SMC Networks SMC6128PL2 User Manual

TigerSwitch 10/100

24-Port Fast Ethernet Switch

◆ 24 auto-MDI/MDI-X 10/100BASE-TX ports

◆ 10BASE-T/100BASE-TX ports support PoE capabilities

◆ Two 10/100/1000BASE-T RJ-45 ports

◆ Two Gigabit RJ-45/SFP combination ports

◆ 12.8 Gbps of aggregate bandwidth

◆ Supports IP Clustering

◆ Non-blocking switching architecture

◆ Spanning Tree Protocol, and RSTP

◆ Up to eight LACP or static 8-port trunks

◆ RADIUS and TACACS+ authentication

◆ Rate limiting for bandwidth management

◆ CoS support for four-level priority

◆ Full support for VLANs with GVRP

◆ IP Multicasting with IGMP Snooping

◆ Manageable via console, Web, SNMP/RMON

Management Guide

SMC6128PL2

TigerSwitch 10/100
Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

20 Mason
Irvine, CA 92618
Phone: (949) 679-8000

February 2007

Pub. # 149100032800A

Information furnished by SMC Networks, Inc. (SMC) is believed to be
accurate and reliable. However, no responsibility is assumed by SMC for its
use, nor for any infringements of patents or other rights of third parties
which may result from its use. No license is granted by implication or oth­erwise under any patent or patent rights of SMC. SMC reserves the right to
change specifications at any time without notice.

Copyright © 2006 by

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

All rights reserved. Printed in Taiwan

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC
Networks, Inc. Other product and company names are trademarks or registered trademarks of their
respective holders.

L

IMITED

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be
free from defects in workmanship and materials, under normal use and service, for the
applicable warranty term. All SMC products carry a standard 90-day limited warranty from
the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion,
repair or replace any product not operating as warranted with a similar or functionally
equivalent product, during the applicable warranty term. SMC will endeavor to repair or
replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering
new products within 30 days of purchase from SMC or its Authorized Reseller. Registration
can be accomplished via the enclosed product registration card or online via the SMC web
site. Failure to register will not affect the standard limited warranty. The Limited Lifetime
warranty covers a product during the Life of that Product, which is defined as the period of
time during which the product is an “Active” SMC product. A product is considered to be
“Active” while it is listed on the current SMC price list. As new technologies emerge, older
technologies become obsolete and SMC will, at its discretion, replace an older product in its
product line with one that incorporates these newer technologies. At that point, the obsolete
product is discontinued and is no longer an “Active” SMC product. A list of discontinued
products with their respective dates of discontinuance can be found at:
http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may be
either new or reconditioned. Any replaced or repaired product carries either a 30-day limited
warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible
for any custom software or firmware, configuration information, or memory data of
Customer contained in, stored on, or integrated with any products returned to SMC pursuant
to any warranty. Products returned to SMC should have any customer-installed accessory or
add-on components, such as expansion modules, removed prior to returning the product for
replacement. SMC is not responsible for these items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to returning
any product to SMC. Proof of purchase may be required. Any product returned to SMC
without a valid Return Material Authorization (RMA) number clearly marked on the outside
of the package will be returned to customer at customer’s expense. For warranty claims within
North America, please call our toll-free customer support number at (800) 762-4968.
Customers are responsible for all shipping charges from their facility to SMC. SMC is
responsible for return shipping charges from SMC to customer.

W

ARRANTY

v

L

IMITED WARRANTY

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS
WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN
LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED,
EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE,
INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR
AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER
LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION,
MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE
UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE
ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY
CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER
INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR
ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY
ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT
OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR
INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE
DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR
OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE
SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR
INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED
RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES
OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS
MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL
RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS
WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active
SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans,
and cables are covered by a standard one-year warranty from date of purchase.

vi

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

C

ONTENTS

1
Introduction 1-1

Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Description of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

2
Initial Configuration 2-1

Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Dynamic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Enabling SNMP Management Access . . . . . . . . . . . . . . . . . . . . . 2-9

Community Strings (for SNMP version 1 and 2c clients) . 2-10

Trap Receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Configuring Access for SNMP Version 3 Clients . . . . . . . 2-11

Saving Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13

3
Configuring the Switch 3-1

Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

i

C

ONTENTS

Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

Displaying Switch Hardware/Software Versions . . . . . . . . . . . 3-15

Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . 3-18

Setting the Switch’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . 3-19

Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

Enabling Jumbo Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

Downloading System Software from a Server . . . . . . . . . . 3-25

Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . 3-27

Downloading Configuration Settings from a Server . . . . . 3-29

Console Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31

Telnet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

Configuring Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

Displaying Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

System Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

Remote Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

Simple Mail Transfer Protocol . . . . . . . . . . . . . . . . . . . . . . 3-41

Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44

Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44

Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-47

Setting Community Access Strings . . . . . . . . . . . . . . . . . . . . . . 3-50

Specifying Trap Managers and Trap Types . . . . . . . . . . . . . . . . 3-51

Enabling SNMP Agent Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52

Configuring SNMPv3 Management Access . . . . . . . . . . . . . . . 3-53

Setting the Local Engine ID . . . . . . . . . . . . . . . . . . . . . . . . 3-53

Specifying a Remote Engine ID . . . . . . . . . . . . . . . . . . . . . 3-55

Configuring SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55

Configuring Remote SNMPv3 Users . . . . . . . . . . . . . . . . . . . . 3-57

Configuring SNMPv3 Groups . . . . . . . . . . . . . . . . . . . . . . . . . 3-59

Setting SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63

User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66

Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66

Configuring Local/Remote Logon Authentication . . . . . . . . . 3-68

Configuring HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73

ii

C

ONTENTS

Replacing the Default Secure-site Certificate . . . . . . . . . . . 3-75

Configuring the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77

Configuring the SSH Server . . . . . . . . . . . . . . . . . . . . . . . . 3-80

Generating the Host Key Pair . . . . . . . . . . . . . . . . . . . . . . 3-81

Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84

Configuring 802.1X Port Authentication . . . . . . . . . . . . . . . . . 3-86

Displaying 802.1X Global Settings . . . . . . . . . . . . . . . . . . . 3-88

Configuring 802.1X Global Settings . . . . . . . . . . . . . . . . . 3-89

Configuring Port Settings for 802.1X . . . . . . . . . . . . . . . . 3-90

Displaying 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . . . 3-94

Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96

Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . 3-96

Setting the ACL Name and Type . . . . . . . . . . . . . . . . . . . . 3-97

Configuring a Standard IP ACL . . . . . . . . . . . . . . . . . . . . . 3-98

Configuring an Extended IP ACL . . . . . . . . . . . . . . . . . . 3-100

Configuring a MAC ACL . . . . . . . . . . . . . . . . . . . . . . . . . 3-103

Binding a Port to an Access Control List . . . . . . . . . . . . . . . . 3-104

Filtering IP Addresses for Management Access . . . . . . . . . . . 3-106

Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108

Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . 3-108

Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . 3-111

Creating Trunk Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114

Statically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . 3-115

Enabling LACP on Selected Ports . . . . . . . . . . . . . . . . . . 3-117

Configuring LACP Parameters . . . . . . . . . . . . . . . . . . . . . 3-119

Displaying LACP Port Counters . . . . . . . . . . . . . . . . . . . 3-122

Displaying LACP Settings and Status for the Local Side 3-124

Displaying LACP Settings and Status for the Remote Side . . .

3-127

Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . . . . . . . 3-129

Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131

Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132

Rate Limit Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-132

Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134

Power Over Ethernet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139

Switch Power Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140

Setting a Switch Power Budget . . . . . . . . . . . . . . . . . . . . . . . . 3-141

iii

C

ONTENTS

Displaying Port Power Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142

Configuring Port PoE Power . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143

Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145

Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145

Displaying the Address Table . . . . . . . . . . . . . . . . . . . . . . . . . 3-146

Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149

Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . . . . . . . 3-149

Displaying Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151

Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155

Displaying Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160

Configuring Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . 3-164

Configuring Multiple Spanning Trees . . . . . . . . . . . . . . . . . . . 3-167

Displaying Interface Settings for MSTP . . . . . . . . . . . . . . . . . 3-170

Configuring Interface Settings for MSTP . . . . . . . . . . . . . . . . 3-172

VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175

IEEE 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175

Enabling or Disabling GVRP (Global Setting) . . . . . . . 3-179

Displaying Basic VLAN Information . . . . . . . . . . . . . . . 3-180

Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . . . 3-181

Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183

Adding Static Members to VLANs (VLAN Index) . . . . 3-185

Adding Static Members to VLANs (Port Index) . . . . . . 3-188

Configuring VLAN Behavior for Interfaces . . . . . . . . . . 3-190

Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-192

Displaying Current Private VLANs . . . . . . . . . . . . . . . . . 3-194

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . 3-196

Associating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197

Displaying Private VLAN Interface Information . . . . . . 3-198

Configuring Private VLAN Interfaces . . . . . . . . . . . . . . . 3-200

Protocol VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203

Protocol VLAN Group Configuration . . . . . . . . . . . . . . 3-203

Configuring Protocol VLAN Interfaces . . . . . . . . . . . . . 3-203

Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204

Layer 2 Queue Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205

Setting the Default Priority for Interfaces . . . . . . . . . . . . 3-205

Mapping CoS Values to Egress Queues . . . . . . . . . . . . . 3-206

Enabling CoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208

iv

C

ONTENTS

Selecting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . 3-209

Setting the Service Weight for Traffic Classes . . . . . . . . . 3-210

Layer 3/4 Priority Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211

Mapping Layer 3/4 Priorities to CoS Values . . . . . . . . . . 3-211

Enabling IP DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . 3-212

Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213

Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215

Configuring Quality of Service Parameters . . . . . . . . . . . . . . 3-216

Configuring a Class Map . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216

Creating QoS Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221

Attaching a Policy Map to Ingress Queues . . . . . . . . . . . 3-225

Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226

Layer 2 IGMP (Snooping and Query) . . . . . . . . . . . . . . . . . . . 3-227

Configuring IGMP Snooping and Query Parameters . . . 3-228

Enabling IGMP Immediate Leave . . . . . . . . . . . . . . . . . . 3-230

Displaying Interfaces Attached to a Multicast Router . . . 3-232

Specifying Static Interfaces for a Multicast Router . . . . . 3-233

Displaying Port Members of Multicast Services . . . . . . . 3-234

Assigning Ports to Multicast Services . . . . . . . . . . . . . . . 3-236

Multicast VLAN Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237

Configuring Global MVR Settings . . . . . . . . . . . . . . . . . . . . . . 3-239

Displaying MVR Interface Status . . . . . . . . . . . . . . . . . . . . . . . 3-240

Displaying Port Members of Multicast Groups . . . . . . . . . . . 3-241

Configuring MVR Interface Status . . . . . . . . . . . . . . . . . . . . . 3-243

Assigning Static Multicast Groups to Interfaces . . . . . . . . . . . 3-245

DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246

DHCP Snooping Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-248

DHCP Snooping VLAN Configuration . . . . . . . . . . . . . . . . . 3-248

DHCP Snooping Information Option Configuration . . . . . . 3-249

DHCP Snooping Port Configuration . . . . . . . . . . . . . . . . . . . 3-251

DHCP Snooping Binding Information . . . . . . . . . . . . . . . . . . 3-252

IP Source Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-253

IP Source Guard Port Configuration . . . . . . . . . . . . . . . . . . . . 3-253

Static IP Source Guard Binding Configuration . . . . . . . . . . . . 3-255

Dynamic IP Source Guard Binding Information . . . . . . . . . . 3-256

Switch Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258

Cluster Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258

v

C

ONTENTS

Cluster Member Configuration . . . . . . . . . . . . . . . . . . . . . . . . 3-260

Cluster Member Information . . . . . . . . . . . . . . . . . . . . . . . . . . 3-261

Cluster Candidate Information . . . . . . . . . . . . . . . . . . . . . . . . 3-262

4
Command Line Interface 4-1

Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Negating the Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-7

Using Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Understanding Command Modes . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

Command Line Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13

Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

timeout login response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20

password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21

silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23

speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

vi

C

ONTENTS

show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26

General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28

configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29

show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33

Device Designation Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-34

prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36

enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

show management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39

Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42

ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42

ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

Telnet Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45

ip telnet port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45

ip telnet server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46

Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46

ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49

ip ssh timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50

ip ssh authentication-retries . . . . . . . . . . . . . . . . . . . . . . . . 4-51

ip ssh server-key size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52

delete public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52

ip ssh crypto host-key generate . . . . . . . . . . . . . . . . . . . . . 4-53

ip ssh crypto zeroize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54

ip ssh save host-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55

vii

C

ONTENTS

show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55

show ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55

show public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57

Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59

logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59

logging history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61

logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63

logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63

logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64

clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65

show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65

show log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67

SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

logging sendmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

logging sendmail level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70

logging sendmail source-email . . . . . . . . . . . . . . . . . . . . . . 4-71

logging sendmail destination-email . . . . . . . . . . . . . . . . . . 4-71

logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72

show logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72

Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74

sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74

sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75

sntp poll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76

show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77

clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77

calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78

show calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79

System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-80

show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-80

show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82

show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84

show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-85

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-85

Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-86

jumbo frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-86

Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87

copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-88

viii

C

ONTENTS

delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92

dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93

whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94

boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95

Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96

Authentication Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97

authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97

authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98

RADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100

radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101

radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102

radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102

radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103

radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103

show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104

TACACS+ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104

tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105

tacacs-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106

tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106

show tacacs-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107

Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107

port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108

802.1X Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110

dot1x system-auth-control . . . . . . . . . . . . . . . . . . . . . . . . 4-111

dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111

dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111

dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112

dot1x operation-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113

dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114

dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114

dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . 4-115

dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . . . . . 4-116

dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116

show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-118

Access Control List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122

IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123

access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124

ix

C

ONTENTS

permit, deny (Standard ACL) . . . . . . . . . . . . . . . . . . . . . 4-125

permit, deny (Extended ACL) . . . . . . . . . . . . . . . . . . . . . 4-126

show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127

ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128

show ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129

MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129

access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130

permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 4-131

show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-133

mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-133

show mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . 4-134

ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135

show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135

show access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136

snmp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137

show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138

snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-139

snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-140

snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-141

snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-141

snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-144

snmp-server engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-145

show snmp engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147

snmp-server view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-148

show snmp view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149

snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150

show snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151

snmp-server user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-153

show snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-155

Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-156

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-156

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-157

speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-158

negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159

capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-160

flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161

x

C

ONTENTS

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163

switchport broadcast packet-rate . . . . . . . . . . . . . . . . . . . . . . . 4-164

clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-164

show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-165

show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-166

show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-168

Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170

port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170

show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-171

Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173

rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173

Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175

channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176

lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-177

lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-179

lacp admin-key (Ethernet Interface) . . . . . . . . . . . . . . . . . . . . 4-180

lacp admin-key (Port Channel) . . . . . . . . . . . . . . . . . . . . . . . . . 4-181

lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-181

show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-182

Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-188

mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-188

clear mac-address-table dynamic . . . . . . . . . . . . . . . . . . . . . . . 4-189

show mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-190

mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . 4-191

show mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . 4-191

Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-193

spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-194

spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-195

spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-197

spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-197

spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198

spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-199

spanning-tree pathcost method . . . . . . . . . . . . . . . . . . . . . . . . 4-200

spanning-tree transmission-limit . . . . . . . . . . . . . . . . . . . . . . . 4-201

spanning-tree mst-configuration . . . . . . . . . . . . . . . . . . . . . . . 4-201

mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202

mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-203

xi

C

ONTENTS

name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-204

revision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-204

max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-205

spanning-tree spanning-disabled . . . . . . . . . . . . . . . . . . . . . . . 4-206

spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-206

spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-207

spanning-tree edge-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-208

spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-209

spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-210

spanning-tree mst cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-211

spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . . . 4-212

spanning-tree protocol-migration . . . . . . . . . . . . . . . . . . . . . . 4-213

show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-214

show spanning-tree mst configuration . . . . . . . . . . . . . . . . . . 4-216

VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-217

GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . 4-217

bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-218

show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-219

switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-219

show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 4-220

garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221

show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222

Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-223

vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-223

vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-224

Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 4-225

interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-225

switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-226

switchport acceptable-frame-types . . . . . . . . . . . . . . . . . 4-227

switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . 4-228

switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-229

switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230

switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . 4-231

Displaying VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . 4-233

show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 4-234

private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-236

xii

C

ONTENTS

private vlan association . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-237

switchport mode private-vlan . . . . . . . . . . . . . . . . . . . . . . 4-238

switchport private-vlan host-association . . . . . . . . . . . . . 4-239

switchport private-vlan isolated . . . . . . . . . . . . . . . . . . . . 4-240

switchport private-vlan mapping . . . . . . . . . . . . . . . . . . . 4-240

show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-241

Configuring Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . 4-243

protocol-vlan protocol-group (Configuring Groups) . . . 4-244
protocol-vlan protocol-group (Configuring Interfaces) . 4-245

show protocol-vlan protocol-group . . . . . . . . . . . . . . . . . 4-246

show interfaces protocol-vlan protocol-group . . . . . . . . 4-246

Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-247

Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-248

queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-248

switchport priority default . . . . . . . . . . . . . . . . . . . . . . . . 4-249

queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-250

queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-251

show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-252

show queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-253

show queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-253

Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . . . . . . 4-254

map ip dscp (Global Configuration) . . . . . . . . . . . . . . . . 4-254

map ip dscp (Interface Configuration) . . . . . . . . . . . . . . . 4-255

show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-256

Quality of Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-257

class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-259

match . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-260

policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-261

class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-262

set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-263

police . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-264

service-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-265

show class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-266

show policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-267

show policy-map interface . . . . . . . . . . . . . . . . . . . . . . . . 4-267

Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-268

IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-269

xiii

C

ONTENTS

ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-270

ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . 4-270

ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . . . . 4-271

ip igmp snooping leave-proxy . . . . . . . . . . . . . . . . . . . . . 4-272

ip igmp snooping immediate-leave . . . . . . . . . . . . . . . . . . 4-272

show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-273

show mac-address-table multicast . . . . . . . . . . . . . . . . . . 4-274

IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-275

ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . 4-275

ip igmp snooping query-count . . . . . . . . . . . . . . . . . . . . . 4-276

ip igmp snooping query-interval . . . . . . . . . . . . . . . . . . . . 4-277

ip igmp snooping query-max-response-time . . . . . . . . . . 4-277

ip igmp snooping router-port-expire-time . . . . . . . . . . . . 4-278

Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-279

ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . 4-279

show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . 4-280

Multicast VLAN Registration Commands . . . . . . . . . . . . . . . 4-282

mvr (Global Configuration) . . . . . . . . . . . . . . . . . . . . . . . 4-283

mvr (Interface Configuration) . . . . . . . . . . . . . . . . . . . . . 4-284

show mvr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-287

IP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-290

ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-290

ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-292

ip dhcp restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-292

show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-293

show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-294

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-294

IP Source Guard Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-296

ip source-guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-296

ip source-guard binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-298

show ip source-guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-300

show ip source-guard binding . . . . . . . . . . . . . . . . . . . . . . . . . 4-300

DHCP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-301

ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-301

ip dhcp snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-304

ip dhcp snooping trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-305

ip dhcp snooping verify mac-address . . . . . . . . . . . . . . . . . . . 4-306

xiv

ip dhcp snooping information option . . . . . . . . . . . . . . . . . . . 4-307

ip dhcp snooping information policy . . . . . . . . . . . . . . . . . . . . 4-307

ip dhcp snooping database flash . . . . . . . . . . . . . . . . . . . . . . . 4-308

show ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-309

show ip dhcp snooping binding . . . . . . . . . . . . . . . . . . . . . . . . 4-309

Switch Cluster Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-310

cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-310

cluster commander . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-311

cluster ip-pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-312

cluster member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-313

rcommand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-313

show cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-314

show cluster members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-314

show cluster candidates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-315

A
Software Specifications A-1

Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-2

Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3

Management Information Bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4

C

ONTENTS

B
Troubleshooting B-1

Problems Accessing the Management Interface . . . . . . . . . . . . . . . . . . B-1

Using System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3

Glossary

Index

xv

T

ABLES

Table 1-1. Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Table 1-2. System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

Table 3-1. Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Table 3-2. Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Table 3-3. Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

Table 3-4 SNMPv3 Security Models and Levels . . . . . . . . . . . . . . . . 3-49

Table 3-5. Supported Notification Messages . . . . . . . . . . . . . . . . . . . 3-60

Table 3-6. HTTPS System Support . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74

Table 3-7. 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94

Table 3-8. LACP Port Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122

Table 3-9. LACP Internal Configuration Information . . . . . . . . . . . 3-124

Table 3-10. LACP Neighbor Configuration Information . . . . . . . . . 3-127

Table 3-11. Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134

Table 3-12. Mapping CoS Values to Egress Queues . . . . . . . . . . . . . 3-207

Table 3-13. CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207

Table 3-14. Mapping DSCP Priority Values . . . . . . . . . . . . . . . . . . . . 3-213

Table 4-1 Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Table 4-2 Configuration Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10

Table 4-3 Command Line Processing . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

Table 4-4 Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13

Table 4-5 Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

Table 4-6 General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

Table 4-7 System Management Commands . . . . . . . . . . . . . . . . . . . . 4-33

Table 4-8 Device Designation Commands . . . . . . . . . . . . . . . . . . . . . 4-34

Table 4-9 User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

Table 4-10 Default Login Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36

Table 4-11 IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

Table 4-12 Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

Table 4-13 HTTPS System Support . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43

Table 4-14 Telnet Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45

Table 4-15 SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47

Table 4-16 show ssh - display description . . . . . . . . . . . . . . . . . . . . . . 4-56

Table 4-17 Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-59

xvi

T

ABLES

Table 4-18 Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61

Table 4-19 show logging flash/ram - display description . . . . . . . . . . 4-66

Table 4-20 show logging trap - display description . . . . . . . . . . . . . . . 4-67

Table 4-21 SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

Table 4-22 Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74

Table 4-23 System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-80

Table 4-24 Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-86

Table 4-25 Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87

Table 4-26 File Directory Information . . . . . . . . . . . . . . . . . . . . . . . . . 4-94

Table B-1 Troubleshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1

xvii

F

IGURES

Figure 3-1. Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Figure 3-2. Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Figure 3-3. System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

Figure 3-4. Switch Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

Figure 3-5. Bridge Extension Configuration . . . . . . . . . . . . . . . . . . . 3-19

Figure 3-6. Manual IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . 3-21

Figure 3-7. DHCP IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

Figure 3-8. Bridge Extension Configuration . . . . . . . . . . . . . . . . . . . 3-24

Figure 3-9. Copy Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

Figure 3-10. Setting the Startup Code . . . . . . . . . . . . . . . . . . . . . . . . . 3-26

Figure 3-11. Deleting Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26

Figure 3-12. Downloading Configuration Settings for Startup . . . . . 3-29

Figure 3-13. Setting the Startup Configuration Settings . . . . . . . . . . . 3-30

Figure 3-14. Console Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33

Figure 3-15. Enabling Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35

Figure 3-16. Displaying Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

Figure 3-17. System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

Figure 3-18. Remote Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40

Figure 3-19. Enabling and Configuring SMTP . . . . . . . . . . . . . . . . . . 3-42

Figure 3-20. Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Figure 3-21. SNTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45

Figure 3-22. Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . 3-46

Figure 3-23. Configuring SNMP Community Strings . . . . . . . . . . . . 3-50

Figure 3-24. Configuring IP Trap Managers . . . . . . . . . . . . . . . . . . . . 3-52

Figure 3-25. Enabling SNMP Agent Status . . . . . . . . . . . . . . . . . . . . 3-53

Figure 3-26. Setting an Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54

Figure 3-27. Setting a Remote Engine ID . . . . . . . . . . . . . . . . . . . . . . 3-55

Figure 3-28. Configuring SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . 3-57

Figure 3-29. Configuring Remote SNMPv3 Users . . . . . . . . . . . . . . . 3-59

Figure 3-30. Configuring SNMPv3 Groups . . . . . . . . . . . . . . . . . . . . 3-63

Figure 3-31. Configuring SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . 3-65

Figure 3-32. Access Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67

Figure 3-33. Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72

xviii

F

IGURES

Figure 3-34. HTTPS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75

Figure 3-35. SSH Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81

Figure 3-36. SSH Host-Key Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83

Figure 3-37. Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . 3-86

Figure 3-38. 802.1X Global Information . . . . . . . . . . . . . . . . . . . . . . 3-88

Figure 3-39. 802.1X Global Configuration . . . . . . . . . . . . . . . . . . . . . 3-89

Figure 3-40. 802.1X Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-91

Figure 3-41. Displaying 802.1X Port Statistics . . . . . . . . . . . . . . . . . . 3-95

Figure 3-42. Selecting ACL Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-98

Figure 3-43. Configuring Standard IP ACLs . . . . . . . . . . . . . . . . . . . 3-99

Figure 3-44. Configuring Extended IP ACLs . . . . . . . . . . . . . . . . . . 3-102

Figure 3-45. Configuring MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . 3-104

Figure 3-46. Configuring ACL Port Binding . . . . . . . . . . . . . . . . . . 3-105

Figure 3-47. Creating an IP Filter List . . . . . . . . . . . . . . . . . . . . . . . . 3-108

Figure 3-48. Displaying Port/Trunk Information . . . . . . . . . . . . . . 3-109

Figure 3-49. Port/Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . 3-113

Figure 3-50. Configuring Static Trunks . . . . . . . . . . . . . . . . . . . . . . . 3-116

Figure 3-51. LACP Trunk Configuration . . . . . . . . . . . . . . . . . . . . . 3-118

Figure 3-52. LACP Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-121

Figure 3-53. LACP - Port Counters Information . . . . . . . . . . . . . . . 3-123

Figure 3-54. LACP - Port Internal Information . . . . . . . . . . . . . . . . 3-126

Figure 3-55. LACP - Port Neighbors Information . . . . . . . . . . . . . . 3-128

Figure 3-56. Port Broadcast Control . . . . . . . . . . . . . . . . . . . . . . . . . 3-130

Figure 3-57. Mirror Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-132

Figure 3-58. Input Rate Limit Port Configuration . . . . . . . . . . . . . . 3-133

Figure 3-59. Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138

Figure 3-60 Displaying the Global PoE Status . . . . . . . . . . . . . . . . 3-141

Figure 3-61 Setting the Switch Power Budget . . . . . . . . . . . . . . . . . 3-142

Figure 3-62 Displaying Port PoE Status . . . . . . . . . . . . . . . . . . . . . 3-143

Figure 3-63 Configuring Port PoE Power . . . . . . . . . . . . . . . . . . . . 3-144

Figure 3-64. Configuring a Static Address Table . . . . . . . . . . . . . . . 3-146

Figure 3-65. Configuring a Dynamic Address Table . . . . . . . . . . . . 3-147

Figure 3-66. Setting the Address Aging Time . . . . . . . . . . . . . . . . . . 3-149

Figure 3-67. Displaying Spanning Tree Information . . . . . . . . . . . . 3-154

Figure 3-68. Configuring Spanning Tree . . . . . . . . . . . . . . . . . . . . . . 3-159

Figure 3-69. Displaying Spanning Tree Port Information . . . . . . . . 3-163

Figure 3-70. Configuring Spanning Tree per Port . . . . . . . . . . . . . . 3-167

xix

F

IGURES

Figure 3-71. Configuring Multiple Spanning Trees . . . . . . . . . . . . . 3-169

Figure 3-72. Displaying MSTP Interface Settings . . . . . . . . . . . . . . 3-171

Figure 3-73. Displaying MSTP Interface Settings . . . . . . . . . . . . . . 3-174

Figure 3-74. Globally Enabling GVRP . . . . . . . . . . . . . . . . . . . . . . . 3-180

Figure 3-75. Displaying Basic VLAN Information . . . . . . . . . . . . . 3-181

Figure 3-76. Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . 3-182

Figure 3-77. Configuring a VLAN Static List . . . . . . . . . . . . . . . . . . 3-184

Figure 3-78. Configuring a VLAN Static Table . . . . . . . . . . . . . . . . 3-187

Figure 3-79. VLAN Static Membership by Port . . . . . . . . . . . . . . . . 3-188

Figure 3-80. Configuring VLANs per Port . . . . . . . . . . . . . . . . . . . . 3-192

Figure 3-81. Private VLAN Information . . . . . . . . . . . . . . . . . . . . . 3-195

Figure 3-82. Private VLAN Configuration . . . . . . . . . . . . . . . . . . . . 3-197

Figure 3-83. Private VLAN Association . . . . . . . . . . . . . . . . . . . . . . 3-198

Figure 3-84. Private VLAN Port Information . . . . . . . . . . . . . . . . . 3-199

Figure 3-85. Private VLAN Port Configuration . . . . . . . . . . . . . . . . 3-202

Figure 3-86. Protocol VLAN Configuration . . . . . . . . . . . . . . . . . . 3-203

Figure 3-87. Protocol VLAN Port Configuration . . . . . . . . . . . . . . 3-204

Figure 3-88. Port Priority Configuration . . . . . . . . . . . . . . . . . . . . . . 3-206

Figure 3-89. Traffic Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208

Figure 3-90. Enable Traffic Classes . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209

Figure 3-91. Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210

Figure 3-92. Configuring Queue Scheduling . . . . . . . . . . . . . . . . . . 3-211

Figure 3-93. IP DSCP Priority Status . . . . . . . . . . . . . . . . . . . . . . . . 3-212

Figure 3-94. Mapping IP DSCP Priority Values . . . . . . . . . . . . . . . . 3-214

Figure 3-95. Configuring Class Maps . . . . . . . . . . . . . . . . . . . . . . . . 3-219

Figure 3-96. Configuring Policy Maps . . . . . . . . . . . . . . . . . . . . . . . 3-224

Figure 3-97. Service Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226

Figure 3-98. IGMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230

Figure 3-99. IGMP Immediate Leave . . . . . . . . . . . . . . . . . . . . . . . . 3-231

Figure 3-100. Displaying Multicast Router Port Information . . . . . . 3-232

Figure 3-101. Static Multicast Router Port Configuration . . . . . . . . . 3-234

Figure 3-102. IP Multicast Registration Table . . . . . . . . . . . . . . . . . . 3-235

Figure 3-103. IGMP Member Port Table . . . . . . . . . . . . . . . . . . . . . . 3-237

Figure 3-104. MVR Global Configuration . . . . . . . . . . . . . . . . . . . . . 3-240

Figure 3-105. MVR Port Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-241

Figure 3-106. MVR Group IP Information . . . . . . . . . . . . . . . . . . . . 3-242

Figure 3-107. MVR Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-244

xx

F

IGURES

Figure 3-108. MVR Group Member Configuration . . . . . . . . . . . . . . 3-246

Figure 3-109. DHCP Snooping Configuration . . . . . . . . . . . . . . . . . . 3-248

Figure 3-110. DHCP Snooping VLAN Configuration . . . . . . . . . . . 3-249

Figure 3-111. DHCP Snooping Information Option Configuration . 3-250

Figure 3-112. DHCP Snooping Port Configuration . . . . . . . . . . . . . . 3-251

Figure 3-113. DHCP Snooping Binding Information . . . . . . . . . . . . 3-252

Figure 3-114. IP Source Guard Port Configuration . . . . . . . . . . . . . . 3-254

Figure 3-115. Static IP Source Guard Binding Configuration . . . . . . 3-256

Figure 3-116. Dynamic IP Source Guard Binding Information . . . . 3-257

Figure 3-117. Cluster Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259

Figure 3-118. Cluster Member Configuration . . . . . . . . . . . . . . . . . . . 3-260

Figure 3-119. Cluster Member Information . . . . . . . . . . . . . . . . . . . . 3-261

Figure 3-120. Cluster Candidate Information . . . . . . . . . . . . . . . . . . . 3-262

xxi

F

IGURES

xxii

C

HAPTER

I

NTRODUCTION

This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.

The 24 10/100 Mbps ports on the SMC6128PL2 also support the
IEEE 802.3af Power-over-Ethernet (PoE) standard that enables DC
power to be supplied to attached devices over the connecting Ethernet
cable.

Key Features

Table 1-1. Key Features

Feature Description

a

Power over Ethernet

Configuration Backup
and Restore

Authentication Console, Telnet, web – User name / password, RADIUS,

Access Control Lists Supports IP and MAC ACLs, 100 rules per system

Powers attached devices using IEEE 802.3af Power over
Ethernet (PoE)

Backup to TFTP server

TACACS+
Web – HTTPS
Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering

1

1-1

I

NTRODUCTION

Table 1-1. Key Features

Feature Description

DHCP Client Supported

DHCP Snooping Supported with Option 82 relay information

Port Configuration Speed, duplex mode and flow control

Rate Limiting Input rate limiting per port

Port Mirroring One port mirrored to a single analysis port

Port Trunking Supports up to 8 trunks using either static or dynamic

trunking (LACP)

Broadcast Storm
Control

Static Address Up to 8K MAC addresses in the forwarding table

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward
Switching

Spanning Tree
Algorithm

Virtual LANs Up to 255 using IEEE 802.1Q, port-based, or private

Traffic Prioritization Default port priority, traffic class map, queue scheduling,

Qualify of Service Supports Differentiated Services (DiffServ)

Multicast Filtering Supports IGMP snooping and query, as well as Multicast

Switch Clustering Supports up to 36 Member switches in a cluster

Supported

Supported to ensure wire-speed switching while
eliminating bad frames

Supports standard STP, and Rapid Spanning Tree
Protocol (RSTP)

VLANs

or Differentiated Services Code Point (DSCP), and TCP/
UDP Port

VLAN Registration

a. SMC6824MPE and SMC6826MPE only.

1-2

D

ESCRIPTION OF SOFTWARE FEATURES

Description of Software Features

The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Broadcast storm suppression prevents broadcast
traffic storms from engulfing the network. Port-based and private VLANs,
plus support for automatic GVRP VLAN registration provide traffic
security and efficient use of network bandwidth. CoS priority queueing
ensures the minimum delay for moving real-time multimedia data across
the network. While multicast filtering provides support for real-time
network applications. Some of the management features are briefly
described below.

Configuration Backup and Restore – You can save the current
configuration settings to a file on a TFTP server, and later download this
file to restore the switch configuration settings.

Authentication – This switch authenticates management access via the
console port, Telnet or web browser. User names and passwords can be
configured locally or can be verified via a remote authentication server (i.e.,
RADIUS or TACACS+). Port-based authentication is also supported via
the IEEE 802.1X protocol. This protocol uses the Extensible
Authentication Protocol over LANs (EAPOL) to request user credentials
from the 802.1X client, and then verifies the client’s right to access the
network via an authentication server.

Other authentication options include HTTPS for secure management
access via the web, SSH for secure management access over a
Telnet-equivalent connection, IP address filtering for SNMP/web/Telnet
management access, and MAC address filtering for port access.

Access Control Lists – ACLs provide packet filtering for IP frames
(based on address, protocol, or TCP/UDP port number) or any frames
(based on MAC address or Ethernet type). ACLs can be used to improve
performance by blocking unnecessary network traffic or to implement

1-3

I

NTRODUCTION

security controls by restricting access to specific network resources or
protocols.

Port Configuration – You can manually configure the speed, duplex
mode, and flow control used on specific ports, or use auto-negotiation to
detect the connection settings used by the attached device. Use the
full-duplex mode on ports whenever possible to double the throughput of
switch connections. Flow control should also be enabled to control
network traffic during periods of congestion and prevent the loss of
packets when port buffer thresholds are exceeded. The switch supports
flow control based on the IEEE 802.3x standard.

Rate Limiting – This feature controls the maximum rate for traffic
received on an interface. Rate limiting is configured on interfaces at the
edge of a network to limit traffic into the network. Packets that exceed the
acceptable amount of traffic are dropped.

Port Mirroring – The switch can unobtrusively mirror traffic from any
port to a monitor port. You can then attach a protocol analyzer or RMON
probe to this port to perform traffic analysis and verify connection
integrity.

Port Trunking – Ports can be combined into an aggregate connection.
Trunks can be manually set up or dynamically configured using IEEE

802.3ad Link Aggregation Control Protocol (LACP). The additional ports
dramatically increase the throughput across any connection, and provide
redundancy by taking over the load if a port in the trunk should fail. The
switch supports up to 8 trunks.

Broadcast Storm Control – Broadcast suppression prevents broadcast
traffic from overwhelming the network. When enabled on a port, the level
of broadcast traffic passing through the port is restricted. If broadcast
traffic rises above a pre-defined threshold, it will be throttled until the level
falls back beneath the threshold.

1-4

D

ESCRIPTION OF SOFTWARE FEATURES

Static Addresses – A static address can be assigned to a specific interface
on this switch. Static addresses are bound to the assigned interface and will
not be moved. When a static address is seen on another interface, the
address will be ignored and will not be written to the address table. Static
addresses can be used to provide network security by restricting access for
a known host to a specific port.

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent
bridging. The address table facilitates data switching by learning addresses,
and then filtering or forwarding traffic based on this information. The
address table supports up to 8K addresses.

Store-and-Forward Switching – The switch copies each frame into its
memory before forwarding them to another port. This ensures that all
frames are a standard Ethernet size and have been verified for accuracy
with the cyclic redundancy check (CRC). This prevents bad frames from
entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 4 Mbits
for frame buffering. This buffer can queue packets awaiting transmission
on congested networks.

Spanning Tree Algorithm – The switch supports these spanning tree
protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides
loop detection and recovery by allowing two or more redundant
connections to be created between a pair of LAN segments. When there
are multiple physical paths between segments, this protocol will choose a
single path and disable all others to ensure that only one route exists
between any two stations on the network. This prevents the creation of
network loops. However, if the chosen path should fail for any reason, an
alternate path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to 3 to 5
seconds, compared to 30 seconds or more for the older IEEE 802.1D STP

1-5

I

NTRODUCTION

standard. It is intended as a complete replacement for STP, but can still
interoperate with switches running the older standard by automatically
reconfiguring ports to STP-compliant mode if they detect STP protocol
messages from attached devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is
a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for even
faster convergence than RSTP by limiting the size of each region, and
prevents VLAN members from being segmented from the rest of the
group (as sometimes occurs with IEEE 802.1D STP).

Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is
a collection of network nodes that share the same collision domain
regardless of their physical location or connection point in the network.
The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Members of VLAN groups can be dynamically learned via GVRP, or ports
can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a
flat network.

• Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.

• Provide data security by restricting all traffic to the originating VLAN.

• Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need
to be configured.

Traffic Prioritization – This switch prioritizes each packet based on the
required level of service, using four priority queues with strict or Weighted
Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize
incoming traffic based on input from the end-station application. These

1-6

D

ESCRIPTION OF SOFTWARE FEATURES

functions can
data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/
4 traffic to meet application requirements. Traffic can be prioritized based
on the DSCP field in the IP frame. When these services are enabled, the
priorities are mapped to a Class of Service value by the switch, and the
traffic then sent to the corresponding output queue.

Quality of Service – Differentiated Services (DiffServ) provides
policy-based management mechanisms used for prioritizing network
resources to meet the requirements of specific traffic types on a per-hop
basis. Each packet is classified upon entry into the network based on
access lists, IP Precedence or DSCP values, or VLAN lists. Using access
lists allows you select traffic based on Layer 2, Layer 3, or Layer 4
information contained in each packet. Based on network policies, different
kinds of traffic can be marked for different kinds of forwarding.

Multicast Filtering – Specific multicast traffic can be assigned to its own
VLAN to ensure that it does not interfere with normal network traffic and
to guarantee real-time delivery by setting the required priority level for the
designated VLAN. The switch uses IGMP Snooping and Query to manage
multicast group registration. It also supports Multicast VLAN Registration
(MVR) which allows common multicast traffic, such as television channels,
to be transmitted across a single network-wide multicast VLAN shared by
hosts residing in other standard or private VLAN groups, while preserving
security and data isolation for normal traffic.

be used to provide independent priorities for delay-sensitive

1-7

I

NTRODUCTION

System Defaults

The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file
should be set as the startup configuration file (page 3-27).

The following table lists some of the basic system defaults.

Table 1-2. System Defaults

Function Parameter Default

Console Port
Connection

Authentication Privileged Exec Level Username “admin”

Baud Rate 9600

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Password “admin”

Normal Exec Level Username “guest”

Password “guest”

Enable Privileged Exec
from Normal Exec Level

RADIUS Authentication Disabled

TACACS Authentication Disabled

802.1X Port
Authentication

HTTPS Enabled

SSH Disabled

Port Security Disabled

IP Filtering Disabled

Password “super”

Disabled

1-8

S

YSTEM DEFAULTS

Table 1-2. System Defaults (Continued)

Function Parameter Default

Web
Management

SNMP Community Strings “public” (read only)

Port
Configuration

Power over

Ethernet

Rate Limiting Input limits Disabled

Port Trunking Static Trunks None

Broadcast Storm
Protection

Spanning Tree
Algorithm

Address Table Aging Time 300 seconds

a

HTTP Server Enabled

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Port
Number

Traps Authentication traps: enabled

Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Status Enabled (all ports)

LACP (all ports) Disabled

Status Enabled (all ports)

Broadcast Limit Rate 64 kbits per second

Status Enabled, RSTP

Fast Forwarding (Edge
Port)

443

“private” (read/write)

Link-up-down events: enabled

(Defaults: All values based on
IEEE 802.1w)

Disabled

1-9

I

NTRODUCTION

Table 1-2. System Defaults (Continued)

Function Parameter Default

Virtual LANs Default VLAN 1

PVID 1

Acceptable Frame Type All

Ingress Filtering Enabled

Switchport Mode (Egress
Mode)

GVRP (global) Disabled

GVRP (port interface) Disabled

Traffic
Prioritization

IP Settings IP Address DHCP assigned, otherwise

Multicast
Filtering

System Log Status Enabled

SMTP Email
Alerts

SNTP Clock Synchronization Disabled

Ingress Port Priority 0

Weighted Round Robin Queue: 0 1 2 3

IP DSCP Priority Disabled

Subnet Mask 255.255.255.0

Default Gateway 0.0.0.0

DHCP Client: Enabled

BOOTP Disabled

IGMP Snooping Snooping: Enabled

Multicast VLAN
Registration

Messages Logged Levels 0-6 (all)

Messages Logged to Flash Levels 0-3

Event Handler Enabled (but no server defined)

Hybrid: tagged/untagged frames

Weight: 1 2 4 8

192.168.1.1

Querier: Enabled

Disabled

1-10

S

YSTEM DEFAULTS

Table 1-2. System Defaults (Continued)

Function Parameter Default

DHCP Snooping Status Disabled

IP Source Guard Status Disabled (all ports)

Switch Clustering Status Enabled

Commander Disabled

a. SMC6824MPE and SMC6826MPE only.

1-11

I

NTRODUCTION

1-12

C

HAPTER

I

NITIAL

C

ONFIGURATION

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent
offers a variety of management options, including SNMP, RMON (Groups
1, 2, 3, 9) and a web-based interface. A PC may also be connected directly
to the switch for configuration and monitoring via a command line
interface (CLI).

Note: The IP address for this switch is obtained via DHCP by default.

To change this address, see

The switch’s HTTP web agent allows you to configure switch parameters,
monitor port connections, and display statistics using a standard web
browser such as Netscape version 6.2 and higher or Microsoft IE version

5.0 and higher. The switch’s web management interface can be accessed
from any computer attached to the network.

“Setting an IP Address” on page 2-6.

2

The CLI program can be accessed by a direct connection to the RS-232
serial console port on the switch, or remotely by a Telnet connection over
the network.

The switch’s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be
managed from any system in the network using network management
software such as HP OpenView.

2-1

I

NITIAL CONFIGURATION

The switch’s web interface, CLI configuration program, and SNMP agent
allow you to perform the following management functions:

• Set user names and passwords

• Set an IP interface for a management VLAN

• Configure SNMP parameters

• Enable/disable any port

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by limiting input rates

• Control port access through IEEE 802.1X security or static address
filtering

• Filter packets using Access Control Lists (ACLs)

• Configure up to 255 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Configure IGMP multicast filtering

• Upload and download system firmware via TFTP

• Upload and download switch configuration files via TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

• Configure up to 8 static or LACP trunks

• Enable port mirroring

• Set broadcast storm control on any port

• Display system information and statistics

Required Connections

The switch provides an RS-232 serial port that enables a connection to a
PC or terminal for monitoring and configuring the switch. A null-modem
console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal
emulation program to the switch. You can use the console cable provided
with this package, or use a null-modem cable that complies with the wiring
assignments shown in the Installation Guide.

2-2

C

ONNECTING TO THE SWITCH

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC
running terminal emulation software, and tighten the captive retaining
screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the
switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set the baud rate to 9600 bps.

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows
keys.

Notes: 1. Refer to “Line Commands” on page 4-15 for a complete

description of console configuration options.

2. Once you have set up the terminal correctly, the console login
screen will be displayed.

For a description of how to use the CLI, see “Using the Command Line
Interface” on page 4-1. For a list of all the CLI commands and detailed
information on using the CLI, refer to “Command Groups” on page 4-13.

2-3

I

NITIAL CONFIGURATION

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection,
you must first configure it with a valid IP address, subnet mask, and default
gateway using a console connection, DHCP or BOOTP protocol.

The IP address for this switch is obtained via DHCP by default. To
manually configure this address or enable dynamic address assignment via
DHCP or BOOTP, see “Setting an IP Address” on page 2-6.

Note: This switch supports four concurrent Telnet/SSH sessions.

After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The
onboard configuration program can be accessed using Telnet from any
computer attached to the network. The switch can also be managed by any
computer using a web browser (Internet Explorer 5.0 or above, or
Netscape 6.2 or above), or from a network computer using SNMP
network management software.

Note: The onboard program only provides access to basic configuration

functions. To access the full range of SNMP management
functions, you must use SNMP-based network management
software.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal
access level (Normal Exec) and privileged access level (Privileged Exec).
The commands available at the Normal Exec level are a limited subset of
those available at the Privileged Exec level and allow you to only display
information and use basic utilities. To fully configure the switch
parameters, you must access the CLI at the Privileged Exec level.

2-4

B

ASIC CONFIGURATION

Access to both CLI levels are controlled by user names and passwords.
The switch has a default user name and password for each level. To log
into the CLI at ]the Privileged Exec level using the default user name and
password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access
Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password
characters are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt
indicating you have access at the Privileged Exec level.

Setting Passwords

Note: If this is your first time to log into the CLI program, you should

define new passwords for both default user names using the
“username” command, record them and put them in a safe place.

Passwords can consist of up to 8 alphanumeric characters and are case
sensitive. To prevent unauthorized access to the switch, set the passwords
as follows:

1. Open the console interface with the default user name and password
“admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec
level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec
level, where password is your new password. Press <Enter>.

2-5

I

NITIAL CONFIGURATION

Note: ‘0’ specifies the password in plain text, ‘7’ specifies the password in

encrypted form.

Username: admin
Password:

CLI session with the SMC6128PL2 is opened.
To end the CLI session, enter [Exit].

Console#configure
Console(config)#username guest password 0 [password]
Console(config)#username admin password 0 [password]
Console(config)#

Setting an IP Address

You must establish IP address information for the stack to obtain
management access through the network. This can be done in either of the
following ways:

Manual — You have to input the information, including IP address and
subnet mask. If your management station is not in the same IP subnet as
the stack’s master unit, you will also need to specify the default gateway
router.

Dynamic — The switch sends IP configuration requests to BOOTP or
DHCP address allocation servers on the network.

Manual Configuration

You can manually assign an IP address to the switch. You may also need to
specify a default gateway that resides between this device and management
stations that exist on another network segment. Valid IP addresses consist
of four decimal numbers, 0 to 255, separated by periods. Anything outside
this format will not be accepted by the CLI program.

Note: The IP address for this switch is obtained via DHCP by default.

Before you can assign an IP address to the switch, you must obtain the
following information from your network administrator:

2-6

B

ASIC CONFIGURATION

• IP address for the switch

• Default gateway for the network

• Network mask for this network

To assign an IP address to the switch, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt,
type “interface vlan 1” to access the interface-configuration mode.
Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch
IP address and “netmask” is the network mask for the network. Press
<Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press
<Enter>.

4. To set the IP address of the default gateway for the network to which
the switch belongs, type “ip default-gateway gateway,” where “gateway”
is the IP address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.5 255.255.255.0
Console(config-if)#exit
Console(config)#ip default-gateway 192.168.1.254
Console(config)#

Dynamic Configuration

If you select the “bootp” or “dhcp” option, IP will be enabled but will not
function until a BOOTP or DHCP reply has been received. You therefore
need to use the “ip dhcp restart” command to start broadcasting service
requests. Requests will be sent periodically in an effort to obtain IP
configuration information. (BOOTP and DHCP values can include the IP
address, subnet mask, and default gateway.)

2-7

I

NITIAL CONFIGURATION

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6),
then the switch will start broadcasting service requests as soon as it is
powered on.

To automatically configure the switch by communicating with BOOTP or
DHCP address allocation servers on the network, complete the following
steps:

1. From the Global Configuration mode prompt, type “interface vlan 1”
to access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following
commands:

• To obtain IP settings via DHCP, type “ip address dhcp” and press
<Enter>.

• To obtain IP settings via BOOTP, type “ip address bootp” and
press <Enter>.

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

4. Type “ip dhcp restart” to begin broadcasting service requests.
Press

<Enter>.

5. Wait a few minutes, and then check the IP configuration settings by
typing the “show ip interface” command. Press <Enter>.

2-8

B

ASIC CONFIGURATION

6. Then save your configuration changes by typing “copy running-config
startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
Console(config-if)#end
Console#ip dhcp restart
Console#show ip interface
IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1,
and address mode: User specified.
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.

\Write to FLASH finish.
Success.

Enabling SNMP Management Access

The switch can be configured to accept management commands from
Simple Network Management Protocol (SNMP) applications such as HP
OpenView. You can configure the switch to (1) respond to SNMP requests
or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either to
return information or to set a parameter), the switch provides the
requested data or sets the specified parameter. The switch can also be
configured to send information to SNMP managers (without being
requested by the managers) through trap messages, which inform the
manager that certain events have occurred.

The switch includes an SNMP agent that supports SNMP version 1, 2c,
and 3 clients. To provide management access for version 1 or 2c clients,
you must specify a community string. The switch provides a default MIB
View (i.e., an SNMPv3 construct) for the default “public” community
string that provides read access to the entire MIB tree, and a default view
for the “private” community string that provides read/write access to the
entire MIB tree. However, you may assign new views to version 1 or 2c
community strings that suit your specific security requirements (see page
3-63).

2-9

I

NITIAL CONFIGURATION

Community Strings (for SNMP version 1 and 2c clients)

Community strings are used to control management access to SNMP
version 1 and 2c stations, as well as to authorize SNMP stations to receive
trap messages from the switch. You therefore need to assign community
strings to specified users, and set the access level.

The default strings are:

• public - with read-only access. Authorized management stations are
only able to retrieve MIB objects.

• private - with read-write access. Authorized management stations are
able to both retrieve and modify MIB objects.

To prevent unauthorized access to the switch from SNMP version 1 or 2c
clients, it is recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt,

type “snmp-server community string mode,” where “string” is the
community access string and “mode” is rw (read/write) or ro (read
only). Press <Enter>. (Note that the default mode is read only.)

2. To remove an existing string, simply type “no snmp-server community

string,” where “string” is the community access string to remove. Press
<Enter>.

Console(config)#snmp-server community admin rw 4-139
Console(config)#snmp-server community private
Console(config)#

Note: If you do not intend to support access to SNMP version 1 and 2c

clients, we recommend that you delete both of the default
community strings. If there are no community strings, then SNMP
management access from SNMP v1 and v2c clients is disabled.

2-10

B

ASIC CONFIGURATION

Trap Receivers

You can also specify SNMP stations that are to receive traps from the
switch. To configure a trap receiver, use the “snmp-server host” command.
From the Privileged Exec level global configuration mode prompt, type:

“snmp-server host host-address community-string

[version {1 | 2c | 3 {auth | noauth | priv}}]”

where “host-address” is the IP address for the trap receiver,
“community-string” specifies access rights for a version 1/2c host, or is
the user name of a version 3 host, “version” indicates the SNMP client
version, and “auth | noauth | priv” means that authentication, no
authentication, or authentication and privacy is used for v3 clients.
Then press <Enter>. For a more detailed description of these parameters,
see “snmp-server host” on page 4-141. The following example creates a
trap host for each type of SNMP client.

Console(config)#snmp-server host 10.1.19.23 batman 4-141
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#

Configuring Access for SNMP Version 3 Clients

To configure management access for SNMPv3 clients, you need to first
create a view that defines the portions of MIB that the client can read or
write, assign the view to a group, and then assign the user to a group. The
following example creates one view called “mib-2” that includes the entire
MIB-2 tree branch, and then another view that includes the IEEE 802.1d
bridge MIB. It assigns these respective read and read/write views to a
group call “r&d” and specifies group authentication via MD5 or SHA. In
the last step, it assigns a v3 user to this group, indicating that MD5 will be

2-11

I

NITIAL CONFIGURATION

used for authentication, provides the password “greenpeace” for
authentication, and the password “einstien” for encryption.

Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included 4-148
Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included
Console(config)#snmp-server group r&d v3 auth mib-2 802.1d 4-150
Console(config)#snmp-server user steve group r&d v3 auth md5
greenpeace priv des56 einstien 4-153
Console(config)#

For a more detailed explanation on how to configure the switch for access
from SNMP v3 clients, refer to “Simple Network Management Protocol”
on page 3-47, or refer to the specific CLI commands for SNMP starting on
page 4-136.

Saving Configuration Settings

Configuration commands only modify the running configuration file and
are not saved when the switch is rebooted. To save all your configuration
changes in nonvolatile storage, you must copy the running configuration
file to the start-up configuration file using the “copy” command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config

startup-config” and press <Enter>.

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.

\Write to FLASH finish.
Success.

Console#

2-12

M

ANAGING SYSTEM FILES

Managing System Files

The switch’s flash memory supports three types of system files that can be
managed by the CLI program, web interface, or SNMP. The switch’s file
system allows files to be uploaded and downloaded, copied, deleted, and
set as a start-up file.

The three types of files are:

• Configuration — This file stores system configuration information
and is created when configuration settings are saved. Saved
configuration files can be selected as a system start-up file or can be
uploaded via TFTP to a server for backup. A file named
“Factory_Default_Config.cfg” contains all the system default settings
and cannot be deleted from the system. See “Saving or Restoring
Configuration Settings” on page 3-27 for more information.

• Operation Code — System software that is executed after boot-up,
also known as run-time code. This code runs the switch operations and
provides the CLI and web management interfaces. See “Managing
Firmware” on page 3-24 for more information.

• Diagnostic Code — Software that is run during system boot-up, also
known as POST (Power On Self-Test).

Due to the size limit of the flash memory, the switch supports only two
operation code files. However, you can have as many diagnostic code files
and configuration files as available flash memory space allows.

In the system flash memory, one file of each type must be set as the
start-up file. During a system boot, the diagnostic and operation code files
set as the start-up file are run, and then the start-up configuration file is
loaded.

2-13

I

NITIAL CONFIGURATION

Note that configuration files should be downloaded using a file name that
reflects the contents or usage of the file settings. If you download directly
to the running-config, the system will reboot, and the settings will have to
be copied from the running-config to a permanent file.

2-14

C

HAPTER

C

ONFIGURING THE

S

WITCH

Using the Web Interface

This switch provides an embedded HTTP web agent. Using a web browser
you can configure the switch and view statistics to monitor network
activity. The web agent can be accessed by any computer on the network
using a standard web browser (Internet Explorer 5.0 or above, or Netscape

6.2 or above).

Note: You can also use the Command Line Interface (CLI) to manage

the switch over a serial connection to the console port or via
Telnet. For more information on using the CLI, refer to
“Command Line Interface.”

Prior to accessing the switch from a web browser, be sure you have first
performed the following tasks:

1.Configure the switch with a valid IP address, subnet mask, and default

gateway using an out-of-band serial connection, BOOTP or DHCP
protocol. (See

2. Set user names and passwords using an out-of-band serial connection.

Access to the web agent is controlled by the same user names and
passwords as the onboard configuration program. (See
Passwords” on page 2-5.)

3. After you enter a user name and password, you will have access to the

system configuration program.

Notes: 1. You are allowed three attempts to enter the correct password;

“Setting an IP Address” on page 2-6.)

on the third failed attempt the current connection is
terminated.

3

Chapter 4

“Setting

3-1

C

ONFIGURING THE SWITCH

2. If you log into the web interface as guest (Normal Exec level),
you can view the configuration settings or change the guest
password. If you log in as “admin” (Privileged Exec level), you
can change the settings on any page.

3. If the path between your management station and this switch
does not pass through any device that uses the Spanning Tree
Algorithm, then you can set the switch port attached to your
management station to fast forwarding (i.e., enable Admin
Edge Port) to improve the switch’s response time to
management commands issued through the web interface. See
“Configuring Interface Settings” on page 3-164.

3-2

N

AVIGATING THE WEB BROWSER INTERFACE

Navigating the Web Browser Interface

To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration
parameters and statistics. The default user name and password for the
administrator is “admin.”

Home Page

When your web browser connects with the switch’s web agent, the home
page is displayed as shown below. The home page displays the Main Menu
on the left side of the screen and System Information on the right side.
The Main Menu links are used to navigate to other menus, and display
configuration parameters and statistics.

Figure 3-1. Home Page

3-3

C

ONFIGURING THE SWITCH

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the
Apply button to confirm the new setting. The following table summarizes
the web page configuration buttons.

Table 3-1. Configuration Options

Button Action

Revert Cancels specified values and restores current values prior to

pressing Apply.

Apply Sets specified values to the system.

Help Links directly to webhelp.

Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer

5.x is configured as follows: Under the menu “Tools / Internet
Options / General / Temporary Internet Files / Settings,” the
setting for item “Check for newer versions of stored pages”
should be “Every visit to the page.”

2. When using Internet Explorer 5.0, you may have to manually
refresh the screen after making configuration changes by
pressing the browser’s refresh button.

Panel Display

The web agent displays an image of the switch’s ports. The Mode can be set to
display different information for the ports, including Active (i.e., up or down), Duplex
(i.e., half or full duplex, or Flow Control (i.e., with or without flow control). Clicking on
the image of a port opens the Port Configuration page as described on page

Figure 3-2. Panel Display

3-4

3-111.

Main Menu

Using the onboard web agent, you can define system parameters, manage
and control the switch, and all its ports, or monitor network conditions.
The following table briefly describes the selections available from this
program.

Table 3-2. Main Menu

Menu Description Page

System 3-13

System Information Provides basic system description, including

contact information

Switch Information Shows the number of ports, hardware/

firmware version numbers, and power status

Bridge Extension
Configuration

IP Configuration Sets the IP address for management access 3-19

Jumbo Frames Enables jumbo frame packets. 3-23

File Management 3-24

Copy Operation Allows the transfer and copying files 3-24

Delete Allows deletion of files from the flash memory 3-25

Set Start-Up Sets the startup file 3-25

Line 3-31

Console Sets console port connection parameters 3-31

Telnet Sets Telnet connection parameters 3-34

Log 3-36

Logs Stores and displays error messages 3-36

System Logs Sends error messages to a logging process 3-37

Remote Logs Configures the logging of messages to a remote

SMTP Sends an SMTP client message to a participating

Shows the bridge extension parameters 3-18

logging process

server.

M

AIN MENU

3-13

3-15

3-39

3-41

3-5

C

ONFIGURING THE SWITCH

Table 3-2. Main Menu (Continued)

Menu Description Page

Reset Restarts the switch 3-43

SNTP 3-44

Configuration Configures SNTP client settings, including

broadcast mode or a specified list of servers

Clock Time Zone Sets the local time zone for the system clock 3-46

SNMP 3-47

Configuration Configures community strings and related trap

functions

Agent Status Enables or disables SNMP Agent Status 3-52

SNMPv3 3-53

Engine ID Sets the SNMP v3 engine ID on this switch 3-53

Remote Engine ID Sets the SNMP v3 engine ID for a remote

device

Users Configures SNMP v3 users on this switch 3-55

Remote Users Configures SNMP v3 users from a remote

device

Groups Configures SNMP v3 groups 3-59

Views Configures SNMP v3 views 3-63

Security 3-66

User Accounts Assigns a new password for the current user 3-66

Authentication Settings Configures authentication sequence, RADIUS

and TACACS

HTTPS Settings Configures secure HTTP settings 3-73

SSH 3-77

Settings Configures Secure Shell server settings 3-84

Host-Key Settings Generates the host key pair (public and private) 3-81

Port Security Configures per port security, including status,

response for security breach, and maximum
allowed MAC addresses

3-44

3-50

3-55

3-57

3-68

3-84

3-6

M

AIN MENU

Table 3-2. Main Menu (Continued)

Menu Description Page

802.1X Port authentication 3-86

Information Displays global configuration settings 3-89

Configuration Configures the global configuration setting 3-89

Port Configuration Sets parameters for individual ports 3-90

Statistics Displays protocol statistics for the selected port 3-94

ACL 3-96

Configuration Configures packet filtering based on IP or MAC

addresses

Port Binding Binds a port to the specified ACL 3-104

IP Filter Sets IP addresses of clients allowed

management access via the web, SNMP, and
Telnet

Port 3-108

Port Information Displays port connection status 3-108

Trunk Information Displays trunk connection status 3-108

Port Configuration Configures port connection settings 3-111

Trunk Configuration Configures trunk connection settings 3-111

Trunk Membership Specifies ports to group into static trunks 3-115

LACP 3-117

Configuration Allows ports to dynamically join trunks 3-117

Aggregation Port Configures parameters for link aggregation

group members

Port Counters
Information

Port Internal
Information

Port Neighbors
Information

Displays statistics for LACP protocol messages 3-122

Displays settings and operational state for the
local side

Displays settings and operational state for the
remote side

3-96

3-106

3-119

3-124

3-128

3-7

C

ONFIGURING THE SWITCH

Table 3-2. Main Menu (Continued)

Menu Description Page

Port Broadcast Control Sets the broadcast storm threshold for each

port

Trunk Broadcast
Control

Mirror Port
Configuration

Rate Limit 3-132

Input
Port Configuration

Input
Trunk Configuration

Output
Port Configuration

Output
Trunk Configuration

Port Statistics Lists Ethernet and RMON port statistics 3-134

PoE 3-145

Power Status Displays the status of global power parameters 3-140

Power Config Configures the power budget for the switch 3-141

Power Port Status Displays the status of port power parameters 3-142

Power Port Config Configures port power parameters 3-143

Address Table 3-139

Static Addresses Displays entries for interface, address or VLAN 3-145

Dynamic Addresses Displays or edits static entries in the Address

Address Aging Sets timeout for dynamically learned entries 3-149

Spanning Tree 3-149

STA 3-149

Information Displays STA values used for the bridge 3-151

Sets the broadcast storm threshold for each
trunk

Sets the source and target ports for mirroring 3-131

Sets the input rate limit for each port 3-132

Sets the input rate limit for each trunk 3-132

Sets the output rate limit for ports 3-132

Sets the output rate limit for trunks 3-132

Table

3-129

3-129

3-146

3-8

M

AIN MENU

Table 3-2. Main Menu (Continued)

Menu Description Page

Configuration Configures global bridge settings for STA and

RSTP

Port Information Displays individual port settings for STA 3-160

Trunk Information Displays individual trunk settings for STA 3-160

Port Configuration Configures individual port settings for STA 3-164

Trunk Configuration Configures individual trunk settings for STA 3-164

MSTP 3-167

VLAN Configuration Configures priority and VLANs for a spanning

tree instance

Port Information Displays port settings for a specified MST

instance

Trunk Information Displays trunk settings for a specified MST

instance

Port Configuration Configures port settings for a specified MST

instance

Trunk Configuration Configures trunk settings for a specified MST

instance

VLAN 3-175

802.1Q VLAN 3-175

Basic Information Displays information on the VLAN type

supported by this switch

Current Table Shows the current port members of each

VLAN and whether or not the port is tagged or
untagged

Static List Used to create or remove VLAN groups 3-183

Static Table Modifies the settings for an existing VLAN 3-185

Static Membership by
Port

Port Configuration Specifies default PVID and VLAN attributes 3-190

Configures membership type for interfaces,
including tagged, untagged or forbidden

3-155

3-167

3-170

3-170

3-172

3-172

3-180

3-181

3-188

3-9

C

ONFIGURING THE SWITCH

Table 3-2. Main Menu (Continued)

Menu Description Page

Trunk Configuration Specifies default trunk VID and VLAN

attributes

Private VLAN 3-192

Information Displays Private VLAN feature information 3-194

Configuration This page is used to create/remove primary or

community VLANs

Association Each community VLAN must be associated

with a primary VLAN

Port Information Shows VLAN port type, and associated primary

or secondary VLANs

Port Configuration Sets the private VLAN interface type, and

associates the interfaces with a private VLAN

Trunk Information Shows VLAN port type, and associated primary

or secondary VLANs

Trunk Configuration Sets the private VLAN interface type, and

associates the interfaces with a private VLAN

Protocol VLAN 3-203

Configuration Configures protocol VLANs 3-203

Port Configuration Configures protocol VLAN port type, and

associated protocol VLANs

Priority 3-204

Default Port Priority Sets the default priority for each port 3-205

Default Trunk Priority Sets the default priority for each trunk 3-205

Traffic Classes Maps IEEE 802.1p priority tags to output

queues

Traffic Classes Status Enables/disables traffic class priorities (not

implemented)

Queue Mode Sets queue mode to strict priority or Weighted

Round-Robin

Queue Scheduling Configures Weighted Round Robin queueing 3-210

3-190

3-196

3-197

3-198

3-200

3-198

3-200

3-203

3-206

3-208

3-209

3-10

M

AIN MENU

Table 3-2. Main Menu (Continued)

Menu Description Page

IP DSCP Priority Status Globally selects DSCP Priority, or disables it. 3-212

IP DSCP Priority Sets IP Differentiated Services Code Point

priority, mapping a DSCP tag to a
class-of-service value

QoS 3-215

DiffServ 3-215

Class Map Sets Class Maps 3-216

Policy Map Sets Policy Maps 3-221

Service Policy Defines service policy settings for ports 3-225

IGMP Snooping 3-227

IGMP Configuration Enables multicast filtering; configures

parameters for multicast query

IGMP Immediate Leave Enables the immediate leave function 3-230

Multicast Router
Port Information

Static Multicast Router
Port Configuration

IP Multicast
Registration Table

IGMP Member
Port Table

MVR 3-237

Configuration Globally enables MVR, sets the MVR VLAN,

Port Information Displays MVR interface type, MVR operational

Trunk Information Displays MVR interface type, MVR operational

Displays the ports that are attached to a
neighboring multicast router for each VLAN
ID

Assigns ports that are attached to a neighboring
multicast router

Displays all multicast groups active on this
switch, including multicast IP addresses and
VLAN ID

Indicates multicast addresses associated with
the selected VLAN

adds multicast stream addresses

and activity status, and immediate leave status

and activity status, and immediate leave status

3-213

3-228

3-232

3-233

3-234

3-236

3-239

3-240

3-240

3-11

C

ONFIGURING THE SWITCH

Table 3-2. Main Menu (Continued)

Menu Description Page

Group IP Information Displays the ports attached to an MVR

multicast stream

Port Configuration Configures MVR interface type and immediate

leave status

Trunk Configuration Configures MVR interface type and immediate

leave status

Group Member
Configuration

DHCP Snooping 3-246

Configuration Enables DHCP Snooping and DHCP

VLAN Configuration Enables DHCP Snooping for a VLAN 3-248

Information Option
Configuration

Port Configuration Selects the DHCP Snooping Information

Binding Information Displays the DHCP Snooping binding

IP Source Guard 3-254

Port Configuration Enables IP source guard and selects filter type

Static Configuration Adds a static addresses to the source-guard

Dynamic Information Displays the source-guard binding table for a

Cluster 3-258

Configuration Globally enables clustering for the switch 3-258

Member Configuration Adds switch Members to the cluster 3-260

Member Information Displays cluster Member switch information 3-261

Candidate Information Displays network Candidate switch information 3-262

Statically assigns MVR multicast streams to an
interface

Snooping MAC-Address Verification

Enables DHCP Snooping Information Option 3-249

Option policy

information

per port

binding table

selected interface

3-241

3-243

3-243

3-245

3-248

3-251

3-252

3-253

3-255

3-256

3-12

B

ASIC CONFIGURATION

Basic Configuration

Displaying System Information

You can easily identify the system by displaying the device name, location
and contact information.

Field Attributes

• System Name – Name assigned to the switch system.

• Object ID – MIB II object ID for switch’s network management
subsystem.

• Location – Specifies the system location.

• Contact – Administrator responsible for the system.

• System Up Time – Length of time the management agent has been
up.

These additional parameters are displayed for the CLI.

• MAC Address – The physical layer address for this switch.

• Web server – Shows if management access via HTTP is enabled.

• Web server port – Shows the TCP port number used by the web
interface.

• Web secure server – Shows if management access via HTTPS is
enabled.

• Web secure server port – Shows the TCP port used by the HTTPS
interface.

• Telnet server – Shows if management access via Telnet is enabled.

• Telnet port – Shows the TCP port used by the Telnet interface.

• Jumbo Frame – Shows if jumbo frames are enabled.

• POST result – Shows results of the power-on self-test.

3-13

C

ONFIGURING THE SWITCH

Web – Click System, System Information. Specify the system name,
location, and contact information for the system administrator, then click
Apply. (This page also
Command Line Interface via Telnet.)

includes a Telnet button that allows access to the

Figure 3-3. System Information

3-14

B

ASIC CONFIGURATION

CLI – Specify the hostname, location and contact information.

Console(config)#hostname R&D 5 4-34
Console(config)#snmp-server location WC 9 4-141
Console(config)#snmp-server contact Ted 4-140
Console(config)#exit
Console#show system 4-84
System description : 24 10/100 ports and 4 gigabit ports with PoE switch
System OID string : 1.3.6.1.4.1.202.20.65
System information
System Up time : 0 days, 0 hours, 14 minutes, and 32.93 seconds
System Name : R&D 5
System Location : WC 9
System Contact : Ted
MAC address : 00-00-35-28-10-03
Web server : enabled
Web server port : 80
Web secure server : enabled
Web secure server port : 443
Telnet server : enable
Telnet port : 23
Jumbo Frame : Disabled
POST result

UART Loopback Test ........... PASS

DRAM Test .................... PASS

Timer Test ................... PASS

PCI Device 1 Test ............ PASS

I2C Bus Initialization ....... PASS

Switch Int Loopback Test ..... PASS

Fan Speed Test ............... PASS

Done All Pass.
Console#

Displaying Switch Hardware/Software Versions

Use the Switch Information page to display hardware/firmware version
numbers for
power status of the system.

Field Attributes

Main Board

• Serial Number – The serial number of the switch.

• Number of Ports – Number of built-in RJ-45 ports.

• Hardware Version – Hardware version of the main board.

• Internal Power Status – Displays the status of the internal power
supply.

the main board and management software, as well as the

3-15

C

ONFIGURING THE SWITCH

Management Software

• EPLD Version – Version number of the Electronically
Programmable Logic Device code.

• Loader Version – Version number of loader code.

• Boot-ROM Version – Version of Power-On Self-Test (POST) and
boot code.

• Operation Code Version – Version number of runtime code.

• Role – Shows that this switch is operating as Master or Slave.

Web – Click System, Switch Information.

3-16

Figure 3-4. Switch Information

B

ASIC CONFIGURATION

CLI – Use the following command to display version information.

Console#show version 4-85
Unit 1
Serial number:
Hardware version:
EPLD Version: 4.04
Number of ports: 28
Main power status: Up
Redundant power status: Not present

Agent (master)
Unit ID: 1
Loader version: 0.0.0.5
Boot ROM version: 0.0.0.8
Operation code version: 0.0.1.2

Console#

3-17

C

ONFIGURING THE SWITCH

Displaying Bridge Extension Capabilities

The Bridge MIB includes extensions for managed devices that support
Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these
extensions to display default settings for the key variables.

Field Attributes

• Extended Multicast Filtering Services – This switch does not
support the filtering of individual multicast addresses based on GMRP
(GARP Multicast Registration Protocol).

• Traffic Classes – This switch provides mapping of user priorities to
multiple traffic classes. (Refer to “Class of Service Configuration” on
page 3-204.)

• Static Entry Individual Port – This switch allows static filtering for
unicast and multicast addresses. (Refer to “Setting Static Addresses”
on page 3-145.)

• VLAN Learning – This switch uses Shared VLAN Learning (SVL),
where all VLANs share the same address table.

• Configurable PVID Tagging – This switch allows you to override
the default Port VLAN ID (PVID used in frame tags) and egress status
(VLAN-Tagged or Untagged) on each port. (Refer to “VLAN
Configuration” on page 3-175.)

• Local VLAN Capable – This switch does not support multiple local
bridges outside of the scope of 802.1Q defined VLANs.

• GMRP – GARP Multicast Registration Protocol (GMRP) allows
network devices to register endstations with multicast groups. This
switch does not support GMRP; it uses the Internet Group
Management Protocol (IGMP) to provide automatic multicast
filtering.

Web – Click System, Bridge Extension Configuration.

3-18

B

ASIC CONFIGURATION

Figure 3-5. Bridge Extension Configuration

CLI – Enter the following command.

Console#show bridge-ext 4-219
Max support VLAN numbers: 256
Max support VLAN ID: 4094
Extended multicast filtering services: No
Static entry individual port: Yes
VLAN learning: SVL
Configurable PVID tagging: Yes
Local VLAN capable: No
Traffic classes: Enabled
Global GVRP status: Disabled
GMRP: Disabled
Console#

Setting the Switch’s IP Address

This section describes how to configure an IP interface for management
access over the network. The IP address for the stack is obtained via
DHCP by default. To manually configure an address, you need to change
the switch’s default settings (IP address 192.168.1.1 and netmask

255.255.255.0) to values that are compatible with your network. You may
also need to a establish a default gateway between the stack and
management stations that exist on another network segment.

3-19

C

ONFIGURING THE SWITCH

You can manually configure a specific IP address, or direct the device to
obtain an address from a BOOTP or DHCP server. Valid IP addresses
consist of four decimal numbers, 0 to 255, separated by periods. Anything
outside this format will not be accepted by the CLI program.

Command Attributes

• Management VLAN – ID of the configured VLAN (1-4094, no
leading zeroes). By default, all ports on the switch are members of
VLAN 1. However, the management station can be attached to a port
belonging to any VLAN, as long as that VLAN has been assigned an
IP address.

• IP Address Mode – Specifies whether IP functionality is enabled via
manual configuration (Static), Dynamic Host Configuration Protocol
(DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled,
IP will not function until a reply has been received from the server.
Requests will be broadcast periodically by the switch for an IP address.
(DHCP/BOOTP values can include the IP address, subnet mask, and
default gateway.)

• IP Address – Address of the VLAN interface that is allowed
management access. Valid IP addresses consist of four numbers, 0 to
255, separated by periods. (Default: 0.0.0.0)

• Subnet Mask – This mask identifies the host address bits used for
routing to specific subnets. (Default: 255.0.0.0)

• Gateway IP address – IP address of the gateway router between this
device and management stations that exist on other network segments.
(Default: 0.0.0.0)

• MAC Address – The physical layer address for this switch.

• Restart DHCP – Requests a new IP address from the DHCP server.

3-20

B

ASIC CONFIGURATION

Manual Configuration

Web – Click System, IP Configuration. Select the VLAN through which

the management station is attached, set the IP Address Mode to “Static,”
enter the IP address, subnet mask and gateway, then click Apply.

Figure 3-6. Manual IP Configuration

CLI – Specify the management interface, IP address and default gateway.

Console#config
Console(config)#interface vlan 1 4-156
Console(config-if)#ip address 192.168.1.1 255.255.255.0 4-290
Console(config-if)#exit
Console(config)#ip default-gateway 0.0.0.0 4-292
Console(config)#

3-21

C

ONFIGURING THE SWITCH

Using DHCP/BOOTP

If your network provides DHCP/BOOTP services, you can configure the
switch to be dynamically configured by these services.

Web – Click System, IP Configuration. Specify the VLAN to which the
management station is attached, set the IP Address Mode to DHCP or
BOOTP. Click Apply to save your changes. Then click Restart DHCP to
immediately request a new address. Note that the switch will also broadcast
a request for IP configuration settings on each power reset.

Figure 3-7. DHCP IP Configuration

Note: If you lose your management connection, use a console

connection and enter “show ip interface” to determine the new
switch address.

3-22

B

ASIC CONFIGURATION

CLI – Specify the management interface, and set the IP address mode to
DHCP or BOOTP, and then enter the “ip dhcp restart” command.

Console#config
Console(config)#interface vlan 1 4-156
Console(config-if)#ip address dhcp 4-290
Console(config-if)#end
Console#ip dhcp restart 4-292
Console#show ip interface 4-293
IP address and netmask: 192.168.1.1 255.255.255.0 on VLAN 1,
and address mode: User specified.
Console#

Renewing DCHP – DHCP may lease addresses to clients indefinitely or
for a specific period of time. If the address expires or the switch is moved
to another network segment, you will lose management access to the
switch. In this case, you can reboot the switch or submit a client request to
restart DHCP service via the CLI.

Web – If the address assigned by DHCP is no longer functioning, you will
not be able to renew the IP settings via the web interface. You can only
restart DHCP service via the web interface if the current address is still
available.

CLI – Enter the following command to restart DHCP service.

Console#ip dhcp restart 4-292
Console#

Enabling Jumbo Frames

You can enable jumbo frames to support data packets up to 9000 bytes in
size.

Command Attributes

• Jumbo Packet Status – Check the box to enable jumbo frames.

Web – Click System, Jumbo Frames.

3-23

C

ONFIGURING THE SWITCH

Figure 3-8. Bridge Extension Configuration

CLI – Enter the following command.

Console#config
Console(config)#jumbo frame
Console(config)#

Managing Firmware

You can upload/download firmware to or from a TFTP server, or copy
files to and from switch units in a stack. By saving runtime code to a file on
a TFTP server, that file can later be downloaded to the switch to restore
operation. You can also set the switch to use new firmware without
overwriting the previous version. You must specify the method of file
transfer, along with the file type and file names as required.

Command Attributes

• File Transfer Method – The firmware copy operation includes these
options:

- file to file – Copies a file within the switch directory, assigning it a

new name.

- file to tftp – Copies a file from the switch to a TFTP server.

- tftp to file – Copies a file from a TFTP server to the switch.

• TFTP Server IP Address – The IP address of a TFTP server.

• File Type – Specify opcode (operational code) to copy firmware.

3-24

B

ASIC CONFIGURATION

• File Name –
leading letter of the file name should not be a period (.), and the
maximum length for file names on the TFTP server is 127 characters
or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9,
“.”, “-”, “_”)

Note: Up to two copies of the system software (i.e., the runtime

firmware) can be stored in the file directory on the switch. The
currently designated startup version of this file cannot be deleted.

The file name should not contain slashes (\ or /),

the

Downloading System Software from a Server

When downloading runtime code, you can specify the destination file
name to replace the current image, or first download the file using a
different name from the current runtime code file, and then set the new
file as the startup file.

Web –Click System, File Management, Copy Operation. Select “tftp to
file” as the file transfer method, enter the IP address of the TFTP server,
set the file type to “opcode,” enter the file name of the software to
download, select a file on the switch to overwrite or specify a new file
name, then click Apply. If you replaced the current firmware used for
startup and want to start using the new operation code, reboot the system
via the System/Reset menu.

Figure 3-9. Copy Firmware

3-25

C

ONFIGURING THE SWITCH

If you download to a new destination file, go to the System/File/Set
Start-Up menu, mark the operation code file used at startup, and click
Apply. To start the new firmware, reboot the system via the System/Reset
menu.

Figure 3-10. Setting the Startup Code

To delete a file select System, File, Delete. Select the file name from the
given list by checking the tick box and click Apply. Note that t

designated as the startup code cannot be deleted.

he file currently

Figure 3-11. Deleting Files

CLI – To download new firmware form a TFTP server, enter the IP

address of the TFTP server, select “opcode” as the file type, then enter the
source and destination file names. When the file has finished downloading,
set the new file to start up the system, and then restart the switch.

To start the new firmware, enter the “reload” command or reboot the
system.

3-26

B

ASIC CONFIGURATION

Console#copy tftp file 4-88
TFTP server ip address: 192.168.1.23
Choose file type:

1. config: 2. opcode: <1-2>: 2
Source file name: V2.2.7.1.bix
Destination file name: V2271.F
\Write to FLASH Programming.

-Write to FLASH finish.
Success.
Console#config
Console(config)#boot system opcode:V2271.F
Console(config)#exit
Console#reload

Saving or Restoring Configuration Settings

You can upload/download configuration settings to/from a TFTP server.
The configuration files can be later downloaded to restore the switch’s
settings.

Command Usage

• When updating the PoE controller, first copy the PD controller file from

a TFTP server to the switch's file system (tftp to file), and then copy this
file to the controller (file to file).

• When specifying the file type “PD_Controller” or “PoE” for copy

operations via the web or CLI, file types other than PoE controller may
be downloaded, but will not adversely affect the system.

4-95

4-30

Command Attributes

• File Transfer Method – The configuration copy operation includes
these options:

- file to file – Copies a file within the switch directory, assigning it a

new name.

- file to running-config – Copies a file in the switch to the running

configuration.

- file to startup-config – Copies a file in the switch to the startup

configuration.

- file to tftp – Copies a file from the switch to a TFTP server.

- running-config to file – Copies the running configuration to a file.

3-27

C

ONFIGURING THE SWITCH

- running-config to startup-config – Copies the running config to the
startup config.

- running-config to tftp – Copies the running configuration to a TFTP
server.

- startup-config to file – Copies the startup configuration to a file on
the switch.

- startup-config to running-config – Copies the startup config to the
running config.

- startup-config to tftp – Copies the startup configuration to a TFTP
server.

- tftp to file – Copies a file from a TFTP server to the switch.

- tftp to running-config – Copies a file from a TFTP server to the
running config.

- tftp to startup-config – Copies a file from a TFTP server to the
startup config.

• TFTP Server IP Address – The IP address of a TFTP server.

• File Type – Specify config (configuration) to copy configuration
settings, or PD_Controller to copy a PoE controller file.

•

File Name

leading letter of the file name should not be a period (.), and the
maximum length for file names on the TFTP server is 127 characters
or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9,
“.”, “-”, “_”)

• Source/Destination Unit – Stack unit. (Range: 1 - 8)

Note: The maximum number of user-defined configuration files is

limited only by available flash memory space.

— The file name should not contain slashes (\ or /),

the

3-28

B

ASIC CONFIGURATION

Downloading Configuration Settings from a Server

You can download the configuration file under a new file name and then
set it as the startup file, or you can specify the current startup
configuration file as the destination file to directly replace it. Note that the
file “Factory_Default_Config.cfg” can be copied to the TFTP server, but
cannot be used as the destination on the switch.

Web – Click System, File, Copy Operation. Select “tftp to startup-config”
or “tftp to file” and enter the IP address of the TFTP server. Specify the
name of the file to download and select a file on the switch to overwrite or
specify a new file name, then click Apply.

Figure 3-12. Downloading Configuration Settings for Startup

If you download to a new file name using “tftp to startup-config” or “tftp
to file,” the file is automatically set as the start-up configuration file. To use
the new settings, reboot the system via the System/Reset menu.

Note: You can also select any configuration file as the start-up

configuration by using the System/File/Set Start-Up page.

3-29

C

ONFIGURING THE SWITCH

Figure 3-13. Setting the Startup Configuration Settings

CLI – Enter the IP address of the TFTP server, specify the source file on

the server, set the startup file name on the switch, and then restart the
switch.

Console#copy tftp startup-config 4-88
TFTP server ip address: 192.168.1.19
Source configuration file name: config-1
Startup configuration file name [] : startup
\Write to FLASH Programming.

-Write to FLASH finish.
Success.

Console#reload

To select another configuration file as the start-up configuration, use the
boot system command and then restart the switch.

Console#config
Console(config)#boot system config: startup-new 4-95
Console(config)#exit
Console#reload

4-30

This example shows how to download a PoE controller file from a TFTP
server.

Console#copy tftp file 4-82
TFTP server IP address: 10.3.4.50
Choose file type:

1. config: 2. opcode 3. PD_Controller: <1-3>: 3
Source file name: 7012_007.s19
Destination file name: PoE-test
Write to FLASH Programming.
Write to FLASH finish.
Success.
Console#

3-30

B

ASIC CONFIGURATION

This example shows how to copy a PoE controller file from another unit

in the stack.

Console#copy file controller 4-82
Unit <1-2>: 2
Choose controller type:

1. PoE: 2. VDSL: 3. TBD <1-3>: 1
Source file name: PoE-test
Software downloading in progress, please wait...
Unit 1 done
Console#

Console Port Settings

You can access the onboard configuration program by attaching a VT100
compatible device to the switch’s serial console port. Management access
through the console port is controlled by various parameters, including a
password, timeouts, and basic communication settings. These parameters
can be configured via the web or CLI interface.

Command Attributes

• Login Timeout – Sets the interval that the system waits for a user to
log into the CLI. If a login attempt is not detected within the timeout
interval, the connection is terminated for the session.
(Range: 0-300 seconds; Default: 0 seconds)

• Exec Timeout – Sets the interval that the system waits until user input
is detected. If user input is not detected within the timeout interval, the
current session is terminated. (Range: 0-65535 seconds; Default: 600
seconds)

• Password Threshold – Sets the password intrusion threshold, which
limits the number of failed logon attempts. When the logon attempt
threshold is reached, the system interface becomes silent for a specified
amount of time (set by the Silent Time parameter) before allowing the
next logon attempt. (Range: 0-120; Default: 3 attempts)

• Silent Time – Sets the amount of time the management console is
inaccessible after the number of unsuccessful logon attempts has been
exceeded. (Range: 0-65535; Default: 0)

3-31

C

ONFIGURING THE SWITCH

• Data Bits – Sets the number of data bits per character that are
interpreted and generated by the console port. If parity is being
generated, specify 7 data bits per character. If no parity is required,
specify 8 data bits per character. (Default: 8 bits)

• Parity – Defines the generation of a parity bit. Communication
protocols provided by some terminals can require a specific parity bit
setting. Specify Even, Odd, or None. (Default: None)

• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and
receive (from terminal). Set the speed to match the baud rate of the
device connected to the serial port. (Range: 9600, 19200, 38400 baud,
or Auto; Default: Auto)

• Stop Bits – Sets the number of the stop bits transmitted per byte.
(Range: 1-2; Default: 1 stop bit)

• Password

1

– Specifies a password for the line connection. When a
connection is started on a line with password protection, the system
prompts for the password. If you enter the correct password, the
system shows a prompt.
(Default: No password)

• Login

1

– Enables password checking at login. You can select

authentication by a single global password as configured for the
Password parameter, or by passwords set up for specific user-name
accounts. (Default: Local)

Web – Click System, Line, Console. Specify the console port connection
parameters as required, then click Apply.

1.

CLI only.

3-32

B

ASIC CONFIGURATION

Figure 3-14. Console Port Settings

CLI – Enter Line Configuration mode for the console, then specify the

connection parameters as required. To display the current console port
settings, use the show line command from the Normal Exec level.

Console(config)#line console 4-16
Console(config-line)#login local 4-16
Console(config-line)#password 0 secret 4-18
Console(config-line)#timeout login response 0 4-19
Console(config-line)#exec-timeout 0 4-20
Console(config-line)#password-thresh 3 4-21
Console(config-line)#silent-time 60 4-22
Console(config-line)#databits 8 4-22
Console(config-line)#parity none 4-23
Console(config-line)#speed 19200 4-24
Console(config-line)#stopbits 1 4-25
Console(config-line)#end
Console#show line 4-26
Console configuration:

Password threshold: 3 times
Interactive timeout: Disabled
Login timeout: Disabled
Silent time: 60
Baudrate: 19200
Databits: 8
Parity: none
Stopbits: 1

VTY configuration:
Password threshold: 3 times
Interactive timeout: 600 sec
Login timeout: 300 sec
Console#

3-33

C

ONFIGURING THE SWITCH

Telnet Settings

You can access the onboard configuration program over the network using
Telnet (i.e., a virtual terminal). Management access via Telnet can be
enabled/disabled and other various parameters set, including the TCP port
number, timeouts, and a password. These parameters can be configured
via the web or CLI interface.

Command Attributes

• Telnet Status – Enables or disables Telnet access to the switch.

(Default: Enabled)

• Telnet Port Number – Sets the TCP port number for Telnet on the
switch. (Default: 23)

• Login Timeout – Sets the interval that the system waits for a user to
log into the CLI. If a login attempt is not detected within the timeout
interval, the connection is terminated for the session.
(Range: 0-300 seconds; Default: 300 seconds)

• Exec Timeout – Sets the interval that the system waits until user input
is detected. If user input is not detected within the timeout interval, the
current session is terminated. (Range: 0-65535 seconds; Default: 600
seconds)

3-34

B

ASIC CONFIGURATION

• Password Threshold – Sets the password intrusion threshold, which
limits the number of failed logon attempts. When the logon attempt
threshold is reached, the system interface becomes silent for a specified
amount of time (set by the Silent Time parameter) before allowing the
next logon attempt. (Range: 0-120; Default: 3 attempts)

• Password

2

– Specifies a password for the line connection. When a
connection is started on a line with password protection, the system
prompts for the password. If you enter the correct password, the
system shows a prompt. (Default: No password)

• Login

2

– Enables password checking at login. You can select

authentication by a single global password as configured for the
Password parameter, or by passwords set up for specific user-name
accounts. (Default: Local)

Web – Click System, Line, Telnet. Specify the connection parameters for
Telnet access, then click Apply.

Figure 3-15. Enabling Telnet

CLI – Enter Line Configuration mode for a virtual terminal, then specify

the connection parameters as required. To display the current virtual
terminal settings, use the show line command from the Normal Exec
level.

2.

CLI only.

3-35

C

ONFIGURING THE SWITCH

Console(config)#line vty 4-16
Console(config-line)#login local 4-16
Console(config-line)#password 0 secret 4-18
Console(config-line)#timeout login response 300 4-19
Console(config-line)#exec-timeout 600 4-20
Console(config-line)#password-thresh 3 4-21
Console(config-line)#end
Console#show line 4-26
Console configuration:
Password threshold: 3 times

Interactive timeout: Disabled
Login timeout: Disabled
Silent time: Disabled
Baudrate: 9600
Databits: 8
Parity: none
Stopbits: 1

VTY configuration:
Password threshold: 3 times
Interactive timeout: 600 sec
Login timeout: 300 sec
Console#

Configuring Event Logging

The switch allows you to control the logging of error messages, including
the type of events that are recorded in switch memory, logging to a remote
System Log (syslog) server, and displays a list of recent event messages.

Displaying Log Messages

The Logs page allows you to scroll through the logged system and event
messages. The switch can store up to 2048 log entries in temporary
random access memory (RAM; i.e., memory flushed on power reset) and
up to 4096 entries in permanent flash memory.

Web – Click System, Log, Logs.

3-36

B

ASIC CONFIGURATION

Figure 3-16. Displaying Logs

CLI – This example shows the event message stored in RAM.

Console#show log ram 4-65
[1] 00:00:27 2001-01-01
"VLAN 1 link-up notification."
level: 6, module: 5, function: 1, and event no.: 1
[0] 00:00:25 2001-01-01
"System coldStart notification."
level: 6, module: 5, function: 1, and event no.: 1
Console#

System Log Configuration

The system allows you to enable or disable event logging, and specify
which levels are logged to RAM or flash memory.

Severe error messages that are logged to flash memory are permanently
stored in the switch to assist in troubleshooting network problems. Up to
4096 log entries can be stored in the flash memory, with the oldest entries
being overwritten first when the available log memory (256 kilobytes) has
been exceeded.

The System Logs page allows you to configure and limit system messages
that are logged to flash or RAM memory. The default is for event levels 0
to 3 to be logged to flash and levels 0 to 6 to be logged to RAM.

Command Attributes

• System Log Status – Enables/disables the logging of debug or error
messages to the logging process. (Default: Enabled)

3-37

C

ONFIGURING THE SWITCH

• Flash Level – Limits log messages saved to the switch’s permanent
flash memory for all levels up to the specified level. For example, if
level 3 is specified, all messages from level 0 to level 3 will be logged to
flash. (Range: 0-7, Default: 3)

Table 3-3. Logging Levels

Level Severity Name Description

7 Debug Debugging messages

6 Informational Informational messages only

5 Notice Normal but significant condition, such as cold

start

4 Warning Warning conditions (e.g., return false,

unexpected return)

3 Error Error conditions (e.g., invalid input, default used)

2 Critical Critical conditions (e.g., memory allocation, or

free memory error - resource exhausted)

1 Alert Immediate action needed

0 Emergency System unusable

* There are only Level 2, 5 and 6 error messages for the current firmware release.

• RAM Level – Limits log messages saved to the switch’s temporary
RAM memory for all levels up to the specified level. For example, if
level 7 is specified, all messages from level 0 to level 7 will be logged to
RAM. (Range: 0-7, Default: 6)

Note: The Flash Level must be equal to or less than the RAM Level.

Web – Click System, Log, System Logs. Specify System Log Status,

level of event messages to be logged to RAM and flash memory, then click
Apply.

3-38

set the

B

ASIC CONFIGURATION

Figure 3-17. System Logs

CLI – Enable system logging and then specify the level of messages to be

logged to RAM and flash memory. Use the show logging command to
display the current settings.

Console(config)#logging on 4-59
Console(config)#logging history ram 0 4-61
Console(config)#end
Console#show logging flash 4-65
Syslog logging: Enabled
History logging in FLASH: level emergencies
Console#

Remote Log Configuration

The Remote Logs page allows you to configure the logging of messages
that are sent to syslog servers or other management stations. You can also
limit the error messages sent to only those messages below a specified
level.

Command Attributes

• Remote Log Status – Enables/disables the logging of debug or error
messages to the remote logging process. (Default: Enabled)

• Logging Facility – Sets the facility type for remote logging of syslog
messages. There are eight facility types specified by values of 16 to 23.
The facility type is used by the syslog server to dispatch log messages
to an appropriate service.

The attribute specifies the facility type tag sent in syslog messages. (See

3-39

C

ONFIGURING THE SWITCH

RFC 3164.) This type has no effect on the kind of messages reported
by the switch. However, it may be used by the syslog server to process
messages, such as sorting or storing messages in the corresponding
database. (Range: 16-23, Default: 23)

• Logging Trap – Limits log messages that are sent to the remote syslog
server for all levels up to the specified level. For example, if level 3 is
specified, all messages from level 0 to level 3 will be sent to the remote
server. (Range: 0-7, Default: 6)

• Host IP List – Displays the list of remote server IP addresses that
receive the syslog messages. The maximum number of host IP
addresses allowed is five.

• Host IP Address – Specifies a new server IP address to add to the
Host IP List.

Web – Click System, Log, Remote Logs. To add an IP address to the Host
IP List, type the new IP address in the Host IP Address box, and then click
Add. To delete an IP address, click the entry in the Host IP List, and then
click Remove.

3-40

Figure 3-18. Remote Logs

B

ASIC CONFIGURATION

CLI – Enter the syslog server host IP address, choose the facility type and
set the logging trap.

Console(config)#logging host 192.168.1.15 4-63
Console(config)#logging facility 23 4-63
Console(config)#logging trap 4 4-64
Console(config)#end
Console#show logging trap 4-64
Syslog logging: Enabled
REMOTELOG status: Enabled
REMOTELOG facility type: local use 7
REMOTELOG level type: Warning conditions
REMOTELOG server ip address: 192.168.1.15
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
Console#

Simple Mail Transfer Protocol

SMTP (Simple Mail Transfer Protocol) is used to send email messages
between servers. The messages can be retrieved using POP or IMAP
clients.

Command Attributes

• Admin Status – Enables/disables the SMTP function. (Default:
Enabled)

• Email Source Address – This command specifies SMTP servers
email addresses that can send alert messages.

• Severity – Specifies the degree of urgency that the message carries.

• Debugging – Sends a debugging notification. (Level 7)

• Information – Sends informatative notification only. (Level 6)

• Notice – Sends notification of a normal but significant condition,

such as a cold start. (Level 5)

• Warning – Sends notification of a warning condition such as

return false, or unexpected return. (Level 4)

• Error – Sends notification that an error conditions has occurred,

such as invalid input, or default used. (Level 3)

• Critical – Sends notification that a critical condition has occurred,

such as memory allocation, or free memory error - resource

3-41

C

ONFIGURING THE SWITCH

exhausted. (Level 2)

• Alert – Sends urgent notification that immediate action must be
taken. (Level 1)

• Emergency – Sends an emergency notification that the system is
now unusable. (Level 0)

• SMTP Server List – Specifies a list of recipient SMTP servers.

• SMTP Server – Specifies a new SMTP server address to add to the
SMTP Server List.

• Email Destination Address List – Specifies a list of recipient Email
Destination Address.

• Email Destination Address – This command specifies SMTP servers
that may receive alert messages.

Web – Click System, Log, SMTP. To add an IP address to the Server IP
List, type the new IP address in the Server IP Address box, and then click
Add. To delete an IP address, click the entry in the Server IP List, and then
click Remove.

3-42

Figure 3-19. Enabling and Configuring SMTP

B

ASIC CONFIGURATION

CLI – Enter the host ip address, followed by the mail severity level, source
and destination email addresses and enter the sendmail command to
complete the action. Use the show logging command to display SMTP
information.

Console(config)#logging sendmail host 192.168.1.19
Console(config)#logging sendmail level 3
Console(config)#logging sendmail source-email
bill@this-company.com
Console(config)#logging sendmail destination-email
ted@this-company.com
Console(config)#logging sendmail
Console#

Resetting the System

Web – Click System, Reset. Click the Reset button to reboot the switch.

When prompted, confirm that you want reset the switch.

Figure 3-20. Resetting the System

CLI – Use the reload command to restart the switch. When prompted,

confirm that you want to reset the switch.

Console#reload
System will be restarted, continue <y/n>? y

4-30

Note:When restarting the system, it will always run the Power-On
Self-Test.

3-43

C

ONFIGURING THE SWITCH

Setting the System Clock

Simple Network Time Protocol (SNTP) allows the switch to set its internal
clock based on periodic updates from a time server (SNTP or NTP).
Maintaining an accurate time on the switch enables the system log to
record meaningful dates and times for event entries. You can also manually
set the clock using the CLI. (See “calendar set” on page 4-78.) If the clock
is not set, the switch will only record the time from the factory default set
at the last bootup.

When the SNTP client is enabled, the switch periodically sends a request
for a time update to a configured time server. You can configure up to
three time server IP addresses. The switch will attempt to poll each server
in the configured sequence.

Configuring SNTP

You can configure the switch to send time synchronization requests to
time servers.

Command Attributes

• SNTP Client – Configures the switch to operate as an SNTP client.
This requires at least one time server to be specified in the SNTP
Server field. (Default: Disabled)

• SNTP Broadcast Client – Configures the switch to operate as an
SNTP broadcast client. This mode requires no other configuration
settings; the switch will obtain time updates from time server
broadcasts (using the multicast address 224.0.1.1).

• SNTP Poll Interval – Sets the interval between sending requests for
a time update from a time server. (Range: 16-16384 seconds; Default:
16 seconds)

• SNTP Server – Sets the IP address for up to three time servers. The
switch attempts to update the time from the first server, if this fails it
attempts an update from the next server in the sequence.

3-44

B

ASIC CONFIGURATION

Web – Select SNTP, Configuration. Modify any of the required
parameters, and click Apply.

Figure 3-21. SNTP Configuration

CLI – This example configures the switch to operate as an SNTP unicast

client and then displays the current time and settings.

Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2 4-75
Console(config)#sntp poll 60 4-76
Console(config)#sntp client 4-74
Console(config)#exit
Console#show sntp
Current time: Jan 6 14:56:05 2004
Poll interval: 60
Current mode: unicast
SNTP status : Enabled
SNTP server 10.1.0.19 137.82.140.80 128.250.36.2
Current server: 128.250.36.2
Console#

3-45

C

ONFIGURING THE SWITCH

Setting the Time Zone

SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich
Mean Time, or GMT) based on the time at the Earth’s prime meridian,
zero degrees longitude. To display a time corresponding to your local time,
you must indicate the number of hours and minutes your time zone is east
(before) or west (after) of UTC.

Command Attributes

• Current Time – Displays the current time.

• Name – Assigns a name to the time zone. (Range: 1-29 characters)

• Hours (0-12) – The number of hours before/after UTC.

• Minutes (0-59) – The number of minutes before/after UTC.

• Direction – Configures the time zone to be before (east) or after
(west) UTC.

Web – Select SNTP, Clock Time Zone. Set the offset for your time zone
relative to the UTC, and click Apply.

Figure 3-22. Setting the System Clock

CLI - This example shows how to set the time zone for the system clock.

Console(config)#clock timezone Atlantic hours 4 minute 0
before-UTC 4-77
Console(config)#

3-46