How it Works
SMC Networks
Loading...
SMC8624-48T
User Manual
556 pgs6.83 Mb0
Table of contents
Loading...

SMC Networks SMC8624-48T User Manual

TigerSwitch 10/100/1000
Gigabit Ethernet Switch
24/48 auto-MDI/MDI-X 10/100/1000BASE-T ports
4 ports shared with 4 SFP transceiver slots
Non-blocking switching architecture
Support for a redundant power unit
Spanning Tree Protocol, Rapid STP, and Multiple STP
Up to six LACP or static 8-port trunks
Layer 3/4 traffic priority with IP Precedence and IP DSCP
Full support for VLANs with GVRP
IGMP multicast filtering and snooping
Support for jumbo frames up to 9 KB
Manageable via console, Web, and SNMP/RMON
Management Guide
SMC8624/48T
TigerSwitch 10/100/1000 Management Guide
From SMC’s Tiger line of feature-rich workgroup LAN solutions
38 Tesla Irvine, CA 92618 Phone: (949) 679-8000
April 2004
Pub. # 150200041000A
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or oth­erwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.
Copyright © 2004 by
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
All rights reserved.
Trademarks:
SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
L
IMITED
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.
The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.
All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.
Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.
W
ARRANTY
i
L
IMITED WARRANTY
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
ii
C
ONTENTS
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Description of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Dynamic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Enabling SNMP Management Access . . . . . . . . . . . . . . . . . . . . . 2-9
Community Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Trap Receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Saving Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Displaying Switch Hardware/Software Versions . . . . . . . . . . . 3-14
Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . 3-16
iii
C
ONTENTS
Setting the Switch’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . 3-17
Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19
Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Downloading System Software from a Server . . . . . . . . . . 3-22
Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . 3-24
Downloading Configuration Settings from a Server . . . . . 3-25
Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27
Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27
Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29
Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-30
Setting Community Access Strings . . . . . . . . . . . . . . . . . . . . . . 3-30
Specifying Trap Managers and Trap Types . . . . . . . . . . . . . . . . 3-31
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33
Configuring the Logon Password . . . . . . . . . . . . . . . . . . . . . . . 3-33
Configuring Local/Remote Logon Authentication . . . . . . . . . 3-34
Configuring HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
Replacing the Default Secure-site Certificate . . . . . . . . . . 3-40
Configuring the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41
Generating the Host Key Pair . . . . . . . . . . . . . . . . . . . . . . 3-43
Configuring the SSH Server . . . . . . . . . . . . . . . . . . . . . . . . 3-46
Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48
Configuring 802.1x Port Authentication . . . . . . . . . . . . . . . . . . 3-51
Displaying 802.1x Global Settings . . . . . . . . . . . . . . . . . . . 3-52
Configuring 802.1x Global Settings . . . . . . . . . . . . . . . . . . 3-55
Configuring Port Authorization Mode . . . . . . . . . . . . . . . 3-56
Displaying 802.1x Statistics . . . . . . . . . . . . . . . . . . . . . . . . 3-58
Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60
Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . 3-60
Setting the ACL Name and Type . . . . . . . . . . . . . . . . . . . . 3-61
Configuring a Standard IP ACL . . . . . . . . . . . . . . . . . . . . . 3-63
Configuring an Extended IP ACL . . . . . . . . . . . . . . . . . . . 3-64
Configuring a MAC ACL . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67
Configuring ACL Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70
Specifying the Mask Type . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70
Configuring an IP ACL Mask . . . . . . . . . . . . . . . . . . . . . . . 3-71
Configuring a MAC ACL Mask . . . . . . . . . . . . . . . . . . . . . 3-74
Binding a Port to an Access Control List . . . . . . . . . . . . . . . . . 3-76
iv
C
ONTENTS
Filtering Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78
Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80
Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80
Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . . 3-84
Creating Trunk Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86
Statically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . . 3-88
Enabling LACP on Selected Ports . . . . . . . . . . . . . . . . . . . 3-89
Configuring LACP Parameters . . . . . . . . . . . . . . . . . . . . . . 3-91
Displaying LACP Port Counters . . . . . . . . . . . . . . . . . . . . 3-94
Displaying LACP Settings and Status for the Local Side . 3-96 Displaying LACP Settings and Status for the Remote Side . . .
3-99
Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . . . . . . . 3-101
Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-103
Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-104
Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106
Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112
Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112
Displaying the Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114
Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115
Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . . . . . . . 3-116
Displaying Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117
Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-121
Displaying Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126
Configuring Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . 3-130
Configuring Multiple Spanning Trees . . . . . . . . . . . . . . . . . . . 3-133
Displaying Interface Settings for MSTP . . . . . . . . . . . . . . . . . 3-137
Configuring Interface Settings for MSTP . . . . . . . . . . . . . . . . 3-139
VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141
Assigning Ports to VLANs . . . . . . . . . . . . . . . . . . . . . . . . 3-142
Forwarding Tagged/Untagged Frames . . . . . . . . . . . . . . 3-145
Enabling or Disabling GVRP (Global Setting) . . . . . . . . . . . 3-146
Displaying Basic VLAN Information . . . . . . . . . . . . . . . . . . . 3-146
Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147
Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149
Adding Static Members to VLANs (VLAN Index) . . . . . . . . 3-151
v
C
ONTENTS
Adding Static Members to VLANs (Port Index) . . . . . . . . . . 3-153
Configuring VLAN Behavior for Interfaces . . . . . . . . . . . . . . 3-154
Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158
Enabling Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 3-158
Configuring Uplink and Downlink Ports . . . . . . . . . . . . 3-159
Configuring Protocol-Based VLANs . . . . . . . . . . . . . . . . . . . 3-159
Configuring Protocol Groups . . . . . . . . . . . . . . . . . . . . . 3-160
Mapping Protocols to VLANs . . . . . . . . . . . . . . . . . . . . . 3-161
Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-163
Setting the Default Priority for Interfaces . . . . . . . . . . . . . . . . 3-163
Mapping CoS Values to Egress Queues . . . . . . . . . . . . . . . . . 3-165
Selecting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167
Setting the Service Weight for Traffic Classes . . . . . . . . . . . . 3-168
Mapping Layer 3/4 Priorities to CoS Values . . . . . . . . . . . . . 3-169
Selecting IP Precedence/DSCP Priority . . . . . . . . . . . . . . . . . 3-170
Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171
Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173
Mapping IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175
Mapping CoS Values to ACLs . . . . . . . . . . . . . . . . . . . . . . . . . 3-177
Changing Priorities Based on ACL Rules . . . . . . . . . . . . . . . . 3-178
Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181
Layer 2 IGMP (Snooping and Query) . . . . . . . . . . . . . . . . . . . 3-182
Configuring IGMP Snooping and Query Parameters . . . 3-182 Displaying Interfaces Attached to a Multicast Router . . 3-185
Specifying Static Interfaces for a Multicast Router . . . . . 3-186
Displaying Port Members of Multicast Services . . . . . . . 3-187
Assigning Ports to Multicast Services . . . . . . . . . . . . . . . 3-188
Configuring Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . 3-190
Configuring General DNS Server Parameters . . . . . . . . . . . . 3-190
Configuring Static DNS Host to Address Entries . . . . . . . . . 3-193
Displaying the DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195
4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 4-1
Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
vi
C
ONTENTS
Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Negating the Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-7
Using Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Understanding Command Modes . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Command Line Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
vii
C
ONTENTS
System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32
Device Designation Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-33
prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33
hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35
enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
show management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44
Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48
ip ssh timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49
ip ssh authentication-retries . . . . . . . . . . . . . . . . . . . . . . . . 4-50
ip ssh server-key size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51
delete public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51
ip ssh crypto host-key generate . . . . . . . . . . . . . . . . . . . . . 4-52
ip ssh crypto zeroize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
ip ssh save host-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
show ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55
show public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58
logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58
logging history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59
logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61
logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62
clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62
show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63
viii
C
ONTENTS
SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65
logging sendmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66
logging sendmail level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67
logging sendmail source-email . . . . . . . . . . . . . . . . . . . . . . 4-67
logging sendmail destination-email . . . . . . . . . . . . . . . . . . 4-68
logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69
show logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69
Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71
sntp poll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
sntp broadcast client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74
show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74
clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75
calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76
show calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76
System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77
show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77
show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-80
show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82
show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83
show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83
Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84
jumbo frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84
Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-85
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-86
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89
dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90
whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91
boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92
Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
Authentication Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94
RADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95
radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95
radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96
radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97
ix
C
ONTENTS
radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97
radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98
show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98
TACACS+ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99
tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99
tacacs-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100
tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101
show tacacs-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101
Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
802.1x Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104
authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . 4-105
dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106
dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106
dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107
dot1x operation-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108
dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108
dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109
dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . 4-109
dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . . . . 4-110
dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110
show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111
Access Control List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114
IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116
access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-118
permit, deny (Standard ACL) . . . . . . . . . . . . . . . . . . . . . 4-119
permit, deny (Extended ACL) . . . . . . . . . . . . . . . . . . . . . 4-120
show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123
access-list ip mask-precedence . . . . . . . . . . . . . . . . . . . . . 4-123
mask (IP ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125
show access-list ip mask-precedence . . . . . . . . . . . . . . . . 4-128
ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129
show ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130
map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130
show map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-132
match access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-133
show marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-134
x
C
ONTENTS
MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135
access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136
permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 4-137
show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-139
access-list mac mask-precedence . . . . . . . . . . . . . . . . . . . 4-139
mask (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-140
show access-list mac mask-precedence . . . . . . . . . . . . . . 4-143
mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-144
show mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-145
map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-145
show map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . 4-146
match access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147
ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-148
show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-148
show access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149
SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149
snmp community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150
snmp contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151
snmp location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151
snmp host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-152
snmp enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-154
show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-155
DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-157
ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-158
clear host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159
ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159
ip domain-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-160
ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-162
ip domain-lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163
show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-164
show dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-165
show dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-165
clear dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-166
xi
C
ONTENTS
Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-168
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-168
speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-169
negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170
capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-172
flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173
combo-forced-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-174
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175
switchport broadcast packet-rate . . . . . . . . . . . . . . . . . . . . . . . 4-176
clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-177
show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-178
show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-179
show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-181
Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-183
port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-183
show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-184
Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-185
rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-186
Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-187
channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-189
lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-190
lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-192
lacp admin-key (Ethernet Interface) . . . . . . . . . . . . . . . . . . . . 4-193
lacp admin-key (Port Channel) . . . . . . . . . . . . . . . . . . . . . . . . . 4-194
lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-195
show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-196
Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-200
mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-201
clear mac-address-table dynamic . . . . . . . . . . . . . . . . . . . . . . . 4-202
show mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202
mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . 4-203
show mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . 4-204
xii
C
ONTENTS
Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-205
spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-206
spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-207
spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-209
spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-210
spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-210
spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-211
spanning-tree pathcost method . . . . . . . . . . . . . . . . . . . . . . . . 4-212
spanning-tree transmission-limit . . . . . . . . . . . . . . . . . . . . . . . 4-213
spanning-tree mst-configuration . . . . . . . . . . . . . . . . . . . . . . . 4-213
mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-214
mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-215
name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-216
revision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-217
max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-218
spanning-tree spanning-disabled . . . . . . . . . . . . . . . . . . . . . . . 4-219
spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-219
spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-220
spanning-tree edge-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221
spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222
spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-223
spanning-tree mst cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-224
spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . . . 4-226
spanning-tree protocol-migration . . . . . . . . . . . . . . . . . . . . . . 4-227
show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-228
show spanning-tree mst configuration . . . . . . . . . . . . . . . . . . . 4-230
VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-231
Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-231
vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-232
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233
Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 4-234
interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-235
switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-236
switchport acceptable-frame-types . . . . . . . . . . . . . . . . . 4-237
switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . 4-238
switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-239
switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . 4-240
switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . . 4-241
xiii
C
ONTENTS
Displaying VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . 4-242
show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-242
Configuring Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . 4-243
protocol-vlan protocol-group (Configuring Groups) . . . 4-244 protocol-vlan protocol-group (Configuring Interfaces) . 4-245
show protocol-vlan protocol-group . . . . . . . . . . . . . . . . . 4-246
show interfaces protocol-vlan protocol-group . . . . . . . . 4-247
Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 4-248
pvlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-248
show pvlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-249
GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . . . . . . 4-250
bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-250
show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-251
switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-252
show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 4-252
garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-253
show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-254
Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-255
Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-256
switchport priority default . . . . . . . . . . . . . . . . . . . . . . . . 4-256
queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-258
queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-259
queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-260
show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-261
show queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-262
show queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-262
Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . . . . . . . 4-263
map ip port (Global Configuration) . . . . . . . . . . . . . . . . . 4-264
map ip port (Interface Configuration) . . . . . . . . . . . . . . . 4-264
map ip precedence (Global Configuration) . . . . . . . . . . . 4-265
map ip precedence (Interface Configuration) . . . . . . . . . 4-266
map ip dscp (Global Configuration) . . . . . . . . . . . . . . . . 4-267
map ip dscp (Interface Configuration) . . . . . . . . . . . . . . . 4-268
show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-269
show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . 4-270
show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-271
xiv
C
ONTENTS
Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272
IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272
ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-273
ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . 4-274
ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . . . . 4-275
show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-276
show mac-address-table multicast . . . . . . . . . . . . . . . . . . 4-276
IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . 4-277
ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . 4-278
ip igmp snooping query-count . . . . . . . . . . . . . . . . . . . . . 4-278
ip igmp snooping query-interval . . . . . . . . . . . . . . . . . . . . 4-279
ip igmp snooping query-max-response-time . . . . . . . . . . 4-280
ip igmp snooping router-port-expire-time . . . . . . . . . . . . 4-281
Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-282
ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . 4-282
show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . 4-283
IP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-284
Basic IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-284
ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-285
ip dhcp restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-286
ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-287
show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-288
show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-288
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-289
A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . A-1
Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-3
Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-3
Management Information Bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Glossary
Index
xv
T
ABLES
Table 1-1. Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Table 1-2. System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Table 3-1. Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Table 3-2. Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Table 3-3. HTTPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39
Table 3-4. 802.1x Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58
Table 3-5. LACP Port Counter Information . . . . . . . . . . . . . . . . . . . . 3-94
Table 3-6. LACP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96
Table 3-7. LACP Remote Side Settings . . . . . . . . . . . . . . . . . . . . . . . . 3-99
Table 3-8. Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106
Table 3-9. Egress Queue Priority Mapping . . . . . . . . . . . . . . . . . . . . 3-165
Table 3-10. CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-165
Table 3-11. IP Precedence Prioruty . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171
Table 3-12. Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173
Table 3-13. CoS to ACL Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-177
Table 4-1. Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Table 4-2. Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Table 4-3. Keystroke Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Table 4-4. Command Group Index . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Table 4-5. Line Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
Table 4-6. General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
Table 4-7. System Mangement Commands . . . . . . . . . . . . . . . . . . . . . 4-32
Table 4-8. Device Designation Commands . . . . . . . . . . . . . . . . . . . . . 4-33
Table 4-9. User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
Table 4-10. IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
Table 4-11. Web Server Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
Table 4-12. Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
Table 4-13. SSH Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55
Table 4-14. Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-58
Table 4-15. SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65
Table 4-16. Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
Table 4-17. System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77
Table 4-18. Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84
Table 4-19. Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-85
Table 4-20. Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
Table 4-21. Authentication Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
xvi
T
ABLES
Table 4-22. RADIUS Client Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-95
Table 4-23. TACACS+ Client Commands . . . . . . . . . . . . . . . . . . . . . . 4-99
Table 4-24. Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
Table 4-25. 802.1x Port Authentication Commands . . . . . . . . . . . . . 4-104
Table 4-26. Access Control List Commands . . . . . . . . . . . . . . . . . . . . 4-116
Table 4-27. IP ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116
Table 4-28. MAC ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135
Table 4-29. ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-148
Table 4-30. SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149
Table 4-31. DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-157
Table 4-32. Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167
Table 4-33. Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-183
Table 4-34. Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-185
Table 4-35. Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . 4-187
Table 4-36. Adress Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-200
Table 4-37. Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-205
Table 4-38. VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-231
Table 4-39. Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-231
Table 4-40. Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . 4-234
Table 4-41. Displaying VLAN Information . . . . . . . . . . . . . . . . . . . . 4-242
Table 4-42. Protocol-based VLAN Commands . . . . . . . . . . . . . . . . . 4-243
Table 4-43. Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-248
Table 4-44. GVRP and Bridge Extension Commands . . . . . . . . . . . . 4-250
Table 4-45. Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-255
Table 4-46. Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . . 4-256
Table 4-47. Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . . . 4-263
Table 4-48. Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . 4-272
Table 4-49. IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . 4-272
Table 4-50. IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . 4-277
Table 4-51. Static Multicast Routing Commands . . . . . . . . . . . . . . . . 4-282
Table 4-52. Basic IP Configuration commands . . . . . . . . . . . . . . . . . 4-284
Table B-1. Troubleshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
xvii
F
IGURES
Figure 3-1. Homepage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Figure 3-2. Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Figure 3-3. System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13
Figure 3-4. Switch Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15
Figure 3-5. Bridge Extension Configuration . . . . . . . . . . . . . . . . . . . 3-17
Figure 3-6. Manual IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . 3-19
Figure 3-7. DHCP IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
Figure 3-8. Operation Code Image File Transfer . . . . . . . . . . . . . . . 3-23
Figure 3-9. Select Start-Up Operation File . . . . . . . . . . . . . . . . . . . . 3-23
Figure 3-10. Downloading Configuration Settings from a Server . . . 3-25
Figure 3-11. Selecting the Startup Configuration File . . . . . . . . . . . . 3-25
Figure 3-12. Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Figure 3-13. SNTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28
Figure 3-14. Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29
Figure 3-15. Setting Community Access Strings . . . . . . . . . . . . . . . . . 3-31
Figure 3-16. Specifying Trap Managers and Trap Types . . . . . . . . . . 3-32
Figure 3-17. Configuring the Logon Password . . . . . . . . . . . . . . . . . . 3-34
Figure 3-18. Setting Local, RADIUS and TACACS Authentication . 3-37
Figure 3-19. HTTPS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39
Figure 3-20. SSH Host-Key Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45
Figure 3-21. SSH Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47
Figure 3-22. Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . 3-50
Figure 3-23. 802.1x Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53
Figure 3-24. 802.1x Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56
Figure 3-25. 802.1x Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-57
Figure 3-26. 802.1x Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59
Figure 3-27. Naming and Choosing ACLs . . . . . . . . . . . . . . . . . . . . . 3-62
Figure 3-28. Configuring Standard IP ACLs . . . . . . . . . . . . . . . . . . . 3-63
Figure 3-29. Configuring Extended IP ACLs . . . . . . . . . . . . . . . . . . . 3-66
Figure 3-30. Configuring MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . 3-69
Figure 3-31. Choosing ACL Types . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71
Figure 3-32. Configuring an IP based ACL . . . . . . . . . . . . . . . . . . . . 3-73
Figure 3-33. Configuring a MAC based ACL . . . . . . . . . . . . . . . . . . . 3-75
Figure 3-34. Mapping ACLs to Port Ingress/Egress Queues . . . . . . 3-77
Figure 3-35. Filtering Management Access . . . . . . . . . . . . . . . . . . . . . 3-79
Figure 3-36. Port Status Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-81
xviii
F
IGURES
Figure 3-37. Configuring Port Attributes . . . . . . . . . . . . . . . . . . . . . . 3-86
Figure 3-38. Static Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-88
Figure 3-39. LACP Port Configuratio . . . . . . . . . . . . . . . . . . . . . . . . . 3-90
Figure 3-40. LACP Aggregation Port Configuration . . . . . . . . . . . . . 3-93
Figure 3-41. Displaying LACP Port Counters Information . . . . . . . . 3-95
Figure 3-42. Displaying LACP Port Information . . . . . . . . . . . . . . . . 3-98
Figure 3-43. Displaying Remote LACP Port Information . . . . . . . . 3-100
Figure 3-44. Enabling Port Broadcast Control . . . . . . . . . . . . . . . . . 3-102
Figure 3-45. Configuring a Mirror Port . . . . . . . . . . . . . . . . . . . . . . 3-104
Figure 3-46. Configuring Output Port Rate Limiting . . . . . . . . . . . . 3-105
Figure 3-47. Displaying Port Statistics . . . . . . . . . . . . . . . . . . . . . . . 3-110
Figure 3-48. Displaying Etherlike and RMON Statistics . . . . . . . . . 3-111
Figure 3-49. Mapping Ports to Static Addresses . . . . . . . . . . . . . . . . 3-113
Figure 3-50. Displaying the MAC Dynamic Address Table . . . . . . . 3-114
Figure 3-51. Setting the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . 3-115
Figure 3-52. Displaying the Spanning Tree Algorithm . . . . . . . . . . 3-120
Figure 3-53. Configuring the Spanning Tree Algorithm . . . . . . . . . 3-125
Figure 3-54. Displaying STA - Port Status Information . . . . . . . . . 3-130
Figure 3-55. Configuring Spanning Tree Algorithm per Port . . . . . 3-133
Figure 3-56. Configuring Multiple Spanning Trees . . . . . . . . . . . . . 3-135
Figure 3-57. Displaying MSTP Interface Settings . . . . . . . . . . . . . . 3-137
Figure 3-58. MSTP Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-140
Figure 3-59. Enabling GVRP Status . . . . . . . . . . . . . . . . . . . . . . . . . 3-146
Figure 3-60. Displaying Basic VLAN Information . . . . . . . . . . . . . 3-147
Figure 3-61. Displaying VLAN Information by Port Membership . 3-148
Figure 3-62. Creating Virtual LANs . . . . . . . . . . . . . . . . . . . . . . . . . 3-150
Figure 3-63. Configuring VLAN Port Attributes . . . . . . . . . . . . . . . 3-152
Figure 3-64. Assigning VLAN Port and Trunk Groups . . . . . . . . . 3-154
Figure 3-65. Configuring VLAN Ports . . . . . . . . . . . . . . . . . . . . . . . 3-157
Figure 3-66. Enabling Private VLANS . . . . . . . . . . . . . . . . . . . . . . . 3-158
Figure 3-67. PVLAN Uplink/Downlink Port Configuration . . . . . 3-159
Figure 3-68. Protocil VLAN Configuration . . . . . . . . . . . . . . . . . . . 3-161
Figure 3-69. Mapping Protocols to VLANs . . . . . . . . . . . . . . . . . . . 3-162
Figure 3-70. Configuring Class of Service per Port . . . . . . . . . . . . . 3-164
Figure 3-71. Configuring Ports and Trunks for Class of Service . . . 3-166
Figure 3-72. Setting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . 3-167
Figure 3-73. Configuring Class of Service for Each Ingress Queue 3-168
xix
F
IGURES
Figure 3-74. Setting IP Precedence/DSCP Priority Status . . . . . . . 3-170
Figure 3-75. Mapping IP Precedence to Class of Service Values . . . 3-172 Figure 3-76. Mapping IP DSCP Priority to Class of Service Values 3-174
Figure 3-77. Globally Enabling the IP Port Priority Status . . . . . . . 3-175
Figure 3-78. IP Port Priority Mapping . . . . . . . . . . . . . . . . . . . . . . . 3-176
Figure 3-79. Changing Priorities Based on ACL Rules . . . . . . . . . . 3-180
Figure 3-80. Configuring Internet Group Management Protocol . . 3-184
Figure 3-81. Mapping Multicast Switch Ports to VLANs . . . . . . . . 3-185
Figure 3-82. Static Multicast Router Port Configuration . . . . . . . . . 3-186
Figure 3-83. Displaying Port Members of Multicast Services . . . . . 3-188
Figure 3-84. Specifying Multicast Port Membership . . . . . . . . . . . . 3-189
Figure 3-85. Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-192
Figure 3-86. Mapping IP Addresses to a Host Name . . . . . . . . . . . 3-194
Figure 3-87. Displaying the DNS Cache . . . . . . . . . . . . . . . . . . . . . . 3-196
xx
C
HAPTER
I
NTRODUCTION
This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.

Key Features

Table 1-1. Key Features
Feature Description
Configuration Backup and Restore
Authentication Console, Telnet, web – User name / password, RADIUS,
Access Control Lists
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input and output rate limiting per port
Port Mirroring One or more ports mirrored to single analysis port
Port Trunking Supports up to 6 trunks using either static or dynamic
Backup to TFTP server
TACACS+
Web – HTTPS; Telnet – SSH
SNMP – Community strings, IP address filtering
Port – IEEE 802.1x, MAC address filtering
Supports up to 32 IP or MAC ACLs
trunking (LACP)
1
1-1
I
NTRODUCTION
Table 1-1. Key Features
Feature Description
Broadcast Storm Control
Static Address Up to 16K MAC addresses in the forwarding table
IEEE 802.1D Bridge
Store-and-Forward Switching
Spanning Tree Protocol
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or
Traffic Prioritization
Multicast Filtering Supports IGMP snooping and query
Supported
Supports dynamic data switching and addresses learning
Supported to ensure wire-speed switching while eliminating bad frames
Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Trees (MSTP)
private VLANs
Default port priority, traffic class map, queue scheduling, IP Precedence, or Differentiated Services Code Point (DSCP)

Description of Software Features

The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Port-based and protocol-based VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering provides support for real-time network applications. Some of the management features are briefly described below.
Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings.
1-2
D
ESCRIPTION OF SOFTWARE FEATURES
Authentication – This switch authenticates management access via the console port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1x protocol. This protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request a user name and password from the 802.1x client, and then verifies the client’s right to access the network via an authentication server.
Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, IP address filtering for SNMP/web/Telnet management access, and MAC address filtering for port access.
Access Control Lists – ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP port number or TCP control code) or any frames (based on MAC address or Ethernet type). ACLs can by used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols.
Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard.
Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
1-3
I
NTRODUCTION
Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE
802.3ad Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 6 trunks.
Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from overwhelming the network. When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.
Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.
IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 16K addresses.
Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.
1-4
D
ESCRIPTION OF SOFTWARE FEATURES
To avoid dropping frames on congested ports, the switch provides 1 MB for frame buffering. This buffer can queue packets awaiting transmission on congested networks.
Spanning Tree Protocol – The switch supports these spanning tree protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol adds a level of fault tolerance by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the convergence time for network topology changes to about 10% of that required by the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each region, and prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).
1-5
I
NTRODUCTION
Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:
Eliminate broadcast storms which severely degrade performance in a flat network.
Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.
Provide data security by restricting all traffic to the originating VLAN.
Use private VLANs to restrict traffic to pass only between data ports and the uplink ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured.
Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using four priority queues with strict or Weighted Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can data and best-effort data.
be used to provide independent priorities for delay-sensitive
This switch also supports several common methods of prioritizing layer 3/ 4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.
Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query to manage multicast group registration.
1-6
Loading...
+ 526 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use