SMC Networks 8124PL2 - annexe 1, TigerSwitch SMC8124PL2 Management Manual

MANAGEMENT GUIDE

SMC8124PL2

TigerSwitchTM 10/100/1000
24-Port Managed Switch with PoE

TigerSwitch 10/100/1000
Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

20 Mason
Irvine, CA 92618
Phone: (949) 679-8000

May 2007

Pub. # 149100034100A

E052007-DT-R01

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and
reliable. However, no responsibility is assumed by SMC for its use, nor for any
infringements of patents or other rights of third parties which may result from its use. No
license is granted by implication or otherwise under any patent or patent rights of SMC.
SMC reserves the right to change specifications at any time without notice.

Copyright © 2007 by

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

All rights reserved. Printed in T aiwan

Trademarks:
SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are

trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.

Limited Warranty

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be
free from defects in workmanship and materials, under normal use and service, for the
applicable warranty term. All SMC products carry a standard 90-day limited warranty from
the date of purchase from SMC or its Authorized Reseller. SMC may , at i ts own discretion,
repair or replace any product not operating as warranted with a similar or functionally
equivalent product, during the applicable warranty term. SMC will endeavor to repair or
replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by
registering new products within 30 days of purchase from SMC or its Authorized Reseller.
Registration can be accomplished via the enclosed product registration card or online via
the SMC Web site. Failure to register will not affect the standard limited warranty. The
Limited Lifetime warranty covers a product during the Life of that Product, which is
defined as the period of time during which the product is an “Active” SMC product. A
product is considered to be “Active” while it is listed on the current SMC price list. As new
technologies emerge, older technologies become obsolete and SMC will, at its discretion,
replace an older product in its product line with one that incorporates these newer
technologies. At that point, the obsolete product is discontinued and is no longer an
“Active” SMC product. A list of discontinued products with their respective dates of
discontinuance can be found at:
http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may
be either new or reconditioned. Any replaced or repaired product carries either a 30-day
limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not
responsible for any custom software or firmware, configuration information, or memory
data of Customer contained in, stored on, or integrated with any products returned to
SMC pursuant to any warranty. Products returned to SMC should have any
customer-installed accessory or add-on components, such as expansion modules,
removed prior to returning the product for replacement. SMC is not responsible for these
items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to
returning any product to SMC. Proof of purchase may be required. Any product returned
to SMC without a valid Return Material Authorization (RMA) number clearly marked on
the outside of the package will be returned to customer at customer’s expense. For
warranty claims within North America, please call our toll-free customer support number
at (800) 762-4968. Customers are responsible for all shipping charges from their facility to
SMC. SMC is responsible for return shipping charges from SMC to customer.

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DO ES NOT OPERATE AS
WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF
ALL OTHER WARRANTIE S O R CO NDITIONS , EX PR E SS O R IM PLIED, EITHER IN
FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING
WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER
PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE
SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL

i

NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION
DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS
CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT,
IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR,
OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY
ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR
TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL,
CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR
FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS
ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION,
MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS
PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR
THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PRODUCTS , SO THE ABOVE LIM ITATIONS AND EX CL US I O N S MAY
NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS,
WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL
BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active
SMC price list. Under the limited lifetime warranty, internal and external power supplies,
fans, and cables are covered by a standard one-year warranty from date of purchase.

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

ii

Contents

Chapter 1: Introduction 1-1

Key Features 1-1
Description of Software Features 1-2
System Defaults 1-5

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connection s 2-3

Basic Configuration 2-3

Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4

Manual Configuration 2-5
Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-7
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8

Saving Configuration Settings 2-8

Managing System Files 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2

Configuration Options 3-2
Panel Displa y 3-3
Main Menu 3-3
Basic Configuration 3-10

Displaying System Information 3-10

Displaying Switch Hardware/Software Versions 3-11

Displaying Bridge Extension Capabilities 3-12

Setting the Switch’s IP Address 3-14

Manual Configuration 3-15
Using DHCP/BOOTP 3-16

Enabling Jumbo Frames 3-17

iii

Contents

Managing Firmware 3-18

Downloading System Software from a Server 3-18
Saving or Restoring Configuration Settings 3-20

Downloading Configuration Settings from a Server 3-21
Console Port Settings 3-22
Telnet Settings 3-24
Configuring Event Logging 3-26

Displayi ng Log Messages 3-26

System Log Configuration 3-27

Remote Log Configuration 3-29

Simple Mail Transfer Protocol 3-30
Resetting the System 3-32
Setting the System Clock 3-32

Configuring SNTP 3-32

Setting the Time Zone 3-33

Simple Network Management Protocol 3-34

Enabling the SNMP Agent 3-36
Setting Community Access Strings 3-36
Specifying Trap Managers and Trap Types 3-37
Configuring SNMPv3 Management Access 3-39

Setting the Local Engine ID 3-40

Specifying a Remote Engine ID 3-40

Configuring SNMPv 3 Users 3-41

Configuring Remote SN MPv 3 Users 3-43

Configuring SNMPv 3 Groups 3-45

Setting SNMPv3 Views 3-48

User Authenticatio n 3-50

Configuring User Accounts 3-50
Configuring Local/Remote Logon Authentication 3-51
Configuring HTTPS 3-54

Replacing the Defau lt Secure-s ite Cert ific at e 3-56
Configuring the Secure S hell 3-56

Configuring the SSH settings 3-58

Generating the Host Key Pair 3-59

Generating the User Public Key Pair 3-61
Configuring Port Security 3-63
Configuring 8 02.1X Port Authentication 3-64

Displaying 802.1X Global Settings 3-66

Configuring 802.1X Global Settings 3-66

Configuring Port Settings for 802.1X 3-67

Displaying 802.1X Statistics 3-70

Access Control Lists 3-72

Configuring Access Control Lists 3-72

Setting the ACL Name and Type 3-72

Configuring a Standard IP ACL 3-73

iv

Contents

Configuring an Exte nde d IP ACL 3-74
Configuring a MAC ACL 3-77

Binding a Port to an Access Control List 3-78
Filtering Management Access 3-79
Port Configuration 3-81

Displaying Connection Status 3-81

Configuring Interface Connections 3-83

Creating Trunk Groups 3-85

Statically Configuring a Trunk 3-86
Enabling LACP on Selected Ports 3-88
Configuring LACP Param ete rs 3-89
Displaying LACP Port Counters 3-91
Displaying LACP S ettings and Status for the Local Side 3-92

Displaying LACP Settings and Status for the Remote Side 3-94
Setting Broadcast Storm Thresholds 3-96
Configuring Port Mirroring 3-97
Configuring Rate Limits 3-98

Rate Limit Configuration 3-98
Showing Port Statistics 3-99

Power ov er Ethernet Set tings 3-104

Switch Power Status 3-105
Setting a Switch Power Budget 3-106
Displaying Port Power Status 3-106
Configuring Port PoE Power 3-107

Address Table Settings 3-108

Setting Static Addresses 3-108
Displaying the Address Table 3-109
Changing the Aging Time 3-110

Spanning Tree Algorithm Configuration 3-111

Displaying Global Settings 3-112
Configuring Global Settings 3-114
Displaying Interface Settings 3-118
Configuring Interface Settings 3-121

VLAN Configuration 3-123

Overview 3-123

Assigning Ports to VLANs 3-123

Forwarding Tagged/Untagged Frames 3-125
Displaying Basic VLAN Information 3-126
Displaying Current VLANs 3-126
Creating VLANs 3-128
Adding Static Members to VLANs (VLAN Index) 3-129
Adding Static Members to VLANs (Port Index) 3-131
Configuring V LAN Behavior f or Interfaces 3-132
Configuring Private VLANs 3-133

Displaying Current Private VLANs 3-134

v

Contents

Configuring Private VLANs 3-135
Associating VLANs 3-136
Displaying Private VLAN Interface Information 3-136
Configuring Private VLAN Interfaces 3-137

Configuring Protocol VLANs 3-139

Configuring Protoco l VLAN Basic Setting s 3-139
Configuring Protoco l VLAN System 3-140

LLDP 3-140

Configuring Basic LLDP Time Information 3-140
Configuring LLDP Port and Trunk Information 3-141
Displaying LLDP Local and Remote Device Inform ation 3-143

Class of Service Configuration 3-145

Setting the Default Priority for Interfaces 3-146
Mapping CoS Values to Egress Queues 3-147
Enabling CoS 3-149
Selecting the Queue Mode 3-149
Setting the Service Weight for Traffic Classes 3-150
Mapping Layer 3/4 Priorities to CoS Values 3-151
Selecting IP DSCP Priority 3-151
Mapping DSCP Priority 3-152

Quality of Service 3-153

Configuring Quality of Service Parameters 3-154
Configuring a Class Map 3-154
Creating QoS Policies 3-157
Attaching a Policy Map to Ingress Queues 3-160

Multicast Filtering 3-161

IGMP Protocol 3-161
Layer 2 IGMP (Snooping and Query) 3-162

Configuring IGMP Snooping and Query Parameters 3-162
Displaying Interfaces Attached to a Multicast Router 3-164
Specifying Static Interfaces for a Multicast Router 3-165
Displaying Port Members of Multicast Services 3-166
Assigning Ports to Multicast Services 3-167

Multicast VLAN Registration 3-168

Configuring Global MVR Settings 3-169
Displaying MVR Interface Status 3-170
Displaying Port Members of Multicast Groups 3-171
Configuring MVR Interface Status 3-172
Assigning Static Multicast Gro ups to Interfac es 3-174

DHCP Snooping 3-175

DHCP Snooping Configuration 3-176
DHCP Snooping VLAN Configuration 3-176
DHCP Snooping Information Option Configuration 3-177
DHCP Snooping Port Configuration 3-178
DHCP Snooping Binding Information 3-179

vi

Contents

IP Source Guard 3-180

IP Source Guard Port Configuration 3-180
Static IP Source Guard Binding Configuration 3-181
Dynamic IP Source Guard Binding Information 3-182

Switch Clustering 3-183

Cluster Configurati on 3-184
Cluster Member Configuration 3-185
Cluster Member Informati on 3-185
Cluster Candidate Info rma tion 3-186

UPnP 3-187

UPnP Configuration 3-188

Chapter 4: Command Line Interf ace 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-1

Entering Commands 4-3

Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3

Showing Commands 4-3
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-5
Exec Commands 4-6
Configuration Commands 4-6
Command Line Processing 4-7

Command Groups 4-8
Line Commands 4-9

line 4-10
login 4-11
password 4-12
timeout login response 4-13
exec-timeout 4-13
password-thresh 4-14
silent-time 4-15
databits 4-15
parity 4-16
speed 4-16
stopbits 4-17
disconnect 4-17

vii

Contents

show line 4-18

General Commands 4-19

enable 4-19
disable 4-20
configure 4-20
show history 4-21
reload 4-21
end 4-22
exit 4-22
quit 4-23

System Management Commands 4-23

Device Designation Commands 4-24

prompt 4-24
hostname 4-25

User Access Commands 4-25

username 4-25
enable password 4-26

IP Filter Commands 4-27

management 4-27
show management 4-28

Web Server Commands 4-29

ip http port 4-29
ip http server 4-30
ip http secure-server 4-30
ip http secure-port 4-31

Telnet Server Commands 4-32

ip telnet server 4-32
ip telnet server port 4-32

Secure Shell Commands 4-33

ip ssh server 4-35
ip ssh timeout 4-36
ip ssh authentication-retries 4-37
ip ssh server-key size 4-37
delete public-k ey 4-38
ip ssh crypto host-key generate 4-38
ip ssh crypto zeroize 4-39
ip ssh save host-key 4-39
show ip ssh 4-40
show ssh 4-40
show public-key 4-41

Event Logging Commands 4-43

logging on 4-43
logging history 4-44
logging host 4-45
logging facility 4-45

viii

Contents

logging trap 4-46

clear logging 4-46

show logging 4-47

show log 4-48
SMTP Alert Commands 4-49

logging sendmail host 4-49

logging sendmail level 4-50

logging sendmail source-email 4-51

logging sendmail destination-email 4-51

logging sendmail 4-52

show logging sendmail 4-52
Time Commands 4-53

sntp client 4-53

sntp server 4-54

sntp poll 4-55

show sntp 4-55

clock timezone 4-56

calendar set 4-56

show calendar 4-57
System Status Commands 4-57

show startup-config 4-57

show running-config 4-59

show system 4-60

show users 4-61

show version 4-62
Frame Size Commands 4-63

jumbo frame 4-63

Flash/File Commands 4-64

copy 4-64
delete 4-67
dir 4-67
whichboot 4-68
boot system 4-69

Authent ication C ommands 4-70

Authentication Sequence 4-70

authentication login 4-70

authentication enable 4-71
RADIUS Client 4-72

radius-ser ver host 4-72

radius-server port 4-73

radius-ser ver ke y 4-74

radius-server retransmit 4-74

radius-server tim eo ut 4-75

show radi us-server 4-75
TACACS+ Client 4-76

ix

Contents

tacacs-server host 4-76
tacacs-server port 4-76
tacacs-server key 4-77
show tacacs-server 4-77

Port Security Commands 4-78

port security 4-78

802.1X Port Authentication 4-80
dot1x system-auth-control 4-80
dot1x default 4-81
dot1x max-req 4-81
dot1x port-control 4-81
dot1x operation-mode 4-82
dot1x re-authenticate 4-83
dot1x re-authentication 4-83
dot1x timeout quiet-period 4-83
dot1x timeout re-authperiod 4-84
dot1x timeout tx-period 4-84
show dot1x 4-85

Access Control List Commands 4-88

IP ACLs 4-89

access-list ip 4-89
permit, deny (Standard ACL) 4-90
permit, deny (Extended ACL) 4-91
show ip access-list 4-92
ip access-group 4-92
show ip access-group 4-93
map access-list ip 4-93
show map access-list i p 4-94

ACL Information 4-95

show access-list 4-95
show access-group 4-95

SNMP Commands 4-96

snmp-server 4-96
show snmp 4-97
snmp-server community 4-98
snmp-server contact 4-99
snmp-server location 4-99
snmp-server host 4-100
snmp-server enable traps 4-102
snmp-server engine-id 4-103
show snmp engine-id 4-104
snmp-server view 4-105
show snmp view 4-105
snmp-server group 4-106
show snmp group 4-107

x

Contents

snmp-server user 4-109
show snmp user 4-110

Interface Commands 4-111

interface 4-111
description 4-112
speed-duplex 4-112
negotiation 4-113
capabilities 4-114
flowcontrol 4-115
shutdown 4-116
clear counters 4-116
show interfaces status 4-117
show interfaces counters 4-118
show interfaces switchport 4-119

Broadcast Commands 4-121

broadcast packet-rate 4-121
switchport broadcast 4-121

Mirror Port Commands 4-122

port monitor 4-122
show port monitor 4-123

Rate Limit Commands 4-124

rate-limit 4-124

Link Aggregation Commands 4-125

channel-group 4-126
lacp 4-127
lacp system-priority 4-128
lacp admin-key (Ethernet Interface) 4-129
lacp admin-key (Port Channel) 4-130
lacp port-priority 4-131
show lacp 4-131

Address T able Commands 4-135

mac-ad dress-t able static 4-135
clear mac-addre ss- tab le dyn am ic 4-136
show mac-address-table 4-137
mac-address-table aging-time 4-138
show mac-address-table aging-time 4-138

Spanning Tree Commands 4-139

spanning-tree 4-139
spanning-tree mode 4-140
spanning-tree forward-time 4-141
spanning-tree hello-time 4-142
spanning-tree max-age 4-142
spanning-tree priority 4-143
spanning-tree pathcost method 4-144
spanning-tree transmission-limit 4-144

xi

Contents

spanning-tree spanning-disabled 4-145
spanning-tree cost 4-145
spanning-tree port-priority 4-146
spanning-tree edge-port 4-147
spanning-tree portfast 4-148
spanning-tree link-type 4-148
spanning-tree protocol-migration 4-149
show spanning-tree 4-150

VLAN Commands 4-152

Editing VLAN Groups 4-152

vlan database 4-152
vlan 4-153

Configuring VLAN Interfaces 4-154

interface vlan 4-154
switchport mode 4-155
switchport acceptable-frame-types 4-155
switchpo rt ingress-filtering 4-156
switchpo rt native vlan 4-157
switchpo rt allowed vlan 4-157
switchpo rt forbidden vlan 4-158

Displaying VLAN Information 4-159

show vlan 4-159

Configuring Private VLANs 4-160

private-vlan 4-161
private vlan association 4-162
switchpo rt mode private-vlan 4-162
switchport private-vlan host-association 4-163
switchport private-vlan mapping 4-164
show vlan private-vlan 4-164

GVRP and Bridge Extension Commands 4-165

bridge-ext gvrp 4-165
show bridge-ext 4-166
switchport gvrp 4-166
show gv rp configurati on 4-167
garp timer 4-167
show garp timer 4-168

Priority Comman ds 4 -16 9

Priority Commands (Layer 2) 4-170

queue mode 4-170
switchport priority default 4-171
queue bandwidth 4-172
queue cos-map 4-172
show queue mode 4-173
show queue bandwidth 4-174
show queue cos-map 4-174

xii

Contents

Priority Commands (Layer 3 and 4) 4-175

map ip dscp (Global Configuration) 4-175
map ip dscp (Interface Configuration) 4-176
show map ip dscp 4-177

Multicast Filtering Comm ands 4-178

IGMP Snooping Commands 4-178

ip igmp snooping 4-178
ip igmp snooping vlan static 4-179
ip igmp snooping version 4-179
ip igmp snooping immediate-leave 4-180
show ip igmp snooping 4-180
show mac-address-table multicas t 4-181

IGMP Query Commands (Layer 2) 4-182

ip igmp snooping querier 4-182
ip igmp snooping query-count 4-182
ip igmp snooping query-interval 4-183
ip igmp snooping query-max-response-time 4-184
ip igmp snooping router-port-expire-time 4-185

Static Multicast Routing Commands 4-185

ip igmp snooping vlan mrouter 4-185
show ip igmp snoopi ng mrouter 4-186

IGMP Filtering and Throttling Commands 4-187

ip igmp filter (Global Configuration) 4-187
ip igmp profile 4-188
permit, deny 4-189
range 4-189
ip igmp filter (Interface Configuration) 4-190
ip igmp max-groups 4-191
ip igmp max-groups action 4-191
show ip igmp filter 4-192
show ip igmp profile 4-193
show ip igmp thrott le inter face 4-193

Multicast VLAN Registration Commands 4-194

mvr (Global Configuration) 4-194
mvr (Interface Configuration) 4-195
show mvr 4-197

LLDP 4-199

lldp transmit-interval 4-201
lldp transmit-delay 4-201
lldp transmit-hold 4-202
lldp reinit-delay 4-202
lldp notification-int erval 4-203
lldp 4-204
lldp basic-tlv management-address 4-204
lldp basic-tlv description 4-205

xiii

Contents

lldp basic-tlv system-capabilities 4-206
lldp basic-tlv system-description 4-206
lldp basic-tlv system-name 4-207
lldp notificat ion 4-207
lldp dot1-tlv port-vlan-id 4-208
lldp dot1-tlv port-protocol-vlan-id 4-209
lldp dot1-tlv vlan-name 4-209
lldp dot1-tlv protocol-identity 4-210
lldp dot3-tlv mac-phy 4-210
lldp dot3-tlv link-aggregation 4-211
lldp dot3-tlv power-via-mdi 4-211
lldp dot3-tlv maximum- frame-size 4-212
show lldp config 4-212
show lldp info local-device 4-213
show lldp info remote-device 4-214
show lldp info statistics 4-215

UPnP 4-216

UPnP Configuration 4-216

upnp device 4-217
upnp device ttl 4-217
upnp device advertise duration 4-218
show upnp 4-218

IP Interface Commands 4-219

Basic IP Configuration 4-219

ip address 4-219
ip dhcp restart 4-220
ip default-gateway 4-221
show ip interfac e 4-222
show ip redir ects 4-222
ping 4-222

IP Source Guard Commands 4-223

ip source-guard 4-224
ip source-guard binding 4-225
show ip source-gua rd 4-227
show ip source-guard binding 4-227

DHCP Snooping Commands 4-227

ip dhcp snooping 4-228
ip dhcp snooping vl an 4-230
ip dhcp snooping trust 4-230
ip dhcp snooping verify mac-address 4-231
ip dhcp snooping information option 4-232
ip dhcp snooping information policy 4-233
ip dhcp snooping database flash 4-233
show ip dhcp snooping 4-234
show ip dhcp snooping binding 4-234

xiv

Contents

Switch Cluster Commands 4-235

cluster 4-235
cluster commander 4-236
cluster ip-pool 4-236
cluster member 4-237
rcommand 4-238
show cluster 4-238
show clust er members 4-23 9
show cluster candidates 4-239

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A-2
Standards A-2
Management Info rma t io n Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xv

Contents

xvi

Tables

Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-5
Table 3-1 Configuration Options 3-2
Table 3-2 Main Menu 3-3
Table 3-3 Logging Levels 3-27
Table 3-4 SNMPv3 Security Models and Levels 3-35
Table 3-5 Supported Notification Messages 3-45
Table 3-6 HTTPS Support 3-55
Table 3-7 802.1X Statistics 3-70
Table 3-8 LACP Port Counter Information 3-91
Table 3-9 LACP Settings 3-92
Table 3-10 LACP Remote Side Settings 3-94
Table 3-11 Port Statistics 3-100
Table 3-12 Egress Queue Priority Mapping 3-147
Table 3-13 CoS Priority Levels 3-147
Table 3-14 Mapping DSCP Priority 3-152
Table 4-1. Command Modes 4-5
Table 4-2. Configuration Commands 4-7
Table 4-3. Keystroke Commands 4-7
Table 4-4. Command Group Index 4-8
Table 4-5. Line Command Syntax 4-9
Table 4-6. General Commands 4-19
Table 4-7. System Management Commands 4-23
Table 4-8. Device Designation Commands 4-24
Table 4-9. User Access Commands 4-25
Table 4-10. Default Login Settings 4-26
Table 4-11. IP Filter Commands 4-27
Table 4-12. Web Server Command 4-29
Table 4-13. HTTPS System Support 4-31
Table 4-14. Telnet Server Commands 4-32
Table 4-15. Secure Shell Commands 4-33
Table 4-16. show ssh - display description 4-41
Table 4-17. Event Logging Commands 4-43
Table 4-18. Logging Levels 4-44
Table 4-19. show logging flash/ram - display description 4-48
Table 4-20. show logging trap - display description 4-48
Table 4-21. SMTP Alert Commands 4-49
Table 4-22. Time Commands 4-53
Table 4-23. System Status Commands 4-57
Table 4-24. Frame Size Commands 4-63
Table 4-25. Flash/File Commands 4-64
Table 4-26. File Directory Information 4-68

xvii

Tables

Table 4-27. Authentication Commands 4-70
Table 4-28. Authentication Sequence 4-70
Table 4-29. RADIUS Client Commands 4-72
Table 4-30. TACACS+ Client Commands 4-76
Table 4-31. Port Security Commands 4-78
Table 4-32. 802.1X Port Authentication Commands 4-80
Table 4-33. Access Control List Commands 4-88
Table 4-34. IP ACL Commands 4-89
Table 4-35. Egress Queue Priority Mapping 4-94
Table 4-36. ACL Information 4-95
Table 4-37. SNMP Commands 4-96
Table 4-38. show snmp engine-id - display description 4-104
Table 4-39. show snmp view - display description 4-106
Table 4-40. show snmp group - display description 4-108
Table 4-41. show snmp user - display description 4-110
Table 4-42. Interface Commands 4-111
Table 4-43. show interfaces switchport - display description 4-120
Table 4-44. Broadcast Commands 4-121
Table 4-45. Mirror Port Commands 4-122
Table 4-46. Rate Limit Commands 4-124
Table 4-47. Link Aggregation Commands 4-125
Table 4-48. show lacp counters - display description 4-132
Table 4-49. show lacp internal - display description 4-133
Table 4-50. show lacp neighbors - display description 4-134
Table 4-52. Address Table Commands 4-135
Table 4-51. show lacp sysid - display description 4-135
Table 4-53. Spanning Tree Commands 4-139
Table 4-54. VLAN Commands 4-152
Table 4-55. Editing VLAN Groups 4-152
Table 4-56. Configuring VLAN Interfaces 4-154
Table 4-57. Displaying VLAN Information 4-159
Table 4-58. Private VLAN Commands 4-160
Table 4-59. GVRP and Bridge Extension Commands 4-165
Table 4-60. Priority Commands 4-169
Table 4-61. Priority Commands (Layer 2) 4-170
Table 4-62. Default CoS Priority Levels 4-173
Table 4-63. Priority Commands (Layer 3 and 4) 4-175
Table 4-64. Mapping IP DSCP to CoS Values 4-176
Table 4-65. Multicast Filtering Commands 4-178
Table 4-66. IGMP Snooping Commands 4-178
Table 4-67. IGMP Query Commands (Layer 2) 4-182
Table 4-68. Static Multicast Routing Commands 4-185
Table 4-69. IGMP Filtering and Throttling Commands 4-187
Table 4-70. Multicast VLAN Registration Commands 4-194
Table 4-71. show mvr - display description 4-198

xii

Tables

Table 4-72. show mvr interface - display description 4-198
Table 4-73. show mvr members - display description 4-199
Table 4-74. LLDP Commands 4-199
Table 4-75. UPnP Commands 4-216
Table 4-76. IP Interface Commands 4-219
Table 4-77. IP Source Guard Commands 4-224
Table 4-78. DHCP Snooping Commands 4-227
Table 4-79. Switch Cluster Commands 4-235
Table 2-1. Troubleshooting Chart B-1

xii

Figures

Figure 3-1. Homepage 3-2
Figure 3-2. Panel Display 3-3
Figure 3-3. System Information 3-10
Figure 3-4. Switch Information 3-12
Figure 3-5. Bridge Extension Configuration 3-13
Figure 3-6. Manual IP Configuration 3-15
Figure 3-7. DHCP IP Configuration 3-16
Figure 3-8. Enabling Jumbo Frames 3-17
Figure 3-9. Copy Firmware 3-19
Figure 3-10. Setting the Startup Code 3-19
Figure 3-11. Deleting Files 3-19
Figure 3-12. Downlo ading Configuration Settings for Startup 3-21
Figure 3-13. Setting the Startup Configuration Settings 3-21
Figure 3-14. Console Port Setting 3-23
Figure 3-15. Enabling Telnet 3-25
Figure 3-16. Displaying Logs 3-27
Figure 3-17. System Logs 3-28
Figure 3-18. Remote Logs 3-29
Figure 3-19. Enabling and Configuring SMTP 3-31
Figure 3-20. Resetting the System 3-32
Figure 3-21. SNTP Configuration 3-33
Figure 3-22. Setting the Time Zone 3-34
Figure 3-23. Enabling the SNMP Agent 3-36
Figure 3-24. Configuring SNMP Community Strings 3-37
Figure 3-25. Configuring SNMP Trap Managers 3-39
Figure 3-26. Setting an Engine ID 3-40
Figure 3-27. Setting an Engine ID 3-41
Figure 3-28. Configuring SNMPv3 Users 3-42
Figure 3-29. Configuring Remote SNMPv3 Users 3-44
Figure 3-30. Configuring SNMPv3 Groups 3-47
Figure 3-31. Configuring SNMPv3 Views 3-49
Figure 3-32. Access Levels 3-51
Figure 3-33. Authentication Settings 3-53
Figure 3-34. HTTPS Settings 3-55
Figure 3-35. SSH Server Settings 3-59
Figure 3-36. SSH Host-Key Settings 3-60
Figure 3-37. SSH User Public-Key Settings 3-62
Figure 3-38. Configuring Port Security 3-64
Figure 3-39. 802.1X Global Information 3-66
Figure 3-40. 802.1X Global Configuration 3-67
Figure 3-41. 802.1X Port Configuration 3-68
Figure 3-42. Displaying 802.1X Port Statistics 3-71

xx

Figures

Figure 3-43. Naming and Choosing ACLs 3-73
Figure 3-44. Configuring Standard IP ACLs 3-74
Figure 3-45. Configuring Extended IP ACLs 3-76
Figure 3-46. Configuring MAC ACLs 3-78
Figure 3-47. Mapping ACLs to Port Ingress Queues 3-79
Figure 3-48. Filtering Management Access 3-8 0
Figure 3-49. Port Status Information 3-81
Figure 3-50. Configuring Port Attributes 3-84
Figure 3-51. Static Trunk Configuration 3-87
Figure 3-52. LACP Port Configuration 3-88
Figure 3-53. LACP Aggregation Port Configuration 3-90
Figure 3-54. Displaying LACP Port Counters Information 3-92
Figure 3-55. Displaying LACP Port Information 3-93
Figure 3-56. Displaying Remote LACP Port Information 3-95
Figure 3-57. Enabling Port Broadcast Control 3-96
Figure 3-58. Configuring a Mirror Port 3-98
Figure 3-59. Configuring Input Port Rate Limiting 3-99
Figure 3-60. Displaying Port Statistics 3-102
Figure 3-61. Displaying Etherlike and RMON Statistics 3-103
Figure 3-62 Displaying the Global PoE Status 3-105
Figure 3-63 Setting the Switch Power Budget 3-106
Figure 3-64 Displaying Port PoE Status 3-107
Figure 3-65 Configuring Port PoE Power 3-108
Figure 3-66. Mapping Ports to Static Addresses 3-109
Figure 3-67. Displaying the MAC Dynamic Address Table 3-110
Figure 3-68. Setting the Aging Time 3-111
Figure 3-69. Displaying the Spanning Tree Algorithm 3-114
Figure 3-70. Configuring the Spanning Tree Algorithm 3-117
Figure 3-71. Displaying STA - Port Status Information 3-120
Figure 3-72. Configuring Spanning Tree Algorithm per Port 3-122
Figure 3-73. Displaying Basic VLAN Information 3-126
Figure 3-74. Displaying VLAN Information by Port Membership 3-127
Figure 3-75. Creating Virtual LANs 3-129
Figure 3-76. Configuring VLAN Port Attributes 3-130
Figure 3-77. Assigning VLAN Port and Trunk Groups 3-131
Figure 3-78. Configuring VLAN Ports 3-133
Figure 3-79. Private VLAN Information 3-134
Figure 3-80. Private VLAN Configuration 3-135
Figure 3-81. Private VLAN Association 3-136
Figure 3-82. Private VLAN Port Information 3-137
Figure 3-83. Private VLAN Port Configuration 3-138
Figure 3-84. Protocol VLAN Configuration 3-139
Figure 3-85. Protocol VLAN Port Configuration 3-140
Figure 3-86. LLDP Configuration 3-141
Figure 3-87. LLDP Port Configuration 3-142

xxi

Figures

Figure 3-88. LLDP Local Device Information 3-143
Figure 3-89. LLDP Remote Device Information 3-143
Figure 3-90. Port Priority Configuration 3-146
Figure 3-91. Config uring Cl ass of Ser v ice 3-148
Figure 3-92. Enable Traffic Classes 3-149
Figure 3-93. Setting the Queue Mode 3-149
Figure 3-94. Configuring Queue Scheduling 3-150
Figure 3-95. IP DSCP Priority Status 3-151
Figure 3-96. Mapping IP DSCP Priority to Class of Service Values 3-152
Figure 3-97. Configuring Class Maps 3-156
Figure 3-98. Configuring Policy Maps 3-159
Figure 3-99. Service Policy Settings 3-160
Figure 3-100. Configuring Internet Group Management Protocol 3-164
Figure 3-101. Mapping Multicast Switch Ports to VLANs 3-165
Figure 3-102. Static Multicast Router Port Configuration 3-166
Figure 3-103. Displaying Port Members of Multicast Services 3-167
Figure 3-104. Specifying Multicast Port Membership 3-168
Figure 3-105. MVR Global Configuration 3-170
Figure 3-106. MVR Port Information 3-171
Figure 3-107. MVR Group IP Information 3-172
Figure 3-108. MVR Port Configuration 3-173
Figure 3-109. MVR Group Member Configuration 3-174
Figure 3-110. DHCP Snooping Configuration 3-176
Figure 3-111. DHCP Snooping VLAN Configuration 3-177
Figure 3-112. DHCP Snooping Information Option Configuration 3-178
Figure 3-113. DHCP Snooping Port Configuration 3-178
Figure 3-114. DHCP Snooping Binding Information 3-179
Figure 3-115. IP Source Guard Port Configuration 3-180
Figure 3-116. Static IP Source Guard Binding Configuration 3-182
Figure 3-117. Dynamic IP Source Guard Binding Information 3-183
Figure 3-118. Cluster Configuration 3-184
Figure 3-119. Cluster Member Configuration 3-185
Figure 3-120. Cluster Member Information 3-186
Figure 3-121. Cluster Candidate Information 3-186
Figure 3-122. UPnP Configuration 3-188

xxii

Figures

xxiii

Chapter 1: Introduction

This switch provid es a broad range of feat ur es f or Layer 2 switching. It inc lu des a
management agent that allows yo u t o con f ig ur e th e fe at ur es listed in this manua l.
The default config ur at i on can be used for most of t he f eat ures provided by this
switch. However, there are many options that yo u should configure to m aximize the
switch’s performan ce for your particular ne t wor k environment.

Key Features

Table 1-1 Key Features

Feature Description

Configuration Backup
and Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control Lists Supports up to 32 IP
DHCP Client Supported
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input rate limiting per port
Port Mirroring One port mirrored to single analysis port
Port Trunking Supports up to 8 trunks using either static or dynamic trunking (LACP)
Broadcast Storm

Control
Static Address Up to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Backup to TFTP server

Web – HTTPS; Telnet – SSH
SNMP v1/v2c/v3– Community strings
Port – IEEE 802.1X, MAC address filtering

Supported

Store-and-Forward
Switching

Spanning Tree
Protocol

Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private

LLDP Link Layer Discovery Protocol (LLDP) is used to discover basic information

Traffic Prioritization Default port priority, traffic class map, queue scheduling, Differentiated

Supported to ensure wire-speed switching while eliminating bad frames

Supports standard STP and Rapid Spanning Tree Protocol (RSTP)

VLANs

about neighboring devices on the local broadcast domain.

Services Code Po int (DSCP), and TCP/UDP Port

1-1

1

Introduction

Table 1-1 Key Features (Continued)

Feature Description

Multicast Filtering Supports IGMP snooping and query

Description of Software Features

The switch provides a wide range of advanced performance enhancing features.
Flow control elimi nates the loss of packets due t o bot t lenecks caused by port
saturation. Broa dc ast st or m suppression prev ents broadcast traffic storm s from
engulf ing the network. Por t-based and protoc ol-based VLANs, plus support f or
automatic GVRP VLAN registration pr ovi de tr affic security and efficient use of
network bandwi dth. CoS pr i or ity queueing ensur es t he m i ni m um delay for moving
real-time multimedia data across the ne twork. While multi cas t fi lter i ng p rov i des
support for real-tim e network applicati ons. Some of the man agement features are
briefly described below.

Config urat ion Backu p and Re store – You can save the cur ren t con figur at ion se tti ngs
to a file on a TFTP server, and later download th is fil e to res tore th e sw i tch
configuration se tti ngs.

Authentication – This switch authenticates management access via the console
port, T elnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACA CS+).
Port-based authentica tion is also supported via the IEEE 802.1X protocol. This
protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request
a user name and password from the 802.1X client, and then verifies the client’s right
to access the network via an authentication server.

Other authentication options include HTTPS for secure management access via the
web, SSH for secur e m anagement access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering f or S NM P / web/Telnet management access,
and MAC address filtering for port access.

Access Control Lists – ACLs provide packet filteri ng for IP frames (based on
address, protocol, TC P/ U DP po rt num ber or TCP control co de) or any f ra m es
(based on MAC address or Ethernet type). ACLs can by used to impr ove
performance by bl ock i ng unnecessary net work traffic or to implemen t security
controls by restr ic ting access to speci fic ne tw or k resources or pro to col s.

Port Configuration – You can manually configure the speed, duplex mode, and
flow control used on specific ports, or use aut o-negotiation to detect the conne ctio n
settings used by the attached device. Use th e fu ll- duplex mode on por ts whenever
possible to double the throughput of switch connections. Flow control should also be
enabled to control net w or k t ra ffic duri ng periods of congest i on and prevent the los s
of packets when port buffer thre sholds are exceede d. Th e sw i tch supports flow
control based on the IEEE 802.3x standard.

1-2

Description of Software Features

Rate Limiting – This feature co nt ro ls th e m axi m um rate for traffic received on an
interface. Rate limiting is configured on interfaces at the edge of a network to limit
traffic into the network. Packets that exceed the acceptable amount of traffic are
dropped.

Port Mirroring – The switch can unobtrusively m irr or traffic fro m any port to a
monitor port. You can then attach a protocol analyzer or RMO N probe to this port to
perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be com bined into an aggreg at e connection. Trunks can
be manually set up or dynamically configured using IEEE 802.3ad Link Aggregation
Control Protocol (LACP). The additional por ts dramat i call y increase the through put
across any connection, and provide redundancy by taking over the load if a po rt in
the trunk should fail . T he switch supports up to 8 trunks.

Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from
overwhelming the net w or k. W hen enabled on a po rt, the level of broadcas t tra ffic
passing through the por t is rest r ict ed. If br oadcast traffic rises above a pre-defined
threshold, it will be th r ot tle d unt i l the level fa lls back beneath the threshold.

1

Static Addresses – A static address can be assigned to a specific interface on th is
switch. Static addresses are bound to the assigned interface and will not be moved.
When a static address is seen on another interface, the address will be ignored and
will not be written to the address table. Static addresses can be used to provide
network sec ur ity by restricting access for a kn ow n host to a specif ic port.

IEEE 802.1D Bridge – Th e sw it ch supports IEEE 802.1 D tr an spare nt br id gi ng . Th e
address table facilitates data s w itch i ng by learning addres ses, and then filterin g or
forwarding traffic based on this information. The address table su pports up to 8K
addresses.

Store-and-Forward Switching – The switch copies each f ra m e in to its mem o ry
before forwarding them to another port. This ensures that all frames are a standard
Ethernet size and have been verified fo r ac curacy with the cycl ic red undancy check
(CRC). This prevents bad frames from en te ring the network and wasting bandwidth.

To avoid dropping fr am es on congested por ts, th e sw it ch pr ovides 1.5 MB for fram e
buffering. This buffer can queue packets awaiting transmission on congested
networks.

Spanning Tree Protocol – The switc h supports these spanning tre e pr ot ocols:
Spanning Tree Protocol (ST P, IEEE 802.1D) – This proto co l ad ds a lev el of fau lt

tolerance by allowing two or more red undant connections to be created be tween a
pair of LAN segments. When there are multi pl e phy si cal paths between seg m ents,
this protocol will choose a single path and disable all others to ensure that only one
route exists between any two stations on the n et wor k. Thi s pr events the creation of
network loops. How ev er, if the chosen path shoul d f ail for any reason, an alter nat e
path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to about 10% of that required by the

1-3