SMC Networks SMC8612XL3 User Manual

TigerSwitch 10/100/1000

Gigabit Ethernet Switch

◆ 12 1000BASE-X SFP ports

◆ 4 RJ45 ports shared with 4 SFP transceiver slots

◆ Non-blocking switching architecture

◆ Support for a redundant power unit

◆ Spanning Tree Protocol

◆ Up to six LACP or static 4-port trunks

◆ Layer 2/3/4 CoS support through four priority queues

◆ Full support for VLANs with GVRP

◆ IGMP multicast filtering and snooping

◆ Support for jumbo frames up to 9 KB

◆ Manageable via console, Web, SNMP/RMON

Management Guide

SMC8612XL3

TigerSwitch 10/100/1000
Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

38 Tesla
Irvine, CA 92618
Phone: (949) 679-8000

October 2003

Pub. # 150200039900A

Information furnished by SMC Networks, Inc. (SMC) is believed to be
accurate and reliable. However, no responsibility is assumed by SMC for its
use, nor for any infringements of patents or other rights of third parties
which may result from its use. No license is granted by implication or oth­erwise under any patent or patent rights of SMC. SMC reserves the right to
change specifications at any time without notice.

Copyright © 2003 by

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

All rights reserved. Printed in Taiwan

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC
Networks, Inc. Other product and company names are trademarks or registered trademarks of their
respective holders.

L

IMITED

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be
free from defects in workmanship and materials, under normal use and service, for the
applicable warranty term. All SMC products carry a standard 90-day limited warranty from
the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion,
repair or replace any product not operating as warranted with a similar or functionally
equivalent product, during the applicable warranty term. SMC will endeavor to repair or
replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering
new products within 30 days of purchase from SMC or its Authorized Reseller. Registration
can be accomplished via the enclosed product registration card or online via the SMC web
site. Failure to register will not affect the standard limited warranty. The Limited Lifetime
warranty covers a product during the Life of that Product, which is defined as the period of
time during which the product is an “Active” SMC product. A product is considered to be
“Active” while it is listed on the current SMC price list. As new technologies emerge, older
technologies become obsolete and SMC will, at its discretion, replace an older product in its
product line with one that incorporates these newer technologies. At that point, the obsolete
product is discontinued and is no longer an “Active” SMC product. A list of discontinued
products with their respective dates of discontinuance can be found at:
http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may be
either new or reconditioned. Any replaced or repaired product carries either a 30-day limited
warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible
for any custom software or firmware, configuration information, or memory data of
Customer contained in, stored on, or integrated with any products returned to SMC pursuant
to any warranty. Products returned to SMC should have any customer-installed accessory or
add-on components, such as expansion modules, removed prior to returning the product for
replacement. SMC is not responsible for these items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to returning
any product to SMC. Proof of purchase may be required. Any product returned to SMC
without a valid Return Material Authorization (RMA) number clearly marked on the outside
of the package will be returned to customer at customer’s expense. For warranty claims within
North America, please call our toll-free customer support number at (800) 762-4968.
Customers are responsible for all shipping charges from their facility to SMC. SMC is
responsible for return shipping charges from SMC to customer.

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS
WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN
LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED,
EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE,
INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR
AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER

W

ARRANTY

v

L

IMITED WARRANTY

LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION,
MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE
UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE
ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY
CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER
INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR
ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY
ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT
OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR
INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE
DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR
OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE
SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR
INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED
RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES
OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS
MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL
RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS
WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active
SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans,
and cables are covered by a standard one-year warranty from date of purchase.

vi

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

C

ONTENTS

Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1

Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Description of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

Chapter 2: Initial Configuration . . . . . . . . . . . . . . . . . . . . . 2-1

Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Dynamic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Enabling SNMP Management Access . . . . . . . . . . . . . . . . . . . . . 2-6

Community Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Trap Receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Saving Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Chapter 3: Configuring the Switch . . . . . . . . . . . . . . . . . . . 3-1

Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Displaying Switch Hardware/Software Versions . . . . . . . . . . . 3-11

Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . 3-12

Setting the Switch’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . 3-14

Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

vii

C

ONTENTS

Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

Downloading System Software from a Server . . . . . . . . . . 3-17

Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . 3-18

Downloading Configuration Settings from a Server . . . . . 3-19

Configuring Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

System Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

Remote Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

Displaying Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-26

Setting Community Access Strings . . . . . . . . . . . . . . . . . . . . . . 3-27

Specifying Trap Managers and Trap Types . . . . . . . . . . . . . . . . 3-28

Filtering Addresses for SNMP Client Access . . . . . . . . . . . . . . 3-29

User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30

Configuring the Logon Password . . . . . . . . . . . . . . . . . . . . . . . 3-30

Configuring Local/Remote Logon Authentication . . . . . . . . . 3-31

Configuring HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

Replacing the Default Secure-site Certificate . . . . . . . . . . 3-35

Configuring the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35

Generating the Host Key Pair . . . . . . . . . . . . . . . . . . . . . . 3-37

Configuring the SSH Server . . . . . . . . . . . . . . . . . . . . . . . . 3-39

Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40

Configuring 802.1x Port Authentication . . . . . . . . . . . . . . . . . 3-42

Displaying 802.1x Global Settings . . . . . . . . . . . . . . . . . . . 3-43

Configuring 802.1x Global Settings . . . . . . . . . . . . . . . . . . 3-45

Configuring Port Authorization Mode . . . . . . . . . . . . . . . 3-46

Displaying 802.1x Statistics . . . . . . . . . . . . . . . . . . . . . . . . 3-47

Filtering Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48

Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50

Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . 3-50

Setting the ACL Name and Type . . . . . . . . . . . . . . . . . . . . 3-51

Configuring a Standard IP ACL . . . . . . . . . . . . . . . . . . . . . 3-52

Configuring an Extended IP ACL . . . . . . . . . . . . . . . . . . . 3-53

viii

C

ONTENTS

Configuring a MAC ACL . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55

Configuring ACL Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57

Specifying the Mask Type . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57

Configuring an IP ACL Mask . . . . . . . . . . . . . . . . . . . . . . . 3-58

Configuring a MAC ACL Mask . . . . . . . . . . . . . . . . . . . . . 3-60

Binding a Port to an Access Control List . . . . . . . . . . . . . . . . . 3-61

Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62

Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62

Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . . 3-65

Creating Trunk Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67

Statically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . . 3-68

Enabling LACP on Selected Ports . . . . . . . . . . . . . . . . . . . 3-69

Configuring LACP Parameters . . . . . . . . . . . . . . . . . . . . . . 3-71

Displaying LACP Port Counters . . . . . . . . . . . . . . . . . . . . 3-73

Displaying LACP Settings and Status for the Local Side . 3-74
Displaying LACP Settings and Status for the Remote Side . . .

3-77

Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . . . . . . . . 3-78

Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80

Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81

Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-82

Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86

Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86

Displaying the Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87

Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88

Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-88

Displaying Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89

Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92

Displaying Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96

Configuring Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-99

Configuring Multiple Spanning Trees . . . . . . . . . . . . . . . . . . . 3-101

Displaying Interface Settings for MSTP . . . . . . . . . . . . . . . . . 3-104

Configuring Interface Settings for MSTP . . . . . . . . . . . . . . . . 3-107

VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108

Assigning Ports to VLANs . . . . . . . . . . . . . . . . . . . . . . . . 3-109

Forwarding Tagged/Untagged Frames . . . . . . . . . . . . . . 3-111

ix

C

ONTENTS

Enabling or Disabling GVRP (Global Setting) . . . . . . . . . . . 3-111

Displaying Basic VLAN Information . . . . . . . . . . . . . . . . . . . 3-111

Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112

Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114

Adding Static Members to VLANs (VLAN Index) . . . . . . . . 3-115

Adding Static Members to VLANs (Port Index) . . . . . . . . . . 3-116

Configuring VLAN Behavior for Interfaces . . . . . . . . . . . . . . 3-117

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120

Enabling Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 3-120

Configuring Uplink and Downlink Ports . . . . . . . . . . . . 3-121

Configuring Protocol-Based VLANs . . . . . . . . . . . . . . . . . . . 3-121

Configuring Protocol Groups . . . . . . . . . . . . . . . . . . . . . 3-122

Mapping Protocols to VLANs . . . . . . . . . . . . . . . . . . . . . 3-122

Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-124

Setting the Default Priority for Interfaces . . . . . . . . . . . . . . . . 3-124

Mapping CoS Values to Egress Queues . . . . . . . . . . . . . . . . . 3-126

Selecting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128

Setting the Service Weight for Traffic Classes . . . . . . . . . . . . 3-128

Mapping Layer 3/4 Priorities to CoS Values . . . . . . . . . . . . . 3-130

Selecting IP Precedence/DSCP Priority . . . . . . . . . . . . . . . . . 3-130

Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131

Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132

Mapping IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134

Mapping CoS Values to ACLs . . . . . . . . . . . . . . . . . . . . . . . . . 3-135

Changing Priorities Based on ACL Rules . . . . . . . . . . . . . . . . 3-136

Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138

IGMP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138

Layer 2 IGMP (Snooping and Query) . . . . . . . . . . . . . . . . . . . 3-139

Configuring IGMP Snooping and Query Parameters . . . 3-140
Displaying Interfaces Attached to a Multicast Router . . 3-141

Specifying Static Interfaces for a Multicast Router . . . . . 3-142

Displaying Port Members of Multicast Services . . . . . . . 3-144

Assigning Ports to Multicast Services . . . . . . . . . . . . . . . 3-145

Layer 3 IGMP (Query used with Multicast Routing) . . . . . . . 3-146

Configuring IGMP Interface Parameters . . . . . . . . . . . . 3-146

Displaying Multicast Group Information . . . . . . . . . . . . 3-149

Configuring Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150

x

C

ONTENTS

Configuring General DNS Server Parameters . . . . . . . . . . . . 3-150

Configuring Static DNS Host to Address Entries . . . . . . . . . 3-152

Displaying the DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154

Dynamic Host Configuration Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-155

Configuring DHCP Relay Service . . . . . . . . . . . . . . . . . . . . . . 3-155

Configuring the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . 3-156

Enabling the Server, Setting Excluded Addresses . . . . . . 3-157

Configuring Address Pools . . . . . . . . . . . . . . . . . . . . . . . . 3-158

Displaying Address Bindings . . . . . . . . . . . . . . . . . . . . . . 3-162

Configuring Router Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-163

Virtual Router Redundancy Protocol . . . . . . . . . . . . . . . . . . . . 3-164

Configuring VRRP Groups . . . . . . . . . . . . . . . . . . . . . . . 3-164

Displaying VRRP Global Statistics . . . . . . . . . . . . . . . . . 3-168

Displaying VRRP Group Statistics . . . . . . . . . . . . . . . . . . 3-169

Hot Standby Router Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 3-170

Configuring HSRP Groups . . . . . . . . . . . . . . . . . . . . . . . 3-170

IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176

Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176

IP Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-177

Routing Path Management . . . . . . . . . . . . . . . . . . . . . . . . 3-178

Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-178

Basic IP Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-179

Configuring IP Routing Interfaces . . . . . . . . . . . . . . . . . . . . . . 3-180

Address Resolution Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 3-182

Proxy ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182

Basic ARP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-183

Configuring Static ARP Addresses . . . . . . . . . . . . . . . . . . 3-184

Displaying Dynamically Learned ARP Entries . . . . . . . . 3-185

Displaying Local ARP Entries . . . . . . . . . . . . . . . . . . . . . 3-187

Displaying ARP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 3-188

Displaying Statistics for IP Protocols . . . . . . . . . . . . . . . . . . . 3-189

IP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-189

ICMP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-190

UDP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-192

TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193

Configuring Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194

xi

C

ONTENTS

Displaying the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195

Configuring the Routing Information Protocol . . . . . . . . . . . 3-196

Configuring General Protocol Settings . . . . . . . . . . . . . . 3-197

Specifying Network Interfaces for RIP . . . . . . . . . . . . . . 3-199

Configuring Network Interfaces for RIP . . . . . . . . . . . . . 3-200

Displaying RIP Information and Statistics . . . . . . . . . . . 3-203

Configuring the Open Shortest Path First Protocol . . . . . . . . 3-206

Configuring General Protocol Settings . . . . . . . . . . . . . . 3-207

Configuring OSPF Areas . . . . . . . . . . . . . . . . . . . . . . . . . 3-210

Configuring Area Ranges (Route Summarization for ABRs) . .

3-213

Configuring OSPF Interfaces . . . . . . . . . . . . . . . . . . . . . . 3-215

Configuring Virtual Links . . . . . . . . . . . . . . . . . . . . . . . . . 3-219

Configuring Network Area Addresses . . . . . . . . . . . . . . . 3-221

Configuring Summary Addresses (for External AS Routes) . . .

3-223

Redistributing External Routes . . . . . . . . . . . . . . . . . . . . 3-224

Configuring NSSA Settings . . . . . . . . . . . . . . . . . . . . . . . 3-225

Displaying Link State Database Information . . . . . . . . . 3-227

Displaying Information on Border Routers . . . . . . . . . . 3-229

Displaying Information on Neighbor Routers . . . . . . . . 3-230

Multicast Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231

Configuring Global Settings for Multicast Routing . . . . . . . . 3-231

Displaying the Multicast Routing Table . . . . . . . . . . . . . . . . . 3-232

Configuring DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234

Configuring Global DVMRP Settings . . . . . . . . . . . . . . . 3-234

Configuring DVMRP Interface Settings . . . . . . . . . . . . . 3-237

Displaying Neighbor Information . . . . . . . . . . . . . . . . . . 3-239

Displaying the Routing Table . . . . . . . . . . . . . . . . . . . . . . 3-240

Configuring PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241

Configuring Global PIM-DM Settings . . . . . . . . . . . . . . 3-241

Configuring PIM-DM Interface Settings . . . . . . . . . . . . . 3-242

Displaying Interface Information . . . . . . . . . . . . . . . . . . . 3-244

Displaying Neighbor Information . . . . . . . . . . . . . . . . . . 3-245

Chapter 4: Command Line Interface . . . . . . . . . . . . . . . . . . 4-1

Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

xii

C

ONTENTS

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Negating the Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-5

Using Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Understanding Command Modes . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Command Line Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10

Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11

line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11

login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13

exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14

password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14

silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20

configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21

show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

xiii

C

ONTENTS

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23

quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23

System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

Device Designation Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-24

prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26

IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

show management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28

Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29

ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29

ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30

ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30

ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

ip ssh timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

ip ssh authentication-retries . . . . . . . . . . . . . . . . . . . . . . . . 4-36

ip ssh server-key size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36

delete public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

ip ssh crypto host-key generate . . . . . . . . . . . . . . . . . . . . . 4-37

ip ssh crypto zeroize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

ip ssh save host-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39

show ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39

show public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40

Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

logging history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42

logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43

logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43

logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45

xiv

C

ONTENTS

SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46

logging sendmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47

logging sendmail level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47

logging sendmail source-email . . . . . . . . . . . . . . . . . . . . . . 4-48

logging sendmail destination-email . . . . . . . . . . . . . . . . . . 4-48

logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49

show logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49

Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50

sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50

sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51

sntp poll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52

sntp broadcast client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52

show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53

clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53

calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54

show calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54

System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55

show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55

show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56

show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58

show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59

Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60

jumbo frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60

Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61

copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61

delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63

dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64

whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65

boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65

Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66

Authentication Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66

authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66

RADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67

radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67

radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68

radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68

xv

C

ONTENTS

radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

TACACS+ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70

tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70

tacacs-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71

tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71

show tacacs-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71

Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72

port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72

802.1x Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74

authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . 4-74

dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75

dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75

dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76

dot1x operation-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76

dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77

dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77

dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . . 4-78

dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . . . . . 4-78

dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79

show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79

Access Control List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82

IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83

access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84

permit, deny (Standard ACL) . . . . . . . . . . . . . . . . . . . . . . 4-85

permit, deny (Extended ACL) . . . . . . . . . . . . . . . . . . . . . . 4-86

show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-88

access-list ip mask-precedence . . . . . . . . . . . . . . . . . . . . . . 4-88

mask (IP ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89

show access-list ip mask-precedence . . . . . . . . . . . . . . . . . 4-92

ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93

show ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93

map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94

show map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95

match access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95

show marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96

xvi

C

ONTENTS

MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97

access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97

permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98

show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99

access-list mac mask-precedence . . . . . . . . . . . . . . . . . . . 4-100

mask (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101

show access-list mac mask-precedence . . . . . . . . . . . . . . 4-103

mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103

show mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104

map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104

show map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . 4-105

match access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105

ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106

show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106

show access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107

snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108

snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108

snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109

snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109

snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110

snmp ip filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111

show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112

DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113

DHCP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113

ip dhcp client-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113

ip dhcp restart client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114

DHCP Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115

ip dhcp restart relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115

ip dhcp relay server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116

DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117

service dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117

ip dhcp excluded-address . . . . . . . . . . . . . . . . . . . . . . . . . 4-118

ip dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-118

network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-119

default-router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-120

domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-120

xvii

C

ONTENTS

dns-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121

next-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121

bootfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122

netbios-name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122

netbios-node-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123

lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124

host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124

client-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125

hardware-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126

clear ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127

show ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127

DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128

ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128

clear host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129

ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130

ip domain-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130

ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-131

ip domain-lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-132

show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-133

show dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-133

show dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-134

clear dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135

Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137

speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137

negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138

capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-139

flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-140

combo-forced-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-141

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-141

switchport broadcast packet-rate . . . . . . . . . . . . . . . . . . . . . . . 4-142

clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-143

show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-144

show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-145

show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-146

Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147

xviii

C

ONTENTS

port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147

show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-148

Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149

rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149

Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150

channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151

lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151

lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-153

lacp admin-key (Ethernet Interface) . . . . . . . . . . . . . . . . . . . . 4-153

lacp admin-key (Port Channel) . . . . . . . . . . . . . . . . . . . . . . . . . 4-154

lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-155

show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-156

Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159

mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159

clear mac-address-table dynamic . . . . . . . . . . . . . . . . . . . . . . . 4-160

show mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-160

mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161

show mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . 4-162

Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-162

spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163

spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-164

spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-165

spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-166

spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-166

spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167

spanning-tree pathcost method . . . . . . . . . . . . . . . . . . . . . . . . 4-167

spanning-tree transmission-limit . . . . . . . . . . . . . . . . . . . . . . . 4-168

spanning-tree mst-configuration . . . . . . . . . . . . . . . . . . . . . . . 4-168

mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-169

mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170

name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170

revision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-171

max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-172

spanning-tree spanning-disabled . . . . . . . . . . . . . . . . . . . . . . . 4-172

spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173

spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173

spanning-tree edge-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-174

xix

C

ONTENTS

spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175

spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176

spanning-tree mst cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176

spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . . . 4-177

spanning-tree protocol-migration . . . . . . . . . . . . . . . . . . . . . . 4-178

show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-179

show spanning-tree mst configuration . . . . . . . . . . . . . . . . . . 4-180

VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-181

Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-181

vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-181

vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-182

Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 4-183

interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-183

switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-184

switchport acceptable-frame-types . . . . . . . . . . . . . . . . . 4-184

switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . 4-185

switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-186

switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . 4-187

switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . 4-188

Displaying VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . 4-188

show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-189

Configuring Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . 4-189

protocol-vlan protocol-group (Configuring Groups) . . . 4-190
protocol-vlan protocol-group (Configuring Interfaces) . 4-191

show protocol-vlan protocol-group . . . . . . . . . . . . . . . . . 4-191

show interfaces protocol-vlan protocol-group . . . . . . . . 4-192

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 4-193

pvlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-193

show pvlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-193

GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . . . . . . 4-194

bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-194

show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-195

switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-195

show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 4-196

garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-196

show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-197

Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198

xx

C

ONTENTS

Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198

switchport priority default . . . . . . . . . . . . . . . . . . . . . . . . 4-198

queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-199

queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-200

queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-201

show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202

show queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202

show queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-203

Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . . . . . . 4-204

map ip port (Global Configuration) . . . . . . . . . . . . . . . . . 4-204

map ip port (Interface Configuration) . . . . . . . . . . . . . . . 4-205

map ip precedence (Global Configuration) . . . . . . . . . . . 4-205

map ip precedence (Interface Configuration) . . . . . . . . . 4-206

map ip dscp (Global Configuration) . . . . . . . . . . . . . . . . 4-206

map ip dscp (Interface Configuration) . . . . . . . . . . . . . . . 4-207

show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-208

show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . 4-209

show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-210

Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-211

IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-211

ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-211

ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . 4-212

ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . . . . 4-212

show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-213

show mac-address-table multicast . . . . . . . . . . . . . . . . . . 4-213

IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-214

ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . 4-214

ip igmp snooping query-count . . . . . . . . . . . . . . . . . . . . . 4-215

ip igmp snooping query-interval . . . . . . . . . . . . . . . . . . . . 4-215

ip igmp snooping query-max-response-time . . . . . . . . . . 4-216

ip igmp snooping router-port-expire-time . . . . . . . . . . . . 4-217

Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-218

ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . 4-218

show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . 4-219

IGMP Commands (Layer 3) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-220

ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-220

ip igmp robustval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221

xxi

C

ONTENTS

ip igmp query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222

ip igmp max-resp-interval . . . . . . . . . . . . . . . . . . . . . . . . . 4-222

ip igmp last-memb-query-interval . . . . . . . . . . . . . . . . . . 4-223

ip igmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-224

show ip igmp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-224

clear ip igmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-225

show ip igmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-226

IP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-227

Basic IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-227

ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-227

ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-229

show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-229

show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230

Address Resolution Protocol (ARP) . . . . . . . . . . . . . . . . . . . . 4-232

arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-232

arp-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233

clear arp-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233

show arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233

ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-234

IP Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-235

Global Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 4-235

ip routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-235

ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-236

clear ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-237

show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-237

show ip traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-238

Routing Information Protocol (RIP) . . . . . . . . . . . . . . . . . . . . 4-239

router rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-240

timers basic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-240

network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-241

neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-242

version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-242

ip rip receive version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-243

ip rip send version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-244

ip split-horizon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-245

ip rip authentication key . . . . . . . . . . . . . . . . . . . . . . . . . . 4-246

xxii

C

ONTENTS

ip rip authentication mode . . . . . . . . . . . . . . . . . . . . . . . . 4-246

show rip globals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-247

show ip rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-248

Open Shortest Path First (OSPF) . . . . . . . . . . . . . . . . . . . . . . 4-249

router ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-250

router-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-251

compatible rfc1583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-251

default-information originate . . . . . . . . . . . . . . . . . . . . . . 4-252

timers spf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-253

area range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-254

area default-cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-254

summary-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-255

redistribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-256

network area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-257

area stub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-258

area nssa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-259

area virtual-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-260

ip ospf authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-262

ip ospf authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . 4-263

ip ospf message-digest-key . . . . . . . . . . . . . . . . . . . . . . . . 4-264

ip ospf cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-265

ip ospf dead-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-265

ip ospf hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-266

ip ospf priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-266

ip ospf retransmit-interval . . . . . . . . . . . . . . . . . . . . . . . . 4-267

ip ospf transmit-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-268

show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-268

show ip ospf border-routers . . . . . . . . . . . . . . . . . . . . . . . 4-269

show ip ospf database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-270

show ip ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-277

show ip ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-278

show ip ospf summary-address . . . . . . . . . . . . . . . . . . . . 4-279

show ip ospf virtual-links . . . . . . . . . . . . . . . . . . . . . . . . . 4-280

Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-280

Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-281

ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . 4-281

show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . 4-282

xxiii

C

ONTENTS

General Multicast Routing Commands . . . . . . . . . . . . . . . . . 4-282

ip multicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-282

show ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-283

DVMRP Multicast Routing Commands . . . . . . . . . . . . . . . . . 4-285

router dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-285

probe-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-286

nbr-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-287

report-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-287

flash-update-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-288

prune-lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-288

default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-289

ip dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-289

ip dvmrp metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-290

clear ip dvmrp route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-291

show router dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-291

show ip dvmrp route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-292

show ip dvmrp neighbor . . . . . . . . . . . . . . . . . . . . . . . . . 4-292

show ip dvmrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . 4-293

PIM-DM Multicast Routing Commands . . . . . . . . . . . . . . . . 4-293

router pim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-294

ip pim dense-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-294

ip pim hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-295

ip pim hello-holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-296

ip pim trigger-hello-interval . . . . . . . . . . . . . . . . . . . . . . . 4-296

ip pim join-prune-holdtime . . . . . . . . . . . . . . . . . . . . . . . 4-297

ip pim graft-retry-interval . . . . . . . . . . . . . . . . . . . . . . . . . 4-298

ip pim max-graft-retries . . . . . . . . . . . . . . . . . . . . . . . . . . 4-298

show router pim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-299

show ip pim interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-299

show ip pim neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-300

Router Redundancy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-300

Virtual Router Redundancy Protocol Commands . . . . . . . . . 4-301

vrrp ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-301

vrrp authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-302

vrrp priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-303

vrrp timers advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-304

vrrp preempt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-305

xxiv

C

ONTENTS

show vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-305

show vrrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-307

show vrrp router counters . . . . . . . . . . . . . . . . . . . . . . . . 4-308

show vrrp interface counters . . . . . . . . . . . . . . . . . . . . . . 4-308

clear vrrp router counters . . . . . . . . . . . . . . . . . . . . . . . . . 4-309

clear vrrp interface counters . . . . . . . . . . . . . . . . . . . . . . . 4-309

Hot Standby Router Protocol Commands . . . . . . . . . . . . . . . 4-310

standby ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-310

standby priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-311

standby preempt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-312

standby authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-313

standby timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-314

standby track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-315

show standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-316

show standby interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-318

Appendix A: Software Specifications . . . . . . . . . . . . . . . . . . A-1

Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-2

Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-2

Management Information Bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3

Index

Appendix B: Troubleshooting . . . . . . . . . . . . . . . . . . . .Inde-1

Glossary

xxv

C

ONTENTS

xxvi

C

HAPTER

I

NTRODUCTION

The TigerSwitch 10/100/1000 provides a broad range of features for
Layer 2 switching and Layer 3 routing. It includes a management agent that
allows you to configure the features listed in this manual. The default
configuration can be used for most of the features provided by this switch.
However, there are many options that you should configure to maximize
the switch’s performance for your particular network environment.

1

Key Features

Feature Description

Configuration
Backup and
Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control
Lists

Access Control
Lists

DHCP Client,
Relay and Server

DNS Server Supported

Port Configuration Speed, duplex mode and flow control

Backup to TFTP server

Web – HTTPS; Telnet – SSH

SNMP – Community strings, IP address filtering

Port – IEEE 802.1x, MAC address filtering

Supports up to 32 IP or MAC ACLs

Supports up to 32 IP or MAC ACLs

Supported

1-1

I

NTRODUCTION

Feature Description

Rate Limiting Input and output rate limiting per port

Port Mirroring One or more ports mirrored to single analysis port

Port Trunking Supports up to 6 trunks using either static or dynamic trunking

(LACP)

Broadcast Storm
Control

Address Table Up to 16K MAC addresses in the forwarding table, 1024 static MAC

IEEE 802.1D
Bridge

Store-and-Forward
Switching

Spanning Tree
Protocol

Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private

Traffic
Prioritization

Router
Redundancy

IP Routing Routing Information Protocol (RIP), Open Shortest Path First

ARP Static and dynamic address configuration, proxy ARP

Multicast Filtering Supports IGMP snooping and query for Layer 2, and IGMP for Layer

Multicast Routing Supports DVMRP and PIM-DM

Supported

addresses; Up to 4K IP address entries in the ARP cache, 128 static
IP routes

Supports dynamic data switching and addresses learning

Supported to ensure wire-speed switching while eliminating bad
frames

Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and
Multiple Spanning Trees (MSTP)

VLANs

Default port priority, traffic class map, queue scheduling, IP
Precedence, or Differentiated Services Code Point (DSCP)

Router backup is provided with the Virtual Router Redundancy
Protocol (VRRP) and the Hot Standby Router Protocol (HSRP)

(OSPF), static routes

3

1-2

D

ESCRIPTION OF SOFTWARE FEATURES

Description of Software Features

The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Broadcast storm suppression prevents broadcast
traffic storms from engulfing the network. Port-based and protocol-based
VLANs, plus support for automatic GVRP VLAN registration provide
traffic security and efficient use of network bandwidth. CoS priority
queueing ensures the minimum delay for moving real-time multimedia data
across the network. While multicast filtering and routing provides support
for real-time network applications. Some of the management features are
briefly described below.

Configuration Backup and Restore – You can save the current
configuration settings to a file on a TFTP server, and later download this
file to restore the switch configuration settings.

Authentication – This switch authenticates management access via the
console port, Telnet or web browser. User names and passwords can be
configured locally or can be verified via a remote authentication server (i.e.,
RADIUS or TACACS+). Port-based authentication is also supported via
the IEEE 802.1x protocol. This protocol uses Extensible Authentication
Protocol over LANs (EAPOL) to request a user name and password from
the 802.1x client, and then uses the EAP between the switch and the
authentication server to verify the client’s right to access the network via an
authentication server.

Other authentication options include HTTPS for secure management
access via the web, SSH for secure management access over a
Telnet-equivalent connection, IP address filtering for SNMP/web/Telnet
management access, and MAC address filtering for port access.

Access Control Lists – ACLs provide packet filtering for IP frames
(based on address, protocol, TCP/UDP port number or TCP control
code) or any frames (based on MAC address or Ethernet type). ACLs can

1-3

I

NTRODUCTION

by used to improve performance by blocking unnecessary network traffic
or to implement security controls by restricting access to specific network
resources or protocols.

DHCP Server and DHCP Relay – A DHCP ser ver is provided to assign
IP addresses to host devices. Since DHCP uses a broadcast mechanism, a
DHCP server and its client must physically reside on the same subnet.
Since it is not practical to have a DHCP server on every subnet, DHCP
Relay is also supported to allow dynamic configuration of local clients
from a DHCP server located in a different network.

Port Configuration – You can manually configure the speed, duplex
mode, and flow control used on specific ports, or use auto-negotiation to
detect the connection settings used by the attached device. Use the
full-duplex mode on ports whenever possible to double the throughput of
switch connections. Flow control should also be enabled to control
network traffic during periods of congestion and prevent the loss of
packets when port buffer thresholds are exceeded. The switch supports
flow control based on the IEEE 802.3x standard.

Rate Limiting – This feature controls the maximum rate for traffic
transmitted or received on an interface. Rate limiting is configured on
interfaces at the edge of a network to limit traffic into or out of the
network. Traffic that falls within the rate limit is transmitted, while packets
that exceed the acceptable amount of traffic are dropped.

Port Mirroring – The switch can unobtrusively mirror traffic from any
port to a monitor port. You can then attach a protocol analyzer or RMON
probe to this port to perform traffic analysis and verify connection
integrity.

Port Trunking – Ports can be combined into an aggregate connection.
Trunks can be manually set up or dynamically configured using IEEE

802.3ad Link Aggregation Control Protocol (LACP). The additional ports
dramatically increase the throughput across any connection, and provide

1-4

D

ESCRIPTION OF SOFTWARE FEATURES

redundancy by taking over the load if a port in the trunk should fail. The
switch supports up to 6 trunks.

Broadcast Storm Control – Broadcast suppression prevents broadcast
traffic from overwhelming the network. When enabled on a port, the level
of broadcast traffic passing through the port is restricted. If broadcast
traffic rises above a pre-defined threshold, it will be throttled until the level
falls back beneath the threshold.

Static Addresses – A static address can be assigned to a specific interface
on this switch. Static addresses are bound to the assigned interface and will
not be moved. When a static address is seen on another interface, the
address will be ignored and will not be written to the address table. Static
addresses can be used to provide network security by restricting access for
a known host to a specific port.

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent
bridging. The address table facilitates data switching by learning addresses,
and then filtering or forwarding traffic based on this information. The
address table supports up to 16K addresses.

Store-and-Forward Switching – The switch copies each frame into its
memory before forwarding them to another port. This ensures that all
frames are a standard Ethernet size and have been verified for accuracy
with the cyclic redundancy check (CRC). This prevents bad frames from
entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 1 MB
for frame buffering. This buffer can queue packets awaiting transmission
on congested networks.

Spanning Tree Protocol – The switch supports these spanning tree
protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol adds a level
of fault tolerance by allowing two or more redundant connections to be
created between a pair of LAN segments. When there are multiple physical

1-5

I

NTRODUCTION

paths between segments, this protocol will choose a single path and disable
all others to ensure that only one route exists between any two stations on
the network. This prevents the creation of network loops. However, if the
chosen path should fail for any reason, an alternate path will be activated
to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to about 10%
of that required by the older IEEE 802.1D STP standard. It is intended as
a complete replacement for STP, but can still interoperate with switches
running the older standard by automatically reconfiguring ports to
STP-compliant mode if they detect STP protocol messages from attached
devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is
a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for even
faster convergence than RSTP by limiting the size of each region, and
prevents VLAN members from being segmented from the rest of the
group (as sometimes occurs with IEEE 802.1D STP).

Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is
a collection of network nodes that share the same collision domain
regardless of their physical location or connection point in the network.
The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Members of VLAN groups can be dynamically learned via GVRP, or ports
can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a
flat network.

• Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.

• Provide data security by restricting all traffic to the originating VLAN,

1-6

D

ESCRIPTION OF SOFTWARE FEATURES

except where a connection is explicitly defined via the switch’s routing
service.

• Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need
to be configured.

Traffic Prioritization – This switch prioritizes each packet based on the
required level of service, using four priority queues with strict or Weighted
Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize
incoming traffic based on input from the end-station application. These
functions can
data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/
4 traffic to meet application requirements. Traffic can be prioritized based
on the priority bits in the IP frame’s Type of Service (ToS) octet. When
these services are enabled, the priorities are mapped to a Class of Service
value by the switch, and the traffic then sent to the corresponding output
queue.

be used to provide independent priorities for delay-sensitive

IP Routing – The switch provides Layer 3 IP routing. To maintain a high
rate of throughput, the switch forwards all traffic passing within the same
segment, and routes only traffic that passes between different
subnetworks. The wire-speed routing provided by this switch lets you
easily link network segments or VLANs together without having to deal
with the bottlenecks or configuration hassles normally associated with
conventional routers.

Routing for unicast traffic is supported with the Routing Information
Protocol (RIP) and the Open Shortest Path First (OSPF) protocol.

RIP – This protocol uses a distance-vector approach to routing. Routes are
determined on the basis of minimizing the distance vector, or hop count,
which serves as a rough estimate of transmission cost.

1-7

I

NTRODUCTION

OSPF – This approach uses a link state routing protocol to generate a
shortest-path tree, then builds up its routing table based on this tree. OSPF
produces a more stable network because the participating routers act on
network changes predictably and simultaneously, converging on the best
route more quickly than RIP.

Router Redundancy – Hot Standby Router Protocol (HSRP) and Virtual
Router Redundancy Protocol (VRRP) both use a virtual IP address to
support a primary router and multiple backup routers. The backups can be
configured to take over the workload if the master fails or to load share the
traffic. The primary goal of these protocols is to allow a host device which
has been configured with a fixed gateway to maintain network connectivity
in case the primary gateway goes down.

Address Resolution Protocol – The switch uses ARP and Proxy ARP to
convert between IP addresses and MAC (i.e., hardware) addresses. This
switch supports conventional ARP, which locates the MAC address
corresponding to a given IP address. This allows the switch to use IP
addresses for routing decisions and the corresponding MAC addresses to
forward packets from one hop to the next. You can configure either static
or dynamic entries in the ARP cache.

Proxy ARP allows hosts that do not support routing to determine the
MAC address of a device on another network or subnet. When a host
sends an ARP request for a remote network, the switch checks to see if it
has the best route. If it does, it sends its own MAC address to the host. The
host then sends traffic for the remote destination via the switch, which
uses its own routing table to reach the destination on the other network.

Multicast Filtering – Specific multicast traffic can be assigned to its own
VLAN to ensure that it does not interfere with normal network traffic and
to guarantee real-time delivery by setting the required priority level for the
designated VLAN. The switch uses IGMP Snooping and Query at Layer 2
and IGMP at Layer 3 to manage multicast group registration.

1-8

D

ESCRIPTION OF SOFTWARE FEATURES

Multicast Routing – Routing for multicast packets is supported by the
Distance Vector Multicast Routing Protocol (DVMRP) and
Protocol-Independent Multicasting - Dense Mode (PIM-DM). These
protocols work in conjunction with IGMP to filter and route multicast
traffic. DVMRP is a more comprehensive implementation that maintains
its own routing table, but is gradually being replacing by most network
managers with PIM, Dense Mode and Sparse Mode. PIM is a very simple
protocol that uses the routing table of the unicast routing protocol enabled
on an interface. Dense Mode is designed for areas where the probability of
multicast clients is relatively high, and the overhead of frequent flooding is
justified. While Sparse mode is designed for network areas, such as the
Wide Area Network, where the probability of multicast clients is low. This
switch currently supports DVMRP and PIM-DM.

1-9

I

NTRODUCTION

System Defaults

The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file
should be set as the startup configuration file (page 3-27).

The following table lists some of the basic system defaults.

Function Parameter Default

Console Port
Connection

Authentication Privileged Exec Level Username “admin”

Web Management HTTP Server Enabled

Baud Rate auto

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Password “admin”

Normal Exec Level Username “guest”

Password “guest”

Enable Privileged Exec from
Normal Exec Level

RADIUS Authentication Disabled

TACACS Authentication Disabled

802.1x Port Authentication Disabled

HTTPS Enabled

SSH Enabled

Port Security Disabled

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Port Number 443

Password “super”

1-10

S

YSTEM DEFAULTS

Function Parameter Default

SNMP Community Strings “public” (read only)

“private” (read/write)

Traps Authentication traps: enabled

Link-up-down events: enabled

IP Filtering Disabled

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Port Capability 1000BASE-T –

10 Mbps half duplex
10 Mbps full duplex
100 Mbps half duplex
100 Mbps full duplex
1000 Mbps full duplex
Full-duplex flow control disabled
Symmetric flow control disabled

1000BASE-SX/LX/LH –
1000 Mbps full duplex
Full-duplex flow control disabled
Symmetric flow control disabled

Rate Limiting Input and output limits Disabled

Port Trunking Static Trunks None

LACP Disabled

Broadcast Storm
Protection

Spanning Tree
Protocol

Address Table Aging Time 300 seconds

Status Enabled (all ports)

Broadcast Limit Rate 500 packets per second

Status Enabled, MSTP

(Defaults: All values based on IEEE

802.1s)

Fast Forwarding (Edge Port) Disabled

1-11

I

NTRODUCTION

Function Parameter Default

Virtual LANs Default VLAN 1

PVID 1

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress
Mode)

GVRP (global) Disabled

GVRP (port interface) Disabled

Traffic
Prioritization

IP Settings Management. VLAN Any VLAN configured with an IP

IP Settings IP Address 0.0.0.0

Ingress Port Priority 0

Weighted Round Robin Queue: 0 1 2 3 4 5 6 7

IP Precedence Priority Disabled

IP DSCP Priority Disabled

Subnet Mask 255.0.0.0

Default Gateway 0.0.0.0

DHCP Client: Disabled

DNS Server: Disabled

BOOTP Disabled

ARP

Unicast Routing RIP Disabled

OSPF Disabled

Hybrid: tagged/untagged frames

Priority: 2 0 1 3 4 5 6 7

address

Relay: Disabled

Server: Disabled

Enabled

Cache Timeout: 20 minutes

Proxy: Disabled

1-12

S

Function Parameter Default

Router
Redundancy

Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled

Multicast Routing DVMRP Disabled

System Log Status Enabled

SMTP Email Alerts Event Handler Disabled

SNTP Clock Synchronization Disabled

HSRP Disabled

VRRP Disabled

Querier: Disabled

IGMP (Layer 3) Disabled

PIM-DM Disabled

Messages Logged Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

YSTEM DEFAULTS

1-13

I

NTRODUCTION

1-14

C

HAPTER

I

NITIAL

C

ONFIGURATION

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent
offers a variety of management options, including SNMP, RMON and a
web-based interface. A PC may also be connected directly to the switch for
configuration and monitoring via a command line interface (CLI).

Note: The IP address for this switch is unassigned by default. To change

this address, see “Setting an IP Address” on page 2-7.

The switch’s HTTP web agent allows you to configure switch parameters,
monitor port connections, and display statistics using a standard web
browser such as Netscape Navigator version 6.2 and higher or Microsoft
IE version 5.0 and higher. The switch’s web management interface can be
accessed from any computer attached to the network.

2

The CLI program can be accessed by a direct connection to the RS-232
serial console port on the switch, or remotely by a Telnet connection over
the network.

The switch’s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be
managed from any system in the network using network management
software such as HP OpenView.

2-1

I

NITIAL CONFIGURATION

The switch’s web interface, CLI configuration program, and SNMP agent
allow you to perform the following management functions:

• Set user names and passwords for up to 16 users

• Set an IP interface for any VLAN

• Configure SNMP parameters

• Enable/disable any port

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by limiting input or output rates

• Configure up to 255 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Configure IP routing for unicast or multicast traffic

• Configure router redundancy

• Configure IGMP multicast filtering

• Upload and download system firmware via TFTP

• Upload and download switch configuration files via TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

• Configure up to 6 static or LACP trunks

• Enable port mirroring

• Set broadcast storm control on any port

• Display system information and statistics

2-2

C

ONNECTING TO THE SWITCH

Required Connections

The switch provides an RS-232 serial port that enables a connection to a
PC or terminal for monitoring and configuring the switch. A null-modem
console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal
emulation program to the switch. You can use the console cable provided
with this package, or use a null-modem cable that complies with the wiring
assignments shown in the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC

running terminal emulation software, and tighten the captive retaining
screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the

switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set to any of the following baud rates: 9600, 19200, 38400, 57600,

115200
(Note: Set to 9600 baud if want to view all the system initialization
messages.)

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows

keys.

Notes: 1. When using HyperTerminal with Microsoft

make sure that you have Windows 2000 Service Pack 2 or later
installed. Windows 2000 Service Pack 2 fixes the problem of
arrow keys not functioning in HyperTerminal’s VT100
emulation. See www.microsoft.com for information on

®

Windows® 2000,

2-3

I

NITIAL CONFIGURATION

Windows 2000 service packs.

2. Refer to “Line Commands” on page 4-15 for a complete
description of console configuration options.

3. Once you have set up the terminal correctly, the console login
screen will be displayed.

For a description of how to use the CLI, see “Using the Command Line
Interface” on page 4-1. For a list of all the CLI commands and detailed
information on using the CLI, refer to “Command Groups” on page 4-13.

2-4

B

ASIC CONFIGURATION

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection,
you must first configure it with a valid IP address, subnet mask, and default
gateway using a console connection, DHCP or BOOTP protocol.

The IP address for this switch is unassigned by default. To manually
configure this address or enable dynamic address assignment via DHCP or
BOOTP, see “Setting an IP Address” on page 2-7.

Notes: 1. This switch supports four concurrent Telnet/SSH sessions.

2. Each VLAN group can be assigned its own IP interface address

(page 2-7). You can manage the switch via any of these
addresses.

After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The
onboard configuration program can be accessed using Telnet from any
computer attached to the network. The switch can also be managed by any
computer using a web browser (Internet Explorer 5.0 or above, or
Netscape Navigator 6.2 or above), or from a network computer using
SNMP network management software.

Note: The onboard program only provides access to basic configuration

functions. To access the full range of SNMP management
functions, you must use SNMP-based network management
software.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal
access level (Normal Exec) and privileged access level (Privileged Exec).
The commands available at the Normal Exec level are a limited subset of

2-5

I

NITIAL CONFIGURATION

those available at the Privileged Exec level and allow you to only display
information and use basic utilities. To fully configure the switch
parameters, you must access the CLI at the Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords.
The switch has a default user name and password for each level. To log
into the CLI at the Privileged Exec level using the default user name and
password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access
Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password
characters are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt
indicating you have access at the Privileged Exec level.

Setting Passwords

Note: If this is your first time to log into the CLI program, you should

define new passwords for both default user names using the
“username” command, record them and put them in a safe place.

Passwords can consist of up to 8 alphanumeric characters and are case
sensitive. To prevent unauthorized access to the switch, set the passwords
as follows:

1. Open the console interface with the default user name and password
“admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec
level, where password is your new password. Press <Enter>.

2-6

B

ASIC CONFIGURATION

4. Type “username admin password 0 password,” for the Privileged Exec
level, where password is your new password. Press <Enter>.

Username: admin
Password:

CLI session with theCLI session with the SMC8612XL3 is opened.
To end the CLI session, enter [Exit].

Console#configure
Console(config)#username guest password 0 [password]
Console(config)#username admin password 0 [password]
Console(config)#

Setting an IP Address

You must establish IP address information for the switch to obtain
management access through the network. This can be done in either of the
following ways:

Manual — You have to input the information, including IP address and
subnet mask. If your management station is not in the same IP subnet as
the switch, you will also need to specify the default gateway router.

Dynamic — The switch sends IP configuration requests to BOOTP or
DHCP address allocation servers on the network.

Manual Configuration

You can manually assign an IP address to the switch. You may also need to
specify a default gateway that resides between this device and management
stations that exist on another network segment (if routing is not enabled
on this switch). Valid IP addresses consist of four decimal numbers, 0 to
255, separated by periods. Anything outside this format will not be
accepted by the CLI program.

Note: The IP address for this switch is unassigned by default.

Before you can assign an IP address to the switch, you must obtain the
following information from your network administrator:

2-7

I

NITIAL CONFIGURATION

• IP address for the switch

• Default gateway for the network

• Network mask for this network

To assign an IP address to the switch, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt,
type “interface vlan 1” to access the interface-configuration mode.
Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch
IP address and “netmask” is the network mask for the network. Press
<Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press
<Enter>.

4. To set the IP address of the default gateway for the network to which
the switch belongs, type “ip default-gateway gateway,” where “gateway”
is the IP address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.5 255.255.255.0
Console(config-if)#exit
Console(config)#ip default-gateway 192.168.1.254
Console(config)#

Dynamic Configuration

If you select the “bootp” or “dhcp” option, IP will be enabled but will not
function until a BOOTP or DHCP reply has been received. You therefore
need to use the “ip dhcp restart client” command to start broadcasting
service requests. Requests will be sent periodically in an effort to obtain IP
configuration information. (BOOTP and DHCP values can include the IP
address, subnet mask, and default gateway.)

2-8

B

ASIC CONFIGURATION

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6),
then the switch will start broadcasting service requests as soon as it is
powered on.

To automatically configure the switch by communicating with BOOTP or
DHCP address allocation servers on the network, complete the following
steps:

1. From the Global Configuration mode prompt, type “interface vlan 1”
to access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following
commands:

• To obtain IP settings via DHCP, type “ip address dhcp” and press
<Enter>.

• To obtain IP settings via BOOTP, type “ip address bootp” and
press <Enter>.

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

4. Type “ip dhcp restart client” to begin broadcasting service requests.
Press <Enter>.

5. Wait a few minutes, and then check the IP configuration settings by
typing the “show ip interface” command. Press <Enter>.

2-9

I

NITIAL CONFIGURATION

6. Then save your configuration changes by typing “copy running-config
startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
Console(config-if)#end
Console#ip dhcp restart client
Console#show ip interface
IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1,
and address mode: User specified.
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.

\Write to FLASH finish.
Success.

Enabling SNMP Management Access

The switch can be configured to accept management commands from
Simple Network Management Protocol (SNMP) applications such as HP
OpenView. You can configure the switch to (1) respond to SNMP requests
or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either to
return information or to set a parameter), the switch provides the
requested data or sets the specified parameter. The switch can also be
configured to send information to SNMP managers (without being
requested by the managers) through trap messages, which inform the
manager that certain events have occurred.

Community Strings

Community strings are used to control management access to SNMP
stations, as well as to authorize SNMP stations to receive trap messages
from the switch. You therefore need to assign community strings to
specified users or user groups, and set the access level.

2-10

B

ASIC CONFIGURATION

The default strings are:

• public - with read-only access. Authorized management stations are
only able to retrieve MIB objects.

• private - with read-write access. Authorized management stations are
able to both retrieve and modify MIB objects.

Note: If you do not intend to utilize SNMP, we recommend that you

delete both of the default community strings. If there are no
community strings, then SNMP management access to the switch
is disabled.

To prevent unauthorized access to the switch via SNMP, it is
recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt,

type “snmp-server community string mode,” where “string” is the
community access string and “mode” is rw (read/write) or ro (read
only). Press <Enter>. (Note that the default mode is read only.)

2. To remove an existing string, simply type “no snmp-server community

string,” where “string” is the community access string to remove. Press
<Enter>.

Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#

Trap Receivers

You can also specify SNMP stations that are to receive traps from the
switch.

To configure a trap receiver, complete the following steps:

2-11

I

NITIAL CONFIGURATION

1. From the Privileged Exec level global configuration mode prompt,
type “snmp-server host host-address community-string,” where
“host-address” is the IP address for the trap receiver and
“community-string” is the string associated with that host. Press
<Enter>.

2. In order to configure the switch to send SNMP notifications, you must
enter at least one snmp-server enable traps command. Type
“snmp-server enable traps type,” where “type” is either authentication
or link-up-down. Press <Enter>.

Console(config)#snmp-server enable traps link-up-down
Console(config)#

Saving Configuration Settings

Configuration commands only modify the running configuration file and
are not saved when the switch is rebooted. To save all your configuration
changes in nonvolatile storage, you must copy the running configuration
file to the start-up configuration file using the “copy” command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config
startup-config” and press <Enter>.

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.

\Write to FLASH finish.
Success.

Console#

2-12

M

ANAGING SYSTEM FILES

Managing System Files

The switch’s flash memory supports three types of system files that can be
managed by the CLI program, web interface, or SNMP. The switch’s file
system allows files to be uploaded and downloaded, copied, deleted, and
set as a start-up file.

The three types of files are:

• Configuration — This file stores system configuration information
and is created when configuration settings are saved. Saved
configuration files can be selected as a system start-up file or can be
uploaded via TFTP to a server for backup. A file named
“Factory_Default_Config.cfg” contains all the system default settings
and cannot be deleted from the system. See “Saving or Restoring
Configuration Settings” on page 3-26 for more information.

• Operation Code — System software that is executed after boot-up,
also known as run-time code. This code runs the switch operations and
provides the CLI and web management interfaces. See “Managing
Firmware” on page 3-24 for more information.

• Diagnostic Code — Software that is run during system boot-up, also
known as POST (Power On Self-Test).

Due to the size limit of the flash memory, the switch supports only two
operation code files. However, you can have as many diagnostic code files
and configuration files as available flash memory space allows.

In the system flash memory, one file of each type must be set as the
start-up file. During a system boot, the diagnostic and operation code files
set as the start-up file are run, and then the start-up configuration file is
loaded.

2-13

I

NITIAL CONFIGURATION

Note that configuration files should be downloaded using a file name that
reflects the contents or usage of the file settings. If you download directly
to the running-config, the system will reboot, and the settings will have to
be copied from the running-config to a permanent file.

2-14

C

HAPTER

C

ONFIGURING THE

S

WITCH

Using the Web Interface

This switch provides an embedded HTTP web agent. Using a web browser
you can configure the switch and view statistics to monitor network
activity. The web agent can be accessed by any computer on the network
using a standard web browser (Internet Explorer 5.0 or above, or Netscape
Navigator 6.2 or above).

Note: You can also use the Command Line Interface (CLI) to manage

the switch over a serial connection to the console port or via
Telnet. For more information on using the CLI, refer to Chapter 4
“Command Line Interface.”

Prior to accessing the switch from a web browser, be sure you have first
performed the following tasks:

1. Configure the switch with a valid IP address, subnet mask, and default

gateway using an out-of-band serial connection, BOOTP or DHCP
protocol. (See “Setting an IP Address” on page 2-7.)

3

2. Set user names and passwords using an out-of-band serial connection.

Access to the web agent is controlled by the same user names and
passwords as the onboard configuration program. (See “Setting
Passwords” on page 2-6.)

3. After you enter a user name and password, you will have access to the

system configuration program.

Notes: 1. You are allowed three attempts to enter the correct password;

3-1

C

ONFIGURING THE SWITCH

on the third failed attempt the current connection is
terminated.

2. If you log into the web interface as guest (Normal Exec level),
you can view the configuration settings or change the guest
password. If you log in as “admin” (Privileged Exec level), you
can change the settings on any page.

3. If the path between your management station and this switch
does not pass through any device that uses the Spanning Tree
Algorithm, then you can set the switch port attached to your
management station to fast forwarding (i.e., enable Admin
Edge Port) to improve the switch’s response time to
management commands issued through the web interface. See
“Configuring Interface Settings” on page 3-140.

3-2

N

AVIGATING THE WEB BROWSER INTERFACE

Navigating the Web Browser Interface

To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration
parameters and statistics. The default user name and password for the
administrator is “admin.”

Home Page

When your web browser connects with the switch’s web agent, the home
page is displayed as shown below. The home page displays the Main Menu
on the left side of the screen and System Information on the right side.
The Main Menu links are used to navigate to other menus, and display
configuration parameters and statistics.

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the

3-3

C

ONFIGURING THE SWITCH

“Apply” or “Apply Changes” button to confirm the new setting. The
following table summarizes the web page configuration buttons.

Button Action

Revert Cancels specified values and restores current values

prior to pressing “Apply” or “Apply Changes.”

Refresh Immediately updates values for the current page.

Apply Sets specified values to the system.

Apply Changes Sets specified values to the system.

Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer

5.x is configured as follows: Under the menu “Tools / Internet
Options / General / Temporary Internet Files / Settings,” the
setting for item “Check for newer versions of stored pages”
should be “Every visit to the page.”

2. When using Internet Explorer 5.0, you may have to manually
refresh the screen after making configuration changes by
pressing the browser’s refresh button.

Panel Display

The web agent displays an image of the switch’s ports. The Mode can be set to
display different information for the ports, including Active (i.e., up or down), Duplex
(i.e., half or full duplex), or Flow Control (i.e., with or without flow control). Clicking on
the image of a port opens the Port Configuration page as described on page 3-93.

Main Menu

Using the onboard web agent, you can define system parameters, manage
and control the switch, and all its ports, or monitor network conditions.

3-4

N

AVIGATING THE WEB BROWSER INTERFACE

The following table briefly describes the selections available from this
program.

Menu Description Page

System 3-14

System Information

Switch Information

Bridge Extension

Firmware

Configuration

Log 3-28

Logs

System Logs

Remote Logs

Reset

SNTP 3-33

Configuration

Clock Time Zone

SNMP 3-36

Configuration

IP Filtering

Security 3-42

Passwords

Authentication Settings

HTTPS Settings

Provides basic system description, including contact

3-14

information

Shows the number of ports, hardware/firmware

3-16

version numbers, and power status

Shows the bridge extension parameters 3-18

Manages code image files 3-24

Manages switch configuration files 3-26

Sends error messages to a logging process

Stores and displays error messages

Configures the logging of messages to a remote

3-28

3-32

3-30

logging process

Restarts the switch 3-33

Configures SNTP client settings, including broadcast

3-34

mode or a specified list of servers

Sets the local time zone for the system clock 3-35

Configures community strings and related trap

3-37

functions

Sets IP addresses of clients allowed management

3-41

access

Assigns a new password for the current user 3-43

Configures authentication sequence, RADIUS and

3-44

TACACS

Configures secure HTTP settings 3-48

3-5

C

ONFIGURING THE SWITCH

Menu Description Page

SSH

Settings

Host-Key Settings

Port Security

Configures Secure Shell server settings 3-55

Generates the host key pair (public and private) 3-53

Configures per port security, including status,

3-50

3-56
response for security breach, and maximum allowed
MAC addresses

802.1x

Information

Configuration

Port Configuration

Statistics

ACL

Configuration

Port authentication 3-60

Displays global configuration settings 3-61

Configures protocol parameters 3-64

Sets the authentication mode for individual ports 3-65

Displays protocol statistics for the selected port 3-67

3-72

Configures packet filtering based on IP or MAC

3-72
addresses

Mask Configuration

Port Binding

IP Filter

Controls the order in which ACL rules are checked 3-81

Binds a port to the specified ACL 3-87

Configures IP addresses that are allowed

3-69
management access

Port 3-89

Port Information

Trunk Information

Port Configuration

Trunk Configuration

Trunk Membership

LACP

Configuration

Aggregation Port

Displays port connection status 3-89

Displays trunk connection status 3-89

Configures port connection settings 3-93

Configures trunk connection settings 3-93

Specifies ports to group into static trunks 3-97

3-96

Allows ports to dynamically join trunks 3-99

Configures parameters for link aggregation group

3-101

members

Port Counters

Displays statistics for LACP protocol messages 3-104

3-6

N

AVIGATING THE WEB BROWSER INTERFACE

Menu Description Page

Port Internal Information

Displays settings and operational state for the local

3-106

side

Port Neighbors Information

Displays settings and operational state for the remote

3-108

side

Port Broadcast Control

Mirror Port Configuration

Rate Limit

Input Port Configuration

Input Trunk Configuration

Output Port Configuration

Output Trunk C onfiguration

Port Statistics

Sets the broadcast storm threshold for each port 3-111

Sets the source and target ports for mirroring 3-113

3-115

Sets the input rate limit for each port 3-115

Sets the input rate limit for each trunk 3-115

Sets the output rate limit for each port 3-115

Sets the output rate limit for each trunk 3-115

Lists Ethernet and RMON port statistics 3-116

Address Table 3-122

Static Addresses

Dynamic Addresses

Address Aging

Displays entries for interface, address or VLAN 3-122

Displays or edits static entries in the Address Table 3-124

Sets timeout for dynamically learned entries 3-125

Spanning Tree 3-126

STA

Information

Configuration

Displays STA values used for the bridge 3-127

Configures global bridge settings for STA, RSTP and

3-131

MSTP

Port Information

Trunk Information

Port Configuration

Trunk Configuration

MSTP

VLAN Configuration

Displays individual port settings for STA 3-136

Displays individual trunk settings for STA 3-136

Configures individual port settings for STA 3-140

Configures individual trunk settings for STA 3-140

Configures priority and VLANs for a spanning tree

3-101

instance

Port Information

Displays port settings for a specified MST instance 3-146

3-7

C

ONFIGURING THE SWITCH

Menu Description Page

Trunk Information

Port Configuration

Trunk Configuration

Displays trunk settings for a specified MST instance 3-146

Configures port settings for a specified MST instance 3-148

Configures trunk settings for a specified MST

3-148

instance

VLAN 3-150

802.1Q VLAN

Status

Basic Information

Enables GVRP VLAN registration protocol 3-154

Displays information on the VLAN type supported

3-154

by this switch

Current Table

Shows the current port members of each VLAN and

3-155

whether or not the port is tagged or untagged

Static List

Static Table

Static Membership

Used to create or remove VLAN groups 3-158

Modifies the settings for an existing VLAN 3-159

Configures membership type for interfaces, including

3-161

tagged, untagged or forbidden

Port Configuration

Trunk Configuration

Private VLAN

Status

Link Status

Protocol VLAN

Configuration

Specifies default PVID and VLAN attributes 3-163

Specifies default trunk VID and VLAN attributes 3-163

Enables or disables the private VLAN 3-167

Configures the private VLAN 3-168

Creates a protocol group, specifying the supported

3-169

protocols

Port Configuration

Maps a protocol group to a VLAN 3-170

Priority 3-172

Default Port Priority

Default Trunk Priority

Traffic Classes

Traffic Classes Status

Sets the default priority for each port 3-172

Sets the default priority for each trunk 3-172

Maps IEEE 802.1p priority tags to output queues 3-174

Enables/disables traffic class priorities (not
implemented)

NA

3-8

N

AVIGATING THE WEB BROWSER INTERFACE

Menu Description Page

Queue Mode

Sets queue mode to strict priority or Weighted

3-176

Round-Robin

Queue Scheduling

IP Precedence/
DSCP Priority Status

IP Precedence Priority

Configures Weighted Round Robin queueing 3-176

Globally selects IP Precedence or DSCP Priority, or

3-179

disables both.

Sets IP Type of Service priority, mapping the

3-181

precedence tag to a class-of-service value

IP DSCP Priority

Sets IP Differentiated Services Code Point priority,

3-183

mapping a DSCP tag to a class-of-service value

IP Port Priority Status

IP Port Priority

Globally enables or disables IP Port Priority 3-185

Sets TCP/UDP port priority, defining the socket

3-185

number and associated class-of-service value

ACL CoS Priority

Sets the CoS value and corresponding output queue

3-186

for packets matching an ACL rule

ACL Marker

Change traffic priorities for frames matching an ACL

3-188

rule

IGMP Snooping 3-190

IGMP Configuration

Enables multicast filtering; configures parameters for

3-193

multicast query

Multicast Router
Port Information

Static Multicast Router
Port Configuration

IP Multicast Registration
Table

IGMP Member Port Table

Displays the ports that are attached to a neighboring
multicast router for each VLAN ID

Assigns ports that are attached to a neighboring
multicast router

Displays all multicast groups active on this switch,
including multicast IP addresses and VLAN ID

Indicates multicast addresses associated with the

3-195

3-196

3-198

3-199

selected VLAN

3-9

C

ONFIGURING THE SWITCH

Menu Description Page

DNS 3-206

General Configuration

Enables DNS; configures domain name and domain

3-206
list; and specifies IP address of name servers for
dynamic lookup

Static Host Table

Configures static entries for domain name to address

3-209
mapping

Cache

Displays cache entries discovered by designated name

3-212
servers

IP 3-246

General

Global Settings

Enables or disables routing, specifies the default

3-250

3-250
gateway

Routing Interface

ARP

General

Configures the IP interface for the specified VLAN 3-252

3-255

Sets the protocol timeout, and enables or disables

3-256
proxy ARP for the specified VLAN

Static Addresses

Dynamic Addresses

Statically maps a physical address to an IP address 3-257

Shows dynamically learned entries in the IP routing

3-258
table

Other Addresses

Statistics

IGMP

Interface Settings

Shows internal addresses used by the switch 3-260

Shows statistics on ARP requests sent and received 3-261

3-200

Configures Layer 3 IGMP for specific VLAN

3-201
interfaces

Group Membership

Displays the current multicast groups learned via

3-205
IGMP

Statistics

IP

Shows statistics for IP traffic, including the amount

3-263

3-263
of traffic, address errors, routing, fragmentation and
reassembly

3-10

N

AVIGATING THE WEB BROWSER INTERFACE

Menu Description Page

ICMP

Shows statistics for ICMP traffic, including the

3-265
amount of traffic, protocol errors, and the number of
echoes, timestamps, and address masks

UDP

Shows statistics for UDP, including the amount of

3-267
traffic and errors

TCP

Shows statistics for TCP, including the amount of

3-268
traffic and TCP connection activity

Routing

Static Routes

Routing Table

Configures and display static routing entries 3-269

Shows all routing entries, including local, static and

3-247

3-271
dynamic routes

Multicast Routing

General Settings

Multicast Routing Table

VRRP

Group Configuration

Globally enables multicast routing 3-319

Shows each multicast route this switch has learned 3-321

Configures VRRP groups, including virtual interface

3-319

3-226

3-227
address, advertisement interval, preemption, priority,
and authentication

Global Statistics

Displays global statistics for VRRP protocol packet

3-234
errors

Group Statistics

Displays statistics for VRRP protocol events and

3-235
errors on the specified VRRP group and interface

HSRP

HSRP Group Con figuration

Configures HSRP groups, including virtual interface

3-237

3-238
address, advertisement interval, preemption, priority,
authentication, and interface tracking

Routing Protocol 3-249

RIP

General Settings

Enables or disables RIP, sets the global RIP version

3-273

3-274
and timer values

Network Addresses

Configures the network interfaces that will use RIP 3-276

3-11

C

ONFIGURING THE SWITCH

Menu Description Page

Interface Settings

Configures RIP parameters for each interface,

3-277
including send and receive versions, message
loopback prevention, and authentication

Statistics

Displays general information on update time, route

3-281
changes and number of queries, as well as a list of
statistics for known interfaces and neighbors

OSPF

General Configuration

Enables or disables OSPF; also configures the Router

3-285

3-287
ID and various other global settings

Area Configuration

Area Range Configuration

Specifies rules for importing routes into each area 3-291

Configures route summaries to advertise at an area

3-295
boundary

Interface Configuration

Shows area ID and designated router; also configures

3-297
OSPF protocol settings and authentication for each
interface

Virtual Link Configuration

Configures a virtual link through a transit area to the

3-303
backbone

Network Area Address
Configuration

Summary Address
Configuration

Redistribute Configuration

Defines OSPF areas and associated interfaces 3-305

Aggregates routes learned from other protocols for

3-308
advertising into other autonomous systems

Redistributes routes from one routing domain to

3-310
another

NSSA Settings

Configures settings for importing routes into or

3-311
exporting routes out of not-so-stubby areas

Link State Database
Information

Shows information about different OSPF Link State
Advertisements (LSAs) stored in this router’s

3-313

database

Border Router Information

Displays routing table entries for area border routers

3-316
and autonomous system boundary routers

Neighbor Information

Displays information about neighboring routers on

3-317
each interface within an OSPF area

3-12

N

AVIGATING THE WEB BROWSER INTERFACE

Menu Description Page

DVMRP

General Settings

Configure global settings for prune and graft

3-323

3-324

messages, and the exchange of routing information

Interface Settings

Enables/disables DVMRP per interface and sets the

3-329

route metric

Neighbor Information

Routing Table

PIM-DM

General Settings

Interface Settings

Displays neighboring DVMRP routers 3-331

Displays DVMRP routing information 3-333

Enables or disables PIM-DM globally for the switch 3-335

Enables or disables PIM-DM per interface,

3-336
configures protocol settings for hello, prune and graft
messages

Interface Information

Neighbor Information

Displays summary information for each interface 3-339

Displays neighboring PIM-DM routers 3-340

DHCP 3-214

Relay Configuration

Specifies DHCP relay servers; enables or disables

3-214
relay service

Server

General

Configures DHCP server parameters 3-214

Enables DHCP server; configures excluded address

3-216
range

Pool Configuration

Configures address pools for network groups or a

3-217
specific host

IP Binding

Displays addresses currently bound to DHCP clients 3-223

3-13

C

ONFIGURING THE SWITCH

Basic Configuration

Displaying System Information

You can easily identify the system by displaying the device name, location
and contact information.

Field Attributes

• System Name – Name assigned to the switch system.

• Object ID – MIB II object ID for switch’s network management
subsystem.

• Location – Specifies the system location.

• Contact – Administrator responsible for the system.

• System Up Time – Length of time the management agent has been
up.

These additional parameters are displayed for the CLI.

• MAC Address – The physical layer address for this switch.

• Web server – Shows if management access via HTTP is enabled.

• Web server port – Shows the TCP port number used by the web
interface.

• Web secure server – Shows if management access via HTTPS is
enabled.

• Web secure server port – Shows the TCP port used by the HTTPS
interface.

• POST result – Shows results of the power-on self-test

Web – Click System, System Information. Specify the system name,
location, and contact information for the system administrator, then click
Apply. (This page also
Command Line Interface via Telnet.)

includes a Telnet button that allows access to the

3-14

B

ASIC CONFIGURATION

3-15

C

ONFIGURING THE SWITCH

CLI – Specify the hostname, location and contact information.

Console(config)#hostname R&D 53-34
Console(config)#snmp-server location WC 93-149
Console(config)#snmp-server contact Ted3-148
Console(config)#exit
Console#show system3-82
System description: SMC Networks SMC8612XL3
System OID string: 1.3.6.1.4.1.202.20.33
System information
System Up time: 0 days, 14 hours, 38 minutes, and 0.42 seconds
System Name : [NONE]
System Location : [NONE]
System Contact : [NONE]
MAC address : 00-30-F1-8F-D5-50
Web server : enable
Web server port : 80
Web secure server : enable
Web secure server port : 443
POST result

DUMMY Test 1.................PASS

UART LOOP BACK Test..........PASS

DRAM Test....................PASS

Timer Test...................PASS

PCI Device 1 Test............PASS

I2C bus Initialization.......PASS

RTC Initialization...........PASS

Switch Int Loopback test.....PASS

Done All Pass.
Console#

Displaying Switch Hardware/Software Versions

Use the Switch Information page to display hardware/firmware version
numbers for the main board and management software, as well as the
power status of the system.

Field Attributes

Main Board

• Serial Number – The serial number of the switch.

• Number of Ports – Number of built-in ports.

• Hardware Version – Hardware version of the main board.

• Internal Power Status – Displays the status of the internal power

3-16

B

ASIC CONFIGURATION

supply.

• Redundant Power Status* – Displays the status of the redundant
power supply.

* CLI only.

Management Software

• Loader Version – Version number of loader code.

• Boot-ROM Version – Version of Power-On Self-Test (POST) and
boot code.

• Operation Code Version – Version number of runtime code.

• Role – Shows that this switch is operating as Master (i.e., operating
stand-alone).

Expansion Slots

• Expansion Slot – Indicates any installed module type.

Web – Click System, Switch Information.

3-17

C

ONFIGURING THE SWITCH

CLI – Use the following command to display version information.

Console#show version
Unit1
Serial number : A322043872
Hardware version : R01
Number of ports :12
Main power status :up
Redundant power status :down
Agent (master)
Unit ID : 1
Loader version : 2.0.2.3
Boot ROM version : 2.0.2.1
Operation code version : 2.2.3.2
Console#

Displaying Bridge Extension Capabilities

The Bridge MIB includes extensions for managed devices that support
Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these
extensions to display default settings for the key variables.

Field Attributes

• Extended Multicast Filtering Services – This switch does not
support the filtering of individual multicast addresses based on GMRP
(GARP Multicast Registration Protocol).

• Traffic Classes – This switch provides mapping of user priorities to
multiple traffic classes. (Refer to “Class of Service Configuration” on
page 3-172.)

• Static Entry Individual Port – This switch allows static filtering for
unicast and multicast addresses. (Refer to “Setting Static Addresses”
on page 3-122.)

• VLAN Learning – This switch uses Independent VLAN Learning
(IVL), where each port maintains its own filtering database.

• Configurable PVID Tagging – This switch allows you to override
the default Port VLAN ID (PVID used in frame tags) and egress status
(VLAN-Tagged or Untagged) on each port. (Refer to “VLAN
Configuration” on page 3-150.)

3-18

B

ASIC CONFIGURATION

• Local VLAN Capable – This switch supports multiple local bridges;
i.e., multiple spanning trees. (Refer to “Configuring Multiple Spanning
Trees” on page 3-101.)

• GMRP – GARP Multicast Registration Protocol (GMRP) allows
network devices to register endstations with multicast groups. This
switch does not support GMRP; it uses the Internet Group
Management Protocol (IGMP) to provide automatic multicast
filtering.

Web – Click System, Bridge Extension.

CLI – Enter the following command.

Console#show bridge-ext
Max support VLAN numbers: 255
Max support VLAN ID: 4094
Extended multicast filtering services: No
Static entry individual port: Yes
VLAN learning: IVL
Configurable PVID tagging: Yes
Local VLAN capable: No
Traffic classes: Enabled
Global GVRP status: Disabled
GMRP: Disabled
Console#

3-19

C

ONFIGURING THE SWITCH

Setting the Switch’s IP Address

This section describes how to configure an initial IP interface for
management access over the network. The IP address for this switch is
unassigned by default. To manually configure an address, you need to
change the switch’s default settings (IP address 0.0.0.0 and netmask

255.0.0.0) to values that are compatible with your network. You may also
need to a establish a default gateway between the switch and management
stations that exist on another network segment (if routing is not enabled
on this switch).

You can manually configure a specific IP address, or direct the device to
obtain an address from a BOOTP or DHCP server. Valid IP addresses
consist of four decimal numbers, 0 to 255, separated by periods. Anything
outside this format will not be accepted by the CLI program.

Command Usage

• This section describes how to configure a single local interface for
initial access to the switch. To configure multiple IP interfaces on this
switch, you must set up an IP interface for each VLAN (page 3-252).

• To enable routing between the different interfaces on this switch, you
must enable IP routing (page 3-250).

• To enable routing between the interfaces defined on this switch and
external network interfaces, you must configure static routes (page
3-269) or use dynamic routing; i.e., either RIP (page 3-273) or OSPF
(page 3-285).

• The precedence for configuring IP interfaces is the IP / General /
Routing Interface menu (page 3-252), static routes (page 3-269), and
then dynamic routing.

Command Attributes

•VLAN – ID of the configured VLAN (1-4094, no leading zeroes). By
default, all ports on the switch are members of VLAN 1. However, the
management station can be attached to a port belonging to any VLAN,

3-20

B

ASIC CONFIGURATION

as long as that VLAN has been assigned an IP address.

• IP Address Mode – Specifies whether IP functionality is enabled via
manual configuration (Static), Dynamic Host Configuration Protocol
(DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled,
IP will not function until a reply has been received from the server.
Requests will be broadcast periodically by the switch for an IP address.
(DHCP/BOOTP values can include the IP address, subnet mask, and
default gateway.)

• IP Address – Address of the VLAN interface through which the
management station is attached. Valid IP addresses consist of four
numbers, 0 to 255, separated by periods. (Default: 0.0.0.0)

• Subnet Mask – This mask identifies the host address bits used for
routing to specific subnets. (Default: 255.0.0.0)

• Default Gateway – IP address of the gateway router between this
device and management stations that exist on other network segments.
(Default: 0.0.0.0)

• MAC Address – The physical layer address for this switch.

Manual Configuration

Web – Click IP, General, Routing Interface. Select the VLAN through

which the management station is attached, set the IP Address Mode to
“Static,” and specify a “Primary” interface. Enter the IP address, subnet
mask and gateway, then click Apply.

3-21

C

ONFIGURING THE SWITCH

Click IP, Global Setting. If this switch and management stations exist on
other network segments, then specify the default gateway, and click Apply.

CLI – Specify the management interface, IP address and default gateway.

Console#config
Console(config)#interface vlan 1
Console(config-if)#ip address 10.1.28.150 255.255.252.0
Console(config-if)#exit
Console(config)#ip default-gateway 10.1.28.149
Console(config)#

Using DHCP/BOOTP

If your network provides DHCP/BOOTP services, you can configure the
switch to be dynamically configured by these services.

Web – Click IP, General, Routing Interface. Specify the VLAN to which
the management station is attached, set the IP Address Mode to DHCP or

3-22

B

ASIC CONFIGURATION

BOOTP. Click Apply to save your changes. Then click Restart DHCP to
immediately request a new address. Note that the switch will also broadcast
a request for IP configuration settings on each power reset.

Note: If you lose your management connection, use a console

connection and enter “show ip interface” to determine the new
switch address.

CLI – Specify the management interface, and set the IP address mode to
DHCP or BOOTP, and then enter the “ip dhcp restart client” command.

Console#config
Console(config)#interface vlan 13-1
Console(config-if)#ip address dhcp3-116
Console(config-if)#end
Console#ip dhcp restart client3-156
Console#show ip interface3-119
IP address and netmask: 10.1.28.150 255.255.252.0 on VLAN 1,
and address mode: User specified.
Console#

Renewing DCHP – DHCP may lease addresses to clients indefinitely or
for a specific period of time. If the address expires or the switch is moved
to another network segment, you will lose management access to the
switch. In this case, you can reboot the switch or submit a client request to
restart DHCP service via the CLI.

3-23

C

ONFIGURING THE SWITCH

Web – If the address assigned by DHCP is no longer functioning, you will
not be able to renew the IP settings via the web interface. You can only
restart DHCP service via the web interface if the current address is still
available.

CLI – Enter the following command to restart DHCP service.

Console#ip dhcp restart client3-156

Managing Firmware

You can upload/download firmware to or from a TFTP server. By saving
runtime code to a file on a TFTP server, that file can later be downloaded
to the switch to restore operation. You can also set the switch to use new
firmware without overwriting the previous version.

Command Attributes

• TFTP Server IP Address – The IP address of a TFTP server.

• File Name –
leading letter of the file name should not be a period (.), and the
maximum length for file names on the TFTP server is 127 characters
or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9,
“.”, “-”, “_”)

Note: Up to two copies of the system software (i.e., the runtime

firmware) can be stored in the file directory on the switch. The
currently designated startup version of this file cannot be deleted.

The file name should not contain slashes (\ or /),

Downloading System Software from a Server

When downloading runtime code, you can specify the destination file
name to replace the current image, or first download the file using a
different name from the current runtime code file, and then set the new
file as the startup file.

Web – Click System, Firmware. Enter the IP address of the TFTP server,
enter the file name of the software to download, select a file on the switch

3-24

the

B

ASIC CONFIGURATION

to overwrite or specify a new file name, then click Transfer from Server. To
start the new firmware, reboot the system via the System/Reset menu.

If you download to a new destination file, then select the file from the
drop-down box for the operation code used at startup, and click Apply
Changes. To start the new firmware, reboot the system via the System/
Reset menu.

3-25

C

ONFIGURING THE SWITCH

CLI – Enter the IP address of the TFTP server, select “config” or
“opcode” file type, then enter the source and destination file names, set the
new file to start up the system, and then restart the switch.

Console#copy tftp file3-85
TFTP server ip address: 10.1.0.19
Choose file type:

1. config: 2. opcode: <1-2>: 2
Source file name: M100000.bix
Destination file name: V1.0
\Write to FLASH Programming.

-Write to FLASH finish.
Success.
Console#config
Console(config)#boot system opcode:V1.03-91
Console(config)#exit
Console#reload3-30

Saving or Restoring Configuration Settings

You can upload/download configuration settings to/from a TFTP server.
The configuration file can be later downloaded to restore the switch’s
settings.

Command Attributes

• TFTP Server IP Address – The IP address of a TFTP server.

•

File Name

(\ or /),

— The configuration file name should not contain slashes

the leading letter of the file name should not be a period (.),
and the maximum length for file names on the TFTP server is 127
characters or 31 characters for files on the switch. (Valid characters:
A-Z, a-z, 0-9, “.”, “-”, “_”)

Note: The maximum number of user-defined configuration files is

limited only by available flash memory space.

Downloading Configuration Settings from a Server

You can download the configuration file under a new file name and then
set it as the startup file, or you can specify the current startup
configuration file as the destination file to directly replace it. Note that the

3-26

B

ASIC CONFIGURATION

file “Factory_Default_Config.cfg” can be copied to the TFTP server, but
cannot be used as the destination on the switch.

Web – Click System, Configuration. Enter the IP address of the TFTP
server, enter the name of the file to download, select a file on the switch to
overwrite or specify a new file name, and then click Transfer from Server.

If you download to a new file name, then select the new file from the
drop-down box for Startup Configuration File, and press Apply Changes.
To use the new settings, reboot the system via the System/Reset menu.

CLI – Enter the IP address of the TFTP server, specify the source file on
the server, set the startup file name on the switch, and then restart the
switch.

Console#copy tftp startup-config3-85
TFTP server ip address: 192.168.1.19
Source configuration file name: config-1
Startup configuration file name [] : startup
\Write to FLASH Programming.

-Write to FLASH finish.
Success.

Console#reload

3-27

C

ONFIGURING THE SWITCH

If you download the startup configuration file under a new file name, you
can set this file as the startup file at a later time, and then restart the switch.

Console#config
Console(config)#boot system config: startup-new3-91
Console(config)#exit
Console#reload3-30

Configuring Event Logging

The switch allows you to control the logging of error messages, including
the type of events that are recorded in switch memory, logging to a remote
System Log (syslog) server, and displays a list of recent event messages.

System Log Configuration

The system allows you to enable or disable event logging, and specify
which levels are logged to RAM or flash memory.

Severe error messages that are logged to flash memory are permanently
stored in the switch to assist in troubleshooting network problems. Up to
4096 log entries can be stored in the flash memory, with the oldest entries
being overwritten first when the available log memory (256 kilobytes) has
been exceeded.

The System Logs page allows you to configure and limit system messages
that are logged to flash or RAM memory. The default is for event levels 0
to 3 to be logged to flash and levels 0 to 7 to be logged to RAM.

Command Attributes

• System Log Status – Enables/disables the logging of debug or error
messages to the logging process.

• Flash Level – Limits log messages saved to the switch’s permanent
flash memory for all levels up to the specified level. For example, if
level 3 is specified, all messages from level 0 to level 3 will be logged to

3-28

B

ASIC CONFIGURATION

flash. (Range: 0-7, Default: 3)

Level Argument Level Description

debugging 7 Debugging messages

informational 6 Informational messages only

notifications 5 Normal but significant condition, such as cold

start

warnings 4 Warning conditions (e.g., return false,

unexpected return)

errors 3 Error conditions (e.g., invalid input, default

used)

critical 2 Critical conditions (e.g., memory allocation, or

free memory error - resource exhausted)

alerts 1 Immediate action needed

emergencies 0 System unusable

* There are only Level 2, 5 and 6 error messages for the current firmware release.

• RAM Level – Limits log messages saved to the switch’s temporary
RAM memory for all levels up to the specified level. For example, if
level 7 is specified, all messages from level 0 to level 7 will be logged to
RAM. (Range: 0-7, Default: 7)

Note:The Flash Level must be equal to or less than the RAM Level.

Web – Click System, Logs, System Logs. Specify System Log Status, set

level of event messages to be logged, and click Apply.

the

3-29

C

ONFIGURING THE SWITCH

CLI – Specify the hostname, location and contact information.

Console(config)#logging on3-58
Console(config)#logging history ram 03-59
Console(config)#
Console#show logging flash3-63
Syslog logging: Disable
History logging in FLASH: level errors
Console#

Remote Log Configuration

The Remote Logs page allows you to configure the logging of messages
that are sent to syslog servers or other management stations. You can also
limit the event messages sent to only those messages at or above a
specified level.

Command Attributes

• Remote Log Status – Enables/disables the logging of debug or error
messages to the remote logging process. (Default: enabled)

• Logging Facility – Sets the facility type for remote logging of syslog
messages. There are eight facility types specified by values of 16 to 23.
The facility type is used by the syslog server to dispatch log messages
to an appropriate service.

The attribute specifies the facility type tag sent in syslog messages. (See
RFC 3164.) This type has no effect on the kind of messages reported
by the switch. However, it may be used by the syslog server to process
messages, such as sorting or storing messages in the corresponding
database. (Range: 16-23, Default: 23)

• Logging Trap – Limits log messages that are sent to the remote syslog
server for all levels up to the specified level. For example, if level 3 is
specified, all messages from level 0 to level 3 will be sent to the remote
server. (Range: 0-7, Default: 3)

• Host IP List – Displays the list of remote server IP addresses that will
receive syslog messages. The maximum number of host IP addresses
allowed is five.

3-30

B

ASIC CONFIGURATION

• Host IP Address – Specifies a new server IP address to add to the
Host IP List.

Web – Click System, Remote Logs. To add an IP address to the Host IP
List, type the new IP address in the Host IP Address box, and then click
Add IP Host. To delete an IP address, click the entry in the Host IP List,
and then click Remove Host IP.

CLI – Enter the syslog server host IP address, choose the facility type and

3-31

C

ONFIGURING THE SWITCH

set the logging trap.

Console(config)#logging host 10.1.0.93-60
Console(config)#logging facility 233-61
Console(config)#logging trap 43-62
Console(config)#
Console#show logging trap3-63
Syslog logging: Enable
REMOTELOG status: enable
REMOTELOG facility type: local use 7
REMOTELOG level type: Warning conditions
REMOTELOG server ip address: 10.1.0.9
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
Console#

Displaying Log Messages

Use the Logs page to scroll through the logged system and event messages.
The switch can store up to 2048 log entries in temporary random access
memory (RAM; i.e., memory flushed on power reset) and up to 4096
entries in permanent flash memory.

Web – Click System, Log, Logs.

CLI – This example shows that system logging is enabled, the message

level for flash memory is “errors” (i.e., default level 3 - 0), the message
level for RAM is “debugging” (i.e., default level 7 - 0), and lists one sample

3-32

B

ASIC CONFIGURATION

error .

Console#show logging flash3-63
Syslog logging: Enable
History logging in FLASH: level errors
[0] 0:0:5 1/1/1 "PRI_MGR_InitDefault function fails."
level: 3, module: 13, function: 0, and event no.: 0
Console#show logging ram3-63
Syslog logging: Enable
History logging in RAM: level debugging
[0] 0:0:5 1/1/1 PRI_MGR_InitDefault function fails."
level: 3, module: 13, function: 0, and event no.: 0
Console#

Resetting the System

Web – Click System, Reset. Click the Reset button to restart the switch.

CLI – Use the reload command to restart the switch.

Console#reload3-30
System will be restarted, continue <y/n>?

Note:When restarting the system, it will always run the Power-On
Self-Test.

Setting the System Clock

Simple Network Time Protocol (SNTP) allows the switch to set its internal
clock based on periodic updates from a time server (SNTP or NTP).
Maintaining an accurate time on the switch enables the system log to
record meaningful dates and times for event entries. You can also manually
set the clock using the CLI. (See “calendar set” on page 3-76.) If the clock
is not set, the switch will only record the time from the factory default set
at the last bootup.

This switch acts as an SNTP client in two modes:

Unicast – The switch periodically sends a request for a time update to a
configured time server. You can configure up to three time server IP

3-33

C

ONFIGURING THE SWITCH

addresses. The switch will attempt to poll each server in the configured
sequence.

Broadcast – The switch sets its clock from a time server in the same subnet
that broadcasts time updates. If there is more than one SNTP server, the
switch accepts the first broadcast it detects and ignores broadcasts from
other servers.

Configuring SNTP

You can configure the switch to send time synchronization requests to
specific time servers (i.e., client mode), update its clock based on
broadcasts from time servers, or use both methods. When both methods
are enabled, the switch will update its clock using information broadcast
from time servers, but will query the specified server(s) if a broadcast is
not received within the polling interval.

Command Attributes

• SNTP Client – Configures the switch to operate as an SNTP unicast
client. This mode requires at least one time server to be specified in the
SNTP Server field.

• SNTP Broadcast Client – Configures the switch to operate as an
SNTP broadcast client. This mode requires no other configuration
settings; the switch will obtain time updates from time server
broadcasts (using the multicast address 224.0.1.1).

• SNTP Poll Interval – Sets the interval between sending requests for
a time update from a time server when set to SNTP Client mode.
(Range: 16-16284 seconds; Default: 16 seconds)

• SNTP Server – In unicast mode, sets the IP address for up to three
time servers. The switch attempts to update the time from the first
server, if this fails it attempts an update from the next server in the
sequence.

3-34

B

ASIC CONFIGURATION

Web – Select SNTP, Configuration. Modify any of the required
parameters, and click Apply.

CLI – This example configures the switch to operate as an SNTP
broadcast client.

Console(config)#sntp client3-71
Console(config)#sntp poll 163-73
Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.23-72
Console(config)#sntp broadcast client3-74
Console(config)#

Setting the Time Zone

SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich
Mean Time, or GMT) based on the time at the Earth’s prime meridian,
zero degrees longitude. To display a time corresponding to your local time,
you must indicate the number of hours and minutes your time zone is east
(before) or west (after) of UTC.

Command Attributes

•Current Time – Displays the current time.

• Name – Assigns a name to the time zone.

• Hours (0-12) – The number of hours before/after UTC.

• Minutes (0-59) – The number of minutes before/after UTC.

• Direction – Configures the time zone to be before (east) or after
(west) UTC.

3-35

C

ONFIGURING THE SWITCH

Web – Select SNTP, Clock Time Zone. Set the offset for your time zone
relative to the UTC, and click Apply.

CLI - This example shows how to set the time zone for the system clock.

Console(config)#clock timezone Dhaka hours 6 minute 0 after-UTC3-75
Console#

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is a communication
protocol designed specifically for managing devices on a network.
Equipment commonly managed with SNMP includes switches, routers
and host computers. SNMP is typically used to configure these devices for
proper operation in a network environment, as well as to monitor them to
evaluate performance or detect potential problems.

The switch includes an onboard SNMP agent that continuously monitors
the status of its hardware, as well as the traffic passing through its ports. A
network management station can access this information using software
such as HP OpenView. Access rights to the onboard agent are controlled
by community strings. To communicate with the switch, the management
station must first submit a valid community string for authentication. The
options for configuring community strings, trap functions, and restricting
access to clients with specified IP addresses are described in the following
sections.

3-36

S

IMPLE NETWORK MANAGEMENT PROTOCOL

Setting Community Access Strings

You may configure up to five community strings authorized for
management access. All community strings used for IP Trap Managers
should be listed in this table. For security reasons, you should consider
removing the default strings.

Command Attributes

• SNMP Community Capability – Indicates that the switch supports
up to five community strings.

• Community String – A community string that acts like a password
and permits access to the SNMP protocol.

Default strings: “public” (read-only access), “private” (read/write access)
Range: 1-32 characters, case sensitive

• Access Mode

- Read-Only – Specifies read-only access. Authorized management

stations are only able to retrieve MIB objects.

- Read/Write – Specifies read-write access. Authorized

management stations are able to both retrieve and modify MIB
objects.

Web – Click SNMP, Configuration. Add new community strings as
required, select the access rights from the Access Mode drop-down list,
then click Add.

3-37

C

ONFIGURING THE SWITCH

CLI – The following example adds the string “spiderman” with read/write
access.

Console(config)#snmp-server community spiderman rw3-147
Console(config)#

3-38

S

IMPLE NETWORK MANAGEMENT PROTOCOL

Specifying Trap Managers and Trap Types

Traps indicating status changes are issued by the switch to specified trap
managers. You must specify trap managers so that key events are reported
by this switch to your management station (using network management
platforms such as HP OpenView). You can specify up to five management
stations that will receive authentication failure messages and other trap
messages from the switch.

Command Attributes

• Trap Manager Capability – This switch supports up to five trap
managers.

• Trap Manager IP Address – Internet address of the host (the
targeted recipient).

• Trap Manager Community String – Community string sent with the
notification operation. (Range: 1-32 characters, case sensitive)

• Trap Version – Specifies whether to send notifications as SNMP v1
or v2c traps.

• Enable Authentication Traps – Issues a trap message whenever an
invalid community string is submitted during the SNMP access
authentication process.

• Enable Link-up and Link-down Traps – Issues a trap message
whenever a port link is established or broken. (Default: Enabled)

Web – Click SNMP, Configuration. Fill in the IP address and community
string for each trap manager that will receive these messages, specify the
SNMP version, mark the trap types required, and then click Add.

3-39

C

ONFIGURING THE SWITCH

CLI – This example adds a trap manager and enables both authentication
and link-up, link-down traps.

Console(config)#snmp-server host 10.1.28.150 private version 2c3-150
Console(config)#snmp-server enable traps3-151

3-40

S

IMPLE NETWORK MANAGEMENT PROTOCOL

Filtering Addresses for SNMP Client Access

The switch allows you to create a list of up to 16 IP addresses or IP
address groups that are allowed access to the switch via SNMP
management software (also see page 3-69).

Command Usage

• To specify the clients allowed SNMP access, enter an IP address along
with a subnet mask to identify a specific host or a range of valid
addresses. For example:

- IP address 192.168.1.1 and mask 255.255.255.255 –

Specifies a valid IP address of 192.168.1.1 for a single client.

- IP address 192.168.1.1 and mask 255.255.255.0 –

Specifies a valid IP address group from 192.168.1.0 to

192.168.1.254.

• IP filtering only restricts management access for clients running SNMP
management software such as HP OpenView. It does not affect
management access to the switch using the web interface or Telnet.

• The default setting is null, which allows all IP groups SNMP access to
the switch. If one or more IP addresses are configured, IP filtering is
enabled and only addresses listed in this table will have SNMP access.

Command Attributes

• IP Filter List – Displays a list of the IP address/subnet mask entries
currently configured for SNMP access.

• IP address – Specifies a new IP address to add to the IP Filter List.

• Subnet Mask – Specifies a single IP address or group of addresses. If
the IP is the address of a single management station, set the mask to

255.255.255.255. Otherwise, an IP address group will be specified by
any other mask.

3-41

C

ONFIGURING THE SWITCH

Web – Click SNMP, IP Filtering. To add a client, enter the new address, the
subnet mask for a node or an address range, and then click “Add IP
Filtering Entry.”

CLI – This example allows SNMP access for a specific client.

Console(config)#snmp ip filter 10.1.2.3 255.255.255.2553-152
Console(config)#

User Authentication

You can restrict management access to this switch using the following
options:

• Passwords – Manually configure access rights on the switch for
specified users.

• Authentication Settings – Use remote authentication to configure
access rights.

• HTTPS Settings – Provide a secure web connection.

• SSH Settings – Provide a secure shell (for secure Telnet access).

• Port Security – Configure secure addresses for individual ports.

3-42

U

SER AUTHENTICATION

• 802.1x – Use IEEE 802.1x port authentication to control access to
specific ports.

Configuring the Logon Password

The guest only has read access for most configuration parameters.
However, the administrator has write access for all parameters governing
the onboard agent. You should therefore assign a new administrator
password as soon as possible, and store it in a safe place.

The default guest name is “guest” with the password “guest.” The default
administrator name is “admin” with the password “admin.” Note that user
names can only be assigned via the CLI.

Command Attributes

• User Name* – The name of the user.

(Maximum length: 8 characters)

• Access Level* – Specifies the user level.

(Options: Normal and Privileged)

• Password – Specifies the user password.

(Range: 0-8 characters plain text, case sensitive)

* CLI only.

Web – Click Security, Passwords. To change the password for the current
user, enter the old password, the new password, confirm it by entering it
again, then click Apply.

3-43

C

ONFIGURING THE SWITCH

CLI – Assign a user name to access-level 15 (i.e., administrator), then
specify the password.

Console(config)#username bob access-level 153-35
Console(config)#username bob password 0 smith
Console(config)#

Configuring Local/Remote Logon Authentication

Use the Authentication Settings menu to restrict management access based
on specified user names and passwords. You can manually configure access
rights on the switch, or you can use a remote access authentication server
based on RADIUS or TACACS+ protocols.

Remote Authentication
Dial-in User Service

Web
Telnet

RADIUS/
TACACS+
server

1. Client attempts management access.

2. Switch contacts authentication server.

3. Authentication server challenges client.

4. Client responds with proper password or key.

5. Authentication server approves access.

6. Switch grants management access.

console

control access to RADIUS-aware or TACACS- aware devices on the
network. An authentication server contains a database of multiple user
name/password pairs with associated privilege levels for each user that
requires management access to the switch.

(RADIUS) and Terminal
Access Controller Access
Control System Plus
(TACACS+) are logon
authentication protocols
that use software running
on a central server to

RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best
effort delivery, while TCP offers a connection-oriented transport. Also,
note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while TACACS+ encrypts the entire
body of the packet.

Command Usage

• By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication

3-44

U

SER AUTHENTICATION

sequence and the corresponding parameters for the remote
authentication protocol. Local and remote logon authentication
control management access via the console port, web browser, or
Telnet.

• RADIUS and TACACS+ logon authentication assign a specific
privilege level for each user name/password pair. The user name,
password, and privilege level must be configured on the authentication
server.

• You can specify up to three authentication methods for any user to
indicate the authentication sequence. For example, if you select (1)
RADIUS, (2) TACACS and (3) Local, the user name and password on
the RADIUS server is verified first. If the RADIUS server is not
available, then authentication is attempted using the TACACS+ server,
and finally the local user name and password is checked.

Command Attributes

• Authentication – Select the authentication, or authentication
sequence required:

- Local – User authentication is performed only locally by the switch.

- Radius – User authentication is performed using a RADIUS server
only.

- TACACS – User authentication is performed using a TACACS+
server only.

- [authentication sequence] – User authentication is performed by up
to three authentication methods in the indicated sequence.

• RADIUS Settings

- Server IP Address – Address of authentication server. (Default:

10.1.0.1)

- Server Port Number – Network (UDP) port of authentication
server used for authentication messages. (Range: 1-65535;
Default: 1812)

3-45

C

ONFIGURING THE SWITCH

- Secret Text String – Encryption key used to authenticate logon
access for client. Do not use blank spaces in the string. (Maximum
length: 20 characters)

- Number of Server Transmits – Number of times the switch
tries to authenticate logon access via the authentication server.
(Range: 1-30; Default: 2)

- Timeout for a reply – The number of seconds the switch waits
for a reply from the RADIUS server before it resends the request.
(Range: 1-65535; Default: 5)

• TACACS Settings

- Server IP Address – Address of the TACACS+ server. (Default:

10.11.12.13)

- Server Port Number – Network (TCP) port of TACACS+
server used for authentication messages. (Range: 1-65535;
Default: 49)

- Secret Text String – Encryption key used to authenticate logon
access for client. Do not use blank spaces in the string. (Maximum
length: 20 characters)

Note: The local switch user database has to be set up by manually

entering user names and passwords using the CLI. (See
“username” on page 3-35.)

Web – Click Security, Authentication Settings. To configure local or
remote authentication preferences, specify the authentication sequence
(i.e., one to three methods), fill in the parameters for RADIUS or
TACACS+ authentication if selected, and click Apply.

3-46