Samsung iES4024GP User Manual

iES4028F/4028FP/4024GP

iES4028F
iES4028FP
iES4024GP
E082008/ST-R03

149100041800A
149100040200A
149100041700A

149100000020A

COPYRIGHT

This manual is proprietary to SAMSUNG Electronics Co., Ltd. and is protected
by copyright.

No information contained herein may be copied, translated, transcribed or
duplicated for any commercial purposes or disclosed to third parties in any form
without the prior written consent of SAMSUNG Electronics Co., Ltd.

TRADEMARKS

Ubigate iES4028F, Ubigate iES4028FP and Ubigate iES4024GP are registered
trademarks of SAMSUNG Electronics.

All other company and product names may be trademarks of the respective
companies with which they are associated.

This manual should be read before the installation and operation, and the
operator should correctly install and operate the product by using this manual.

This manual should be read before the installation and operation, and the
operator should correctly install and operate the product by using this
manual.

This manual may be changed for the system improvement, standardization
and other technical reasons without prior notice.

For further information on the updated manual or have a question for the
content of manual, contact the homepage below.

Homepage: http://www.samsungnetwork.com

For A/S and Tech. support: http://www.samsungnetwork.com

For Manual: http://www.samsungdocs.com

©2008 SAMSUNG Electronics Co., Ltd. All rights reserved.

iii

This page is intentionally left blank.

iv

About This Guide

Purpose

This guide gives specific information on how to operate and use the management
functions of the switch.

Audience

The guide is intended for use by network administrators who are responsible for operating
and maintaining network equipment; consequently, it assumes a basic working
knowledge of general switch functions, the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).

Conventions

The following conventions are used throughout this guide to show information:

Note: Emphasizes important information or calls your attention to related features or

instructions.

Caution: Alerts you to a potential hazard that could cause loss of data, or damage the

Warning: Alerts you to a potential hazard that could cause personal injury.

Related Publications

The following publication details the hardware features of the switch, including the
physical and performance-related characteristics, and how to install the switch:

The Installation Manual

Also, as part of the switch’s software, there is an online web-based help that describes all
management related features.

system or equipment.

Revision History

This section summarizes the changes in each revision of this guide.

August 2008 Revision

This is the third revision of this guide. It combines information for the Ubigate iES4028F,
iES4028FP and iES4024GP. This guide is valid for software release v1.1.0.14. Other than
the addition of information about the iES4024GP, it also includes the following updated
and additional information in the indicated tables or sections:

• Table 1-1, “Differences in Switch Models,” on page 1-1.

• Single image and dual image support in “Managing Firmware” on page 3-21.

• Access Level attribute in “Configuring User Accounts” on page 3-58.

v

• MAC Address Aging attribute in “Configuring the MAC Authentication Reauthentication
Time” on page 3-103.

• SYM and FC attributes in “Configuring Interface Connections” on page 3-130.

• “Setting Multicast Storm Thresholds” on page 3-149.

• “Setting Unknown Unicast Storm Thresholds” on page 3-150.

• Updated descriptive text under “Power Over Ethernet Settings” on page 3-157.

• Updated descriptive text under “Configuring Port PoE Power” on page 3-160.

• Command Usage notes in “Switch Clustering” on page 3-273.

• “show memory” on page 4-33.

• “show gvrp statistics” on page 4-251.

• “clear gvrp statistics” on page 4-252.

• Updated Command Usage section under “power inline priority” on page 4-216.

July 2008 Revision

This was the second revision of this guide. It combines information for the Ubigate
iES4028F and iES4028FP. This guide is valid for software release v1.1.0.13. Other than
the addition of information about the iES4028F, it also includes the following updated and
additional information in the indicated tables or sections:

• Table 1-2, “Key Features,” on page 1-2.

• “Description of Software Features” on page 1-3.

• Table 1-3, “System Defaults,” on page 1-7.

• “Dynamic Configuration” on page 2-5.

• “Managing System Files” on page 2-8.

• “Saving Configuration Settings” on page 2-9.

• “Configuring Power over Ethernet” on page 2-10.

• VLAN Learning under “Displaying Bridge Extension Capabilities” on page 3-16.

• Removal of default IP address under “Setting the Switch’s IP Address” on page 3-17.

• Change to jumbo frame size under “Enabling Jumbo Frames” on page 3-20.

• “Managing Firmware” on page 3-21.

• Command Usage and Command Attributes under “Specifying Trap Managers and Trap
Types” on page 3-43.

• NAS IP Address under “Configuring Local/Remote Logon Authentication” on page 3-59.

• Size of Secret Text String under “Configuring Encryption Keys” on page 3-64.

• Private Password under “Replacing the Default Secure-site Certificate” on page 3-78.

• Public Key Type under “Importing User Public Keys” on page 3-84.

• Command Usage under “Configuring Port Security” on page 3-97.

• Notes under “Web Authentication” on page 3-98.

• Note under “Network Access (MAC Address Authentication)” on page 3-102.

• Guest VLAN, Dynamic VLAN, and removal of Dynamic QoS under “Configuring MAC
Authentication for Ports” on page 3-104.

• Removed Security, Network Access, Port Link Detection Configuration web page.

• Command Usage under “Access Control Lists” on page 3-108.

• Removed references to static bindings for DHCP Snooping under “DHCP Snooping” on
page 3-116.

• Command Usage and Command Attributes under “Configuring VLANs for DHCP
Snooping” on page 3-118.

vi

• Command Usage and Command Attributes under “Configuring the DHCP Snooping
Information Option” on page 3-118.

• Command Usage under “Configuring Ports for DHCP Snooping” on page 3-120.

• Command Usage under “IP Source Guard” on page 3-123.

• Command Usage under “Configuring Static Binding for IP Source Guard” on page
3-125.

• Command Usage and Command Attributes under “Configuring Interface Connections”
on page 3-130.

• “Configuring Parameters for LACP Groups” on page 3-141.

• Flooding Behavior Field Attributes under STA - “Displaying Global Settings” on page
3-168.

• Spanning Tree BPDU Flooding Command Attribute under STA - “Configuring Global
Settings” on page 3-171.

• BPDU Flooding Field Attribute under “Displaying Interface Settings” on page 3-175.

• Admin Path Cost Command Attribute under “Configuring Interface Settings” on page
3-178.

• Forwarding Tagged/Untagged Frames under “IEEE 802.1Q VLANs” on page 3-187.

• Untagged Command Attribute under “Adding Static Members to VLANs (VLAN Index)”
on page 3-195.

• Ingress Filtering Command Attribute under “Configuring VLAN Behavior for Interfaces”
on page 3-198.

• Mode Access Command Attribute under “Configuring VLAN Behavior for Interfaces” on
page 3-198.

• 802.1Q Tunnel Status Command Attribute under “Enabling QinQ Tunneling on the
Switch” on page 3-204.

• “Traffic Segmentation” on page 3-206.

• Removed Isolated VLAN option from “Private VLANs” on page 3-209.

• Introduction and Command Usage under “Protocol VLANs” on page 3-214.

• Command Usage under “Configuring the Protocol VLAN System” on page 3-216.

• Field Attributes under “Displaying LLDP Local Device Information” on page 3-222.

• Field Attributes under “Displaying LLDP Remote Port Information” on page 3-225.

• Field Attributes under “Displaying LLDP Remote Information Details” on page 3-226.

• Introduction and Field Attributes under “Displaying Device Statistics” on page 3-228.

• Field Attributes under “Displaying Detailed Device Statistics” on page 3-229.

• Introduction, Command Usage and Command Attributes under “Selecting the Queue
Mode” on page 3-234.

• Introduction under “Setting the Service Weight for Traffic Classes” on page 3-234.

• “Mapping Layer 3/4 Priorities to CoS Values” on page 3-235.

• Action Command Attribute under “Creating QoS Policies” on page 3-242.

• Introduction under “Multicast Filtering” on page 3-251.

• Introduction and Command Usage under “Enabling IGMP Immediate Leave” on page
3-255.

• New Multicast Address Range List Command Attribute under “Configuring IGMP Filter
Profiles” on page 3-262.

• Command Usage and MVR Running Status Command Attribute under “Configuring
Global MVR Settings” on page 3-266.

vii

• Command Usage and Command Attributes under “Configuring MVR Interface Status”
on page 3-270.

• Command Usage under “Switch Clustering” on page 3-273.

• Introduction under “UPnP” on page 3-277.

• Command Usage under “jumbo frame” on page 4-33.

• Command Usage under “copy” on page 4-35.

• Syntax under “show log” on page 4-55.

• Using Switch Clustering under “Switch Cluster Commands” on page 4-73.

• Introduction under “UPnP Commands” on page 4-77.

• “Debug Commands” on page 4-80.

• Syntax for “radius-server host” on page 4-105.

• Introduction, Default Setting and Command Usage under “radius-server attribute 4” on
page 4-107.

• Syntax for “radius-server key” on page 4-107.

• Syntax for “tacacs-server host” on page 4-110.

• Syntax for “tacacs-server key” on page 4-111.

• Introduction for “aaa group server” on page 4-114.

• Syntax for “show accounting” on page 4-122.

• “ip telnet server” on page 4-126.

• Authentication section of Configuration Guidelines under “Secure Shell Commands” on
page 4-127.

• Command Usage under “dot1x re-authenticate” on page 4-140.

• Command Usage under “dot1x re-authentication” on page 4-140.

• Command Usage under “port security” on page 4-149.

• Introduction under “Network Access (MAC Address Authentication)” on page 4-150.

• Removed network-access dynamic-qos, network-access link-detection,
network-access link-detection link-down, network-access link-detection link-up, and
network-access link-detection link-up-down commands from “Network Access (MAC
Address Authentication)” on page 4-150.

• Removed web-auth login-fail-page-url, web-auth login-page-url, and web-auth
login-success-page-url commands from “Web Authentication” on page 4-159.

• Command Usage under “ip dhcp snooping information option” on page 4-169.

• Removed reference to static DHCP Snooping entries from Command Usage under “ip
source-guard” on page 4-172 and “ip source-guard binding” on page 4-174.

• Introduction, Syntax and Command Usage under “permit, deny (Extended ACL)” on
page 4-179.

• Removed Command Usage from “ACL Information” on page 4-187.

• Command Usage under “speed-duplex” on page 4-189.

• “media-type” on page 4-193.

• “giga-phy-mode” on page 4-194.

• Default Setting under “switchport packet-rate” on page 4-195.

• “lacp active/passive” on page 4-209.

• Software Version parameter in Table 4-60, “show power mainpower parameters,” on
page 4-218.

• Syntax and Command Usage under “port monitor” on page 4-219.

• “spanning-tree system-bpdu-flooding” on page 4-231.

• Syntax and Default Setting under “spanning-tree cost” on page 4-237.

viii

• “spanning-tree port-bpdu-flooding” on page 4-240.

• Syntax and Default Setting under “spanning-tree mst cost” on page 4-244.

• Syntax for “switchport mode” on page 4-257.

• Removed note under “switchport ingress-filtering” on page 4-258.

• Removed note under “switchport allowed vlan” on page 4-260.

• Command Usage under “switchport allowed vlan” on page 4-260.

• Syntax for “show vlan” on page 4-262.

• Limitations for QinQ under “Configuring IEEE 802.1Q Tunneling” on page 4-263.

• Command Usage under “switchport dot1q-tunnel mode” on page 4-264.

• “Configuring Port-based Traffic Segmentation” on page 4-267.

• Removed references to isolated VLAN option from “Configuring Private VLANs” on
page 4-271 and related commands which had supported this option.

• Removed switchport private-vlan isolated command.

• Command Usage under “switchport voice vlan” on page 4-282.

• Command Usage under “queue mode” on page 4-308.

• Removed queue bandwidth command.

• Configuration guidelines under “Quality of Service Commands” on page 4-316.

• Introduction and Syntax for “set” on page 4-320.

• Command Usage under “mvr (Global Configuration)” on page 4-341.

• Command Usage under “mvr (Interface Configuration)” on page 4-343.

• Command Usage under “ip default-gateway” on page 4-348.

• General Security Measures under “Software Specifications” on page A-1.

• Updated entries for Standards under “Software Specifications” on page A-1.

• Updated entries for Management Information Bases under “Software Specifications” on
page A-1.

April 2008 Revision

This was the first revision of this guide for the Ubigate iES4028FP.

ix

This page is intentionally left blank.

x

Contents

Chapter 1: Introduction 1-1

Key Features 1-2
Description of Software Features 1-3
System Defaults 1-7

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4

Manual Configuration 2-5
Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-7
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8

Managing System Files 2-8

Saving Configuration Settings 2-9

Configuring Power over Ethernet 2-10

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2

Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-12

Displaying System Information 3-12

Displaying Switch Hardware/Software Versions 3-14

Displaying Bridge Extension Capabilities 3-16

Setting the Switch’s IP Address 3-17

Manual Configuration 3-18
Using DHCP/BOOTP 3-19

Enabling Jumbo Frames 3-20

xi

Contents

Managing Firmware 3-21

Downloading System Software from a Server 3-22

Saving or Restoring Configuration Settings 3-23

Downloading Configuration Settings from a Server 3-24
Console Port Settings 3-25
Telnet Settings 3-27
Configuring Event Logging 3-29

System Log Configuration 3-29

Remote Log Configuration 3-30

Displaying Log Messages 3-32

Sending Simple Mail Transfer Protocol Alerts 3-32
Resetting the System 3-34
Setting the System Clock 3-35

Setting the Time Manually 3-36

Configuring SNTP 3-36

Configuring NTP 3-37

Setting the Time Zone 3-39

Simple Network Management Protocol 3-40

Enabling SNMP Agent Status 3-41
Setting Community Access Strings 3-42
Specifying Trap Managers and Trap Types 3-43
Configuring SNMPv3 Management Access 3-46

Setting the Local Engine ID 3-46

Specifying a Remote Engine ID 3-47

Configuring SNMPv3 Users 3-48

Configuring Remote SNMPv3 Users 3-50

Configuring SNMPv3 Groups 3-52

Setting SNMPv3 Views 3-55

User Authentication 3-57

Configuring User Accounts 3-58
Configuring Local/Remote Logon Authentication 3-59
Configuring Encryption Keys 3-64
AAA Authorization and Accounting 3-65

Configuring AAA RADIUS Group Settings 3-66

Configuring AAA TACACS+ Group Settings 3-67

Configuring AAA Accounting 3-67

AAA Accounting Update 3-69

AAA Accounting 802.1X Port Settings 3-70

AAA Accounting Exec Command Privileges 3-71

AAA Accounting Exec Settings 3-72

AAA Accounting Summary 3-72

Authorization Settings 3-74

Authorization EXEC Settings 3-75

Authorization Summary 3-76

xii

Contents

Configuring HTTPS 3-77

Replacing the Default Secure-site Certificate 3-78

Configuring the Secure Shell 3-79

Generating the Host Key Pair 3-82
Importing User Public Keys 3-84
Configuring the SSH Server 3-86

Configuring 802.1X Port Authentication 3-88

Displaying 802.1X Global Settings 3-89
Configuring 802.1X Global Settings 3-90
Configuring Port Settings for 802.1X 3-90
Displaying 802.1X Statistics 3-93

Filtering IP Addresses for Management Access 3-94

General Security Measures 3-96

Configuring Port Security 3-97
Web Authentication 3-98

Configuring Web Authentication 3-99
Configuring Web Authentication for Ports 3-100
Displaying Web Authentication Port Information 3-101
Re-authenticating Web Authenticated Ports 3-101

Network Access (MAC Address Authentication) 3-102

Configuring the MAC Authentication Reauthentication Time 3-103
Configuring MAC Authentication for Ports 3-104
Displaying Secure MAC Address Information 3-106

MAC Authentication 3-107

Configuring MAC authentication parameters for ports 3-107

Access Control Lists 3-108

Setting the ACL Name and Type 3-109
Configuring a Standard IP ACL 3-110
Configuring an Extended IP ACL 3-111
Configuring a MAC ACL 3-113
Binding a Port to an Access Control List 3-115

DHCP Snooping 3-116

Configuring DHCP Snooping 3-117
Configuring VLANs for DHCP Snooping 3-118
Configuring the DHCP Snooping Information Option 3-118
Configuring Ports for DHCP Snooping 3-120
Displaying DHCP Snooping Binding Information 3-122

IP Source Guard 3-123

Configuring Ports for IP Source Guard 3-123
Configuring Static Binding for IP Source Guard 3-125
Displaying Information for Dynamic IP Source Guard Bindings 3-126

Port Configuration 3-128

Displaying Connection Status 3-128
Configuring Interface Connections 3-130

xiii

Contents

Creating Trunk Groups 3-134

Statically Configuring a Trunk 3-135

Enabling LACP on Selected Ports 3-136

Configuring Parameters for LACP Group Members 3-138

Configuring Parameters for LACP Groups 3-141

Displaying LACP Port Counters 3-142

Displaying LACP Settings and Status for the Local Side 3-143

Displaying LACP Settings and Status for the Remote Side 3-145
Setting Broadcast Storm Thresholds 3-147
Setting Multicast Storm Thresholds 3-149
Setting Unknown Unicast Storm Thresholds 3-150
Configuring Port Mirroring 3-151
Configuring Rate Limits 3-152

Rate Limit Configuration 3-152
Showing Port Statistics 3-153

Power Over Ethernet Settings 3-157

Switch Power Status 3-158
Setting a Switch Power Budget 3-159
Displaying Port Power Status 3-159
Configuring Port PoE Power 3-160

Address Table Settings 3-162

Setting Static Addresses 3-162
Displaying the Address Table 3-163
Changing the Aging Time 3-164

Spanning Tree Algorithm Configuration 3-165

Configuring Port and Trunk Loopback Detection 3-167
Displaying Global Settings 3-168
Configuring Global Settings 3-171
Displaying Interface Settings 3-175
Configuring Interface Settings 3-178
Configuring Multiple Spanning Trees 3-181
Displaying Interface Settings for MSTP 3-184
Configuring Interface Settings for MSTP 3-186

VLAN Configuration 3-187

IEEE 802.1Q VLANs 3-187

Enabling or Disabling GVRP (Global Setting) 3-190

Displaying Basic VLAN Information 3-191

Displaying Current VLANs 3-192

Creating VLANs 3-193

Adding Static Members to VLANs (VLAN Index) 3-195

Adding Static Members to VLANs (Port Index) 3-197

Configuring VLAN Behavior for Interfaces 3-198
Configuring IEEE 802.1Q Tunneling 3-200

Enabling QinQ Tunneling on the Switch 3-204

Adding an Interface to a QinQ Tunnel 3-205

xiv

Contents

Traffic Segmentation 3-206

Configuring Global Settings for Traffic Segmentation 3-207
Configuring Traffic Segmentation Sessions 3-207

Private VLANs 3-209

Displaying Current Private VLANs 3-209
Configuring Private VLANs 3-210
Associating VLANs 3-211
Displaying Private VLAN Interface Information 3-212
Configuring Private VLAN Interfaces 3-213

Protocol VLANs 3-214

Configuring Protocol VLAN Groups 3-215
Configuring the Protocol VLAN System 3-216

Link Layer Discovery Protocol 3-217

Setting LLDP Timing Attributes 3-217
Configuring LLDP Interface Attributes 3-219
Displaying LLDP Local Device Information 3-222
Displaying LLDP Remote Port Information 3-225
Displaying LLDP Remote Information Details 3-226
Displaying Device Statistics 3-228
Displaying Detailed Device Statistics 3-229

Class of Service Configuration 3-230

Layer 2 Queue Settings 3-231

Setting the Default Priority for Interfaces 3-231
Mapping CoS Values to Egress Queues 3-232
Selecting the Queue Mode 3-234
Setting the Service Weight for Traffic Classes 3-234

Layer 3/4 Priority Settings 3-235

Mapping Layer 3/4 Priorities to CoS Values 3-235
Enabling IP DSCP Priority 3-236
Mapping DSCP Priority 3-237

Quality of Service 3-238

Configuring Quality of Service Parameters 3-239

Configuring a Class Map 3-239
Creating QoS Policies 3-242
Attaching a Policy Map to Ingress Queues 3-245

VoIP Traffic Configuration 3-246

Configuring VoIP Traffic 3-246
Configuring VoIP Traffic Ports 3-247
Configuring Telephony OUI 3-249

Multicast Filtering 3-251

Layer 2 IGMP (Snooping and Query) 3-252

Configuring IGMP Snooping and Query Parameters 3-253
Enabling IGMP Immediate Leave 3-255
Displaying Interfaces Attached to a Multicast Router 3-256
Specifying Static Interfaces for a Multicast Router 3-257

xv

Contents

Displaying Port Members of Multicast Services 3-258

Assigning Ports to Multicast Services 3-259
IGMP Filtering and Throttling 3-260

Enabling IGMP Filtering 3-261

Configuring IGMP Filter Profiles 3-262

Configuring IGMP Filtering and Throttling for Interfaces 3-263

Multicast VLAN Registration 3-265

Configuring Global MVR Settings 3-266
Displaying MVR Interface Status 3-267
Displaying Port Members of Multicast Groups 3-268
Configuring MVR Interface Status 3-270
Assigning Static Multicast Groups to Interfaces 3-271

Switch Clustering 3-273

Configuring General Settings for Clusters 3-273
Configuring Cluster Members 3-274
Displaying Information on Cluster Members 3-275
Displaying Information on Cluster Candidates 3-276

UPnP 3-277

UPnP Configuration 3-278

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-2

Entering Commands 4-3

Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-5
Exec Commands 4-6
Configuration Commands 4-7
Command Line Processing 4-8

Command Groups 4-9
General Commands 4-10

enable 4-11
disable 4-11
configure 4-12
show history 4-12

xvi

Contents

reload 4-13
show reload 4-14
prompt 4-14
end 4-15
exit 4-15
quit 4-16

System Management Commands 4-16

Device Designation Commands 4-17

hostname 4-17

Banner Information Commands 4-18

banner configure 4-18
banner configure company 4-19
banner configure dc-power-info 4-20
banner configure department 4-21
banner configure equipment-info 4-21
banner configure equipment-location 4-22
banner configure ip-lan 4-23
banner configure lp-number 4-23
banner configure manager-info 4-24
banner configure mux 4-25
banner configure note 4-25
show banner 4-26

System Status Commands 4-27

show startup-config 4-27
show running-config 4-29
show system 4-31
show users 4-31
show version 4-32
show memory 4-33

Frame Size Commands 4-33

jumbo frame 4-33

File Management Commands 4-34

copy 4-35
delete 4-37
dir 4-38
whichboot 4-39
boot system 4-39

Line Commands 4-40

line 4-41
login 4-41
password 4-42
timeout login response 4-43
exec-timeout 4-44
password-thresh 4-44
silent-time 4-45

xvii

Contents

databits 4-46

parity 4-46

speed 4-47

stopbits 4-47

disconnect 4-48

show line 4-48
Event Logging Commands 4-49

logging on 4-49

logging history 4-50

logging host 4-51

logging facility 4-51

logging trap 4-52

clear log 4-53

show logging 4-53

show log 4-55
SMTP Alert Commands 4-56

logging sendmail host 4-56

logging sendmail level 4-57

logging sendmail source-email 4-57

logging sendmail destination-email 4-58

logging sendmail 4-58

show logging sendmail 4-58
Time Commands 4-59

sntp client 4-60

sntp server 4-61

sntp poll 4-61

show sntp 4-62

ntp client 4-62

ntp server 4-63

ntp poll 4-64

ntp authenticate 4-64

ntp authentication-key 4-65

show ntp 4-66

clock timezone-predefined 4-67

clock timezone 4-67

clock summer-time (date) 4-68

clock summer-time (predefined) 4-69

clock summer-time (recurring) 4-70

calendar set 4-72

show calendar 4-72
Switch Cluster Commands 4-73

cluster 4-73

cluster commander 4-74

cluster ip-pool 4-75

cluster member 4-75

xviii

Contents

rcommand 4-76
show cluster 4-76
show cluster members 4-77
show cluster candidates 4-77

UPnP Commands 4-77

upnp device 4-78
upnp device ttl 4-78
upnp device advertise duration 4-79
show upnp 4-79

Debug Commands 4-80

debug dot1x 4-80
debug radius 4-82
debug tacacs 4-84

SNMP Commands 4-86

snmp-server 4-86
show snmp 4-87
snmp-server community 4-88
snmp-server contact 4-88
snmp-server location 4-89
snmp-server host 4-90
snmp-server enable traps 4-92
snmp-server engine-id 4-93
show snmp engine-id 4-94
snmp-server view 4-94
show snmp view 4-95
snmp-server group 4-96
show snmp group 4-97
snmp-server user 4-98
show snmp user 4-99

Authentication Commands 4-100

User Account Commands 4-100

username 4-101
enable password 4-102

Authentication Sequence 4-103

authentication login 4-103
authentication enable 4-104

RADIUS Client 4-105

radius-server host 4-105
radius-server auth-port 4-106
radius-server acct-port 4-106
radius-server attribute 4 4-107
radius-server key 4-107
radius-server retransmit 4-108
radius-server timeout 4-108
show radius-server 4-109

xix

Contents

TACACS+ Client 4-109

tacacs-server host 4-110

tacacs-server port 4-110

tacacs-server key 4-111

tacacs-server retransmit 4-111

tacacs-server timeout 4-112

show tacacs-server 4-113
AAA Commands 4-114

aaa group server 4-114

server 4-115

aaa accounting dot1x 4-116

aaa accounting exec 4-117

aaa accounting commands 4-118

aaa accounting update 4-119

accounting dot1x 4-119

accounting exec 4-120

accounting commands 4-120

aaa authorization exec 4-121

authorization exec 4-122

show accounting 4-122
Web Server Commands 4-123

ip http port 4-123

ip http server 4-124

ip http secure-server 4-124

ip http secure-port 4-125
Telnet Server Commands 4-126

ip telnet server 4-126
Secure Shell Commands 4-127

ip ssh server 4-129

ip ssh timeout 4-130

ip ssh authentication-retries 4-131

ip ssh server-key size 4-131

delete public-key 4-132

ip ssh crypto host-key generate 4-132

ip ssh crypto zeroize 4-133

ip ssh save host-key 4-133

show ip ssh 4-134

show ssh 4-134

show public-key 4-135

802.1X Port Authentication 4-137

dot1x system-auth-control 4-137

dot1x default 4-138

dot1x max-req 4-138

dot1x port-control 4-138

dot1x operation-mode 4-139

xx

Contents

dot1x re-authenticate 4-140
dot1x re-authentication 4-140
dot1x timeout quiet-period 4-141
dot1x timeout re-authperiod 4-141
dot1x timeout tx-period 4-142
dot1x intrusion-action 4-142
show dot1x 4-143

Management IP Filter Commands 4-146

management 4-146
show management 4-147

General Security Measures 4-148

Port Security Commands 4-149

port security 4-149

Network Access (MAC Address Authentication) 4-150

network-access aging 4-151
network-access mode 4-152
network-access max-mac-count 4-153
network-access dynamic-vlan 4-153
network-access guest-vlan 4-154
mac-authentication reauth-time 4-155
mac-authentication intrusion-action 4-155
mac-authentication max-mac-count 4-156
clear network-access 4-156
show network-access 4-157
show network-access mac-address-table 4-158

Web Authentication 4-159

web-auth login-attempts 4-159
web-auth quiet-period 4-160
web-auth session-timeout 4-160
web-auth system-auth-control 4-161
web-auth 4-161
web-auth re-authenticate (Port) 4-162
web-auth re-authenticate (IP) 4-162
show web-auth 4-163
show web-auth interface 4-163
show web-auth summary 4-164

DHCP Snooping Commands 4-164

ip dhcp snooping 4-165
ip dhcp snooping vlan 4-167
ip dhcp snooping trust 4-167
ip dhcp snooping verify mac-address 4-168
ip dhcp snooping information option 4-169
ip dhcp snooping information policy 4-170
ip dhcp snooping database flash 4-170
clear ip dhcp snooping database flash 4-171

xxi

Contents

show ip dhcp snooping 4-171

show ip dhcp snooping binding 4-171
IP Source Guard Commands 4-172

ip source-guard 4-172

ip source-guard binding 4-174

show ip source-guard 4-175

show ip source-guard binding 4-175

Access Control List Commands 4-176

IP ACLs 4-176

access-list ip 4-177

permit, deny (Standard ACL) 4-178

permit, deny (Extended ACL) 4-179

show ip access-list 4-181

ip access-group 4-181

show ip access-group 4-182
MAC ACLs 4-182

access-list mac 4-183

permit, deny (MAC ACL) 4-184

show mac access-list 4-185

mac access-group 4-186

show mac access-group 4-186
ACL Information 4-187

show access-list 4-187

show access-group 4-187

Interface Commands 4-188

interface 4-188
description 4-189
speed-duplex 4-189
negotiation 4-190
capabilities 4-191
flowcontrol 4-192
media-type 4-193
giga-phy-mode 4-194
shutdown 4-195
switchport packet-rate 4-195
clear counters 4-196
show interfaces status 4-197
show interfaces counters 4-198
show interfaces switchport 4-199

Link Aggregation Commands 4-202

channel-group 4-203
lacp 4-204
lacp system-priority 4-205
lacp admin-key (Ethernet Interface) 4-206
lacp admin-key (Port Channel) 4-207

xxii

Contents

lacp port-priority 4-208
lacp active/passive 4-209
show lacp 4-209

Power over Ethernet Commands 4-213

power mainpower maximum allocation 4-214
power inline compatible 4-214
power inline 4-215
power inline maximum allocation 4-216
power inline priority 4-216
show power inline status 4-217
show power mainpower 4-218

Mirror Port Commands 4-219

port monitor 4-219
show port monitor 4-220

Rate Limit Commands 4-221

rate-limit 4-221

Address Table Commands 4-222

mac-address-table static 4-222
clear mac-address-table dynamic 4-223
show mac-address-table 4-224
mac-address-table aging-time 4-225
show mac-address-table aging-time 4-225

Spanning Tree Commands 4-226

spanning-tree 4-227
spanning-tree mode 4-228
spanning-tree forward-time 4-229
spanning-tree hello-time 4-229
spanning-tree max-age 4-230
spanning-tree priority 4-231
spanning-tree system-bpdu-flooding 4-231
spanning-tree pathcost method 4-232
spanning-tree transmission-limit 4-232
spanning-tree mst configuration 4-233
mst vlan 4-233
mst priority 4-234
name 4-235
revision 4-235
max-hops 4-236
spanning-tree spanning-disabled 4-236
spanning-tree cost 4-237
spanning-tree port-priority 4-238
spanning-tree edge-port 4-239
spanning-tree portfast 4-240
spanning-tree port-bpdu-flooding 4-240
spanning-tree link-type 4-241

xxiii

Contents

spanning-tree loopback-detection 4-242
spanning-tree loopback-detection release-mode 4-242
spanning-tree loopback-detection trap 4-243
spanning-tree mst cost 4-244
spanning-tree mst port-priority 4-245
spanning-tree protocol-migration 4-245
show spanning-tree 4-246
show spanning-tree mst configuration 4-248

VLAN Commands 4-248

GVRP and Bridge Extension Commands 4-249

bridge-ext gvrp 4-249

show bridge-ext 4-250

switchport gvrp 4-250

show gvrp configuration 4-251

show gvrp statistics 4-251

clear gvrp statistics 4-252

garp timer 4-253

show garp timer 4-254
Editing VLAN Groups 4-254

vlan database 4-254

vlan 4-255
Configuring VLAN Interfaces 4-256

interface vlan 4-256

switchport mode 4-257

switchport acceptable-frame-types 4-258

switchport ingress-filtering 4-258

switchport native vlan 4-259

switchport allowed vlan 4-260

switchport forbidden vlan 4-261
Displaying VLAN Information 4-262

show vlan 4-262
Configuring IEEE 802.1Q Tunneling 4-263

dot1q-tunnel system-tunnel-control 4-264

switchport dot1q-tunnel mode 4-264

switchport dot1q-tunnel tpid 4-265

show dot1q-tunnel 4-266
Configuring Port-based Traffic Segmentation 4-267

pvlan 4-267

pvlan uplink/downlink 4-268

pvlan session 4-269

pvlan up-to-up 4-270

show pvlan 4-270
Configuring Private VLANs 4-271

private-vlan 4-272

private vlan association 4-273

xxiv

Contents

switchport mode private-vlan 4-273
switchport private-vlan host-association 4-274
switchport private-vlan mapping 4-275
show vlan private-vlan 4-275

Configuring Protocol-based VLANs 4-276

protocol-vlan protocol-group (Configuring Groups) 4-277
protocol-vlan protocol-group (Configuring VLANs) 4-277
show protocol-vlan protocol-group 4-278
show protocol-vlan protocol-group-vid 4-279

Configuring Voice VLANs 4-279

voice vlan 4-280
voice vlan aging 4-280
voice vlan mac-address 4-281
switchport voice vlan 4-282
switchport voice vlan rule 4-283
switchport voice vlan security 4-283
switchport voice vlan priority 4-284
show voice vlan 4-285

LLDP Commands 4-286

lldp 4-288
lldp holdtime-multiplier 4-288
lldp medFastStartCount 4-289
lldp notification-interval 4-289
lldp refresh-interval 4-290
lldp reinit-delay 4-290
lldp tx-delay 4-291
lldp admin-status 4-292
lldp notification 4-292
lldp mednotification 4-293
lldp basic-tlv management-ip-address 4-294
lldp basic-tlv port-description 4-294
lldp basic-tlv system-capabilities 4-295
lldp basic-tlv system-description 4-295
lldp basic-tlv system-name 4-296
lldp dot1-tlv proto-ident 4-296
lldp dot1-tlv proto-vid 4-297
lldp dot1-tlv pvid 4-297
lldp dot1-tlv vlan-name 4-298
lldp dot3-tlv link-agg 4-298
lldp dot3-tlv mac-phy 4-299
lldp dot3-tlv max-frame 4-299
lldp dot3-tlv poe 4-300
lldp medtlv extpoe 4-300
lldp medtlv inventory 4-301
lldp medtlv location 4-301

xxv

Contents

lldp medtlv med-cap 4-302
lldp medtlv network-policy 4-302
show lldp config 4-303
show lldp info local-device 4-305
show lldp info remote-device 4-306
show lldp info statistics 4-307

Class of Service Commands 4-308

Priority Commands (Layer 2) 4-308

queue mode 4-308

switchport priority default 4-309

queue cos-map 4-310

show queue mode 4-311

show queue bandwidth 4-311

show queue cos-map 4-312
Priority Commands (Layer 3 and 4) 4-313

map ip dscp (Global Configuration) 4-313

map ip dscp (Interface Configuration) 4-313

show map ip dscp 4-315

Quality of Service Commands 4-316

class-map 4-317

match 4-318

policy-map 4-319

class 4-319

set 4-320

police 4-321

service-policy 4-322

show class-map 4-322

show policy-map 4-323

show policy-map interface 4-323

Multicast Filtering Commands 4-324

IGMP Snooping Commands 4-324

ip igmp snooping 4-326

ip igmp snooping vlan static 4-326

ip igmp snooping version 4-327

ip igmp snooping leave-proxy 4-327

ip igmp snooping immediate-leave 4-328

show ip igmp snooping 4-329

show mac-address-table multicast 4-329
IGMP Query Commands (Layer 2) 4-330

ip igmp snooping querier 4-330

ip igmp snooping query-count 4-331

ip igmp snooping query-interval 4-331

ip igmp snooping query-max-response-time 4-332

ip igmp snooping router-port-expire-time 4-333

xxvi

Contents

Static Multicast Routing Commands 4-333

ip igmp snooping vlan mrouter 4-334
show ip igmp snooping mrouter 4-334

IGMP Filtering and Throttling Commands 4-335

ip igmp filter (Global Configuration) 4-336
ip igmp profile 4-336
permit, deny 4-337
range 4-337
ip igmp filter (Interface Configuration) 4-338
ip igmp max-groups 4-339
ip igmp max-groups action 4-339
show ip igmp filter 4-340
show ip igmp profile 4-341
show ip igmp throttle interface 4-341

Multicast VLAN Registration Commands 4-342

mvr (Global Configuration) 4-342
mvr (Interface Configuration) 4-344
show mvr 4-345

IP Interface Commands 4-348

ip address 4-348
ip default-gateway 4-349
ip dhcp restart 4-350
show ip interface 4-350
show ip redirects 4-351
ping 4-351

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xxvii

Contents

This page is intentionally left blank.

xxviii

Tables

Table 1-1 Differences in Switch Models 1-1
Table 1-2 Key Features 1-2
Table 1-3 System Defaults 1-7
Table 3-1 Configuration Options 3-3
Table 3-2 Main Menu 3-4
Table 3-3 Logging Levels 3-29
Table 3-5 Supported Notification Messages 3-52
Table 3-6 HTTPS System Support 3-77
Table 3-7 802.1X Statistics 3-93
Table 3-8 LACP Port Counters 3-142
Table 3-9 LACP Internal Configuration Information 3-143
Table 3-10 LACP Neighbor Configuration Information 3-145
Table 3-11 Port Statistics 3-153
Table 3-12 Recommended STA Path Cost Range 3-179
Table 3-13 Recommended STA Path Costs 3-179
Table 3-14 Default STA Path Costs 3-180
Table 3-15 Chassis ID Subtype 3-222
Table 3-16 System Capabilities 3-223
Table 3-17 Port ID Subtype 3-226
Table 3-18 Mapping CoS Values to Egress Queues 3-232
Table 3-19 CoS Priority Levels 3-232
Table 3-20 Mapping DSCP Priority Values 3-237
Table 4-1 Command Modes 4-6
Table 4-2 Configuration Modes 4-7
Table 4-3 Command Line Processing 4-8
Table 4-4 Command Groups 4-9
Table 4-5 General Commands 4-10
Table 4-6 System Management Commands 4-16
Table 4-7 Device Designation Commands 4-17
Table 4-8 Banner Commands 4-18
Table 4-9 System Status Commands 4-27
Table 4-10 Frame Size Commands 4-33
Table 4-11 Flash/File Commands 4-34
Table 4-12 File Directory Information 4-38
Table 4-13 Line Commands 4-40
Table 4-14 Event Logging Commands 4-49
Table 4-15 Logging Levels 4-50
Table 4-16 show logging flash/ram - display description 4-54
Table 4-17 show logging trap - display description 4-54
Table 4-18 SMTP Alert Commands 4-56
Table 4-19 Time Commands 4-59
Table 4-20 Predefined Summer-Time Parameters 4-70

xxix

Tables

Table 4-21 Switch Cluster Commands 4-73
Table 4-22 Debug Commands 4-80
Table 4-23 SNMP Commands 4-86
Table 4-24 show snmp engine-id - display description 4-94
Table 4-25 show snmp view - display description 4-95
Table 4-26 show snmp group - display description 4-98
Table 4-28 Authentication Commands 4-100
Table 4-29 User Access Commands 4-100
Table 4-27 show snmp user - display description 4-100
Table 4-30 Default Login Settings 4-101
Table 4-31 Authentication Sequence 4-103
Table 4-32 RADIUS Client Commands 4-105
Table 4-33 TACACS Commands 4-109
Table 4-34 Web Server Commands 4-123
Table 4-35 HTTPS System Support 4-125
Table 4-36 Telnet Server Commands 4-126
Table 4-37 SSH Commands 4-127
Table 4-38 show ssh - display description 4-134
Table 4-39 802.1X Port Authentication 4-137
Table 4-40 IP Filter Commands 4-146
Table 4-41 Client Security Commands 4-148
Table 4-42 Port Security Commands 4-149
Table 4-43 Network Access 4-150
Table 4-44 Web Authentication 4-159
Table 4-45 DHCP Snooping Commands 4-164
Table 4-46 IP Source Guard Commands 4-172
Table 4-47 Access Control Lists 4-176
Table 4-48 IP ACLs 4-176
Table 4-49 MAC ACL Commands 4-182
Table 4-50 ACL Information 4-187
Table 4-51 Interface Commands 4-188
Table 4-52 Interfaces Switchport Statistics 4-200
Table 4-53 Link Aggregation Commands 4-202
Table 4-54 show lacp counters - display description 4-210
Table 4-55 show lacp internal - display description 4-211
Table 4-56 show lacp neighbors - display description 4-212
Table 4-57 show lacp sysid - display description 4-213
Table 4-61 Mirror Port Commands 4-219
Table 4-62 Rate Limit Commands 4-221
Table 4-63 Address Table Commands 4-222
Table 4-64 Spanning Tree Commands 4-226
Table 4-65 Port Type 4-237
Table 4-65 IEEE 802.1D-1998 4-237
Table 4-65 IEEE 802.1w-2001 4-237
Table 4-66 Port Type 4-237

xxx