MANAGEMENT GUIDE
SMC6128PL2 |
TigerSwitchTM 10/100 |
|
24-Port 10/100 Managed Switch with |
|
PoE, IP Clustering and 4 Gigabit Ports |
|
|
TigerSwitch 10/100
Management Guide
From SMC’s Tiger line of feature-rich workgroup LAN solutions
20 Mason |
March 2008 |
|
Irvine, CA 92618 |
||
Pub. # 149100032800A |
||
Phone: (949) 679-8000 |
E032008-EK-R04 |
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.
Copyright © 2008 by SMC Networks, Inc.
20 Mason
Irvine, CA 92618
All rights reserved. Printed in Taiwan
Trademarks:
SMC is a registered trademark; and EZ Switch, TigerStack, TigerSwitch, and TigerAccess are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
Limited Warranty
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.
The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC Web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.
All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.
Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL
v
NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.
SMC Networks, Inc.
20 Mason
Irvine, CA 92618
vi
About This Guide
Purpose
This guide gives specific information on how to operate and use the management functions of the switch.
Audience
The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Conventions
The following conventions are used throughout this guide to show information:
Note: Emphasizes important information or calls your attention to related features or instructions.
Caution: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment.
Warning: Alerts you to a potential hazard that could cause personal injury.
Related Publications
The following publication details the hardware features of the switch, including the physical and performance-related characteristics, and how to install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help that describes all management related features.
Revision History
This section summarizes the changes in each revision of this guide.
March 2008 Revision
This is the fourth revision of this guide. This guide is valid for software release v1.1.0.3.
vii
viii
Contents
Chapter 1: Introduction |
1-1 |
Key Features |
1-1 |
Description of Software Features |
1-2 |
System Defaults |
1-6 |
Chapter 2: Initial Configuration |
2-1 |
Connecting to the Switch |
2-1 |
Configuration Options |
2-1 |
Required Connections |
2-2 |
Remote Connections |
2-3 |
Basic Configuration |
2-3 |
Console Connection |
2-3 |
Setting Passwords |
2-4 |
Setting an IP Address |
2-4 |
Manual Configuration |
2-4 |
Dynamic Configuration |
2-5 |
Enabling SNMP Management Access |
2-6 |
Community Strings (for SNMP version 1 and 2c clients) |
2-6 |
Trap Receivers |
2-7 |
Configuring Access for SNMP Version 3 Clients |
2-8 |
Saving Configuration Settings |
2-8 |
Managing System Files |
2-9 |
Chapter 3: Configuring the Switch |
3-1 |
Using the Web Interface |
3-1 |
Navigating the Web Browser Interface |
3-2 |
Home Page |
3-2 |
Configuration Options |
3-3 |
Panel Display |
3-3 |
Main Menu |
3-4 |
Basic Configuration |
3-12 |
Displaying System Information |
3-12 |
Displaying Switch Hardware/Software Versions |
3-13 |
Displaying Bridge Extension Capabilities |
3-15 |
Setting the Switch’s IP Address |
3-16 |
Manual Configuration |
3-17 |
Using DHCP/BOOTP |
3-18 |
Enabling Jumbo Frames |
3-19 |
Managing Firmware |
3-19 |
Downloading System Software from a Server |
3-20 |
i
Contents
Saving or Restoring Configuration Settings |
3-21 |
Downloading Configuration Settings from a Server |
3-22 |
Console Port Settings |
3-23 |
Telnet Settings |
3-25 |
Configuring Event Logging |
3-28 |
Displaying Log Messages |
3-28 |
System Log Configuration |
3-28 |
Remote Log Configuration |
3-30 |
Simple Mail Transfer Protocol |
3-32 |
Resetting the System |
3-34 |
Setting the System Clock |
3-35 |
Setting the Time Manually |
3-35 |
Configuring SNTP |
3-35 |
Configuring NTP |
3-36 |
Setting the Time Zone |
3-38 |
Simple Network Management Protocol |
3-39 |
Setting Community Access Strings |
3-40 |
Specifying Trap Managers and Trap Types |
3-41 |
Enabling SNMP Agent Status |
3-42 |
Configuring SNMPv3 Management Access |
3-43 |
Setting the Local Engine ID |
3-43 |
Specifying a Remote Engine ID |
3-44 |
Configuring SNMPv3 Users |
3-44 |
Configuring Remote SNMPv3 Users |
3-46 |
Configuring SNMPv3 Groups |
3-47 |
Setting SNMPv3 Views |
3-50 |
User Authentication |
3-52 |
Configuring User Accounts |
3-52 |
Configuring Local/Remote Logon Authentication |
3-54 |
Configuring Encryption Keys |
3-58 |
AAA Authorization and Accounting |
3-60 |
Configuring AAA RADIUS Group Settings |
3-61 |
Configuring AAA TACACS+ Group Settings |
3-61 |
Configuring AAA Accounting |
3-62 |
AAA Accounting Update |
3-64 |
AAA Accounting 802.1X Port Settings |
3-65 |
AAA Accounting Exec Command Privileges |
3-66 |
AAA Accounting Exec Settings |
3-67 |
AAA Accounting Summary |
3-67 |
Authorization Settings |
3-69 |
Authorization EXEC Settings |
3-70 |
Authorization Summary |
3-70 |
Configuring HTTPS |
3-71 |
Replacing the Default Secure-site Certificate |
3-72 |
Configuring the Secure Shell |
3-74 |
ii
|
|
|
Contents |
Configuring the SSH Server |
3-76 |
Generating the Host Key Pair |
3-77 |
Importing User Public Keys |
3-79 |
Configuring Port Security |
3-82 |
Configuring 802.1X Port Authentication |
3-83 |
Displaying 802.1X Global Settings |
3-85 |
Configuring 802.1X Global Settings |
3-86 |
Configuring Port Settings for 802.1X |
3-86 |
Displaying 802.1X Statistics |
3-89 |
Web Authentication |
3-90 |
Configuring Web Authentication |
3-91 |
Configuring Web Authentication for Ports |
3-92 |
Displaying Web Authentication Port Information |
3-93 |
Re-authenticating Web Authenticated Ports |
3-94 |
Network Access – MAC Address Authentication |
3-95 |
Configuring the MAC Authentication Reauthentication Time |
3-96 |
Configuring MAC Authentication for Ports |
3-97 |
Configuring Port Link Detection |
3-98 |
Displaying Secure MAC Address Information |
3-99 |
MAC Authentication |
3-101 |
Configuring MAC authentication parameters for ports |
3-101 |
Access Control Lists |
3-102 |
Configuring Access Control Lists |
3-102 |
Setting the ACL Name and Type |
3-102 |
Configuring a Standard IP ACL |
3-103 |
Configuring an Extended IP ACL |
3-104 |
Configuring a MAC ACL |
3-107 |
Binding a Port to an Access Control List |
3-109 |
Filtering IP Addresses for Management Access |
3-110 |
Port Configuration |
3-112 |
Displaying Connection Status |
3-112 |
Configuring Interface Connections |
3-114 |
Creating Trunk Groups |
3-116 |
Statically Configuring a Trunk |
3-117 |
Enabling LACP on Selected Ports |
3-118 |
Configuring LACP Parameters |
3-120 |
Displaying LACP Port Counters |
3-122 |
Displaying LACP Settings and Status for the Local Side |
3-124 |
Displaying LACP Settings and Status for the Remote Side |
3-126 |
Setting Broadcast Storm Thresholds |
3-127 |
Configuring Port Mirroring |
3-129 |
Configuring Rate Limits |
3-130 |
Rate Limit Configuration |
3-130 |
Showing Port Statistics |
3-131 |
Power Over Ethernet Settings |
3-135 |
iii
Contents
Switch Power Status |
3-136 |
Setting a Switch Power Budget |
3-137 |
Displaying Port Power Status |
3-137 |
Configuring Port PoE Power |
3-138 |
Address Table Settings |
3-140 |
Setting Static Addresses |
3-140 |
Displaying the Address Table |
3-141 |
Changing the Aging Time |
3-142 |
Spanning Tree Algorithm Configuration |
3-143 |
Configuring Port and Trunk Loopback Detection |
3-145 |
Displaying Global Settings |
3-146 |
Configuring Global Settings |
3-148 |
Displaying Interface Settings |
3-152 |
Configuring Interface Settings |
3-155 |
Configuring Multiple Spanning Trees |
3-157 |
Displaying Interface Settings for MSTP |
3-160 |
Configuring Interface Settings for MSTP |
3-162 |
VLAN Configuration |
3-163 |
IEEE 802.1Q VLANs |
3-163 |
Enabling or Disabling GVRP (Global Setting) |
3-166 |
Displaying Basic VLAN Information |
3-167 |
Displaying Current VLANs |
3-168 |
Creating VLANs |
3-169 |
Adding Static Members to VLANs (VLAN Index) |
3-170 |
Adding Static Members to VLANs (Port Index) |
3-172 |
Configuring VLAN Behavior for Interfaces |
3-173 |
Configuring IEEE 802.1Q Tunneling |
3-175 |
Enabling QinQ Tunneling on the Switch |
3-178 |
Adding an Interface to a QinQ Tunnel |
3-180 |
Private VLANs |
3-181 |
Displaying Current Private VLANs |
3-182 |
Configuring Private VLANs |
3-183 |
Associating VLANs |
3-184 |
Displaying Private VLAN Interface Information |
3-184 |
Configuring Private VLAN Interfaces |
3-185 |
Protocol VLANs |
3-187 |
Protocol VLAN Group Configuration |
3-187 |
Protocol VLAN System Configuration |
3-188 |
Link Layer Discovery Protocol |
3-189 |
Setting LLDP Timing Attributes |
3-189 |
Configuring LLDP Interface Attributes |
3-191 |
Displaying LLDP Local Device Information |
3-194 |
Displaying LLDP Remote Port Information |
3-195 |
Displaying LLDP Remote Information Details |
3-196 |
Displaying Device Statistics |
3-197 |
iv
|
|
|
Contents |
Displaying Detailed Device Statistics |
3-198 |
Class of Service Configuration |
3-199 |
Layer 2 Queue Settings |
3-199 |
Setting the Default Priority for Interfaces |
3-199 |
Mapping CoS Values to Egress Queues |
3-201 |
Enabling CoS |
3-202 |
Selecting the Queue Mode |
3-203 |
Setting the Service Weight for Traffic Classes |
3-203 |
Layer 3/4 Priority Settings |
3-204 |
Mapping Layer 3/4 Priorities to CoS Values |
3-204 |
Enabling IP DSCP Priority |
3-205 |
Mapping DSCP Priority |
3-206 |
Quality of Service |
3-207 |
Configuring Quality of Service Parameters |
3-208 |
Configuring a Class Map |
3-208 |
Creating QoS Policies |
3-211 |
Attaching a Policy Map to Ingress Queues |
3-214 |
VoIP Traffic Configuration |
3-215 |
Configuring VoIP Traffic |
3-215 |
Configuring VoIP Traffic Port |
3-216 |
Configuring Telephony OUI |
3-219 |
Multicast Filtering |
3-220 |
Layer 2 IGMP (Snooping and Query) |
3-220 |
Configuring IGMP Snooping and Query Parameters |
3-221 |
Enabling IGMP Immediate Leave |
3-223 |
Displaying Interfaces Attached to a Multicast Router |
3-225 |
Specifying Static Interfaces for a Multicast Router |
3-226 |
Displaying Port Members of Multicast Services |
3-227 |
Assigning Ports to Multicast Services |
3-228 |
IGMP Filtering and Throttling |
3-229 |
Enabling IGMP Filtering and Throttling |
3-229 |
Configuring IGMP Filter Profiles |
3-230 |
Configuring IGMP Filtering and Throttling for Interfaces |
3-232 |
Multicast VLAN Registration |
3-234 |
Configuring Global MVR Settings |
3-235 |
Displaying MVR Interface Status |
3-236 |
Displaying Port Members of Multicast Groups |
3-237 |
Configuring MVR Interface Status |
3-238 |
Assigning Static Multicast Groups to Interfaces |
3-239 |
DHCP Snooping |
3-240 |
DHCP Snooping Configuration |
3-241 |
DHCP Snooping VLAN Configuration |
3-242 |
DHCP Snooping Information Option Configuration |
3-243 |
DHCP Snooping Port Configuration |
3-244 |
DHCP Snooping Binding Information |
3-245 |
v
Contents
IP Source Guard |
3-246 |
IP Source Guard Port Configuration |
3-246 |
Static IP Source Guard Binding Configuration |
3-247 |
Dynamic IP Source Guard Binding Information |
3-249 |
Switch Clustering |
3-250 |
Cluster Configuration |
3-250 |
Cluster Member Configuration |
3-251 |
Cluster Member Information |
3-252 |
Cluster Candidate Information |
3-253 |
UPnP |
3-254 |
UPnP Configuration |
3-254 |
|
|
Chapter 4: Command Line Interface |
4-1 |
Using the Command Line Interface |
4-1 |
Accessing the CLI |
4-1 |
Console Connection |
4-1 |
Telnet Connection |
4-2 |
Entering Commands |
4-3 |
Keywords and Arguments |
4-3 |
Minimum Abbreviation |
4-3 |
Command Completion |
4-3 |
Getting Help on Commands |
4-3 |
Showing Commands |
4-4 |
Partial Keyword Lookup |
4-5 |
Negating the Effect of Commands |
4-5 |
Using Command History |
4-5 |
Understanding Command Modes |
4-5 |
Exec Commands |
4-6 |
Configuration Commands |
4-7 |
Command Line Processing |
4-8 |
Command Groups |
4-9 |
Line Commands |
4-10 |
line |
4-11 |
login |
4-11 |
password |
4-12 |
timeout login response |
4-13 |
exec-timeout |
4-14 |
password-thresh |
4-14 |
silent-time |
4-15 |
databits |
4-16 |
parity |
4-16 |
speed |
4-17 |
stopbits |
4-17 |
disconnect |
4-18 |
vi
|
|
|
Contents |
show line |
4-18 |
General Commands |
4-19 |
enable |
4-20 |
disable |
4-20 |
configure |
4-21 |
show history |
4-21 |
reload |
4-22 |
reload cancel |
4-23 |
show reload |
4-23 |
end |
4-24 |
exit |
4-24 |
quit |
4-25 |
System Management Commands |
4-25 |
Device Designation Commands |
4-26 |
prompt |
4-26 |
hostname |
4-26 |
Banner |
4-27 |
banner configure |
4-28 |
banner configure company |
4-29 |
banner configure dc-power-info |
4-30 |
banner configure department |
4-31 |
banner configure equipment-info |
4-31 |
banner configure equipment-location |
4-32 |
banner configure ip-lan |
4-33 |
banner configure lp-number |
4-33 |
banner configure manager-info |
4-34 |
banner configure mux |
4-35 |
banner configure note |
4-35 |
show banner |
4-36 |
User Access Commands |
4-37 |
username |
4-37 |
enable password |
4-38 |
IP Filter Commands |
4-39 |
management |
4-39 |
show management |
4-40 |
Web Server Commands |
4-41 |
ip http port |
4-41 |
ip http server |
4-41 |
ip http secure-server |
4-42 |
ip http secure-port |
4-43 |
Telnet Server Commands |
4-44 |
ip telnet port |
4-44 |
ip telnet server |
4-44 |
Secure Shell Commands |
4-45 |
ip ssh server |
4-47 |
vii
Contents
ip ssh timeout |
4-48 |
ip ssh authentication-retries |
4-48 |
ip ssh server-key size |
4-49 |
delete public-key |
4-49 |
ip ssh crypto host-key generate |
4-50 |
ip ssh crypto zeroize |
4-50 |
ip ssh save host-key |
4-51 |
show ip ssh |
4-51 |
show ssh |
4-52 |
show public-key |
4-53 |
Event Logging Commands |
4-54 |
logging on |
4-54 |
logging history |
4-55 |
logging host |
4-56 |
logging facility |
4-56 |
logging trap |
4-57 |
clear logging |
4-57 |
show logging |
4-58 |
show log |
4-59 |
SMTP Alert Commands |
4-60 |
logging sendmail host |
4-60 |
logging sendmail level |
4-61 |
logging sendmail source-email |
4-62 |
logging sendmail destination-email |
4-62 |
logging sendmail |
4-63 |
show logging sendmail |
4-63 |
Time Commands |
4-64 |
sntp client |
4-64 |
sntp server |
4-65 |
sntp poll |
4-66 |
show sntp |
4-66 |
ntp client |
4-67 |
ntp server |
4-68 |
ntp poll |
4-69 |
ntp authenticate |
4-69 |
ntp authentication-key |
4-70 |
show ntp |
4-71 |
clock timezone-predefined |
4-71 |
clock timezone |
4-72 |
clock summer-time (date) |
4-73 |
clock summer-time (predefined) |
4-74 |
clock summer-time (recurring) |
4-75 |
calendar set |
4-76 |
show calendar |
4-76 |
System Status Commands |
4-77 |
viii
|
|
|
Contents |
show startup-config |
4-77 |
show running-config |
4-79 |
show system |
4-81 |
show users |
4-81 |
show version |
4-82 |
Frame Size Commands |
4-83 |
jumbo frame |
4-83 |
Flash/File Commands |
4-84 |
copy |
4-84 |
delete |
4-87 |
dir |
4-88 |
whichboot |
4-89 |
boot system |
4-89 |
Authentication Commands |
4-90 |
Authentication Sequence |
4-90 |
authentication login |
4-91 |
authentication enable |
4-92 |
RADIUS Client |
4-93 |
radius-server host |
4-94 |
radius-server acct-port |
4-94 |
radius-server auth-port |
4-95 |
radius-server key |
4-95 |
radius-server retransmit |
4-96 |
radius-server timeout |
4-96 |
show radius-server |
4-96 |
TACACS+ Client |
4-97 |
tacacs-server host |
4-98 |
tacacs-server port |
4-98 |
tacacs-server key |
4-99 |
tacacs-server retransmit |
4-99 |
tacacs-server timeout |
4-100 |
show tacacs-server |
4-100 |
AAA Commands |
4-101 |
aaa group server |
4-101 |
server |
4-102 |
aaa accounting dot1x |
4-102 |
aaa accounting exec |
4-103 |
aaa accounting commands |
4-104 |
aaa accounting update |
4-105 |
accounting dot1x |
4-106 |
accounting exec |
4-106 |
accounting commands |
4-107 |
aaa authorization exec |
4-107 |
authorization exec |
4-108 |
show accounting |
4-109 |
ix
Contents
Port Security Commands |
4-110 |
port security |
4-110 |
802.1X Port Authentication |
4-112 |
dot1x system-auth-control |
4-112 |
dot1x default |
4-113 |
dot1x max-req |
4-113 |
dot1x port-control |
4-113 |
dot1x operation-mode |
4-114 |
dot1x re-authenticate |
4-115 |
dot1x re-authentication |
4-115 |
dot1x timeout quiet-period |
4-115 |
dot1x timeout re-authperiod |
4-116 |
dot1x timeout tx-period |
4-116 |
dot1x intrusion-action |
4-117 |
show dot1x |
4-117 |
Network Access – MAC Address Authentication |
4-121 |
network-access mode |
4-122 |
network-access max-mac-count |
4-123 |
mac-authentication intrusion-action |
4-123 |
mac-authentication max-mac-count |
4-124 |
network-access dynamic-qos |
4-124 |
network-access dynamic-vlan |
4-125 |
network-access guest-vlan |
4-125 |
network-access link-detection |
4-126 |
network-access link-detection link-down |
4-126 |
network-access link-detection link-up |
4-127 |
network-access link-detection link-up-down |
4-127 |
mac-authentication reauth-time |
4-128 |
clear network-access |
4-129 |
show network-access |
4-129 |
show network-access mac-address-table |
4-130 |
Web Authentication |
4-131 |
web-auth login-attempts |
4-132 |
web-auth login-fail-page-url |
4-132 |
web-auth login-page-url |
4-133 |
web-auth login-success-page-url |
4-133 |
web-auth quiet-period |
4-134 |
web-auth session-timeout |
4-134 |
web-auth system-auth-control |
4-135 |
web-auth |
4-135 |
show web-auth |
4-136 |
show web-auth interface |
4-136 |
web-auth re-authenticate (Port) |
4-137 |
web-auth re-authenticate (IP) |
4-137 |
show web-auth summary |
4-138 |
x
|
|
|
Contents |
Access Control List Commands |
4-139 |
IP ACLs |
4-140 |
access-list ip |
4-140 |
permit, deny (Standard ACL) |
4-141 |
permit, deny (Extended ACL) |
4-142 |
show ip access-list |
4-143 |
ip access-group |
4-144 |
show ip access-group |
4-144 |
MAC ACLs |
4-145 |
access-list mac |
4-145 |
permit, deny (MAC ACL) |
4-146 |
show mac access-list |
4-147 |
mac access-group |
4-148 |
show mac access-group |
4-148 |
ACL Information |
4-149 |
show access-list |
4-149 |
show access-group |
4-149 |
SNMP Commands |
4-150 |
snmp-server |
4-150 |
show snmp |
4-151 |
snmp-server community |
4-152 |
snmp-server contact |
4-152 |
snmp-server location |
4-153 |
snmp-server host |
4-153 |
snmp-server enable traps |
4-155 |
snmp-server engine-id |
4-156 |
show snmp engine-id |
4-157 |
snmp-server view |
4-158 |
show snmp view |
4-159 |
snmp-server group |
4-159 |
show snmp group |
4-161 |
snmp-server user |
4-162 |
show snmp user |
4-163 |
Interface Commands |
4-166 |
interface |
4-166 |
description |
4-167 |
speed-duplex |
4-167 |
negotiation |
4-168 |
capabilities |
4-169 |
flowcontrol |
4-170 |
shutdown |
4-171 |
switchport packet-rate |
4-172 |
clear counters |
4-172 |
show interfaces status |
4-173 |
show interfaces counters |
4-174 |
xi
Contents
show interfaces switchport |
4-175 |
Mirror Port Commands |
4-177 |
port monitor |
4-177 |
show port monitor |
4-178 |
Rate Limit Commands |
4-179 |
rate-limit |
4-179 |
Link Aggregation Commands |
4-180 |
channel-group |
4-181 |
lacp |
4-181 |
lacp system-priority |
4-183 |
lacp admin-key (Ethernet Interface) |
4-183 |
lacp admin-key (Port Channel) |
4-184 |
lacp port-priority |
4-185 |
show lacp |
4-186 |
Power over Ethernet Commands |
4-190 |
power mainpower maximum allocation |
4-190 |
power inline compatible |
4-191 |
power inline |
4-192 |
power inline maximum allocation |
4-192 |
power inline priority |
4-193 |
show power inline status |
4-194 |
show power mainpower |
4-195 |
Address Table Commands |
4-195 |
mac-address-table static |
4-196 |
clear mac-address-table dynamic |
4-197 |
show mac-address-table |
4-197 |
mac-address-table aging-time |
4-198 |
show mac-address-table aging-time |
4-198 |
Spanning Tree Commands |
4-199 |
spanning-tree |
4-200 |
spanning-tree mode |
4-200 |
spanning-tree forward-time |
4-202 |
spanning-tree hello-time |
4-202 |
spanning-tree max-age |
4-203 |
spanning-tree priority |
4-204 |
spanning-tree pathcost method |
4-204 |
spanning-tree transmission-limit |
4-205 |
spanning-tree mst-configuration |
4-205 |
mst vlan |
4-206 |
mst priority |
4-207 |
name |
4-207 |
revision |
4-208 |
max-hops |
4-208 |
spanning-tree spanning-disabled |
4-209 |
spanning-tree cost |
4-209 |
xii
|
|
|
Contents |
spanning-tree port-priority |
4-210 |
spanning-tree edge-port |
4-211 |
spanning-tree portfast |
4-212 |
spanning-tree link-type |
4-212 |
spanning-tree loopback-detection |
4-213 |
spanning-tree loopback-detection release-mode |
4-214 |
spanning-tree loopback-detection trap |
4-214 |
spanning-tree mst cost |
4-215 |
spanning-tree mst port-priority |
4-216 |
spanning-tree protocol-migration |
4-217 |
show spanning-tree |
4-217 |
show spanning-tree mst configuration |
4-219 |
VLAN Commands |
4-219 |
GVRP and Bridge Extension Commands |
4-220 |
bridge-ext gvrp |
4-220 |
show bridge-ext |
4-221 |
switchport gvrp |
4-221 |
show gvrp configuration |
4-222 |
garp timer |
4-222 |
show garp timer |
4-223 |
Editing VLAN Groups |
4-224 |
vlan database |
4-224 |
vlan |
4-225 |
Configuring VLAN Interfaces |
4-226 |
interface vlan |
4-226 |
switchport mode |
4-227 |
switchport acceptable-frame-types |
4-227 |
switchport ingress-filtering |
4-228 |
switchport native vlan |
4-229 |
switchport allowed vlan |
4-230 |
switchport forbidden vlan |
4-231 |
Displaying VLAN Information |
4-232 |
show vlan |
4-232 |
Configuring IEEE 802.1Q Tunneling |
4-233 |
dot1q-tunnel system-tunnel-control |
4-234 |
switchport dot1q-tunnel mode |
4-234 |
switchport dot1q-tunnel tpid |
4-235 |
show dot1q-tunnel |
4-236 |
Configuring Private VLANs |
4-236 |
private-vlan |
4-238 |
private vlan association |
4-239 |
switchport mode private-vlan |
4-239 |
switchport private-vlan host-association |
4-240 |
switchport private-vlan isolated |
4-241 |
switchport private-vlan mapping |
4-241 |
xiii
Contents
show vlan private-vlan |
4-242 |
Configuring Protocol-based VLANs |
4-243 |
protocol-vlan protocol-group (Configuring Groups) |
4-244 |
protocol-vlan protocol-group (Configuring VLANs) |
4-244 |
show protocol-vlan protocol-group |
4-245 |
show protocol-vlan protocol-group-vid |
4-246 |
LLDP Commands |
4-246 |
lldp |
4-248 |
lldp holdtime-multiplier |
4-248 |
lldp medFastStartCount |
4-249 |
lldp notification-interval |
4-249 |
lldp refresh-interval |
4-250 |
lldp reinit-delay |
4-251 |
lldp tx-delay |
4-251 |
lldp admin-status |
4-252 |
lldp notification |
4-252 |
lldp mednotification |
4-253 |
lldp basic-tlv management-ip-address |
4-254 |
lldp basic-tlv port-description |
4-255 |
lldp basic-tlv system-capabilities |
4-255 |
lldp basic-tlv system-description |
4-256 |
lldp basic-tlv system-name |
4-256 |
lldp dot1-tlv proto-ident |
4-257 |
lldp dot1-tlv proto-vid |
4-257 |
lldp dot1-tlv pvid |
4-258 |
lldp dot1-tlv vlan-name |
4-258 |
lldp dot3-tlv link-agg |
4-259 |
lldp dot3-tlv mac-phy |
4-259 |
lldp dot3-tlv max-frame |
4-260 |
lldp dot3-tlv poe |
4-260 |
lldp medtlv extpoe |
4-261 |
lldp medtlv inventory |
4-261 |
lldp medtlv location |
4-262 |
lldp medtlv med-cap |
4-262 |
lldp medtlv network-policy |
4-263 |
show lldp config |
4-263 |
show lldp info local-device |
4-265 |
show lldp info remote-device |
4-266 |
show lldp info statistics |
4-267 |
Priority Commands |
4-268 |
Priority Commands (Layer 2) |
4-268 |
queue mode |
4-268 |
switchport priority default |
4-269 |
queue bandwidth |
4-270 |
queue cos-map |
4-271 |
xiv
|
|
|
Contents |
show queue mode |
4-272 |
show queue bandwidth |
4-272 |
show queue cos-map |
4-272 |
Priority Commands (Layer 3 and 4) |
4-273 |
map ip dscp (Global Configuration) |
4-273 |
map ip dscp (Interface Configuration) |
4-274 |
show map ip dscp |
4-275 |
Quality of Service Commands |
4-276 |
class-map |
4-277 |
match |
4-278 |
policy-map |
4-279 |
class |
4-279 |
set |
4-280 |
police |
4-281 |
service-policy |
4-282 |
show class-map |
4-283 |
show policy-map |
4-283 |
show policy-map interface |
4-284 |
Voice VLAN Commands |
4-284 |
voice vlan |
4-285 |
voice vlan aging |
4-286 |
voice vlan mac-address |
4-286 |
switchport voice vlan |
4-287 |
switchport voice vlan rule |
4-288 |
switchport voice vlan security |
4-288 |
switchport voice vlan priority |
4-289 |
show voice vlan |
4-290 |
Multicast Filtering Commands |
4-291 |
IGMP Snooping Commands |
4-291 |
ip igmp snooping |
4-292 |
ip igmp snooping vlan static |
4-292 |
ip igmp snooping version |
4-293 |
ip igmp snooping leave-proxy |
4-293 |
ip igmp snooping immediate-leave |
4-294 |
show ip igmp snooping |
4-295 |
show mac-address-table multicast |
4-295 |
IGMP Query Commands (Layer 2) |
4-296 |
ip igmp snooping querier |
4-296 |
ip igmp snooping query-count |
4-297 |
ip igmp snooping query-interval |
4-297 |
ip igmp snooping query-max-response-time |
4-298 |
ip igmp snooping router-port-expire-time |
4-299 |
Static Multicast Routing Commands |
4-299 |
ip igmp snooping vlan mrouter |
4-300 |
show ip igmp snooping mrouter |
4-300 |
xv
Contents
IGMP Filtering and Throttling Commands |
4-301 |
ip igmp filter (Global Configuration) |
4-302 |
ip igmp profile |
4-302 |
permit, deny |
4-303 |
range |
4-303 |
ip igmp filter (Interface Configuration) |
4-304 |
ip igmp max-groups |
4-305 |
ip igmp max-groups action |
4-305 |
show ip igmp filter |
4-306 |
show ip igmp profile |
4-307 |
show ip igmp throttle interface |
4-307 |
Multicast VLAN Registration Commands |
4-308 |
mvr (Global Configuration) |
4-308 |
mvr (Interface Configuration) |
4-309 |
show mvr |
4-311 |
IP Interface Commands |
4-313 |
ip address |
4-314 |
ip default-gateway |
4-315 |
ip dhcp restart |
4-315 |
show ip interface |
4-316 |
show ip redirects |
4-316 |
ping |
4-317 |
IP Source Guard Commands |
4-318 |
ip source-guard |
4-318 |
ip source-guard binding |
4-320 |
show ip source-guard |
4-321 |
show ip source-guard binding |
4-321 |
DHCP Snooping Commands |
4-322 |
ip dhcp snooping |
4-322 |
ip dhcp snooping vlan |
4-324 |
ip dhcp snooping trust |
4-325 |
ip dhcp snooping verify mac-address |
4-325 |
ip dhcp snooping information option |
4-326 |
ip dhcp snooping information policy |
4-327 |
ip dhcp snooping database flash |
4-327 |
show ip dhcp snooping |
4-328 |
show ip dhcp snooping binding |
4-328 |
Switch Cluster Commands |
4-328 |
cluster |
4-329 |
cluster commander |
4-329 |
cluster ip-pool |
4-330 |
cluster member |
4-331 |
rcommand |
4-331 |
show cluster |
4-332 |
show cluster members |
4-332 |
xvi
|
|
|
|
Contents |
|
show cluster candidates |
4-332 |
|
UPnP Commands |
4-333 |
|
upnp device |
4-333 |
|
upnp device ttl |
4-334 |
|
upnp device advertise duration |
4-334 |
|
show upnp |
4-335 |
|
|
|
|
Appendix A: Software Specifications |
A-1 |
|
Software Features |
A-1 |
|
Management Features |
A-2 |
|
Standards |
A-2 |
|
Management Information Bases |
A-3 |
|
|
|
|
Appendix B: Troubleshooting |
B-1 |
|
Problems Accessing the Management Interface |
B-1 |
|
Using System Logs |
B-2 |
Glossary
Index
xvii
Contents
xviii
Tables
Table 1-1 |
Key Features |
1-1 |
Table 1-2 |
System Defaults |
1-6 |
Table 3-1 |
Configuration Options |
3-3 |
Table 3-2 |
Main Menu |
3-4 |
Table 3-3 |
Logging Levels |
3-29 |
Table 3-5 |
Supported Notification Messages |
3-47 |
Table 3-6 |
HTTPS System Support |
3-71 |
Table 3-7 |
802.1X Statistics |
3-89 |
Table 3-8 |
LACP Port Counters |
3-122 |
Table 3-9 |
LACP Internal Configuration Information |
3-124 |
Table 3-10 |
LACP Neighbor Configuration Information |
3-126 |
Table 3-11 |
Port Statistics |
3-131 |
Table 3-12 |
Mapping CoS Values to Egress Queues |
3-201 |
Table 3-13 |
CoS Priority Levels |
3-201 |
Table 3-14 |
Mapping DSCP Priority Values |
3-206 |
Table 4-1 |
Command Modes |
4-6 |
Table 4-2 |
Configuration Modes |
4-7 |
Table 4-3 |
Command Line Processing |
4-8 |
Table 4-4 |
Command Groups |
4-9 |
Table 4-5 |
Line Commands |
4-10 |
Table 4-6 |
General Commands |
4-19 |
Table 4-7 |
System Management Commands |
4-25 |
Table 4-8 |
Device Designation Commands |
4-26 |
Table 4-9 |
Banner Commands |
4-27 |
Table 4-10 |
User Access Commands |
4-37 |
Table 4-11 |
Default Login Settings |
4-37 |
Table 4-12 |
IP Filter Commands |
4-39 |
Table 4-13 |
Web Server Commands |
4-41 |
Table 4-14 |
HTTPS System Support |
4-42 |
Table 4-15 |
Telnet Server Commands |
4-44 |
Table 4-16 |
SSH Commands |
4-45 |
Table 4-17 |
show ssh - display description |
4-52 |
Table 4-18 |
Event Logging Commands |
4-54 |
Table 4-19 |
Logging Levels |
4-55 |
Table 4-20 |
show logging flash/ram - display description |
4-58 |
Table 4-21 |
show logging trap - display description |
4-59 |
Table 4-22 |
SMTP Alert Commands |
4-60 |
Table 4-23 |
Time Commands |
4-64 |
Table 4-24 |
Predefined Summer-Time Parameters |
4-74 |
Table 4-25 |
System Status Commands |
4-77 |
Table 4-26 |
Frame Size Commands |
4-83 |
Table 4-27 |
Flash/File Commands |
4-84 |
xix
Tables
Table 4-28 File Directory Information |
4-88 |
|
Table 4-29 |
Authentication Commands |
4-90 |
Table 4-30 |
Authentication Sequence |
4-90 |
Table 4-31 RADIUS Client Commands |
4-93 |
|
Table 4-32 |
TACACS Commands |
4-97 |
Table 4-34 Port Security Commands |
4-110 |
|
Table 4-35 802.1X Port Authentication |
4-112 |
|
Table 4-36 |
Network Access |
4-121 |
Table 4-37 |
Web Authentication |
4-131 |
Table 4-38 Access Control Lists |
4-139 |
|
Table 4-39 |
IP ACLs |
4-140 |
Table 4-40 MAC ACL Commands |
4-145 |
|
Table 4-41 |
ACL Information |
4-149 |
Table 4-42 |
SNMP Commands |
4-150 |
Table 4-43 show snmp engine-id - display description |
4-157 |
|
Table 4-44 show snmp view - display description |
4-159 |
|
Table 4-45 show snmp group - display description |
4-162 |
|
Table 4-46 show snmp user - display description |
4-164 |
|
Table 4-47 |
Interface Commands |
4-166 |
Table 4-48 Interfaces Switchport Statistics |
4-176 |
|
Table 4-49 Mirror Port Commands |
4-177 |
|
Table 4-50 Rate Limit Commands |
4-179 |
|
Table 4-51 Link Aggregation Commands |
4-180 |
|
Table 4-52 show lacp counters - display description |
4-187 |
|
Table 4-53 show lacp internal - display description |
4-187 |
|
Table 4-54 show lacp neighbors - display description |
4-189 |
|
Table 4-55 show lacp sysid - display description |
4-189 |
|
Table 4-59 Address Table Commands |
4-195 |
|
Table 4-60 Spanning Tree Commands |
4-199 |
|
Table 4-61 |
VLANs |
4-219 |
Table 4-62 GVRP and Bridge Extension Commands |
4-220 |
|
Table 4-63 Editing VLAN Groups |
4-224 |
|
Table 4-64 Configuring VLAN Interfaces |
4-226 |
|
Table 4-65 Show VLAN Commands |
4-232 |
|
Table 4-66 IEEE 802.1Q Tunneling Commands |
4-233 |
|
Table 4-67 Private VLAN Commands |
4-237 |
|
Table 4-68 Protocol-based VLAN Commands |
4-243 |
|
Table 4-69 |
LLDP Commands |
4-246 |
Table 4-70 |
Priority Commands |
4-268 |
Table 4-71 Priority Commands (Layer 2) |
4-268 |
|
Table 4-72 Default CoS Values to Egress Queues |
4-271 |
|
Table 4-73 Priority Commands (Layer 3 and 4) |
4-273 |
|
Table 4-74 IP DSCP to CoS Vales |
4-274 |
|
Table 4-75 Quality of Service Commands |
4-276 |
|
Table 4-76 Voice VLAN Commands |
4-284 |
xx
|
|
|
|
|
|
|
Tables |
Table 4-77 |
Multicast Filtering Commands |
4-291 |
|
Table 4-78 |
IGMP Snooping Commands |
4-291 |
|
Table 4-79 |
IGMP Query Commands (Layer 2) |
4-296 |
|
Table 4-80 |
Static Multicast Routing Commands |
4-299 |
|
Table 4-81 |
IGMP Filtering and Throttling Commands |
4-301 |
|
Table 4-82 |
Multicast VLAN Registration Commands |
4-308 |
|
Table 4-83 |
show mvr - display description |
4-312 |
|
Table 4-84 |
show mvr interface - display description |
4-312 |
|
Table 4-85 |
show mvr members - display description |
4-313 |
|
Table 4-86 |
IP Interface Commands |
4-313 |
|
Table 4-87 |
IP Source Guard Commands |
4-318 |
|
Table 4-88 |
DHCP Snooping Commands |
4-322 |
|
Table 4-89 |
Switch Cluster Commands |
4-328 |
|
Table B-1 |
Troubleshooting Chart |
B-1 |
xxi
Tables
xxii