SMC Networks SMC6128PL2 User Manual

MANAGEMENT GUIDE

SMC6128PL2

TigerSwitchTM 10/100 24-Port 10/100 Managed Switch with PoE, IP Clustering and 4 Gigabit Ports

TigerSwitch 10/100 Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

20 Mason Irvine, CA 92618 Phone: (949) 679-8000

Pub. # 149100032800A

March 2008

E032008-EK-R04

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

08 by

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack, TigerSwitch, and TigerAccess are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

Limited Warranty

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be

free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC Web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL

NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

About This Guide

Purpose

This guide gives specific information on how to operate and use the management functions of the switch.

Audience

The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).

Conventions

The following conventions are used throughout this guide to show information:

Note: Emphasizes important information or calls your attention to related features or

instructions.

Caution: Alerts you to a potential hazard that could cause loss of data, or damage the

Warning: Alerts you to a potential hazard that could cause personal injury.

Related Publications

The following publication details the hardware features of the switch, including the physical and performance-related characteristics, and how to install the switch:

The Installation Guide

Also, as part of the switch’s software, there is an online web-based help that describes all management related features.

system or equipment.

Revision History

This section summarizes the changes in each revision of this guide.

March 2008 Revision

This is the fourth revision of this guide. This guide is valid for software release v1.1.0.3.

vii

viii

Contents

Chapter 1: Introduction 1-1

Key Features 1-1 Description of Software Features 1-2 System Defaults 1-6

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3 Setting Passwords 2-4 Setting an IP Address 2-4

Manual Configuration 2-4 Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-6 Trap Receivers 2-7 Configuring Access for SNMP Version 3 Clients 2-8

Saving Configuration Settings 2-8

Managing System Files 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1 Navigating the Web Browser Interface 3-2

Home Page 3-2

Configuration Options 3-3 Panel Display 3-3 Main Menu 3-4 Basic Configuration 3-12

Displaying System Information 3-12

Displaying Switch Hardware/Software Versions 3-13

Displaying Bridge Extension Capabilities 3-15

Setting the Switch’s IP Address 3-16

Manual Configuration 3-17

Using DHCP/BOOTP 3-18 Enabling Jumbo Frames 3-19 Managing Firmware 3-19

Downloading System Software from a Server 3-20

Contents

Saving or Restoring Configuration Settings 3-21

Downloading Configuration Settings from a Server 3-22 Console Port Settings 3-23 Telnet Settings 3-25 Configuring Event Logging 3-28

Displaying Log Messages 3-28

System Log Configuration 3-28

Remote Log Configuration 3-30

Simple Mail Transfer Protocol 3-32 Resetting the System 3-34 Setting the System Clock 3-35

Setting the Time Manually 3-35

Configuring SNTP 3-35

Configuring NTP 3-36

Setting the Time Zone 3-38

Simple Network Management Protocol 3-39

Setting Community Access Strings 3-40 Specifying Trap Managers and Trap Types 3-41 Enabling SNMP Agent Status 3-42 Configuring SNMPv3 Management Access 3-43

Setting the Local Engine ID 3-43

Specifying a Remote Engine ID 3-44 Configuring SNMPv3 Users 3-44 Configuring Remote SNMPv3 Users 3-46 Configuring SNMPv3 Groups 3-47 Setting SNMPv3 Views 3-50

User Authentication 3-52

Configuring User Accounts 3-52 Configuring Local/Remote Logon Authentication 3-54 Configuring Encryption Keys 3-58

AAA Authorization and Accounting 3-60

Configuring AAA RADIUS Group Settings 3-61 Configuring AAA TACACS+ Group Settings 3-61 Configuring AAA Accounting 3-62 AAA Accounting Update 3-64 AAA Accounting 802.1X Port Settings 3-65 AAA Accounting Exec Command Privileges 3-66 AAA Accounting Exec Settings 3-67 AAA Accounting Summary 3-67 Authorization Settings 3-69 Authorization EXEC Settings 3-70 Authorization Summary 3-70 Configuring HTTPS 3-71 Replacing the Default Secure-site Certificate 3-72 Configuring the Secure Shell 3-74

Contents

Configuring the SSH Server 3-76 Generating the Host Key Pair 3-77

Importing User Public Keys 3-79 Configuring Port Security 3-82 Configuring 802.1X Port Authentication 3-83

Displaying 802.1X Global Settings 3-85

Configuring 802.1X Global Settings 3-86

Configuring Port Settings for 802.1X 3-86

Displaying 802.1X Statistics 3-89 Web Authentication 3-90

Configuring Web Authentication 3-91

Configuring Web Authentication for Ports 3-92

Displaying Web Authentication Port Information 3-93

Re-authenticating Web Authenticated Ports 3-94 Network Access – MAC Address Authentication 3-95

Configuring the MAC Authentication Reauthentication Time 3-96

Configuring MAC Authentication for Ports 3-97

Configuring Port Link Detection 3-98

Displaying Secure MAC Address Information 3-99 MAC Authentication 3-101

Configuring MAC authentication parameters for ports 3-101

Access Control Lists 3-102

Configuring Access Control Lists 3-102

Setting the ACL Name and Type 3-102

Configuring a Standard IP ACL 3-103

Configuring an Extended IP ACL 3-104

Configuring a MAC ACL 3-107 Binding a Port to an Access Control List 3-109 Filtering IP Addresses for Management Access 3-110

Port Configuration 3-112

Displaying Connection Status 3-112 Configuring Interface Connections 3-114 Creating Trunk Groups 3-116

Statically Configuring a Trunk 3-117

Enabling LACP on Selected Ports 3-118

Configuring LACP Parameters 3-120

Displaying LACP Port Counters 3-122

Displaying LACP Settings and Status for the Local Side 3-124

Displaying LACP Settings and Status for the Remote Side 3-126 Setting Broadcast Storm Thresholds 3-127 Configuring Port Mirroring 3-129 Configuring Rate Limits 3-130

Rate Limit Configuration 3-130 Showing Port Statistics 3-131

Power Over Ethernet Settings 3-135

iii

Contents

Switch Power Status 3-136 Setting a Switch Power Budget 3-137 Displaying Port Power Status 3-137 Configuring Port PoE Power 3-138

Address Table Settings 3-140

Setting Static Addresses 3-140 Displaying the Address Table 3-141 Changing the Aging Time 3-142

Spanning Tree Algorithm Configuration 3-143

Configuring Port and Trunk Loopback Detection 3-145 Displaying Global Settings 3-146 Configuring Global Settings 3-148 Displaying Interface Settings 3-152 Configuring Interface Settings 3-155 Configuring Multiple Spanning Trees 3-157 Displaying Interface Settings for MSTP 3-160 Configuring Interface Settings for MSTP 3-162

VLAN Configuration 3-163

IEEE 802.1Q VLANs 3-163

Enabling or Disabling GVRP (Global Setting) 3-166 Displaying Basic VLAN Information 3-167 Displaying Current VLANs 3-168 Creating VLANs 3-169 Adding Static Members to VLANs (VLAN Index) 3-170 Adding Static Members to VLANs (Port Index) 3-172 Configuring VLAN Behavior for Interfaces 3-173

Configuring IEEE 802.1Q Tunneling 3-175

Enabling QinQ Tunneling on the Switch 3-178 Adding an Interface to a QinQ Tunnel 3-180

Private VLANs 3-181

Displaying Current Private VLANs 3-182 Configuring Private VLANs 3-183 Associating VLANs 3-184 Displaying Private VLAN Interface Information 3-184 Configuring Private VLAN Interfaces 3-185

Protocol VLANs 3-187

Protocol VLAN Group Configuration 3-187 Protocol VLAN System Configuration 3-188

Link Layer Discovery Protocol 3-189

Setting LLDP Timing Attributes 3-189 Configuring LLDP Interface Attributes 3-191 Displaying LLDP Local Device Information 3-194 Displaying LLDP Remote Port Information 3-195 Displaying LLDP Remote Information Details 3-196 Displaying Device Statistics 3-197

Contents

Displaying Detailed Device Statistics 3-198

Class of Service Configuration 3-199

Layer 2 Queue Settings 3-199

Setting the Default Priority for Interfaces 3-199

Mapping CoS Values to Egress Queues 3-201

Enabling CoS 3-202

Selecting the Queue Mode 3-203

Setting the Service Weight for Traffic Classes 3-203 Layer 3/4 Priority Settings 3-204

Mapping Layer 3/4 Priorities to CoS Values 3-204

Enabling IP DSCP Priority 3-205

Mapping DSCP Priority 3-206

Quality of Service 3-207

Configuring Quality of Service Parameters 3-208

Configuring a Class Map 3-208

Creating QoS Policies 3-211

Attaching a Policy Map to Ingress Queues 3-214

VoIP Traffic Configuration 3-215

Configuring VoIP Traffic 3-215 Configuring VoIP Traffic Port 3-216 Configuring Telephony OUI 3-219

Multicast Filtering 3-220

Layer 2 IGMP (Snooping and Query) 3-220

Configuring IGMP Snooping and Query Parameters 3-221

Enabling IGMP Immediate Leave 3-223

Displaying Interfaces Attached to a Multicast Router 3-225

Specifying Static Interfaces for a Multicast Router 3-226

Displaying Port Members of Multicast Services 3-227

Assigning Ports to Multicast Services 3-228 IGMP Filtering and Throttling 3-229

Enabling IGMP Filtering and Throttling 3-229

Configuring IGMP Filter Profiles 3-230

Configuring IGMP Filtering and Throttling for Interfaces 3-232

Multicast VLAN Registration 3-234

Configuring Global MVR Settings 3-235 Displaying MVR Interface Status 3-236 Displaying Port Members of Multicast Groups 3-237 Configuring MVR Interface Status 3-238 Assigning Static Multicast Groups to Interfaces 3-239

DHCP Snooping 3-240

DHCP Snooping Configuration 3-241 DHCP Snooping VLAN Configuration 3-242 DHCP Snooping Information Option Configuration 3-243 DHCP Snooping Port Configuration 3-244 DHCP Snooping Binding Information 3-245

Contents

IP Source Guard 3-246

IP Source Guard Port Configuration 3-246 Static IP Source Guard Binding Configuration 3-247 Dynamic IP Source Guard Binding Information 3-249

Switch Clustering 3-250

Cluster Configuration 3-250 Cluster Member Configuration 3-251 Cluster Member Information 3-252 Cluster Candidate Information 3-253

UPnP 3-254

UPnP Configuration 3-254

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1 Console Connection 4-1 Telnet Connection 4-2

Entering Commands 4-3

Keywords and Arguments 4-3 Minimum Abbreviation 4-3 Command Completion 4-3 Getting Help on Commands 4-3 Showing Commands 4-4 Partial Keyword Lookup 4-5 Negating the Effect of Commands 4-5 Using Command History 4-5 Understanding Command Modes 4-5 Exec Commands 4-6 Configuration Commands 4-7

Command Line Processing 4-8 Command Groups 4-9 Line Commands 4-10

line 4-11

password 4-12

timeout login response 4-13

exec-timeout 4-14

password-thresh 4-14

silent-time 4-15

databits 4-16

parity 4-16

speed 4-17

stopbits 4-17

disconnect 4-18

Contents

show line 4-18

General Commands 4-19

enable 4-20 disable 4-20 configure 4-21 show history 4-21 reload 4-22 reload cancel 4-23 show reload 4-23 end 4-24 exit 4-24 quit 4-25

System Management Commands 4-25

Device Designation Commands 4-26

prompt 4-26 hostname 4-26

Banner 4-27

banner configure 4-28 banner configure company 4-29 banner configure dc-power-info 4-30 banner configure department 4-31 banner configure equipment-info 4-31 banner configure equipment-location 4-32 banner configure ip-lan 4-33 banner configure lp-number 4-33 banner configure manager-info 4-34 banner configure mux 4-35 banner configure note 4-35 show banner 4-36

User Access Commands 4-37

username 4-37 enable password 4-38

IP Filter Commands 4-39

management 4-39 show management 4-40

Web Server Commands 4-41

ip http port 4-41 ip http server 4-41 ip http secure-server 4-42 ip http secure-port 4-43

Telnet Server Commands 4-44

ip telnet port 4-44 ip telnet server 4-44

Secure Shell Commands 4-45

ip ssh server 4-47

vii

Contents

ip ssh timeout 4-48 ip ssh authentication-retries 4-48 ip ssh server-key size 4-49 delete public-key 4-49 ip ssh crypto host-key generate 4-50 ip ssh crypto zeroize 4-50 ip ssh save host-key 4-51 show ip ssh 4-51 show ssh 4-52 show public-key 4-53

Event Logging Commands 4-54

logging on 4-54 logging history 4-55 logging host 4-56 logging facility 4-56 logging trap 4-57 clear logging 4-57 show logging 4-58 show log 4-59

SMTP Alert Commands 4-60

logging sendmail host 4-60 logging sendmail level 4-61 logging sendmail source-email 4-62 logging sendmail destination-email 4-62 logging sendmail 4-63 show logging sendmail 4-63

Time Commands 4-64

sntp client 4-64 sntp server 4-65 sntp poll 4-66 show sntp 4-66 ntp client 4-67 ntp server 4-68 ntp poll 4-69 ntp authenticate 4-69 ntp authentication-key 4-70 show ntp 4-71 clock timezone-predefined 4-71 clock timezone 4-72 clock summer-time (date) 4-73 clock summer-time (predefined) 4-74 clock summer-time (recurring) 4-75 calendar set 4-76 show calendar 4-76

System Status Commands 4-77

viii

Contents

show startup-config 4-77 show running-config 4-79 show system 4-81 show users 4-81 show version 4-82

Frame Size Commands 4-83

jumbo frame 4-83

Flash/File Commands 4-84

copy 4-84 delete 4-87 dir 4-88 whichboot 4-89 boot system 4-89

Authentication Commands 4-90

Authentication Sequence 4-90

authentication login 4-91 authentication enable 4-92

RADIUS Client 4-93

radius-server host 4-94 radius-server acct-port 4-94 radius-server auth-port 4-95 radius-server key 4-95 radius-server retransmit 4-96 radius-server timeout 4-96 show radius-server 4-96

TACACS+ Client 4-97

tacacs-server host 4-98 tacacs-server port 4-98 tacacs-server key 4-99 tacacs-server retransmit 4-99 tacacs-server timeout 4-100 show tacacs-server 4-100

AAA Commands 4-101

aaa group server 4-101 server 4-102 aaa accounting dot1x 4-102 aaa accounting exec 4-103 aaa accounting commands 4-104 aaa accounting update 4-105 accounting dot1x 4-106 accounting exec 4-106 accounting commands 4-107 aaa authorization exec 4-107 authorization exec 4-108 show accounting 4-109

Contents

Port Security Commands 4-110

port security 4-110

802.1X Port Authentication 4-112 dot1x system-auth-control 4-112 dot1x default 4-113 dot1x max-req 4-113 dot1x port-control 4-113 dot1x operation-mode 4-114 dot1x re-authenticate 4-115 dot1x re-authentication 4-115 dot1x timeout quiet-period 4-115 dot1x timeout re-authperiod 4-116 dot1x timeout tx-period 4-116 dot1x intrusion-action 4-117 show dot1x 4-117

Network Access – MAC Address Authentication 4-121

network-access mode 4-122 network-access max-mac-count 4-123 mac-authentication intrusion-action 4-123 mac-authentication max-mac-count 4-124 network-access dynamic-qos 4-124 network-access dynamic-vlan 4-125 network-access guest-vlan 4-125 network-access link-detection 4-126 network-access link-detection link-down 4-126 network-access link-detection link-up 4-127 network-access link-detection link-up-down 4-127 mac-authentication reauth-time 4-128 clear network-access 4-129 show network-access 4-129 show network-access mac-address-table 4-130

Web Authentication 4-131

web-auth login-attempts 4-132 web-auth login-fail-page-url 4-132 web-auth login-page-url 4-133 web-auth login-success-page-url 4-133 web-auth quiet-period 4-134 web-auth session-timeout 4-134 web-auth system-auth-control 4-135 web-auth 4-135 show web-auth 4-136 show web-auth interface 4-136 web-auth re-authenticate (Port) 4-137 web-auth re-authenticate (IP) 4-137 show web-auth summary 4-138

Contents

Access Control List Commands 4-139

IP ACLs 4-140

access-list ip 4-140 permit, deny (Standard ACL) 4-141 permit, deny (Extended ACL) 4-142 show ip access-list 4-143 ip access-group 4-144 show ip access-group 4-144

MAC ACLs 4-145

access-list mac 4-145 permit, deny (MAC ACL) 4-146 show mac access-list 4-147 mac access-group 4-148 show mac access-group 4-148

ACL Information 4-149

show access-list 4-149 show access-group 4-149

SNMP Commands 4-150

snmp-server 4-150 show snmp 4-151 snmp-server community 4-152 snmp-server contact 4-152 snmp-server location 4-153 snmp-server host 4-153 snmp-server enable traps 4-155 snmp-server engine-id 4-156 show snmp engine-id 4-157 snmp-server view 4-158 show snmp view 4-159 snmp-server group 4-159 show snmp group 4-161 snmp-server user 4-162 show snmp user 4-163

Interface Commands 4-166

interface 4-166 description 4-167 speed-duplex 4-167 negotiation 4-168 capabilities 4-169 flowcontrol 4-170 shutdown 4-171 switchport packet-rate 4-172 clear counters 4-172 show interfaces status 4-173 show interfaces counters 4-174

Contents

show interfaces switchport 4-175

Mirror Port Commands 4-177

port monitor 4-177 show port monitor 4-178

Rate Limit Commands 4-179

rate-limit 4-179

Link Aggregation Commands 4-180

channel-group 4-181 lacp 4-181 lacp system-priority 4-183 lacp admin-key (Ethernet Interface) 4-183 lacp admin-key (Port Channel) 4-184 lacp port-priority 4-185 show lacp 4-186

Power over Ethernet Commands 4-190

power mainpower maximum allocation 4-190 power inline compatible 4-191 power inline 4-192 power inline maximum allocation 4-192 power inline priority 4-193 show power inline status 4-194 show power mainpower 4-195

Address Table Commands 4-195

mac-address-table static 4-196 clear mac-address-table dynamic 4-197 show mac-address-table 4-197 mac-address-table aging-time 4-198 show mac-address-table aging-time 4-198

Spanning Tree Commands 4-199

spanning-tree 4-200 spanning-tree mode 4-200 spanning-tree forward-time 4-202 spanning-tree hello-time 4-202 spanning-tree max-age 4-203 spanning-tree priority 4-204 spanning-tree pathcost method 4-204 spanning-tree transmission-limit 4-205 spanning-tree mst-configuration 4-205 mst vlan 4-206 mst priority 4-207 name 4-207 revision 4-208 max-hops 4-208 spanning-tree spanning-disabled 4-209 spanning-tree cost 4-209

xii

Contents

spanning-tree port-priority 4-210 spanning-tree edge-port 4-211 spanning-tree portfast 4-212 spanning-tree link-type 4-212 spanning-tree loopback-detection 4-213 spanning-tree loopback-detection release-mode 4-214 spanning-tree loopback-detection trap 4-214 spanning-tree mst cost 4-215 spanning-tree mst port-priority 4-216 spanning-tree protocol-migration 4-217 show spanning-tree 4-217 show spanning-tree mst configuration 4-219

VLAN Commands 4-219

GVRP and Bridge Extension Commands 4-220

bridge-ext gvrp 4-220 show bridge-ext 4-221 switchport gvrp 4-221 show gvrp configuration 4-222 garp timer 4-222 show garp timer 4-223

Editing VLAN Groups 4-224

vlan database 4-224 vlan 4-225

Configuring VLAN Interfaces 4-226

interface vlan 4-226 switchport mode 4-227 switchport acceptable-frame-types 4-227 switchport ingress-filtering 4-228 switchport native vlan 4-229 switchport allowed vlan 4-230 switchport forbidden vlan 4-231

Displaying VLAN Information 4-232

show vlan 4-232

Configuring IEEE 802.1Q Tunneling 4-233

dot1q-tunnel system-tunnel-control 4-234 switchport dot1q-tunnel mode 4-234 switchport dot1q-tunnel tpid 4-235 show dot1q-tunnel 4-236

Configuring Private VLANs 4-236

private-vlan 4-238 private vlan association 4-239 switchport mode private-vlan 4-239 switchport private-vlan host-association 4-240 switchport private-vlan isolated 4-241 switchport private-vlan mapping 4-241

xiii

Contents

show vlan private-vlan 4-242

Configuring Protocol-based VLANs 4-243

protocol-vlan protocol-group (Configuring Groups) 4-244 protocol-vlan protocol-group (Configuring VLANs) 4-244 show protocol-vlan protocol-group 4-245 show protocol-vlan protocol-group-vid 4-246

LLDP Commands 4-246

lldp 4-248 lldp holdtime-multiplier 4-248 lldp medFastStartCount 4-249 lldp notification-interval 4-249 lldp refresh-interval 4-250 lldp reinit-delay 4-251 lldp tx-delay 4-251 lldp admin-status 4-252 lldp notification 4-252 lldp mednotification 4-253 lldp basic-tlv management-ip-address 4-254 lldp basic-tlv port-description 4-255 lldp basic-tlv system-capabilities 4-255 lldp basic-tlv system-description 4-256 lldp basic-tlv system-name 4-256 lldp dot1-tlv proto-ident 4-257 lldp dot1-tlv proto-vid 4-257 lldp dot1-tlv pvid 4-258 lldp dot1-tlv vlan-name 4-258 lldp dot3-tlv link-agg 4-259 lldp dot3-tlv mac-phy 4-259 lldp dot3-tlv max-frame 4-260 lldp dot3-tlv poe 4-260 lldp medtlv extpoe 4-261 lldp medtlv inventory 4-261 lldp medtlv location 4-262 lldp medtlv med-cap 4-262 lldp medtlv network-policy 4-263 show lldp config 4-263 show lldp info local-device 4-265 show lldp info remote-device 4-266 show lldp info statistics 4-267

Priority Commands 4-268

Priority Commands (Layer 2) 4-268

queue mode 4-268 switchport priority default 4-269 queue bandwidth 4-270 queue cos-map 4-271

xiv

Contents

show queue mode 4-272 show queue bandwidth 4-272 show queue cos-map 4-272

Priority Commands (Layer 3 and 4) 4-273

map ip dscp (Global Configuration) 4-273 map ip dscp (Interface Configuration) 4-274 show map ip dscp 4-275

Quality of Service Commands 4-276

class-map 4-277 match 4-278 policy-map 4-279 class 4-279 set 4-280 police 4-281 service-policy 4-282 show class-map 4-283 show policy-map 4-283 show policy-map interface 4-284

Voice VLAN Commands 4-284

voice vlan 4-285 voice vlan aging 4-286 voice vlan mac-address 4-286 switchport voice vlan 4-287 switchport voice vlan rule 4-288 switchport voice vlan security 4-288 switchport voice vlan priority 4-289 show voice vlan 4-290

Multicast Filtering Commands 4-291

IGMP Snooping Commands 4-291

ip igmp snooping 4-292 ip igmp snooping vlan static 4-292 ip igmp snooping version 4-293 ip igmp snooping leave-proxy 4-293 ip igmp snooping immediate-leave 4-294 show ip igmp snooping 4-295 show mac-address-table multicast 4-295

IGMP Query Commands (Layer 2) 4-296

ip igmp snooping querier 4-296 ip igmp snooping query-count 4-297 ip igmp snooping query-interval 4-297 ip igmp snooping query-max-response-time 4-298 ip igmp snooping router-port-expire-time 4-299

Static Multicast Routing Commands 4-299

ip igmp snooping vlan mrouter 4-300 show ip igmp snooping mrouter 4-300

Contents

IGMP Filtering and Throttling Commands 4-301

ip igmp filter (Global Configuration) 4-302 ip igmp profile 4-302 permit, deny 4-303 range 4-303 ip igmp filter (Interface Configuration) 4-304 ip igmp max-groups 4-305 ip igmp max-groups action 4-305 show ip igmp filter 4-306 show ip igmp profile 4-307 show ip igmp throttle interface 4-307

Multicast VLAN Registration Commands 4-308

mvr (Global Configuration) 4-308 mvr (Interface Configuration) 4-309 show mvr 4-311

IP Interface Commands 4-313

ip address 4-314 ip default-gateway 4-315 ip dhcp restart 4-315 show ip interface 4-316 show ip redirects 4-316 ping 4-317

IP Source Guard Commands 4-318

ip source-guard 4-318 ip source-guard binding 4-320 show ip source-guard 4-321 show ip source-guard binding 4-321

DHCP Snooping Commands 4-322

ip dhcp snooping 4-322 ip dhcp snooping vlan 4-324 ip dhcp snooping trust 4-325 ip dhcp snooping verify mac-address 4-325 ip dhcp snooping information option 4-326 ip dhcp snooping information policy 4-327 ip dhcp snooping database flash 4-327 show ip dhcp snooping 4-328 show ip dhcp snooping binding 4-328

Switch Cluster Commands 4-328

cluster 4-329 cluster commander 4-329 cluster ip-pool 4-330 cluster member 4-331 rcommand 4-331 show cluster 4-332 show cluster members 4-332

xvi

Contents

show cluster candidates 4-332

UPnP Commands 4-333

upnp device 4-333 upnp device ttl 4-334 upnp device advertise duration 4-334 show upnp 4-335

Appendix A: Software Specifications A-1

Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1 Using System Logs B-2

Glossary

Index

xvii

Contents

xviii

Tables

Table 1-1 Key Features 1-1 Table 1-2 System Defaults 1-6 Table 3-1 Configuration Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-29 Table 3-5 Supported Notification Messages 3-47 Table 3-6 HTTPS System Support 3-71 Table 3-7 802.1X Statistics 3-89 Table 3-8 LACP Port Counters 3-122 Table 3-9 LACP Internal Configuration Information 3-124 Table 3-10 LACP Neighbor Configuration Information 3-126 Table 3-11 Port Statistics 3-131 Table 3-12 Mapping CoS Values to Egress Queues 3-201 Table 3-13 CoS Priority Levels 3-201 Table 3-14 Mapping DSCP Priority Values 3-206 Table 4-1 Command Modes 4-6 Table 4-2 Configuration Modes 4-7 Table 4-3 Command Line Processing 4-8 Table 4-4 Command Groups 4-9 Table 4-5 Line Commands 4-10 Table 4-6 General Commands 4-19 Table 4-7 System Management Commands 4-25 Table 4-8 Device Designation Commands 4-26 Table 4-9 Banner Commands 4-27 Table 4-10 User Access Commands 4-37 Table 4-11 Default Login Settings 4-37 Table 4-12 IP Filter Commands 4-39 Table 4-13 Web Server Commands 4-41 Table 4-14 HTTPS System Support 4-42 Table 4-15 Telnet Server Commands 4-44 Table 4-16 SSH Commands 4-45 Table 4-17 show ssh - display description 4-52 Table 4-18 Event Logging Commands 4-54 Table 4-19 Logging Levels 4-55 Table 4-20 show logging flash/ram - display description 4-58 Table 4-21 show logging trap - display description 4-59 Table 4-22 SMTP Alert Commands 4-60 Table 4-23 Time Commands 4-64 Table 4-24 Predefined Summer-Time Parameters 4-74 Table 4-25 System Status Commands 4-77 Table 4-26 Frame Size Commands 4-83 Table 4-27 Flash/File Commands 4-84

xix

Tables

Table 4-28 File Directory Information 4-88 Table 4-29 Authentication Commands 4-90 Table 4-30 Authentication Sequence 4-90 Table 4-31 RADIUS Client Commands 4-93 Table 4-32 TACACS Commands 4-97 Table 4-34 Port Security Commands 4-110 Table 4-35 802.1X Port Authentication 4-112 Table 4-36 Network Access 4-121 Table 4-37 Web Authentication 4-131 Table 4-38 Access Control Lists 4-139 Table 4-39 IP ACLs 4-140 Table 4-40 MAC ACL Commands 4-145 Table 4-41 ACL Information 4-149 Table 4-42 SNMP Commands 4-150 Table 4-43 show snmp engine-id - display description 4-157 Table 4-44 show snmp view - display description 4-159 Table 4-45 show snmp group - display description 4-162 Table 4-46 show snmp user - display description 4-164 Table 4-47 Interface Commands 4-166 Table 4-48 Interfaces Switchport Statistics 4-176 Table 4-49 Mirror Port Commands 4-177 Table 4-50 Rate Limit Commands 4-179 Table 4-51 Link Aggregation Commands 4-180 Table 4-52 show lacp counters - display description 4-187 Table 4-53 show lacp internal - display description 4-187 Table 4-54 show lacp neighbors - display description 4-189 Table 4-55 show lacp sysid - display description 4-189 Table 4-59 Address Table Commands 4-195 Table 4-60 Spanning Tree Commands 4-199 Table 4-61 VLANs 4-219 Table 4-62 GVRP and Bridge Extension Commands 4-220 Table 4-63 Editing VLAN Groups 4-224 Table 4-64 Configuring VLAN Interfaces 4-226 Table 4-65 Show VLAN Commands 4-232 Table 4-66 IEEE 802.1Q Tunneling Commands 4-233 Table 4-67 Private VLAN Commands 4-237 Table 4-68 Protocol-based VLAN Commands 4-243 Table 4-69 LLDP Commands 4-246 Table 4-70 Priority Commands 4-268 Table 4-71 Priority Commands (Layer 2) 4-268 Table 4-72 Default CoS Values to Egress Queues 4-271 Table 4-73 Priority Commands (Layer 3 and 4) 4-273 Table 4-74 IP DSCP to CoS Vales 4-274 Table 4-75 Quality of Service Commands 4-276 Table 4-76 Voice VLAN Commands 4-284

Tables

Table 4-77 Multicast Filtering Commands 4-291 Table 4-78 IGMP Snooping Commands 4-291 Table 4-79 IGMP Query Commands (Layer 2) 4-296 Table 4-80 Static Multicast Routing Commands 4-299 Table 4-81 IGMP Filtering and Throttling Commands 4-301 Table 4-82 Multicast VLAN Registration Commands 4-308 Table 4-83 show mvr - display description 4-312 Table 4-84 show mvr interface - display description 4-312 Table 4-85 show mvr members - display description 4-313 Table 4-86 IP Interface Commands 4-313 Table 4-87 IP Source Guard Commands 4-318 Table 4-88 DHCP Snooping Commands 4-322 Table 4-89 Switch Cluster Commands 4-328 Table B-1 Troubleshooting Chart B-1

xxi

Tables

xxii

+ 634 hidden pages