SMC Networks 6724AL2, 6724AL2GB, SMC6724AL2 Management Manual

TigerSwitch 10/100

24-Port Fast Ethernet Switch

◆ 24 10BASE-T/100BASE-TX ports

◆ Optional 1000BASE-X or 100BASE-FX modules

◆ 8.8 Gbps of aggregate bandwidth

◆ Non-blocking switching architecture

◆ Spanning Tree Protocol

◆ Up to 4 port trunks

◆ RADIUS and TACACS+ authentication

◆ Rate limiting for bandwidth management

◆ CoS support for four-level priority

◆ Full support for VLANs with GVRP

◆ IP Multicasting with IGMP Snooping

◆ Manageable via console, Web, SNMP/RMON

Management Guide

SMC6724AL2

38 Tesla Irvine, CA 92618 Phone: (949) 679-8000

TigerSwitch 10/100 Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

January 2004

Pub. # 150200037700A

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

IMITED

ARRANTY

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR

IMITED WARRANTY

IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

vii

ONTENTS

1 Switch Management . . . . . . . . . . . . . . . . . . . . . . 1-1

Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6

Enabling SNMP Management Access . . . . . . . . . . . . . . . . . . . . . 1-9

Saving Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11

Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12

System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14

2 Configuring the Switch . . . . . . . . . . . . . . . . . . . . 2-1

Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Displaying Switch Hardware/Software Versions . . . . . . . . . . . . . . . . 2-11

Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . . . . . . . 2-14

Setting the IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16

System Logs Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

Remote Logs Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21

Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23

Downloading System Software from a Server . . . . . . . . . . . . . . 2-23

Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . . 2-25

Downloading Configuration Settings from a Server . . . . . . . . . 2-26

Setting the Startup Configuration File . . . . . . . . . . . . . . . . . . . . 2-26

Copying the Running Configuration to a File . . . . . . . . . . . . . . 2-27

ONTENTS

viii

Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28

Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28

Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29

Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30

Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31

Setting Community Access Strings . . . . . . . . . . . . . . . . . . . . . . 2-32

Specifying Trap Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-33

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-35

Configuring the Logon Password . . . . . . . . . . . . . . . . . . . . . . . 2-35

Configuring RADIUS/TACACS Logon Authentication . . . . . 2-36

Configuring HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-40

Replacing the Default Secure-site Certificate . . . . . . . . . . . . . . 2-42

Configuring SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-43

Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-45

Configuring 802.1x Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . 2-48

Displaying 802.1x Global Settings . . . . . . . . . . . . . . . . . . . . . . . 2-49

Configuring Global dot1x Parameters . . . . . . . . . . . . . . . . . . . . 2-51

Displaying 802.1x Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-54

Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55

Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . 2-56

Binding a Port to an Access Control List . . . . . . . . . . . . . . . . . 2-63

Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-64

Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . . 2-64

Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . . 2-66

Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-68

Statically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . . . . . . 2-70

Dynamically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . . . 2-71

Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . . . . . . . . 2-73

Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-75

Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-76

Rate Limit Granularity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-77

Rate Limit Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-78

Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-79

Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-85

Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-85

Displaying the Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . 2-86

Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-88

ONTENTS

Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . . . . . . . . 2-89

Displaying Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-90

Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-93

Displaying Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-97

Configuring Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . 2-101

VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-105

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-105

Assigning Ports to VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-106

Forwarding Tagged/Untagged Frames . . . . . . . . . . . . . . . . . . 2-108

Enabling or Disabling GVRP (Global Setting) . . . . . . . . . . . 2-108

Displaying Basic VLAN Information . . . . . . . . . . . . . . . . . . . 2-109

Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-110

Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-112

Adding Static Members to VLANs (VLAN Index) . . . . . . . . 2-114

Adding Static Members to VLANs (Port Index) . . . . . . . . . . 2-116

Configuring VLAN Behavior for Interfaces . . . . . . . . . . . . . . 2-117

Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-121

Displaying Current Private VLANs . . . . . . . . . . . . . . . . . . . . . 2-122

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 2-123

Associating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-125

Displaying Private VLAN Interface Information . . . . . . . . . . 2-126

Configuring Private VLAN Interfaces . . . . . . . . . . . . . . . . . . . 2-128

Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-130

Setting the Default Priority for Interfaces . . . . . . . . . . . . . . . . 2-130

Mapping CoS Values to Egress Queues . . . . . . . . . . . . . . . . . 2-132

Selecting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-135

Setting the Service Weight for Traffic Classes . . . . . . . . . . . . 2-136

Mapping Layer 3/4 Priorities to CoS Values . . . . . . . . . . . . . . 2-137

Selecting IP Precedence/DSCP Priority . . . . . . . . . . . . . . . . . 2-138

Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-139

Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-141

Mapping IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-143

ACL CoS Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-145

Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-146

Configuring IGMP Snooping Parameters . . . . . . . . . . . . . . . . 2-147

Interfaces Attached to a Multicast Router . . . . . . . . . . . . . . . . 2-150

Displaying Port Members of Multicast Services . . . . . . . . . . . 2-152

ONTENTS

Adding Multicast Addresses to VLANs . . . . . . . . . . . . . . . . . 2-153

3 Command Line Interface . . . . . . . . . . . . . . . . . . . 3-1

Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Negating the Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 3-6

Using Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Understanding Command Modes . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

Command Line Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26

ONTENTS

hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28

username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28

enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31

logging history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31

logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33

logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35

clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40

show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41

show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44

ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45

ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45

ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48

ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49

ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50

show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51

disconnect ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51

show ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52

Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53

SNTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54

sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55

sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56

sntp poll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57

sntp broadcast client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58

show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58

clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59

calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60

show calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-61

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-61

ONTENTS

xii

snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62

snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63

snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63

snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64

snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66

show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67

IP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68

ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69

ip dhcp restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70

ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71

show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72

show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73

Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74

line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75

password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77

exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78

password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79

silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80

databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81

parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-82

speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83

stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84

show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84

Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-85

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87

speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87

negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89

capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90

flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-91

clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94

switchport broadcast octet-rate . . . . . . . . . . . . . . . . . . . . . . . . . 3-94

show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-95

show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-97

ONTENTS

xiii

show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-98

Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101

mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102

show mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-103

clear mac-address-table dynamic . . . . . . . . . . . . . . . . . . . . . . . 3-104

mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105

Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106

spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107

spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108

spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109

spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110

spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110

spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111

spanning-tree pathcost method . . . . . . . . . . . . . . . . . . . . . . . . 3-112

spanning-tree transmission-limit . . . . . . . . . . . . . . . . . . . . . . . 3-113

spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114

spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115

spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-116

spanning-tree edge-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117

spanning-tree protocol-migration . . . . . . . . . . . . . . . . . . . . . . 3-118

spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119

show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120

VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122

vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123

vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-124

interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-125

switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126

switchport acceptable-frame-types . . . . . . . . . . . . . . . . . . . . . . 3-127

switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128

switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129

switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130

switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131

show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132

Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133

private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134

private-vlan association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135

switchport mode private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . 3-136

ONTENTS

xiv

switchport private-vlan host-association . . . . . . . . . . . . . . . . . 3-137

switchport private-vlan mapping . . . . . . . . . . . . . . . . . . . . . . . 3-138

show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139

GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . . . . . . 3-140

switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141

show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141

garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142

show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143

bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144

show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145

Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146

port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146

show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147

Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149

channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150

lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151

Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153

rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153

show rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154

Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155

authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157

radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158

radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159

radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159

radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160

radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161

show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161

tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-162

tacacs-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-162

tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-163

show tacacs-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-163

authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-164

dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-164

dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-165

dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-165

dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-166

dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-166

ONTENTS

dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167

dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167

dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168

show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-169

Access Control List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172

IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173

access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-174

permit, deny (Standard ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 3-175

permit, deny (Extended ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 3-176

ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179

show ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-180

show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-180

map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181

show map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182

MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183

access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183

permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184

mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-185

show mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-186

show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-187

ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-187

show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-187

show access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-188

Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-189

switchport priority default . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-190

queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-191

queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-192

queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193

show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195

show queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195

show queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196

map ip port (Global Configuration) . . . . . . . . . . . . . . . . . . . . . 3-196

map ip port (Interface Configuration) . . . . . . . . . . . . . . . . . . . 3-197

map ip precedence (Global Configuration) . . . . . . . . . . . . . . . 3-198

map ip precedence (Interface Configuration) . . . . . . . . . . . . . 3-199

map ip dscp (Global Configuration) . . . . . . . . . . . . . . . . . . . . 3-200

map ip dscp (Interface Configuration) . . . . . . . . . . . . . . . . . . . 3-201

ONTENTS

xvi

show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202

show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203

show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204

Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205

ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206

ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207

ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208

show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208

show mac-address-table multicast . . . . . . . . . . . . . . . . . . . . . . 3-209

ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210

ip igmp snooping query-count . . . . . . . . . . . . . . . . . . . . . . . . . 3-211

ip igmp snooping query-interval . . . . . . . . . . . . . . . . . . . . . . . 3-212

ip igmp snooping query-max-response-time . . . . . . . . . . . . . . 3-212

ip igmp snooping router-port-expire-time . . . . . . . . . . . . . . . . 3-213

ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . . . . . 3-214

show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . 3-215

A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . .A-1

Troubleshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

B Upgrading Firmware via the Serial Port . . . . . . .B-1

Glossary

Index

1-1

HAPTER

WITCH

ANAGEMENT

Connecting to the Switch

Configuration Options

The SMC6724AL2 24-port, Layer 2 switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).

Note: The IP address for this switch is assigned via DHCP by default. To

change this address, see “Setting an IP Address” on page 1-6.

The switch’s HTTP Web agent allows you to configure switch parameters, monitor port connections, and display statistics graphically using a standard Web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s Web management interface can be accessed from any computer attached to the network.

The switch’s management agent is based on SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using management software.

The CLI program can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.

WITCH MANAGEMENT

1-2

The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions:

• Set user names and passwords

• Set an IP interface for a management VLAN

• Configure SNMP parameters

• Enable/disable any port

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by rate limiting

• Configure up to 255 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Configure IGMP multicast filtering

• Upload and download system firmware via TFTP

• Upload and download switch configuration files via TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

• Configure up to four static or LACP trunks

• Enable port mirroring

• Enable broadcast storm control

• Display system information and statistics

ONNECTING TO THE SWITCH

1-3

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in “Console Port Pin Assignments” on page B-7 of the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC running terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.

2. Connect the other end of the cable’s to the RS-232 serial port on the switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set the data rate to 9600 baud.

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows keys.

Notes: 1. When using HyperTerminal with Microsoft

Windows® 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs.

WITCH MANAGEMENT

1-4

2. Refer to “Line Commands” on page 3-74 for a complete

description of console configuration options.

3. Once you have set up the terminal correctly, the console login

screen will be displayed.

For a description of how to use the CLI, see “Using the Command Line Interface” on page 3-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 3-10.

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol.

The IP address for this switch is assigned via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 1-6.

Note: This switch supports four concurrent Telnet sessions.

After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using network management software.

Note: The onboard program only provides access to basic configuration

functions. To access the full of SNMP management functions, you must use SNMP-based network management software.

ASIC CONFIGURATION

1-5

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully configure switch parameters, you must access the CLI at the Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level.

Setting Passwords

Note: If this is your first time to log into the CLI program, you should

define new passwords for both default user names using the “username” command, record them and put them in a safe place.

Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows:

WITCH MANAGEMENT

1-6

1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>.

Setting an IP Address

You must establish IP address information for the switch to obtain management access through the network. This can be done in either of the following ways:

Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.

Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network.

Note: Only one VLAN interface can be assigned an IP address (the

default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address and this becomes the new management VLAN.

User Access Verification Username: admin Password:

CLI session with the SMC6724AL2 is opened. To end the CLI session, enter [Exit]. Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)#

ASIC CONFIGURATION

1-7

Manual Configuration

You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment.

Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.

Note: The IP address for this switch is assigned via DHCP by default.

Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:

• IP address for the switch

• Default gateway for the network

• Network mask for this network

To assign an IP address to the switch, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP address and “netmask” is the network mask for the network. Press <Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.

4. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>.

WITCH MANAGEMENT

1-8

Dynamic Configuration

If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart” command to start broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information. (BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.)

If the “bootp” or “dhcp” option is saved to the startup-config file, then the switch will start broadcasting service requests as soon as it is powered on.

To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following commands:

• To obtain IP settings through DHCP, type “ip address dhcp” and press <Enter>.

• To obtain IP settings through BOOTP, type “ip address bootp” and press <Enter>.

3. Type “exit” to return to the global configuration mode. Press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)#

ASIC CONFIGURATION

1-9

4. Type “ip dhcp restart” to begin broadcasting service requests. Press <Enter>.

5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>.

6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>.

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.

Community Strings

Community strings are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages

Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart Console#show ip interface IP interface vlan IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup

Console#

WITCH MANAGEMENT

1-10

from the switch. You therefore need to assign community strings to specified users or user groups, and set the access level.

The default strings are:

• public - Specifies read-only access. Authorized management stations

are only able to retrieve MIB objects.

• private - Specifies read-write access. Authorized management

stations are able to both retrieve and modify MIB objects.

Note: If you do not intend to utilize SNMP, it is recommended that you

delete both of the default community strings. If there are no community strings, then SNMP management access to the switch is disabled.

To prevent unauthorized access to the switch via SNMP, it is recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>.

2. To remove an existing string, simply type “no snmp-server community string,” where “string” is the community access string to remove. Press <Enter>.

Trap Receivers

You can also specify SNMP stations that are to receive traps from the switch.

Console(config)#snmp-server community abc rw Console(config)#snmp-server community private Console(config)#

ASIC CONFIGURATION

1-11

To configure a trap receiver, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host. Press <Enter>.

2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either

authentication or link-up-down. Press <Enter>.

Saving Configuration Settings

Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in nonvolatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config startup-config” and press <Enter>.

2. Enter the name of the start-up file. Press <Enter>.

Console(config)#snmp-server enable traps link-up-down Console(config)#

Console#copy running-config startup-config Startup configuration file name []: startup

Console#

WITCH MANAGEMENT

1-12

Managing System Files

The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.

The three types of files are:

• Configuration — These files store system configuration

information and are created when configuration settings are saved. Saved configuration files can be selected as a system start-up file or can be uploaded via TFTP to a server for backup. A file named “Factory_Default_Config.cfg” contains all the system default settings and cannot be deleted from the system. See “Saving or Restoring Configuration Settings” on page 2-25 for more information.

• Operation Code — System software that is executed after boot-up,

also known as run-time code. This code runs the switch operations and provides the CLI, Web and SNMP management interfaces. See “Managing Firmware” on page 2-23 for more information.

• Diagnostic Code — Software that is run during system boot-up,

also known as POST (Power On Self-Test). This code also provides a facility to upload firmware files to the system directly through the console port. See “Upgrading Firmware via the Serial Port” on page B-1.

Due to the size limit of the flash memory, the switch supports only two operation code files, and two diagnostic code files. However, you can have as many configuration files as available flash memory space allows.

In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded.

ANAGING SYSTEM FILES

1-13

Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.

WITCH MANAGEMENT

1-14

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file. (See “Setting the Startup Configuration File” on page 2-26.)

The following table lists some of the basic system defaults.

Function Parameter Default

IP Settings Management VLAN 1

DHCP Enabled

BOOTP Disabled

User Specified Disabled

IP Address 0.0.0.0

Subnet Mask 255.0.0.0

Default Gateway 0.0.0.0

Web Management HTTP Server Enabled

HTTP Port Number 80

SNMP Community Strings “public” (read only)

“private” (read/write)

Authentication Failure Traps Enabled

Link-up-Down Traps Enabled

Security Privileged Exec Level Username “admin”

Password “admin”

Normal Exec Level Username “guest”

Password “guest”

Enable Privileged Exec from Normal Exec Level

Password “super”

Authentication Local

+ 394 hidden pages

SMC Networks 6724AL2, 6724AL2GB, SMC6724AL2 Management Manual

Specifications and Main Features

Frequently Asked Questions

User Manual