SMC Networks SMC8126PL2-F User Manual

MANAGEMENT GUIDE

ta

SMC8126PL2-F

TigerSwitch
L2-Lite SMB PoE Gigabit Switch

TM

10/100/1000

TigerSwitch 10/100/1000
Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

20 Mason
Irvine, CA 92618
Phone: (949) 679-8000

Pub. # 149100000023A

August 2009

E082009/MW-R01

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and
reliable. However, no responsibility is assumed by SMC for its use, nor for any
infringements of patents or other rights of third parties which may result from its use. No
license is granted by implication or otherwise under any patent or patent rights of SMC.
SMC reserves the right to change specifications at any time without notice.

Copyright © 2009 by

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

All rights reserved.

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are
trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.

About This Guide

Purpose

This guide gives specific information on how to operate and use the management
functions of the switch.

Audience

The guide is intended for use by network administrators who are responsible for operating
and maintaining network equipment; consequently, it assumes a basic working
knowledge of general switch functions, the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).

Conventions

The following conventions are used throughout this guide to show information:

Note: Emphasizes important information or calls your attention to related features or

instructions.

Caution: Alerts you to a potential hazard that could cause loss of data, or damage the

system or equipment.

Warning: Alerts you to a potential hazard that could cause personal injury.

Related Publications

The following publication details the hardware features of the switch, including the
physical and performance-related characteristics, and how to install the switch:

The Installation Guide

Also, as part of the switch’s software, there is an online web-based help that describes all
management related features.

Revision History

This section summarizes the changes in each revision of this guide.

August 2009 Revision

This is the first revision of this guide. This guide is valid for software release v1.0.0.10.

v

vi

Contents

Chapter 1: Introduction 1-1

Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4

Manual Configuration 2-4
Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8

Managing System Files 2-8

Saving Configuration Settings 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4

Basic Configuration 3-11

Displaying System Information 3-11
Displaying Switch Hardware/Software Versions 3-13
Displaying Bridge Extension Capabilities 3-15
Setting the Switch’s IP Address 3-16

Manual Configuration 3-17

Using DHCP/BOOTP 3-18
Enabling Jumbo Frames 3-19
Managing Firmware 3-20

Downloading System Software from a Server 3-20

vii

Contents

Saving or Restoring Configuration Settings 3-22

Downloading Configuration Settings from a Server 3-23
Console Port Settings 3-24
Telnet Settings 3-26
Configuring Event Logging 3-28

System Log Configuration 3-28

Remote Log Configuration 3-29

Displaying Log Messages 3-31

Simple Mail Transfer Protocol 3-31
Renumbering the System 3-33
Resetting the System 3-34
Setting the System Clock 3-35

Setting the Time Manually 3-35

Configuring SNTP 3-35

Setting the Time Zone 3-36

Simple Network Management Protocol 3-37

Enabling the SNMP Agent 3-39
Setting Community Access Strings 3-39
Specifying Trap Managers and Trap Types 3-40
Configuring SNMPv3 Management Access 3-43

Setting the Local Engine ID 3-43

Specifying a Remote Engine ID 3-44

Configuring SNMPv3 Users 3-45

Configuring Remote SNMPv3 Users 3-47

Configuring SNMPv3 Groups 3-49

Setting SNMPv3 Views 3-52

User Authentication 3-54

Configuring User Accounts 3-54
Configuring Local/Remote Logon Authentication 3-56
Configuring Encryption Keys 3-59
AAA Authorization and Accounting 3-61

Configuring AAA RADIUS Group Settings 3-62

Configuring AAA TACACS+ Group Settings 3-63

Configuring AAA Accounting 3-63

AAA Accounting Update 3-65

AAA Accounting 802.1X Port Settings 3-66

AAA Accounting Exec Command Privileges 3-67

AAA Accounting Exec Settings 3-68

AAA Accounting Summary 3-68

Authorization Settings 3-70

Authorization EXEC Settings 3-71

Authorization Summary 3-72
Configuring HTTPS 3-73

Replacing the Default Secure-site Certificate 3-74
Configuring the Secure Shell 3-75

viii

Contents

Generating the Host Key Pair 3-77
Configuring the SSH Server 3-79

Configuring 802.1X Port Authentication 3-80

Displaying 802.1X Global Settings 3-81
Configuring 802.1X Global Settings 3-82
Configuring Port Settings for 802.1X 3-83
Displaying 802.1X Statistics 3-86

Filtering IP Addresses for Management Access 3-87

General Security Measures 3-89

Configuring Port Security 3-90

Access Control Lists 3-91

Configuring Access Control Lists 3-91

Setting the ACL Name and Type 3-92
Configuring a Standard IP ACL 3-93
Configuring an Extended IP ACL 3-94
Configuring a MAC ACL 3-96

Binding a Port to an Access Control List 3-98
Filtering IP Addresses for Management Access 3-99
DHCP Snooping 3-101

DHCP Snooping Configuration 3-102

DHCP Snooping VLAN Configuration 3-103

DHCP Snooping Information Option Configuration 3-103

DHCP Snooping Port Configuration 3-105

DHCP Snooping Binding Information 3-106
IP Source Guard 3-107

Configuring Ports for IP Source Guard 3-107

Configuring Static Binding for IP Source Guard 3-109

Displaying Information for Dynamic IP Source Guard Bindings 3-111

Port Configuration 3-112

Displaying Connection Status 3-112
Configuring Interface Connections 3-114
Creating Trunk Groups 3-116

Statically Configuring a Trunk 3-117

Enabling LACP on Selected Ports 3-118

Configuring Parameters for LACP Group Members 3-120

Displaying LACP Port Counters 3-122

Displaying LACP Settings and Status for the Local Side 3-124

Displaying LACP Settings and Status for the Remote Side 3-126
Setting Broadcast Storm Thresholds 3-127
Configuring Local Port Mirroring 3-128
Configuring Rate Limits 3-129

Rate Limit Configuration 3-129
Showing Port Statistics 3-130

Power Over Ethernet Settings 3-134

Switch Power Status 3-135

ix

Contents

Setting a Switch Power Budget 3-136
Displaying Port Power Status 3-136
Configuring Port PoE Power 3-137

Address Table Settings 3-139

Setting Static Addresses 3-139
Displaying the Address Table 3-140
Changing the Aging Time 3-141

Spanning Tree Algorithm Configuration 3-142

Displaying Global Settings for STA 3-144
Configuring Global Settings for STA 3-147
Displaying Interface Settings for STA 3-151
Configuring Interface Settings for STA 3-154
Configuring Multiple Spanning Trees 3-158
Displaying Interface Settings for MSTP 3-161
Configuring Interface Settings for MSTP 3-163

VLAN Configuration 3-164

IEEE 802.1Q VLANs 3-164

Enabling or Disabling GVRP (Global Setting) 3-167
Displaying Basic VLAN Information 3-168
Displaying Current VLANs 3-169
Creating VLANs 3-170
Adding Static Members to VLANs (VLAN Index) 3-173
Adding Static Members to VLANs (Port Index) 3-175
Configuring VLAN Behavior for Interfaces 3-176

Configuring IEEE 802.1Q Tunneling 3-178

Enabling QinQ Tunneling on the Switch 3-181

Adding an Interface to a QinQ Tunnel 3-182
Configuring Private VLANs 3-184
Enabling Private VLANs 3-184
Configuring Uplink and Downlink Ports 3-185
Protocol VLANs 3-185

Configuring Protocol VLAN Groups 3-186

Mapping Protocols to VLANs 3-187

Class of Service Configuration 3-189

Layer 2 Queue Settings 3-189

Setting the Default Priority for Interfaces 3-189

Mapping CoS Values to Egress Queues 3-191

Selecting the Queue Mode 3-193

Setting the Service Weight for Traffic Classes 3-194
Layer 3/4 Priority Settings 3-195

Mapping Layer 3/4 Priorities to CoS Values 3-195

Selecting IP Precedence/DSCP Priority 3-195

Mapping IP Precedence 3-196

Mapping DSCP Priority 3-197

Mapping IP Port Priority 3-199

x

Contents

Quality of Service 3-200

Configuring Quality of Service Parameters 3-201

Configuring a Class Map 3-201
Creating QoS Policies 3-204
Attaching a Policy Map to Ingress Queues 3-207

Multicast Filtering 3-208

Layer 2 IGMP (Snooping and Query) 3-209

Configuring IGMP Snooping and Query Parameters 3-210
Enabling IGMP Immediate Leave 3-212
Displaying Interfaces Attached to a Multicast Router 3-214
Specifying Static Interfaces for a Multicast Router 3-215
Displaying Port Members of Multicast Services 3-216
Assigning Ports to Multicast Services 3-217

IGMP Filtering and Throttling 3-218

Enabling IGMP Filtering and Throttling 3-218
Configuring IGMP Filter Profiles 3-219
Configuring IGMP Filtering and Throttling for Interfaces 3-221

Multicast VLAN Registration 3-223

Configuring Global MVR Settings 3-224
Displaying MVR Interface Status 3-226
Displaying Port Members of Multicast Groups 3-227
Configuring MVR Interface Status 3-228
Assigning Static Multicast Groups to Interfaces 3-230

Configuring Domain Name Service 3-231

Configuring General DNS Service Parameters 3-231
Configuring Static DNS Host to Address Entries 3-233
Displaying the DNS Cache 3-235

Switch Clustering 3-236

Cluster Configuration 3-236
Cluster Member Configuration 3-238
Displaying Information on Cluster Members 3-239
Cluster Candidate Information 3-240

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-2

Entering Commands 4-3

Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4

xi

Contents

Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-6
Exec Commands 4-6
Configuration Commands 4-7
Command Line Processing 4-9

Command Groups 4-10
General Commands 4-11

enable 4-11
disable 4-12
configure 4-12
show history 4-13
reload 4-13
prompt 4-14
end 4-14
exit 4-15
quit 4-15

System Management Commands 4-16

Device Designation Commands 4-16

hostname 4-16
System Status Commands 4-17

show startup-config 4-17

show running-config 4-18

show system 4-21

show users 4-21

show version 4-22
Frame Size Commands 4-23

jumbo frame 4-23
File Management Commands 4-24

copy 4-25

delete 4-28

dir 4-28

whichboot 4-29

boot system 4-30
Line Commands 4-31

line 4-31

login 4-32

password 4-33

timeout login response 4-34

exec-timeout 4-34

password-thresh 4-35

silent-time 4-36

databits 4-36

parity 4-37

xii

Contents

speed 4-38
stopbits 4-38
disconnect 4-39
show line 4-39

Event Logging Commands 4-40

logging on 4-41
logging history 4-42
logging host 4-43
logging facility 4-43
logging trap 4-44
clear log 4-44
show logging 4-45
show log 4-46

SMTP Alert Commands 4-47

logging sendmail host 4-47
logging sendmail level 4-48
logging sendmail source-email 4-49
logging sendmail destination-email 4-49
logging sendmail 4-50
show logging sendmail 4-50

Time Commands 4-51

sntp client 4-51
sntp server 4-52
sntp poll 4-53
show sntp 4-53
clock timezone 4-54
calendar set 4-55
show calendar 4-55

Switch Cluster Commands 4-56

cluster 4-56
cluster commander 4-57
cluster ip-pool 4-58
cluster member 4-58
rcommand 4-59
show cluster 4-59
show cluster members 4-60
show cluster candidates 4-60

SNMP Commands 4-61

snmp-server 4-62
show snmp 4-62
snmp-server community 4-63
snmp-server contact 4-64
snmp-server location 4-64
snmp-server host 4-65
snmp-server enable traps 4-67

xiii

Contents

snmp-server engine-id 4-68
show snmp engine-id 4-69
snmp-server view 4-69
show snmp view 4-71
snmp-server group 4-71
show snmp group 4-73
snmp-server user 4-74
show snmp user 4-75

Authentication Commands 4-76

User Account and Privilege Level Commands 4-77

username 4-77

enable password 4-78

privilege 4-79

privilege rerun 4-79

show privilege 4-80
Authentication Sequence 4-80

authentication login 4-81

authentication enable 4-82
RADIUS Client 4-83

radius-server host 4-83

radius-server port 4-84

radius-server key 4-84

radius-server retransmit 4-85

radius-server timeout 4-85

show radius-server 4-85
TACACS+ Client 4-86

tacacs-server host 4-87

tacacs-server port 4-87

tacacs-server key 4-88

tacacs-server retransmit 4-88

tacacs-server timeout 4-89

show tacacs-server 4-89
AAA Commands 4-90

aaa group server 4-90

server 4-91

aaa accounting dot1x 4-92

aaa accounting exec 4-93

aaa accounting commands 4-94

aaa accounting update 4-95

accounting dot1x 4-95

accounting exec 4-96

accounting commands 4-96

aaa authorization exec 4-97

authorization exec 4-98

show accounting 4-98

xiv

Contents

Web Server Commands 4-99

ip http port 4-99
ip http server 4-100
ip http secure-server 4-100
ip http secure-port 4-101

Telnet Server Commands 4-102

ip telnet server 4-102

Secure Shell Commands 4-103

ip ssh server 4-105
ip ssh timeout 4-106
ip ssh authentication-retries 4-106
ip ssh server-key size 4-107
delete public-key 4-107
ip ssh crypto host-key generate 4-108
ip ssh crypto zeroize 4-108
ip ssh save host-key 4-109
show ip ssh 4-109
show ssh 4-110
show public-key 4-111

802.1X Port Authentication 4-112
dot1x system-auth-control 4-112
dot1x default 4-113
dot1x max-req 4-113
dot1x port-control 4-113
dot1x operation-mode 4-114
dot1x re-authenticate 4-115
dot1x re-authentication 4-115
dot1x timeout quiet-period 4-116
dot1x timeout re-authperiod 4-116
dot1x timeout tx-period 4-117
dot1x timeout supp-timeout 4-117
show dot1x 4-118

Management IP Filter Commands 4-121

management 4-121
show management 4-122

General Security Measures 4-123

Port Security Commands 4-124

port security 4-124

Network Access (MAC Address Authentication) 4-126

network-access max-mac-count 4-126
network-access mode 4-127
mac-authentication reauth-time 4-128
mac-authentication intrusion-action 4-128
mac-authentication max-mac-count 4-129
show network-access 4-129

xv

Contents

show network-access mac-address-table 4-130

DHCP Snooping Commands 4-131

ip dhcp snooping 4-132
ip dhcp snooping vlan 4-133
ip dhcp snooping trust 4-134
ip dhcp snooping verify mac-address 4-135
ip dhcp snooping information option 4-136
ip dhcp snooping information policy 4-137
show ip dhcp snooping 4-138
show ip dhcp snooping binding 4-138

IP Source Guard Commands 4-139

ip source-guard 4-139
ip source-guard binding 4-141
show ip source-guard 4-142
show ip source-guard binding 4-142

Access Control List Commands 4-143

IP ACLs 4-143

access-list ip 4-144
permit, deny (Standard ACL) 4-145
permit, deny (Extended ACL) 4-146
show ip access-list 4-148
ip access-group 4-148
show ip access-group 4-149

MAC ACLs 4-149

access-list mac 4-150
permit, deny (MAC ACL) 4-150
show mac access-list 4-152
mac access-group 4-152
show mac access-group 4-153

ACL Information 4-154

show access-list 4-154
show access-group 4-154

Interface Commands 4-155

interface 4-155
description 4-156
speed-duplex 4-156
negotiation 4-157
capabilities 4-158
flowcontrol 4-159
media-type 4-160
shutdown 4-160
switchport packet-rate 4-161
clear counters 4-162
show interfaces status 4-163
show interfaces counters 4-164

xvi

Contents

show interfaces switchport 4-165

Link Aggregation Commands 4-167

channel-group 4-168
lacp 4-169
lacp system-priority 4-170
lacp admin-key (Ethernet Interface) 4-171
lacp admin-key (Port Channel) 4-172
lacp port-priority 4-173
show lacp 4-174

Mirror Port Commands 4-178

port monitor 4-178
show port monitor 4-179

RSPAN Mirroring Commands 4-180

rspan source 4-181
rspan destination 4-182
rspan remote vlan 4-183
no rspan session 4-184
show rspan 4-184

Rate Limit Commands 4-185

rate-limit 4-185

Power over Ethernet Commands 4-186

power mainpower maximum allocation 4-186
power inline compatible 4-187
power inline 4-188
power inline maximum allocation 4-189
power inline priority 4-189
power inline overload-auto-recover 4-190
show power inline status 4-191
show power mainpower 4-192
mac-address-table static 4-193
clear mac-address-table dynamic 4-194
show mac-address-table 4-194
mac-address-table aging-time 4-195
show mac-address-table aging-time 4-195

Spanning Tree Commands 4-196

spanning-tree 4-197
spanning-tree mode 4-197
spanning-tree forward-time 4-198
spanning-tree hello-time 4-199
spanning-tree max-age 4-200
spanning-tree priority 4-200
spanning-tree pathcost method 4-201
spanning-tree transmission-limit 4-202
spanning-tree mst-configuration 4-202
mst vlan 4-203

xvii

Contents

mst priority 4-203
name 4-204
revision 4-205
max-hops 4-205
spanning-tree spanning-disabled 4-206
spanning-tree cost 4-206
spanning-tree port-priority 4-208
spanning-tree edge-port 4-208
spanning-tree portfast 4-209
spanning-tree link-type 4-210
spanning-tree mst cost 4-211
spanning-tree mst port-priority 4-212
spanning-tree protocol-migration 4-212
show spanning-tree 4-213
show spanning-tree mst configuration 4-215

VLAN Commands 4-215

GVRP and Bridge Extension Commands 4-216

bridge-ext gvrp 4-216
show bridge-ext 4-217
switchport gvrp 4-217
show gvrp configuration 4-218
garp timer 4-218
show garp timer 4-219

Editing VLAN Groups 4-220

vlan database 4-220
vlan 4-221

Configuring VLAN Interfaces 4-222

interface vlan 4-222
switchport mode 4-223
switchport acceptable-frame-types 4-224
switchport ingress-filtering 4-224
switchport native vlan 4-225
switchport allowed vlan 4-226
switchport forbidden vlan 4-227

Displaying VLAN Information 4-228

show vlan 4-228

Configuring IEEE 802.1Q Tunneling 4-229

dot1q-tunnel system-tunnel-control 4-230
switchport dot1q-tunnel mode 4-230
switchport dot1q-tunnel tpid 4-231
show dot1q-tunnel 4-232

Configuring Port-based Traffic Segmentation 4-233

pvlan 4-233
pvlan up-link/down-link 4-234
show pvlan 4-234

xviii

Contents

Configuring Private VLANs 4-235

private-vlan 4-236
private vlan association 4-237
switchport mode private-vlan 4-238
switchport private-vlan host-association 4-238
switchport private-vlan mapping 4-239
show vlan private-vlan 4-239

Configuring Protocol-based VLANs 4-240

protocol-vlan protocol-group (Configuring Groups) 4-241
protocol-vlan protocol-group (Configuring Interfaces) 4-241
show protocol-vlan protocol-group 4-242
show interfaces protocol-vlan protocol-group 4-243

Class of Service Commands 4-244

Priority Commands (Layer 2) 4-244

queue mode 4-245
switchport priority default 4-245
queue bandwidth 4-246
queue cos-map 4-247
show queue mode 4-248
show queue bandwidth 4-249
show queue cos-map 4-249

Priority Commands (Layer 3 and 4) 4-250

map ip port (Global Configuration) 4-250
map ip port (Interface Configuration) 4-251
map ip precedence (Global Configuration) 4-251
map ip precedence (Interface Configuration) 4-252
map ip dscp (Global Configuration) 4-252
map ip dscp (Interface Configuration) 4-253
show map ip port 4-254
show map ip precedence 4-255
show map ip dscp 4-255

Quality of Service Commands 4-257

class-map 4-258
match 4-259
rename 4-260
description 4-260
policy-map 4-261
class 4-261
set 4-262
police 4-263
service-policy 4-264
show class-map 4-264
show policy-map 4-265
show policy-map interface 4-265

Multicast Filtering Commands 4-266

xix

Contents

IGMP Snooping Commands 4-266

ip igmp snooping 4-267
ip igmp snooping vlan static 4-267
ip igmp snooping version 4-268
ip igmp snooping leave-proxy 4-268
ip igmp snooping immediate-leave 4-269
show ip igmp snooping 4-270
show mac-address-table multicast 4-270

IGMP Query Commands (Layer 2) 4-271

ip igmp snooping querier 4-271
ip igmp snooping query-count 4-272
ip igmp snooping query-interval 4-273
ip igmp snooping query-max-response-time 4-273
ip igmp snooping router-port-expire-time 4-274

Static Multicast Routing Commands 4-275

ip igmp snooping vlan mrouter 4-275
show ip igmp snooping mrouter 4-276

IGMP Filtering and Throttling Commands 4-277

ip igmp filter (Global Configuration) 4-277
ip igmp profile 4-278
permit, deny 4-278
range 4-279
ip igmp filter (Interface Configuration) 4-279
ip igmp max-groups 4-280
ip igmp max-groups action 4-281
show ip igmp filter 4-281
show ip igmp profile 4-282
show ip igmp throttle interface 4-283

Multicast VLAN Registration Commands 4-284

mvr (Global Configuration) 4-284
mvr (Interface Configuration) 4-286
show mvr 4-287

Domain Name Service Commands 4-290

ip host 4-290
clear host 4-291
ip domain-name 4-291
ip domain-list 4-292
ip name-server 4-293
ip domain-lookup 4-294
show hosts 4-295
show dns 4-295
show dns cache 4-296
clear dns cache 4-296

IP Interface Commands 4-297

ip address 4-297

xx

Contents

ip default-gateway 4-298
ip dhcp restart 4-299
show ip interface 4-299
show ip redirects 4-300
ping 4-300

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xxi

Contents

xxii

Tables

Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-6
Table 3-1 Configuration Options 3-3
Table 3-2 Main Menu 3-4
Table 3-3 Logging Levels 3-28
Table 3-5 Supported Notification Messages 3-49
Table 3-6 HTTPS System Support 3-73
Table 3-7 802.1X Statistics 3-86
Table 3-8 LACP Port Counters 3-122
Table 3-9 LACP Internal Configuration Information 3-124
Table 3-10 LACP Neighbor Configuration Information 3-126
Table 3-11 Port Statistics 3-130
Table 3-12 Recommended STA Path Cost Range 3-155
Table 3-13 Recommended STA Path Costs 3-155
Table 3-14 Default STA Path Costs 3-156
Table 3-15 Mapping CoS Values to Egress Queues 3-191
Table 3-16 CoS Priority Levels 3-191
Table 3-17 Mapping IP Precedence 3-196
Table 3-18 Mapping DSCP Priority Values 3-197
Table 4-1 Command Modes 4-6
Table 4-2 Configuration Modes 4-8
Table 4-3 Command Line Processing 4-9
Table 4-4 Command Groups 4-10
Table 4-5 General Commands 4-11
Table 4-6 System Management Commands 4-16
Table 4-7 Device Designation Commands 4-16
Table 4-8 System Status Commands 4-17
Table 4-9 Frame Size Commands 4-23
Table 4-10 Flash/File Commands 4-24
Table 4-11 File Directory Information 4-29
Table 4-12 Line Commands 4-31
Table 4-13 Event Logging Commands 4-40
Table 4-14 Logging Levels 4-42
Table 4-15 show logging flash/ram - display description 4-45
Table 4-16 show logging trap - display description 4-46
Table 4-17 SMTP Alert Commands 4-47
Table 4-18 Time Commands 4-51
Table 4-19 Switch Cluster Commands 4-56
Table 4-20 SNMP Commands 4-61
Table 4-21 show snmp engine-id - display description 4-69
Table 4-22 show snmp view - display description 4-71
Table 4-23 show snmp group - display description 4-74

xxiii

Tables

Table 4-25 Authentication Commands 4-76
Table 4-24 show snmp user - display description 4-76
Table 4-26 User Access Commands 4-77
Table 4-27 Default Login Settings 4-77
Table 4-28 Authentication Sequence 4-80
Table 4-29 RADIUS Client Commands 4-83
Table 4-30 TACACS Commands 4-86
Table 4-32 Web Server Commands 4-99
Table 4-33 HTTPS System Support 4-101
Table 4-34 Telnet Server Commands 4-102
Table 4-35 SSH Commands 4-103
Table 4-36 show ssh - display description 4-110
Table 4-37 802.1X Port Authentication 4-112
Table 4-38 IP Filter Commands 4-121
Table 4-39 Client Security Commands 4-123
Table 4-40 Port Security Commands 4-124
Table 4-41 Network Access 4-126
Table 4-42 DHCP Snooping Commands 4-131
Table 4-43 IP Source Guard Commands 4-139
Table 4-44 Access Control Lists 4-143
Table 4-45 IP ACLs 4-143
Table 4-46 MAC ACL Commands 4-149
Table 4-47 ACL Information 4-154
Table 4-48 Interface Commands 4-155
Table 4-49 Interfaces Switchport Statistics 4-166
Table 4-50 Link Aggregation Commands 4-167
Table 4-51 show lacp counters - display description 4-174
Table 4-52 show lacp internal - display description 4-175
Table 4-53 show lacp neighbors - display description 4-176
Table 4-54 show lacp sysid - display description 4-177
Table 4-55 Mirror Port Commands 4-178
Table 4-56 RSPAN Commands 4-180
Table 4-57 Rate Limit Commands 4-185
Table 4-61 Address Table Commands 4-192
Table 4-62 Spanning Tree Commands 4-196
Table 4-65 Default STA Path Costs 4-207
Table 4-66 VLANs 4-215
Table 4-67 GVRP and Bridge Extension Commands 4-216
Table 4-68 Editing VLAN Groups 4-220
Table 4-69 Configuring VLAN Interfaces 4-222
Table 4-70 Show VLAN Commands 4-228
Table 4-72 Traffic Segmentation Commands 4-233
Table 4-73 Traffic Segmentation Forwarding 4-233
Table 4-74 Private VLAN Commands 4-235
Table 4-75 Protocol-based VLAN Commands 4-240

xxiv

Ta bl e s

Table 4-76 Priority Commands 4-244
Table 4-77 Priority Commands (Layer 2) 4-244
Table 4-78 Default CoS Values to Egress Queues 4-248
Table 4-79 Priority Commands (Layer 3 and 4) 4-250
Table 4-81 IP DSCP to CoS Vales 4-253
Table 4-82 Quality of Service Commands 4-257
Table 4-83 Multicast Filtering Commands 4-266
Table 4-84 IGMP Snooping Commands 4-266
Table 4-85 IGMP Query Commands (Layer 2) 4-271
Table 4-86 Static Multicast Routing Commands 4-275
Table 4-87 IGMP Filtering and Throttling Commands 4-277
Table 4-88 Multicast VLAN Registration Commands 4-284
Table 4-89 show mvr - display description 4-288
Table 4-90 show mvr interface - display description 4-288
Table 4-91 show mvr members - display description 4-289
Table 4-94 IP Interface Commands 4-297
Table B-1 Troubleshooting Chart B-1

xxv

Tables

xxvi

Figures

Figure 3-1 Home Page 3-2
Figure 3-2 Panel Display 3-3
Figure 3-3 System Information 3-12
Figure 3-4 Switch Information 3-13
Figure 3-5 Bridge Extension Configuration 3-15
Figure 3-6 Manual IP Configuration 3-17
Figure 3-7 DHCP IP Configuration 3-18
Figure 3-8 Bridge Extension Configuration 3-19
Figure 3-9 Copy Firmware 3-21
Figure 3-10 Setting the Startup Code 3-21
Figure 3-11 Deleting Files 3-21
Figure 3-12 Downloading Configuration Settings for Startup 3-23
Figure 3-13 Setting the Startup Configuration Settings 3-23
Figure 3-14 Console Port Settings 3-25
Figure 3-15 Enabling Telnet 3-27
Figure 3-16 System Logs 3-29
Figure 3-17 Remote Logs 3-30
Figure 3-18 Displaying Logs 3-31
Figure 3-19 Enabling and Configuring SMTP 3-32
Figure 3-20 Renumbering the System 3-33
Figure 3-21 Resetting the System 3-34
Figure 3-22 SNTP Configuration 3-36
Figure 3-23 Setting the System Clock 3-37
Figure 3-24 Enabling SNMP Agent Status 3-39
Figure 3-25 Configuring SNMP Community Strings 3-40
Figure 3-26 Configuring IP Trap Managers 3-42
Figure 3-27 Setting an Engine ID 3-43
Figure 3-28 Setting a Remote Engine ID 3-44
Figure 3-29 Configuring SNMPv3 Users 3-46
Figure 3-30 Configuring Remote SNMPv3 Users 3-48
Figure 3-31 Configuring SNMPv3 Groups 3-51
Figure 3-32 Configuring SNMPv3 Views 3-52
Figure 3-33 Access Levels 3-55
Figure 3-34 Authentication Settings 3-58
Figure 3-35 Encryption Key Settings 3-60
Figure 3-36 AAA Radius Group Settings 3-62
Figure 3-37 AAA TACACS+ Group Settings 3-63
Figure 3-38 AAA Accounting Settings 3-64
Figure 3-39 AAA Accounting Update 3-65
Figure 3-40 AAA Accounting 802.1X Port Settings 3-66
Figure 3-41 AAA Accounting Exec Command Privileges 3-67
Figure 3-42 AAA Accounting Exec Settings 3-68

xxvii

Figures

Figure 3-43 AAA Accounting Summary 3-69
Figure 3-44 AAA Authorization Settings 3-71
Figure 3-45 AAA Authorization Exec Settings 3-71
Figure 3-46 AAA Authorization Summary 3-72
Figure 3-47 HTTPS Settings 3-74
Figure 3-48 SSH Host-Key Settings 3-78
Figure 3-49 SSH Server Settings 3-79
Figure 3-50 802.1X Global Information 3-81
Figure 3-51 802.1X Global Configuration 3-82
Figure 3-52 802.1X Port Configuration 3-84
Figure 3-53 Displaying 802.1X Port Statistics 3-86
Figure 3-54 Creating an IP Filter List 3-88
Figure 3-55 Configuring Port Security 3-91
Figure 3-56 Selecting ACL Type 3-92
Figure 3-57 Configuring Standard IP ACLs 3-93
Figure 3-58 Configuring Extended IP ACLs 3-95
Figure 3-59 Configuring MAC ACLs 3-97
Figure 3-60 Configuring ACL Port Binding 3-98
Figure 3-61 Creating an IP Filter List 3-100
Figure 3-62 DHCP Snooping Configuration 3-102
Figure 3-63 DHCP Snooping VLAN Configuration 3-103
Figure 3-64 DHCP Snooping Information Option Configuration 3-104
Figure 3-65 DHCP Snooping Port Configuration 3-106
Figure 3-66 DHCP Snooping Binding Information 3-107
Figure 3-67 IP Source Guard Port Configuration 3-109
Figure 3-68 Static IP Source Guard Binding Configuration 3-110
Figure 3-69 Dynamic IP Source Guard Binding Information 3-111
Figure 3-70 Displaying Port/Trunk Information 3-112
Figure 3-71 Port/Trunk Configuration 3-115
Figure 3-72 Configuring Static Trunks 3-117
Figure 3-73 LACP Trunk Configuration 3-119
Figure 3-74 LACP Port Configuration 3-121
Figure 3-75 LACP - Port Counters Information 3-123
Figure 3-76 LACP - Port Internal Information 3-125
Figure 3-77 LACP - Port Neighbors Information 3-126
Figure 3-78 Port Broadcast Control 3-128
Figure 3-79 Mirror Port Configuration 3-129
Figure 3-80 Input Rate Limit Port Configuration 3-130
Figure 3-81 Port Statistics 3-134
Figure 3-82 Displaying the Global PoE Status 3-135
Figure 3-83 Setting the Switch Power Budget 3-136
Figure 3-84 Displaying Port PoE Status 3-137
Figure 3-85 Configuring Port PoE Power 3-138
Figure 3-86 Configuring a Static Address Table 3-139
Figure 3-87 Configuring a Dynamic Address Table 3-140

xxviii

Figures

Figure 3-88 Setting the Address Aging Time 3-141
Figure 3-89 Displaying Spanning Tree Information 3-146
Figure 3-90 Configuring Spanning Tree 3-150
Figure 3-91 Displaying Spanning Tree Port Information 3-153
Figure 3-92 Configuring Spanning Tree per Port 3-157
Figure 3-93 Configuring Multiple Spanning Trees 3-159
Figure 3-94 Displaying MSTP Interface Settings 3-161
Figure 3-95 Displaying MSTP Interface Settings 3-164
Figure 3-96 Globally Enabling GVRP 3-167
Figure 3-97 Displaying Basic VLAN Information 3-168
Figure 3-98 Displaying Current VLANs 3-169
Figure 3-99 Configuring a VLAN Static List 3-171
Figure 3-100 Configuring a VLAN Static Table 3-174
Figure 3-101 VLAN Static Membership by Port 3-175
Figure 3-102 Configuring VLANs per Port 3-177
Figure 3-103 .1Q Tunnel Status and Ethernet Type 3-182
Figure 3-104 Tunnel Port Configuration 3-183
Figure 3-105 Private VLAN Status 3-184
Figure 3-106 Private VLAN Link Status 3-185
Figure 3-107 Protocol VLAN Configuration 3-186
Figure 3-108 Protocol VLAN Port Configuration 3-188
Figure 3-109 Port Priority Configuration 3-190
Figure 3-110 Traffic Classes 3-192
Figure 3-111 Queue Mode 3-193
Figure 3-112 Configuring Queue Scheduling 3-194
Figure 3-113 IP Precedence/DSCP Priority Status 3-195
Figure 3-114 Mapping IP Precedence Priority Values 3-196
Figure 3-115 Mapping IP DSCP Priority Values 3-198
Figure 3-116 IP Port Priority Status 3-199
Figure 3-117 IP Port Priority 3-199
Figure 3-118 Configuring Class Maps 3-203
Figure 3-119 Configuring Policy Maps 3-206
Figure 3-120 Service Policy Settings 3-207
Figure 3-121 IGMP Configuration 3-211
Figure 3-122 IGMP Immediate Leave 3-213
Figure 3-123 Displaying Multicast Router Port Information 3-214
Figure 3-124 Static Multicast Router Port Configuration 3-215
Figure 3-125 IP Multicast Registration Table 3-216
Figure 3-126 IGMP Member Port Table 3-217
Figure 3-127 Enabling IGMP Filtering and Throttling 3-219
Figure 3-128 IGMP Profile Configuration 3-220
Figure 3-129 IGMP Filter and Throttling Port Configuration 3-222
Figure 3-130 MVR Global Configuration 3-225
Figure 3-131 MVR Port Information 3-226
Figure 3-132 MVR Group IP Information 3-227

xxix

Figures

Figure 3-133 MVR Port Configuration 3-229
Figure 3-134 MVR Group Member Configuration 3-230
Figure 3-135 DNS General Configuration 3-232
Figure 3-136 DNS Static Host Table 3-234
Figure 3-137 DNS Cache 3-235
Figure 3-138 Cluster Member Choice 3-236
Figure 3-139 Cluster Configuration 3-237
Figure 3-140 Cluster Member Configuration 3-238
Figure 3-141 Cluster Member Information 3-239
Figure 3-142 Cluster Candidate Information 3-240

xxx