◆ 10BASE-T/100BASE-TX ports support PoE capabilities*
◆ 2 Gigabit combo ports (RJ-45/SFP)
◆ 8.8 Gbps of aggregate bandwidth
◆ Stacks up to 8 units
◆ Non-blocking switching architecture
◆ Spanning Tree Protocol, RSTP, and MSTP
◆ Up to six LACP or static 4-port trunks
◆ RADIUS and TACACS+ authentication
◆ Rate limiting for bandwidth management
◆ CoS support for four-level priority
◆ Full support for VLANs with GVRP
◆ IP Multicasting with IGMP Snooping
◆ Manageable via console, Web, SNMP/RMON
Port Fast Ethernet Swi
tch
Management Guide
SMC6824M
SMC6824MPE*
SMC6826MPE*
TigerStack III 10/100
Management Guide
From SMC’s Tiger line of feature-rich workgroup LAN solutions
38 Tesla
Irvine, CA 92618
Phone: (949) 679-8000
June 2005
Pub. # 150200037700A
Information furnished by SMC Networks, Inc. (SMC) is believed to be
accurate and reliable. However, no responsibility is assumed by SMC for its
use, nor for any infringements of patents or other rights of third parties
which may result from its use. No license is granted by implication or
otherwise under any patent or patent rights of SMC. SMC reserves the right
to change specifications at any time without notice.
SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks,
Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
L
IMITED
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free
from defects in workmanship and materials, under normal use and service, for the applicable
warranty term. All SMC products carry a standard 90-day limited warranty from the date of
purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace
any product not operating as warranted with a similar or functionally equivalent product, during
the applicable warranty term. SMC will endeavor to repair or replace any product returned under
warranty within 30 days of receipt of the product.
The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering
new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can
be accomplished via the enclosed product registration card or online via the SMC web site.
Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty
covers a product during the Life of that Product, which is defined as the period of time during
which the product is an “Active” SMC product. A product is considered to be “Active” while it is
listed on the current SMC price list. As new technologies emerge, older technologies become
obsolete and SMC will, at its discretion, replace an older product in its product line with one that
incorporates these newer technologies. At that point, the obsolete product is discontinued and is
no longer an “Active” SMC product. A list of discontinued products with their respective dates
of discontinuance can be found at:
http://www.smc.com/index.cfm?action=customer_service_warranty.
All products that are replaced become the property of SMC. Replacement products may be
either new or reconditioned. Any replaced or repaired product carries either a 30-day limited
warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for
any custom software or firmware, configuration information, or memory data of Customer
contained in, stored on, or integrated with any products returned to SMC pursuant to any
warranty. Products returned to SMC should have any customer-installed accessory or add-on
components, such as expansion modules, removed prior to returning the product for
replacement. SMC is not responsible for these items if they are returned with the product.
Customers must contact SMC for a Return Material Authorization number prior to returning
any product to SMC. Proof of purchase may be required. Any product returned to SMC without
a valid Return Material Authorization (RMA) number clearly marked on the outside of the
package will be returned to customer at customer’s expense. For warranty claims within North
America, please call our toll-free customer support number at (800) 762-4968. Customers are
responsible for all shipping charges from their facility to SMC. SMC is responsible for return
shipping charges from SMC to customer.
W
ARRANTY
i
L
IMITED WARRANTY
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS
WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU
OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER
IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING
WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER
PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH
THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC
SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND
EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES
NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE,
NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED
ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE
INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR
TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL,
CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND,
OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS
ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION,
MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS
PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR
THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY
NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS,
WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY
SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance from the active SMC
price list. Under the limited lifetime warranty, internal and external power supplies, fans, and
cables are covered by a standard one-year warranty from date of purchase.
These switches provide a broad range of features for Layer 2 switching.
They include a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by these switches. However, there are many options that
you should configure to maximize the switch’s performance for your
particular network environment.
The 24 10/100 Mbps ports on the SMC6824MPE and SMC6826MPE also
support the IEEE 802.3af Power-over-Ethernet (PoE) standard that
enables DC power to be supplied to attached devices over the unused pairs
of wires in the connecting Ethernet cable.
Key Features
Table 1-1 Key Features
FeatureDescription
*
Power over Ethernet
Configuration
Backup and Restore
AuthenticationConsole, Telnet, web – User name / password, RADIUS,
Access Control Lists Supports up to 32 IP or MAC ACLs
Powers attached devices using IEEE 802.3af Power over Ethernet
(PoE)
Backup to TFTP server
TACACS+
Web – HTTPS (HTTP/SSL); Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
1
1-1
I
NTRODUCTION
Table 1-1 Key Features
FeatureDescription
DHCP ClientSupported
Port ConfigurationSpeed, duplex mode and flow control
Rate LimitingInput and output rate limiting per port
Port MirroringOne or more ports mirrored to single analysis port
Port TrunkingSupports port trunking using either static or dynamic trunking
(LACP)
Broadcast Storm
Control
Static AddressUp to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and address learning
Store-and-Forward
Switching
Spanning Tree
Protocol
Virtual LANsUp to 255 using IEEE 802.1Q, port-based, or private VLANs
Traffic Prioritization Default port priority, traffic class map, queue scheduling,
Multicast FilteringSupports IGMP snooping and query
Supported
Supported to ensure wire-speed switching while eliminating bad
frames
Supports standard STP and Rapid Spanning Tree Protocol (RSTP),
and Multiple Spanning Trees (MSTP)
IP Precedence or Differentiated Services Code Point (DSCP),
and TCP/UDP Port
* SMC6824MPE and SMC6826MPE only.
Description of Software Features
The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Broadcast storm suppression prevents broadcast
traffic storms from engulfing the network. Untagged (port-based) and
tagged VLANs, plus support for automatic GVRP VLAN registration
provide traffic security and efficient use of network bandwidth. CoS
1-2
D
ESCRIPTION OF SOFTWARE FEATURES
priority queueing ensures the minimum delay for moving real-time
multimedia data across the network. While multicast filtering provides
support for real-time network applications. Some of the management
features are briefly described below.
Configuration Backup and Restore – You can save the current
configuration settings to a file on a TFTP server, and later download this
file to restore the switch configuration settings.
Authentication – This switch authenticates management access via the
console port, Telnet or web browser. User names and passwords can be
configured locally or can be verified via a remote authentication server (i.e.,
RADIUS or TACACS+). Port-based authentication is also supported via
the IEEE 802.1X protocol. This protocol uses the Extensible
Authentication Protocol over LANs (EAPOL) to request user credentials
from the 802.1X client, and then uses the EAP between the switch and the
authentication server to verify the client’s right to access the network via an
authentication server (i.e., RADIUS server).
Other authentication options include HTTPS (HTTP/SSL) for secure
management access via the web, SSH for secure management access over a
Telnet-equivalent connection, SNMP Version 3, IP address filtering for
SNMP/web/Telnet management access, and MAC address filtering for
port access.
Access Control Lists – ACLs provide packet filtering for IP frames
(based on address, protocol, TCP/UDP port number or TCP control
code) or any frames (based on MAC address or Ethernet type). ACLs can
by used to improve performance by blocking unnecessary network traffic
or to implement security controls by restricting access to specific network
resources or protocols.
Port Configuration – You can manually configure the speed, duplex
mode, and flow control used on specific ports, or use auto-negotiation to
detect the connection settings used by the attached device. Use the
full-duplex mode on ports whenever possible to double the throughput of
1-3
I
NTRODUCTION
switch connections. Flow control should also be enabled to control
network traffic during periods of congestion and prevent the loss of
packets when port buffer thresholds are exceeded. The switch supports
flow control based on the IEEE 802.3x standard.
Rate Limiting – This feature controls the maximum rate for traffic
transmitted or received on an interface. Rate limiting is configured on
interfaces at the edge of a network to limit traffic into or out of the
network. Traffic that falls within the rate limit is transmitted, while packets
that exceed the acceptable amount of traffic are dropped.
Port Mirroring – The switch can unobtrusively mirror traffic from any
port to a monitor port. You can then attach a protocol analyzer or RMON
probe to this port to perform traffic analysis and verify connection
integrity.
Port Trunking – Ports can be combined into an aggregate connection.
Trunks can be manually set up or dynamically configured using IEEE
802.3ad Link Aggregation Control Protocol (LACP). The additional ports
dramatically increase the throughput across any connection, and provide
redundancy by taking over the load if a port in the trunk should fail. The
switch supports up to 6 trunks.
Broadcast Storm Control – Broadcast suppression prevents broadcast
traffic from overwhelming the network. When enabled on a port, the level
of broadcast traffic passing through the port is restricted. If broadcast
traffic rises above a pre-defined threshold, it will be throttled until the level
falls back beneath the threshold.
Static Addresses – A static address can be assigned to a specific interface
on this switch. Static addresses are bound to the assigned interface and will
not be moved. When a static address is seen on another interface, the
address will be ignored and will not be written to the address table. Static
addresses can be used to provide network security by restricting access for
a known host to a specific port.
1-4
D
ESCRIPTION OF SOFTWARE FEATURES
IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent
bridging. The address table facilitates data switching by learning addresses,
and then filtering or forwarding traffic based on this information. The
address table supports up to 8K addresses.
Store-and-Forward Switching – The switch copies each frame into its
memory before forwarding them to another port. This ensures that all
frames are a standard Ethernet size and have been verified for accuracy
with the cyclic redundancy check (CRC). This prevents bad frames from
entering the network and wasting bandwidth.
To avoid dropping frames on congested ports, the switch provides 8 MB
for frame buffering. This buffer can queue packets awaiting transmission
on congested networks.
Spanning Tree Algorithm – The switch supports these spanning tree
protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides
loop detection and recovery by allowing two or more redundant
connections to be created between a pair of LAN segments. When there
are multiple physical paths between segments, this protocol will choose a
single path and disable all others to ensure that only one route exists
between any two stations on the network. This prevents the creation of
network loops. However, if the chosen path should fail for any reason, an
alternate path will be activated to maintain the connection.
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to about 3 to
5 seconds, compared to 30 seconds or more for the older IEEE 802.1D
STP standard. It is intended as a complete replacement for STP, but can
still interoperate with switches running the older standard by automatically
reconfiguring ports to STP-compliant mode if they detect STP protocol
messages from attached devices.
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is
a direct extension of RSTP. It can provide an independent spanning tree
1-5
I
NTRODUCTION
for different VLANs. It simplifies network management, provides for even
faster convergence than RSTP by limiting the size of each region, and
prevents VLAN members from being segmented from the rest of the
group (as sometimes occurs with IEEE 802.1D STP).
Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is
a collection of network nodes that share the same collision domain
regardless of their physical location or connection point in the network.
The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Members of VLAN groups can be dynamically learned via GVRP, or ports
can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:
•Eliminate broadcast storms which severely degrade performance in a
flat network.
•Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.
•Provide data security by restricting all traffic to the originating VLAN.
•Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need
to be configured.
Traffic Prioritization – This switch prioritizes each packet based on the
required level of service, using four priority queues with strict or Weighted
Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize
incoming traffic based on input from the end-station application. These
functions can be used to provide independent priorities for delay-sensitive
data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/
4 traffic to meet application requirements. Traffic can be prioritized based
on the priority bits in the IP frame’s Type of Service (ToS) octet or the
number of the TCP/UDP port. When these services are enabled, the
1-6
S
YSTEM DEFAULTS
priorities are mapped to a Class of Service value by the switch, and the
traffic then sent to the corresponding output queue.
Multicast Filtering – Specific multicast traffic can be assigned to its own
VLAN to ensure that it does not interfere with normal network traffic and
to guarantee real-time delivery by setting the required priority level for the
designated VLAN. The switch uses IGMP Snooping and Query to manage
multicast group registration.
System Defaults
The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file
should be set as the startup configuration file (See “Downloading System
Software from a Server” on page 3-24.)
The following table lists some of the basic system defaults
SMTP Email Alerts Event HandlerEnabled (but no server defined)
SNTP Clock SynchronizationDisabled
* SMC6824MPE and SMC6826MPE only.
1-10
C
HAPTER
I
NITIAL
C
ONFIGURATION
Connecting to the Switch
Configuration Options
The switch includes a built-in network management agent. The agent
offers a variety of management options, including SNMP, RMON and a
web-based interface. A PC may also be connected directly to the switch for
configuration and monitoring via a command line interface (CLI).
Note: The IP address for this switch is assigned via DHCP by default. To
change this address, see “Setting an IP Address” on page 2-7.
The switch’s HTTP web agent allows you to configure switch parameters,
monitor port connections, and display statistics using a standard web
browser such as Netscape Navigator version 6.2 and higher or Microsoft
IE version 5.0 and higher. The switch’s web management interface can be
accessed from any computer attached to the network.
2
The CLI program can be accessed by a direct connection to the RS-232
serial console port on the switch, or remotely by a Telnet connection over
the network.
The switch’s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be
managed from any system in the network using network management
software such as SMC EliteView..
2-1
I
NITIAL CONFIGURATION
The switch’s CLI configuration program, web interface, and SNMP agent
allow you to perform the following management functions:
•Set user names and passwords
•Set an IP interface for the management VLAN
•Configure SNMP parameters
•Enable/disable any port
•Set the speed/duplex mode for any port
•Configure the bandwidth of any port by limiting input or output rates
•Power attached devices using IEEE 802.3af Power over Ethernet
1
(PoE)
•Control port access through IEEE 802.1X security or static address
filtering
•Filter packets using Access Control Lists (ACLs)
•Configure up to 255 IEEE 802.1Q VLANs
•Enable GVRP automatic VLAN registration
•Configure IGMP multicast filtering
•Upload and download system firmware via TFTP
•Upload and download switch configuration files via TFTP
•Configure Spanning Tree parameters
•Configure Class of Service (CoS) priority queuing
•Configure up to 6 static or LACP trunks
•Enable port mirroring
•Set broadcast storm control on any port
•Display system information and statistics
•Configure any stack unit through the same IP address
1. SMC6824MPE and SMC6826MPE only
2-2
C
ONNECTING TO THE SWITCH
Required Connections
The switch provides an RS-232 serial port that enables a connection to a
PC or terminal for monitoring and configuring the switch. A null-modem
console cable is provided with the switch.
Note: When configuring a stack, connect to the console port on the
Master unit.
Attach a VT100-compatible terminal, or a PC running a terminal
emulation program to the switch. You can use the console cable provided
with this package, or use a null-modem cable that complies with the wiring
assignments shown in the Installation Guide.
To connect a terminal to the console port, complete the following steps:
1. Connect the console cable to the serial port on a terminal, or a PC
running terminal emulation software, and tighten the captive retaining
screws on the DB-9 connector.
2. Connect the other end of the cable’s to the RS-232 serial port on the
switch.
3. Make sure the terminal emulation software is set as follows:
•Select the appropriate serial port (COM port 1 or COM port 2).
•Set to any of the following baud rates: 9600, 19200, 38400, 57600,
115200 (Note: Set to 9600 baud if want to view all the system
initialization messages.).
•Set the data format to 8 data bits, 1 stop bit, and no parity.
•Set flow control to none.
•Set the emulation mode to VT100.
•When using HyperTerminal, select Terminal keys, not Windows
keys.
2-3
I
NITIAL CONFIGURATION
Notes: 1. When using HyperTerminal with Microsoft® Windows® 2000,
make sure that you have Windows 2000 Service Pack 2 or later
installed. Windows 2000 Service Pack 2 fixes the problem of
arrow keys not functioning in HyperTerminal’s VT100
emulation. See www.microsoft.com for information on
Windows 2000 service packs.
2. Refer to “Line Commands” on page 4-13 for a complete
description of console configuration options.
3. Once you have set up the terminal correctly, the console login
screen will be displayed.
For a description of how to use the CLI, see “Using the Command Line
Interface” on page 4-1. For a list of all the CLI commands and detailed
information on using the CLI, refer to “Command Groups” on page 4-11.
Remote Connections
Prior to accessing the switch’s onboard agent via a network connection,
you must first configure it with a valid IP address, subnet mask, and default
gateway using a console connection, DHCP or BOOTP protocol.
The IP address for this switch is obtained via DHCP by default. To
manually configure this address or enable dynamic address assignment via
DHCP or BOOTP, see “Setting an IP Address” on page 2-7.
Note: This switch supports four concurrent Telnet sessions.
After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The
onboard configuration program can be accessed using Telnet from any
computer attached to the network. The switch can also be managed by any
computer using a web browser (Internet Explorer 5.0 or above, or
Netscape Navigator 6.2 or above), or from a network computer using
network management software.
2-4
S
TACK OPERATIONS
Note: The onboard program only provides access to basic configuration
functions. To access the full range of SNMP management
functions, you must use SNMP-based network management
software.
Stack Operations
Up to eight switches can be stacked together as described in the
Installation Guide. One unit in the stack acts as the Master for
configuration tasks and firmware upgrade. All of the other units function
in Slave mode.
To configure any unit in the stack, first verify the unit number of the
switch (i.e., switches are numbered downward in the stack starting with the
Master as unit 1), and then select the appropriate unit number from the
web or console management interface.
Selecting the Stack Master
Note the following points about unit numbering:
•The unit identification number can also be selected on the front panel
graphic of the web interface, or from the CLI.
•If the Master/Slave button is pushed in on more than one switch, or is
not pressed on any switch, the system will not be able to initialize the
stack connections.
Recovering from Stack Failure or Topology Change
When a link or unit in the stack fails, a trap message is sent and a failure
event is logged. The stack will be rebooted after any system failure or
topology change. It takes two to three minutes to for the stack to reboot.
Also note that powering down a unit or inserting a new unit in the stack
will cause the stack to reboot.
2-5
I
NITIAL CONFIGURATION
Resilient IP Interface for Management Access
The stack functions as one integral system for management and
configuration purposes. You can therefore manage the stack through any
port configured as part of the VLAN used for management access. The
Master unit does not even have to include an active port member in the
management VLAN. However, if the unit to which you normally connect
for management access fails, and there are no active port members on the
other units within this VLAN interface, then this IP address will no longer
be available. To retain a constant IP address for management access across
fail-over events, you should include port members on several units within
the VLAN used for stack management.
Basic Configuration
Console Connection
The CLI program provides two different command levels — normal
access level (Normal Exec) and privileged access level (Privileged Exec).
The commands available at the Normal Exec level are a limited subset of
those available at the Privileged Exec level and allow you to only display
information and use basic utilities. To fully configure switch parameters,
you must access the CLI at the Privileged Exec level.
Access to both CLI levels are controlled by user names and passwords.
The switch has a default user name and password for each level. To log
into the CLI at the Privileged Exec level using the default user name and
password, perform these steps:
1. To initiate your console connection, press <Enter>. The “User Access
Verification” procedure starts.
2. At the Username prompt, enter “admin.”
3. At the Password prompt, also enter “admin.” (The password
characters are not displayed on the console screen.)
2-6
B
ASIC CONFIGURATION
4. The session is opened and the CLI displays the “Console#” prompt
indicating you have access at the Privileged Exec level.
Setting Passwords
Note: If this is your first time to log into the CLI program, you should
define new passwords for both default user names using the
“username” command, record them and put them in a safe place.
Passwords can consist of up to 8 alphanumeric characters and are case
sensitive. To prevent unauthorized access to the switch, set the passwords
as follows:
1. Open the console interface with the default user name and password
“admin” to access the Privileged Exec level.
2. Type “configure” and press <Enter>.
3. Type “username guest password 0 password,” for the Normal Exec
level, where password is your new password. Press <Enter>.
4. Type “username admin password 0 password,” for the Privileged Exec
level, where password is your new password. Press <Enter>.
Username: admin
Password:
CLI session with the SMC6824M is opened.
To end the CLI session, enter [Exit].
Console#configure
Console(config)#username guest password 0 [password]
Console(config)#username admin password 0 [password]
Console(config)#
Setting an IP Address
You must establish IP address information for the switch to obtain
management access through the network. This can be done in either of the
following ways:
Manual — You have to input the information, including IP address and
subnet mask. If your management station is not in the same IP subnet as
the switch, you will also need to specify the default gateway router.
2-7
I
NITIAL CONFIGURATION
Dynamic — The switch sends IP configuration requests to BOOTP or
DHCP address allocation servers on the network.
Note: Only one VLAN interface can be assigned an IP address (the
default is VLAN 1). This defines the management VLAN, the only
VLAN through which you can gain management access to the
switch. If you assign an IP address to any other VLAN, the new IP
address overrides the original IP address and this becomes the new
management VLAN.
Manual Configuration
You can manually assign an IP address to the switch. You may also need to
specify a default gateway that resides between this device and management
stations that exist on another network segment. Valid IP addresses consist
of four decimal numbers, 0 to 255, separated by periods. Anything outside
this format will not be accepted by the CLI program.
Note: The IP address for this switch is obtained via DHCP by default.
Before you can assign an IP address to the switch, you must obtain the
following information from your network administrator:
•IP address for the switch
•Default gateway for the network
•Network mask for this network
To assign an IP address to the switch, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1”
to access the interface-configuration mode. Press <Enter>.
2. Type “ip address ip-address netmask,” where “ip-address” is the switch
IP address and “netmask” is the network mask for the network. Press
<Enter>.
3. Type “exit” to return to the global configuration mode prompt. Press
<Enter>.
2-8
B
ASIC CONFIGURATION
4. To set the IP address of the default gateway for the network to which
the switch belongs, type “ip default-gateway gateway,” where “gateway”
is the IP address of the default gateway. Press <Enter>.
If you select the “bootp” or “dhcp” option, IP will be enabled but will not
function until a BOOTP or DHCP reply has been received. You therefore
need to use the “ip dhcp restart” command to start broadcasting service
requests. Requests will be sent periodically in an effort to obtain IP
configuration information. (BOOTP and DHCP values can include the IP
address, subnet mask, and default gateway.)
If the “bootp” or “dhcp” option is saved to the startup-config file (step 6),
then the switch will start broadcasting service requests as soon as it is
powered on.
To automatically configure the switch by communicating with BOOTP or
DHCP address allocation servers on the network, complete the following
steps:
1. From the Global Configuration mode prompt, type “interface vlan 1”
to access the interface-configuration mode. Press <Enter>.
2. At the interface-configuration mode prompt, use one of the following
commands:
•To obtain IP settings via DHCP, type “ip address dhcp” and press
<Enter>.
•To obtain IP settings via BOOTP, type “ip address bootp” and
press <Enter>.
3. Type “end” to return to the Privileged Exec mode. Press <Enter>.
2-9
I
NITIAL CONFIGURATION
4. Type “ip dhcp restart” to begin broadcasting service requests. Press
<Enter>.
5. Wait a few minutes, and then check the IP configuration settings by
typing the “show ip interface” command. Press <Enter>.
6. Then save your configuration changes by typing “copy running-config
startup-config.” Enter the startup file name and press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
Console(config-if)#end
Console#ip dhcp restart
Console#show ip interface
IP interface vlan
IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1,
and address mode: User specified.
Console#copy running-config startup-config
Startup configuration file name []: startup
Console#
Enabling SNMP Management Access
The switch can be configured to accept management commands from
Simple Network Management Protocol (SNMP) applications such as SMC
EliteView. You can configure the switch to (1) respond to SNMP requests
or (2) generate SNMP traps.
When SNMP management stations send requests to the switch (either to
return information or to set a parameter), the switch provides the
requested data or sets the specified parameter. The switch can also be
configured to send information to SNMP managers (without being
requested by the managers) through trap messages, which inform the
manager that certain events have occurred.
The switch includes an SNMP agent that supports SNMP version 1, 2c,
and 3 clients. To provide management access for version 1 or 2c clients,
you must specify a community string. The switch provides a default MIB
View (i.e., an SNMPv3 construct) for the default “public” community
string that provides read access to the entire MIB tree, and a default view
for the “private” community string that provides read/write access to the
2-10
B
ASIC CONFIGURATION
entire MIB tree. However, you may assign new views to version 1 or 2c
community strings that suit your specific security requirements (see
page 3-67).
Community Strings (for SNMP version 1 and 2c clients)
Community strings are used to control management access to SNMP
version 1 and 2c stations, as well as to authorize SNMP stations to receive
trap messages from the switch. You therefore need to assign community
strings to specified users, and set the access level.
The default strings are:
•public - Specifies read-only access. Authorized management stations
are only able to retrieve MIB objects.
•private - Specifies read-write access. Authorized management stations
are able to both retrieve and modify MIB objects.
To prevent unauthorized access to the switch from SNMP version 1 or 2c
clients, it is recommended that you change the default community strings.
To configure a community string, complete the following steps:
1. From the Privileged Exec level global configuration mode prompt,
type “snmp-server community string mode,” where “string” is the
community access string and “mode” is rw (read/write) or ro (read
only). Press <Enter>. (Note that the default mode is read only.)
2. To remove an existing string, simply type “no snmp-server community
string,” where “string” is the community access string to remove. Press
<Enter>.
Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#
Note: If you do not intend to support access to SNMP version 1 and 2c
clients, we recommend that you delete both of the default
2-11
I
NITIAL CONFIGURATION
community strings. If there are no community strings, then SNMP
management access from SNMP v1 and v2c clients is disabled.
Trap Receivers
You can also specify SNMP stations that are to receive traps from the
switch. To configure a trap receiver, use the “snmp-server host” command.
From the Privileged Exec level global configuration mode prompt, type:
“snmp-server host host-addresscommunity-string
[version{1|2c|3{auth| noauth | priv}}]”
where “host-address” is the IP address for the trap receiver,
“community-string” specifies access rights for a version 1/2c host, or is
the user name of a version 3 host, “version” indicates the SNMP client
version, and “auth | noauth | priv” means that authentication, no
authentication, or authentication and privacy is used for v3 clients.
Then press <Enter>. For a more detailed description of these parameters,
see “snmp-server host” on page 4-156. The following example creates a
trap host for each type of SNMP client.
Console(config)#snmp-server host 10.1.19.23 batman
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#
Configuring Access for SNMP Version 3 Clients
To configure management access for SNMPv3 clients, you need to first
create a view that defines the portions of MIB that the client can read or
write, assign the view to a group, and then assign the user to a group. The
following example creates one view called “mib-2” that includes the entire
MIB-2 tree branch, and then another view that includes the IEEE 802.1d
bridge MIB. It assigns these respective read and read/write views to a
group call “r&d” and specifies group authentication via MD5 or SHA. In
the last step, it assigns a v3 user to this group, indicating that MD5 will be
2-12
B
ASIC CONFIGURATION
used for authentication, provides the password “greenpeace” for
authentication, and the password “einstien” for encryption.
Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included
Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included
Console(config)#snmp-server group r&d v3 auth mib-2 802.1d
Console(config)#snmp-server user steve group r&d v3 auth md5
greenpeace priv des56 einstien
Console(config)#
For a more detailed explanation on how to configure the switch for access
from SNMP v3 clients, refer to “Simple Network Management Protocol”
on page 3-45, or refer to the specific CLI commands for SNMP starting on
page 4-151.
Saving Configuration Settings
Configuration commands only modify the running configuration file and
are not saved when the switch is rebooted. To save all your configuration
changes in nonvolatile storage, you must copy the running configuration
file to the start-up configuration file using the “copy” command.
To save the current configuration settings, enter the following command:
1. From the Privileged Exec mode prompt, type “copy running-config
startup-config” and press <Enter>.
2. Enter the name of the start-up file. Press <Enter>.
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.
\Write to FLASH finish.
Success.
Console#
2-13
I
NITIAL CONFIGURATION
Managing System Files
The switch’s flash memory supports three types of system files that can be
managed by the CLI program, web interface, or SNMP. The switch’s file
system allows files to be uploaded and downloaded, copied, deleted, and
set as a start-up file.
The three types of files are:
•Configuration — This file stores system configuration information
and is created when configuration settings are saved. Saved
configuration files can be selected as a system start-up file or can be
uploaded via TFTP to a server for backup. A file named
“Factory_Default_Config.cfg” contains all the system default settings
and cannot be deleted from the system. See “Saving or Restoring
Configuration Settings” on page 3-26 for more information.
•Operation Code — System software that is executed after boot-up,
also known as run-time code. This code runs the switch operations and
provides the CLI, web and SNMP management interfaces. See
“Managing Firmware” on page 3-23 for more information.
•Diagnostic Code — Software that is run during system boot-up, also
known as POST (Power On Self-Test).
Due to the size limit of the flash memory, the switch supports only two
operation code files, and three configuration files (including the factory
defaults file).
In the system flash memory, one file of each type must be set as the
start-up file. During a system boot, the diagnostic and operation code files
set as the start-up file are run, and then the start-up configuration file is
loaded.
Note that configuration files should be downloaded using a file name that
reflects the contents or usage of the file settings. If you download directly
to the running-config, the system will reboot, and the settings will have to
be copied from the running-config to a permanent file.
2-14
C
ONFIGURING POWER OVER ETHERNET
Configuring Power over Ethernet
The 24 10/100 Mbps ports on the SMC6824MPE and SMC6826MPE
support the IEEE 802.3af Power-over-Ethernet (PoE) standard that
enables DC power to be supplied to attached devices over the unused pairs
of wires in the connecting Ethernet cable. Any 802.3af compliant device
attached to a port can directly draw power from the switch over the
Ethernet cable without requiring its own separate power source. This
capability gives network administrators centralized power control for
devices such as IP phones and wireless access points, which translates into
greater network availability.
A maximum PoE power budget for the switch (power available to all
switch ports) can be defined so that power can be centrally managed,
preventing overload conditions at the power source. If the power demand
from devices connected to the switch exceeds the power budget setting,
the switch uses port power priority settings to limit the supplied power.
In the example below, the power mainpower maximum allocation CLI
command is used to set the PoE power budget for the switch.
(Range: 37 - 375 watts). If devices connected to the switch require more
power than the switch budget, the port power priority settings are used to
control the supplied power. See “Setting a Switch Power Budget” on page
3-147 for details.
Console(config)#power mainpower maximum allocation 2004-91
Console(config)#
PoE is enabled for all ports by default. Power can be disabled for a port by
using the no form of the power inline CLI command, as shown in the
example below.
Console(config)#interface ethernet 1/24-131
Console(config-if)#no power inline4-70
Console(config-if)#
2-15
I
NITIAL CONFIGURATION
2-16
CHAPTER 3
CONFIGURINGTHE SWITCH
Using the Web Interface
This switch provides an embedded HTTP Web agent. Using a Web
browser you can configure the switch and view statistics to monitor
network activity. The Web agent can be accessed by any computer on the
network using a standard Web browser (Internet Explorer 5.0 or above, or
Netscape Navigator 6.2 or above).
Note: You can also use the Command Line Interface (CLI) to manage
the switch over a serial connection to the console port or via
Telnet.For more information on using the CLI, refer to Chapter 4
“Command Line Interface.”
Prior to accessing the switch from a Web browser, be sure you have first
performed the following tasks:
1. Configure the switch with a valid IP address, subnet mask, and default
gateway using an out-of-band serial connection, BOOTP or DHCP
protocol (see“Setting the IP Address” on page 3-19).
1. Set user names and passwords using an out-of-band serial connection.
Access to the Web agent is controlled by the same user names and
passwords as the onboard configuration program. (See “Configuring
User Accounts” on page 3-70.)
2. After you enter a user name and password, you will have access to the
system configuration program.
3-1
C
ONFIGURING THE SWITCH
Notes: 1. You are allowed three attempts to enter the correct password;
on the third failed attempt the current connection is
terminated.
2. If you log into the web interface as guest (Normal Exec level),
you can view the configuration settings or change the guest
password. If you log in as “admin” (Privileged Exec level), you
can change the settings on any page.
3. If the path between your management station and this switch
does not pass through any device that uses the Spanning Tree
Algorithm, then you can set the switch port attached to your
management station to fast forwarding (i.e., enable Admin
Edge Port) to improve the switch’s response time to
management commands issued through the web interface. See
“Configuring Interface Settings” on page 3-169.
3-2
N
AVIGATING THE WEB BROWSER INTERFACE
Navigating the Web Browser Interface
To access the Web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration
parameters and statistics. The default user name and password for the
administrator is “admin.”
Home Page
When your Web browser connects with the switch’s Web agent, the home
page is displayed as shown below. The home page displays the Main Menu
on the left side of the screen and System Information on the right side.
The Main Menu links are used to navigate to other menus, and display
configuration parameters and statistics.
Figure 3-1 Home Page
Note: The examples in this chapter are based on the SMC6824M.
There are no major differences between the SMC6824M,
SMC6824MPE, and SMC6826MPE.
3-3
C
ONFIGURING THE SWITCH
Configuration Options
Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the
Apply button to confirm the new setting. The following table summarizes
the Web page configuration buttons.
Table 3-1 Web Page Configuration Buttons
ButtonAction
ApplySets specified values to the system.
RevertCancels specified values and restores current values
prior to pressing “Apply” or “Apply Changes.”
HelpLinks directly to web help.
Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer
5.x is configured as follows: Under the menu “Tools / Internet
Options / General / Temporary Internet Files / Settings,” the
setting for item “Check for newer versions of stored pages”
should be “Every visit to the page.”
2. When using Internet Explorer 5.0, you may have to manually
refresh the screen after making configuration changes by
pressing the browser’s refresh button.
3-4
N
AVIGATING THE WEB BROWSER INTERFACE
Panel Display
The web agent displays an image of the switch’s ports. The Mode can be
set to display different information for the ports, including Active (i.e., up
or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or
without flow control). Clicking on the image of a port opens the Port
Configuration page as described on page 3-117.
SMC6824M
SMC6824MPE
SMC6826MPE
Figure 3-2 Front Panel Indicators
3-5
C
ONFIGURING THE SWITCH
Main Menu
Using the onboard Web agent, you can define system parameters, manage
and control the switch, and all its ports, or monitor network conditions.
The following table briefly describes the selections available from this
program.
Table 3-2 Switch Main Menu
MenuDescriptionPage
System3-13
System InformationProvides basic system description, including
contact information
Switch InformationShows the number of ports, hardware/
firmware version numbers, and power status
Bridge ExtensionShows the bridge extension parameters3-18
IP ConfigurationSets the IP address for management access3-19
File3-23
CopyEnables the transfer and copying files3-24
DeleteEnables the deletion of files from flash
memory
Set StartupSets the startup files3-24
Line3-30
ConsoleSets console port connection parameters3-30
TelnetSets Telnet connection parameters3-33
Log3-35
LogsStores and displays error messages3-39
System LogsSends error messages to a logging process3-35
Remote LogsConfigures the logging of messages to a
remote logging process
SMTPSends an SMTP client message to a
participating server
ResetRestarts the switch3-42
3-13
3-15
3-24
3-37
3-40
3-6
N
AVIGATING THE WEB BROWSER INTERFACE
Table 3-2 Switch Main Menu (Continued)
MenuDescriptionPage
SNTP3-43
Configuration Configures SNTP client settings, including
broadcast mode or a specified list of servers
Clock Time Zone Sets the local time zone for the system clock3-43
SNMP3-45
Configuration Configures community strings and related
trap functions
Agent StatusAllows SNMP to be enabled or disabled3-50
SNMPv33-53
Engine IDSets the SNMP v3 engine ID on this switch3-53
Remote Engine IDSets the SNMP v3 engine ID for a remote
device
UsersConfigures SNMP v3 users on this switch3-55
Remote UsersConfigures SNMP v3 users from a remote
device
GroupsConfigures SNMP v3 groups3-61
ViewsConfigures SNMP v3 views3-67
Security3-69
User AccountsConfigures user names and passwords3-70
General ConfigurationEnables DNS; configures domain name and
Static Host TableConfigures static entries for domain name to
CacheDisplays cache entries discovered by
* Only the SMC6824MPE and SMC6826MPE support Power over Ethernet.
Displays the ports that are attached to a
neighboring multicast router/switch for each
VLAN ID
Assigns ports that are attached to a
neighboring multicast router/switch
Displays all multicast groups active on this
switch, including multicast IP addresses and
VLAN ID
Indicates multicast addresses associated with
the selected VLAN
domain list; and specifies IP address of name
servers for dynamic lookup
address mapping
designated name servers
3-215
3-216
3-218
3-222
3-224
3-225
3-226
3-228
3-229
3-232
3-234
3-12
B
ASIC CONFIGURATION
Basic Configuration
Displaying System Information
You can easily identify the system by providing a descriptive name,
location and contact information.
Field Attributes
• System Name – Name assigned to the switch system.
• Object ID – MIB II object ID for switch’s network management
subsystem. (SMC6824M: 1.3.6.1.4.1.202.20.28;
SMC6824MPE: 1.3.6.1.4.1.202.20.41;
SMC6826MPE: 1.3.6.1.4.1.202.20.53)
• Location – Specifies the system location.
• Contact – Administrator responsible for the system.
• System Up Time – Length of time the management agent has been up.
These additional parameters are displayed for the CLI.
• MAC Address – The physical layer address for this switch.
• Web server – Shows if management access via HTTP is enabled.
• Web server port – Shows the TCP port number used by the web
interface.
• Web secure server – Shows if management access via HTTPS is
enabled.
• Web secure server port – Shows the TCP port used by the HTTPS
interface.
• Telnet server – Shows if management access via Telnet is enabled.
• Telnet server port – Shows the TCP port number used by Telnet.
• Authentication login – Defines the login authentication method and
precedence.
• Authentication enable – Defines the authentication method and
precedence to use when changing from Exec command mode to
Privileged Exec command mode
• POST result – Shows results of the power-on self-test.
3-13
C
ONFIGURING THE SWITCH
Web – Click System, System Information. Specify the system name,
location, and contact information for the system administrator, then click
Apply. (This page also includes a Telnet button that access the Command
Line Interface via Telnet.)
Figure 3-3 System Information
3-14
B
ASIC CONFIGURATION
CLI – Specify the hostname, location and contact information.
Console(config)#hostname R&D 54-33
Console(config)#snmp-server location WC 94-155
Console(config)#snmp-server contact Geoff4-155
Console(config)#end
Console#show system
System description: TigerStack III 10/100 -
6824M Managed 24+2 Stackable Switch;
SW version: V2.4.2.13
System OID string: 1.3.6.1.4.1.202.20.28
System information
System Up time: 0 days, 0 hours, 6 minutes, and 26.75 seconds
System Name: [NONE]
System Location: [NONE]
System Contact: [NONE]
MAC address: 00-04-E2-B3-16-C0
Web server: enabled
Web server port: 80
Web secure server: enabled
Web secure server port: 443
Telnet server: enable
Telnet server port: 23
Authentication login: local
Authentication enabled: local
POST result
Uart Loopback Test ........... PASS
DRAM Test .................... PASS
Timer Test ................... PASS
PCI Device Test .............. PASS
Switch Int Loopback test ..... PASS
Done All Pass.
Console#
Displaying Switch Hardware/Software Versions
Use the Switch Information page to display hardware/firmware version
numbers for the main board and management software, as well as the
power status of the system.
Field Attributes
Main Board
• Serial Number – The serial number of the switch.
• Number of Ports – Number of built-in ports.
• Hardware Version – Hardware version of the main board.
3-15
C
ONFIGURING THE SWITCH
• Internal Power Status – Displays the status of the internal power
supply.
Management Software
• Loader Version – Version number of loader code.
• Boot-ROM Version – Version of Power-On Self-Test (POST) and boot
code.
• Operation Code Version – Version number of runtime code.
• Role – Shows that this switch is operating as Master or Slave.
• Redundant Power Status – Displays the status of the redundant power
supply.
3-16
B
ASIC CONFIGURATION
Web – Click System, Switch Information.
Figure 3-4 General Switch Information
CLI – Use the following command to display version information.
Console#show version4-80
Unit 1
Serial number: A230042447
Service tag:
Hardware version: R0B
Module A type: Stacking Module
Module B type: not present
Number of ports: 25
Main power status: up
Redundant power status :not present
Agent (master)
Unit ID: 1
Loader version: 2.1.2.0
Boot ROM version: 2.1.2.10
Operation code version: 2.4.2.13
Console#
3-17
C
ONFIGURING THE SWITCH
Displaying Bridge Extension Capabilities
The Bridge MIB includes extensions for managed devices that support
Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these
extensions to display default settings for the key variables.
Field Attributes
• Extended Multicast Filtering Services – This switch does not support
the filtering of individual multicast addresses based on GMRP (GARP
Multicast Registration Protocol).
• Traffic Classes – This switch provides mapping of user priorities to
multiple traffic classes. (Refer to “Class of Service Configuration” on
page 3-202.)
• Static Entry Individual Port – This switch allows static filtering for
unicast and multicast addresses. (Refer to “Setting Static Addresses” on
page 3-151.)
• VLAN Learning – This switch uses Independent VLAN Learning
(IVL), where each port maintains its own filtering database.
• Configurable PVID Tagging – This switch allows you to override the
default Port VLAN ID (PVID used in frame tags) and egress status
(VLAN-Tagged or Untagged) on each port. (Refer to “VLAN
Configuration” on page 3-179.)
• Local VLAN Capable – This switch does not support multiple local
bridges outside of the scope of 802.1Q defined VLANs.
• GMRP – GARP Multicast Registration Protocol (GMRP) allows
network devices to register endstations with multicast groups. This
switch does not support GMRP; it uses the Internet Group Management
Protocol (IGMP) to provide automatic multicast filtering.
Console#show bridge-ext4-249
Max support VLAN numbers: 255
Max support VLAN ID: 4093
Extended multicast filtering services: No
Static entry individual port: Yes
VLAN learning: IVL
Configurable PVID tagging: Yes
Local VLAN capable: No
Traffic classes: Enabled
Global GVRP status: Enabled
GMRP: Disabled
Console#
Setting the IP Address
An IP address may be used for management access to the switch over your
network. By default, the switch uses DHCP to assign IP settings to VLAN
1 on the switch. If you wish to manually configure IP settings, you need to
set an IP address and subnet mask that is compatible with your network.
You may also need to establish a default gateway between the switch and
management stations that exist on another network segment.
3-19
C
ONFIGURING THE SWITCH
You can manually configure a specific IP address, or direct the device to
obtain an address from a BOOTP or DHCP server. Valid IP addresses
consist of four decimal numbers, 0 to 255, separated by periods. Anything
other than this format will not be accepted by the CLI program.
Command Attributes
• Management VLAN – ID of the configured VLAN (1-4093). This is
the only VLAN through which you can gain management access to the
switch. By default, all ports on the switch are members of VLAN 1, so a
management station can be connected to any port on the switch.
However, if other VLANs are configured and you change the
Management VLAN, you may lose management access to the switch. In
this case, you should reconnect the management station to a port that is
a member of the Management VLAN.
• IP Address Mode – Specifies whether IP functionality is enabled via
manual configuration (Static), Dynamic Host Configuration Protocol
(DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP
will not function until a reply has been received from the server. Requests
will be broadcast periodically by the switch for an IP address. (DHCP/
BOOTP values can include the IP address, subnet mask, and default
gateway.)
• IP Address – Address of the VLAN interface that is allowed
management access. Valid IP addresses consist of four numbers, 0 to
255, separated by periods. (Default: 0.0.0.0)
• Subnet Mask – This mask identifies the host address bits used for
routing to specific subnets. (Default: 255.0.0.0)
• Gateway IP address – IP address of the gateway router between this
device and management stations that exist on other network segments.
(Default: 0.0.0.0)
• MAC Address – The MAC address of this switch.
• Restart DHCP – Requests a new IP address from the DHCP server.
3-20
B
ASIC CONFIGURATION
Manual Configuration
Web – Click System, IP Configuration. Select the VLAN through which
the management station is attached, set the IP Address Mode to “Static.”
Enter the IP address, subnet mask and gateway, then click Apply.
Figure 3-6 IP Interface Configuration - Manual
CLI – Specify the management interface, IP address and default gateway.
If your network provides DHCP/BOOTP services, you can configure the
switch to be dynamically configured by these services.
Web – Click System, IP Configuration. Specify the VLAN to which the
management station is attached, set the IP Address Mode to DHCP or
BOOTP. Click Apply to save your changes. Then click Restart DHCP to
immediately request a new address. Note that the switch will also broadcast
a request for IP configuration settings on each power reset.
Figure 3-7 IP Interface Configuration - DHCP
Note: If you lose your management connection, make a console
connection to the Master unit and enter “show ip interface” to
determine the new stack address.
CLI – Specify the management interface, and set the IP address mode to
DHCP or BOOTP, and then enter the “ip dhcp restart” command.
Console#config
Console(config)#interface vlan 14-171
Console(config-if)#ip address dhcp4-280
Console(config-if)#end
Console#ip dhcp restart4-282
Console#show ip interface4-283
IP address and netmask: 192.168.1.1 255.255.255.0 on VLAN 1,
and address mode: DHCP.
Console#
3-22
B
ASIC CONFIGURATION
Renewing DCHP – DHCP may lease addresses to clients indefinitely or
for a specific period of time. If the address expires or the switch is moved
to another network segment, you will lose management access to the
switch. In this case, you can reboot the switch or submit a client request to
restart DHCP service via the CLI.
Web – If the address assigned by DHCP is no longer functioning, you will
not be able to renew the IP settings via the Web interface. You can only
restart DHCP service via the Web interface if the current address is still
available.
CLI – Enter the following command to restart DHCP service.
Console#ip dhcp restart4-282
Console#
Managing Firmware
You can upload/download firmware to or from a TFTP server, or copy
files to and from switch units in a stack. By saving runtime code to a file on
a TFTP server, that file can later be downloaded to the switch to restore
operation. You can also set the switch to use new firmware without
overwriting the previous version. You must specify the method of file
transfer, along with the file type and file names as required.
Command Attributes
• File Transfer Method - The firmware copy operation includes these
options:
- file to file - Copies a file within the switch directory, assigning it a new
name.
- file to tftp - Copies a file from the switch to a TFTP server.
- tftp to file - Copies a file from a TFTP server to the switch.
- file to unit - Copies a file from this switch to another unit in the stack.
- unit to file - Copies a file from another unit in the stack to this switch.
• TFTP Server IP Address – The IP address of a TFTP server.
• File Type – Specify opcode (operational code) to copy firmware.
3-23
C
ONFIGURING THE SWITCH
• File Name – The file name should not contain slashes (\ or /), the
leading letter of the file name should not be a period (.), and the
maximum length for file names on the TFTP server is 127 characters or
31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”,
“-”, “_”)
• Source/Destination Unit – Stack unit. (Range: 1 - 8)
Note:Up to two copies of the system software (i.e., the runtime firmware)
can be stored in the file directory on the switch. The currently
designated startup version of this file cannot be deleted.
Downloading System Software from a Server
When downloading runtime code, you can specify the destination file
name to replace the current image, or first download the file using a
different name from the current runtime code file, and then set the new
file as the startup file.
Web – Click System, File, Copy. Select “tftp to file” from the drop-down
menu. Select “tftp to file” as the file transfer method, enter the IP address
of the TFTP server, set the file type to “opcode,” enter the file name of the
software to download, select a file on the switch to overwrite or specify a
new file name, then click Apply. If you replaced the current firmware used
for startup and want to start using the new operation code, reboot the
system via the System/Reset menu.
3-24
Figure 3-8 Copy Firmware
B
ASIC CONFIGURATION
If you download to a new destination file, go to the File, Set Start-Up
menu, mark the operation code file used at startup, and click Apply. To
start the new firmware, reboot the system via the System/Reset menu.
Figure 3-9 Setting the Startup Code
To delete a file, select System, File, Delete. Select the file name from the
given list by checking the tick box and then click Apply. Note that the file
currently designated as the startup code cannot be deleted.
Figure 3-10 Deleting Files
3-25
C
ONFIGURING THE SWITCH
CLI – To download new firmware form a TFTP server, enter the IP
address of the TFTP server, select “opcode” as the file type, then enter the
source and destination file names. When the file has finished downloading,
set the new file to start up the system and then restart the switch.
To start the new firmware, enter the “reload” command or reboot the
system.
Console#copy tftp file4-82
TFTP server ip address: 10.1.0.99
Choose file type:
You can upload/download configuration settings to/from a TFTP server,
or copy files to and from switch units in a stack. The configuration file can
be later downloaded to restore the switch’s settings.
Command Usage
• When updating the PoE controller, first copy the PD controller file from
a TFTP server to the switch's file system (tftp to file), and then copy this
file to the controller (file to file).
• When specifying the file type “PD_Controller” or “PoE” for copy
operations via the web or CLI, file types other than PoE controller may
be downloaded, but will not adversely affect the system.
Command Attributes
• File Transfer Method - The configuration copy operation includes these
options:
- file to file - Copies a file within the switch directory, assigning it a new
name.
- file to running-config - Copies a file in the switch to the running
configuration.
3-26
B
ASIC CONFIGURATION
- file to startup-config - Copies a file in the switch to the startup
configuration.
- file to tftp - Copies a file from the switch to a TFTP server.
- running-config to file - Copies the running configuration to a file.
- running-config to startup-config - Copies the running config to the
startup config.
- running-config to tftp - Copies the running configuration to a TFTP
server.
- startup-config to file - Copies the startup configuration to a file on the
switch.
- startup-config to running-config - Copies the startup config to the
running config.
- startup-config to tftp - Copies the startup configuration to a TFTP
server.
- tftp to file - Copies a file from a TFTP server to the switch.
- tftp to running-config - Copies a file from a TFTP server to the
running config.
- tftp to startup-config - Copies a file from a TFTP server to the startup
config.
- file to unit - Copies a file from this switch to another unit in the stack.
- unit to file - Copies a file from another unit in the stack to this switch
• TFTP Server IP Address – The IP address of a TFTP server.
• File Type – Specify config (configuration) to copy configuration
settings, or PD_Controller to copy a PoE controller file.
• File Name – The file name should not contain slashes (\ or /), the
leading letter of the file name should not be a period (.), and the
maximum length for file names on the TFTP server is 127 characters or
31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”,
“-”, “_”)
• Source/Destination Unit – Stack unit. (Range: 1 - 8)
Note: Due to the size limit of the flash memory, the switch supports only
three configuration files (including the factory defaults file).
3-27
C
ONFIGURING THE SWITCH
Downloading Configuration Settings from a Server
You can download the configuration file under a new file name and then
set it as the startup file, or you can specify the current startup
configuration file as the destination file to directly replace it. Note that the
file “Factory_Default_Config.cfg” can be copied to the TFTP server, but
cannot be used as the destination on the switch.
Web – Click System, File, Copy. Choose “tftp to startup-config” or “tftp
to file,” and enter the IP address of the TFTP server. Specify the name of
the file to download and select a file on the switch to overwrite or specify a
new file name, then click Apply.
3-28
Figure 3-11 Downloading Configuration Settings for Start-Up
B
ASIC CONFIGURATION
If you download to a new file name using “tftp to startup-config” or “tftp
to file,” the file is automatically set as the start-up configuration file. To use
the new settings, reboot the system via the System/Reset menu. You can
also select any configuration file as the start-up configuration by using the
System/File Management/Set Start-Up page.
Figure 3-12 Setting the Startup Configuration Settings
CLI – Enter the IP address of the TFTP server, specify the source file on
the server, set the startup file name on the switch, and then restart the
switch.
Console#copy tftp startup-config4-82
TFTP server ip address: 192.168.1.19
Source configuration file name: config-1
Startup configuration file name [] : startup
\Write to FLASH Programming.
-Write to FLASH finish.
Success.
Console#reload
To select another configuration file as the start-up configuration, use the
boot system command and then restart the switch.
Console#config
Console(config)#boot system config: startup-new4-89
Console(config)#exit
Console#reload4-28
3-29
C
ONFIGURING THE SWITCH
This example shows how to download a PoE controller file from a TFTP
server.
Console#copy tftp file4-82
TFTP server IP address: 10.3.4.50
Choose file type:
You can access the onboard configuration program by attaching a VT100
compatible device to the switch’s serial console port. Management access
through the console port is controlled by various parameters, including a
password, timeouts, and basic communication settings. These parameters
can be configured via the Web or CLI interface.
Command Attributes
• Login Timeout – Sets the interval that the system waits for a user to log
into the CLI. If a login attempt is not detected within the timeout interval,
the connection is terminated for the session. (Range: 0 - 300 seconds;
Default: 0)
• Exec Timeout – Sets the interval that the system waits until user input
is detected. If user input is not detected within the timeout interval, the
current session is terminated. (Range: 0 - 65535 seconds; Default: 600
seconds)
3-30
B
ASIC CONFIGURATION
• Password Threshold – Sets the password intrusion threshold, which
limits the number of failed logon attempts. When the logon attempt
threshold is reached, the system interface becomes silent for a specified
amount of time (set by the Silent Time parameter) before allowing the
next logon attempt. (Range: 0-120; Default: 3 attempts)
• Silent Time – Sets the amount of time the management console is
inaccessible after the number of unsuccessful logon attempts has been
exceeded. (Range: 0-65535; Default: 0)
• Data Bits – Sets the number of data bits per character that are
interpreted and generated by the console port. If parity is being
generated, specify 7 data bits per character. If no parity is required, specify
8 data bits per character. (Default: 8 bits)
• Parity – Defines the generation of a parity bit. Communication protocols
provided by some terminals can require a specific parity bit setting.
Specify Even, Odd, or None. (Default: None)
• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and
receive (from terminal). Set the speed to match the baud rate of the
device connected to the serial port. (Range: 9600, 19200, 38400, 57600,
or 115200 baud, Auto; Default: Auto)
• Stop Bits – Sets the number of the stop bits transmitted per byte.
(Range:1-2;Default: 1 stop bit)
• Password
1
– Specifies a password for the line connection. When a
connection is started on a line with password protection, the system
prompts for the password. If you enter the correct password, the system
shows a prompt. (Default: No password)
• Login
1
– Enables password checking at login. You can select
authentication by a single global password as configured for the
Password parameter, or by passwords set up for specific user-name
accounts. (Default: Local)
1. CLI only.
3-31
C
ONFIGURING THE SWITCH
Web – Click System, Line, Console. Specify the console port connection
parameters as required, then click Apply.
Figure 3-13 Console Port Settings
CLI – Enter Line Configuration mode for the console, then specify the
connection parameters as required. To display the current console port
settings, use the show line command from the Normal Exec level.
You can access the onboard configuration program over the network using
Telnet (i.e., a virtual terminal). Management access via Telnet can be
enabled/disabled and other various parameters set, including the TCP port
number, timeouts, and a password. These parameters can be configured
via the Web or CLI interface.
Command Attributes
• Telnet Status – Enables or disables Telnet access to the switch.
(Default: Enabled)
• Telnet Port Number – Sets the TCP port number for Telnet on the
switch. (Default: 23)
• Login Timeout – Sets the interval that the system waits for a user to log
into the CLI. If a login attempt is not detected within the timeout interval,
the connection is terminated for the session. (Range: 0 - 300 seconds;
Default: 300 seconds)
• Exec Timeout – Sets the interval that the system waits until user input
is detected. If user input is not detected within the timeout interval, the
current session is terminated. (Range: 0 - 65535 seconds; Default: 600
seconds)
• Password Threshold – Sets the password intrusion threshold, which
limits the number of failed logon attempts. When the logon attempt
threshold is reached, the system interface becomes silent for a specified
amount of time (set by the Silent Time parameter) before allowing the
next logon attempt. (Range: 0-120; Default: 3 attempts)
• Password
connection is started on a line with password protection, the system
prompts for the password. If you enter the correct password, the system
shows a prompt. (Default: No password)
• Login
authentication by a single global password as configured for the
Password parameter, or by passwords set up for specific user-name
accounts. (Default: Local)
2
– Specifies a password for the line connection. When a
2
– Enables password checking at login. You can select
2. CLI only.
3-33
C
ONFIGURING THE SWITCH
Web – Click System, Line, Telnet. Specify the connection parameters for
Telnet access, then click Apply.
Figure 3-14 Configuring the Telnet Interface
CLI – Enter Line Configuration mode for a virtual terminal, then specify
the connection parameters as required. To display the current virtual
terminal settings, use the show line command from the Normal Exec
level.
The switch allows you to control the logging of error messages, including
the type of events that are recorded in switch memory, logging to a remote
System Log (syslog) server, and displays a list of recent event messages.
System Log Configuration
The system allows you to enable or disable event logging, and specify
which levels are logged to RAM or flash memory.
Severe error messages that are logged to flash memory are permanently
stored in the switch to assist in troubleshooting network problems. Up to
4096 log entries can be stored in the flash memory, with the oldest entries
being overwritten first when the available log memory (256 kilobytes) has
been exceeded.
The System Logs page allows you to configure and limit system messages
that are logged to flash or RAM memory. The default is for event levels 0
to 3 to be logged to flash and levels 0 to 7 to be logged to RAM.
3-35
C
ONFIGURING THE SWITCH
Command Attributes
• System Log Status – Enables/disables the logging of debug or error
messages to the logging process.
• Flash Level – Limits log messages saved to the switch’s permanent flash
memory for all levels up to the specified level. For example, if level 3 is
specified, all messages from level 0 to level 3 will be logged to flash.
(Range: 0-7, Default: 3).
Table 3-3 Logging Levels
LevelSeverity NameDescription
7DebugDebugging messages
6InformationalInformational messages only
5NoticeNormal but significant condition, such as cold
2CriticalCritical conditions (e.g., memory allocation, or
free memory error - resource exhausted)
1AlertImmediate action needed
0EmergencySystem unusable
* There are only Level 2, 5 and 6 error messages for the current firmware release.
• RAM Level – Limits log messages saved to the switch’s temporary RAM
memory for all levels up to the specified level. For example, if level 7 is
specified, all messages from level 0 to level 7 will be logged to RAM.
(Range: 0-7, Default: 6)
The switch allows you to specify which levels are logged to RAM or flash
memory.
Note:The Flash Level must be equal to or less than the RAM Level.
3-36
B
ASIC CONFIGURATION
Web – Click System, Log, System Logs. Specify the System Log Status, set
the level of event messages to be logged to RAM and flash memory, and
then click Apply.
Figure 3-15 System Logs
CLI – Enable system logging and then specify the level of messages to be
logged to RAM and flash memory. Use the show logging command to
display the current settings.
Console(config)#logging on4-57
Console(config)#logging history ram 64-57
Console(config)#
Console#show logging ram4-61
Syslog logging: Enabled
History logging in RAM: level informational
Console#
Remote Log Configuration
The Remote Logs page allows you to configure the logging of messages
that are sent to syslog servers. You can also limit the error messages sent to
only those messages below a specified level.
Command Attributes
• Remote Log Status – Enables/disables the logging of debug or error
messages to the remote logging process. (Default: Disabled)
• Logging Facility – Sets the facility type for remote logging of syslog
messages. There are eight facility types specified by values of 16 to 23.
The facility type is used by the syslog server to dispatch log messages to
an appropriate service.
3-37
C
ONFIGURING THE SWITCH
This attribute specifies the facility type tag sent in syslog messages. (See
RFC 3164.) This type has no effect on the kind of messages reported by
the switch. However, it may be used by the syslog server to process
messages, such as sorting or storing messages in the corresponding
database. (Range: 16-23, Default: 23)
• Logging Trap – Limits log messages that are sent to the remote syslog
server for all levels up to the specified level. For example, if level 3 is
specified, all messages from level 0 to level 3 will be sent to the remote
server. (Range: 0-7, Default: 7)
• Host IP List – Displays the list of remote server IP addresses that
receive the syslog messages. The maximum number of host IP addresses
allowed is five.
• Host IP Address – Specifies a new server IP address to add to the Host
IP List.
Web – Click System, Log, Remote Logs. To add an IP address to the Host
IP List, type the new IP address in the Host IP Address box, and then click
Add. To delete an IP address, click the entry in the Host IP List, and then
click Remove.
3-38
Figure 3-16 Remote Logs
B
ASIC CONFIGURATION
CLI – Enter the syslog server host IP address, choose the facility type and
set the minimum level of messages to be logged.
Console(config)#logging host 192.168.1.74-59
Console(config)#logging facility 234-59
Console(config)#logging trap 44-60
Console(config)#
Console#show logging trap4-61
Syslog logging: Enabled
REMOTELOG status: Enabled
REMOTELOG facility type: local use 7
REMOTELOG level type: Warning conditions
REMOTELOG server IP address: 192.168.1.7
REMOTELOG server IP address: 0.0.0.0
REMOTELOG server IP address: 0.0.0.0
REMOTELOG server IP address: 0.0.0.0
REMOTELOG server IP address: 0.0.0.0
Console#
Displaying Log Messages
Use the Logs page to scroll through the logged system and event messages.
The switch can store up to 2048 log entries in temporary random access
memory (RAM; i.e., memory flushed on power reset) and up to 4096
entries in permanent flash memory.
Web – Click System, Log, Logs.
Figure 3-17 Displaying Logs
3-39
C
ONFIGURING THE SWITCH
CLI – This example shows the event message stored in RAM.
To alert system administrators of problems, the switch can use SMTP
(Simple Mail Transfer Protocol) to send email messages when triggered by
logging events of a specified level. The messages are sent to specified
SMTP servers on the network and can be retrieved using POP or IMAP
clients.
Command Attributes
• Admin Status – Enables/disables the SMTP function. (Default:
Enabled)
• Email Source Address – Sets the email address used for the “From”
field in alert messages. You may use a symbolic email address that
identifies the switch, or the address of an administrator responsible for
the switch.
• Severity – Sets the syslog severity threshold level (see table on page 3-36)
used to trigger alert messages. All events at this level or higher will be sent
to the configured email recipients. For example, using Level 7 will report
all events from level 7 to level 0. (Default: Level 7)
• SMTP Server List – Specifies a list of up to three recipient SMTP
servers. The switch attempts to connect to the other listed servers if the
first fails. Use the New SMTP Server text field and the Add/Remove
buttons to configure the list.
• Email Destination Address List – Specifies the email recipients of alert
messages. You can specify up to five recipients. Use the New Email
Destination Address text field and the Add/Remove buttons to
configure the list.
3-40
B
ASIC CONFIGURATION
Web – Click System, Log, SMTP. Enable SMTP, specify a source email
address, and select the minimum severity level. To add an IP address to the
SMTP Server List, type the new IP address in the SMTP Server field and
click Add. To delete an IP address, click the entry in the SMTP Server List
and click Remove. Specify up to five email addresses to receive the alert
messages, and click Apply.
Figure 3-18 Enabling and Configuring SMTP Alerts
3-41
C
ONFIGURING THE SWITCH
CLI – Enter the IP address of at least one SMTP server, set the syslog
severity level to trigger an email message, and specify the switch (source)
and up to five recipient (destination) email addresses. Enable SMTP with
the logging sendmail command to complete the configuration. Use the
show logging sendmail command to display the current SMTP
configuration.
Web – Select System, Reset to reboot the switch. When prompted,
confirm that you want reset the switch.
Figure 3-19 Resetting the Switch
3-42
B
ASIC CONFIGURATION
CLI – Use the reload command to reboot the system.
Console#reload4-28
System will be restarted, continue <y/n>? y
Note:When restarting the system, it always runs the Power-On Self-Test.
Setting the System Clock
Simple Network Time Protocol (SNTP) allows the switch to set its internal
clock based on periodic updates from a time server (SNTP or NTP).
Maintaining an accurate time on the switch enables the system log to
record meaningful dates and times for event entries. You can also manually
set the clock using the CLI. (See “calendar set” on page 4-74.) If the clock
is not set, the switch will only record the time from the factory default set
at the last bootup.
When the SNTP client is enabled, the switch periodically sends a request
for a time update to a configured time server. You can configure up to
three time server IP addresses. The switch will attempt to poll each server
in the configured sequence.
Configuring SNTP
You can configure the switch to send time synchronization requests to
time servers.
Command Attributes
• SNTP Client – Configures the switch to operate as an SNTP client. This
requires at least one time server to be specified in the SNTP Server field.
(Default: Disabled)
• SNTP Poll Interval – Sets the interval between sending requests for a
time update from a time server. (Range: 16-16284 seconds; Default: 16
seconds)
• SNTP Server – Sets the IP address for up to three time servers. The
switch attempts to update the time from the first server, if this fails it
attempts an update from the next server in the sequence.
3-43
C
ONFIGURING THE SWITCH
Web – Select SNTP, Configuration. Modify any of the required parameters
and click Apply.
Figure 3-20 SNTP Configuration
CLI – This example configures the switch to operate as an SNTP client
and then displays the current time and settings.
Console(config)#sntp server 10.1.0.19 137.82.140.80
128.250.36.24-70
Console(config)#sntp poll 604-71
Console(config)#sntp client4-69
Console(config)#exit
Console#show sntp4-72
Current time: Jan 6 14:56:05 2004
Poll interval: 60
Current mode: unicast
SNTP status : Enabled
SNTP server 10.1.0.11 137.82.140.80 128.250.36.2
Current server: 128.250.36.2
Console#
Setting the Time Zone
SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich
Mean Time, or GMT) based on the time at the Earth’s prime meridian,
zero degrees longitude. To display a time corresponding to your local time,
you must indicate the number of hours and minutes your time zone is east
(after) or west (before) of UTC.
Command Attributes
• Current Time – Displays the current time.
• Name – Assigns a name to the time zone. (Default: UTC; Range: 1-29
characters)
3-44
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.