
35.1.2 MLD Snooping Configuration Task ...................................................... 35-252
35.1.3 MLD Snooping Examples ...................................................................... 35-254
35.1.4 MLD Snooping Troubleshooting .......................................................... 35-257
CHAPTER 36 MULTICAST VLAN ............................................................. 36-258
CHAPTER 37 ACL CONFIGURATION ....................................................... 37-262
37.1.1 Access-list .............................................................................................. 37-262
37.1.2 Access-group ......................................................................................... 37-262
37.1.3 Access-list Action and Global Default Action ..................................... 37-262
CHAPTER 38 802.1X CONFIGURATION .................................................. 38-281
38.1.1 The Authentication Structure of 802.1x ............................................... 38-281
38.1.2 The Work Mechanism of 802.1x............................................................ 38-283
38.1.3 The Encapsulation of EAPOL Messages ............................................. 38-283
38.1.4 The Encapsulation of EAP Attributes .................................................. 38-285
38.1.5 The Extension and Optimization of 802.1x .......................................... 38-290
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
10
38.1.6 The Features of VLAN Allocation ................................ ......................... 38-291
38.3.1 Examples of Guest Vlan Applications ................................................. 38-295
38.3.2 Examples of IPv4 Radius Applications ................................................ 38-298
38.3.3 Examples of IPv6 Radius Application .................................................. 38-299
CHAPTER 39 THE NUMBER LIMITATION FUNCTION OF MAC IN PORT
CONFIGURATION ...................................................................................... 39-301
39.2 THE NUMBER LIMITATION FUNCTION OF MAC IN PORT CONFIGURATION TASK SEQUENCE
CHAPTER 40 OPERATIONAL CONFIGURATION OF AM FUNCTION ..... 40-305
CHAPTER 41 SECURITY FEATURE CONFIGURATION .......................... 41-308
41.2.1 Prevent IP Spoofing Function Configuration Task Sequence ........... 41-308
41.2.2 Prevent TCP Unauthorized Label Attack Function Configuration Task
Sequence........................................................................................................... 41-308
41.2.3 Anti Port Cheat Function Configuration Task Sequence ................... 41-309
41.2.4 Prevent TCP Fragment Attack Function Configuration Task Sequence . 41­309
41.2.5 Prevent ICMP Fragment Attack Function Configuration Task Sequence 41­309
CHAPTER 42 TACACS+ CONFIGURATION ............................................. 42-311
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
11
CHAPTER 43 RADIUS CONFIGURATION ................................................ 43-314
43.1.1 AAA and RADIUS Introduction ............................................................. 43-314
43.1.2 Message structure for RADIUS ............................................................ 43-314
43.3.1 IPv4 Radius Example............................................................................. 43-318
43.3.2 IPv6 RadiusExample.............................................................................. 43-319
CHAPTER 44 SSL CONFIGURATION ....................................................... 44-321
44.1.1 Basic Element of SSL ............................................................................ 44-321
CHAPTER 45 IPV6 SECURITY RA CONFIGURATION ............................. 45-325
CHAPTER 46 MAB CONFIGURATION ...................................................... 46-328
CHAPTER 47 PPPOE INTERMEDIATE AGENT CONFIGURATION ......... 47-333
47.1.1 Brief Introduction to PPPoE ................................................................. 47-333
47.1.2 Introduction to PPPoE IA ...................................................................... 47-333
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
12
CHAPTER 48 WEB PORTAL CONFIGURATION ...................................... 48-341
CHAPTER 49 VLAN-ACL CONFIGURATION ............................................ 49-345
CHAPTER 50 SAVI CONFIGURATION ...................................................... 50-349
CHAPTER 51 MRPP CONFIGURATION.................................................... 51-355
51.1.1 Conception Introduction ....................................................................... 51-355
51.1.2 MRPP Protocol Packet Types ............................................................... 51-357
51.1.3 MRPP Protocol Operation System ....................................................... 51-357
CHAPTER 52 ULPP CONFIGURATION .................................................... 52-363
52.3.1 ULPP Typical Example1 ........................................................................ 52-367
52.3.2 ULPP Typical Example2 ........................................................................ 52-369
CHAPTER 53 ULSM CONFIGURATION .................................................... 53-371
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
13
CHAPTER 54 MIRROR CONFIGURATION ............................................... 54-375
CHAPTER 55 SFLOW CONFIGURATION ................................................. 55-378
CHAPTER 56 SNTP CONFIGURATION .................................................... 56-382
CHAPTER 57 NTP FUNCTION CONFIGURATION ................................... 57-384
CHAPTER 58 SUMMER TIME CONFIGURATION .................................... 58-389
CHAPTER 59 MONITOR AND DEBUG ..................................................... 59-391
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
14
59.7.1 System Log Introduction ...................................................................... 59-393
59.7.2 System Log Configuration .................................................................... 59-395
59.7.3 System Log Configuration Example .................................................... 59-397
CHAPTER 60 RELOAD SWITCH AFTER SPECIFIED TIME ..................... 60-398
CHAPTER 61 DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED
AND SENT BY CPU ................................................................................... 61-399
61.1 INTRODUCTION TO DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY
61.2 DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY CPU TASK LIST61-399
CHAPTER 62 COMMANDS FOR BASIC SWITCH CONFIGURATION ..... 62-401
62.1.1 authentication line ................................................................................. 62-401
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
1
Device Name
Description
PC ma
Has functional keyboard and RS-232, with terminal emulator installed, such as HyperTerminal included in Windows 9x/NT/2000/XP.
Serial port cable
One end attach to the RS-232 serial port, the other end to the Console port.
Switch
Functional Console port required.
Connected with cable
Chapter 1 Switch Management
1.1 Management Options
After purchasing the switch, the user needs to configure the switch for network management. Switch provides two management options: in-band management and out-of-band management.
1.1.1 Out-Of-Band Management
Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available. For instance, the user must assign an IP address to the switch via the Console interface to be able to access the switch through Telnet. The procedures for managing the switch via Console interface are listed below: Step 1: setting up the environment:
Out-of-band Management Configuration Environment
As shown in above, the serial port (RS-232) is connected to the switch with the serial cable provided. The table below lists all the devices used in the connection.
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
2
Step 2 Entering the HyperTerminal Open the HyperTerminal included in Windows after the connection established. The example below is based on the HyperTerminal included in Windows XP.
1) Click Start menu - All Programs -Accessories -Communication - HyperTerminal.
2) Type a name for opening HyperTerminal, such as “Switch”.
Opening HyperTerminal
3) In the “Connecting using” drop-list, select the RS-232 serial port used by the PC, e.g. COM1, and click “OK”.
Opening HyperTerminal
4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity
checksum”, “1” for stop bit and “none” for traffic control; or, you can also click “Restore default”
and click “OK”.
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
3
Opening HyperTerminal
Step 3: Entering switch CLI interface Power on the switch, the following appears in the HyperTerminal windows, that is the CLI configuration mode for Switch. Testing RAM... 0x077C0000 RAM OK Loading MiniBootROM... Attaching to file system ...
Loading nos.img ... done.
Booting......
Starting at 0x10000...
Attaching to file system ... ……
--- Performing Power-On Self Tests (POST) ---
DRAM Test....................PASS!
PCI Device 1 Test............PASS!
FLASH Test...................PASS!
FAN Test.....................PASS!
Done All Pass.
------------------ DONE --------------------­Current time is SUN JAN 01 00:00:00 2006 …… Switch>
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
4
Connected with cable
The user can now enter commands to manage the switch. For a detailed description for the commands, please refer to the following chapters.
1.1.2 In-band Management
In-band management refers to the management by login to the switch using Telnet, or using HTTP, or using SNMP management software to configure the switch. In-band management enables management of the switch for some devices attached to the switch. In the case when in-band management fails due to switch configuration changes, out-of-band management can be used for configuring and managing the switch.
1.1.2.1 Management via Telnet
To manage the switch with Telnet, the following conditions should be met: Switch has an IPv4/IPv6 address configured; The host IP address (Telnet client) and the switch’s VLAN interface IPv4/IPv6 address is in the same network segment; If 2) is not met, Telnet client can connect to an IPv4/IPv6 address of the switch via other devices, such as a router. The switch is a Layer 3 switch that can be configured with several IPv4/IPv6 addresses, the configuration method refers to the relative chapter. The following example assumes the shipment status of the switch where only VLAN1 exists in the system. The following describes the steps for a Telnet client to connect to the switch’s VLAN1 interface by Telnet(IPV4 address example):
Step 1: Configure the IP addresses for the switch and start the Telnet Server function on the switch.
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
Manage the switch by Telnet
5
First is the configuration of host IP address. This should be within the same network segment as the switch VLAN1 interface IP address. Suppose the switch VLAN1 interface IP address is
10.1.128.251/24. Then, a possible host IP address is 10.1.128.252/24. Run “ping
10.1.128.251” from the host and verify the result, check for reasons if ping failed. The IP address configuration commands for VLAN1 interface are listed below. Before in-band management, the switch must be configured with an IP address by out-of-band management (i.e. Console mode), the configuration commands are as follows (All switch configuration prompts are assumed to be “Switch” hereafter if not otherwise specified): Switch> Switch>enable Switch#config Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip address 10.1.128.251 255.255.255.0 Switch(Config-if-Vlan1)#no shutdown To enable the Telnet Server function, users should type the CLI command telnet-server enable in the global mode as below: Switch>enable Switch#config Switch(config)# telnet-server enable
Step 2: Run Telnet Client program.
Run Telnet client program included in Windows with the specified Telnet target.
Run telnet client program included in Windows
Step 3: Login to the switch.
Login to the Telnet configuration interface. Valid login name and password are required, otherwise the switch will reject Telnet access. This is a method to protect the switch from unauthorized access. As a result, when Telnet is enabled for configuring and managing the switch, username and password for authorized Telnet users must be configured with the following command: username <username> privilege <privilege> [password (0|7) <password>]. To open the local authentication style with the following command:
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
6
authentication line vty login local. Privilege option must exist and just is 15. Assume an
authorized user in the switch has a username of “test”, and password of “test”, the
configuration procedure should like the following: Switch>enable Switch#config Switch(config)#username test privilege 15 password 0 test Switch(config)#authentication line vty login local
Enter valid login name and password in the Telnet configuration interface, Telnet user will be able to enter the switch’s CLI configuration interface. The commands used in the Telnet CLI interface after login is the same as that in the Console interface.
Telnet Configuration Interface
1.1.2.2 Management via HTTP
To manage the switch via HTTP, the following conditions should be met: Switch has an IPv4/IPv6 address configured; The host IPv4/IPv6 address (HTTP client) and the switch’s VLAN interface IPv4/IPv6 address are in the same network segment; If 2) is not met, HTTP client should connect to an IPv4/IPv6 address of the switch via other devices, such as a router. Similar to management the switch via Telnet, as soon as the host succeeds to ping/ping6 an IPv4/IPv6 address of the switch and to type the right login password, it can access the switch via HTTP. The configuration list is as below:
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
7
Step 1: Configure the IP addresses for the switch and start the HTTP server function on the switch.
For configuring the IP address on the switch through out-of-band management, see the telnet management chapter. To enable the WEB configuration, users should type the CLI command IP http server in the global mode as below: Switch>enable Switch#config Switch(config)#ip http server
Step 2: Run HTTP protocol on the host.
Open the Web browser on the host and type the IP address of the switch, or run directly the HTTP protocol on the Windows. For example, the IP address of the switch is “10.1.128.251”;
Run HTTP Protocol
When accessing a switch with IPv6 address, it is recommended to use the Firefox browser with 1.5 or later version. For example, if the IPv6 address of the switch is 3ffe:506:1:2::3. Input the IPv6 address of the switch is http://[3ffe:506:1:2::3] and the address should draw together with the square brackets. Step 3: Login to the switch.
Login to the Web configuration interface. Valid login name and password are required, otherwise the switch will reject HTTP access. This is a method to protect the switch from unauthorized access. As a result, when Telnet is enabled for configuring and managing the switch, username and password for authorized Telnet users must be configured with the following command: username <username> privilege <privilege> [password (0|7)
<password>]. To open the local authentication style with the following command: authentication line web login local. Privilege option must exist and just is 15. Assume an
authorized user in the switch has a username of “admin”, and password of “admin”, the
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
8
configuration procedure should like the following: Switch>enable Switch#config Switch(config)#username admin privilege 15 password 0 admin Switch(config)#authentication line web login local Notice: When configure the switch, the name of the switch is composed with English letters.
1.1.2.3 Manage the Switch via SNMP Network Management Software
The necessities required by SNMP network management software to manage switches: IP addresses are configured on the switch; The IP address of the client host and that of the VLAN interface on the switch it subordinates to should be in the same segment; If 2) is not met, the client should be able to reach an IP address of the switch through devices like routers; SNMP should be enabled. The host with SNMP network management software should be able to ping the IP address of the switch, so that, when running, SNMP network management software will be able to find it and implement read/write operation on it. Details about how to manage switches via SNMP
network management software will not be covered in this manual, please refer to “Snmp network management software user manual”.
1.2 CLI Interface
The switch provides thress management interface for users: CLI (Command Line Interface) interface, Web interface, Snmp netword management software. We will introduce the CLI interface and Web configuration interface in details, Web interface is familiar with CLI interface function and will not be covered, please refer to “Snmp network management software user manual”. CLI interface is familiar to most users. As aforementioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands. Those commands are categorized according to their functions in switch configuration and management. Each category represents a different configuration mode. The Shell for the switch is described below: Configuration Modes Configuration Syntax Shortcut keys Help function
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
9
Input verification Fuzzy match support
1.2.1 Configuration Modes
Shell Configuration Modes
1.2.1.1 User Mode
On entering the CLI interface, entering user entry system first. If as common user, it is
defaulted to User Mode. The prompt shown is “Switch>“, the symbol “>“ is the prompt for User
Mode. When exit command is run under Admin Mode, it will also return to the User Mode. Under User Mode, no configuration to the switch is allowed, only clock time and version information of the switch can be queries.
1.2.1.2 Admin Mode
To Admin Mode sees the following: In user entry system, if as Admin user, it is defaulted to Admin Mode. Admin Mode prompt “Switch#” can be entered under the User Mode by running the enable command and entering corresponding access levels admin user password, if a password has been set. Or, when exit command is run under Global Mode, it will also return to the Admin Mode. Switch also provides a shortcut key sequence "Ctrl+z”, this allows an easy way to exit to Admin Mode from any configuration mode (except User Mode). Under Admin Mode, the user can query the switch configuration information, connection status and traffic statistics of all ports; and the user can further enter the Global Mode from Admin
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
10
Interface Type
Entry
Operates
Exit
VLAN Interface
Type interface vlan <Vlan- id> command under Global
Mode.
Configure switch IPs, etc
Use the exit command to return to Global Mode.
Ethernet Port
Type interface ethernet <interface-list> command under Global Mode.
Configure supported duplex mode, speed, etc. of Ethernet Port.
Use the exit command to return to Global Mode.
port-channel
Type interface port-channel <port-channel-number> command under Global Mode.
Configure port-channel related settings such as duplex mode, speed, etc.
Use the exit command to return to Global Mode.
Mode to modify all configurations of the switch. For this reason, a password must be set for entering Admin mode to prevent unauthorized access and malicious modification to the switch.
1.2.1.3 Global Mode
Type the config command under Admin Mode will enter the Global Mode prompt
“Switch(config)#”. Use the exit command under other configuration modes such as Port Mode,
VLAN mode will return to Global Mode. The user can perform global configuration settings under Global Mode, such as MAC Table, Port Mirroring, VLAN creation, IGMP Snooping start and STP, etc. And the user can go further to Port Mode for configuration of all the interfaces. Interface Mode Use the interface command under Global Mode can enter the interface mode specified. Switch provides three interface type: 1. VLAN interface; 2. Ethernet port; 3. port-channel, accordingly the three interface configuration modes.
VLAN Mode Using the vlan <vlan-id> command under Global Mode can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode.
DHCP Address Pool Mode Type the ip dhcp pool <name> command under Global Mode will enter the DHCP Address Pool Mode prompt “Switch(Config-<name>-dhcp)#”. DHCP address pool properties can be configured under DHCP Address Pool Mode. Run the exit command to exit the DHCP Address Pool Mode to Global Mode.
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
11
Route Mode
Routing
Protocol
Entry
Operates
Exit
RIP Routing Protocol
Type router rip command under Global Mode.
Configure RIP protocol parameters.
Use the exit command to return to Global Mode.
OSPF Routing Protocol
Type router ospf command under Global Mode.
Configure OSPF protocol parameters.
Use the exit command to return to Global Mode.
BGP Routing Protocol
Type router bgp <AS mumber> command
under Global Mode.
Configure BGP protocol parameters.
Use the exit command to return to Global Mode.
ACL type
Entry
Operates
Exit
Standard IP ACL Mode
Type ip access-list standard command
under Global Mode.
Configure parameters for Standard IP ACL Mode.
Use the exit command to return to Global Mode.
Extended IP ACL Mode
Type ip access-list extanded command
under Global Mode.
Configure parameters for Extended IP ACL Mode.
Use the exit command to return to Global Mode.
ACL Mode
1.2.2 Configuration Syntax
Switch provides various configuration commands. Although all the commands are different, they all abide by the syntax for Switch configuration commands. The general commands format of Switch is shown below: cmdtxt <variable> {enum1 | … | enumN } [option1 | … | optionN] Conventions: cmdtxt in bold font indicates a command keyword; <variable> indicates a variable parameter; {enum1 | … | enumN } indicates a mandatory parameter that should be selected from the parameter set enum1~enumN; and the square bracket ([ ]) in [option1 | … | optionN] indicate an optional parameter. There may be combinations of “< >“, “{ }” and “[ ]” in the command line, such as [<variable>], {enum1 <variable>| enum2}, [option1 [option2]],
etc.
Here are examples for some actual configuration commands: show version, no parameters required. This is a command with only a keyword and no parameter, just type in the command to run. vlan <vlan-id>, parameter values are required after the keyword.
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
12
Key(s)
Function
Back Space
Delete a character before the cursor, and the cursor moves back.
Up “↑”
Show previous command entered. Up to ten recently entered commands can be shown.
Down “↓”
Show next command entered. When use the Up key to get previously entered commands, you can use the Down key to return to the next command
Left “←”
The cursor moves one character to the left.
You can use the Left and Right key to modify an entered command.
Right “→”
The cursor moves one character to the right.
Ctrl +p
The same as Up key “↑”.
Ctrl +n
The same as Down key “↓”.
Ctrl +b
The same as Left key “←”.
Ctrl +f
The same as Right key “→”.
Ctrl +z
Return to the Admin Mode directly from the other configuration modes (except User Mode).
Ctrl +c
Break the ongoing command process, such as ping or other command execution.
Tab
When a string for a command or keyword is entered, the Tab can be used to complete the command or keyword if there is no conflict.
Access to Help
Usage and function
Help
Under any command line prompt, type in “help” and press Enter will get
a brief description of the associated help system.
firewall {enable | disable}, user can enter firewall enable or firewall disable for this command. snmp-server community {ro | rw} <string>, the followings are possible: snmp-server community ro <string> snmp-server community rw <string>
1.2.3 Shortcut Key Support
Switch provides several shortcut keys to facilitate user configuration, such as up, down, left, right and Blank Space. If the terminal does not recognize Up and Down keys, ctrl +p and ctrl +n can be used instead.
1.2.4 Help Function
There are two ways in Switch for the user to access help information: the “help” command and the “?”.
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
13
“?”
Under any command line prompt, enter “?” to get a command list of the
current mode and related brief description.
Enter a “?” after the command keyword with an embedded space. If the
position should be a parameter, a description of that parameter type, scope, etc, will be returned; if the position should be a keyword, then a set of keywords with brief description will be returned; if the output is
“<cr>“, then the command is complete, press Enter to run the command. A “?” immediately following a string. This will display all the commands
that begin with that string.
Output error message
Explanation
Unrecognized command or illegal parameter!
The entered command does not exist, or there is error in parameter scope, type or format.
Ambiguous command
At least two interpretations is possible basing on the current input.
Invalid command or parameter
The command is recognized, but no valid parameter record is found.
This command is not exist in current mode
The command is recognized, but this command can not be used under current mode.
Please configure precursor command "*" at first!
The command is recognized, but the prerequisite command has not been configured.
syntax error : missing '"' before the end of command line!
Quotation marks are not used in pairs.
1.2.5 Input Verification
1.2.5.1 Returned Information: success
All commands entered through keyboards undergo syntax check by the Shell. Nothing will be returned if the user entered a correct command under corresponding modes and the execution is successful. Returned Information: error
1.2.6 Fuzzy Match Support
Switch shell support fuzzy match in searching command and keyword. Shell will recognize commands or keywords correctly if the entered string causes no conflict. For example:
For command “show interfaces status ethernet1/1”, typing “sh in status ethernet1/1” will work. However, for command “show running-config”, the system will report a “> Ambiguous
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
14
command!” error if only “show r” is entered, as Shell is unable to tell whether it is “show run” or “show running-config”. Therefore, Shell will only recognize the command if “sh ru” is entered.
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
15
Command
Explanation
Normal User Mode/ Admin Mode
enable [<1-15>] disable
The User uses enable command to step into admin mode from normal user mode or modify the privilege level of the users. The disable command is for exiting admin mode.
Admin Mode
config [terminal]
Enter global mode from admin mode.
Various Modes
exit
Exit current mode and enter previous mode, such as using this command in global mode to go back to admin mode, and back to normal user mode from admin mode.
show privilege
Show privilege of the current users.
Except User Mode/ Admin Mode
end
Quit current mode and return to Admin mode when not at User Mode/ Admin Mode.
Admin Mode
clock set <HH:MM:SS> [YYYY.MM.DD]
Set system date and time.
show version
Display version information of the switch.
set default
Restore to the factory default.
write
Save current configuration parameters to Flash Memory.
reload
Hot reset the switch.
show cpu usage
Show CPU usage rate.
show cpu utilization
Show current CPU utilization rate.
show memory usage
Show memory usage rate.
Global Mode
banner motd <LINE> no banner motd
Configure the information displayed when the login authentication of a telnet or console user is successful.
Chapter 2 Basic Switch Configuration
2.1 Basic Configuration
Basic switch configuration includes commands for entering and exiting the admin mode, commands for entering and exiting interface mode, for configuring and displaying the switch clock, for displaying the version information of the switch system, etc.
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
16
Command
Explanation
Global Mode
telnet-server enable no telnet-server enable
Enable the Telnet server function in the switch: the no command disables the Telnet function.
username <user-name> [privilege <privilege>] [password [0 | 7] <password>] no username <username>
Configure user name and password of the telnet. The no form command deletes the telnet user authorization.
authentication securityip <ip-addr> no authentication securityip <ip- addr>
Configure the secure IP address to login to the switch through Telnet: the no command deletes the authorized Telnet secure address.
authentication securityipv6 <ipv6-
Configure IPv6 security address to login to the
2.2 Telnet Management
2.2.1 Telnet
2.2.1.1 Introduction to Telnet
Telnet is a simple remote terminal protocol for remote login. Using Telnet, the user can login to a remote host with its IP address of hostname from his own workstation. Telnet can send the
user’s keystrokes to the remote host and send the remote host output to the user’s screen
through TCP connection. This is a transparent service, as to the user, the keyboard and monitor seems to be connected to the remote host directly. Telnet employs the Client-Server mode, the local system is the Telnet client and the remote host is the Telnet server. Switch can be either the Telnet Server or the Telnet client. When switch is used as the Telnet server, the user can use the Telnet client program included in Windows or the other operation systems to login to switch, as described earlier in the In­band management section. As a Telnet server, switch allows up to 5 telnet client TCP connections. And as Telnet client, using telnet command under Admin Mode allows the user to login to the other remote hosts. Switch can only establish TCP connection to one remote host. If a connection to another remote host is desired, the current TCP connection must be dropped.
2.2.1.2 Telnet Configuration Task List
Configure Telnet Server Telnet to a remote host from the switch.
1. Configure Telnet Server
+7(495) 797-3311 www.qtech.ru Москва, Новозаводская ул., 18, стр. 1
Loading...
+ 385 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use