Smc 6128PL2, 6152PL2 Management Guide

Download

Management Guide

SMC6128PL2 SMC6152PL2

TigerSwitchTM 10/100 24-Port 10/100 Switch with PoE, IP Clustering and 4 Gigabit Ports

TigerSwitch 10/100 Management Guide

From SMC's Tiger line of feature-rich workgroup LAN solutions

20 Mason Irvine, CA 92618 Phone: (949) 679-8000

Pub. # 149100000007A

May 2009

E052009-MW-R01

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

Warranty and Product Registration

To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http://www.smc.com.

About This Guide

Purpose

This guide gives specific information on how to operate and use the management functions of the switch.

Audience

The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).

Conventions

The following conventions are used throughout this guide to show information:

Note: Emphasizes important information or calls your attention to related features or

instructions.

Caution: Alerts you to a potential hazard that could cause loss of data, or damage the

system or equipment.

Warning: Alerts you to a potential hazard that could cause personal injury.

Related Publications

The following publication details the hardware features of the switch, including the physical and performance-related characteristics, and how to install the switch:

The Installation Guide

Also, as part of the switch’s software, there is an online web-based help that describes all management related features.

Revision History

This section summarizes the changes in each revision of this guide.

May 2009 Revision

This is the first revision of this guide. This guide is valid for software release v1.3.5.2.

vii

viii

Contents

Chapter 1: Introduction 1-1

Key Features 1-1 Description of Software Features 1-2 System Defaults 1-6

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3 Setting Passwords 2-4 Setting an IP Address 2-4

Manual Configuration 2-4 Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-6 Trap Receivers 2-7 Configuring Access for SNMP Version 3 Clients 2-8

Managing System Files 2-8

Saving Configuration Settings 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1 Navigating the Web Browser Interface 3-2

Home Page 3-2

Configuration Options 3-3 Panel Display 3-3 Main Menu 3-4 Basic Configuration 3-13

Displaying System Information 3-13

Displaying Switch Hardware/Software Versions 3-15

Displaying Bridge Extension Capabilities 3-17

Setting the Switch's IP Address 3-18

Manual Configuration 3-19

Using DHCP/BOOTP 3-20 Enabling Jumbo Frames 3-21 Managing Firmware 3-22

Automatic Operation Code Upgrade 3-22

Contents

Downloading System Software from a Server 3-26

Saving or Restoring Configuration Settings 3-28

Downloading Configuration Settings from a Server 3-29 Uploading and Downloading Files Using HTTP 3-30 Console Port Settings 3-32 Telnet Settings 3-34 Configuring Event Logging 3-36

System Log Configuration 3-36

Remote Log Configuration 3-37

Displaying Log Messages 3-39

Sending Simple Mail Transfer Protocol Alerts 3-39 Resetting the System 3-41 Setting the System Clock 3-42

Setting the Time Manually 3-43

Configuring SNTP 3-43

Configuring NTP 3-44

Setting the Time Zone 3-46

Configuring Summer Time 3-47

Simple Network Management Protocol 3-49

Enabling the SNMP Agent 3-51 Setting Community Access Strings 3-51 Specifying Trap Managers and Trap Types 3-52 Configuring SNMPv3 Management Access 3-55

Setting the Local Engine ID 3-55

Specifying a Remote Engine ID 3-56

Configuring SNMPv3 Users 3-57

Configuring Remote SNMPv3 Users 3-59

Configuring SNMPv3 Groups 3-61

Setting SNMPv3 Views 3-64

Sampling Traffic Flows 3-65

Configuring sFlow Global Parameters 3-66 Configuring sFlow Port Parameters 3-68

User Authentication 3-70

Configuring User Accounts 3-70 Configuring Local/Remote Logon Authentication 3-72 Configuring Encryption Keys 3-75 AAA Authorization and Accounting 3-76

Configuring AAA RADIUS Group Settings 3-77

Configuring AAA TACACS+ Group Settings 3-78

Configuring AAA Accounting 3-78

AAA Accounting Update 3-80

AAA Accounting 802.1X Port Settings 3-81

AAA Accounting Exec Command Privileges 3-82

AAA Accounting Exec Settings 3-83

AAA Accounting Summary 3-83

Contents

Authorization Settings 3-85 Authorization EXEC Settings 3-86 Authorization Summary 3-87

Configuring HTTPS 3-88

Replacing the Default Secure-site Certificate 3-89

Configuring the Secure Shell 3-90

Generating the Host Key Pair 3-93 Importing User Public Keys 3-95 Configuring the SSH Server 3-97

Configuring 802.1X Port Authentication 3-99

Displaying 802.1X Global Settings 3-100 Configuring 802.1X Global Settings 3-101 Configuring Port Settings for 802.1X 3-101 Displaying 802.1X Statistics 3-104

Filtering IP Addresses for Management Access 3-106

General Security Measures 3-108

Configuring Port Security 3-109 Web Authentication 3-110

Configuring Web Authentication 3-111 Configuring Web Authentication for Ports 3-112 Displaying Web Authentication Port Information 3-113 Re-authenticating Web Authenticated Ports 3-113

Network Access (MAC Address Authentication) 3-114

Configuring the MAC Authentication Reauthentication Time 3-116 Configuring MAC Authentication for Ports 3-117 Configuring Port Link Detection 3-119 Displaying Secure MAC Address Information 3-120 MAC Filter Configuration 3-121

Access Control Lists 3-123

Setting the ACL Name and Type 3-124 Configuring a Standard IPv4 ACL 3-125 Configuring an Extended IPv4 ACL 3-125 Configuring a Standard IPv6 ACL 3-128 Configuring an Extended IPv6 ACL 3-129 Configuring a MAC ACL 3-131 Configuring an ARP ACL 3-133 Binding a Port to an Access Control List 3-135

ARP Inspection 3-136

Configuring ARP Inspection 3-136 Displaying ARP Inspection Port Information 3-141

DHCP Snooping 3-143

DHCP Snooping Configuration 3-144 DHCP Snooping VLAN Configuration 3-145 DHCP Snooping Information Option Configuration 3-146 Configuring Ports for DHCP Snooping 3-147

Contents

Displaying DHCP Snooping Binding Information 3-149 IP Source Guard 3-150

Configuring Ports for IP Source Guard 3-150

Configuring Static Binding for IP Source Guard 3-152

Displaying Information for Dynamic IP Source Guard Bindings 3-154

Port Configuration 3-155

Displaying Connection Status 3-155 Configuring Interface Connections 3-157 Creating Trunk Groups 3-160

Statically Configuring a Trunk 3-161

Enabling LACP on Selected Ports 3-162

Configuring Parameters for LACP Group Members 3-164

Configuring Parameters for LACP Groups 3-166

Displaying LACP Port Counters 3-167

Displaying LACP Settings and Status for the Local Side 3-168

Displaying LACP Settings and Status for the Remote Side 3-170 Setting Broadcast Storm Thresholds 3-172 Setting Multicast Storm Thresholds 3-174 Setting Unknown Unicast Storm Thresholds 3-175 Configuring Port Mirroring 3-177 Configuring MAC Address Mirroring 3-178 Configuring Rate Limits 3-179

Rate Limit Configuration 3-179 Showing Port Statistics 3-180

Power Over Ethernet Settings 3-184

Switch Power Status 3-185 Setting a Switch Power Budget 3-186 Displaying Port Power Status 3-186 Configuring Port PoE Power 3-187

Address Table Settings 3-189

Setting Static Addresses 3-189 Displaying the Address Table 3-190 Changing the Aging Time 3-191

Spanning Tree Algorithm Configuration 3-192

Configuring Port and Trunk Loopback Detection 3-194 Displaying Global Settings for STA 3-195 Configuring Global Settings for STA 3-198 Displaying Interface Settings for STA 3-202 Configuring Interface Settings for STA 3-205 Spanning Tree Edge Port Configuration 3-208 Configuring Multiple Spanning Trees 3-210 Displaying Interface Settings for MSTP 3-213 Configuring Interface Settings for MSTP 3-215

VLAN Configuration 3-216

IEEE 802.1Q VLANs 3-216

xii

Contents

Enabling or Disabling GVRP (Global Setting) 3-219 Displaying Basic VLAN Information 3-220 Displaying Current VLANs 3-221 Creating VLANs 3-222 Adding Static Members to VLANs (VLAN Index) 3-224 Adding Static Members to VLANs (Port Index) 3-226 Configuring VLAN Behavior for Interfaces 3-227

Configuring IEEE 802.1Q Tunneling 3-229

Enabling QinQ Tunneling on the Switch 3-233 Adding an Interface to a QinQ Tunnel 3-234

Traffic Segmentation 3-236

Configuring Global Settings for Traffic Segmentation 3-236 Configuring Traffic Segmentation Sessions 3-237

Private VLANs 3-238

Displaying Current Private VLANs 3-238 Configuring Private VLANs 3-239 Associating VLANs 3-240 Displaying Private VLAN Interface Information 3-241 Configuring Private VLAN Interfaces 3-242

Protocol VLANs 3-243

Configuring Protocol VLAN Groups 3-244

Mapping Protocols to VLANs 3-245 Configuring VLAN Mirroring 3-246 Configuring IP Subnet VLANs 3-247 Configuring MAC-based VLANs 3-248

Link Layer Discovery Protocol 3-249

Setting LLDP Timing Attributes 3-249 Configuring LLDP Interface Attributes 3-251 Displaying LLDP Local Device Information 3-254 Displaying LLDP Remote Port Information 3-257 Displaying LLDP Remote Information Details 3-258 Displaying Device Statistics 3-260 Displaying Detailed Device Statistics 3-261

Class of Service Configuration 3-263

Layer 2 Queue Settings 3-263

Setting the Default Priority for Interfaces 3-263

Mapping CoS Values to Egress Queues 3-265

Selecting the Queue Mode 3-266

Displaying the Service Weight for Traffic Classes 3-267 Layer 3/4 Priority Settings 3-269

Mapping Layer 3/4 Priorities to CoS Values 3-269

Enabling IP DSCP Priority 3-269

Mapping DSCP Priority 3-270

Quality of Service 3-272

Configuring Quality of Service Parameters 3-272

xiii

Contents

Configuring a Class Map 3-273 Creating QoS Policies 3-275 Attaching a Policy Map to Ingress Queues 3-278

VoIP Traffic Configuration 3-279

Configuring VoIP Traffic 3-279 Configuring VoIP Traffic Ports 3-280 Configuring Telephony OUI 3-282

Multicast Filtering 3-284

Layer 2 IGMP (Snooping and Query) 3-285

Configuring IGMP Snooping and Query Parameters 3-286 Enabling IGMP Immediate Leave 3-288 Displaying Interfaces Attached to a Multicast Router 3-290 Specifying Static Interfaces for a Multicast Router 3-291 Displaying Port Members of Multicast Services 3-292 Assigning Ports to Multicast Services 3-293

IGMP Filtering and Throttling 3-294

Enabling IGMP Filtering and Throttling 3-294 Configuring IGMP Filter Profiles 3-295 Configuring IGMP Filtering and Throttling for Interfaces 3-297

Multicast VLAN Registration 3-299

Configuring Global MVR Settings 3-300 Displaying MVR Interface Status 3-302 Displaying Port Members of Multicast Groups 3-303 Configuring MVR Interface Status 3-304 Assigning Static Multicast Groups to Interfaces 3-306 Configuring MVR Receiver VLAN and Group Addresses 3-307 Displaying MVR Receiver Groups 3-308 Configuring Static MVR Receiver Group Members 3-309

Domain Name Service 3-310

Configuring General DNS Service Parameters 3-310 Configuring Static DNS Host to Address Entries 3-312 Displaying the DNS Cache 3-314

Switch Clustering 3-315

Configuring General Settings for Clusters 3-315 Cluster Member Configuration 3-317 Displaying Information on Cluster Members 3-318 Cluster Candidate Information 3-319

UPnP 3-320

UPnP Configuration 3-320

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1 Console Connection 4-1

xiv

Contents

Telnet Connection 4-2

Entering Commands 4-3

Keywords and Arguments 4-3 Minimum Abbreviation 4-3 Command Completion 4-3 Getting Help on Commands 4-3 Showing Commands 4-4 Partial Keyword Lookup 4-5 Negating the Effect of Commands 4-5 Using Command History 4-5 Understanding Command Modes 4-6 Exec Commands 4-6 Configuration Commands 4-7 Command Line Processing 4-9

Command Groups 4-10 General Commands 4-11

enable 4-12 disable 4-12 configure 4-13 show history 4-13 reload (Privileged Exec) 4-14 reload (Global Configuration) 4-14 show reload 4-16 prompt 4-16 end 4-16 exit 4-17 quit 4-17

System Management Commands 4-18

Device Designation Commands 4-18

hostname 4-18 Banner Information Commands 4-19

banner configure 4-20

banner configure company 4-21

banner configure dc-power-info 4-22

banner configure department 4-22

banner configure equipment-info 4-23

banner configure equipment-location 4-24

banner configure ip-lan 4-24

banner configure lp-number 4-25

banner configure manager-info 4-26

banner configure mux 4-26

banner configure note 4-27

show banner 4-28 System Status Commands 4-29

show startup-config 4-29

Contents

show running-config 4-30 show system 4-33 show users 4-33 show version 4-34

Frame Size Commands 4-35

jumbo frame 4-35

File Management Commands 4-36

copy 4-37 delete 4-40 dir 4-40 whichboot 4-41 boot system 4-42 upgrade opcode auto 4-42 upgrade opcode path 4-43

Line Commands 4-44

line 4-45 login 4-46 password 4-47 timeout login response 4-48 exec-timeout 4-48 password-thresh 4-49 silent-time 4-50 databits 4-50 parity 4-51 speed 4-52 stopbits 4-52 terminal length 4-53 terminal width 4-53 terminal escape-character 4-54 terminal terminal-type 4-54 terminal history 4-55 disconnect 4-55 show line 4-56

Event Logging Commands 4-57

logging on 4-57 logging history 4-58 logging host 4-59 logging facility 4-59 logging trap 4-60 clear log 4-60 show logging 4-61 show log 4-62

SMTP Alert Commands 4-63

logging sendmail host 4-63 logging sendmail level 4-64

xvi

Contents

logging sendmail source-email 4-64

logging sendmail destination-email 4-65

logging sendmail 4-65

show logging sendmail 4-65 Time Commands 4-67

sntp client 4-68

sntp server 4-69

sntp poll 4-69

show sntp 4-70

ntp client 4-70

ntp server 4-71

ntp poll 4-72

ntp authenticate 4-72

ntp authentication-key 4-73

show ntp 4-74

clock timezone-predefined 4-75

clock timezone 4-75

clock summer-time (date) 4-76

clock summer-time (predefined) 4-77

clock summer-time (recurring) 4-78

calendar set 4-80

show calendar 4-80 Switch Cluster Commands 4-81

cluster 4-81

cluster commander 4-82

cluster ip-pool 4-83

cluster member 4-83

rcommand 4-84

show cluster 4-84

show cluster members 4-85

show cluster candidates 4-85 UPnP Commands 4-85

upnp device 4-86

upnp device ttl 4-86

upnp device advertise duration 4-87

show upnp 4-87

SNMP Commands 4-88

snmp-server 4-89 show snmp 4-90 snmp-server community 4-91 snmp-server contact 4-91 snmp-server location 4-92 snmp-server host 4-93 snmp-server enable traps 4-95 snmp-server engine-id 4-96

xvii

Contents

show snmp engine-id 4-97 snmp-server view 4-97 show snmp view 4-98 snmp-server group 4-99 show snmp group 4-100 snmp-server user 4-101 show snmp user 4-102

Flow Sampling Commands 4-103

sflow 4-104 sflow source 4-104 sflow sample 4-105 sflow polling-interval 4-105 sflow owner 4-106 sflow timeout 4-106 sflow destination 4-107 sflow max-header-size 4-107 sflow max-datagram-size 4-108 show sflow 4-108

Authentication Commands 4-109

User Account and Privilege Level Commands 4-110

username 4-110 enable password 4-111 privilege 4-112 privilege rerun 4-113 show privilege 4-113

Authentication Sequence 4-114

authentication login 4-114 authentication enable 4-115

RADIUS Client 4-116

radius-server host 4-116 radius-server acct-port 4-117 radius-server auth-port 4-117 radius-server key 4-118 radius-server retransmit 4-118 radius-server timeout 4-119 show radius-server 4-120

TACACS+ Client 4-120

tacacs-server host 4-121 tacacs-server port 4-121 tacacs-server key 4-122 tacacs-server retransmit 4-122 tacacs-server timeout 4-123 show tacacs-server 4-123

AAA Commands 4-124

aaa group server 4-124

xviii

Contents

server 4-125

aaa accounting dot1x 4-126

aaa accounting exec 4-127

aaa accounting commands 4-128

aaa accounting update 4-129

accounting dot1x 4-129

accounting exec 4-130

accounting commands 4-130

aaa authorization exec 4-131

authorization exec 4-132

show accounting 4-132 Web Server Commands 4-133

ip http port 4-133

ip http server 4-134

ip http secure-server 4-134

ip http secure-port 4-135 Telnet Server Commands 4-136

ip telnet server 4-136 Secure Shell Commands 4-137

ip ssh server 4-139

ip ssh timeout 4-140

ip ssh authentication-retries 4-140

ip ssh server-key size 4-141

delete public-key 4-141

ip ssh crypto host-key generate 4-142

ip ssh crypto zeroize 4-142

ip ssh save host-key 4-143

show ip ssh 4-143

show ssh 4-144

show public-key 4-145

802.1X Port Authentication 4-146

dot1x system-auth-control 4-146

dot1x default 4-147

dot1x max-req 4-147

dot1x port-control 4-147

dot1x operation-mode 4-148

dot1x re-authenticate 4-149

dot1x re-authentication 4-149

dot1x timeout quiet-period 4-150

dot1x timeout re-authperiod 4-150

dot1x timeout tx-period 4-151

dot1x timeout supp-timeout 4-151

dot1x intrusion-action 4-152

show dot1x 4-153 Management IP Filter Commands 4-156

xix

Contents

management 4-156 show management 4-157

General Security Measures 4-158

Port Security Commands 4-159

port security 4-159

Network Access (MAC Address Authentication) 4-161

network-access aging 4-162 network-access mac-filter 4-162 network-access port-mac-filter 4-163 network-access max-mac-count 4-163 network-access mode 4-164 mac-authentication reauth-time 4-165 mac-authentication intrusion-action 4-166 mac-authentication max-mac-count 4-166 network-access dynamic-vlan 4-167 network-access guest-vlan 4-167 network-access dynamic-qos 4-168 network-access link-detection 4-169 network-access link-detection link-down 4-169 network-access link-detection link-up 4-170 network-access link-detection link-up-down 4-170 clear network-access 4-171 show network-access 4-171 show network-access mac-address-table 4-172 show network-access mac-filter 4-173

Web Authentication 4-174

web-auth login-attempts 4-174 web-auth quiet-period 4-175 web-auth session-timeout 4-175 web-auth system-auth-control 4-176 web-auth 4-176 web-auth re-authenticate (Port) 4-177 web-auth re-authenticate (IP) 4-177 show web-auth 4-178 show web-auth interface 4-178 show web-auth summary 4-179

DHCP Snooping Commands 4-179

ip dhcp snooping 4-180 ip dhcp snooping vlan 4-181 ip dhcp snooping trust 4-182 ip dhcp snooping verify mac-address 4-183 ip dhcp snooping information option 4-184 ip dhcp snooping information policy 4-185 ip dhcp snooping database flash 4-185 clear ip dhcp snooping database flash 4-186

Contents

show ip dhcp snooping 4-186

show ip dhcp snooping binding 4-186 IP Source Guard Commands 4-187

ip source-guard 4-187

ip source-guard binding 4-189

show ip source-guard 4-190

show ip source-guard binding 4-190 ARP Inspection Commands 4-191

ip arp inspection 4-191

ip arp inspection vlan 4-192

ip arp inspection filter 4-193

ip arp inspection validate 4-194

ip arp inspection log-buffer logs 4-195

ip arp inspection trust 4-196

ip arp inspection limit 4-196

show ip arp inspection configuration 4-197

show ip arp inspection interface 4-197

show ip arp inspection vlan 4-198

show ip arp inspection log 4-198

show ip arp inspection statistics 4-199

Access Control List Commands 4-199

IPv4 ACLs 4-200

access-list rule-mode 4-200

access-list ip 4-201

permit, deny (Standard IPv4 ACL) 4-202

permit, deny (Extended IPv4 ACL) 4-203

show ip access-list 4-205

ip access-group 4-205

show ip access-group 4-206 IPv6 ACLs 4-206

access-list ipv6 4-207

permit, deny (Standard IPv6 ACL) 4-208

permit, deny (Extended IPv6 ACL) 4-209

show ipv6 access-list 4-210

ipv6 access-group 4-211

show ipv6 access-group 4-211 ARP ACLs 4-212

access-list arp 4-212

permit, deny (ARP ACL) 4-213

show arp access-list 4-214 MAC ACLs 4-215

access-list mac 4-215

permit, deny (MAC ACL) 4-216

show mac access-list 4-217

mac access-group 4-218

xxi

Contents

show mac access-group 4-218

ACL Information 4-219

show access-list 4-219 show access-group 4-219

Interface Commands 4-220

interface 4-221 description 4-221 speed-duplex 4-222 negotiation 4-223 capabilities 4-224 flowcontrol 4-225 media-type 4-226 giga-phy-mode 4-226 shutdown 4-227 switchport packet-rate 4-228 clear counters 4-229 show interfaces brief 4-229 show interfaces status 4-230 show interfaces counters 4-231 show interfaces switchport 4-232

Automatic Traffic Control Commands 4-234

auto-traffic-control apply-timer 4-237 auto-traffic-control release-timer 4-238 auto-traffic-control 4-238 auto-traffic-control alarm-fire-threshold 4-239 auto-traffic-control alarm-clear-threshold 4-240 auto-traffic-control action 4-241 auto-traffic-control control-release 4-242 snmp-server enable port-traps atc broadcast-alarm-fire 4-242 snmp-server enable port-traps atc multicast-alarm-fire 4-243 snmp-server enable port-traps atc broadcast-alarm-clear 4-243 snmp-server enable port-traps atc multicast-alarm-clear 4-244 snmp-server enable port-traps atc broadcast-control-apply 4-244 snmp-server enable port-traps atc multicast-control-apply 4-245 snmp-server enable port-traps atc broadcast-control-release 4-245 snmp-server enable port-traps atc multicast-control-release 4-246 show auto-traffic-control 4-246 show auto-traffic-control interface 4-247

Link Aggregation Commands 4-248

channel-group 4-249 lacp 4-250 lacp system-priority 4-251 lacp admin-key (Ethernet Interface) 4-252 lacp admin-key (Port Channel) 4-253 lacp port-priority 4-254

xxii

Contents

lacp active/passive 4-255 show lacp 4-255

Mirror Port Commands 4-260

port monitor 4-260 show port monitor 4-261

Rate Limit Commands 4-263

rate-limit 4-263

Power over Ethernet Commands 4-264

power mainpower maximum allocation 4-264 power inline compatible 4-265 power inline 4-266 power inline maximum allocation 4-266 power inline priority 4-267 show power inline status 4-268 show power mainpower 4-269

Address Table Commands 4-269

mac-address-table static 4-270 clear mac-address-table dynamic 4-271 show mac-address-table 4-271 mac-address-table aging-time 4-272 show mac-address-table aging-time 4-272

Spanning Tree Commands 4-274

spanning-tree 4-275 spanning-tree mode 4-276 spanning-tree forward-time 4-277 spanning-tree hello-time 4-277 spanning-tree max-age 4-278 spanning-tree priority 4-279 spanning-tree system-bpdu-flooding 4-279 spanning-tree pathcost method 4-280 spanning-tree transmission-limit 4-280 spanning-tree mst-configuration 4-281 mst vlan 4-281 mst priority 4-282 name 4-283 revision 4-283 max-hops 4-284 spanning-tree spanning-disabled 4-284 spanning-tree cost 4-285 spanning-tree port-priority 4-286 spanning-tree edge-port 4-287 spanning-tree portfast 4-288 spanning-tree bpdu-filter 4-289 spanning-tree bpdu-guard 4-290 spanning-tree port-bpdu-flooding 4-290

xxiii

Contents

spanning-tree root-guard 4-291 spanning-tree link-type 4-292 spanning-tree loopback-detection 4-292 spanning-tree loopback-detection release-mode 4-293 spanning-tree loopback-detection trap 4-294 spanning-tree mst cost 4-294 spanning-tree mst port-priority 4-295 spanning-tree protocol-migration 4-296 show spanning-tree 4-297 show spanning-tree mst configuration 4-299

VLAN Commands 4-299

GVRP and Bridge Extension Commands 4-300

bridge-ext gvrp 4-300 show bridge-ext 4-301 switchport gvrp 4-301 show gvrp configuration 4-302 garp timer 4-302 show garp timer 4-303

Editing VLAN Groups 4-304

vlan database 4-304 vlan 4-305

Configuring VLAN Interfaces 4-306

interface vlan 4-306 switchport mode 4-307 switchport acceptable-frame-types 4-308 switchport ingress-filtering 4-308 switchport native vlan 4-309 switchport allowed vlan 4-310 switchport forbidden vlan 4-311 vlan-trunking 4-311

Displaying VLAN Information 4-313

show vlan 4-313

Configuring IEEE 802.1Q Tunneling 4-314

dot1q-tunnel system-tunnel-control 4-315 switchport dot1q-tunnel mode 4-315 switchport dot1q-tunnel tpid 4-316 show dot1q-tunnel 4-317

Configuring Port-based Traffic Segmentation 4-318

pvlan 4-318 pvlan uplink/downlink 4-319 pvlan session 4-320 pvlan up-to-up 4-321 show pvlan 4-321

Configuring Private VLANs 4-322

private-vlan 4-323

xxiv

Contents

private vlan association 4-324

switchport mode private-vlan 4-324

switchport private-vlan host-association 4-325

switchport private-vlan mapping 4-326

show vlan private-vlan 4-326 Configuring Protocol-based VLANs 4-327

protocol-vlan protocol-group (Configuring Groups) 4-328

protocol-vlan protocol-group (Configuring VLANs) 4-328

show protocol-vlan protocol-group 4-329

show protocol-vlan protocol-group-vid 4-330 Configuring IP Subnet VLANs 4-330

subnet-vlan 4-331

show subnet-vlan 4-331 Configuring MAC Based VLANs 4-332

mac-vlan 4-332

show mac-vlan 4-333 Configuring Voice VLANs 4-334

voice vlan 4-334

voice vlan aging 4-335

voice vlan mac-address 4-336

switchport voice vlan 4-337

switchport voice vlan rule 4-337

switchport voice vlan security 4-338

switchport voice vlan priority 4-339

show voice vlan 4-339

LLDP Commands 4-341

lldp 4-343 lldp holdtime-multiplier 4-343 lldp medFastStartCount 4-344 lldp notification-interval 4-344 lldp refresh-interval 4-345 lldp reinit-delay 4-345 lldp tx-delay 4-346 lldp admin-status 4-347 lldp notification 4-347 lldp mednotification 4-348 lldp basic-tlv management-ip-address 4-349 lldp basic-tlv port-description 4-349 lldp basic-tlv system-capabilities 4-350 lldp basic-tlv system-description 4-350 lldp basic-tlv system-name 4-351 lldp dot1-tlv proto-ident 4-351 lldp dot1-tlv proto-vid 4-352 lldp dot1-tlv pvid 4-352 lldp dot1-tlv vlan-name 4-353

xxv

Contents

lldp dot3-tlv link-agg 4-353 lldp dot3-tlv mac-phy 4-354 lldp dot3-tlv max-frame 4-354 lldp dot3-tlv poe 4-355 lldp medtlv extpoe 4-355 lldp medtlv inventory 4-356 lldp medtlv location 4-356 lldp medtlv med-cap 4-357 lldp medtlv network-policy 4-357 show lldp config 4-358 show lldp info local-device 4-360 show lldp info remote-device 4-361 show lldp info statistics 4-362

Class of Service Commands 4-363

Priority Commands (Layer 2) 4-363

queue mode 4-363 switchport priority default 4-364 queue cos-map 4-365 show queue mode 4-366 show queue bandwidth 4-366 show queue cos-map 4-367

Priority Commands (Layer 3 and 4) 4-368

map ip dscp (Global Configuration) 4-368 map ip dscp (Interface Configuration) 4-368 show map ip dscp 4-370

Quality of Service Commands 4-371

class-map 4-372 match 4-373 rename 4-374 description 4-374 policy-map 4-375 police 4-375 set 4-376 police 4-377 service-policy 4-378 show class-map 4-378 show policy-map 4-379 show policy-map interface 4-379

Multicast Filtering Commands 4-380

IGMP Snooping Commands 4-380

ip igmp snooping 4-381 ip igmp snooping vlan static 4-381 ip igmp snooping version 4-382 ip igmp snooping leave-proxy 4-382 ip igmp snooping immediate-leave 4-383

xxvi

Contents

show ip igmp snooping 4-384

show mac-address-table multicast 4-384 IGMP Query Commands (Layer 2) 4-385

ip igmp snooping querier 4-385

ip igmp snooping query-count 4-386

ip igmp snooping query-interval 4-387

ip igmp snooping query-max-response-time 4-387

ip igmp snooping router-port-expire-time 4-388 Static Multicast Routing Commands 4-389

ip igmp snooping vlan mrouter 4-389

show ip igmp snooping mrouter 4-390 IGMP Filtering and Throttling Commands 4-391

ip igmp filter (Global Configuration) 4-391

ip igmp profile 4-392

permit, deny 4-392

range 4-393

ip igmp filter (Interface Configuration) 4-393

ip igmp max-groups 4-394

ip igmp max-groups action 4-395

show ip igmp filter 4-395

show ip igmp profile 4-396

show ip igmp throttle interface 4-396 Multicast VLAN Registration Commands 4-397

mvr (Global Configuration) 4-398

mvr (Interface Configuration) 4-400

show mvr 4-402

Domain Name Service Commands 4-405

ip host 4-405 clear host 4-406 ip domain-name 4-406 ip domain-list 4-407 ip name-server 4-408 ip domain-lookup 4-409 show hosts 4-410 show dns 4-410 show dns cache 4-411 clear dns cache 4-411

IP Interface Commands 4-412

ip address 4-412 ip default-gateway 4-413 ip dhcp restart 4-414 show ip interface 4-414 show ip redirects 4-415 show arp 4-415 ping 4-415

xxvii

Contents

Appendix A: Software Specifications A-1

Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1 Using System Logs B-2

Glossary

Index

xxviii

Tables

Table 1-1 Key Features 1-1 Table 1-2 System Defaults 1-6 Table 3-1 Configuration Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-36 Table 3-4 Supported Notification Messages 3-61 Table 3-5 HTTPS System Support 3-88 Table 3-6 802.1X Statistics 3-104 Table 3-7 Dynamic QoS Profiles 3-115 Table 3-8 LACP Port Counters 3-167 Table 3-9 LACP Internal Configuration Information 3-168 Table 3-10 LACP Neighbor Configuration Information 3-170 Table 3-11 Port Statistics 3-180 Table 3-12 Recommended STA Path Cost Range 3-206 Table 3-13 Recommended STA Path Costs 3-206 Table 3-14 Default STA Path Costs 3-207 Table 3-15 Chassis ID Subtype 3-254 Table 3-16 System Capabilities 3-255 Table 3-17 Port ID Subtype 3-258 Table 3-18 Mapping CoS Values to Egress Queues 3-265 Table 3-19 CoS Priority Levels 3-265 Table 3-20 Mapping DSCP Priority Values 3-270 Table 4-1 Command Modes 4-6 Table 4-2 Configuration Modes 4-8 Table 4-3 Command Line Processing 4-9 Table 4-4 Command Groups 4-10 Table 4-5 General Commands 4-11 Table 4-6 System Management Commands 4-18 Table 4-7 Device Designation Commands 4-18 Table 4-8 Banner Commands 4-19 Table 4-9 System Status Commands 4-29 Table 4-10 Frame Size Commands 4-35 Table 4-11 Flash/File Commands 4-36 Table 4-12 File Directory Information 4-41 Table 4-13 Line Commands 4-44 Table 4-14 Event Logging Commands 4-57 Table 4-15 Logging Levels 4-58 Table 4-16 show logging flash/ram - display description 4-61 Table 4-17 SMTP Alert Commands 4-63 Table 4-18 Time Commands 4-67 Table 4-19 Predefined Summer-Time Parameters 4-78 Table 4-20 Switch Cluster Commands 4-81

xxix

Tables

Table 4-21 SNMP Commands 4-88 Table 4-22 show snmp engine-id - display description 4-97 Table 4-23 show snmp view - display description 4-98 Table 4-24 show snmp group - display description 4-101 Table 4-26 sFlow Commands 4-103 Table 4-25 show snmp user - display description 4-103 Table 4-27 Authentication Commands 4-109 Table 4-28 User Access Commands 4-110 Table 4-29 Default Login Settings 4-110 Table 4-30 Authentication Sequence 4-114 Table 4-31 RADIUS Client Commands 4-116 Table 4-32 TACACS Commands 4-120 Table 4-34 Web Server Commands 4-133 Table 4-35 HTTPS System Support 4-135 Table 4-36 Telnet Server Commands 4-136 Table 4-37 SSH Commands 4-137 Table 4-38 show ssh - display description 4-144 Table 4-39 802.1X Port Authentication 4-146 Table 4-40 IP Filter Commands 4-156 Table 4-41 Client Security Commands 4-158 Table 4-42 Port Security Commands 4-159 Table 4-43 Network Access 4-161 Table 4-44 Dynamic QoS Profiles 4-168 Table 4-45 Web Authentication 4-174 Table 4-46 DHCP Snooping Commands 4-179 Table 4-47 IP Source Guard Commands 4-187 Table 4-48 ARP Inspection Commands 4-191 Table 4-49 Access Control Lists 4-199 Table 4-50 IPv4 ACL Commands 4-200 Table 4-52 ARP ACL Commands 4-212 Table 4-53 MAC ACL Commands 4-215 Table 4-54 ACL Information 4-219 Table 4-55 Interface Commands 4-220 Table 4-56 Interfaces Switchport Statistics 4-233 Table 4-57 ATC Commands 4-234 Table 4-58 Link Aggregation Commands 4-248 Table 4-59 show lacp counters - display description 4-256 Table 4-60 show lacp internal - display description 4-257 Table 4-61 show lacp neighbors - display description 4-258 Table 4-62 show lacp sysid - display description 4-259 Table 4-63 Mirror Port Commands 4-260 Table 4-64 Rate Limit Commands 4-263 Table 4-68 Address Table Commands 4-269 Table 4-69 Spanning Tree Commands 4-274 Table 4-72 Default STA Path Costs 4-286

xxx

Ta bl e s

Table 4-73 VLAN Command Groups 4-299 Table 4-74 GVRP and Bridge Extension Commands 4-300 Table 4-75 Editing VLAN Groups 4-304 Table 4-76 Configuring VLAN Interfaces 4-306 Table 4-77 Show VLAN Commands 4-313 Table 4-78 IEEE 802.1Q Tunneling Commands 4-314 Table 4-79 Traffic Segmentation Commands 4-318 Table 4-80 Traffic Segmentation Forwarding 4-319 Table 4-81 Private VLAN Commands 4-322 Table 4-82 Protocol-based VLAN Commands 4-327 Table 4-83 IP Subnet VLAN Commands 4-330 Table 4-84 IP Subnet VLAN Commands 4-332 Table 4-85 Voice VLAN Commands 4-334 Table 4-86 LLDP Commands 4-341 Table 4-87 Priority Commands 4-363 Table 4-88 Priority Commands (Layer 2) 4-363 Table 4-89 Default CoS Values to Egress Queues 4-365 Table 4-90 Priority Commands (Layer 3 and 4) 4-368 Table 4-91 IP DSCP to CoS Vales 4-369 Table 4-92 Quality of Service Commands 4-371 Table 4-93 Multicast Filtering Commands 4-380 Table 4-94 IGMP Snooping Commands 4-380 Table 4-95 IGMP Query Commands (Layer 2) 4-385 Table 4-96 Static Multicast Routing Commands 4-389 Table 4-97 IGMP Filtering and Throttling Commands 4-391 Table 4-98 Multicast VLAN Registration Commands 4-397 Table 4-100 show mvr interface - display description 4-403 Table 4-99 show mvr - display description 4-403 Table 4-101 show mvr members - display description 4-404 Table 4-102 show mvr receiver members - display description 4-404 Table 4-105 IP Interface Commands 4-412 Table B-1 Troubleshooting Chart B-1

xxxi

Tables

xxxii

Figures

Figure 3-1 Home Page 3-2 Figure 3-2 Panel Display 3-3 Figure 3-3 System Information 3-14 Figure 3-4 Switch Information 3-15 Figure 3-5 Bridge Extension Configuration 3-17 Figure 3-6 Manual IP Configuration 3-19 Figure 3-7 DHCP IP Configuration 3-20 Figure 3-8 Jumbo Frames Configuration 3-21 Figure 3-9 Configuring Automatic Code Upgrade 3-25 Figure 3-10 Copy Firmware 3-26 Figure 3-11 Setting the Startup Code 3-27 Figure 3-12 Deleting Files 3-27 Figure 3-13 Downloading Configuration Settings for Startup 3-29 Figure 3-14 Setting the Startup Configuration Settings 3-29 Figure 3-15 Uploading Files Using HTTP 3-31 Figure 3-16 Downloading Files Using HTTP 3-31 Figure 3-17 Console Port Settings 3-33 Figure 3-18 Enabling Telnet 3-35 Figure 3-19 System Logs 3-37 Figure 3-20 Remote Logs 3-38 Figure 3-21 Displaying Logs 3-39 Figure 3-22 Enabling and Configuring SMTP 3-40 Figure 3-23 Resetting the System 3-42 Figure 3-24 Current Time Configuration 3-43 Figure 3-25 SNTP Configuration 3-44 Figure 3-26 NTP Client Configuration 3-45 Figure 3-27 Setting the System Clock 3-47 Figure 3-28 Summer Time 3-49 Figure 3-29 Enabling SNMP Agent Status 3-51 Figure 3-30 Configuring SNMP Community Strings 3-52 Figure 3-31 Configuring IP Trap Managers 3-54 Figure 3-32 Setting an Engine ID 3-55 Figure 3-33 Setting a Remote Engine ID 3-56 Figure 3-34 Configuring SNMPv3 Users 3-58 Figure 3-35 Configuring Remote SNMPv3 Users 3-60 Figure 3-36 Configuring SNMPv3 Groups 3-63 Figure 3-37 Configuring SNMPv3 Views 3-64 Figure 3-38 sFlow Global Configuration 3-67 Figure 3-39 sFlow Port Configuration 3-69 Figure 3-40 Access Levels 3-71 Figure 3-41 Authentication Settings 3-74 Figure 3-42 Encryption Key Settings 3-76

xxxiii

Figures

Figure 3-43 AAA Radius Group Settings 3-77 Figure 3-44 AAA TACACS+ Group Settings 3-78 Figure 3-45 AAA Accounting Settings 3-79 Figure 3-46 AAA Accounting Update 3-80 Figure 3-47 AAA Accounting 802.1X Port Settings 3-81 Figure 3-48 AAA Accounting Exec Command Privileges 3-82 Figure 3-49 AAA Accounting Exec Settings 3-83 Figure 3-50 AAA Accounting Summary 3-84 Figure 3-51 AAA Authorization Settings 3-86 Figure 3-52 AAA Authorization Exec Settings 3-86 Figure 3-53 AAA Authorization Summary 3-87 Figure 3-54 HTTPS Settings 3-89 Figure 3-55 HTTPS Settings 3-90 Figure 3-56 SSH Host-Key Settings 3-94 Figure 3-57 SSH User Public-Key Settings 3-96 Figure 3-58 SSH Server Settings 3-98 Figure 3-59 802.1X Global Information 3-100 Figure 3-60 802.1X Global Configuration 3-101 Figure 3-61 802.1X Port Configuration 3-102 Figure 3-62 Displaying 802.1X Port Statistics 3-105 Figure 3-63 Creating an IP Filter List 3-107 Figure 3-64 Configuring Port Security 3-110 Figure 3-65 Web Authentication Configuration 3-111 Figure 3-66 Web Authentication Port Configuration 3-112 Figure 3-67 Web Authentication Port Information 3-113 Figure 3-68 Web Authentication Port Re-authentication 3-114 Figure 3-69 Network Access Configuration 3-117 Figure 3-70 Network Access Port Configuration 3-118 Figure 3-71 Network Access Port Link Detection Configuration 3-120 Figure 3-72 Network Access MAC Address Information 3-121 Figure 3-73 Network Access MAC Filter Configuration 3-122 Figure 3-74 Selecting ACL Type 3-124 Figure 3-75 ACL Configuration - Standard IPv4 3-125 Figure 3-76 ACL Configuration - Extended IPv4 3-127 Figure 3-77 ACL Configuration - Standard IPv6 3-128 Figure 3-78 ACL Configuration - Extended IPv6 3-130 Figure 3-79 ACL Configuration - MAC 3-132 Figure 3-80 ACL Configuration - ARP 3-134 Figure 3-81 Configuring ACL Port Binding 3-135 Figure 3-82 Configuring ARP Inspection 3-140 Figure 3-83 Displaying Statistics for ARP Inspection 3-142 Figure 3-84 DHCP Snooping Configuration 3-144 Figure 3-85 DHCP Snooping VLAN Configuration 3-145 Figure 3-86 DHCP Snooping Information Option Configuration 3-147 Figure 3-87 DHCP Snooping Port Configuration 3-148

xxxiv

Figures

Figure 3-88 DHCP Snooping Binding Information 3-149 Figure 3-89 IP Source Guard Port Configuration 3-151 Figure 3-90 Static IP Source Guard Binding Configuration 3-153 Figure 3-91 Dynamic IP Source Guard Binding Information 3-154 Figure 3-92 Displaying Port/Trunk Information 3-155 Figure 3-93 Port/Trunk Configuration 3-159 Figure 3-94 Configuring Static Trunks 3-161 Figure 3-95 LACP Trunk Configuration 3-163 Figure 3-96 LACP Port Configuration 3-165 Figure 3-97 LACP Aggregation Group Configuration 3-167 Figure 3-98 LACP - Port Counters Information 3-168 Figure 3-99 LACP - Port Internal Information 3-169 Figure 3-100 LACP - Port Neighbors Information 3-171 Figure 3-101 Port Broadcast Control 3-173 Figure 3-102 Port Multicast Control 3-175 Figure 3-103 Port Unknown Unicast Control 3-176 Figure 3-104 Mirror Port Configuration 3-177 Figure 3-105 MAC Address Mirror Configuration 3-178 Figure 3-106 Input Rate Limit Port Configuration 3-179 Figure 3-107 Port Statistics 3-183 Figure 3-108 Displaying the Global PoE Status 3-185 Figure 3-109 Setting the Switch Power Budget 3-186 Figure 3-110 Displaying Port PoE Status 3-187 Figure 3-111 Configuring Port PoE Power 3-188 Figure 3-112 Configuring a Static Address Table 3-189 Figure 3-113 Configuring a Dynamic Address Table 3-190 Figure 3-114 Setting the Address Aging Time 3-191 Figure 3-115 Configuring Port Loopback Detection 3-194 Figure 3-116 Displaying Spanning Tree Information 3-197 Figure 3-117 Configuring Spanning Tree 3-201 Figure 3-118 Displaying Spanning Tree Port Information 3-204 Figure 3-119 Configuring Spanning Tree per Port 3-208 Figure 3-120 Configuring Edge Port Parameters 3-209 Figure 3-121 Configuring Multiple Spanning Trees 3-211 Figure 3-122 Displaying MSTP Interface Settings 3-213 Figure 3-123 Displaying MSTP Interface Settings 3-216 Figure 3-124 Globally Enabling GVRP 3-219 Figure 3-125 Displaying Basic VLAN Information 3-220 Figure 3-126 Displaying Current VLANs 3-221 Figure 3-127 Configuring a VLAN Static List 3-223 Figure 3-128 Configuring a VLAN Static Table 3-225 Figure 3-129 VLAN Static Membership by Port 3-226 Figure 3-130 Configuring VLANs per Port 3-228 Figure 3-131 802.1Q Tunnel Status and Ethernet Type 3-233 Figure 3-132 Tunnel Port Configuration 3-235

xxxv

Figures

Figure 3-133 Traffic Segmentation Status Configuration 3-236 Figure 3-134 Traffic Segmentation Session Configuration 3-237 Figure 3-135 Private VLAN Information 3-239 Figure 3-136 Private VLAN Configuration 3-240 Figure 3-137 Private VLAN Association 3-240 Figure 3-138 Private VLAN Port Information 3-241 Figure 3-139 Private VLAN Port Configuration 3-243 Figure 3-140 Protocol VLAN Configuration 3-244 Figure 3-141 Protocol VLAN System Configuration 3-245 Figure 3-142 VLAN Mirror Configuration 3-246 Figure 3-143 IP Subnet VLAN Configuration 3-247 Figure 3-144 MAC-based VLAN Configuration 3-248 Figure 3-145 LLDP Configuration 3-251 Figure 3-146 LLDP Port Configuration 3-253 Figure 3-147 LLDP Local Device Information 3-256 Figure 3-148 LLDP Remote Port Information 3-257 Figure 3-149 LLDP Remote Information Details 3-259 Figure 3-150 LLDP Device Statistics 3-260 Figure 3-151 LLDP Device Statistics Details 3-262 Figure 3-152 Port Priority Configuration 3-264 Figure 3-153 Traffic Classes 3-266 Figure 3-154 Queue Mode 3-267 Figure 3-155 Displaying Queue Scheduling 3-268 Figure 3-156 IP DSCP Priority Status 3-269 Figure 3-157 Mapping IP DSCP Priority Values 3-271 Figure 3-158 Configuring Class Maps 3-274 Figure 3-159 Configuring Policy Maps 3-277 Figure 3-160 Service Policy Settings 3-278 Figure 3-161 Configuring VoIP Traffic 3-280 Figure 3-162 VoIP Traffic Port Configuration 3-281 Figure 3-163 Telephony OUI List 3-283 Figure 3-164 IGMP Configuration 3-287 Figure 3-165 IGMP Immediate Leave 3-289 Figure 3-166 Displaying Multicast Router Port Information 3-290 Figure 3-167 Static Multicast Router Port Configuration 3-291 Figure 3-168 IP Multicast Registration Table 3-292 Figure 3-169 IGMP Member Port Table 3-293 Figure 3-170 Enabling IGMP Filtering and Throttling 3-295 Figure 3-171 IGMP Profile Configuration 3-296 Figure 3-172 IGMP Filter and Throttling Port Configuration 3-298 Figure 3-173 MVR Global Configuration 3-301 Figure 3-174 MVR Port Information 3-302 Figure 3-175 MVR Group IP Information 3-303 Figure 3-176 MVR Port Configuration 3-305 Figure 3-177 MVR Group Member Configuration 3-306

xxxvi

Figures

Figure 3-178 MVR Receiver VLAN Configuration 3-307 Figure 3-179 MVR Receiver Group Address Table 3-308 Figure 3-180 Static MVR Receiver Group Member Configuration 3-309 Figure 3-181 DNS General Configuration 3-311 Figure 3-182 DNS Static Host Table 3-313 Figure 3-183 DNS Cache 3-314 Figure 3-184 Cluster Member Choice 3-315 Figure 3-185 Cluster Configuration 3-316 Figure 3-186 Cluster Member Configuration 3-317 Figure 3-187 Cluster Member Information 3-318 Figure 3-188 Cluster Candidate Information 3-319 Figure 3-189 UPnP Configuration 3-320

xxxvii

Figures

xxxviii

Chapter 1: Introduction

This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.

The Fast Ethernet ports on this switch also support the IEEE 802.3af Power-over-Ethernet (PoE) standard that enables DC power to be supplied to attached devices over the connecting Ethernet cable.

Key Features

Table 1-1 Key Features

Feature Description

Power over Ethernet Powers attached devices using IEEE 802.3af Power over Ethernet (PoE)

Configuration Backup and Restore

Authentication and Security Measures

Access Control Lists Supports IP and MAC ACLs, 100 rules per system

DHCP Client

DNS Client and Proxy service

DHCP Snooping Supported with Option 82 relay information

Port Configuration Speed, duplex mode and flow control

Rate Limiting Input rate limiting per port

Port Mirroring One port mirrored to a single analysis port

Port Trunking Supports up to 8 trunks using either static or dynamic trunking (LACP)

Storm Control Throttling for broadcast, multicast, and unknown unicast storms

Static Address Up to 8K MAC addresses in the forwarding table

Backup to TFTP server

Console, Telnet, web – User name / password, RADIUS, TACACS+,

AAA, ARP inspection Web – HTTPS Telnet – SSH SNMP v1/2c - Community strings SNMP version 3 – MD5 or SHA password Port Authentication – IEEE 802.1X, Port Security – MAC address filtering Private VLANs Network Access – MAC Address Authentication Web Authentication – Web access with RADIUS Authentication DHCP Snooping (with Option 82 relay information) IP Source Guard

1-1

Introduction

Table 1-1 Key Features (Continued)

Feature Description

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward Switching Supported to ensure wire-speed switching while eliminating bad frames

Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple

Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, and private

Traffic Prioritization Default port priority, traffic class map, queue scheduling, or Differentiated

Quality of Service Supports Differentiated Services (DiffServ)

Link Layer Discovery Protocol Used to discover basic information about neighboring devices

Multicast Filtering Supports IGMP snooping and query, as well as Multicast VLAN Registration

Switch Clustering Supports up to 36 member switches in a cluster

Tunneling Supports IEEE 802.1Q tunneling (QinQ)

Spanning Trees (MSTP)

VLANs

Services Code Point (DSCP)

Description of Software Features

The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Storm suppression prevents broadcast, multicast or unknow unicast traffic storms from engulfing the network. Port-based, protocol based and private VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering provides support for real-time network applications. Some of the management features are briefly described below.

Configuration Backup and Restore – You can save the current configuration settings to a file on an FTP/TFTP server or to a management station using a web browser, and later download this file to restore the switch configuration settings.

Authentication – This switch authenticates management access via the console port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1X protocol. This protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1X client, and then verifies the client’s right to access the network via an authentication server.

Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, SNMP Version 3, IP address filtering for SNMP/web/Telnet management access.

1-2

Description of Software Features

MAC address filtering and IP source guard also provide authenticated port access. While DHCP snooping is provided to prevent malicious attacks from insecure ports.

Access Control Lists – ACLs provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames (based on address, next header type, or flow label), or any frames (based on MAC address or Ethernet type). ACLs can be used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols.

Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard (now incorporated in IEEE 802.3-2002).

Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Packets that exceed the acceptable amount of traffic are dropped.

Port Mirroring – The switch can unobtrusively mirror traffic from any port, VLAN or packets with a specified MAC address to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 8 trunks.

Storm Control – Broadcast, multicast and unknown unicast storm suppression prevents traffic from overwhelming the network. When enabled on a port, the level of traffic passing through the port is restricted. If traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.

Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.

IP Address Filtering – Access to insecure ports can be controlled using DHCP Snooping which filters ingress traffic based on static IP addresses and addresses stored in the DHCP Snooping table. Traffic can also be restricted to specific source IP addresses or source IP/MAC address pairs based on static entries or entries stored in the DHCP Snooping table.

1-3

Introduction

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 8K addresses.

Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 4 Mbits for frame buffering. This buffer can queue packets awaiting transmission on congested networks.

Spanning Tree Algorithm – The switch supports these spanning tree protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection and recovery by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1D-2004) – This protocol reduces the convergence time for network topology changes to 3 to 5 seconds, compared to 30 seconds or more for the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1D-2004) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each region, and prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).

Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

• Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.

• Provide data security by restricting all traffic to the originating VLAN.

1-4

Description of Software Features

• Use private VLANs to restrict traffic to pass only between data ports and the uplink

ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured.

• Use protocol VLANs to restrict traffic to specified interfaces based on protocol type.

Note: The switch allows 255 user-manageable VLANs. One other VLAN (VLAN ID 4093)

is reserved for switch clustering.

Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using four priority queues with strict or Weighted Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the DSCP field in the IP frame. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.

Quality of Service – Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.

Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query to manage multicast group registration. It also supports Multicast VLAN Registration (MVR) which allows common multicast traffic, such as television channels, to be transmitted across a single network-wide multicast VLAN shared by hosts residing in other standard or private VLAN groups, while preserving security and data isolation for normal traffic.

be used to provide

IEEE 802.1Q Tunneling (QinQ) – This feature is designed for service providers carrying traffic for multiple customers across their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs. This is accomplished by inserting Service Provider VLAN (SPVLAN) tags into the customer’s frames when they enter the service provider’s network, and then stripping the tags when the frames leave the network.

1-5

Introduction

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-28).

The following table lists some of the basic system defaults.

Table 1-2 System Defaults

Function Parameter Default

Console Port Connection

Authentication and Security Measures

Web Management HTTP Server Enabled

Baud Rate 9600

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Privileged Exec Level Username “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from Normal Exec Level

RADIUS Authentication Disabled

TACACS Authentication Disabled

802.1X Port Authentication Disabled

Web Authentication Disabled

MAC Authentication Disabled

HTTPS Enabled

SSH Disabled

Port Security Disabled

IP Filtering Disabled

DHCP Snooping Disabled

IP Source Guard Disabled (all ports)

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Port Number 443

Password “admin”

Password “guest”

Password “super”

1-6

System Defaults

Table 1-2 System Defaults (Continued)

Function Parameter Default

SNMP Community Strings “public” (read only)

Traps Authentication traps: enabled

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Rate Limiting Input limits Disabled

Port Trunking Static Trunks None

LACP (all ports) Disabled

Storm Protection Status Broadcast: enabled (all ports)

Rate Limit Broadcast: 64 kbits per second

Spanning Tree Algorithm

Address Table Aging Time 300 seconds

Virtual LANs Default VLAN 1

Traffic Prioritization Ingress Port Priority 0

Status Enabled, RSTP

Fast Forwarding (Edge Port) Disabled

PVID 1

Acceptable Frame Type All

Ingress Filtering Enabled

Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames

GVRP (global) Disabled

GVRP (port interface) Disabled

Weighted Round Robin Queue: 0 1 2 3

IP DSCP Priority Disabled

“private” (read/write)

Link-up-down events: enabled

Multicast: disabled Unknown Unicast: disabled

(Defaults: Based on RSTP standard)

Weight: 1 2 4 8

1-7

Introduction

Table 1-2 System Defaults (Continued)

Function Parameter Default

IP Settings IP Address DHCP assigned

Subnet Mask 255.255.255.0

Default Gateway 0.0.0.0

DHCP Client: Enabled

DNS Client/Proxy service: Disabled

BOOTP Disabled

Multicast Filtering IGMP Snooping Snooping: Enabled

Querier: Enabled

Multicast VLAN Registration Disabled

System Log Status Enabled

Messages Logged Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

SMTP Email Alerts Event Handler Enabled (but no server defined)

SNTP Clock Synchronization Disabled

NTP Clock Synchronization Disabled

Switch Clustering Status Enabled

Commander Disabled

1-8

Chapter 2: Initial Configuration

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON (Groups 1, 2, 3, 9), and a web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).

Note: The IP address for this switch is obtained via DHCP by default. To change this

address, see ?$paratext>? on page 2-4.

The switch’s HTTP web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard web browser such as Internet Explorer 5.x or above, Netscape 6.2 or above, and Mozilla Firefox 2.0.0.0 or above. The switch’s web management interface can be accessed from any computer attached to the network.

The CLI program can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.

The switch’s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using network management software such as HP OpenView.

The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

• Set user names and passwords

• Set an IP interface for a management VLAN

• Configure SNMP parameters

• Enable/disable any port

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by limiting input rates

• Control port access through IEEE 802.1X security or static address filtering

• Filter packets using Access Control Lists (ACLs)

• Configure up to 255 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Configure IGMP multicast filtering

• Upload and download system firmware via FTP/TFTP

• Upload and download switch configuration files via FTP/TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

2-1

Initial Configuration

• Configure up to 8 static or LACP trunks

• Enable port mirroring

• Set broadcast, multicast or unknown unicast storm control on any port

• Display system information and statistics

• Configure attached CPEs using the OAM protocol

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC running

terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set the baud rate to 9600 bps.

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows keys.

Notes: 1. Refer to ?$paratext>? on page 4-44 for a complete description of console

For a description of how to use the CLI, see ?$paratext>? on page 4-1. For a list of all the CLI commands and detailed information on using the CLI, refer to ?$paratext>? on page 4-10.

configuration options.

2. Once you have set up the terminal correctly, the console login screen will be displayed.

2-2

Basic Configuration

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol.

The IP address for this switch is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see ?$paratext>? on page 2-4.

Note: This switch supports four concurrent Telnet/SSH sessions.

After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The switch’s command-line interface can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a web browser (Internet Explorer 5.x or above, or Netscape 6.2 or above, or Mozilla Firefox

2.0.0.0), or from a network computer using SNMP network management software.

Note: The onboard program only provides access to basic configuration functions. To

access the full range of SNMP management functions, you must use SNMP-based network management software.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully configure the switch parameters, you must access the CLI at the Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level.

2-3

Initial Configuration

Setting Passwords

Note: If this is your first time to log into the CLI program, you should define new

passwords for both default user names using the “username” command, record them and put them in a safe place.

Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows:

1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>.

Note: ‘0’ specifies a password in plain text, ‘7’ specifies a password in encrypted form.

Username: admin Password:

CLI session with the SMC6128PL2 To end the CLI session, enter [Exit].

Console#configure Console(config)#username guest password 0 [password] 4-110

Console(config)#username admin password 0 [password] Console(config)#

is opened.

* This manual covers both the SMC6128PL2 and SMC6152PL2. Other than the number of ports, there are no

other significant differences. Therefore all of the screen display examples are based on the SMC6128PL2.

Setting an IP Address

You must establish IP address information for the stack to obtain management access through the network. This can be done in either of the following ways:

Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.

Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network.

Manual Configuration

You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.

2-4

Basic Configuration

Note: The IP address for this switch is obtained via DHCP by default.

Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:

• IP address for the switch

• Default gateway for the network

• Network mask for this network

To assign an IP address to the switch, complete the following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP address and “netmask” is the network mask for the network. Press <Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.

4. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1 4-221 Console(config-if)#ip address 192.168.1.5 255.255.255.0 4-412 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 4-413

Dynamic Configuration

If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. Requests will be sent periodically in an effort to obtain IP configuration information. BOOTP and DHCP values can include the IP address, subnet mask, and default gateway. If the DHCP/BOOTP server is slow to respond, you may need to use the “ip dhcp restart” command to re-start broadcasting service requests.

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on.

To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following commands:

• To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>.

• To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

2-5

Initial Configuration

4. If network connections are normaly slow, type “ip dhcp restart” to re-start broadcasting service requests. Press <Enter>.

5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>.

6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1 4-221 Console(config-if)#ip address dhcp 4-412 Console(config-if)#end Console#ip dhcp restart 4-414 Console#show ip interface 4-414

IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: User specified.

Console#copy running-config startup-config 4-37

Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as HP OpenView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.

The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients. To provide management access for version 1 or 2c clients, you must specify a community string. The switch provides a default MIB View (i.e., an SNMPv3 construct) for the default “public” community string that provides read access to the entire MIB tree, and a default view for the “private” community string that provides read/write access to the entire MIB tree. However, you may assign new views to version 1 or 2c community strings that suit your specific security requirements (see page 3-64).

Community Strings (for SNMP version 1 and 2c clients)

Community strings are used to control management access to SNMP version 1 and 2c stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users, and set the access level.

2-6

Basic Configuration

The default strings are:

• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

• private - with read/write access. Authorized management stations are able to both retrieve and modify MIB objects.

To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type

“snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>. (Note that the default mode is read only.)

2. To remove an existing string, simply type “no snmp-server community string,”

where “string” is the community access string to remove. Press <Enter>.

Console(config)#snmp-server community admin rw 4-91 Console(config)#snmp-server community private Console(config)#

Note: If you do not intend to support access to SNMP version 1 and 2c clients, we

recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled.

Trap Receivers

You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, use the “snmp-server host” command. From the Privileged Exec level global configuration mode prompt, type:

“snmp-server host host-address community-string

[version {1 | 2c | 3 {auth | noauth | priv}}]”

where “host-address” is the IP address for the trap receiver, “community-string” specifies access rights for a version 1/2c host, or is the user name of a version 3 host, “version” indicates the SNMP client version, and “auth | noauth | priv” means that authentication, no authentication, or authentication and privacy is used for v3 clients. Then press <Enter>. For a more detailed description of these parameters, see ?$paratext>? on page 4-93. The following example creates a trap host for each type of SNMP client.

Console(config)#snmp-server host 10.1.19.23 batman 4-93 Console(config)#snmp-server host 10.1.19.98 robin version 2c Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth Console(config)#

2-7

Initial Configuration

Configuring Access for SNMP Version 3 Clients

To configure management access for SNMPv3 clients, you need to first create a view that defines the portions of MIB that the client can read or write, assign the view to a group, and then assign the user to a group. The following example creates one view called “mib-2” that includes the entire MIB-2 tree branch, and then another view that includes the IEEE 802.1D bridge MIB. It assigns these respective read and read/write views to a group call “r&d” and specifies group authentication via MD5 or SHA. In the last step, it assigns a v3 user to this group, indicating that MD5 will be used for authentication, provides the password “greenpeace” for authentication, and the password “einstien” for encryption.

Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included 4-97 Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included Console(config)#snmp-server group r&d v3 auth mib-2 802.1d 4-99 Console(config)#snmp-server user steve group r&d v3 auth md5

greenpeace priv des56 einstien 4-101

Console(config)#

For a more detailed explanation on how to configure the switch for access from SNMPv3 clients, refer to ?$paratext>? on page 3-49, or refer to the specific CLI commands for SNMP starting on page 4-88.

Managing System Files

The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.

The three types of files are:

• Configuration — This file type stores system configuration information and is created when configuration settings are saved. Saved configuration files can be selected as a system start-up file or can be uploaded via FTP/TFTP to a server for backup. The file named “Factory_Default_Config.cfg” contains all the system default settings and cannot be deleted from the system. If the system is booted with the factory default settings, the switch will also create a file named “startup1.cfg” that contains all of the system settings for initialization. The configuration settings from the factory defaults configuration file are copied to this file, which is then used to boot the switch. See ?$paratext>? on page 3-28 for more information.

• Operation Code — System software that is executed after boot-up, also known as run-time code. This code runs the switch operations and provides the CLI and web management interfaces. See ?$paratext>? on page 3-22 for more information.

• Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test).

Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration

2-8

Managing System Files

files as available flash memory space allows. The switch has a total of 16 Mbytes of flash memory for system files.

In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded.

Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.

Saving Configuration Settings

Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in non-volatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command.

New startup configuration files must have a name specified. File names on the switch are case-sensitive, can be from 1 to 31 characters, must not contain slashes (\ or /), and the leading letter of the file name must not be a period (.). (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

There can be more than one user-defined configuration file saved in the switch’s flash memory, but only one is designated as the “startup” file that is loaded when the switch boots. The copy running-config startup-config command always sets the new file as the startup file. To select a previously saved configuration file, use the boot system config:<filename> command.

The maximum number of saved configuration files depends on available flash memory, with each configuration file normally requiring less than 20 kbytes. The amount of available flash memory can be checked by using the dir command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config

startup-config” and press <Enter>.

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config 4-37

Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

Console#

2-9

Initial Configuration

2-10

Chapter 3: Configuring the Switch

Using the Web Interface

This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0 or above, Netscape 6.2 or above, or Mozilla Firefox 2.0.0.0 or above).

Note:

You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to Chapter 4:Command Line Interface.”

Prior to accessing the switch from a web browser, be sure you have first performed the following tasks:

1. Configure the switch with a valid IP address, subnet mask, and default gateway

using an out-of-band serial connection, BOOTP or DHCP protocol. (See Setting an IP Address on page 2-4.)

2. Set user names and passwords using an out-of-band serial connection. Access

to the web agent is controlled by the same user names and passwords as the onboard configuration program. (See Setting Passwords on page 2-4)

3. After you enter a user name and password, you will have access to the system

configuration program.

Notes: 1.

You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated.

2. If you log into the web interface as guest (Normal Exec level), you can view

the configuration settings or change the guest password. If you log in as “admin” (Privileged Exec level), you can change the settings on any page.

3. If the path between your management station and this switch does not pass

through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin Edge Port) to improve the switch’s response time to management commands issued through the web interface. See Configuring Interface Settings for STA on page 3-205.

3-1

Configuring the Switch

Navigating the Web Browser Interface

To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”

Home Page

When your web browser connects with the switch’s web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.

Figure 3-1 Home Page

Note: The examples in this chapter are based on the SMC6128PL2. Other than the

of fixed ports, there are no other differences between the SMC6128PL2

number and SMC6152L2. following page.

3-2

The panel graphics for both switch types are shown on the

Panel Display

SMC6152PL2

SMC6128PL2

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.

Table 3-1 Configuration Options

Button Action

Revert Cancels specified values and restores current values prior to pressing Apply.

Apply Sets specified values to the system.

Help Links directly to webhelp.

Notes: 1.

To ensure proper screen refresh, be sure that Internet Explorer is configured so that the setting “Check for newer versions of stored pages” reads “Every visit to the page”. Internet Explorer 6.x and earlier: This option is available under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings”. Internet Explorer 7.x: This option is available under “Tools / Internet Options / General / Browsing History / Settings / Temporary Internet Files”.

2. You may have to manually refresh the screen after making configuration

changes by pressing the browser’s refresh button.

Panel Display

The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex, or Flow Control (i.e., with or without flow control). Clicking on the image of a port opens the Port Configuration page as described on page 3-157.

Figure 3-2 Panel Display

3-3

Configuring the Switch

Main Menu

Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.

Table 3-2 Main Menu

Menu Description Page

System 3-13

System Information Provides basic system description, including contact information 3-13

Switch Information Shows the number of ports, hardware/firmware version

Bridge Extension Configuration

IP Configuration Sets the IP address for management access 3-18

Jumbo Frames Enables jumbo frame packets. 3-21

File Management 3-22

Auto Operation Code Upgrade

Copy Operation Allows the transfer and copying of files 3-22

HTTP Upgrade Copies operation code or configuration files from management

HTTP Download Copies operation code or configuration files from the switch to

Delete Allows deletion of files from the flash memory 3-26

Set Start-Up Sets the startup file 3-26

Line 3-32

Console Sets console port connection parameters 3-32

Telnet Sets Telnet connection parameters 3-34

Log 3-36

Logs Stores and displays error messages 3-36

System Logs Sends error messages to a logging process 3-36

Remote Logs Configures the logging of messages to a remote logging process 3-37

SMTP Sends an SMTP client message to a participating server. 3-39

Reset Restarts the switch 3-41

SNTP Simple Network Time Protocol 3-42

Current Time Manually sets the current time 3-43

Configuration Configures SNTP and NTP client settings, including broadcast

numbers, and power status

Shows the bridge extension parameters 3-17

Automatically upgrades operation code if a newer version is found on the server

station to the switch

the management station

mode, authentication parameters or a specified list of servers

3-15

3-22

3-30

3-43

3-4

Main Menu

Table 3-2 Main Menu (Continued)

Menu Description Page

Time Zone Sets the local time zone for the system clock 3-46

Summer Time Configures summer time settings 3-47

SNMP Simple Network Management Protocol 3-49

Configuration Configures community strings and related trap functions 3-51

Agent Status Enables or disables SNMP Agent Status 3-51

SNMPv3 3-55

Engine ID Sets the SNMP v3 engine ID on this switch 3-55

Remote Engine ID Sets the SNMP v3 engine ID for a remote device 3-56

Users Configures SNMP v3 users on this switch 3-57

Remote Users Configures SNMP v3 users from a remote device 3-59

Groups Configures SNMP v3 groups 3-61

Views Configures SNMP v3 views 3-64

sFlow Samples traffic flows, and forwards data to designated collector 3-65

Configuration Globally enables flow sampling, enables sampling per port, and

Port Configuration Sets destination parameters, payload parameters, and sampling

Security 3-70

User Accounts Assigns a new password for the current user 3-70

Authentication Settings Configures authentication sequence, RADIUS and TACACS 3-72

Encryption Key Configures RADIUS and TACACS encryption key settings 3-75

AAA Authentication, Authorization and Accounting 3-76

RADIUS Group Settings Defines the configured RADIUS servers to use for accounting 3-77

TACACS+ Group Settings Defines the configured TACACS+ servers to use for accounting 3-78

Accounting

Settings Configures accounting of requested services for billing or

Periodic Update Sets the interval at which accounting updates are sent to

802.1X Port Settings Applies the specified accounting method to an interface 3-81

Command Privileges Specifies a method name to apply to commands entered at

Exec Settings Specifies console or Telnet authentication method 3-83

Summary Displays accounting information and statistics 3-83

sets the sampling rate per port

interval

security purposes

RADIUS AAA servers

specific CLI privilege levels

3-66

3-68

3-78

3-80

3-82

3-5

Configuring the Switch

Table 3-2 Main Menu (Continued)

Menu Description Page

Authorization 3-85

Settings Configures authorization of requested services 3-85

EXEC Settings Specifies console or Telnet authorization method 3-86

Summary Displays authorization information 3-87

HTTPS Settings Configures secure HTTP settings 3-88

SSH Secure Shell 3-90

Settings Configures Secure Shell server settings 3-90

Host-Key Settings Generates the host key pair (public and private) 3-93

User Public-Key Settings Imports and manages user RSA and DSA public keys 3-95

Port Security Configures per port security, including status, response for

802.1X Port authentication 3-99

Information Displays global configuration settings for 802.1X Port

Configuration Configures the global configuration settings 3-101

Port Configuration Sets parameters for individual ports 3-101

Statistics Displays protocol statistics for the selected port 3-104

Web Authentication 3-110

Configuration Configures Web Authentication settings 3-111

Port Configuration Enables Web Authentication for individual ports 3-112

Port Information Displays status information for individual ports 3-113

Re-authentication Forces a host to re-authenticate itself immediately 3-113

Network Access 3-114

Configuration Configures global Network Access parameters 3-116

Port Configuration Configures Network Access parameters for individual ports 3-117

Port Link Detection Configuration

MAC Address Information Displays Network Access statistics sorted by various attributes 3-120

MAC Filter Configuration Filters Network Access authentication by MAC address 3-121

ACL Access Control Lists 3-123

Configuration Configures packet filtering based on IP or MAC addresses 3-123

Port Binding Binds a port to the specified ACL 3-135

security breach, and maximum allowed MAC addresses

authentication

Configures Port Link Detection parameters 3-119

3-109

3-101

3-6

Main Menu

Table 3-2 Main Menu (Continued)

Menu Description Page

ARP Inspection Validates the MAC-to-IP address bindings in ARP packets 3-136

Configuration Enables inspection globally and per VLAN, specifies ACL filter

Information Displays information on results of inspection process 3-135

IP Filter Sets IP addresses of clients allowed management access via

Port 3-155

Port Information Displays port connection status 3-155

Trunk Information Displays trunk connection status 3-155

Port Configuration Configures port connection settings 3-157

Trunk Configuration Configures trunk connection settings 3-157

Trunk Membership Specifies ports to group into static trunks 3-161

LACP Link Aggregation Control Protocol 3-162

Configuration Allows ports to dynamically join trunks 3-162

Aggregation Port Configures parameters for link aggregation group members 3-164

Aggregation Group Configures the administration key for specific LACP groups 3-166

Port Counters Information Displays statistics for LACP protocol messages 3-167

Port Internal Information Displays settings and operational state for the local side 3-168

Port Neighbors Information Displays settings and operational state for the remote side 3-170

Port Broadcast Control Sets the broadcast storm threshold for each port 3-172

Trunk Broadcast Control Sets the broadcast storm threshold for each trunk 3-172

Port Multicast Control Sets the multicast storm threshold for each port 3-172

Trunk Multicast Control Sets the multicast storm threshold for each trunk 3-172

Port Unknown Unicast Control Sets the unknown unicast storm threshold for each port 3-172

Trunk Unknown Unicast Control

Mirror Port Configuration Sets the source and target ports for mirroring 3-177

MAC Mirror Configuration Sets a MAC address for packets to be mirrored from any source

Rate Limit 3-179

Input Port Configuration Sets the input rate limit for each port 3-179

Input Trunk Configuration Sets the input rate limit for each trunk 3-179

Output Port Configuration Sets the output rate limit for ports 3-179

containing address bindings, configures validation of additional address components, sets trust mode for ports, and sets rate limit for packet inspection

the web, SNMP, and Telnet

Sets the unknown unicast storm threshold for each trunk 3-172

port other thn the target port to the specified destination port

3-123

3-106

3-178

3-7

Configuring the Switch

Table 3-2 Main Menu (Continued)

Menu Description Page

Output Trunk Configuration Sets the output rate limit for trunks 3-179

Port Statistics Lists Ethernet and RMON port statistics 3-180

PoE 3-184

Power Status Displays the status of global power parameters 3-185

Power Config Configures the power budget for the switch 3-186

Power Port Status Displays the status of port power parameters 3-186

Power Port Config Configures port power parameters 3-187

Address Table 3-189

Static Addresses Displays entries for interface, address or VLAN 3-189

Dynamic Addresses Displays or edits static entries in the Address Table 3-190

Address Aging Sets timeout for dynamically learned entries 3-191

Spanning Tree 3-192

Port Loopback Detection Configures Port Loopback Detection parameters 3-195

Trunk Loopback Detection Configures Trunk Loopback Detection parameters 3-195

STA 3-192

Information Displays STA values used for the bridge 3-195

Configuration Configures global bridge settings for STA and RSTP 3-198

Port Information Displays individual port settings for STA 3-202

Trunk Information Displays individual trunk settings for STA 3-202

Port Configuration Configures individual port settings for STA 3-205

Trunk Configuration Configures individual trunk settings for STA 3-205

Port Edge Port Configuration

Trunk Edge Port Configuration

MSTP 3-210

VLAN Configuration Configures priority and VLANs for a spanning tree instance 3-210

Port Information Displays port settings for a specified MST instance 3-213

Trunk Information Displays trunk settings for a specified MST instance 3-213

Port Configuration Configures port settings for a specified MST instance 3-215

Trunk Configuration Configures trunk settings for a specified MST instance 3-215

VLAN 3-216

802.1Q VLAN 3-216

Sets an interface to function as an edge port, either manually or by automatic configuration

3-215

3-8

Main Menu

Table 3-2 Main Menu (Continued)

Menu Description Page

GVRP Status Enables GVRP on the switch 3-219

Basic Information Displays information on the VLAN type supported by this switch 3-220

Current Table Shows the current port members of each VLAN and whether or

Static List Used to create or remove VLAN groups 3-222

Static Table Modifies the settings for an existing VLAN 3-224

Static Membership by Port Configures membership type for interfaces, including tagged,

Port Configuration Specifies default PVID and VLAN attributes 3-227

Trunk Configuration Specifies default trunk VID and VLAN attributes 3-227

Tunnel Port Configuration Adds an interface to a QinQ Tunnel 3-234

Tunnel Trunk Configuration Adds an interface to a QinQ Tunnel 3-234

Traffic Segmentation Configures traffic segmentation for different client sessions

Status Enables traffic segmentation, and blocks or forwards traffic

Session Configuration Creates a client session, and assigns the downlink and uplink

Private VLAN 3-238

Information Displays Private VLAN feature information 3-238

Configuration This page is used to create/remove primary or community

Association Each community VLAN must be associated with a primary VLAN 3-240

Port Information Shows VLAN port type, and associated primary or secondary

Trunk Information Shows VLAN port type, and associated primary or secondary

Port Configuration Sets the private VLAN interface type, and associates the

Trunk Configuration Sets the private VLAN interface type, and associates the

Protocol VLAN 3-243

Configuration Configures protocol VLANs 3-244

System Configuration Configures protocol VLAN system parameters 3-245

VLAN Mirror Configuration Sets source VLANs and a target port for mirroring 3-246

IP Subnet VLAN 3-247

Configuration Maps IP subnet traffic to a VLAN 3-247

not the port is tagged or untagged

untagged or forbidden

based on specified downlink and uplink ports

between uplink ports assigned to different client sessions

ports to service the traffic

VLANs

interfaces with a private VLAN

3-221

3-226

3-236

3-237

3-239

3-241

3-242

3-9

Configuring the Switch

Table 3-2 Main Menu (Continued)

Menu Description Page

MAC Based VLAN 3-248

Configuration Maps traffic with specified source MAC address to a VLAN 3-248

LLDP 3-249

Configuration Configures global LLDP timing parameters 3-249

Port Configuration Configures parameters for individual ports 3-251

Trunk Configuration Configures parameters for trunks 3-251

Local Information Displays LLDP information about the local device 3-254

Remote Port Information Displays LLDP information about a remote device connected to

Remote Trunk Information Displays LLDP information about a remote device connected to

Remote Information Details Displays detailed LLDP information about a remote device

Device Statistics Displays LLDP statistics for all connected remote devices 3-260

Device Statistics Details Displays LLDP statistics for remote devices on a selected port or

Priority 3-263

Default Port Priority Sets the default priority for each port 3-263

Default Trunk Priority Sets the default priority for each trunk 3-263

Traffic Classes Maps IEEE 802.1p priority tags to output queues 3-265

Traffic Classes Status Enables/disables traffic class priorities (not implemented) NA

Queue Mode Sets queue mode to strict priority or Weighted Round-Robin 3-266

Queue Scheduling Configures Weighted Round Robin queueing 3-267

IP DSCP Priority Status Globally selects DSCP Priority, or disables it. 3-269

IP DSCP Priority Sets IP Differentiated Services Code Point priority, mapping a

QoS 3-272

DiffServ 3-272

Class Map Sets Class Maps 3-273

Policy Map Sets Policy Maps 3-275

Service Policy Defines service policy settings for ports 3-278

VoIP Traffic Setting 3-279

Configuration VoIP Traffic Setting Configuration 3-279

Port Configuration Configures VoIP Traffic Settings for ports 3-280

a port on this switch

a trunk on this switch

connected to this switch

trunk

DSCP tag to a class-of-service value

3-257

3-258

3-261

3-270

3-10

Main Menu

Table 3-2 Main Menu (Continued)

Menu Description Page

OUI Configuration Defines OUI settings 3-282

IGMP Snooping 3-285

IGMP Configuration Enables multicast filtering; configures parameters for multicast

IGMP Immediate Leave Enables the immediate leave function 3-288

Multicast Router Port Information

Static Multicast Router Port Configuration

IP Multicast Registration Table

IGMP Member Port Table Indicates multicast addresses associated with the selected

IGMP Filter Configuration Configures IGMP filtering 3-294

IGMP Filter Profile Configuration

IGMP Filter/Throttling Port Configuration

IGMP Filter/Throttling Trunk Configuration

MVR 3-299

Configuration Globally enables MVR, sets the MVR VLAN, adds multicast

Port Information Displays MVR interface type, MVR operational and activity

Trunk Information Displays MVR interface type, MVR operational and activity

Group IP Information Displays the ports attached to an MVR multicast stream 3-303

Port Configuration Configures MVR interface type and immediate leave status 3-304

Trunk Configuration Configures MVR interface type and immediate leave status 3-304

Group Member Configuration Statically assigns MVR multicast streams to an interface 3-306

Receiver Configuration Permits forwarding of tagged multicast traffic by specifying MVR

Receiver Group IP Information

Receiver Group Member Configuration

query

Displays the ports that are attached to a neighboring multicast router for each VLAN ID

Assigns ports that are attached to a neighboring multicast router 3-291

Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID

VLAN

Configures IGMP Filter Profiles 3-294

Configures IGMP Filtering and Throttling for ports 3-294

Configures IGMP Filtering and Throttling for trunks 3-294

stream addresses

status, and immediate leave status

receiver VLAN and MVR receiver groups

Displays ports assigned to MVR receiver groups 3-308

Statically assigns MVR receiver groups to selected ports 3-309

3-286

3-290

3-292

3-293

3-300

3-302

3-307

3-11

Configuring the Switch

Table 3-2 Main Menu (Continued)

Menu Description Page

DNS Domain Name Service 3-310

General Configuration Enables DNS; configures domain name and domain list; and

Static Host Table Configures static entries for domain name to address mapping 3-312

Cache Displays cache entries discovered by designated name servers 3-314

DHCP Snooping 3-143

Configuration Enables DHCP Snooping and DHCP Snooping MAC-Address

VLAN Configuration Enables DHCP Snooping for a VLAN 3-145

Information Option Configuration

Port Configuration Selects the DHCP Snooping Information Option policy 3-147

Binding Information Displays the DHCP Snooping binding information 3-149

IP Source Guard 3-150

Port Configuration Enables IP source guard and selects filter type per port 3-150

Static Configuration Adds a static addresses to the source-guard binding table 3-152

Dynamic Information Displays the source-guard binding table for a selected interface 3-154

UPNP Universal Plug and Play 3-320

Configuration Enables UPNP and defines timeout values 3-320

Cluster 3-315

Configuration Globally enables clustering for the switch 3-315

Member Configuration Adds switch Members to the cluster 3-317

Member Information Displays cluster Member switch information 3-318

Candidate Information Displays network Candidate switch information 3-319

specifies IP address of name servers for dynamic lookup

Verification

Enables DHCP Snooping Information Option 3-146

3-310

3-144

3-12

Basic Configuration

This section describes the basic functions required to set up management access to the switch, display or upgrade operating software, or reset the system.

Displaying System Information

You can easily identify the system by displaying the device name, location and contact information.

Field Attributes

• System Name – Name assigned to the switch system.

• Object ID – MIB II object ID for switch’s network management subsystem.

• Location – Specifies the system location.

• Contact – Administrator responsible for the system.

• System Up Time – Length of time the management agent has been up.

These additional parameters are displayed for the CLI.

• MAC Address – The physical layer address for this switch.

• Web Server – Shows if management access via is enabled.

• Web Server Port – Shows the TCP port number used by the web interface.

• Web Secure Server – Shows if management access via HTTPS is enabled.

• Web Secure Server Port – Shows the TCP port used by the HTTPS interface.

• Telnet Server – Shows if management access via Telnet is enabled.

• Telnet Server Port – Shows the TCP port used by the Telnet interface.

• Authentication Login – Shows the user login authentication sequence.

• Jumbo Frame – Shows if jumbo frames are enabled.

• POST result – Shows results of the power-on self-test.

3-13

Configuring the Switch

Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows access to the Command Line Interface via Telnet.)

Figure 3-3 System Information

CLI – Specify the hostname, location and contact information.

Console(config)#hostname R&D 5 4-18 Console(config)#snmp-server location WC 9 4-92 Console(config)#snmp-server contact Ted 4-91 Console(config)#exit Console#show system 4-33 System Description: 24 Fast Ethernet + 2 Giga + 2 ComboG L2/L4 PoE Standalone switch System OID string : 1.3.6.1.4.1.202.20.65 System Information System Up Time: 0 days, 0 hours, 38 minutes, and 44.16 seconds System Name : R&D 5 System Location : WC 9 System Contact : Ted MAC Address (Unit1): 00-01-02-03-0A-0A Web Server: Enabled Web Server Port: 80 Web Secure Server: Enabled Web Secure Server Port: 443 Telnet Server: Enable Telnet Server Port: 23 Jumbo Frame: Disabled

DUMMY Test 1 ................. PASS

UART Loopback Test ........... PASS

DRAM Test .................... PASS

Timer Test ................... PASS

Console#

3-14

Basic Configuration

Displaying Switch Hardware/Software Versions

Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system.

Field Attributes

Main Board

• Serial Number – The serial number of the switch.

• Number of Ports – Number of built-in RJ-45 ports.

• Hardware Version – Hardware version of the main board.

• Chip Device ID – Identifier for basic MAC/Physical Layer switch chip.

• Internal Power Status – Displays the status of the internal power supply.

Management Software

• EPLD Version – Version number of the Electronically Programmable Logic Device

code.

• Loader Version – Version number of loader code.

• Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code.

• Operation Code Version – Version number of run-time code.

• Role – Shows that this switch is operating as Master or Slave.

Web – Click System, Switch Information.

Figure 3-4 Switch Information

3-15

Configuring the Switch

CLI – Use the following command to display version information.

Console#show version 4-34 Unit 1 Serial Number: A749023132 Hardware Version: R01 Chip Device ID: Marvell 98DX106-B0, 88E6095[F] EPLD Version: 0.02 Number of Ports: 28 Main Power Status: Up Redundant Power Status: Not present

Agent (Master) Unit ID: 1 Loader Version: 1.0.2.2 Boot ROM Version: 1.0.3.5 Operation Code Version: 1.3.5.2

Console#

3-16

Basic Configuration

Displaying Bridge Extension Capabilities

The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables.

Field Attributes

• Extended Multicast Filtering Services – This switch does not support the filtering

of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).

• Traffic Classes – This switch provides mapping of user priorities to multiple traffic

classes. (Refer to Class of Service Configuration on page 3-263.)

• Static Entry Individual Port – This switch allows static filtering for unicast and

multicast addresses. (Refer to Setting Static Addresses on page 3-189.)

• VLAN Learning – This switch uses Independent VLAN Learning (IVL), where each

port maintains its own filtering database.

• Configurable PVID Tagging – This switch allows you to override the default Port

VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to VLAN Configuration on page 3-216.)

• Local VLAN Capable – This switch does not support multiple local bridges outside

of the scope of 802.1Q defined VLANs.

• GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to

register endstations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering.

Web – Click System, Bridge Extension Configuration.

Figure 3-5 Bridge Extension Configuration

3-17

Configuring the Switch

CLI – Enter the following command.

Console#show bridge-ext 4-301 Max support VLAN numbers: 256 Max support VLAN ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Disabled GMRP: Disabled Console#

Setting the Switch's IP Address

This section describes how to configure an IP interface for management access over the network. The IP address for the stack is obtained via DHCP by default. To manually configure an address, you need to change the switch’s default settings to values that are compatible with your network. You may also need to a establish a default gateway between the stack and management stations that exist on another network segment.

You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.

Command Attributes

• Management VLAN – ID of the configured VLAN (1-4094). By default, all ports on the switch are members of VLAN 1. However, the management station can be attached to a port belonging to any VLAN, as long as that VLAN has been assigned an IP address.

• IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configuration Protocol (DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the server. Requests will be broadcast periodically by the switch for an IP address. (DHCP/BOOTP values can include the IP address, subnet mask, and default gateway.)

• IP Address – Address of the VLAN that is allowed management access. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. (Default: 0.0.0.0)

• Subnet Mask – This mask identifies the host address bits used for routing to specific subnets. (Default: 255.0.0.0)

• Gateway IP Address – IP address of the gateway router between this device and

• management stations that exist on other network segments. (Default: 0.0.0.0)

• MAC Address – The physical layer address for this switch.

3-18

Basic Configuration

Manual Configuration

Web – Click System, IP Configuration. Select the VLAN through which the management station is attached, set the IP Address Mode to “Static,” enter the IP address, subnet mask and gateway, then click Apply.

Figure 3-6 Manual IP Configuration

CLI – Specify the management interface, IP address and default gateway.

Console#config Console(config)#interface vlan 1 4-221 Console(config-if)#ip address 192.168.1.1 255.255.255.0 4-412 Console(config-if)#exit Console(config)#ip default-gateway 0.0.0.0 4-413 Console(config)#

3-19

Configuring the Switch

Using DHCP/BOOTP

If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services.

Web – Click System, IP Configuration. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes.

Figure 3-7 DHCP IP Configuration

Note: If you lose your management connection, use a console connection and enter

“show ip interface” to determine the new switch address.

CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart” command.

Console#config Console(config)#interface vlan 1 4-221 Console(config-if)#ip address dhcp 4-412 Console(config-if)#end Console#ip dhcp restart 4-414 Console#show ip interface 4-414 IP Address and Netmask: 192.168.1.1 255.255.255.0 on VLAN 1, Address Mode: User specified Console#

3-20

Basic Configuration

Renewing DHCP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service via the CLI.

Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web interface. You can only restart DHCP service via the web interface if the current address is still available.

CLI – Enter the following command to restart DHCP service.

Console#ip dhcp restart 4-414 Console#

Enabling Jumbo Frames

The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 10 KB for the Gigabit Ethernet ports. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.

Command Usage

To use jumbo frames, both the source and destination end nodes (such as a computer or server) must support this feature. Also, when the connection is operating at full duplex, all switches in the network between the two end nodes must be able to accept the extended frame size. And for half-duplex connections, all devices in the collision domain would need to support jumbo frames.

Command Attributes

• Jumbo Packet Status – Check the box to enable jumbo frames.

(Default: Disabled)

Web – Click System, Jumbo Frames

Figure 3-8 Jumbo Frames Configuration

CLI – This example enables jumbo frames globally for the switch.

Console#config Console(config)#jumbo frame Console(config)#

3-21

Configuring the Switch

Managing Firmware

You can upload/download firmware to or from an FTP or TFTP server. Just specify the method of file transfer, along with the file type and file names as required. By saving run-time code to a file on an FTP or TFTP server, that file can later be downloaded to the switch to restore operation.

Note:

You can also download and upload files to the switch using HTTP, see Uploading and Downloading Files Using HTTP on page 3-30.

Only two copies of the system software (i.e., the run-time firmware) can be stored in the file directory on the switch. When downloading run-time code, the destination file name can be specified to replace the current run-time code file, or the file can be first downloaded using a different name from the current run-time code file, and then the new file set as the startup file.

Command Attributes

• File Transfer Method – The firmware copy operation includes these options:

- file to file – Copies a file within the switch directory, assigning it a new name.

- file to tftp – Copies a file from the switch to a TFTP server.

- tftp to file – Copies a file from a TFTP server to the switch.

- file to ftp – Copies a file from the switch to an FTP server.

- ftp to file – Copies a file from an FTP server to the switch.

• TFTP/FTP Server IP Address – The IP address of an FTP or TFTP server.

• User Name – The user name for FTP server access.

• Password – The password for FTP server access.

• File Type – Specify opcode (operational code) to copy firmware.

• File Name – the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Note:

Up to two copies of the system software (i.e., the run-time firmware) can be stored in the file directory on the switch. The currently designated startup version of this file cannot be deleted.

The file name should not contain slashes (\ or /),

the leading letter of

Automatic Operation Code Upgrade

The system can be configured to automatically download an operation code file when a file newer than the currently installed one is discovered on the file server. After the file is transferred from the server and successfully written to the file system, it is automatically set as the startup file, and the switch is rebooted.

Command Usage

• If this feature is enabled, the switch searches the defined URL once during the bootup sequence.

• FTP (port 21) and TFTP (port 69) are both supported. Note that the TCP/UDP port bindings cannot be modified to support servers listening on non-standard ports.

3-22

Basic Configuration

• The host portion of the upgrade file location URL must be a valid IPv4 IP address.

DNS host names are not recognized. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.

• The path to the directory must also be defined. If the file is stored in the root

directory for the FTP/TFTP service, then use the “/” to indicate this (e.g., ftp://192.168.0.1/).

• The file name must not be included in the upgrade file location URL. The file name

of the code stored on the remote server must be runtime.bix (using lower case letters exactly as indicated here).

• The FTP connection is made with PASV mode enabled. PASV mode is needed to

traverse some fire walls, even if FTP traffic is not blocked. PASV mode cannot be disabled.

• The switch-based search function is case-insensitive in that it will accept a file

name in upper or lower case (i.e., the switch will accept

SMC6128_52PL2_op_V1.3.5.2.BIX from the server even though SMC6128_52PL2_op_V1.3.5.2.bix was requested). However, keep in mind that

the file systems of many operating systems such as Unix and most Unix-like systems (FreeBSD, NetBSD, OpenBSD, and most Linux distributions, etc.) are case-sensitive, meaning that two files in the same directory, SMC6128_52PL2_op_V1.3.5.2.bix and SMC6128_52PL2_op_V1.3.5.2.BIX are considered to be unique files. Thus, if the upgrade file is stored as SMC6128_52PL2_op_V1.3.5.2.BIX (or even SMC6128_52PL2_op_V1.3.5.2.bix) on a case-sensitive server, then the switch (requesting runtime.bix) will not be upgraded because the server does not recognize the requested file name and the stored file name as being equal. A notable exception in the list of case-sensitive Unix-like operating systems is Mac OS X, which by default is case-insensitive. Please check the documentation for your server’s operating system if you are unsure of its file system’s behavior.

Note that the switch itself does not distinguish between upper and lower-case file names, and only checks to see if the file stored on the server is more recent than the current runtime image.

• If two operation code image files are already stored on the switch’s file system,

then the non-startup image is deleted before the upgrade image is transferred.

• If the startup operation code file is named SMC6128_52PL2_op_V1.3.5.2.bix, then

the upgrade image will be stored as op1.bix, and the next upgrade image as op2.bix.

• The automatic upgrade process will take place in the background without impeding

normal operations (data switching, etc.) of the switch.

• During the automatic search and transfer process, the administrator cannot

transfer or update another operation code image, configuration file, public key, or HTTPS certificate (i.e., no other concurrent file management operations are possible).

• The upgrade operation code image is set as the startup image after it has been

successfully written to the file system.

3-23

Configuring the Switch

• The switch will send an SNMP trap and make a log entry upon all upgrade successes and failures.

• The switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image.

Command Attributes

• Automatic Opcode Upgrade – Enables the switch to search for an upgraded operation code file during the switch bootup process.

- Enabled check box – Defines the state of this feature. (Default: Disabled)

• Automatic Upgrade Location URL – Defines where the switch should search for the operation code upgrade file. The last character of this URL must be a forward slash (“/”). The runtime.bix filename must not be included since it is automatically appended by the switch. (Options: ftp, tftp) The following syntax must be observed:

tftp://host[/filedir]/

tftp:// – Defines TFTP protocol for the server connection.

host – Defines the IP address of the TFTP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. DNS hostnames are not recognized. filedir – Defines the directory, relative to the TFTP server root, where the upgrade file can be found. Nested directory structures are accepted. The directory name must be separated from the host, and in nested directory structures, from the parent directory, with a prepended forward slash “/”. / – The forward slash must be the last character of the URL.

ftp://[username[:password@]]host[/filedir]/

ftp:// – Defines FTP protocol for the server connection.

username – Defines the user name for the FTP connection. If the user name is omitted, then “anonymous” is the assumed user name for the connection. password – Defines the password for the FTP connection. To differentiate the password from the user name and host portions of the URL, a colon (:) must precede the password, and an “at” symbol (@), must follow the password. If the password is omitted, then “” (an empty string) is the assumed password for the connection. host – Defines the IP address of the FTP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. DNS hostnames are not recognized. filedir – Defines the directory, relative to the FTP server root, where the upgrade file can be found. Nested directory structures are accepted. The directory name must be separated from the host, and in nested directory structures, from the parent directory, with a prepended forward slash “/”. / – The forward slash must be the last character of the URL.

3-24

Basic Configuration

Examples

• The following examples demonstrate the URL syntax for a TFTP server at IP

address 192.168.0.1 with the operation code image stored in various locations:

- tftp://192.168.0.1/ The image file is in the TFTP root directory.

- tftp://192.168.0.1/switch-opcode/ The image file is in the “switch-opcode” directory, relative to the TFTP root.

- tftp://192.168.0.1/switches/opcode/ The image file is in the “opcode” directory, which is within the “switches” parent directory, relative to the TFTP root.

• The following examples demonstrate the URL syntax for an FTP server at IP address 192.168.0.1 with various user name, password and file location options presented:

- ftp://192.168.0.1/

The user name and password are empty, so “anonymous” will be the user name and the password will be blank. The image file is in the FTP root directory.

- ftp://switches:upgrade@192.168.0.1/

The user name is “switches” and the password is “upgrade”. The image file is in the FTP root.

- ftp://switches:upgrade@192.168.0.1/switches/opcode/

The user name is “switches” and the password is “upgrade”. The image file is in the “opcode” directory, which is within the “switches” parent directory, relative to the FTP root.

Web –Click System, File Management, Automatic Operation Code Upgrade. Check the Automatic Opcode Upgrade box, enter the URL of the FTP or TFTP server, the path and directory containing the operation code, and click Apply.

Figure 3-9 Configuring Automatic Code Upgrade

CLI – This example specifies the URL of a TFTP server, and the directory containing the new operation code.

Console(config)#upgrade opcode auto 4-42 Console(config)#upgrade opcode path tftp://192.168.0.1/SMC/ 4-43 Console(config)#

3-25

Configuring the Switch

If a new image is found at the specified location, the following type of messages will be displayed during bootup.

. . .

Automatic Upgrade is looking for a new image New image detected: current version 1.1.1.0; new version 1.3.5.2 Image upgrade in progress The switch will restart after upgrade succeeds Downloading new image Flash programming started Flash programming completed The switch will now restart

. . .

Downloading System Software from a Server

When downloading run-time code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current run-time code file, and then set the new file as the startup file.

Web –Click System, File Management, Copy Operation. Select “tftp to file” as the file transfer method, enter the IP address of the TFTP server, set the file type to “opcode,” enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click Apply. If you replaced the current firmware used for startup and want to start using the new operation code, reboot the system via the System/Reset menu.

3-26

Figure 3-10 Copy Firmware

Basic Configuration

If you download to a new destination file, go to the System/File/Set Start-Up menu, mark the operation code file used at startup, and click Apply. To start the new firmware, reboot the system via the System/Reset menu.

Figure 3-11 Setting the Startup Code

To delete a file, select System, File, Delete. Select the file name from the given list by checking the tick box and click Apply. Note that t

startup code cannot be deleted.

he file currently designated as the

Figure 3-12 Deleting Files

CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “opcode” as the file type, then enter the source and destination file names. When the file has finished downloading, set the new file to start up the system, and then restart the switch.

To start the new firmware, enter the “reload” command or reboot the system.

Console#copy tftp file 4-37 TFTP server ip address: 192.168.1.23 Choose file type:

1. config: 2. opcode: 4. diag: 5. loader: <1,2,4,5>: 2 Source file name: SMC6128_52PL2_op_V1.3.5.2.bix Destination file name: SMC6128_52PL2_op_V1.3.5.2 \Write to FLASH Programming.

-Write to FLASH finish. Success. Console#config Console(config)#boot system opcode:SMC6128_52PL2_op_V1.3.5.2 4-42 Console(config)#exit Console#reload 4-14

3-27

Configuring the Switch

Saving or Restoring Configuration Settings

You can upload/download configuration settings to/from an FTP/TFTP server. The configuration files can be later downloaded to restore the switch’s settings.

Command Attributes

• File Transfer Method – The configuration copy operation includes these options:

- file to file – Copies a file within the switch directory, assigning it a new name.

- file to ftp – Copies a file from the switch to an FTP server.

- file to running-config – Copies a file in the switch to the running configuration.

- file to startup-config – Copies a file in the switch to the startup configuration.

- file to tftp – Copies a file from the switch to a TFTP server.

- ftp to file – Copies a file from an FTP server to the switch.

- tftp to file – Copies a file from a TFTP server to the switch.

- ftp to running-config – Copies a file from an FTP server to the running config.

- ftp to startup-config – Copies a file from an FTP server to the startup config.

- running-config to file – Copies the running configuration to a file.

- running-config to ftp – Copies the running configuration to an FTP server.

- running-config to startup-config – Copies the running config to the startup config.

- running-config to tftp – Copies the running configuration to a TFTP server.

- startup-config to file – Copies the startup configuration to a file on the switch.

- startup-config to ftp – Copies the startup configuration to an FTP server.

- startup-config to running-config – Copies the startup config to the running config.

- startup-config to tftp – Copies the startup configuration to a TFTP server.

- ttftp to file – Copies a file from a TFTP server to the switch.

- tftp to running-config – Copies a file from a TFTP server to the running config.

- tftp to startup-config – Copies a file from a TFTP server to the startup config.

• FTP/TFTP Server IP Address – The IP address of an FTP or TFTP server.

• User Name – The user name for FTP server access.

• Password – The password for FTP server access.

• File Type – Specify config (configuration) to copy configuration settings.

•

File Name

the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Note:

— The file name should not contain slashes (\ or /),

The maximum number of user-defined configuration files is limited only by available flash memory space.

the leading letter of

Command Usage

• FTP (port 21) and TFTP (port 69) are both supported.

• The server’s location must be specified as a valid IPv4 IP address. DNS hostnames are not recognized. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.

3-28

Basic Configuration

Downloading Configuration Settings from a Server

You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg” can be copied to the TFTP server, but cannot be used as the destination on the switch.

Web – Click System, File Management, Copy Operation. Select “tftp to startup-config” or “tftp to file” and enter the IP address of the TFTP server. If you download from an FTP server, enter the user name and password for an account on the server. Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name, then click Apply.

Figure 3-13 Downloading Configuration Settings for Startup

If you download to a new file name using ftp/tftp to startup-config or ftp/tftp to file, the file is automatically set as the start-up configuration file. To use the new settings, reboot the system via the System/Reset menu.

Note:

You can also select any configuration file as the start-up configuration by using the System/File/Set Start-Up page.

Figure 3-14 Setting the Startup Configuration Settings

3-29

Configuring the Switch

CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch.

Console#copy tftp startup-config 4-37 TFTP server ip address: 192.168.1.1 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming.

-Write to FLASH finish. Success.

Console#reload

To select another configuration file as the start-up configuration, use the boot system command and then restart the switch.

Console#config Console(config)#boot system config: startup-new 4-42 Console(config)#exit Console#reload 4-14

Uploading and Downloading Files Using HTTP

In addition to performing copy operations to and from an FTP or TFTP server, the switch can upload or download files to the web management station using HTTP.

Both switch operation code files and configuration files can be uploaded/ downloaded using HTTP.

Command Attributes

• File Type – Specify opcode (operation code) to copy a firmware file, or config (configuration) to copy a switch configuration file.

• Source File Name – management station. The file name should not contain slashes (\ or /), letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

• Destination File Name – Select an existing file on the switch to overwrite, or specify a new file name.

Use the Browse button to locate the file on the web

the leading

3-30

Basic Configuration

Web – To upload files using HTTP: Click System, File Management, HTTP Upgrade. Select “opcode” or “config” as the file type and then use the Browse button to locate the file on the local web management station. Specify the name of a file on the switch to overwrite or specify a new file name, then click Apply.

Figure 3-15 Uploading Files Using HTTP

Web – To download files using HTTP: Click System, File Management, HTTP Download. Select an operation code file or configuration file on the switch to download to the web management station. Click Apply.

Figure 3-16 Downloading Files Using HTTP

3-31

Configuring the Switch

Console Port Settings

You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port. Management access through the console port is controlled by various parameters, including a password, timeouts, and basic communication settings. These parameters can be configured via the web or CLI interface.

Command Attributes

• Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 0-300 seconds; Default: 0 seconds)

• Exec Timeout – Sets the interval that the system waits until user input is detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 0-65535 seconds; Default: 600 seconds)

• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts)

• Silent Time – Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded. (Range: 0-65535; Default: 0)

• Data Bits – Sets the number of data bits per character that are interpreted and generated by the console port. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character. (Default: 8 bits)

• Parity – Defines the generation of a parity bit. Communication protocols provided by some terminals can require a specific parity bit setting. Specify Even, Odd, or None. (Default: None)

• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match the baud rate of the device connected to the serial port. (Range: 9600, 19200, or 38400 baud; Default: 9600 baud)

• Stop Bits – Sets the number of the stop bits transmitted per byte. (Range: 1-2; Default: 1 stop bit)

• Password started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. (Default: No password)

• Login single global password as configured for the Password parameter, or by passwords set up for specific user-name accounts. (Default: Local)

– Specifies a password for the line connection. When a connection is

– Enables password checking at login. You can select authentication by a

1. CLI only.

3-32

Basic Configuration

Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply.

Figure 3-17 Console Port Settings

CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level.

Console(config)#line console 4-45 Console(config-line)#login local 4-46 Console(config-line)#password 0 secret 4-47 Console(config-line)#timeout login response 0 4-48 Console(config-line)#exec-timeout 0 4-48 Console(config-line)#password-thresh 3 4-49 Console(config-line)#silent-time 60 4-50 Console(config-line)#databits 8 4-50 Console(config-line)#parity none 4-51 Console(config-line)#speed 19200 4-52 Console(config-line)#stopbits 1 4-52 Console(config-line)#end Console#show line console 4-56 Console Configuration: Password Threshold: 3 times Interactive Timeout: Disabled Login Timeout: Disabled Silent Time: Disabled Baudrate: 9600 Databits: 8 Parity: None Stopbits: 1 Console#

3-33

Configuring the Switch

Telnet Settings

You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other various parameters set, including the TCP port number, timeouts, and a password. These parameters can be configured via the web or CLI interface.

Command Attributes

• Telnet Status – Enables or disables Telnet access to the switch.

(Default: Enabled)

• Telnet Port Number – Sets the TCP port number for Telnet on the switch. (Default: 23)

• Password started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. (Default: No password)

• Login single global password as configured for the Password parameter, or by passwords set up for specific user-name accounts. (Default: Local)

– Specifies a password for the line connection. When a connection is

– Enables password checking at login. You can select authentication by a

2. CLI only.

3-34

Basic Configuration

Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.

Figure 3-18 Enabling Telnet

CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the current virtual terminal settings, use the show line command from the Normal Exec level.

Console(config)#line vty 4-45 Console(config-line)#login local 4-46 Console(config-line)#password 0 secret 4-47 Console(config-line)#timeout login response 300 4-48 Console(config-line)#exec-timeout 600 4-48 Console(config-line)#password-thresh 3 4-49 Console(config-line)#end Console#show line vty 4-56 VTY Configuration: Password Threshold: 3 times Interactive Timeout: 600 sec Login Timeout: 300 sec Console#

3-35

Configuring the Switch

Configuring Event Logging

The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages.

System Log Configuration

The system allows you to enable or disable event logging, and specify which levels are logged to RAM or flash memory.

Severe error messages that are logged to flash memory are permanently stored in the switch to assist in troubleshooting network problems. Up to 4096 log entries can be stored in the flash memory, with the oldest entries being overwritten first when the available log memory (256 kilobytes) has been exceeded.

The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory. The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM.

Command Attributes

• System Log Status – Enables/disables the logging of debug or error messages to the logging process. (Default: Enabled)

• Flash Level – Limits log messages saved to the switch’s permanent flash memory for all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be logged to flash. (Range: 0-7, Default: 3)

Table 3-3 Logging Levels

Level Severity Name Description

7 Debug Debugging messages

6 Informational Informational messages only

5 Notice Normal but significant condition, such as cold start

4 Warning Warning conditions (e.g., return false, unexpected return)

3 Error Error conditions (e.g., invalid input, default used)

2 Critical Critical conditions (e.g., memory allocation, or free memory

1 Alert Immediate action needed

0 Emergency System unusable

* There are only Level 2, 5 and 6 error messages for the current firmware release.

error - resource exhausted)

• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 7)

Note:

The Flash Level must be equal to or less than the RAM Level.

3-36

Basic Configuration

Web – Click System, Log, System Logs. Specify System Log Status, event messages to be logged to RAM and flash memory, then click Apply.

Figure 3-19 System Logs

CLI – Enable system logging and then specify the level of messages to be logged to RAM and flash memory. Use the show logging command to display the current settings.

Console(config)#logging on 4-57 Console(config)#logging history ram 0 4-58 Console(config)#end Console#show logging flash 4-61 Syslog logging: Enabled History logging in FLASH: level emergencies

set the level of

Remote Log Configuration

The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the event messages sent to only those messages below a specified level.

Command Attributes

• Remote Log Status – Enables/disables the logging of debug or error messages

to the remote logging process. (Default: Disabled)

• Logging Facility – Sets the facility type for remote logging of syslog messages.

There are eight facility types specified by values of 16 to 23. The facility type is used by the syslog server to dispatch log messages to an appropriate service.

The attribute specifies the facility type tag sent in syslog messages (see RFC 3164). This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to process messages, such as sorting or storing messages in the corresponding database. (Range: 16-23, Default: 23)

• Logging Trap – Limits log messages that are sent to the remote syslog server for

all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be sent to the remote server. (Range: 0-7, Default: 7)

• Host IP List – Displays the list of remote server IP addresses that receive the

syslog messages. The maximum number of host IP addresses allowed is five.

• Host IP Address – Specifies a new server IP address to add to the Host IP List.

3-37

Configuring the Switch

Web – Click System, Log, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP List, and then click Remove.

Figure 3-20 Remote Logs

CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap.

Console(config)#logging host 192.168.1.15 4-59 Console(config)#logging facility 23 4-59 Console(config)#logging trap 4 4-60 Console(config)#end Console#show logging trap 4-60 Syslog logging: Enabled REMOTELOG status: Enabled REMOTELOG facility type: local use 7 REMOTELOG level type: Warning conditions REMOTELOG server ip address: 192.168.1.15 REMOTELOG server ip address: 0.0.0.0 REMOTELOG server ip address: 0.0.0.0 REMOTELOG server ip address: 0.0.0.0 REMOTELOG server ip address: 0.0.0.0 Console#

3-38

Basic Configuration

Displaying Log Messages

The Logs page allows you to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory.

Web – Click System, Log, Logs.

Figure 3-21 Displaying Logs

CLI – This example shows the event message stored in RAM.

Console#show log ram 4-61 [1] 00:00:27 2001-01-01 "VLAN 1 link-up notification." level: 6, module: 5, function: 1, and event no.: 1 [0] 00:00:25 2001-01-01 "System coldStart notification." level: 6, module: 5, function: 1, and event no.: 1 Console#

Sending Simple Mail Transfer Protocol Alerts

To alert system administrators of problems, the switch can use SMTP (Simple Mail Transfer Protocol) to send email messages when triggered by logging events of a specified level. The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients.

Command Attributes

• Admin Status – Enables/disables the SMTP function. (Default: Enabled)

• Email Source Address – Sets the email address used for the “From” field in alert

messages. You may use a symbolic email address that identifies the switch, or the address of an administrator responsible for the switch.

• Severity – Sets the syslog severity threshold level (see table on page 3-36) used

to trigger alert messages. All events at this level or higher will be sent to the

3-39

Configuring the Switch

configured email recipients. For example, using Level 7 will report all events from level 7 to level 0. (Default: Level 7)

• SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to connect to the other listed servers if the first fails. Use the New SMTP Server text field and the Add/Remove buttons to configure the list.

• SMTP Server – Specifies a new SMTP server address to add to the SMTP Server List.

• Email Destination Address List – Specifies the email recipients of alert messages. You can specify up to five recipients. Use the New Email Destination Address text field and the Add/Remove buttons to configure the list.

• Email Destination Address – This command specifies SMTP servers that may receive alert messages.

Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an IP address to the SMTP Server List, type the new IP address in the SMTP Server field and click Add. To delete an IP address, click the entry in the Server IP List and click Remove. Specify up to five email addresses to receive the alert messages, and click Apply.

3-40

Figure 3-22 Enabling and Configuring SMTP

Basic Configuration

CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the logging sendmail command to complete the configuration. Use the show logging sendmail command to display the current SMTP configuration.

Console(config)#logging sendmail host 192.168.1.4 4-63 Console(config)#logging sendmail level 3 4-64 Console(config)#logging sendmail source-email

big-wheels@matel.com 4-64

Console(config)#logging sendmail destination-email

chris@matel.com 4-65

Console(config)#logging sendmail 4-65 Console(config)#exit Console#show logging sendmail 4-65 SMTP servers

-----------------------------------------------

1. 192.168.1.4

SMTP minimum severity level: 4

SMTP destination email addresses

-----------------------------------------------

1. chris@matel.com

SMTP source email address: big-wheels@matel.com

SMTP status: Enabled Console#

Resetting the System

This feature restarts the system. You can reboot the system immediately, or you can configure the switch to reset after a specified amount of time.

Command Attributes

• Hours – Specifies the amount of hours to wait, combined with the minutes, before

the switch resets. (Range: 0-576; Default: 0)

• Minutes – Specifies the amount of minutes to wait, combined with the hours,

before the switch resets. (Range: 1-34560; Default: 0)

• Reset – Resets the switch after the specified time. If the hour and minute fields are

blank, then the switch will reset immediately.

• Refresh – Refreshes the countdown timer of a pending delayed reset.

• Cancel – Cancels a pending delayed reset.

Note:

To rimmediately restart the switch, enter “0” in both the Hours and Minutes fields, and click Reset.

3-41

Configuring the Switch

Web – Click System, Reset. Enter the amount of time the switch should wait before rebooting. Click the Reset button to reboot the switch or click the Cancel button to cancel a configured reset. If prompted, confirm that you want reset the switch or cancel a configured reset.

Figure 3-23 Resetting the System

CLI – Use the reload command to restart the switch. When prompted, confirm that you want to reset the switch.

Console(config)#reload 4-14 *** *** --- Rebooting at January 1 23:53:44 2001 --***

Are you sure to reboot the system at the specified time? <y/n> y

When restarting the system, it will always run the Power-On Self-Test. It will also

Note:

retain all configuration information stored in non-volatile memory (See ?$paratext>? on page 3-28 or the copy running-config startup-config command (See ?$paratext>? on page 4-37).

Setting the System Clock

Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock. If the clock is not set manually or via SNTP, the switch will only record the time from the factory default set at the last bootup.

When the SNTP client is enabled, the switch periodically sends a request for a time update to a configured time server. You can configure up to three time server IP addresses. The switch will attempt to poll each server in the configured sequence.

3-42

Basic Configuration

Setting the Time Manually

You can set the system time on the switch manually without using SNTP.

Command Attributes

• Hours – Sets the hour. (Range: 0-23; Default: 0)

• Minutes – Sets the minute value. (Range: 0-59; Default: 0)

• Seconds – Sets the second value. (Range: 0-59; Default: 0)

• Month – Sets the month. (Range: 1-12; Default: 1)

• Day – Sets the day of the month. (Range: 1-31; Default: 1)

• Year – Sets the year. (Range: 2001-2100; Default: 2001)

Web – Select SNTP, Current Time. Modify any of the required time and date parameters, and click Apply.

Figure 3-24 Current Time Configuration

CLI – This example sets the system clock time and then displays the current time and date

Console#calendar set 17 46 00 october 18 2008 4-80 Console#show calendar 4-80 Current Time : Oct 2 17:03:35 2008 Time Zone :

GMT-Greenwich-Mean-Time-Dublin,Edinburgh,Lisbon,London Summer Time : Not configured Summer Time in Effect : No Console#

Configuring SNTP

You can configure the switch to send time synchronization requests to time servers.

Command Attributes

• SNTP Client – Configures the switch to operate as an SNTP client. This requires at least one NTP or SNTP time server to be specified in the SNTP Server field. (Default: Disabled)

• SNTP Poll Interval – Sets the interval between sending requests for a time update from a time server. (Range: 16-16384 seconds; Default: 16 seconds)

• SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence.

3-43

Configuring the Switch

Web – Select SNTP, Configuration. Modify any of the required SNTP parameters, and click Apply.

Figure 3-25 SNTP Configuration

CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings.

Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2 4-69 Console(config)#sntp poll 60 4-69 Console(config)#sntp client 4-68 Console(config)#exit Console#show sntp Current time: Jan 6 14:56:05 2004 Poll interval: 60 Current mode: unicast SNTP status : Enabled SNTP server 10.1.0.19 137.82.140.80 128.250.36.2 Current server: 128.250.36.2 Console#

The NTP client allows you to configure up to 50 NTP servers to poll for time updates. You can also enable authentication to ensure that reliable updates are received from only authorized NTP servers. The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clients. The key numbers and key values must match on both the server and client.

Command Attributes

• NTP Client – Configures the switch to operate as an NTP client. This requires at least one time server to be specified in the NTP Server list. (Default: Disabled)

• NTP Polling Interval – Sets the interval between sending requests for a time update from NTP servers. (Range: 16-16384 seconds; Default: 1024 seconds)

• NTP Authenticate – Enables authentication for time requests and updates between the switch and NTP servers. (Default: Disabled)

• NTP Server – Sets the IP address for an NTP server to be polled. The switch requests an update from all configured servers, then determines the most accurate time update from the responses received.

3-44

Smc 6128PL2, 6152PL2 Management Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Chapter 1: Introduction

Key Features

Description of Software Features

System Defaults

Chapter 2: Initial Configuration

Connecting to the Switch

Configuration Options

Required Connections

Basic Configuration

Remote Connections

Console Connection

Setting Passwords

Setting an IP Address

Manual Configuration

Dynamic Configuration

Enabling SNMP Management Access

Community Strings (for SNMP version 1 and 2c clients)

Trap Receivers

Configuring Access for SNMP Version 3 Clients

Managing System Files

Saving Configuration Settings

Chapter 3: Configuring the Switch

Using the Web Interface

Navigating the Web Browser Interface

Home Page

Panel Display

Configuration Options

Main Menu

Basic Configuration

Displaying System Information

Displaying Switch Hardware/Software Versions

Displaying Bridge Extension Capabilities

Setting the Switch's IP Address

Manual Configuration

Using DHCP/BOOTP

Enabling Jumbo Frames

Managing Firmware

Automatic Operation Code Upgrade

Downloading System Software from a Server

Saving or Restoring Configuration Settings

Downloading Configuration Settings from a Server

Uploading and Downloading Files Using HTTP

Console Port Settings

Telnet Settings

Configuring Event Logging

System Log Configuration

Remote Log Configuration

Displaying Log Messages

Sending Simple Mail Transfer Protocol Alerts

Resetting the System

Setting the System Clock

Setting the Time Manually

Configuring SNTP