Smc 8124PL2 Management Guide

MANAGEMENT GUIDE

SMC8124PL2

TigerSwitchTM 10/100/1000
24-Port Managed Switch with PoE

TigerSwitch 10/100/1000
Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

20 Mason
Irvine, CA 92618
Phone: (949) 679-8000

Pub. # 149100034100A

May 2007

E052007-DT-R01

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and
reliable. However, no responsibility is assumed by SMC for its use, nor for any
infringements of patents or other rights of third parties which may result from its use. No
license is granted by implication or otherwise under any patent or patent rights of SMC.
SMC reserves the right to change specifications at any time without notice.

Copyright © 2007 by

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

All rights reserved. Printed in Taiwan

Trademarks:
SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are

trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.

Limited Warranty

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be
free from defects in workmanship and materials, under normal use and service, for the
applicable warranty term. All SMC products carry a standard 90-day limited warranty from
the date of purchase from SMC or its Authorized Reseller. SMC may , at its own discretion,
repair or replace any product not operating as warranted with a similar or functionally
equivalent product, during the applicable warranty term. SMC will endeavor to repair or
replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by
registering new products within 30 days of purchase from SMC or its Authorized Reseller.
Registration can be accomplished via the enclosed product registration card or online via
the SMC Web site. Failure to register will not affect the standard limited warranty. The
Limited Lifetime warranty covers a product during the Life of that Product, which is
defined as the period of time during which the product is an “Active” SMC product. A
product is considered to be “Active” while it is listed on the current SMC price list. As new
technologies emerge, older technologies become obsolete and SMC will, at its discretion,
replace an older product in its product line with one that incorporates these newer
technologies. At that point, the obsolete product is discontinued and is no longer an
“Active” SMC product. A list of discontinued products with their respective dates of
discontinuance can be found at:
http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may
be either new or reconditioned. Any replaced or repaired product carries either a 30-day
limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not
responsible for any custom software or firmware, configuration information, or memory
data of Customer contained in, stored on, or integrated with any products returned to
SMC pursuant to any warranty. Products returned to SMC should have any
customer-installed accessory or add-on components, such as expansion modules,
removed prior to returning the product for replacement. SMC is not responsible for these
items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to
returning any product to SMC. Proof of purchase may be required. Any product returned
to SMC without a valid Return Material Authorization (RMA) number clearly marked on
the outside of the package will be returned to customer at customer’s expense. For
warranty claims within North America, please call our toll-free customer support number
at (800) 762-4968. Customers are responsible for all shipping charges from their facility to
SMC. SMC is responsible for return shipping charges from SMC to customer.

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NO T OPERATE AS
WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF
ALL OTHER WARRANTIES OR CON DITIONS, EXPRESS OR IMPLIED, EITH ER I N
FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING
WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A
PAR TICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OT HER
PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE
SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL

i

NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION
DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS
CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT,
IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REP AIR,
OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY
ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR
TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL,
CONSEQUENTIAL, INDIRECT , S PECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR
FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS
ARISING OUT OF OR IN CONNECTION WITH THE SALE, I N STALLA TION,
MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS
PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR
THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PROD UCTS, SO THE ABOVE LIMITATI O N S AN D EXCLUSIONS MAY
NOT APPLY T O YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS,
WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL
BE TAKEN T O AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active
SMC price list. Under the limited lifetime warranty, internal and external power supplies,
fans, and cables are covered by a standard one-year warranty from date of purchase.

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

ii

Contents

Chapter 1: Introduction 1-1

Key Features 1-1
Description of Software Features 1-2
System Defaults 1-5

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4

Manual Configuration 2-5
Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-7
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8

Saving Configuration Settings 2-8

Managing System Files 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2

Configuration Options 3-2
Panel Display 3-3
Main Menu 3-3
Basic Configuration 3-10

Displaying System Information 3-10

Displaying Switch Hardware/Software Versions 3-11

Displaying Bridge Extension Capabilities 3-12

Setting the Switch’s IP Address 3-14

Manual Configuration 3-15
Using DHCP/BOOTP 3-16

Enabling Jumbo Frames 3-17

iii

Contents

Managing Firmware 3-18

Downloading System Software from a Server 3-18
Saving or Restoring Configuration Settings 3-20

Downloading Configuration Settings from a Server 3-21
Console Port Settings 3-22
Telnet Settings 3-24
Configuring Event Logging 3-26

Displaying Log Messages 3-26

System Log Configuration 3-27

Remote Log Configuration 3-29

Simple Mail Transfer Protocol 3-30
Resetting the System 3-32
Setting the System Clock 3-32

Configuring SNTP 3-32

Setting the Time Zone 3-33

Simple Network Management Protocol 3-34

Enabling the SNMP Agent 3-36
Setting Community Access Strings 3-36
Specifying Trap Managers and Trap Types 3-37
Configuring SNMPv3 Management Access 3-39

Setting the Local Engine ID 3-40

Specifying a Remote Engine ID 3-40

Configuring SNMPv3 Users 3-41

Configuring Remote SNMPv3 Users 3-43

Configuring SNMPv3 Groups 3-45

Setting SNMPv3 Views 3-48

User Authentication 3-50

Configuring User Accounts 3-50
Configuring Local/Remote Logon Authentication 3-51
Configuring HTTPS 3-54

Replacing the Default Secure-site Cert ific at e 3-56
Configuring the Secu re Shell 3-56

Configuring the SSH settings 3-58

Generating the Host Key Pair 3-59

Generating the User Public Key Pair 3-61
Configuring Port Security 3-63
Configuring 802.1X Port Authentication 3-64

Displaying 802.1X Global Settings 3-66

Configuring 802.1X Global Settings 3-66

Configuring Port Settings for 802.1X 3-67

Displaying 802.1X Statistics 3-70

Access Control Lists 3-72

Configuring Access Control Lists 3-72

Setting the ACL Name and Type 3-72

Configuring a Standard IP ACL 3-73

iv

Contents

Configuring an Extended IP ACL 3-74
Configuring a MAC ACL 3-77

Binding a Port to an Access Control List 3-78
Filtering Management Access 3-79
Port Configuration 3-81

Displaying Connection Status 3-81

Configuring Interface Connections 3-83

Creating Trunk Groups 3-85

Statically Configuring a Trunk 3-86
Enabling LACP on Selected Ports 3-88
Configuring LACP Parameters 3-89
Displaying LACP Port Counters 3-91
Displaying LACP Settings and Status for the Local Side 3-92

Displaying LACP Settings and Status for the Remote Side 3-94
Setting Broadcast Storm Thresholds 3-96
Configuring Port Mirroring 3-97
Configuring Rate Limits 3-98

Rate Limit Configuration 3-98
Showing Port Statistics 3-99

Power over E thernet Settings 3-104

Switch Power Status 3-105
Setting a Switch Power Budget 3-106
Displaying Port Power Status 3-106
Configuring Port PoE Power 3-107

Address Table Settings 3-108

Setting Static Addresses 3-108
Displaying the Addres s Table 3-109
Changing the Aging Time 3-110

Spanning Tree Algorithm Configuration 3-111

Displaying Global Settings 3-112
Configuring Global Settings 3-114
Displaying Interface Settings 3-118
Configuring Interface Settings 3-121

VLAN Configuration 3-123

Overview 3-123

Assigning Ports to VLANs 3-123

Forwarding Tagged/Untagged Frames 3-125
Displaying Basic VLAN Information 3-126
Displaying Current VLANs 3-126
Creating VLANs 3-128
Adding Static Members to VLANs (VLAN Index) 3-129
Adding Static Members to VLANs (Port Index) 3-131
Configuring VLAN Behavior fo r Interfaces 3-132
Configuring Private VLANs 3-133

Displaying Current Private VLANs 3-134

v

Contents

Configuring Private VLANs 3-135
Associating VLANs 3-136
Displaying Private VLAN Interface Information 3-136
Configuring Private VLAN Interfaces 3-137

Configuring Protocol VLANs 3-139

Configuring Protocol VLAN Basic Settings 3-139
Configuring Protocol VLAN System 3-140

LLDP 3-140

Configuring Basic LLDP Time Information 3-140
Configuring LLDP Port and Trunk Information 3-141
Displaying LLDP Local and Remote Device Informat ion 3-143

Class of Service Configuration 3-145

Setting the Default Priority for Interfaces 3-146
Mapping CoS Values to Egress Queues 3-147
Enabling CoS 3-149
Selecting the Queue Mode 3-149
Setting the Service Weight for Traffic Classes 3-150
Mapping Layer 3/4 Priorities to CoS Values 3-151
Selecting IP DSCP Priority 3-151
Mapping DSCP Priority 3-152

Quality of Service 3-153

Configuring Quality of Service Parameters 3-154
Configuring a Class Map 3-154
Creating QoS Policies 3-157
Attaching a Policy Map to Ingress Queues 3-160

Multicast Filtering 3-161

IGMP Protocol 3-161
Layer 2 IGMP (Snooping and Query) 3-162

Configuring IGMP Snooping and Query Parameters 3-162
Displaying Interfaces Attached to a Multicast Router 3-164
Specifying Static Interfaces for a Multicast Router 3-165
Displaying Port Members of Multicast Services 3-166
Assigning Ports to Multicast Services 3-167

Multicast VLAN Registration 3-168

Configuring Global MVR Settings 3-169
Displaying MVR Interface Status 3-170
Displaying Port Members of Multicast Groups 3-171
Configuring MVR Interface Status 3-172
Assigning Static Multicast Groups to Interfaces 3-174

DHCP Snooping 3-175

DHCP Snooping Configuration 3-176
DHCP Snooping VLAN Configuration 3-176
DHCP Snooping Information Option Configuration 3-177
DHCP Snooping Port Configuration 3-178
DHCP Snooping Binding Information 3-179

vi

Contents

IP Source Guard 3-180

IP Source Guard Port Configuration 3-180
Static IP Source Guard Binding Configuration 3-181
Dynamic IP Source Gua rd Binding Information 3-182

Switch Clus tering 3-183

Cluster Configuration 3-184
Cluster Member Configuration 3-185
Cluster Member Information 3-185
Cluster Candidate Information 3-186

UPnP 3-187

UPnP Configuration 3-188

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-1

Entering Commands 4-3

Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3

Showing Commands 4-3
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-5
Exec Commands 4-6
Configuration Commands 4-6
Command Line Processing 4- 7

Command Groups 4-8
Line Commands 4-9

line 4-10
login 4-11
password 4-12
timeout login response 4-13
exec-timeout 4-13
password-thresh 4-14
silent-time 4-15
databits 4-15
parity 4-16
speed 4-16
stopbits 4-17
disconnect 4-17

vii

Contents

show line 4-18

General Commands 4-19

enable 4-19
disable 4-20
configure 4-20
show history 4-21
reload 4-21
end 4-22
exit 4-22
quit 4-23

System Management Commands 4-23

Device Designation Commands 4-24

prompt 4-24
hostname 4-25

User Access Commands 4-25

username 4-25
enable password 4-26

IP Filter Commands 4-27

management 4-27
show management 4-28

Web Server Commands 4-29

ip http port 4-29
ip http server 4-30
ip http secure-server 4-30
ip http secure-port 4-31

Telnet Server Commands 4-32

ip telnet server 4-32
ip telnet server port 4-32

Secure Shell Commands 4-33

ip ssh server 4-35
ip ssh timeout 4-36
ip ssh authentication-retries 4-37
ip ssh server-key size 4-37
delete public-key 4-38
ip ssh crypto host-key generate 4-38
ip ssh crypto zeroize 4-39
ip ssh save host-key 4-39
show ip ssh 4-40
show ssh 4-40
show public-key 4-41

Event Logging Commands 4-43

logging on 4-43
logging history 4-44
logging host 4-45
logging facility 4-45

viii

Contents

logging trap 4-46

clear logging 4-46

show logging 4-47

show log 4-48
SMTP Alert Commands 4-49

logging sendmail host 4-49

logging sendmail level 4-50

logging sendmail source-email 4-51

logging sendmail destination-email 4-51

logging sendmail 4-52

show logging sendmail 4-52
Time Commands 4-53

sntp client 4-53

sntp server 4-54

sntp poll 4-55

show sntp 4-55

clock timezone 4-56

calendar set 4-56

show calendar 4-57
System Status Commands 4-57

show startup-config 4-57

show running-config 4-59

show system 4-60

show users 4-61

show version 4-62
Frame Size Commands 4-63

jumbo frame 4-63

Flash/File Commands 4-64

copy 4-64
delete 4-67
dir 4-67
whichboot 4-68
boot system 4-69

Authentication Commands 4-70

Authentication Sequence 4-70

authentication login 4-70

authentication enable 4-71
RADIUS Client 4-72

radius-server host 4-72

radius-server port 4-73

radius-server key 4-74

radius-server retransmi t 4-74

radius-server timeo ut 4-75

show radius-server 4-75
TACACS+ Client 4-76

ix

Contents

tacacs-server host 4-76
tacacs-server port 4-76
tacacs-server key 4-77
show tacacs-server 4-77

Port Security Commands 4-78

port security 4-78

802.1X Port Authentication 4-80
dot1x system-auth-control 4-80
dot1x default 4-81
dot1x max-req 4-81
dot1x port-control 4-81
dot1x operation-mode 4-82
dot1x re-authenticate 4-83
dot1x re-authentication 4-83
dot1x timeout quiet-period 4-83
dot1x timeout re-authperiod 4-84
dot1x timeout tx-period 4-84
show dot1x 4-85

Access Control List Commands 4-88

IP ACLs 4-89

access-list ip 4-89
permit, deny (Standard ACL) 4-90
permit, deny (Extended ACL) 4-91
show ip access-list 4-92
ip access-group 4-92
show ip access-group 4-93
map access-list ip 4-93
show map access-list ip 4-94

ACL Information 4-95

show access-list 4-95
show access-group 4-95

SNMP Commands 4-96

snmp-server 4-96
show snmp 4-97
snmp-server community 4-98
snmp-server contact 4-99
snmp-server location 4-99
snmp-server host 4-100
snmp-server enable traps 4-102
snmp-server engine-id 4-103
show snmp eng ine-id 4-104
snmp-server view 4-105
show snmp view 4-105
snmp-server group 4-106
show snmp group 4-107

x

Contents

snmp-server user 4-109
show snmp user 4-110

Interface Commands 4-111

interface 4-111
description 4-112
speed-duplex 4-112
negotiation 4-113
capabilities 4-114
flowcontrol 4-115
shutdown 4-116
clear counters 4-116
show interfaces status 4-117
show interfaces counters 4-118
show interfaces switchport 4-119

Broadcast Commands 4-121

broadcast packet-rate 4-121
switchport broadcast 4-121

Mirror Port Commands 4-122

port monitor 4-122
show port monitor 4-123

Rate Limit Commands 4-124

rate-limit 4-124

Link Aggregation Commands 4-125

channel-group 4-126
lacp 4-127
lacp system-priority 4-128
lacp admin-key (Ethernet Interface) 4-129
lacp admin-key (Port Channel) 4-130
lacp port-priority 4-131
show lacp 4-131

Address Table Commands 4-135

mac-addr ess-table static 4-135
clear mac-address-tab le dyn am ic 4 -136
show mac-address-table 4-137
mac-address-table aging-time 4-138
show mac-address-table aging-time 4-138

Spanning Tree Commands 4-139

spanning-tree 4-139
spanning-tree mode 4-140
spanning-tree forward-time 4-141
spanning-tree hello-time 4-142
spanning-tree max-age 4-142
spanning-tree priority 4-143
spanning-tree pathcost method 4-144
spanning-tree transmission-limit 4-144

xi

Contents

spanning-tree spanning-disabled 4-145
spanning-tree cost 4-145
spanning-tree port-priority 4-146
spanning-tree edge-port 4-147
spanning-tree portfast 4-148
spanning-tree link-type 4-148
spanning-tree protocol-migration 4-149
show spanning-tree 4-150

VLAN Commands 4-152

Editing VLAN Groups 4-152

vlan database 4-152
vlan 4-153

Configuring VLAN Interfaces 4-154

interface vlan 4-154
switchport mode 4-155
switchport acceptable-frame-types 4-155
switchport ingress-filtering 4-156
switchport native vlan 4-157
switchport allowed vlan 4-157
switchport forbidden vlan 4-158

Displaying VLAN Information 4-159

show vlan 4-159

Configuring Private VLANs 4-160

private-vlan 4-161
private vlan association 4-162
switchport mode private-vlan 4-162
switchport private-vlan host-association 4-163
switchport private-vlan mapping 4-164
show vlan private-vlan 4-164

GVRP and Bridge Extension Commands 4-165

bridge-ext gvrp 4-165
show bridge-ext 4-166
switchport gvrp 4-166
show gvrp configuration 4-167
garp timer 4-167
show garp timer 4-168

Priority Commands 4-169

Priority Commands (Layer 2) 4-170

queue mode 4-170
switchport priority default 4-171
queue bandwidth 4-172
queue cos-map 4-172
show queue mode 4-173
show queue bandwidth 4-174
show queue cos-map 4-174

xii

Contents

Priority Commands (Layer 3 and 4) 4-175

map ip dscp (Global Configuration) 4-175
map ip dscp (Interface Configuration) 4-176
show map ip dscp 4-177

Multicast F iltering Commands 4-178

IGMP Snooping Commands 4-178

ip igmp snooping 4-178
ip igmp snooping vlan static 4-179
ip igmp snooping version 4-179
ip igmp snooping immediate-leave 4-180
show ip igmp snooping 4-180
show mac-address-table multicast 4-181

IGMP Query Commands (Layer 2) 4-182

ip igmp snooping querier 4-182
ip igmp snooping query-count 4-182
ip igmp snooping query-interval 4-183
ip igmp snooping qu ery-max-response-time 4-184
ip igmp snooping router-port-expire-time 4-185

Static Multicast Routing Commands 4-185

ip igmp snooping vlan mrouter 4-185
show ip igmp snooping mrouter 4-186

IGMP Filtering and Throttling Commands 4-187

ip igmp filter (Global Configuration) 4-187
ip igmp profile 4-188
permit, deny 4-189
range 4-189
ip igmp filter (Interface Configuration) 4-190
ip igmp max-groups 4-191
ip igmp max-groups action 4-191
show ip igmp filter 4-192
show ip igmp profile 4-193
show ip igmp throttle interface 4-193

Multicast VLAN Registration Commands 4-194

mvr (Global Configuration) 4-194
mvr (Interface Configuration) 4-195
show mvr 4-197

LLDP 4-199

lldp transmit-interva l 4-201
lldp transmit-delay 4-201
lldp transmit-hold 4-202
lldp reinit-delay 4-202
lldp notification-interval 4-203
lldp 4-204
lldp basic-tlv management-address 4-204
lldp basic-tlv description 4-205

xiii

Contents

lldp basic-tlv system-capabilities 4-206
lldp basic-tlv system-description 4-206
lldp basic-tlv system-name 4-207
lldp notification 4-207
lldp dot1-tlv port-vlan-id 4-208
lldp dot1-tlv port-protocol-vlan-id 4-209
lldp dot1-tlv vlan-name 4-209
lldp dot1-tlv protocol-identity 4-210
lldp dot3- tlv mac-phy 4-210
lldp dot3- tlv link-aggregation 4-211
lldp dot3-tlv power-via-mdi 4-211
lldp dot3- tlv maximum-frame-size 4-212
show lldp config 4-212
show lldp info local-device 4-213
show lldp info remote-device 4-214
show lldp info statistics 4-215

UPnP 4-216

UPnP Configuration 4-216

upnp device 4-217
upnp devic e ttl 4-217
upnp device advertise duration 4-218
show upnp 4-218

IP Interface Commands 4-219

Basic IP Configuration 4-219

ip address 4-219
ip dhcp restart 4-220
ip default-gateway 4-221
show ip interface 4-222
show ip redirect s 4-222
ping 4-222

IP Source Guard Commands 4-223

ip source-guard 4-224
ip source-guard binding 4-225
show ip source-guard 4-227
show ip source-guard binding 4-227

DHCP Snooping Commands 4-227

ip dhcp snooping 4-228
ip dhcp snooping vlan 4-230
ip dhcp snooping trust 4-230
ip dhcp snooping verify mac-address 4-231
ip dhcp snooping information option 4-232
ip dhcp snooping information policy 4-233
ip dhcp snooping da tabase flash 4-233
show ip dhcp snooping 4-234
show ip dhcp snooping binding 4-234

xiv

Contents

Switch Cluster Commands 4-235

cluster 4-235
cluster commander 4-236
cluster ip-pool 4 -236
cluster member 4-237
rcommand 4-238
show cluster 4-238
show cluster members 4-239
show cluster candidates 4-239

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A- 2
Standards A-2
Management Informa tio n Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xv

Contents

xvi

Tables

Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-5
Table 3-1 Configuration Options 3-2
Table 3-2 Main Menu 3-3
Table 3-3 Logging Levels 3-27
Table 3-4 SNMPv3 Security Models and Levels 3-35
Table 3-5 Supported Notification Messages 3-45
Table 3-6 HTTPS Support 3-55
Table 3-7 802.1X Statistics 3-70
Table 3-8 LACP Port Counter Information 3-91
Table 3-9 LACP Settings 3-92
Table 3-10 LACP Remote Side Setting s 3-94
Table 3-11 Port Statistics 3-100
Table 3-12 Egress Queue Priority Mapping 3-147
Table 3-13 CoS Priority Levels 3-147
Table 3-14 Mapping DSCP Priority 3-152
Table 4-1. Command Modes 4-5
Table 4-2. Configuration Commands 4-7
Table 4-3. Keystroke Commands 4-7
Table 4-4. Command Group Index 4-8
Table 4-5. Line Command Syntax 4-9
Table 4-6. General Commands 4-19
Table 4-7. System Management Commands 4-23
Table 4-8. Device Designation Commands 4-24
Table 4-9. User Access Commands 4-25
Table 4-10. Default Login Settings 4-26
Table 4-11. IP Filter Commands 4-27
Table 4-12. Web Server Command 4-29
Table 4-13. HTTPS System Support 4-31
Table 4-14. Telnet Server Commands 4-32
Table 4-15. Secure Shell Commands 4-33
Table 4-16. show ssh - display description 4-41
Table 4-17. Event Logging Commands 4-43
Table 4-18. Logging Levels 4-44
Table 4-19. show logging flash/ram - display description 4-48
Table 4-20. show logging trap - display description 4-48
Table 4-21. SMTP Alert Commands 4-49
Table 4-22. Time Commands 4-53
Table 4-23. System Status Commands 4-57
Table 4-24. Frame Size Commands 4-63
Table 4-25. Flash/File Commands 4-64
Table 4-26. File Directory Information 4-68

xvii

Tables

Table 4-27. Authentication Commands 4-70
Table 4-28. Authentication Sequence 4-70
Table 4-29. RADIUS Client Commands 4-72
Table 4-30. TACACS+ Client Commands 4-76
Table 4-31. Port Security Commands 4-78
Table 4-32. 802.1X Port Authentication Commands 4-80
Table 4-33. Access Control List Commands 4-88
Table 4-34. IP ACL Commands 4-89
Table 4-35. Egress Queue Priority Mapping 4-94
Table 4-36. ACL Information 4-95
Table 4-37. SNMP Commands 4-96
Table 4-38. show snmp engine-id - display description 4-104
Table 4-39. show snmp view - display description 4-106
Table 4-40. show snmp group - display description 4-108
Table 4-41. show snmp user - display description 4-110
Table 4-42. Interface Commands 4-111
Table 4-43. show interfaces switchport - display description 4-120
Table 4-44. Broadcast Commands 4-121
Table 4-45. Mirror Port Commands 4-122
Table 4-46. Rate Limit Commands 4-124
Table 4-47. Link Aggregation Commands 4-125
Table 4-48. show lacp counters - display description 4-132
Table 4-49. show lacp internal - display description 4-133
Table 4-50. show lacp neighbors - display description 4-134
Table 4-52. Address Table Commands 4-135
Table 4-51. show lacp sysid - display description 4-135
Table 4-53. Spanning Tree Commands 4-139
Table 4-54. VLAN Commands 4-152
Table 4-55. Editing VLAN Groups 4-152
Table 4-56. Configuring VLAN Interfaces 4-154
Table 4-57. Displaying VLAN Information 4-159
Table 4-58. Private VLAN Commands 4-160
Table 4-59. GVRP and Bridge Extension Commands 4-165
Table 4-60. Priority Commands 4-169
Table 4-61. Priority Commands (Layer 2) 4-170
Table 4-62. Default CoS Priority Levels 4-173
Table 4-63. Priority Commands (Layer 3 and 4) 4-175
Table 4-64. Mapping IP DSCP to CoS Values 4-176
Table 4-65. Multicast Filtering Commands 4-178
Table 4-66. IGMP Snooping Commands 4-178
Table 4-67. IGMP Query Commands (Layer 2) 4-182
Table 4-68. Static Multicast Routing Commands 4-185
Table 4-69. IGMP Filtering and Throttling Commands 4-187
Table 4-70. Multicast VLAN Registration Commands 4-194
Table 4-71. show mvr - display description 4-198

xii

Tables

Table 4-72. show mvr interface - display description 4-198
Table 4-73. show mvr members - display description 4-199
Table 4-74. LLDP Commands 4-199
Table 4-75. UPnP Commands 4-216
Table 4-76. IP Interface Commands 4-219
Table 4-77. IP Source Guard Commands 4-224
Table 4-78. DHCP Snooping Commands 4-227
Table 4-79. Switch Cluster Commands 4-235
Table 2-1. Troubleshooting Chart B-1

xii

Figures

Figure 3-1. Homepage 3-2
Figure 3-2. Panel Display 3-3
Figure 3-3. System Information 3-10
Figure 3-4. Switch Information 3-12
Figure 3-5. Bridge Extension Configuration 3-13
Figure 3-6. Manual IP Configuration 3-15
Figure 3-7. DHCP IP Configuration 3-16
Figure 3-8. Enabling Jumbo Frames 3-17
Figure 3-9. Copy Firmware 3-19
Figure 3-10. Setting the Startup Code 3-19
Figure 3-11. Deleting Files 3-19
Figure 3-12. Downloading Configuration Settings for Startup 3-21
Figure 3-13. Setting the Startup Configuration Settings 3-21
Figure 3-14. Console Port Setting 3-23
Figure 3-15. Enabling Telnet 3-25
Figure 3-16. Displaying Logs 3-27
Figure 3-17. System Logs 3-28
Figure 3-18. Remote Logs 3-29
Figure 3-19. Enabling and Configuring SMTP 3-31
Figure 3-20. Resetting the System 3-32
Figure 3-21. SNTP Configuration 3-33
Figure 3-22. Setting the Time Zone 3-34
Figure 3-23. Enabling the SNMP Agent 3-36
Figure 3-24. Configuring SNMP Community Strings 3-37
Figure 3-25. Configuring SNMP Trap Managers 3-39
Figure 3-26. Setting an Engine ID 3-40
Figure 3-27. Setting an Engine ID 3-41
Figure 3-28. Configuring SNMPv3 Users 3-42
Figure 3-29. Configuring Remote SNMPv3 Users 3-44
Figure 3-30. Configuring SNMPv3 Groups 3-47
Figure 3-31. Configuring SNMPv3 Views 3-49
Figure 3-32. Access Levels 3-51
Figure 3-33. Authentication Settings 3-53
Figure 3-34. HTTPS Settings 3-55
Figure 3-35. SSH Server Settings 3-59
Figure 3-36. SSH Host-Key Settings 3-60
Figure 3-37. SSH User Public-Key Settings 3-62
Figure 3-38. Configuring Port Security 3-64
Figure 3-39. 802.1X Global Information 3-66
Figure 3-40. 802.1X Global Configuration 3-67
Figure 3-41. 802.1X Port Configuration 3-68
Figure 3-42. Displaying 802.1X Port Statistics 3-71

xx

Figures

Figure 3-43. Naming and Choosing ACLs 3-73
Figure 3-44. Configuring Standard IP ACLs 3-74
Figure 3-45. Configuring Extended IP ACLs 3-76
Figure 3-46. Configuring MAC ACLs 3-78
Figure 3-47. Mapping ACLs to Port Ingress Queues 3-79
Figure 3-48. Filtering Management Access 3-80
Figure 3-49. Port Status Information 3-81
Figure 3-50. Configuring Port Attributes 3-84
Figure 3-51. Static Trunk Configuration 3-87
Figure 3-52. LACP Port Configuration 3-88
Figure 3-53. LACP Aggregation Port Configuration 3-90
Figure 3-54. Displaying LACP Port Counters Information 3-92
Figure 3-55. Displaying LACP Port Information 3-93
Figure 3-56. Displaying Remote LACP Port Information 3-95
Figure 3-57. Enabling Port Broadcast Control 3-96
Figure 3-58. Configuring a Mirror Port 3-98
Figure 3-59. Configuring Input Port Rate Limi ting 3-99
Figure 3-60. Displaying Port Statistics 3-102
Figure 3-61. Displaying Etherlike and RMON Statistics 3-103
Figure 3-62 Displaying the Global PoE Status 3-105
Figure 3-63 Setting the Switch Power Budget 3-106
Figure 3-64 Displaying Port PoE Status 3-107
Figure 3-65 Configuring Port PoE Power 3-108
Figure 3-66. Mapping Ports to Static Addresses 3-109
Figure 3-67. Displaying the MAC Dynamic Address Table 3-110
Figure 3-68. Setting the Aging Time 3-111
Figure 3-69. Displaying the Spanning Tree Algorithm 3-114
Figure 3-70. Configuring the Spanning Tree Algorithm 3-117
Figure 3-71. Displaying STA - Port Status Information 3-120
Figure 3-72. Configuring Spanning Tree Algorithm per Port 3-122
Figure 3-73. Displaying Basic VLAN Information 3-126
Figure 3-74. Displaying VLAN Information by Port Membership 3-127
Figure 3-75. Creating Virtual LANs 3-129
Figure 3-76. Configuring VLAN Port Attributes 3-130
Figure 3-77. Assigning VLAN Port and Trunk Groups 3-131
Figure 3-78. Configuring VLAN Ports 3-133
Figure 3-79. Private VLAN Information 3-134
Figure 3-80. Private VLAN Configuration 3-135
Figure 3-81. Private VLAN Association 3-136
Figure 3-82. Private VLAN Port Information 3-137
Figure 3-83. Private VLAN Port Configuration 3-138
Figure 3-84. Protocol VLAN Configuration 3-139
Figure 3-85. Protocol VLAN Port Configuration 3-140
Figure 3-86. LLDP Configuration 3-141
Figure 3-87. LLDP Port Configuration 3-142

xxi

Figures

Figure 3-88. LLDP Local Device Information 3-143
Figure 3-89. LLDP Remote Device Information 3-143
Figure 3-90. Port Priority Configuration 3-146
Figure 3-91. Configuring Class of Service 3-148
Figure 3-92. Enable Traffic Classes 3-149
Figure 3-93. Setting the Queue Mode 3-149
Figure 3-94. Configuring Queue Scheduling 3-150
Figure 3-95. IP DSCP Priority Status 3-151
Figure 3-96. Mapping IP DSCP Priority to Class of Service Values 3-152
Figure 3-97. Configuring Class Maps 3-156
Figure 3-98. Configuring Policy Maps 3-159
Figure 3-99. Service Policy Settings 3-160
Figure 3-100. Configuring Internet Group Management Protocol 3-164
Figure 3-101. Mapping Multicast Switch Ports to VLANs 3-165
Figure 3-102. Static Multicast Router Port Configuration 3-166
Figure 3-103. Displaying Port Members of Multicast Services 3-167
Figure 3-104. Specifying Multicast Port Membership 3-168
Figure 3-105. MVR Global Configuration 3-170
Figure 3-106. MVR Port Information 3-171
Figure 3-107. MVR Group IP Information 3-172
Figure 3-108. MVR Port Configuration 3-173
Figure 3-109. MVR Group Member Configuration 3-174
Figure 3-110. DHCP Snooping Configuration 3-176
Figure 3-111. DHCP Snooping VLAN Configuration 3-177
Figure 3-112. DHCP Snooping Information Option Configuration 3-178
Figure 3-113. DHCP Snooping Port Configuration 3-178
Figure 3-114. DHCP Snooping Binding Information 3-179
Figure 3-115. IP Source Guard Port Configuration 3-180
Figure 3-116. Static IP Source Guard Binding Configuration 3-182
Figure 3-117. Dynamic IP Source Guard Binding Information 3-183
Figure 3-118. Cluster Configuration 3-184
Figure 3-119. Cluster Member Configuration 3-185
Figure 3-120. Cluster Member Information 3-186
Figure 3-121. Cluster Candidate Information 3-186
Figure 3-122. UPnP Configuration 3-188

xxii

Figures

xxiii

Chapter 1: Introduction

This switch provides a broa d r ange of features for Layer 2 sw i tchi ng. It includes a
management agent th at allo w s you to configure the featur es list ed in thi s m anual.
The default configurati on can be used for most of the feat u res provided by this
switch. However, there are many options that you should conf i gur e t o m axi m i ze th e
switch’s performance for your particular network en vi ro nm ent.

Key Features

Table 1-1 Key Features

Feature Description

Configuration Backup
and Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control Lists Supports up to 32 IP
DHCP Client Supported
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input rate limiting per port
Port Mirroring One port mirrored to single analysis port
Port Trunking Supports up to 8 trunks using either static or dynamic trunking (LACP)
Broadcast Storm

Control
Static Address Up to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward

Switching
Spanning Tree

Protocol
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private

LLDP Link Layer Discovery Protocol (LLDP) is used to discover basic information

Traffic Prioritization Default port priority, traffic class map, queue scheduling, Differentiated

Backup to TFTP server

Web – HTTPS; Telnet – SSH
SNMP v1/v2c/v3– Community strings
Port – IEEE 802.1X, MAC address filtering

Supported

Supported to ensure wire-speed switching while eliminating bad frames

Supports standard STP and Rapid Spanning Tree Protocol (RSTP)

VLANs

about neighboring devices on th e local broadcast domain.

Services Code Point (DSCP), and TCP/UDP Port

1-1

Introduction

1

Table 1-1 Key Features (Continued)

Feature Description

Multicast Filtering Supports IGMP snooping and query

Description of Software Features

The switch provides a wide range of advanced performance enhancing features.
Flow control eliminate s th e loss of packets due to bottlenecks caused by port
saturation. Broadcast storm suppression prevents broadcast traffic storms from
engulfi ng the network. Port-based and protocol-base d VLANs, plus support for
automatic GVRP VLAN registration provide traffic secu rit y and efficient use of
network bandwidth. CoS priority queueing ensures t he m ini m um delay for moving
real-time multimedia da ta acr os s th e network. While multicas t fi lter i ng provides
support for real-time net wor k applications. Some of the m anagement features are
briefly described below.

Configur ati on Back up and Resto re – You can save the cu rren t con fig urat io n sett ings
to a file on a TFTP server, and later download this file to res to re th e swi t ch
configuration setting s.

Authentication – This switch authenticates management access via the console
port, Telnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1X protocol. This
protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request
a user name and password from the 802.1X client, and then verifies the client’s right
to access the network vi a an au t hentication server.

Other authentication options include HTTPS for secure management access via the
web, SSH for secure man agement access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SN M P/ w eb /Telnet management access,
and MAC address filte ring for port access.

Access Control Lists – ACLs prov id e packe t filter ing for IP frames (based on
address, protocol, TCP/U DP port number or TCP control co de) or any fra m es
(based on MAC address or Ethernet type). ACLs can by used to improve
performance by block ing unnecessary networ k t ra ffic or to im pl em ent security
controls by restrictin g access to specific networ k r esources or protocols.

Port Configuration – You can manually configure the speed, duplex mode, and
flow control used on spe ci fic p or ts, or use aut o- negotiation to detect th e con n e ct io n
settings used by the attache d device. Use the full-du plex mode on ports whenever
possible to double the throughput of switch connections. Flow control should also be
enabled to control networ k t ra ffic duri ng periods of congestion a nd prevent the loss
of packets when port buffer threshold s ar e ex ceeded. The switch sup ports flow
control based on the IEEE 802. 3x standard.

1-2

Description of Software Features

Rate Limiting – This feature controls the maximum rate for traffic receiv ed on an
interface. Rate limiting is configured on interfaces at the edge of a network to limit
traffic into the network. Packets that exceed the acceptable amount of traffic are
dropped.

Port Mirroring – The switch can unobtr usi vely mirror traffic from any port t o a
monitor port. You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can
be manually set up or dynamically configured using IEEE 802.3ad Link Aggregation
Control Protocol (LACP). The add itional ports dramatically increase the th ro ughput
across any connecti on, and provide redundan cy by taking over the load if a port in
the trunk should fail. The switch supports up to 8 trunk s.

Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from
overwhelming the netw or k. W hen enabled on a port, the lev el of broadcast traffic
passing through the port is rest r ic t ed. If broadcast traffic rises above a pr e- defined
threshold, it will be throttle d unt i l the level fa lls back beneath the thresho ld .

Static Addresses – A static address can be assigned to a sp ecific interface on this
switch. Static addresses are bound to the assigned interface and will not be moved.
When a static address is seen on another interface, the address will be ignored and
will not be written to the add re ss tab le . Static addresses ca n be used to provide
network security b y restricting access for a known host to a specific port.

IEEE 802.1D Bridge – The swit ch s upports IEEE 802.1D transparent br id ging. The
address table facilitates data switch ing by learning addresses , and then filtering or
forwarding traffic based on thi s in fo rmation. The address table su pp orts up to 8K
addresses.

Store-and-Forward Switching – The switch copies each frame in to its memory
before forwarding them to another port. This ensures that all frames are a standard
Ethernet size and have bee n verified for accuracy wit h th e cy cl ic red undancy check
(CRC). This prevents bad fram es from entering the netwo rk and w asting bandwidth.

To avoid dropping frames on congested ports, the switch prov i des 1.5 M B fo r frame
buffering. This buffer can queue packets awaiting transmission on congested
networks.

Spanning Tree Protocol – The switch supports these spanning tree prot ocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This pro tocol adds a level of fault

tolerance by allowing tw o or more redundant connect i on s to be created between a
pair of LAN segments. When ther e ar e m ul t i ple physical paths between seg m ents,
this protocol will choose a single path and disable all others to ensure that only one
route exists between any tw o stations on the network. This prev ents the creation of
network loops. However, if the chosen path should f ai l for any reason, an alternate
path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to about 10% of that required by the

1

1-3