SMC Networks SMC6824M User Manual

TigerStack III 10/100
24-
24 auto-MDI/MDI-X 10BASE-T/100BASE-TX ports
10BASE-T/100BASE-TX ports support PoE capabilities*
2 Gigabit combo ports (RJ-45/SFP)
8.8 Gbps of aggregate bandwidth
Non-blocking switching architecture
Spanning Tree Protocol, RSTP, and MSTP
Up to six LACP or static 4-port trunks
RADIUS and TACACS+ authentication
Rate limiting for bandwidth management
CoS support for four-level priority
Full support for VLANs with GVRP
IP Multicasting with IGMP Snooping
Manageable via console, Web, SNMP/RMON
Port Fast Ethernet Swi
tch
Management Guide
SMC6824M SMC6824MPE* SMC6826MPE*
TigerStack III 10/100 Management Guide
From SMC’s Tiger line of feature-rich workgroup LAN solutions
38 Tesla Irvine, CA 92618 Phone: (949) 679-8000
June 2005
Pub. # 150200037700A
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.
Copyright © 2005 by
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
All rights reserved.
Trademarks:
SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
L
IMITED
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.
The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.
All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.
Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.
W
ARRANTY
i
L
IMITED WARRANTY
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
ii
T
ABLE OF
C
ONTENTS
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Description of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Stack Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Selecting the Stack Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Recovering from Stack Failure or Topology Change . . . . . . . . . 2-5
Resilient IP Interface for Management Access . . . . . . . . . . . . . . 2-6
Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Dynamic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Enabling SNMP Management Access . . . . . . . . . . . . . . . . . . . . 2-10
Community Strings (for SNMP version 1 and 2c clients) . 2-11
Trap Receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
Configuring Access for SNMP Version 3 Clients . . . . . . . 2-12
Saving Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Configuring Power over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15
3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
iii
T
ABLE OF CONTENTS
Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13
Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-13
Displaying Switch Hardware/Software Versions . . . . . . . . . . . 3-15
Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . 3-18
Setting the IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19
Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23
Downloading System Software from a Server . . . . . . . . . . 3-24
Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . 3-26
Downloading Configuration Settings from a Server . . . . . 3-28
Console Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
Telnet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33
Configuring Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35
System Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-35
Remote Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-37
Displaying Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39
Sending Simple Mail Transfer Protocol Alerts . . . . . . . . . 3-40
Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42
Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44
Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-45
Enabling the SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48
Setting Community Access Strings . . . . . . . . . . . . . . . . . . . . . . 3-48
Specifying Trap Managers and Trap Types . . . . . . . . . . . . . . . 3-50
Configuring SNMPv3 Management Access . . . . . . . . . . . . . . . 3-53
Setting the Local Engine ID . . . . . . . . . . . . . . . . . . . . . . . . 3-53
Specifying a Remote Engine ID . . . . . . . . . . . . . . . . . . . . . 3-54
Configuring SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . . . 3-55
Configuring Remote SNMPv3 Users . . . . . . . . . . . . . . . . . 3-58
Configuring SNMPv3 Groups . . . . . . . . . . . . . . . . . . . . . . 3-61
Setting SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69
Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70
Configuring Local/Remote Logon Authentication . . . . . . . . . 3-72
Configuring HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75
iv
T
ABLE OF CONTENTS
Replacing the Default Secure-site Certificate . . . . . . . . . . 3-77
Configuring the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78
Generating the Host Key Pair . . . . . . . . . . . . . . . . . . . . . . 3-81
Configuring the SSH Server . . . . . . . . . . . . . . . . . . . . . . . . 3-83
Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-85
Configuring 802.1X Port Authentication . . . . . . . . . . . . . . . . . 3-88
Displaying 802.1X Global Settings . . . . . . . . . . . . . . . . . . 3-89
Configuring 802.1X Global Settings . . . . . . . . . . . . . . . . . 3-90
Configuring Port Settings for 802.1X . . . . . . . . . . . . . . . . 3-91
Displaying 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . . . 3-94
Filtering IP Addresses for Management Access . . . . . . . . . . . . 3-96
Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-98
Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . 3-98
Setting the ACL Name and Type . . . . . . . . . . . . . . . . . . . . 3-99
Configuring a Standard IP ACL . . . . . . . . . . . . . . . . . . . . 3-100
Configuring an Extended IP ACL . . . . . . . . . . . . . . . . . . 3-101
Configuring a MAC ACL . . . . . . . . . . . . . . . . . . . . . . . . . 3-104
Configuring ACL Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107
Specifying the Mask Type . . . . . . . . . . . . . . . . . . . . . . . . . 3-107
Configuring an IP ACL Mask . . . . . . . . . . . . . . . . . . . . . 3-108
Configuring a MAC ACL Mask . . . . . . . . . . . . . . . . . . . . 3-110
Binding a Port to an Access Control List . . . . . . . . . . . . . . . . 3-112
Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114
Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . 3-114
Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . 3-117
Creating Trunk Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120
Statically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . 3-121
Enabling LACP on Selected Ports . . . . . . . . . . . . . . . . . . 3-123
Configuring LACP Parameters . . . . . . . . . . . . . . . . . . . . 3-125
Displaying LACP Port Counters . . . . . . . . . . . . . . . . . . . 3-129
Displaying LACP Settings and Status for Local Side . . . 3-130
Displaying LACP Settings and Status for Remote Side . 3-133
Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . . . . . . . 3-135
Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-136
Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138
Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139
v
T
ABLE OF CONTENTS
Power Over Ethernet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145
Switch Power Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146
Setting a Switch Power Budget . . . . . . . . . . . . . . . . . . . . . . . . 3-147
Displaying Port Power Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148
Configuring Port PoE Power . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149
Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151
Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151
Displaying the Address Table . . . . . . . . . . . . . . . . . . . . . . . . . 3-152
Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154
Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . . . . . . . 3-154
Displaying Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156
Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160
Displaying Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-165
Configuring Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . 3-169
Configuring Multiple Spanning Trees . . . . . . . . . . . . . . . . . . . 3-172
Displaying Interface Settings for MSTP . . . . . . . . . . . . . . . . . 3-175
Configuring Interface Settings for MSTP . . . . . . . . . . . . . . . . 3-177
VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179
IEEE 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179
Assigning Ports to VLANs . . . . . . . . . . . . . . . . . . . . . . . . 3-180
Forwarding Tagged/Untagged Frames . . . . . . . . . . . . . . 3-182
Enabling or Disabling GVRP (Global Setting) . . . . . . . 3-183
Displaying Basic VLAN Information . . . . . . . . . . . . . . . 3-184
Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . . . 3-185
Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-186
Adding Static Members to VLANs (VLAN Index) . . . . 3-188
Adding Static Members to VLANs (Port Index) . . . . . . 3-190
Configuring VLAN Behavior for Interfaces . . . . . . . . . . 3-191
Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194
Displaying Current Private VLANs . . . . . . . . . . . . . . . . . 3-195
Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . 3-197
Associating Community VLANs . . . . . . . . . . . . . . . . . . . 3-198
Displaying Private VLAN Interface Information . . . . . . 3-199
Configuring Private VLAN Interfaces . . . . . . . . . . . . . . . 3-200
Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202
Layer 2 Queue Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202
Setting the Default Priority for Interfaces . . . . . . . . . . . . 3-202
vi
T
ABLE OF CONTENTS
Mapping CoS Values to Egress Queues . . . . . . . . . . . . . 3-204
Selecting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . 3-206
Setting the Service Weight for Traffic Classes . . . . . . . . . 3-207
Layer 3/4 Priority Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208
Mapping Layer 3/4 Priorities to CoS Values . . . . . . . . . . 3-208
Selecting IP Precedence/DSCP Priority . . . . . . . . . . . . . 3-208
Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209
Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211
Mapping IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . 3-213
Copy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215
Mapping CoS Values to ACLs . . . . . . . . . . . . . . . . . . . . . 3-216
Changing Priorities Based on ACL Rules . . . . . . . . . . . . 3-218
Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220
IGMP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220
Layer 2 IGMP (Snooping and Query) . . . . . . . . . . . . . . . . . . . 3-221
Configuring IGMP Snooping and Query Parameters . . . 3-222
Displaying Interfaces Attached to a Multicast Router . . 3-224
Specifying Interfaces Attached to a Multicast Router . . . 3-225
Displaying Port Members of Multicast Services . . . . . . . 3-226
Assigning Ports to Multicast Services . . . . . . . . . . . . . . . 3-228
Configuring Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229
Configuring General DNS Server Parameters . . . . . . . . . . . . 3-229
Configuring Static DNS Host to Address Entries . . . . . . . . . 3-232
Displaying the DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234
4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 4-1
Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
vii
T
ABLE OF CONTENTS
Negating the Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-6
Using Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Understanding Command Modes . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Command Line Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
timeout login response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
Device Designation Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-32
prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32
hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33
light unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33
User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
viii
T
ABLE OF CONTENTS
enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
show management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
Telnet Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
ip telnet server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44
ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47
ip ssh timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48
ip ssh authentication-retries . . . . . . . . . . . . . . . . . . . . . . . . 4-49
ip ssh server-key size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50
delete public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50
ip ssh crypto host-key generate . . . . . . . . . . . . . . . . . . . . . 4-51
ip ssh crypto zeroize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52
ip ssh save host-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52
show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
show ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
show public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55
Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57
logging history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57
logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59
logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59
logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
clear log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61
show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61
show log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63
SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64
logging sendmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64
logging sendmail level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65
logging sendmail source-email . . . . . . . . . . . . . . . . . . . . . . 4-66
logging sendmail destination-email . . . . . . . . . . . . . . . . . . 4-67
ix
T
ABLE OF CONTENTS
logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67
show logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68
Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68
sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69
sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
sntp poll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71
show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-73
calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74
show calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74
System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75
show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75
show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77
show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79
show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-80
show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-80
Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-86
dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87
whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-88
boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89
Power over Ethernet Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90
power mainpower maximum allocation . . . . . . . . . . . . . . . . . . 4-91
power inline compatible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91
power inline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
power inline maximum allocation . . . . . . . . . . . . . . . . . . . . . . . 4-93
power inline priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94
show power inline status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95
show power mainpower . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96
Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97
Authentication Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97
authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98
authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99
RADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100
radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101
radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
x
T
ABLE OF CONTENTS
radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103
radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103
show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104
TACACS+ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105
tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105
tacacs-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106
tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106
show tacacs-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107
Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107
port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108
802.1X Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110
dot1x system-auth-control . . . . . . . . . . . . . . . . . . . . . . . . 4-111
dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111
dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111
dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112
dot1x operation-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113
dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114
dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114
dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . 4-115
dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . . . . 4-115
dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116
show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116
Access Control List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-119
IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122
access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123
access-list ip extended fragment-auto-mask . . . . . . . . . . 4-124
permit, deny (Standard ACL) . . . . . . . . . . . . . . . . . . . . . 4-124
permit, deny (Extended ACL) . . . . . . . . . . . . . . . . . . . . . 4-125
show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128
access-list ip mask-precedence . . . . . . . . . . . . . . . . . . . . . 4-129
mask (IP ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130
show access-list ip mask-precedence . . . . . . . . . . . . . . . . 4-133
ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-134
show ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135
map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135
show map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136
xi
T
ABLE OF CONTENTS
match access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137
show marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138
MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138
access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-139
permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 4-140
show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-142
access-list mac mask-precedence . . . . . . . . . . . . . . . . . . . 4-143
mask (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-144
show access-list mac mask-precedence . . . . . . . . . . . . . . 4-146
mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-146
show mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147
map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147
show map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . 4-148
match access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149
ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150
show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150
show access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151
SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151
snmp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-152
show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-153
snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-154
snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-154
snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-155
snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-156
snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159
snmp-server engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-160
show snmp engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161
snmp-server view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-162
show snmp view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163
snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-164
show snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-165
snmp-server user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167
show snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-169
Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-171
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-171
speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-172
xii
T
ABLE OF CONTENTS
negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173
capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-174
flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176
switchport broadcast packet-rate . . . . . . . . . . . . . . . . . . . . . . . 4-177
clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-178
show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-179
show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-180
show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-182
Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-184
port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-184
show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-185
Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-186
rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-187
Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-188
channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-190
lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-190
lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-192
lacp admin-key (Ethernet Interface) . . . . . . . . . . . . . . . . . . . . 4-193
lacp admin-key (Port Channel) . . . . . . . . . . . . . . . . . . . . . . . . 4-194
lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-195
show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-196
Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-200
mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-201
clear mac-address-table dynamic . . . . . . . . . . . . . . . . . . . . . . . 4-202
show mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202
mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . 4-203
show mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . 4-204
Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-204
spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-206
spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-207
spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-208
spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-209
spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-210
spanning-tree default priority . . . . . . . . . . . . . . . . . . . . . . . . . . 4-211
spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-211
spanning-tree pathcost method . . . . . . . . . . . . . . . . . . . . . . . . 4-212
xiii
T
ABLE OF CONTENTS
spanning-tree transmission-limit . . . . . . . . . . . . . . . . . . . . . . . 4-213
spanning-tree backup-root . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-214
spanning-tree mst-configuration . . . . . . . . . . . . . . . . . . . . . . . 4-214
mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-215
mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-216
name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-217
revision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-218
max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-218
spanning-tree spanning-disabled . . . . . . . . . . . . . . . . . . . . . . . 4-219
spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-220
spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221
spanning-tree edge-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221
spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222
spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-223
spanning-tree mst cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-224
spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . . . 4-225
spanning-tree protocol-migration . . . . . . . . . . . . . . . . . . . . . . 4-226
show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-227
show spanning-tree mst configuration . . . . . . . . . . . . . . . . . . 4-229
VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230
Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230
vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-231
Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 4-232
interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233
switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-234
switchport acceptable-frame-types . . . . . . . . . . . . . . . . . . 4-235
switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . . 4-236
switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-237
switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . 4-238
switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . 4-239
Displaying VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . 4-240
show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-240
Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 4-241
private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-243
private-vlan association . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-244
switchport mode private-vlan . . . . . . . . . . . . . . . . . . . . . . 4-245
xiv
T
ABLE OF CONTENTS
switchport private-vlan host-association . . . . . . . . . . . . . 4-246
switchport private-vlan mapping . . . . . . . . . . . . . . . . . . . 4-246
show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-247
GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . . . . . . 4-248
bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-249
show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-249
switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-250
show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-250
garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-251
show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-252
Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-253
Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . . . . . 4-254
queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-254
queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-255
switchport priority default . . . . . . . . . . . . . . . . . . . . . . . . 4-256
queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-257
show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-259
show queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-259
show queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-260
Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . . . . . . 4-260
map ip port (Global Configuration) . . . . . . . . . . . . . . . . . 4-261
map ip port (Interface Configuration) . . . . . . . . . . . . . . . 4-262
map ip precedence (Global Configuration) . . . . . . . . . . 4-262
map ip precedence (Interface Configuration) . . . . . . . . . 4-263
map ip dscp (Global Configuration) . . . . . . . . . . . . . . . . 4-264
map ip dscp (Interface Configuration) . . . . . . . . . . . . . . . 4-265
show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-266
show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . 4-267
show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-268
Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-269
IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-269
ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-270
ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . 4-270
ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . . . . 4-271
show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272
show mac-address-table multicast . . . . . . . . . . . . . . . . . . 4-272
xv
T
ABLE OF CONTENTS
IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-273
ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . 4-273
ip igmp snooping query-count . . . . . . . . . . . . . . . . . . . . . 4-274
ip igmp snooping query-interval . . . . . . . . . . . . . . . . . . . . 4-275
ip igmp snooping query-max-response-time . . . . . . . . . . 4-276
ip igmp snooping router-port-expire-time . . . . . . . . . . . . 4-277
Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-278
ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . 4-278
show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . 4-279
IP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-280
ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-280
ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-282
ip dhcp restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-282
show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-283
show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-284
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-284
DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-286
ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-287
clear host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-288
ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-288
ip domain-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-289
ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-290
ip domain-lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-291
show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-292
show dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-293
show dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-293
clear dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-294
xvi
T
ABLE OF CONTENTS
APPENDICES:
A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . .A-1
Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-2
Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3
Management Information Bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-1
Problems Accessing the Management Interface . . . . . . . . . . . . . . . . . . . B-1
Using System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3
Glossary
Index
xvii
T
ABLE OF CONTENTS
xviii
T
ABLES
Table 1-1 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Table 1-2 System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Table 3-1 Web Page Configuration Buttons . . . . . . . . . . . . . . . . . . . 3-4
Table 3-2 Switch Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Table 3-3 Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36
Table 3-4 SNMPv3 Security Models and Levels . . . . . . . . . . . . . . 3-47
Table 3-5 Supported Notification Messages . . . . . . . . . . . . . . . . . . 3-62
Table 3-6 HTTPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76
Table 3-7 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94
Table 3-8 LACP Port Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129
Table 3-9 LACP Internal Configuration Information . . . . . . . . . 3-130
Table 3-10 LACP Neighbor Configuration Information . . . . . . . . 3-133
Table 3-11 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139
Table 3-12 Mapping CoS Values to Egress Queues . . . . . . . . . . . . 3-204
Table 3-13 CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204
Table 3-14 Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . 3-209
Table 3-15 Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . 3-211
Table 3-16 CoS to ACL Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216
Table 4-1 Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Table 4-2 Configuration Command Modes . . . . . . . . . . . . . . . . . . . 4-9
Table 4-3 Keystroke Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Table 4-4 Command Group Index . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Table 4-5 Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Table 4-6 General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
Table 4-7 System Management Commands . . . . . . . . . . . . . . . . . . 4-31
Table 4-8 Device Designation Commands . . . . . . . . . . . . . . . . . . . 4-32
Table 4-9 User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
Table 4-10 Default Login Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35
Table 4-11 IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
Table 4-12 Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
Table 4-13 HTTPS System Support . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
Table 4-14 Telnet Server Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-43
Table 4-15 Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
Table 4-16 show ssh - display description . . . . . . . . . . . . . . . . . . . . 4-54
Table 4-17 Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . 4-56
Table 4-18 Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58
xix
T
ABLES
Table 4-19 show logging flash/ram - display description . . . . . . . . 4-62
Table 4-20 show logging trap - display description . . . . . . . . . . . . . 4-63
Table 4-21 SMTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64
Table 4-22 Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68
Table 4-23 System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-75
Table 4-24 Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81
Table 4-25 File Directory Information . . . . . . . . . . . . . . . . . . . . . . . 4-87
Table 4-26 PoE Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90
Table 4-28 show power mainpower parameters . . . . . . . . . . . . . . . 4-96
Table 4-27 show power inline status parameters . . . . . . . . . . . . . . . 4-96
Table 4-29 Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . 4-97
Table 4-30 Authentication Sequence Command . . . . . . . . . . . . . . . 4-97
Table 4-31 RADIUS Client Commands . . . . . . . . . . . . . . . . . . . . . 4-100
Table 4-32 TACACS+ Client Commands . . . . . . . . . . . . . . . . . . . 4-105
Table 4-33 Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . 4-108
Table 4-34 802.1X Port Authentication Commands . . . . . . . . . . . 4-110
Table 4-35 Access Control List Commands . . . . . . . . . . . . . . . . . . 4-121
Table 4-36 IP ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122
Table 4-37 Egress Queue Priority Mapping . . . . . . . . . . . . . . . . . . 4-136
Table 4-38 MAC ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-138
Table 4-39 Mapping CoS Values to MAC ACL Rules . . . . . . . . . . 4-148
Table 4-40 ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150
Table 4-41 SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151
Table 4-42 show snmp engine-id - display description . . . . . . . . . 4-162
Table 4-43 show snmp view - display description . . . . . . . . . . . . . 4-163
Table 4-44 show snmp group - display description . . . . . . . . . . . . 4-166
Table 4-45 show snmp user - display description . . . . . . . . . . . . . 4-169
Table 4-46 Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170
Table 4-47 show interfaces switchport - display description . . . . . 4-183
Table 4-48 Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-184
Table 4-49 Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-186
Table 4-50 Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . 4-188
Table 4-51 show lacp counters - display description . . . . . . . . . . . 4-196
Table 4-52 show lacp internal - display description . . . . . . . . . . . . 4-197
Table 4-53 show lacp neighbors - display description . . . . . . . . . . 4-199
Table 4-55 Address Table Commands . . . . . . . . . . . . . . . . . . . . . . 4-200
Table 4-54 show lacp sysid - display description . . . . . . . . . . . . . . 4-200
xx
T
ABLES
Table 4-56 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . 4-204
Table 4-57 VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230
Table 4-58 Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . 4-230
Table 4-59 Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . 4-232
Table 4-60 Displaying VLAN Information . . . . . . . . . . . . . . . . . . 4-240
Table 4-61 Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . 4-241
Table 4-62 GVRP and Bridge Extension Commands . . . . . . . . . . 4-248
Table 4-63 Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-253
Table 4-64 Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-254
Table 4-65 Default CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . 4-258
Table 4-66 Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . 4-260
Table 4-67 Mapping IP Precedence to CoS Values . . . . . . . . . . . . 4-263
Table 4-68 Mapping IP DSCP to CoS Values . . . . . . . . . . . . . . . . 4-265
Table 4-69 Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . 4-269
Table 4-70 IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . 4-269
Table 4-71 IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . 4-273
Table 4-72 Static Multicast Routing Commands . . . . . . . . . . . . . . 4-278
Table 4-73 IP Interface Command Syntax . . . . . . . . . . . . . . . . . . . 4-280
Table 4-74 DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-286
Table 4-75 Show DNS Output Description . . . . . . . . . . . . . . . . . . 4-294
Table B-1 Troubleshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
xxi
T
ABLES
xxii
F
IGURES
Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Figure 3-2 Front Panel Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Figure 3-3 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14
Figure 3-4 General Switch Information . . . . . . . . . . . . . . . . . . . . . . 3-17
Figure 3-5 Displaying Bridge Extension Configuration . . . . . . . . . 3-19
Figure 3-6 IP Interface Configuration - Manual . . . . . . . . . . . . . . . 3-21
Figure 3-7 IP Interface Configuration - DHCP . . . . . . . . . . . . . . . 3-22
Figure 3-8 Copy Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
Figure 3-9 Setting the Startup Code . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
Figure 3-10 Deleting Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
Figure 3-11 Downloading Configuration Settings for Start-Up . . . . 3-28
Figure 3-12 Setting the Startup Configuration Settings . . . . . . . . . . . 3-29
Figure 3-13 Console Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32
Figure 3-14 Configuring the Telnet Interface . . . . . . . . . . . . . . . . . . 3-34
Figure 3-15 System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37
Figure 3-16 Remote Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
Figure 3-17 Displaying Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39
Figure 3-18 Enabling and Configuring SMTP Alerts . . . . . . . . . . . . 3-41
Figure 3-19 Resetting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42
Figure 3-20 SNTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44
Figure 3-21 Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45
Figure 3-22 Enabling the SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . 3-48
Figure 3-23 Configuring SNMP Community Strings . . . . . . . . . . . . 3-49
Figure 3-24 Configuring SNMP Trap Managers . . . . . . . . . . . . . . . . 3-52
Figure 3-25 Setting an Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54
Figure 3-26 Setting an Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55
Figure 3-27 Configuring SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . 3-57
Figure 3-28 Configuring Remote SNMPv3 Users . . . . . . . . . . . . . . . 3-60
Figure 3-29 Configuring SNMPv3 Groups . . . . . . . . . . . . . . . . . . . . 3-66
Figure 3-30 Configuring SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . 3-68
Figure 3-31 Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . 3-71
Figure 3-32 Authentication Server Settings . . . . . . . . . . . . . . . . . . . . 3-74
Figure 3-33 HTTPS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77
Figure 3-34 SSH Host-Key Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-82
Figure 3-35 SSH Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84
Figure 3-36 Enabling Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87
xxiii
F
IGURES
Figure 3-37 802.1X Global Information . . . . . . . . . . . . . . . . . . . . . . 3-89
Figure 3-38 802802.1X Global Configuration . . . . . . . . . . . . . . . . . . 3-90
Figure 3-39 802.1X Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-92
Figure 3-40 Displaying 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . 3-95
Figure 3-41 Entering IP Addresses to be Filtered . . . . . . . . . . . . . . . 3-97
Figure 3-42 Selecting ACL Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-100
Figure 3-43 Configuring Standard IP ACLs . . . . . . . . . . . . . . . . . . 3-101
Figure 3-44 Configuring Extended IP ACLs . . . . . . . . . . . . . . . . . . 3-103
Figure 3-45 Configuring MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . 3-106
Figure 3-46 Choosing ACL Types . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108
Figure 3-47 Configuring an IP based ACL . . . . . . . . . . . . . . . . . . . 3-109
Figure 3-48 Configuring an ACL MAC Mask . . . . . . . . . . . . . . . . . 3-111
Figure 3-49 Mapping ACLs to Port Ingress/Egress Queues . . . . . 3-113
Figure 3-50 Port - Port Information . . . . . . . . . . . . . . . . . . . . . . . . 3-115
Figure 3-51 Configuring Port Attributes . . . . . . . . . . . . . . . . . . . . . 3-119
Figure 3-52 Static Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . 3-122
Figure 3-53 LACP Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-124
Figure 3-54 LACP Aggregation Port Configuration . . . . . . . . . . . . 3-127
Figure 3-55 Displaying LACP Port Counters Information . . . . . . . 3-129
Figure 3-56 Displaying LACP Port Information . . . . . . . . . . . . . . . 3-132
Figure 3-57 Displaying Remote LACP Port Information . . . . . . . . 3-134
Figure 3-58 Enabling Port Broadcast Control . . . . . . . . . . . . . . . . . 3-135
Figure 3-59 Configuring a Mirror Port . . . . . . . . . . . . . . . . . . . . . . 3-137
Figure 3-60 Configuring Input Port Rate Limiting . . . . . . . . . . . . . 3-138
Figure 3-61 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144
Figure 3-62 Displaying the Global PoE Status . . . . . . . . . . . . . . . . 3-147
Figure 3-63 Setting the Switch Power Budget . . . . . . . . . . . . . . . . . 3-148
Figure 3-64 Displaying Port PoE Status . . . . . . . . . . . . . . . . . . . . . 3-149
Figure 3-65 Configuring Port PoE Power . . . . . . . . . . . . . . . . . . . . 3-150
Figure 3-66 Mapping Ports to Static Addresses . . . . . . . . . . . . . . . . 3-152
Figure 3-67 Displaying the MAC Dynamic Address Table . . . . . . . 3-153
Figure 3-68 Setting the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . 3-154
Figure 3-69 Displaying the Spanning Tree Algorithm . . . . . . . . . . 3-159
Figure 3-70 Configuring the Spanning Tree Algorithm . . . . . . . . . 3-164
Figure 3-71 STA Port Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-168
Figure 3-72 Configuring Spanning Tree Algorithm per Port . . . . . 3-171
Figure 3-73 MSTP VLAN Configuration . . . . . . . . . . . . . . . . . . . . 3-173
xxiv
F
IGURES
Figure 3-74 MSTP Port Information . . . . . . . . . . . . . . . . . . . . . . . . 3-175
Figure 3-75 MSTP Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-178
Figure 3-76 Globally Enabling GVRP . . . . . . . . . . . . . . . . . . . . . . . 3-183
Figure 3-77 Displaying Basic VLAN information . . . . . . . . . . . . . . 3-184
Figure 3-78 VLAN Current Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-185
Figure 3-79 VLAN Static List - Creating VLANs . . . . . . . . . . . . . . 3-187
Figure 3-80 VLAN Static Table - Adding Static Members . . . . . . . 3-190
Figure 3-81 Assigning VLAN Port and Trunk Groups . . . . . . . . . 3-191
Figure 3-82 VLAN Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-194
Figure 3-83 Displaying Private VLAN Port Information . . . . . . . . 3-196
Figure 3-84 Configuring Primary and Community Private VLANs 3-197 Figure 3-85 Associating Community VLANs to Primary VLANs . 3-198
Figure 3-86 Displaying Private VLAN Port Information . . . . . . . . 3-199
Figure 3-87 Configuring Private VLAN Ports . . . . . . . . . . . . . . . . . 3-201
Figure 3-88 Configuring Class of Service per Port . . . . . . . . . . . . . 3-203
Figure 3-89 Configuring Traffic Classes . . . . . . . . . . . . . . . . . . . . . . 3-205
Figure 3-90 Setting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . 3-206
Figure 3-91 Configuring Class of Service for Each Ingress Queue 3-207
Figure 3-92 Setting IP Precedence/DSCP Priority Status . . . . . . . 3-209
Figure 3-93 Mapping IP Precedence to Class of Service Values . . . 3-210 Figure 3-94 Mapping IP DSCP Priority to Class of Service Values 3-212
Figure 3-95 Globally Enabling the IP Port Priority Status . . . . . . . 3-214
Figure 3-96 Mapping Ports and Trunks to IP TCP/UDP Priority . 3-214
Figure 3-97 Mapping Priority Settings to Ports/Trunks . . . . . . . . . 3-216
Figure 3-98 Mapping CoS Values to ACLs . . . . . . . . . . . . . . . . . . . 3-217
Figure 3-99 Changing Priorities Based on ACL Rules . . . . . . . . . . 3-219
Figure 3-100 Configuring Internet Group Management Protocol . . 3-223
Figure 3-101 Mapping Multicast Switch Ports to VLANs . . . . . . . . 3-225
Figure 3-102 Configuring a VLAN to Forward Multicast Traffic . . 3-226
Figure 3-103 Displaying Port Members of Multicast Services . . . . . 3-227
Figure 3-104 Specifying Multicast Port Membership . . . . . . . . . . . . 3-228
Figure 3-105 Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231
Figure 3-106 Mapping IP Addresses to a Host Name . . . . . . . . . . . 3-233
Figure 3-107 Displaying the DNS Cache . . . . . . . . . . . . . . . . . . . . . . 3-235
xxv
F
IGURES
xxvi
C
HAPTER
I
NTRODUCTION
These switches provide a broad range of features for Layer 2 switching. They include a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by these switches. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
The 24 10/100 Mbps ports on the SMC6824MPE and SMC6826MPE also support the IEEE 802.3af Power-over-Ethernet (PoE) standard that enables DC power to be supplied to attached devices over the unused pairs of wires in the connecting Ethernet cable.

Key Features

Table 1-1 Key Features
Feature Description
*
Power over Ethernet
Configuration Backup and Restore
Authentication Console, Telnet, web – User name / password, RADIUS,
Access Control Lists Supports up to 32 IP or MAC ACLs
Powers attached devices using IEEE 802.3af Power over Ethernet (PoE)
Backup to TFTP server
TACACS+ Web – HTTPS (HTTP/SSL); Telnet – SSH SNMP v1/2c - Community strings SNMP version 3 – MD5 or SHA password Port – IEEE 802.1X, MAC address filtering
1
1-1
I
NTRODUCTION
Table 1-1 Key Features
Feature Description
DHCP Client Supported
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input and output rate limiting per port
Port Mirroring One or more ports mirrored to single analysis port
Port Trunking Supports port trunking using either static or dynamic trunking
(LACP)
Broadcast Storm Control
Static Address Up to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and address learning
Store-and-Forward Switching
Spanning Tree Protocol
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, or private VLANs
Traffic Prioritization Default port priority, traffic class map, queue scheduling,
Multicast Filtering Supports IGMP snooping and query
Supported
Supported to ensure wire-speed switching while eliminating bad frames
Supports standard STP and Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Trees (MSTP)
IP Precedence or Differentiated Services Code Point (DSCP), and TCP/UDP Port
* SMC6824MPE and SMC6826MPE only.

Description of Software Features

The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Untagged (port-based) and tagged VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS
1-2
D
ESCRIPTION OF SOFTWARE FEATURES
priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering provides support for real-time network applications. Some of the management features are briefly described below.
Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings.
Authentication – This switch authenticates management access via the console port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1X protocol. This protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1X client, and then uses the EAP between the switch and the authentication server to verify the client’s right to access the network via an authentication server (i.e., RADIUS server).
Other authentication options include HTTPS (HTTP/SSL) for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, SNMP Version 3, IP address filtering for SNMP/web/Telnet management access, and MAC address filtering for port access.
Access Control Lists – ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP port number or TCP control code) or any frames (based on MAC address or Ethernet type). ACLs can by used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols.
Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of
1-3
I
NTRODUCTION
switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard.
Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE
802.3ad Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 6 trunks.
Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from overwhelming the network. When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.
Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.
1-4
D
ESCRIPTION OF SOFTWARE FEATURES
IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 8K addresses.
Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.
To avoid dropping frames on congested ports, the switch provides 8 MB for frame buffering. This buffer can queue packets awaiting transmission on congested networks.
Spanning Tree Algorithm – The switch supports these spanning tree protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection and recovery by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the convergence time for network topology changes to about 3 to 5 seconds, compared to 30 seconds or more for the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree
1-5
I
NTRODUCTION
for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each region, and prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).
Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:
Eliminate broadcast storms which severely degrade performance in a flat network.
Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.
Provide data security by restricting all traffic to the originating VLAN.
Use private VLANs to restrict traffic to pass only between data ports and the uplink ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured.
Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using four priority queues with strict or Weighted Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can be used to provide independent priorities for delay-sensitive data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/ 4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet or the number of the TCP/UDP port. When these services are enabled, the
1-6
S
YSTEM DEFAULTS
priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.
Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query to manage multicast group registration.

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (See “Downloading System Software from a Server” on page 3-24.)
The following table lists some of the basic system defaults
Table 1-2 System Defaults
Function Parameter Default
Console Port Connection
Baud Rate auto
Data bits 8
Stop bits 1
Parity none
Local Console Timeout 0 (disabled)
1-7
I
NTRODUCTION
Table 1-2 System Defaults (Continued)
Function Parameter Default
Authentication Privileged Exec Level Username “admin”
Password “admin”
Normal Exec Level Username “guest”
Password “guest”
Enable Privileged Exec from Normal Exec Level
RADIUS Authentication Disabled
TACACS Authentication Disabled
802.1X Port Authentication Disabled
HTTPS Enabled
SSH Enabled
Port Security Disabled
IP Filtering Disabled
Web Management HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Enabled
HTTP Secure Port Number 443
SNMP SNMP Agent Enabled
Community Strings “public” (read only)
Traps Authentication traps: enabled
SNMP V3 View: defaultview
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
Password “super”
“private” (read/write)
Link-up-down events: enabled
Group: public (read only) private (read/write)
1-8
Table 1-2 System Defaults (Continued)
Function Parameter Default
Power over Ethernet
Rate Limiting Input and output limits Disabled
Port Trunking Static Trunks None
Broadcast Storm Protection
Spanning Tree Protocol
Address Table Aging Time 300 seconds
Virtual LANs Default VLAN 1
Traffic Prioritization
*
Status Enabled (all ports)
LACP Disabled
Status Enabled (all ports)
Broadcast Limit Rate 500 packets per second
Status Enabled, MSTP
(Defaults: All values based on IEEE 802.1s)
Fast Forwarding (Edge Port) Disabled
PVID 1
Acceptable Frame Type All
Ingress Filtering Disabled
Switchport Mode (Egress Mode)
GVRP (global) Disabled
GVRP (port interface) Disabled
Ingress Port Priority 0
Weighted Round Robin Queue: 0 1 2 3
IP Precedence Priority Disabled
IP DSCP Priority Disabled
IP Port Priority Disabled
Hybrid: tagged/untagged frames
Weight: 1 4 16 64
S
YSTEM DEFAULTS
1-9
I
NTRODUCTION
Table 1-2 System Defaults (Continued)
Function Parameter Default
IP Settings Management VLAN 1
IP Address 0.0.0.0
Subnet Mask 255.0.0.0
Default Gateway 0.0.0.0
DHCP Enabled
BOOTP Disabled
Multicast Filtering IGMP Snooping Snooping: Enabled
Querier: Disabled
System Log Status Enabled
Messages Logged Levels 0-7 (all)
Messages Logged to Flash Levels 0-3
SMTP Email Alerts Event Handler Enabled (but no server defined)
SNTP Clock Synchronization Disabled
* SMC6824MPE and SMC6826MPE only.
1-10
C
HAPTER
I
NITIAL
C
ONFIGURATION

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
Note: The IP address for this switch is assigned via DHCP by default. To
change this address, see “Setting an IP Address” on page 2-7.
The switch’s HTTP web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s web management interface can be accessed from any computer attached to the network.
2
The CLI program can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.
The switch’s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using network management software such as SMC EliteView..
2-1
I
NITIAL CONFIGURATION
The switch’s CLI configuration program, web interface, and SNMP agent allow you to perform the following management functions:
Set user names and passwords
Set an IP interface for the management VLAN
Configure SNMP parameters
Enable/disable any port
Set the speed/duplex mode for any port
Configure the bandwidth of any port by limiting input or output rates
Power attached devices using IEEE 802.3af Power over Ethernet
1
(PoE)
Control port access through IEEE 802.1X security or static address filtering
Filter packets using Access Control Lists (ACLs)
Configure up to 255 IEEE 802.1Q VLANs
Enable GVRP automatic VLAN registration
Configure IGMP multicast filtering
Upload and download system firmware via TFTP
Upload and download switch configuration files via TFTP
Configure Spanning Tree parameters
Configure Class of Service (CoS) priority queuing
Configure up to 6 static or LACP trunks
Enable port mirroring
Set broadcast storm control on any port
Display system information and statistics
Configure any stack unit through the same IP address
1. SMC6824MPE and SMC6826MPE only
2-2
C
ONNECTING TO THE SWITCH

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.
Note: When configuring a stack, connect to the console port on the
Master unit.
Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide.
To connect a terminal to the console port, complete the following steps:
1. Connect the console cable to the serial port on a terminal, or a PC running terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.
2. Connect the other end of the cable’s to the RS-232 serial port on the switch.
3. Make sure the terminal emulation software is set as follows:
Select the appropriate serial port (COM port 1 or COM port 2).
Set to any of the following baud rates: 9600, 19200, 38400, 57600, 115200 (Note: Set to 9600 baud if want to view all the system initialization messages.).
Set the data format to 8 data bits, 1 stop bit, and no parity.
Set flow control to none.
Set the emulation mode to VT100.
When using HyperTerminal, select Terminal keys, not Windows keys.
2-3
I
NITIAL CONFIGURATION
Notes: 1. When using HyperTerminal with Microsoft® Windows® 2000,
make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs.
2. Refer to “Line Commands” on page 4-13 for a complete description of console configuration options.
3. Once you have set up the terminal correctly, the console login screen will be displayed.
For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 4-11.

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol.
The IP address for this switch is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 2-7.
Note: This switch supports four concurrent Telnet sessions.
After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using network management software.
2-4
S
TACK OPERATIONS
Note: The onboard program only provides access to basic configuration
functions. To access the full range of SNMP management functions, you must use SNMP-based network management software.

Stack Operations

Up to eight switches can be stacked together as described in the Installation Guide. One unit in the stack acts as the Master for configuration tasks and firmware upgrade. All of the other units function in Slave mode.
To configure any unit in the stack, first verify the unit number of the switch (i.e., switches are numbered downward in the stack starting with the Master as unit 1), and then select the appropriate unit number from the web or console management interface.

Selecting the Stack Master

Note the following points about unit numbering:
The unit identification number can also be selected on the front panel graphic of the web interface, or from the CLI.
If the Master/Slave button is pushed in on more than one switch, or is not pressed on any switch, the system will not be able to initialize the stack connections.

Recovering from Stack Failure or Topology Change

When a link or unit in the stack fails, a trap message is sent and a failure event is logged. The stack will be rebooted after any system failure or topology change. It takes two to three minutes to for the stack to reboot. Also note that powering down a unit or inserting a new unit in the stack will cause the stack to reboot.
2-5
I
NITIAL CONFIGURATION

Resilient IP Interface for Management Access

The stack functions as one integral system for management and configuration purposes. You can therefore manage the stack through any port configured as part of the VLAN used for management access. The Master unit does not even have to include an active port member in the management VLAN. However, if the unit to which you normally connect for management access fails, and there are no active port members on the other units within this VLAN interface, then this IP address will no longer be available. To retain a constant IP address for management access across fail-over events, you should include port members on several units within the VLAN used for stack management.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully configure switch parameters, you must access the CLI at the Privileged Exec level.
Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps:
1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.
2. At the Username prompt, enter “admin.”
3. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)
2-6
B
ASIC CONFIGURATION
4. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level.

Setting Passwords

Note: If this is your first time to log into the CLI program, you should
define new passwords for both default user names using the “username” command, record them and put them in a safe place.
Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows:
1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level.
2. Type “configure” and press <Enter>.
3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>.
4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>.
Username: admin Password: CLI session with the SMC6824M is opened. To end the CLI session, enter [Exit]. Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)#

Setting an IP Address

You must establish IP address information for the switch to obtain management access through the network. This can be done in either of the following ways:
Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.
2-7
I
NITIAL CONFIGURATION
Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network.
Note: Only one VLAN interface can be assigned an IP address (the
default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address and this becomes the new management VLAN.
Manual Configuration
You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.
Note: The IP address for this switch is obtained via DHCP by default.
Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:
IP address for the switch
Default gateway for the network
Network mask for this network
To assign an IP address to the switch, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.
2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP address and “netmask” is the network mask for the network. Press <Enter>.
3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.
2-8
B
ASIC CONFIGURATION
4. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>.
Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)#
Dynamic Configuration
If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart” command to start broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information. (BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.)
If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on.
To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.
2. At the interface-configuration mode prompt, use one of the following commands:
To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>.
To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.
3. Type “end” to return to the Privileged Exec mode. Press <Enter>.
2-9
I
NITIAL CONFIGURATION
4. Type “ip dhcp restart” to begin broadcasting service requests. Press <Enter>.
5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>.
6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>.
Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#ip dhcp restart Console#show ip interface IP interface vlan IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup
Console#

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as SMC EliteView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.
When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.
The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients. To provide management access for version 1 or 2c clients, you must specify a community string. The switch provides a default MIB View (i.e., an SNMPv3 construct) for the default “public” community string that provides read access to the entire MIB tree, and a default view for the “private” community string that provides read/write access to the
2-10
B
ASIC CONFIGURATION
entire MIB tree. However, you may assign new views to version 1 or 2c community strings that suit your specific security requirements (see page 3-67).
Community Strings (for SNMP version 1 and 2c clients)
Community strings are used to control management access to SNMP version 1 and 2c stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users, and set the access level.
The default strings are:
public - Specifies read-only access. Authorized management stations are only able to retrieve MIB objects.
private - Specifies read-write access. Authorized management stations are able to both retrieve and modify MIB objects.
To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default community strings.
To configure a community string, complete the following steps:
1. From the Privileged Exec level global configuration mode prompt,
type “snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>. (Note that the default mode is read only.)
2. To remove an existing string, simply type “no snmp-server community
string,” where “string” is the community access string to remove. Press <Enter>.
Console(config)#snmp-server community admin rw Console(config)#snmp-server community private Console(config)#
Note: If you do not intend to support access to SNMP version 1 and 2c
clients, we recommend that you delete both of the default
2-11
I
NITIAL CONFIGURATION
community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled.
Trap Receivers
You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, use the “snmp-server host” command. From the Privileged Exec level global configuration mode prompt, type:
“snmp-server host host-address community-string
[version{1|2c|3{auth| noauth | priv}}]”
where “host-address” is the IP address for the trap receiver, “community-string” specifies access rights for a version 1/2c host, or is the user name of a version 3 host, “version” indicates the SNMP client version, and “auth | noauth | priv” means that authentication, no authentication, or authentication and privacy is used for v3 clients. Then press <Enter>. For a more detailed description of these parameters, see “snmp-server host” on page 4-156. The following example creates a trap host for each type of SNMP client.
Console(config)#snmp-server host 10.1.19.23 batman Console(config)#snmp-server host 10.1.19.98 robin version 2c Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#
Configuring Access for SNMP Version 3 Clients
To configure management access for SNMPv3 clients, you need to first create a view that defines the portions of MIB that the client can read or write, assign the view to a group, and then assign the user to a group. The following example creates one view called “mib-2” that includes the entire MIB-2 tree branch, and then another view that includes the IEEE 802.1d bridge MIB. It assigns these respective read and read/write views to a group call “r&d” and specifies group authentication via MD5 or SHA. In the last step, it assigns a v3 user to this group, indicating that MD5 will be
2-12
B
ASIC CONFIGURATION
used for authentication, provides the password “greenpeace” for authentication, and the password “einstien” for encryption.
Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included Console(config)#snmp-server group r&d v3 auth mib-2 802.1d Console(config)#snmp-server user steve group r&d v3 auth md5
greenpeace priv des56 einstien
Console(config)#
For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refer to “Simple Network Management Protocol” on page 3-45, or refer to the specific CLI commands for SNMP starting on page 4-151.

Saving Configuration Settings

Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in nonvolatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command.
To save the current configuration settings, enter the following command:
1. From the Privileged Exec mode prompt, type “copy running-config
startup-config” and press <Enter>.
2. Enter the name of the start-up file. Press <Enter>.
Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming. \Write to FLASH finish. Success.
Console#
2-13
I
NITIAL CONFIGURATION

Managing System Files

The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
The three types of files are:
Configuration — This file stores system configuration information and is created when configuration settings are saved. Saved configuration files can be selected as a system start-up file or can be uploaded via TFTP to a server for backup. A file named “Factory_Default_Config.cfg” contains all the system default settings and cannot be deleted from the system. See “Saving or Restoring Configuration Settings” on page 3-26 for more information.
Operation Code — System software that is executed after boot-up, also known as run-time code. This code runs the switch operations and provides the CLI, web and SNMP management interfaces. See “Managing Firmware” on page 3-23 for more information.
Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test).
Due to the size limit of the flash memory, the switch supports only two operation code files, and three configuration files (including the factory defaults file).
In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded.
Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.
2-14
C
ONFIGURING POWER OVER ETHERNET

Configuring Power over Ethernet

The 24 10/100 Mbps ports on the SMC6824MPE and SMC6826MPE support the IEEE 802.3af Power-over-Ethernet (PoE) standard that enables DC power to be supplied to attached devices over the unused pairs of wires in the connecting Ethernet cable. Any 802.3af compliant device attached to a port can directly draw power from the switch over the Ethernet cable without requiring its own separate power source. This capability gives network administrators centralized power control for devices such as IP phones and wireless access points, which translates into greater network availability.
A maximum PoE power budget for the switch (power available to all switch ports) can be defined so that power can be centrally managed, preventing overload conditions at the power source. If the power demand from devices connected to the switch exceeds the power budget setting, the switch uses port power priority settings to limit the supplied power.
In the example below, the power mainpower maximum allocation CLI command is used to set the PoE power budget for the switch. (Range: 37 - 375 watts). If devices connected to the switch require more power than the switch budget, the port power priority settings are used to control the supplied power. See “Setting a Switch Power Budget” on page 3-147 for details.
Console(config)#power mainpower maximum allocation 200 4-91 Console(config)#
PoE is enabled for all ports by default. Power can be disabled for a port by using the no form of the power inline CLI command, as shown in the example below.
Console(config)#interface ethernet 1/2 4-131 Console(config-if)#no power inline 4-70 Console(config-if)#
2-15
I
NITIAL CONFIGURATION
2-16
CHAPTER 3
CONFIGURING THE SWITCH

Using the Web Interface

This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).
Note: You can also use the Command Line Interface (CLI) to manage
the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to Chapter 4 “Command Line Interface.”
Prior to accessing the switch from a Web browser, be sure you have first performed the following tasks:
1. Configure the switch with a valid IP address, subnet mask, and default gateway using an out-of-band serial connection, BOOTP or DHCP protocol (see “Setting the IP Address” on page 3-19).
1. Set user names and passwords using an out-of-band serial connection. Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program. (See “Configuring User Accounts” on page 3-70.)
2. After you enter a user name and password, you will have access to the system configuration program.
3-1
C
ONFIGURING THE SWITCH
Notes: 1. You are allowed three attempts to enter the correct password;
on the third failed attempt the current connection is terminated.
2. If you log into the web interface as guest (Normal Exec level), you can view the configuration settings or change the guest password. If you log in as “admin” (Privileged Exec level), you can change the settings on any page.
3. If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin Edge Port) to improve the switch’s response time to management commands issued through the web interface. See “Configuring Interface Settings” on page 3-169.
3-2
N
AVIGATING THE WEB BROWSER INTERFACE

Navigating the Web Browser Interface

To access the Web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”

Home Page

When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.
Figure 3-1 Home Page
Note: The examples in this chapter are based on the SMC6824M.
There are no major differences between the SMC6824M, SMC6824MPE, and SMC6826MPE.
3-3
C
ONFIGURING THE SWITCH

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the Web page configuration buttons.
Table 3-1 Web Page Configuration Buttons
Button Action
Apply Sets specified values to the system.
Revert Cancels specified values and restores current values
prior to pressing “Apply” or “Apply Changes.”
Help Links directly to web help.
Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer
5.x is configured as follows: Under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings,” the setting for item “Check for newer versions of stored pages” should be “Every visit to the page.”
2. When using Internet Explorer 5.0, you may have to manually refresh the screen after making configuration changes by pressing the browser’s refresh button.
3-4
N
AVIGATING THE WEB BROWSER INTERFACE

Panel Display

The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control). Clicking on the image of a port opens the Port Configuration page as described on page 3-117.
SMC6824M
SMC6824MPE
SMC6826MPE
Figure 3-2 Front Panel Indicators
3-5
C
ONFIGURING THE SWITCH

Main Menu

Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.
Table 3-2 Switch Main Menu
Menu Description Page
System 3-13
System Information Provides basic system description, including
contact information
Switch Information Shows the number of ports, hardware/
firmware version numbers, and power status
Bridge Extension Shows the bridge extension parameters 3-18
IP Configuration Sets the IP address for management access 3-19
File 3-23
Copy Enables the transfer and copying files 3-24
Delete Enables the deletion of files from flash
memory
Set Startup Sets the startup files 3-24
Line 3-30
Console Sets console port connection parameters 3-30
Telnet Sets Telnet connection parameters 3-33
Log 3-35
Logs Stores and displays error messages 3-39
System Logs Sends error messages to a logging process 3-35
Remote Logs Configures the logging of messages to a
remote logging process
SMTP Sends an SMTP client message to a
participating server
Reset Restarts the switch 3-42
3-13
3-15
3-24
3-37
3-40
3-6
N
AVIGATING THE WEB BROWSER INTERFACE
Table 3-2 Switch Main Menu (Continued)
Menu Description Page
SNTP 3-43
Configuration Configures SNTP client settings, including
broadcast mode or a specified list of servers
Clock Time Zone Sets the local time zone for the system clock 3-43
SNMP 3-45
Configuration Configures community strings and related
trap functions
Agent Status Allows SNMP to be enabled or disabled 3-50
SNMPv3 3-53
Engine ID Sets the SNMP v3 engine ID on this switch 3-53
Remote Engine ID Sets the SNMP v3 engine ID for a remote
device
Users Configures SNMP v3 users on this switch 3-55
Remote Users Configures SNMP v3 users from a remote
device
Groups Configures SNMP v3 groups 3-61
Views Configures SNMP v3 views 3-67
Security 3-69
User Accounts Configures user names and passwords 3-70
Authentication Settings Configures authentication sequence,
RADIUS and TACACS
HTTPS Settings Configures secure HTTP settings 3-75
SSH 3-78
Settings Configures Secure Shell server settings 3-83
Host-Key Settings Generates the host key pair (public and
private)
Port Security Configures per port security, including status,
response for security breach, and maximum allowed MAC addresses
3-43
3-48
3-54
3-58
3-72
3-81
3-85
3-7
C
ONFIGURING THE SWITCH
Table 3-2 Switch Main Menu (Continued)
Menu Description Page
802.1X Port authentication 3-88
Information Displays the global configuration setting 3-89
Configuration Configures the global configuration setting 3-88
Port Configuration Sets parameters for individual ports 3-94
Statistics Displays protocol statistics for the selected
port
ACL 3-98
Configuration Configures packet filtering based on IP or
MAC addresses
Mask Configuration Controls the order in which ACL rules are
checked
Port Binding Binds a port to the specified ACL 3-112
IP Filter Sets IP addresses of clients allowed
management access via the Web, SNMP, and Telnet
Port 3-114
Port Information Displays port connection status 3-114
Trunk Information Displays trunk connection status 3-114
Port Configuration Configures port connection settings 3-117
Trunk Configuration Configures trunk connection settings 3-117
Trunk Membership Specifies ports to group into static trunks 3-121
LACP 3-123
Configuration Allows ports to dynamically join trunks 3-125
Aggregation Port Configures system priority, admin key, and
port priority
Port Counters Information
Port Internal Information
Port Neighbors Information
Displays statistics for LACP protocol messages
Displays settings and operational state for local side
Displays settings and operational state for remote side
3-94
3-98
3-107
3-96
3-125
3-129
3-130
3-133
3-8
N
AVIGATING THE WEB BROWSER INTERFACE
Table 3-2 Switch Main Menu (Continued)
Menu Description Page
Broadcast Control Sets the broadcast storm threshold for each
port
Mirror Port Configuration
Rate Limit 3-138
Input Port Configuration
Input Trunk Configuration
Output Port Configuration
Output Trunk Configuration
Port Statistics Lists Ethernet and RMON port statistics 3-139
*
PoE
Power Status Displays the status of global power
Power Config Configures the power budget for the switch 3-147
Power Port Status Displays the status of port power parameters 3-148
Power Port Config Configures port power parameters 3-149
Address Table 3-151
Static Addresses Displays entries for interface, address or
Dynamic Addresses Displays or edits static entries in the Address
Address Aging Sets timeout for dynamically learned entries 3-154
Spanning Tree 3-154
STA
Information Displays STA values used for the bridge 3-156
Configuration Configures global bridge settings for STA 3-160
Port Information Displays individual port settings for STA 3-165
Trunk Information Displays individual trunk settings for STA 3-165
Port Configuration Configures individual port settings for STA 3-169
Sets the source and target ports for mirroring 3-136
Sets the input rate limit for each port 3-138
Sets the input rate limit for each trunk 3-138
Sets the output rate limit for each port 3-138
Sets the output rate limit for each trunk 3-138
parameters
VLAN
Table
3-135
3-145
3-146
3-151
3-152
3-9
C
ONFIGURING THE SWITCH
Table 3-2 Switch Main Menu (Continued)
Menu Description Page
Trunk Configuration Configures individual trunk settings for STA 3-169
MSTP
VLAN Configuration Configures priority and VLANs for a
spanning tree instance
Port Information Displays port settings for a specified MST
instance
Trunk Information Displays trunk settings for a specified MST
instance
Port Configuration Configures port settings for a specified MST
instance
Trunk Configuration Configures trunk settings for a specified MST
instance
VLAN 3-179
802.1Q VLAN 3-179
GVRP Status Enables GVRP VLAN registration protocol 3-183
Basic Information Displays basic information on the VLAN
type supported by this switch
Current Table Shows the current port members of each
VLAN and whether or not the port supports VLAN tagging
Static List Used to create or remove VLAN groups 3-186
Static Table Modifies the settings for an existing VLAN 3-188
Static Membership by Port
Port Configuration Specifies default PVID and VLAN attributes 3-191
Trunk Configuration Specifies default trunk VID and VLAN
Configures membership type for interfaces, including tagged, untagged or forbidden
attributes
3-172
3-175
3-175
3-177
3-177
3-184
3-185
3-190
3-191
3-10
N
AVIGATING THE WEB BROWSER INTERFACE
Table 3-2 Switch Main Menu (Continued)
Menu Description Page
Private VLAN 3-194
Information Shows private VLANs and associated ports 3-195
Configuration Configures private VLANs 3-197
Association Maps a secondary VLAN to a primary VLAN 3-198
Port Information Shows VLAN port type, and associated
primary or secondary VLANs
Port Configuration Configures VLAN port type, and associated
primary or secondary VLANs
Trunk Information Shows VLAN trunk type, and associated
primary or secondary VLANs
Trunk Configuration Configures VLAN trunk type, and associated
primary or secondary VLANs
Priority 3-202
Default Port Priority Sets the default priority for each port 3-202
Default Trunk Priority Sets the default priority for each trunk 3-202
Traffic Classes Maps IEEE 802.1p priority tags to output
queues
Traffic Classes Status Enables/disables traffic class priorities (not
implemented)
Queue Mode Sets queue mode to strict priority or Weighted
Round-Robin
Queue Scheduling Configures Weighted Round Robin queueing 3-206
IP Precedence/DSCP Priority Status
IP Precedence Priority Sets IP Type of Service priority, mapping the
IP DSCP Priority Sets IP Differentiated Services Code Point
IP Port Priority Status Globally enables or disables IP Port Priority 3-213
IP Port Priority Sets TCP/UDP port priority, defining the
Globally selects IP Precedence or DSCP Priority, or disables both
precedence tag to a class-of-service value
priority, mapping a DSCP tag to a class-of-service value
socket number and associated class-of-service value
3-199
3-200
3-199
3-200
3-204
3-204
3-206
3-208
3-209
3-211
3-213
3-11
C
ONFIGURING THE SWITCH
Table 3-2 Switch Main Menu (Continued)
Menu Description Page
Copy Settings Enables mapping IP Precedence and DSCP
Priority settings to ports, or trunks.
ACL CoS Priority Sets the CoS value and corresponding output
queue for packets matching an ACL rule
ACL Marker Change traffic priorities for frames matching
an ACL rule
IGMP Snooping 3-220
IGMP Configuration Enables multicast filtering; configures
parameters for multicast query
Multicast Router Port Information
Static Multicast Router Port Configuration
IP Multicast Registration Table
IGMP Member Port Table
DNS 3-229
General Configuration Enables DNS; configures domain name and
Static Host Table Configures static entries for domain name to
Cache Displays cache entries discovered by
* Only the SMC6824MPE and SMC6826MPE support Power over Ethernet.
Displays the ports that are attached to a neighboring multicast router/switch for each VLAN ID
Assigns ports that are attached to a neighboring multicast router/switch
Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID
Indicates multicast addresses associated with the selected VLAN
domain list; and specifies IP address of name servers for dynamic lookup
address mapping
designated name servers
3-215
3-216
3-218
3-222
3-224
3-225
3-226
3-228
3-229
3-232
3-234
3-12
B
ASIC CONFIGURATION

Basic Configuration

Displaying System Information

You can easily identify the system by providing a descriptive name, location and contact information.
Field Attributes
System Name – Name assigned to the switch system.
Object ID – MIB II object ID for switch’s network management subsystem. (SMC6824M: 1.3.6.1.4.1.202.20.28; SMC6824MPE: 1.3.6.1.4.1.202.20.41; SMC6826MPE: 1.3.6.1.4.1.202.20.53)
Location – Specifies the system location.
Contact – Administrator responsible for the system.
System Up Time – Length of time the management agent has been up.
These additional parameters are displayed for the CLI.
MAC Address – The physical layer address for this switch.
Web server – Shows if management access via HTTP is enabled.
Web server port – Shows the TCP port number used by the web interface.
Web secure server – Shows if management access via HTTPS is enabled.
Web secure server port – Shows the TCP port used by the HTTPS interface.
Telnet server – Shows if management access via Telnet is enabled.
Telnet server port – Shows the TCP port number used by Telnet.
Authentication login – Defines the login authentication method and precedence.
Authentication enable – Defines the authentication method and precedence to use when changing from Exec command mode to Privileged Exec command mode
POST result – Shows results of the power-on self-test.
3-13
C
ONFIGURING THE SWITCH
Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that access the Command Line Interface via Telnet.)
Figure 3-3 System Information
3-14
B
ASIC CONFIGURATION
CLI – Specify the hostname, location and contact information.
Console(config)#hostname R&D 5 4-33 Console(config)#snmp-server location WC 9 4-155 Console(config)#snmp-server contact Geoff 4-155 Console(config)#end Console#show system System description: TigerStack III 10/100 -
6824M Managed 24+2 Stackable Switch;
SW version: V2.4.2.13 System OID string: 1.3.6.1.4.1.202.20.28 System information System Up time: 0 days, 0 hours, 6 minutes, and 26.75 seconds System Name: [NONE] System Location: [NONE] System Contact: [NONE] MAC address: 00-04-E2-B3-16-C0 Web server: enabled Web server port: 80 Web secure server: enabled Web secure server port: 443 Telnet server: enable Telnet server port: 23 Authentication login: local Authentication enabled: local POST result
Uart Loopback Test ........... PASS
DRAM Test .................... PASS
Timer Test ................... PASS
PCI Device Test .............. PASS
Switch Int Loopback test ..... PASS
Done All Pass. Console#

Displaying Switch Hardware/Software Versions

Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system.
Field Attributes
Main Board
Serial Number – The serial number of the switch.
Number of Ports – Number of built-in ports.
Hardware Version – Hardware version of the main board.
3-15
C
ONFIGURING THE SWITCH
Internal Power Status – Displays the status of the internal power supply.
Management Software
Loader Version – Version number of loader code.
Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code.
Operation Code Version – Version number of runtime code.
Role – Shows that this switch is operating as Master or Slave.
Expansion Slots
Expansion Slot 1/2 – Stacking module, or
- SMC6824M: Optional modules (1000BASE-T, 1000BASE-XGBIC,
100BASE-FX multimode or single-mode ).
- SMC6824MPE: Combination 1000BASE-T/SFP ports.
- SMC6826MPE: Combination 1000BASE-T/SFP ports.
These additional parameters are displayed for the CLI.
Unit ID – Unit number in stack.
Module Type A/B – Stacking module, or
- SMC6824M: Optional modules (1000BASE-T, 1000BASE-XGBIC,
100BASE-FX multimode or single-mode).
- SMC6824MPE: Combination 1000BASE-T/SFP ports.
- SMC6826MPE: Combination 1000BASE-T/SFP ports.
Redundant Power Status – Displays the status of the redundant power supply.
3-16
B
ASIC CONFIGURATION
Web – Click System, Switch Information.
Figure 3-4 General Switch Information
CLI – Use the following command to display version information.
Console#show version 4-80 Unit 1 Serial number: A230042447 Service tag: Hardware version: R0B Module A type: Stacking Module Module B type: not present Number of ports: 25 Main power status: up Redundant power status :not present
Agent (master) Unit ID: 1 Loader version: 2.1.2.0 Boot ROM version: 2.1.2.10 Operation code version: 2.4.2.13
Console#
3-17
C
ONFIGURING THE SWITCH

Displaying Bridge Extension Capabilities

The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables.
Field Attributes
Extended Multicast Filtering Services – This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).
Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes. (Refer to “Class of Service Configuration” on page 3-202.)
Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses. (Refer to “Setting Static Addresses” on page 3-151.)
VLAN Learning – This switch uses Independent VLAN Learning (IVL), where each port maintains its own filtering database.
Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration” on page 3-179.)
Local VLAN Capable – This switch does not support multiple local bridges outside of the scope of 802.1Q defined VLANs.
GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering.
3-18
B
ASIC CONFIGURATION
Web – Click System, Bridge Extension.
Figure 3-5 Displaying Bridge Extension Configuration
CLI – Enter the following command.
Console#show bridge-ext 4-249 Max support VLAN numbers: 255 Max support VLAN ID: 4093 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Enabled GMRP: Disabled Console#

Setting the IP Address

An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to set an IP address and subnet mask that is compatible with your network. You may also need to establish a default gateway between the switch and management stations that exist on another network segment.
3-19
C
ONFIGURING THE SWITCH
You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything other than this format will not be accepted by the CLI program.
Command Attributes
Management VLAN – ID of the configured VLAN (1-4093). This is the only VLAN through which you can gain management access to the switch. By default, all ports on the switch are members of VLAN 1, so a management station can be connected to any port on the switch. However, if other VLANs are configured and you change the Management VLAN, you may lose management access to the switch. In this case, you should reconnect the management station to a port that is a member of the Management VLAN.
IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configuration Protocol (DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the server. Requests will be broadcast periodically by the switch for an IP address. (DHCP/ BOOTP values can include the IP address, subnet mask, and default gateway.)
IP Address – Address of the VLAN interface that is allowed management access. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. (Default: 0.0.0.0)
Subnet Mask – This mask identifies the host address bits used for routing to specific subnets. (Default: 255.0.0.0)
Gateway IP address – IP address of the gateway router between this device and management stations that exist on other network segments. (Default: 0.0.0.0)
MAC Address – The MAC address of this switch.
Restart DHCP – Requests a new IP address from the DHCP server.
3-20
B
ASIC CONFIGURATION
Manual Configuration
Web – Click System, IP Configuration. Select the VLAN through which
the management station is attached, set the IP Address Mode to “Static.” Enter the IP address, subnet mask and gateway, then click Apply.
Figure 3-6 IP Interface Configuration - Manual
CLI – Specify the management interface, IP address and default gateway.
Console#config Console(config)#interface vlan 1 4-171 Console(config-if)#ip address 10.2.13.30 255.255.255.0 4-280 Console(config-if)#exit Console(config)#ip default-gateway 10.2.13.254 4-282 Console(config)#
3-21
C
ONFIGURING THE SWITCH
Using DHCP/BOOTP
If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services.
Web – Click System, IP Configuration. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes. Then click Restart DHCP to immediately request a new address. Note that the switch will also broadcast a request for IP configuration settings on each power reset.
Figure 3-7 IP Interface Configuration - DHCP
Note: If you lose your management connection, make a console
connection to the Master unit and enter “show ip interface” to determine the new stack address.
CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart” command.
Console#config Console(config)#interface vlan 1 4-171 Console(config-if)#ip address dhcp 4-280 Console(config-if)#end Console#ip dhcp restart 4-282 Console#show ip interface 4-283 IP address and netmask: 192.168.1.1 255.255.255.0 on VLAN 1, and address mode: DHCP. Console#
3-22
B
ASIC CONFIGURATION
Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service via the CLI.
Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the Web interface. You can only restart DHCP service via the Web interface if the current address is still available.
CLI – Enter the following command to restart DHCP service.
Console#ip dhcp restart 4-282 Console#

Managing Firmware

You can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stack. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version. You must specify the method of file transfer, along with the file type and file names as required.
Command Attributes
• File Transfer Method - The firmware copy operation includes these
options:
- file to file - Copies a file within the switch directory, assigning it a new name.
- file to tftp - Copies a file from the switch to a TFTP server.
- tftp to file - Copies a file from a TFTP server to the switch.
- file to unit - Copies a file from this switch to another unit in the stack.
- unit to file - Copies a file from another unit in the stack to this switch.
TFTP Server IP Address – The IP address of a TFTP server.
File Type – Specify opcode (operational code) to copy firmware.
3-23
C
ONFIGURING THE SWITCH
File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
Source/Destination Unit – Stack unit. (Range: 1 - 8)
Note:Up to two copies of the system software (i.e., the runtime firmware)
can be stored in the file directory on the switch. The currently designated startup version of this file cannot be deleted.
Downloading System Software from a Server
When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file.
Web – Click System, File, Copy. Select “tftp to file” from the drop-down menu. Select “tftp to file” as the file transfer method, enter the IP address of the TFTP server, set the file type to “opcode,” enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click Apply. If you replaced the current firmware used for startup and want to start using the new operation code, reboot the system via the System/Reset menu.
3-24
Figure 3-8 Copy Firmware
B
ASIC CONFIGURATION
If you download to a new destination file, go to the File, Set Start-Up menu, mark the operation code file used at startup, and click Apply. To start the new firmware, reboot the system via the System/Reset menu.
Figure 3-9 Setting the Startup Code
To delete a file, select System, File, Delete. Select the file name from the given list by checking the tick box and then click Apply. Note that the file currently designated as the startup code cannot be deleted.
Figure 3-10 Deleting Files
3-25
C
ONFIGURING THE SWITCH
CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “opcode” as the file type, then enter the source and destination file names. When the file has finished downloading, set the new file to start up the system and then restart the switch.
To start the new firmware, enter the “reload” command or reboot the system.
Console#copy tftp file 4-82 TFTP server ip address: 10.1.0.99 Choose file type:
1. config: 2. opcode 3. PD_Controller: <1-3>: 2 Source file name: V2.4.2.13.bix Destination file name: V24213 / Console#config Console(config)#boot system opcode: V24213 4-89 Console(config)#exit Console#reload 4-28

Saving or Restoring Configuration Settings

You can upload/download configuration settings to/from a TFTP server, or copy files to and from switch units in a stack. The configuration file can be later downloaded to restore the switch’s settings.
Command Usage
• When updating the PoE controller, first copy the PD controller file from a TFTP server to the switch's file system (tftp to file), and then copy this file to the controller (file to file).
• When specifying the file type “PD_Controller” or “PoE” for copy operations via the web or CLI, file types other than PoE controller may be downloaded, but will not adversely affect the system.
Command Attributes
• File Transfer Method - The configuration copy operation includes these options:
- file to file - Copies a file within the switch directory, assigning it a new
name.
- file to running-config - Copies a file in the switch to the running
configuration.
3-26
B
ASIC CONFIGURATION
- file to startup-config - Copies a file in the switch to the startup configuration.
- file to tftp - Copies a file from the switch to a TFTP server.
- running-config to file - Copies the running configuration to a file.
- running-config to startup-config - Copies the running config to the startup config.
- running-config to tftp - Copies the running configuration to a TFTP server.
- startup-config to file - Copies the startup configuration to a file on the switch.
- startup-config to running-config - Copies the startup config to the running config.
- startup-config to tftp - Copies the startup configuration to a TFTP server.
- tftp to file - Copies a file from a TFTP server to the switch.
- tftp to running-config - Copies a file from a TFTP server to the running config.
- tftp to startup-config - Copies a file from a TFTP server to the startup config.
- file to unit - Copies a file from this switch to another unit in the stack.
- unit to file - Copies a file from another unit in the stack to this switch
TFTP Server IP Address – The IP address of a TFTP server.
File Type – Specify config (configuration) to copy configuration settings, or PD_Controller to copy a PoE controller file.
File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
Source/Destination Unit – Stack unit. (Range: 1 - 8)
Note: Due to the size limit of the flash memory, the switch supports only
three configuration files (including the factory defaults file).
3-27
C
ONFIGURING THE SWITCH
Downloading Configuration Settings from a Server
You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg” can be copied to the TFTP server, but cannot be used as the destination on the switch.
Web – Click System, File, Copy. Choose “tftp to startup-config” or “tftp to file,” and enter the IP address of the TFTP server. Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name, then click Apply.
3-28
Figure 3-11 Downloading Configuration Settings for Start-Up
B
ASIC CONFIGURATION
If you download to a new file name using “tftp to startup-config” or “tftp to file,” the file is automatically set as the start-up configuration file. To use the new settings, reboot the system via the System/Reset menu. You can also select any configuration file as the start-up configuration by using the System/File Management/Set Start-Up page.
Figure 3-12 Setting the Startup Configuration Settings
CLI – Enter the IP address of the TFTP server, specify the source file on
the server, set the startup file name on the switch, and then restart the switch.
Console#copy tftp startup-config 4-82 TFTP server ip address: 192.168.1.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming.
-Write to FLASH finish. Success.
Console#reload
To select another configuration file as the start-up configuration, use the boot system command and then restart the switch.
Console#config Console(config)#boot system config: startup-new 4-89 Console(config)#exit Console#reload 4-28
3-29
C
ONFIGURING THE SWITCH
This example shows how to download a PoE controller file from a TFTP server.
Console#copy tftp file 4-82 TFTP server IP address: 10.3.4.50 Choose file type:
1. config: 2. opcode 3. PD_Controller: <1-3>: 3 Source file name: 7012_007.s19 Destination file name: PoE-test Write to FLASH Programming. Write to FLASH finish. Success. Console#
This example shows how to copy a PoE controller file from another unit
in the stack.
Console#copy file controller 4-82 Unit <1-2>: 2 Choose controller type:
1. PoE: 2. VDSL: 3. TBD <1-3>: 1 Source file name: PoE-test Software downloading in progress, please wait... Unit 1 done Console#

Console Port Settings

You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port. Management access through the console port is controlled by various parameters, including a password, timeouts, and basic communication settings. These parameters can be configured via the Web or CLI interface.
Command Attributes
Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 0 - 300 seconds; Default: 0)
Exec Timeout – Sets the interval that the system waits until user input is detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 0 - 65535 seconds; Default: 600 seconds)
3-30
B
ASIC CONFIGURATION
Password Threshold – Sets the password intrusion threshold, which
limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts)
Silent Time – Sets the amount of time the management console is
inaccessible after the number of unsuccessful logon attempts has been exceeded. (Range: 0-65535; Default: 0)
Data Bits – Sets the number of data bits per character that are
interpreted and generated by the console port. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character. (Default: 8 bits)
Parity – Defines the generation of a parity bit. Communication protocols
provided by some terminals can require a specific parity bit setting. Specify Even, Odd, or None. (Default: None)
Speed – Sets the terminal line’s baud rate for transmit (to terminal) and
receive (from terminal). Set the speed to match the baud rate of the device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Auto; Default: Auto)
Stop Bits – Sets the number of the stop bits transmitted per byte.
(Range:1-2;Default: 1 stop bit)
Password
1
– Specifies a password for the line connection. When a connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. (Default: No password)
Login
1
– Enables password checking at login. You can select
authentication by a single global password as configured for the Password parameter, or by passwords set up for specific user-name accounts. (Default: Local)
1. CLI only.
3-31
C
ONFIGURING THE SWITCH
Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply.
Figure 3-13 Console Port Settings
CLI – Enter Line Configuration mode for the console, then specify the
connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level.
Console(config)#line console 4-14 Console(config-line)#login local 4-15 Console(config-line)#password 0 secret 4-16 Console(config-line)#timeout login response 0 4-17 Console(config-line)#exec-timeout 0 4-18 Console(config-line)#password-thresh 5 4-19 Console(config-line)#silent-time 60 4-20 Console(config-line)#databits 8 4-20 Console(config-line)#parity none 4-21 Console(config-line)#speed auto 4-22 Console(config-line)#stopbits 1 4-23 Console(config-line)#end Console#show line console 4-24 Console configuration: Password threshold: 5 times Interactive timeout: Disabled Login timeout: Disabled Silent time: 60 Baudrate: auto Databits: 8 Parity: none Stopbits: 1 Console#
3-32
B
ASIC CONFIGURATION

Telnet Settings

You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other various parameters set, including the TCP port number, timeouts, and a password. These parameters can be configured via the Web or CLI interface.
Command Attributes
Telnet Status – Enables or disables Telnet access to the switch. (Default: Enabled)
Telnet Port Number – Sets the TCP port number for Telnet on the switch. (Default: 23)
Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 0 - 300 seconds; Default: 300 seconds)
Exec Timeout – Sets the interval that the system waits until user input is detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 0 - 65535 seconds; Default: 600 seconds)
Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts)
Password connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. (Default: No password)
Login authentication by a single global password as configured for the Password parameter, or by passwords set up for specific user-name accounts. (Default: Local)
2
– Specifies a password for the line connection. When a
2
– Enables password checking at login. You can select
2. CLI only.
3-33
C
ONFIGURING THE SWITCH
Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.
Figure 3-14 Configuring the Telnet Interface
CLI – Enter Line Configuration mode for a virtual terminal, then specify
the connection parameters as required. To display the current virtual terminal settings, use the show line command from the Normal Exec level.
Console(config)#line vty 4-14 Console(config-line)#login local 4-15 Console(config-line)#password 0 secret 4-16 Console(config-line)#timeout login response 300 4-17 Console(config-line)#exec-timeout 0 4-18 Console(config-line)#password-thresh 3 4-19 Console(config-line)#end Console#show line 4-24 Console configuration: Password threshold: 5 times Interactive timeout: Disabled Login timeout: Disabled Silent time: 60 Baudrate: auto Databits: 8 Parity: none Stopbits: 1
VTY configuration: Password threshold: 3 times Interactive timeout: 600 sec Login timeout: 300 sec Console#
3-34
B
ASIC CONFIGURATION

Configuring Event Logging

The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages.
System Log Configuration
The system allows you to enable or disable event logging, and specify which levels are logged to RAM or flash memory.
Severe error messages that are logged to flash memory are permanently stored in the switch to assist in troubleshooting network problems. Up to 4096 log entries can be stored in the flash memory, with the oldest entries being overwritten first when the available log memory (256 kilobytes) has been exceeded.
The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory. The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM.
3-35
C
ONFIGURING THE SWITCH
Command Attributes
System Log Status – Enables/disables the logging of debug or error messages to the logging process.
Flash Level – Limits log messages saved to the switch’s permanent flash memory for all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be logged to flash. (Range: 0-7, Default: 3).
Table 3-3 Logging Levels
Level Severity Name Description
7 Debug Debugging messages
6 Informational Informational messages only
5 Notice Normal but significant condition, such as cold
start
4 Warning Warning conditions (e.g., return false, unexpected
return)
3 Error Error conditions (e.g., invalid input, default used)
2 Critical Critical conditions (e.g., memory allocation, or
free memory error - resource exhausted)
1 Alert Immediate action needed
0 Emergency System unusable
* There are only Level 2, 5 and 6 error messages for the current firmware release.
RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 6)
The switch allows you to specify which levels are logged to RAM or flash memory.
Note:The Flash Level must be equal to or less than the RAM Level.
3-36
B
ASIC CONFIGURATION
Web – Click System, Log, System Logs. Specify the System Log Status, set the level of event messages to be logged to RAM and flash memory, and then click Apply.
Figure 3-15 System Logs
CLI – Enable system logging and then specify the level of messages to be
logged to RAM and flash memory. Use the show logging command to display the current settings.
Console(config)#logging on 4-57 Console(config)#logging history ram 6 4-57 Console(config)# Console#show logging ram 4-61 Syslog logging: Enabled History logging in RAM: level informational Console#
Remote Log Configuration
The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers. You can also limit the error messages sent to only those messages below a specified level.
Command Attributes
Remote Log Status – Enables/disables the logging of debug or error
messages to the remote logging process. (Default: Disabled)
Logging Facility – Sets the facility type for remote logging of syslog
messages. There are eight facility types specified by values of 16 to 23. The facility type is used by the syslog server to dispatch log messages to an appropriate service.
3-37
C
ONFIGURING THE SWITCH
This attribute specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to process messages, such as sorting or storing messages in the corresponding database. (Range: 16-23, Default: 23)
Logging Trap – Limits log messages that are sent to the remote syslog server for all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be sent to the remote server. (Range: 0-7, Default: 7)
Host IP List – Displays the list of remote server IP addresses that receive the syslog messages. The maximum number of host IP addresses allowed is five.
Host IP Address – Specifies a new server IP address to add to the Host IP List.
Web – Click System, Log, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP List, and then click Remove.
3-38
Figure 3-16 Remote Logs
B
ASIC CONFIGURATION
CLI – Enter the syslog server host IP address, choose the facility type and set the minimum level of messages to be logged.
Console(config)#logging host 192.168.1.7 4-59 Console(config)#logging facility 23 4-59 Console(config)#logging trap 4 4-60 Console(config)# Console#show logging trap 4-61 Syslog logging: Enabled REMOTELOG status: Enabled REMOTELOG facility type: local use 7 REMOTELOG level type: Warning conditions REMOTELOG server IP address: 192.168.1.7 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 Console#
Displaying Log Messages
Use the Logs page to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory.
Web – Click System, Log, Logs.
Figure 3-17 Displaying Logs
3-39
C
ONFIGURING THE SWITCH
CLI – This example shows the event message stored in RAM.
Console#show logging flash 4-61 [1] 00:01:30 2001-01-01 "VLAN 1 link-up notification." level: 6, module: 5, function: 1, and event no.: 1 [0] 00:01:30 2001-01-01 "Unit 1, Port 1 link-up notification." level: 6, module: 5, function: 1, and event no.: 1 Console#
Sending Simple Mail Transfer Protocol Alerts
To alert system administrators of problems, the switch can use SMTP (Simple Mail Transfer Protocol) to send email messages when triggered by logging events of a specified level. The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients.
Command Attributes
Admin Status – Enables/disables the SMTP function. (Default: Enabled)
Email Source Address – Sets the email address used for the “From” field in alert messages. You may use a symbolic email address that identifies the switch, or the address of an administrator responsible for the switch.
Severity – Sets the syslog severity threshold level (see table on page 3-36) used to trigger alert messages. All events at this level or higher will be sent to the configured email recipients. For example, using Level 7 will report all events from level 7 to level 0. (Default: Level 7)
SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to connect to the other listed servers if the first fails. Use the New SMTP Server text field and the Add/Remove buttons to configure the list.
Email Destination Address List – Specifies the email recipients of alert messages. You can specify up to five recipients. Use the New Email Destination Address text field and the Add/Remove buttons to configure the list.
3-40
B
ASIC CONFIGURATION
Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an IP address to the SMTP Server List, type the new IP address in the SMTP Server field and click Add. To delete an IP address, click the entry in the SMTP Server List and click Remove. Specify up to five email addresses to receive the alert messages, and click Apply.
Figure 3-18 Enabling and Configuring SMTP Alerts
3-41
C
ONFIGURING THE SWITCH
CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the logging sendmail command to complete the configuration. Use the show logging sendmail command to display the current SMTP configuration.
Console(config)#logging sendmail host 192.168.1.4 4-64 Console(config)#logging sendmail level 3 4-65 Console(config)#logging sendmail source-email
big-wheels@matel.com 4-66
Console(config)#logging sendmail destination-email
chris@this-company.com 4-67 Console(config)#logging sendmail 4-67 Console(config)#exit Console#show logging sendmail 4-68 SMTP servers
-----------------------------------------------
1. 192.168.1.4
SMTP minimum severity level: 4
SMTP destination email addresses
-----------------------------------------------
1. chris@matel.com
SMTP source email address: big-wheels@matel.com
SMTP status: Enabled Console#

Resetting the System

Web – Select System, Reset to reboot the switch. When prompted,
confirm that you want reset the switch.
Figure 3-19 Resetting the Switch
3-42
B
ASIC CONFIGURATION
CLI – Use the reload command to reboot the system.
Console#reload 4-28 System will be restarted, continue <y/n>? y
Note:When restarting the system, it always runs the Power-On Self-Test.

Setting the System Clock

Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock using the CLI. (See “calendar set” on page 4-74.) If the clock is not set, the switch will only record the time from the factory default set at the last bootup.
When the SNTP client is enabled, the switch periodically sends a request for a time update to a configured time server. You can configure up to three time server IP addresses. The switch will attempt to poll each server in the configured sequence.
Configuring SNTP
You can configure the switch to send time synchronization requests to time servers.
Command Attributes
SNTP Client – Configures the switch to operate as an SNTP client. This requires at least one time server to be specified in the SNTP Server field. (Default: Disabled)
SNTP Poll Interval – Sets the interval between sending requests for a time update from a time server. (Range: 16-16284 seconds; Default: 16 seconds)
SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence.
3-43
C
ONFIGURING THE SWITCH
Web – Select SNTP, Configuration. Modify any of the required parameters and click Apply.
Figure 3-20 SNTP Configuration
CLI – This example configures the switch to operate as an SNTP client
and then displays the current time and settings.
Console(config)#sntp server 10.1.0.19 137.82.140.80
128.250.36.2 4-70 Console(config)#sntp poll 60 4-71 Console(config)#sntp client 4-69 Console(config)#exit Console#show sntp 4-72 Current time: Jan 6 14:56:05 2004 Poll interval: 60 Current mode: unicast SNTP status : Enabled SNTP server 10.1.0.11 137.82.140.80 128.250.36.2 Current server: 128.250.36.2 Console#
Setting the Time Zone
SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (after) or west (before) of UTC.
Command Attributes
Current Time – Displays the current time.
Name – Assigns a name to the time zone. (Default: UTC; Range: 1-29 characters)
3-44
Loading...