SMC Networks SMC8150L2 User Manual

MANAGEMENT GUIDE

ta

SMC8126L2
SMC8150L2

TigerSwitchTM 10/100/1000
26-Port Gigabit Managed Switch
50-Port Gigabit Managed Switch

TigerSwitch 10/100/1000
Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

20 Mason
Irvine, CA 92618
Phone: (949) 679-8000

Pub. # 149100036100A

September 2007

E092007-AP-R01

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and
reliable. However, no responsibility is assumed by SMC for its use, nor for any
infringements of patents or other rights of third parties which may result from its use. No
license is granted by implication or otherwise under any patent or patent rights of SMC.
SMC reserves the right to change specifications at any time without notice.

Copyright © 2007 by

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

All rights reserved. Printed in Taiwan

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are
trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.

Contents

Chapter 1: Introduction 1-1

Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4

Manual Configuration 2-4
Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8

Saving Configuration Settings 2-8

Managing System Files 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4

Basic Configuration 3-10

Displaying System Information 3-10
Displaying Switch Hardware/Software Versions 3-11
Displaying Bridge Extension Capabilities 3-13
Setting the Switch’s IP Address 3-14

Manual Configuration 3-15

Using DHCP/BOOTP 3-16
Enabling Jumbo Frames 3-17
Managing Firmware 3-17

Downloading System Software from a Server 3-18

i

Contents

Saving or Restoring Configuration Settings 3-19

Downloading Configuration Settings from a Server 3-20
Console Port Settings 3-21
Telnet Settings 3-23
Configuring Event Logging 3-25

Displaying Log Messages 3-25

System Log Configuration 3-26

Remote Log Configuration 3-27

Simple Mail Transfer Protocol 3-28
Renumbering the System 3-30
Resetting the System 3-30
Setting the System Clock 3-31

Configuring SNTP 3-31

Setting the Time Zone 3-32

Simple Network Management Protocol 3-33

Setting Community Access Strings 3-33
Specifying Trap Managers and Trap Types 3-34
Enabling SNMP Agent Status 3-35
Configuring SNMPv3 Management Access 3-36

Setting the Local Engine ID 3-36

Specifying a Remote Engine ID 3-37
Configuring SNMPv3 Users 3-37
Configuring Remote SNMPv3 Users 3-40
Configuring SNMPv3 Groups 3-41
Setting SNMPv3 Views 3-45

User Authentication 3-46

Configuring User Accounts 3-46
Configuring Local/Remote Logon Authentication 3-48
Configuring HTTPS 3-52

Replacing the Default Secure-site Certificate 3-53
Configuring the Secure Shell 3-54

Configuring the SSH Server 3-56

Generating the Host Key Pair 3-57
Configuring Port Security 3-59
Configuring 802.1X Port Authentication 3-60

Displaying 802.1X Global Settings 3-61

Configuring 802.1X Global Settings 3-62

Configuring Port Settings for 802.1X 3-63

Displaying 802.1X Statistics 3-66

Access Control Lists 3-67

Configuring Access Control Lists 3-67

Setting the ACL Name and Type 3-68

Configuring a Standard IP ACL 3-69

Configuring an Extended IP ACL 3-69

Configuring a MAC ACL 3-72

ii

Contents

Binding a Port to an Access Control List 3-73
Filtering IP Addresses for Management Access 3-74

Port Configuration 3-76

Displaying Connection Status 3-76
Configuring Interface Connections 3-78
Creating Trunk Groups 3-80

Statically Configuring a Trunk 3-81
Enabling LACP on Selected Ports 3-82
Configuring LACP Parameters 3-84
Displaying LACP Port Counters 3-86
Displaying LACP Settings and Status for the Local Side 3-88

Displaying LACP Settings and Status for the Remote Side 3-90
Setting Broadcast Storm Thresholds 3-91
Configuring Port Mirroring 3-93
Configuring Rate Limits 3-94

Rate Limit Configuration 3-94
Showing Port Statistics 3-95

Address Table Settings 3-99

Setting Static Addresses 3-99
Displaying the Address Table 3-100
Changing the Aging Time 3-102

Spanning Tree Algorithm Configuration 3-102

Displaying Global Settings 3-105
Configuring Global Settings 3-107
Displaying Interface Settings 3-111
Configuring Interface Settings 3-114
Configuring Multiple Spanning Trees 3-116
Displaying Interface Settings for MSTP 3-118
Configuring Interface Settings for MSTP 3-120

VLAN Configuration 3-122

IEEE 802.1Q VLANs 3-122

Enabling or Disabling GVRP (Global Setting) 3-125

Displaying Basic VLAN Information 3-126

Displaying Current VLANs 3-126

Creating VLANs 3-128

Adding Static Members to VLANs (VLAN Index) 3-129

Adding Static Members to VLANs (Port Index) 3-131

Configuring VLAN Behavior for Interfaces 3-132

Configuring IEEE 802.1Q Tunneling 3-133

Enabling QinQ Tunneling on the Switch 3-137
Adding an Interface to a QinQ Tunnel 3-138
Configuring Private VLANs 3-141
Enabling Private VLANs 3-141
Configuring Uplink and Downlink Ports 3-142
Protocol VLANs 3-142

iii

Contents

Protocol VLAN Group Configuration 3-142
Configuring Protocol VLAN Interfaces 3-143

Class of Service Configuration 3-144

Layer 2 Queue Settings 3-144

Setting the Default Priority for Interfaces 3-144
Mapping CoS Values to Egress Queues 3-145
Enabling CoS 3-147
Selecting the Queue Mode 3-147
Setting the Service Weight for Traffic Classes 3-148

Layer 3/4 Priority Settings 3-149

Mapping Layer 3/4 Priorities to CoS Values 3-149
Selecting IP Precedence/DSCP Priority 3-149
Mapping IP Precedence 3-150
Mapping DSCP Priority 3-152
Mapping IP Port Priority 3-153

Quality of Service 3-154

Configuring Quality of Service Parameters 3-155

Configuring a Class Map 3-155
Creating QoS Policies 3-158
Attaching a Policy Map to Ingress Queues 3-161

Multicast Filtering 3-162

Layer 2 IGMP (Snooping and Query) 3-162

Configuring IGMP Snooping and Query Parameters 3-163
Enabling IGMP Immediate Leave 3-164
Displaying Interfaces Attached to a Multicast Router 3-165
Specifying Static Interfaces for a Multicast Router 3-166
Displaying Port Members of Multicast Services 3-167
Assigning Ports to Multicast Services 3-168

IGMP Filtering and Throttling 3-169

Enabling IGMP Filtering and Throttling 3-170
Configuring IGMP Filtering and Throttling for Interfaces 3-171

Configuring IGMP Filter Profiles 3-172
Multicast VLAN Registration 3-174
Configuring Global MVR Settings 3-175
Displaying MVR Interface Status 3-176
Displaying Port Members of Multicast Groups 3-178
Configuring MVR Interface Status 3-179
Assigning Static Multicast Groups to Interfaces 3-180

Configuring Domain Name Service 3-181

Configuring General DNS Service Parameters 3-181
Configuring Static DNS Host to Address Entries 3-183
Displaying the DNS Cache 3-185

DHCP Snooping 3-186

DHCP Snooping Configuration 3-187
DHCP Snooping VLAN Configuration 3-188

iv

Contents

DHCP Snooping Information Option Configuration 3-188
DHCP Snooping Port Configuration 3-189
DHCP Snooping Binding Information 3-190

IP Source Guard 3-191

IP Source Guard Port Configuration 3-191
Static IP Source Guard Binding Configuration 3-192
Dynamic IP Source Guard Binding Information 3-193

Switch Clustering 3-194

Cluster Configuration 3-195
Cluster Member Configuration 3-196
Cluster Member Information 3-197
Cluster Candidate Information 3-198

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-2

Entering Commands 4-3

Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-5
Exec Commands 4-6
Configuration Commands 4-7

Command Line Processing 4-8
Command Groups 4-9
Line Commands 4-10

line 4-11

login 4-11

password 4-12

timeout login response 4-13

exec-timeout 4-13

password-thresh 4-14

silent-time 4-15

databits 4-15

parity 4-16

speed 4-17

stopbits 4-17

v

Contents

disconnect 4-18
show line 4-18

General Commands 4-19

enable 4-19
disable 4-20
configure 4-21
show history 4-21
reload 4-22
end 4-22
exit 4-23
quit 4-23

System Management Commands 4-24

Device Designation Commands 4-24

prompt 4-24
hostname 4-25

User Access Commands 4-25

username 4-25
enable password 4-26

IP Filter Commands 4-27

management 4-27
show management 4-28

Web Server Commands 4-29

ip http port 4-29
ip http server 4-30
ip http secure-server 4-30
ip http secure-port 4-31

Telnet Server Commands 4-32

ip telnet port 4-32
ip telnet server 4-33

Secure Shell Commands 4-33

ip ssh server 4-35
ip ssh timeout 4-36
ip ssh authentication-retries 4-37
ip ssh server-key size 4-37
delete public-key 4-38
ip ssh crypto host-key generate 4-38
ip ssh crypto zeroize 4-39
ip ssh save host-key 4-39
show ip ssh 4-40
show ssh 4-40
show public-key 4-41

Event Logging Commands 4-43

logging on 4-43
logging history 4-44
logging host 4-45

vi

Contents

logging facility 4-45
logging trap 4-46
clear logging 4-46
show logging 4-47
show log 4-48

SMTP Alert Commands 4-49

logging sendmail host 4-49
logging sendmail level 4-50
logging sendmail source-email 4-51
logging sendmail destination-email 4-51
logging sendmail 4-52
show logging sendmail 4-52

Time Commands 4-53

sntp client 4-53
sntp server 4-54
sntp poll 4-55
show sntp 4-55
clock timezone 4-56
calendar set 4-56
show calendar 4-57

System Status Commands 4-57

show startup-config 4-57
show running-config 4-59
show system 4-61
show users 4-61
show version 4-62

Frame Size Commands 4-63

jumbo frame 4-63

Flash/File Commands 4-64

copy 4-64

delete 4-67

dir 4-68

whichboot 4-69

boot system 4-69
Authentication Commands 4-70

Authentication Sequence 4-70

authentication login 4-71
authentication enable 4-72

RADIUS Client 4-73

radius-server host 4-74
radius-server port 4-74
radius-server key 4-75
radius-server retransmit 4-75
radius-server timeout 4-76
show radius-server 4-76

vii

Contents

TACACS+ Client 4-77

tacacs-server host 4-77
tacacs-server port 4-77
tacacs-server key 4-78
show tacacs-server 4-78

Port Security Commands 4-79

port security 4-79

802.1X Port Authentication 4-81
dot1x system-auth-control 4-81
dot1x default 4-82
dot1x max-req 4-82
dot1x port-control 4-82
dot1x operation-mode 4-83
dot1x re-authenticate 4-84
dot1x re-authentication 4-84
dot1x timeout quiet-period 4-84
dot1x timeout re-authperiod 4-85
dot1x timeout tx-period 4-85
show dot1x 4-86

Access Control List Commands 4-89

IP ACLs 4-90

access-list ip 4-90
permit, deny (Standard ACL) 4-91
permit, deny (Extended ACL) 4-91
show ip access-list 4-93
ip access-group 4-93
show ip access-group 4-94

MAC ACLs 4-95

access-list mac 4-95
permit, deny (MAC ACL) 4-96
show mac access-list 4-97
mac access-group 4-98
show mac access-group 4-98

ACL Information 4-99

show access-list 4-99
show access-group 4-99

SNMP Commands 4-100

snmp-server 4-101
show snmp 4-101
snmp-server community 4-102
snmp-server contact 4-103
snmp-server location 4-103
snmp-server host 4-104
snmp-server enable traps 4-106
snmp-server engine-id 4-107

viii

Contents

show snmp engine-id 4-108
snmp-server view 4-109
show snmp view 4-110
snmp-server group 4-110
show snmp group 4-112
snmp-server user 4-113
show snmp user 4-115

Interface Commands 4-116

interface 4-116
description 4-117
speed-duplex 4-117
negotiation 4-118
capabilities 4-119
flowcontrol 4-120
shutdown 4-121
switchport broadcast packet-rate 4-122
clear counters 4-122
show interfaces status 4-123
show interfaces counters 4-124
show interfaces switchport 4-125

Mirror Port Commands 4-127

port monitor 4-127
show port monitor 4-128

Rate Limit Commands 4-129

rate-limit 4-129

Link Aggregation Commands 4-130

channel-group 4-131
lacp 4-132
lacp system-priority 4-133
lacp admin-key (Ethernet Interface) 4-134
lacp admin-key (Port Channel) 4-135
lacp port-priority 4-136
show lacp 4-136

Address Table Commands 4-140

mac-address-table static 4-140
clear mac-address-table dynamic 4-141
show mac-address-table 4-141
mac-address-table aging-time 4-142
show mac-address-table aging-time 4-143

Spanning Tree Commands 4-144

spanning-tree 4-145
spanning-tree mode 4-145
spanning-tree forward-time 4-146
spanning-tree hello-time 4-147
spanning-tree max-age 4-148

ix

Contents

spanning-tree priority 4-148
spanning-tree pathcost method 4-149
spanning-tree transmission-limit 4-150
spanning-tree mst-configuration 4-150
mst vlan 4-151
mst priority 4-151
name 4-152
revision 4-153
max-hops 4-153
spanning-tree spanning-disabled 4-154
spanning-tree cost 4-154
spanning-tree port-priority 4-155
spanning-tree edge-port 4-156
spanning-tree portfast 4-156
spanning-tree link-type 4-157
spanning-tree mst cost 4-158
spanning-tree mst port-priority 4-159
spanning-tree protocol-migration 4-160
show spanning-tree 4-160
show spanning-tree mst configuration 4-162

VLAN Commands 4-163

GVRP and Bridge Extension Commands 4-163

bridge-ext gvrp 4-164
show bridge-ext 4-164
switchport gvrp 4-165
show gvrp configuration 4-165
garp timer 4-166
show garp timer 4-166

Editing VLAN Groups 4-167

vlan database 4-167
vlan 4-168

Configuring VLAN Interfaces 4-169

interface vlan 4-169
switchport mode 4-170
switchport acceptable-frame-types 4-171
switchport ingress-filtering 4-171
switchport native vlan 4-172
switchport allowed vlan 4-173
switchport forbidden vlan 4-174

Displaying VLAN Information 4-175

show vlan 4-175

Configuring IEEE 802.1Q Tunneling 4-176

dot1q-tunnel system-tunnel-control 4-176
switchport dot1q-tunnel mode 4-177
switchport dot1q-tunnel tpid 4-178

x

Contents

Related Commands 4-178
show dot1q-tunnel 4-178

Configuring Private VLANs 4-179

pvlan 4-179
show pvlan 4-180

Configuring Protocol-based VLANs 4-181

protocol-vlan protocol-group (Configuring Groups) 4-181
protocol-vlan protocol-group (Configuring Interfaces) 4-182
show protocol-vlan protocol-group 4-183
show interfaces protocol-vlan protocol-group 4-183

Priority Commands 4-184

Priority Commands (Layer 2) 4-184

queue mode 4-185
switchport priority default 4-185
queue bandwidth 4-186
queue cos-map 4-187
show queue mode 4-188
show queue bandwidth 4-188
show queue cos-map 4-189

Priority Commands (Layer 3 and 4) 4-189

map ip dscp (Global Configuration) 4-189
map ip dscp (Interface Configuration) 4-190
show map ip dscp 4-191

Quality of Service Commands 4-192

class-map 4-194
match 4-194
policy-map 4-195
class 4-196
set 4-197
police 4-198
service-policy 4-199
show class-map 4-199
show policy-map 4-200

show policy-map interface 4-200
Example 4-201
Multicast Filtering Commands 4-201

IGMP Snooping Commands 4-201

ip igmp snooping 4-202

ip igmp snooping vlan static 4-202

ip igmp snooping version 4-203

ip igmp snooping leave-proxy 4-203

ip igmp snooping immediate-leave 4-204

show ip igmp snooping 4-204

show mac-address-table multicast 4-205

IGMP Query Commands (Layer 2) 4-206

xi

Contents

ip igmp snooping querier 4-206
ip igmp snooping query-count 4-206
ip igmp snooping query-interval 4-207
ip igmp snooping query-max-response-time 4-208
ip igmp snooping router-port-expire-time 4-208

Static Multicast Routing Commands 4-209

ip igmp snooping vlan mrouter 4-209
show ip igmp snooping mrouter 4-210

IGMP Filtering and Throttling Commands 4-211

ip igmp filter (Global Configuration) 4-211
ip igmp profile 4-212
permit, deny 4-212
range 4-213
ip igmp filter (Interface Configuration) 4-213
ip igmp max-groups 4-214
ip igmp max-groups action 4-215
show ip igmp filter 4-215
show ip igmp profile 4-216
show ip igmp throttle interface 4-216

Multicast VLAN Registration Commands 4-217

mvr (Global Configuration) 4-218
mvr (Interface Configuration) 4-219
show mvr 4-221

IP Interface Commands 4-223

ip address 4-223
ip default-gateway 4-224
ip dhcp restart 4-225
show ip interface 4-225
show ip redirects 4-226
ping 4-226

IP Source Guard Commands 4-227

ip source-guard 4-227
ip source-guard binding 4-229
show ip source-guard 4-230
show ip source-guard binding 4-230

DHCP Snooping Commands 4-231

ip dhcp snooping 4-231
ip dhcp snooping vlan 4-233
ip dhcp snooping trust 4-234
ip dhcp snooping verify mac-address 4-235
ip dhcp snooping information option 4-235
ip dhcp snooping information policy 4-236
show ip dhcp snooping 4-237
show ip dhcp snooping binding 4-237

Switch Cluster Commands 4-237

xii

Contents

cluster 4-238
cluster commander 4-239
cluster ip-pool 4-239
cluster member 4-240
rcommand 4-240
show cluster 4-241
show cluster members 4-241
show cluster candidates 4-242

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xiii

Contents

xiv

Tables

Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-6
Table 3-1 Configuration Options 3-3
Table 3-2 Main Menu 3-4
Table 3-3 Logging Levels 3-26
Table 3-4 Supported Notification Messages 3-41
Table 3-5 HTTPS System Support 3-52
Table 3-6 802.1X Statistics 3-66
Table 3-7 LACP Port Counters 3-86
Table 3-8 LACP Internal Configuration Information 3-88
Table 3-9 LACP Neighbor Configuration Information 3-90
Table 3-10 Port Statistics 3-95
Table 3-11 Mapping CoS Values to Egress Queues 3-145
Table 3-12 CoS Priority Levels 3-146
Table 3-13 Mapping IP Precedence 3-150
Table 3-14 Mapping DSCP Priority Values 3-152
Table 4-1 Command Modes 4-6
Table 4-2 Configuration Modes 4-7
Table 4-3 Command Line Processing 4-8
Table 4-4 Command Groups 4-9
Table 4-5 Line Commands 4-10
Table 4-6 General Commands 4-19
Table 4-7 System Management Commands 4-24
Table 4-8 Device Designation Commands 4-24
Table 4-9 User Access Commands 4-25
Table 4-10 Default Login Settings 4-26
Table 4-11 IP Filter Commands 4-27
Table 4-12 Web Server Commands 4-29
Table 4-13 HTTPS System Support 4-31
Table 4-14 Telnet Server Commands 4-32
Table 4-15 SSH Commands 4-33
Table 4-16 show ssh - display description 4-40
Table 4-17 Event Logging Commands 4-43
Table 4-18 Logging Levels 4-44
Table 4-19 show logging flash/ram - display description 4-47
Table 4-20 show logging trap - display description 4-48
Table 4-21 SMTP Alert Commands 4-49
Table 4-22 Time Commands 4-53
Table 4-23 System Status Commands 4-57
Table 4-24 Frame Size Commands 4-63
Table 4-25 Flash/File Commands 4-64
Table 4-26 File Directory Information 4-68

xv

Tables

Table 4-27 Authentication Commands 4-70
Table 4-28 Authentication Sequence 4-70
Table 4-29 RADIUS Client Commands 4-73
Table 4-30 TACACS Commands 4-77
Table 4-31 Port Security Commands 4-79
Table 4-32 802.1X Port Authentication 4-81
Table 4-33 Access Control Lists 4-89
Table 4-34 IP ACLs 4-90
Table 4-35 MAC ACL Commands 4-95
Table 4-36 ACL Information 4-99
Table 4-37 SNMP Commands 4-100
Table 4-38 show snmp engine-id - display description 4-108
Table 4-39 show snmp view - display description 4-110
Table 4-40 show snmp group - display description 4-113
Table 4-41 show snmp user - display description 4-115
Table 4-42 Interface Commands 4-116
Table 4-43 Interfaces Switchport Statistics 4-126
Table 4-44 Mirror Port Commands 4-127
Table 4-45 Rate Limit Commands 4-129
Table 4-46 Link Aggregation Commands 4-130
Table 4-47 show lacp counters - display description 4-137
Table 4-48 show lacp internal - display description 4-138
Table 4-49 show lacp neighbors - display description 4-139
Table 4-50 show lacp sysid - display description 4-139
Table 4-51 Address Table Commands 4-140
Table 4-52 Spanning Tree Commands 4-144
Table 4-53 VLANs 4-163
Table 4-54 GVRP and Bridge Extension Commands 4-163
Table 4-55 Editing VLAN Groups 4-167
Table 4-56 Configuring VLAN Interfaces 4-169
Table 4-57 Show VLAN Commands 4-175
Table 4-58 Command 4-176
Table 4-58 Function 4-176
Table 4-58 Mode 4-176
Table 4-58 Page 4-176
Table 4-59 Private VLAN Commands 4-179
Table 4-60 Protocol-based VLAN Commands 4-181
Table 4-61 Priority Commands 4-184
Table 4-62 Priority Commands (Layer 2) 4-184
Table 4-63 Default CoS Values to Egress Queues 4-187
Table 4-64 Priority Commands (Layer 3 and 4) 4-189
Table 4-65 IP DSCP to CoS Vales 4-190
Table 4-66 Quality of Service Commands 4-193
Table 4-67 Multicast Filtering Commands 4-201
Table 4-68 IGMP Snooping Commands 4-201

xvi

Ta bl e s

Table 4-69 IGMP Query Commands (Layer 2) 4-206
Table 4-70 Static Multicast Routing Commands 4-209
Table 4-71 IGMP Filtering and Throttling Commands 4-211
Table 4-72 Multicast VLAN Registration Commands 4-217
Table 4-73 show mvr - display description 4-221
Table 4-74 show mvr interface - display description 4-222
Table 4-75 show mvr members - display description 4-222
Table 4-76 IP Interface Commands 4-223
Table 4-77 IP Source Guard Commands 4-227
Table 4-78 DHCP Snooping Commands 4-231
Table 4-79 Switch Cluster Commands 4-237
Table B-1 Troubleshooting Chart B-1

xvii

Tables

xviii

Figures

Figure 3-1 Home Page 3-2
Figure 3-2 Panel Display 3-3
Figure 3-3 System Information 3-10
Figure 3-4 Switch Information 3-12
Figure 3-5 Bridge Extension Configuration 3-13
Figure 3-6 Manual IP Configuration 3-15
Figure 3-7 DHCP IP Configuration 3-16
Figure 3-8 Bridge Extension Configuration 3-17
Figure 3-9 Copy Firmware 3-18
Figure 3-10 Setting the Startup Code 3-18
Figure 3-11 Deleting Files 3-19
Figure 3-12 Downloading Configuration Settings for Startup 3-20
Figure 3-13 Setting the Startup Configuration Settings 3-21
Figure 3-14 Console Port Settings 3-22
Figure 3-15 Enabling Telnet 3-24
Figure 3-16 Displaying Logs 3-25
Figure 3-17 System Logs 3-27
Figure 3-18 Remote Logs 3-28
Figure 3-19 Enabling and Configuring SMTP 3-29
Figure 3-20 Renumbering the System 3-30
Figure 3-21 Resetting the System 3-30
Figure 3-22 SNTP Configuration 3-31
Figure 3-23 Setting the System Clock 3-32
Figure 3-24 Configuring SNMP Community Strings 3-34
Figure 3-25 Configuring IP Trap Managers 3-35
Figure 3-26 Enabling SNMP Agent Status 3-35
Figure 3-27 Setting an Engine ID 3-36
Figure 3-28 Setting a Remote Engine ID 3-37
Figure 3-29 Configuring SNMPv3 Users 3-39
Figure 3-30 Configuring Remote SNMPv3 Users 3-40
Figure 3-31 Configuring SNMPv3 Groups 3-44
Figure 3-32 Configuring SNMPv3 Views 3-45
Figure 3-33 Access Levels 3-47
Figure 3-34 Authentication Settings 3-50
Figure 3-35 HTTPS Settings 3-52
Figure 3-36 SSH Server Settings 3-56
Figure 3-37 SSH Host-Key Settings 3-58
Figure 3-38 Configuring Port Security 3-60
Figure 3-39 802.1X Global Information 3-62
Figure 3-40 802.1X Global Configuration 3-62
Figure 3-41 802.1X Port Configuration 3-64
Figure 3-42 Displaying 802.1X Port Statistics 3-66

xix

Figures

Figure 3-43 Selecting ACL Type 3-68
Figure 3-44 Configuring Standard IP ACLs 3-69
Figure 3-45 Configuring Extended IP ACLs 3-71
Figure 3-46 Configuring MAC ACLs 3-73
Figure 3-47 Configuring ACL Port Binding 3-74
Figure 3-48 Creating an IP Filter List 3-75
Figure 3-49 Displaying Port/Trunk Information 3-77
Figure 3-50 Port/Trunk Configuration 3-79
Figure 3-51 Configuring Static Trunks 3-81
Figure 3-52 LACP Trunk Configuration 3-83
Figure 3-53 LACP Port Configuration 3-85
Figure 3-54 LACP - Port Counters Information 3-87
Figure 3-55 LACP - Port Internal Information 3-89
Figure 3-56 LACP - Port Neighbors Information 3-90
Figure 3-57 Port Broadcast Control 3-92
Figure 3-58 Mirror Port Configuration 3-93
Figure 3-59 Input Rate Limit Port Configuration 3-94
Figure 3-60 Port Statistics 3-98
Figure 3-61 Configuring a Static Address Table 3-100
Figure 3-62 Configuring a Dynamic Address Table 3-101
Figure 3-63 Setting the Address Aging Time 3-102
Figure 3-64 Displaying Spanning Tree Information 3-106
Figure 3-65 Configuring Spanning Tree 3-110
Figure 3-66 Displaying Spanning Tree Port Information 3-113
Figure 3-67 Configuring Spanning Tree per Port 3-115
Figure 3-68 Configuring Multiple Spanning Trees 3-117
Figure 3-69 Displaying MSTP Interface Settings 3-119
Figure 3-70 Displaying MSTP Interface Settings 3-122
Figure 3-71 Globally Enabling GVRP 3-125
Figure 3-72 Displaying Basic VLAN Information 3-126
Figure 3-73 Displaying Current VLANs 3-127
Figure 3-74 Configuring a VLAN Static List 3-129
Figure 3-75 Configuring a VLAN Static Table 3-131
Figure 3-76 VLAN Static Membership by Port 3-131
Figure 3-77 Configuring VLANs per Port 3-133
Figure 3-78 802.1Q Tunnel Status 3-137
Figure 3-79 Tunnel Port Configuration 3-139
Figure 3-80 Private VLAN Status 3-141
Figure 3-81 Private VLAN Link Status 3-142
Figure 3-82 Protocol VLAN Configuration 3-143
Figure 3-83 Protocol VLAN Port Configuration 3-143
Figure 3-84 Port Priority Configuration 3-145
Figure 3-85 Traffic Classes 3-146
Figure 3-86 Enable Traffic Classes 3-147
Figure 3-87 Queue Mode 3-148

xx

Figures

Figure 3-88 Configuring Queue Scheduling 3-148
Figure 3-89 IP Precedence/DSCP Priority Status 3-150
Figure 3-90 Mapping IP Precedence Priority Values 3-151
Figure 3-91 Mapping IP DSCP Priority Values 3-152
Figure 3-92 IP Port Priority Status 3-153
Figure 3-93 IP Port Priority 3-154
Figure 3-94 Configuring Class Maps 3-157
Figure 3-95 Configuring Policy Maps 3-160
Figure 3-96 Service Policy Settings 3-161
Figure 3-97 IGMP Configuration 3-164
Figure 3-98 IGMP Immediate Leave 3-165
Figure 3-99 Displaying Multicast Router Port Information 3-166
Figure 3-100 Static Multicast Router Port Configuration 3-167
Figure 3-101 IP Multicast Registration Table 3-168
Figure 3-102 IGMP Member Port Table 3-169
Figure 3-103 Enabling IGMP Filtering and Throttling 3-170
Figure 3-104 IGMP Filter and Throttling Port Configuration 3-172
Figure 3-105 IGMP Profile Configuration 3-173
Figure 3-106 MVR Global Configuration 3-176
Figure 3-107 MVR Port Information 3-177
Figure 3-108 MVR Group IP Information 3-178
Figure 3-109 MVR Port Configuration 3-180
Figure 3-110 MVR Group Member Configuration 3-181
Figure 3-111 DNS General Configuration 3-182
Figure 3-112 DNS Static Host Table 3-184
Figure 3-113 DNS Cache 3-185
Figure 3-114 DHCP Snooping Configuration 3-187
Figure 3-115 DHCP Snooping VLAN Configuration 3-188
Figure 3-116 DHCP Snooping Information Option Configuration 3-189
Figure 3-117 DHCP Snooping Port Configuration 3-190
Figure 3-118 DHCP Snooping Binding Information 3-191
Figure 3-119 IP Source Guard Port Configuration 3-192
Figure 3-120 Static IP Source Guard Binding Configuration 3-193
Figure 3-121 Dynamic IP Source Guard Binding Information 3-194
Figure 3-122 Cluster Member Choice 3-195
Figure 3-123 Cluster Configuration 3-196
Figure 3-124 Cluster Member Configuration 3-197
Figure 3-125 Cluster Member Information 3-197
Figure 3-126 Cluster Candidate Information 3-198

xxi

Figures

xxii

Chapter 1: Introduction

This switch provides a broad range of features for Layer 2 switching. It includes a
management agent that allows you to configure the features listed in this manual.
The default configuration can be used for most of the features provided by this
switch. However, there are many options that you should configure to maximize the
switch’s performance for your particular network environment.

Key Features

Table 1-1 Key Features

Feature Description

Configuration Backup and
Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control Lists Supports up to 128 ACLs, 96 MAC rules and 96 rules per system

DHCP Client Supported

DHCP Snooping Supported with Option 82 relay information

Port Configuration Speed, duplex mode and flow control

Rate Limiting Input rate and output limiting per port

Port Mirroring One or more port mirrored to a single analysis port

Port Trunking Supports up to 32 trunks using either static or dynamic trunking (LACP)

Broadcast Storm Control Supported

Static Address Up to 8K MAC addresses in the forwarding table

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward Switching Supported to ensure wire-speed switching while eliminating bad frames

Spanning Tree Algorithm Supports standard STP, and Rapid Spanning Tree Protocol (RSTP) and

Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based or private VLANs

Traffic Prioritization Default port priority, traffic class map, queue scheduling, or Differentiated

Qualify of Service Supports Differentiated Services (DiffServ)

Multicast Filtering Supports IGMP snooping and query, as well as Multicast VLAN Registration

Backup to TFTP server

Web – HTTPS
Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering

Multiple Spanning Trees(MSTP)

Services Code Point (DSCP), and TCP/UDP Port

1-1

Introduction

1

Table 1-1 Key Features

Feature Description

Switch Clustering Supports up to 16 Member switches in a cluster

Description of Software Features

The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Broadcast storm suppression prevents broadcast traffic storms from
engulfing the network. Port-based, private VLANs and protocol-based VLANs, plus
support for automatic GVRP VLAN registration provide traffic security and efficient
use of network bandwidth. CoS priority queueing ensures the minimum delay for
moving real-time multimedia data across the network. While multicast filtering
provides support for real-time network applications. Some of the management
features are briefly described below.

Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.

Authentication – This switch authenticates management access via the console
port, Telnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1X protocol. This
protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request
user credentials from the 802.1X client, and then verifies the client’s right to access
the network via an authentication server.

Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection, IP
address filtering for SNMP/web/Telnet management access, and MAC address
filtering for port access.

Access Control Lists – ACLs provide packet filtering for IP frames (based on
address, protocol, or TCP/UDP port number) or any frames (based on MAC address
or Ethernet type). ACLs can be used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting access to
specific network resources or protocols.

Port Configuration – You can manually configure the speed, duplex mode, and
flow control used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports whenever
possible to double the throughput of switch connections. Flow control should also be
enabled to control network traffic during periods of congestion and prevent the loss
of packets when port buffer thresholds are exceeded. The switch supports flow
control based on the IEEE 802.3x standard.

1-2

Description of Software Features

Rate Limiting – This feature controls the maximum rate for traffic transmitted or
received on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into the network. Traffic that falls within the rate limit is
transmitted while packets that exceed the acceptable amount of traffic are dropped.

Port Mirroring – The switch can unobtrusively mirror traffic from any port to a
monitor port. You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can
be manually set up or dynamically configured using IEEE 802.3ad Link Aggregation
Control Protocol (LACP). The additional ports dramatically increase the throughput
across any connection, and provide redundancy by taking over the load if a port in
the trunk should fail. The switch supports up to 32 trunks.

Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from
overwhelming the network. When enabled on a port, the level of broadcast traffic
passing through the port is restricted. If broadcast traffic rises above a pre-defined
threshold, it will be throttled until the level falls back beneath the threshold.

Static Addresses – A static address can be assigned to a specific interface on this
switch. Static addresses are bound to the assigned interface and will not be moved.
When a static address is seen on another interface, the address will be ignored and
will not be written to the address table. Static addresses can be used to provide
network security by restricting access for a known host to a specific port.

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The
address table facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up to 8K
addresses.

Store-and-Forward Switching – The switch copies each frame into its memory
before forwarding them to another port. This ensures that all frames are a standard
Ethernet size and have been verified for accuracy with the cyclic redundancy check
(CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the SMC8126L2 and SMC8150L2
provide 4 Mbits respectively for frame buffering. This buffer can queue packets
awaiting transmission on congested networks.

Spanning Tree Algorithm – The switch supports these spanning tree protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection
and recovery by allowing two or more redundant connections to be created between
a pair of LAN segments. When there are multiple physical paths between segments,
this protocol will choose a single path and disable all others to ensure that only one
route exists between any two stations on the network. This prevents the creation of
network loops. However, if the chosen path should fail for any reason, an alternate
path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to 3 to 5 seconds, compared to 30

1

1-3

Introduction

1

seconds or more for the older IEEE 802.1D STP standard. It is intended as a
complete replacement for STP, but can still interoperate with switches running the
older standard by automatically reconfiguring ports to STP-compliant mode if they
detect STP protocol messages from attached devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct
extension of RSTP. It can provide an independent spanning tree for different VLANs.
It simplifies network management, provides for even faster convergence than RSTP
by limiting the size of each region, and prevents VLAN members from being
segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).

Virtual LANs – The switch supports up to 256 VLANs. A Virtual LAN is a collection
of network nodes that share the same collision domain regardless of their physical
location or connection point in the network. The switch supports tagged VLANs
based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically
learned via GVRP, or ports can be manually assigned to a specific set of VLANs.
This allows the switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

• Simplify network management for node changes/moves by remotely configuring
VLAN membership for any port, rather than having to manually change the network
connection.

• Provide data security by restricting all traffic to the originating VLAN.

• Use private VLANs to restrict traffic to pass only between data ports and the uplink
ports, thereby isolating adjacent ports within the same VLAN, and allowing you to
limit the total number of VLANs that need to be configured.

• Use protocol VLANs to restrict traffic to specified interfaces based on protocol type.

Traffic Prioritization – This switch prioritizes each packet based on the required
level of service, using four priority queues with strict or Weighted Round Robin
Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4 traffic to
meet application requirements. Traffic can be prioritized based on the DSCP field in
the IP frame. When these services are enabled, the priorities are mapped to a Class
of Service value by the switch, and the traffic then sent to the corresponding output
queue.

Quality of Service – Differentiated Services (DiffServ) provides policy-based
management mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is classified
upon entry into the network based on access lists, IP Precedence or DSCP values,
or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3,
or Layer 4 information contained in each packet. Based on network policies, different
kinds of traffic can be marked for different kinds of forwarding.

be used to provide

1-4