Page 1
TigerSwitch 10G
Gigabit Ethernet Switch
◆ 8 10GBASE XFP slots
◆ Non-blocking switching architecture
◆ Support for a redundant power unit
◆ Spanning Tree Protocol, RSTP, and MSTP
◆ Up to 4 LACP or static 8-port trunks
◆ Layer 2/3/4 CoS support through eight priority queues
◆ Layer 3/4 traffic priority with IP Precedence and IP DSCP
◆ Full support for VLANs with GVRP
◆ IGMP multicast filtering and snooping
◆ Support for jumbo frames up to 9 KB
◆ Manageable via console, Web, SNMP/RMON
Management Guide
SMC8708L2
Page 2
Page 3
TigerSwitch 10G
Management Guide
From SMC’s Tiger line of feature-rich workgroup LAN solutions
38 Tesla
Irvine, CA 92618
Phone: (949) 679-8000
May 2005
Pub. # 149100024300A
Page 4
Information furnished by SMC Networks, Inc. (SMC) is believed to be
accurate and reliable. However, no responsibility is assumed by SMC for its
use, nor for any infringements of patents or other rights of third parties
which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to
change specifications at any time without notice.
Copyright © 2005 by
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
All rights reserved. Printed in Taiwan
Trademarks:
SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC
Networks, Inc. Other product and company names are trademarks or registered trademarks of their
respective holders.
Page 5
L
IMITED
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be
free from defects in workmanship and materials, under normal use and service, for the
applicable warranty term. All SMC products carry a standard 90-day limited warranty from
the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion,
repair or replace any product not operating as warranted with a similar or functionally
equivalent product, during the applicable warranty term. SMC will endeavor to repair or
replace any product returned under warranty within 30 days of receipt of the product.
The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering
new products within 30 days of purchase from SMC or its Authorized Reseller. Registration
can be accomplished via the enclosed product registration card or online via the SMC web
site. Failure to register will not affect the standard limited warranty. The Limited Lifetime
warranty covers a product during the Life of that Product, which is defined as the period of
time during which the product is an “Active” SMC product. A product is considered to be
“Active” while it is listed on the current SMC price list. As new technologies emerge, older
technologies become obsolete and SMC will, at its discretion, replace an older product in its
product line with one that incorporates these newer technologies. At that point, the obsolete
product is discontinued and is no longer an “Active” SMC product. A list of discontinued
products with their respective dates of discontinuance can be found at:
http://www.smc.com/index.cfm?action=customer_service_warranty.
All products that are replaced become the property of SMC. Replacement products may be
either new or reconditioned. Any replaced or repaired product carries either a 30-day limited
warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible
for any custom software or firmware, configuration information, or memory data of
Customer contained in, stored on, or integrated with any products returned to SMC pursuant
to any warranty. Products returned to SMC should have any customer-installed accessory or
add-on components, such as expansion modules, removed prior to returning the product for
replacement. SMC is not responsible for these items if they are returned with the product.
Customers must contact SMC for a Return Material Authorization number prior to returning
any product to SMC. Proof of purchase may be required. Any product returned to SMC
without a valid Return Material Authorization (RMA) number clearly marked on the outside
of the package will be returned to customer at customer’s expense. For warranty claims within
North America, please call our toll-free customer support number at (800) 762-4968.
Customers are responsible for all shipping charges from their facility to SMC. SMC is
responsible for return shipping charges from SMC to customer.
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS
WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN
LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED,
EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE,
INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR
AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER
W
ARRANTY
v
Page 6
L
IMITED WARRANTY
LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION,
MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE
UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE
ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY
CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER
INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR
ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY
ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT
OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR
INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE
DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR
OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE
SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR
INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED
RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES
OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS
MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL
RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS
WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance from the active
SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans,
and cables are covered by a standard one-year warranty from date of purchase.
vi
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
Page 7
T
ABLE OF
C
ONTENTS
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Description of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Dynamic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Enabling SNMP Management Access . . . . . . . . . . . . . . . . . . . . . 2-9
Community Strings (for SNMP version 1 and 2c clients) . 2-10
Trap Receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Configuring Access for SNMP Version 3 Clients . . . . . . . 2-11
Saving Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14
Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-14
Displaying Switch Hardware/Software Versions . . . . . . . . . . . 3-16
Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . 3-18
Setting the Switch’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . 3-20
vii
Page 8
T
ABLE OF CONTENTS
Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Configuring Support for Jumbo Frames . . . . . . . . . . . . . . . . . . 3-24
Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
Downloading System Software from a Server . . . . . . . . . . 3-27
Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . 3-30
Downloading Configuration Settings from a Server . . . . . 3-32
Console Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33
Telnet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36
Configuring Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
System Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
Remote Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-40
Displaying Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
Sending Simple Mail Transfer Protocol Alerts . . . . . . . . . 3-44
Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46
Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47
Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47
Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49
Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-50
Enabling the SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53
Setting Community Access Strings . . . . . . . . . . . . . . . . . . . . . . 3-53
Specifying Trap Managers and Trap Types . . . . . . . . . . . . . . . . 3-55
Configuring SNMPv3 Management Access . . . . . . . . . . . . . . . 3-58
Setting a Local Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . 3-59
Specifying a Remote Engine ID . . . . . . . . . . . . . . . . . . . . . 3-60
Configuring SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . . . 3-61
Configuring Remote SNMPv3 Users . . . . . . . . . . . . . . . . . 3-63
Configuring SNMPv3 Groups . . . . . . . . . . . . . . . . . . . . . . 3-66
Setting SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74
Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75
Configuring Local/Remote Logon Authentication . . . . . . . . . 3-76
Configuring HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81
Replacing the Default Secure-site Certificate . . . . . . . . . . 3-83
Configuring the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84
Generating the Host Key Pair . . . . . . . . . . . . . . . . . . . . . . 3-87
Configuring the SSH Server . . . . . . . . . . . . . . . . . . . . . . . . 3-89
viii
Page 9
T
ABLE OF CONTENTS
Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-91
Configuring 802.1X Port Authentication . . . . . . . . . . . . . . . . . 3-94
Displaying 802.1X Global Settings . . . . . . . . . . . . . . . . . . . 3-95
Configuring 802.1X Global Settings . . . . . . . . . . . . . . . . . 3-96
Configuring Port Settings for 802.1X . . . . . . . . . . . . . . . . 3-97
Displaying 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . . 3-101
Filtering IP Addresses for Management Access . . . . . . . . . . . 3-103
Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105
Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . 3-105
Setting the ACL Name and Type . . . . . . . . . . . . . . . . . . . 3-106
Configuring a Standard IP ACL . . . . . . . . . . . . . . . . . . . . 3-107
Configuring an Extended IP ACL . . . . . . . . . . . . . . . . . . 3-108
Configuring a MAC ACL . . . . . . . . . . . . . . . . . . . . . . . . . 3-111
Configuring ACL Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-113
Specifying the Mask Type . . . . . . . . . . . . . . . . . . . . . . . . . 3-113
Configuring an IP ACL Mask . . . . . . . . . . . . . . . . . . . . . . 3-114
Configuring a MAC ACL Mask . . . . . . . . . . . . . . . . . . . . 3-117
Binding a Port to an Access Control List . . . . . . . . . . . . . . . . 3-119
Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-121
Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . 3-121
Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . 3-125
Creating Trunk Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-127
Statically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . 3-128
Enabling LACP on Selected Ports . . . . . . . . . . . . . . . . . . 3-130
Configuring LACP Parameters . . . . . . . . . . . . . . . . . . . . . 3-132
Displaying LACP Port Counters . . . . . . . . . . . . . . . . . . . 3-135
Displaying LACP Settings and Status for the Local Side 3-136
Displaying LACP Settings and Status for the Remote Side 3-139
Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . . . . . . . 3-141
Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143
Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145
Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146
Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152
Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153
Displaying the Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154
Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156
ix
Page 10
T
ABLE OF CONTENTS
Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . . . . . . . 3-156
Displaying Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158
Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-163
Displaying Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168
Configuring Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . 3-172
Configuring Multiple Spanning Trees . . . . . . . . . . . . . . . . . . . 3-176
Displaying Interface Settings for MSTP . . . . . . . . . . . . . . . . . 3-180
Configuring Interface Settings for MSTP . . . . . . . . . . . . . . . . 3-182
VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184
IEEE 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184
Assigning Ports to VLANs . . . . . . . . . . . . . . . . . . . . . . . . 3-185
Forwarding Tagged/Untagged Frames . . . . . . . . . . . . . . 3-188
Enabling or Disabling GVRP (Global Setting) . . . . . . . . . . . 3-189
Displaying Basic VLAN Information . . . . . . . . . . . . . . . . . . . 3-189
Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-190
Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-192
Adding Static Members to VLANs (VLAN Index) . . . . . . . . 3-194
Adding Static Members to VLANs (Port Index) . . . . . . . . . . 3-196
Configuring VLAN Behavior for Interfaces . . . . . . . . . . . . . . 3-197
Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200
Enabling Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 3-200
Configuring Uplink and Downlink Ports . . . . . . . . . . . . 3-201
Configuring Protocol-Based VLANs . . . . . . . . . . . . . . . . . . . 3-202
Configuring Protocol Groups . . . . . . . . . . . . . . . . . . . . . 3-203
Mapping Protocols to VLANs . . . . . . . . . . . . . . . . . . . . . 3-204
Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206
Layer 2 Queue Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206
Setting the Default Priority for Interfaces . . . . . . . . . . . . 3-206
Mapping CoS Values to Egress Queues . . . . . . . . . . . . . 3-208
Selecting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . 3-209
Setting the Service Weight for Traffic Classes . . . . . . . . . 3-210
Layer 3/4 Priority Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212
Mapping Layer 3/4 Priorities to CoS Values . . . . . . . . . . 3-212
Selecting IP Precedence/DSCP Priority . . . . . . . . . . . . . 3-213
Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213
Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215
Mapping IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . 3-217
x
Page 11
T
ABLE OF CONTENTS
Mapping CoS Values to ACLs . . . . . . . . . . . . . . . . . . . . . 3-219
Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221
IGMP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222
Layer 2 IGMP (Snooping and Query) . . . . . . . . . . . . . . . . . . . 3-222
Configuring IGMP Snooping and Query Parameters . . . 3-223
Displaying Interfaces Attached to a Multicast Router . . . 3-226
Specifying Static Interfaces for a Multicast Router . . . . . 3-227
Displaying Port Members of Multicast Services . . . . . . . 3-228
Assigning Ports to Multicast Services . . . . . . . . . . . . . . . 3-229
Configuring Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231
Configuring General DNS Service Parameters . . . . . . . . . . . 3-231
Configuring Static DNS Host to Address Entries . . . . . . . . . 3-234
Displaying the DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-236
4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . 4-1
Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Negating the Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-7
Using Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Understanding Command Modes . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Command Line Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
xi
Page 12
T
ABLE OF CONTENTS
timeout login response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32
System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33
Device Designation Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-33
prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35
username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
show management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44
Telnet Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
ip telnet server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46
xii
Page 13
T
ABLE OF CONTENTS
Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46
ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50
ip ssh timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51
ip ssh authentication-retries . . . . . . . . . . . . . . . . . . . . . . . . 4-52
ip ssh server-key size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52
delete public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
ip ssh crypto host-key generate . . . . . . . . . . . . . . . . . . . . . 4-53
ip ssh crypto zeroize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
ip ssh save host-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55
show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
show ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
show public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57
Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59
logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59
logging history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61
logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62
logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63
clear log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64
show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64
show log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66
SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67
logging sendmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68
logging sendmail level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69
logging sendmail source-email . . . . . . . . . . . . . . . . . . . . . . 4-69
logging sendmail destination-email . . . . . . . . . . . . . . . . . . 4-70
logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71
show logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71
Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-73
sntp poll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74
show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75
clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76
calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77
show calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77
xiii
Page 14
T
ABLE OF CONTENTS
System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78
show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78
show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81
show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83
show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84
show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84
Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-85
jumbo frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-85
Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-86
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90
dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91
whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92
boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94
Authentication Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94
authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95
authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96
RADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97
radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98
radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99
radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99
radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100
radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100
show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101
TACACS+ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
tacacs-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103
tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103
show tacacs-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104
Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104
port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105
802.1X Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107
dot1x system-auth-control . . . . . . . . . . . . . . . . . . . . . . . . 4-108
dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108
dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108
dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109
xiv
Page 15
T
ABLE OF CONTENTS
dot1x operation-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110
dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111
dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111
dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . 4-112
dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . . . . . 4-112
dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113
show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113
Access Control List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117
IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-119
access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-120
access-list ip extended fragment-auto-mask . . . . . . . . . . . 4-121
permit, deny (Standard ACL) . . . . . . . . . . . . . . . . . . . . . 4-122
permit, deny (Extended ACL) . . . . . . . . . . . . . . . . . . . . . 4-123
show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126
access-list ip mask-precedence . . . . . . . . . . . . . . . . . . . . . 4-126
mask (IP ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128
show access-list ip mask-precedence . . . . . . . . . . . . . . . . 4-131
ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-132
show ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-133
map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-133
show map access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-134
match access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135
show marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136
MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137
access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138
permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 4-139
show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-141
access-list mac mask-precedence . . . . . . . . . . . . . . . . . . . 4-141
mask (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-142
show access-list mac mask-precedence . . . . . . . . . . . . . . 4-144
mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-145
show mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-145
map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-146
show map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . 4-147
match access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-148
ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149
show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149
xv
Page 16
T
ABLE OF CONTENTS
show access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149
SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150
snmp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151
show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-152
snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-153
snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-153
snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-154
snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-155
snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-158
snmp-server engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159
show snmp engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-160
snmp-server view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161
show snmp view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-162
snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163
show snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-164
snmp-server user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-166
show snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-168
Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-169
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170
speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-171
negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-172
capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-174
switchport broadcast packet-rate . . . . . . . . . . . . . . . . . . . . . . . 4-175
clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176
show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-177
show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-178
show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-180
Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-182
port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-182
show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-183
Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-184
rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-185
Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-185
channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-187
lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-188
xvi
Page 17
T
ABLE OF CONTENTS
lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-190
lacp admin-key (Ethernet Interface) . . . . . . . . . . . . . . . . . . . . 4-191
lacp admin-key (Port Channel) . . . . . . . . . . . . . . . . . . . . . . . . . 4-192
lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-193
show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-194
Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198
mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-199
clear mac-address-table dynamic . . . . . . . . . . . . . . . . . . . . . . . 4-200
show mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-201
mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202
show mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . 4-203
Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-204
spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-205
spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-206
spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-208
spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-209
spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-209
spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-210
spanning-tree pathcost method . . . . . . . . . . . . . . . . . . . . . . . . 4-211
spanning-tree transmission-limit . . . . . . . . . . . . . . . . . . . . . . . 4-212
spanning-tree mst-configuration . . . . . . . . . . . . . . . . . . . . . . . 4-212
mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-213
mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-214
name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-215
revision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-216
max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-216
spanning-tree spanning-disabled . . . . . . . . . . . . . . . . . . . . . . . 4-217
spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-218
spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-219
spanning-tree edge-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-220
spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221
spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222
spanning-tree mst cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-223
spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . . . 4-224
spanning-tree protocol-migration . . . . . . . . . . . . . . . . . . . . . . 4-225
show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-226
show spanning-tree mst configuration . . . . . . . . . . . . . . . . . . . 4-229
xvii
Page 18
T
ABLE OF CONTENTS
VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-229
Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230
vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-231
Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 4-232
interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-232
switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233
switchport acceptable-frame-types . . . . . . . . . . . . . . . . . 4-234
switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . 4-235
switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-236
switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . 4-237
switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . 4-238
Displaying VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . 4-239
show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-239
Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 4-240
pvlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-240
show pvlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-241
Configuring Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . 4-242
protocol-vlan protocol-group (Configuring Groups) . . . 4-243
protocol-vlan protocol-group (Configuring Interfaces) . 4-244
show protocol-vlan protocol-group . . . . . . . . . . . . . . . . . 4-245
show interfaces protocol-vlan protocol-group . . . . . . . . 4-246
GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . . . . . . 4-247
bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-247
show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-248
switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-249
show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 4-249
garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-250
show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-251
Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-252
Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-252
queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-253
switchport priority default . . . . . . . . . . . . . . . . . . . . . . . . 4-254
queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-255
queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-256
show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-257
show queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-258
xviii
Page 19
T
ABLE OF CONTENTS
show queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-258
Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . . . . . . 4-259
map ip port (Global Configuration) . . . . . . . . . . . . . . . . . 4-259
map ip port (Interface Configuration) . . . . . . . . . . . . . . . 4-260
map ip precedence (Global Configuration) . . . . . . . . . . . 4-261
map ip precedence (Interface Configuration) . . . . . . . . . 4-261
map ip dscp (Global Configuration) . . . . . . . . . . . . . . . . 4-262
map ip dscp (Interface Configuration) . . . . . . . . . . . . . . . 4-263
show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-264
show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . 4-265
show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-266
Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-267
IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-268
ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-268
ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . 4-269
ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . . . . 4-269
show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-270
show mac-address-table multicast . . . . . . . . . . . . . . . . . . 4-271
IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-272
ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . 4-272
ip igmp snooping query-count . . . . . . . . . . . . . . . . . . . . . 4-273
ip igmp snooping query-interval . . . . . . . . . . . . . . . . . . . . 4-274
ip igmp snooping query-max-response-time . . . . . . . . . . 4-274
ip igmp snooping router-port-expire-time . . . . . . . . . . . . 4-275
Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-276
ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . 4-276
show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . 4-277
IP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-278
Basic IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-278
ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-279
ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-280
ip dhcp restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-281
show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-282
show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-282
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-283
xix
Page 20
T
ABLE OF CONTENTS
DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-284
ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-285
clear host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-286
ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-287
ip domain-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-288
ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-289
ip domain-lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-290
show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-291
show dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-292
show dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-292
clear dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-293
A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . .A-1
Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
Management Information Bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-3
B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-1
Problems Accessing the Management Interface . . . . . . . . . . . . . . . . . . B-1
Using System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3
xx
Glossary
Index
Page 21
T
ABLES
Table 1-1 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Table 1-2 System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Table 3-1 Web Page Configuration Buttons . . . . . . . . . . . . . . . . . . . 3-4
Table 3-2 Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Table 3-3 Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39
Table 3-4 SNMPv3 Security Models and Levels . . . . . . . . . . . . . . . 3-51
Table 3-5 Supported Notification Messages . . . . . . . . . . . . . . . . . . 3-67
Table 3-6 HTTPS System Support . . . . . . . . . . . . . . . . . . . . . . . . . 3-82
Table 3-7 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101
Table 3-8 LACP Port Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135
Table 3-9 LACP Internal Configuration Information . . . . . . . . . 3-136
Table 3-10 LACP Neighbor Configuration Information . . . . . . . . 3-139
Table 3-11 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146
Table 3-12 Mapping CoS Values to Egress Queues . . . . . . . . . . . . 3-208
Table 3-13 CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208
Table 3-14 Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . 3-214
Table 3-15 Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . 3-215
Table 3-16 Egress Queue Priority Mapping . . . . . . . . . . . . . . . . . . 3-219
Table 4-1 General Command Modes . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Table 4-2 Configuration Command Modes . . . . . . . . . . . . . . . . . . 4-10
Table 4-3 Keystroke Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Table 4-4 Command Group Index . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Table 4-5 Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
Table 4-6 General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
Table 4-7 System Management Commands . . . . . . . . . . . . . . . . . . 4-33
Table 4-8 Device Designation Commands . . . . . . . . . . . . . . . . . . . 4-33
Table 4-9 User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-35
Table 4-10 Default Login Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
Table 4-11 IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
Table 4-12 Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
Table 4-13 HTTPS System Support . . . . . . . . . . . . . . . . . . . . . . . . . 4-44
Table 4-14 Telnet Server Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-45
Table 4-15 Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-47
Table 4-16 show ssh - display description . . . . . . . . . . . . . . . . . . . . . 4-56
xxi
Page 22
T
ABLES
Table 4-17 Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . 4-59
Table 4-18 Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
Table 4-19 show logging flash/ram - display description . . . . . . . . . 4-65
Table 4-20 show logging trap - display description . . . . . . . . . . . . . . 4-66
Table 4-21 SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-67
Table 4-22 Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
Table 4-23 System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-78
Table 4-24 Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-85
Table 4-25 Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-86
Table 4-26 File Directory Information . . . . . . . . . . . . . . . . . . . . . . . 4-91
Table 4-27 Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . 4-94
Table 4-28 Authentication Sequence Commands . . . . . . . . . . . . . . . 4-94
Table 4-29 RADIUS Client Commands . . . . . . . . . . . . . . . . . . . . . . 4-97
Table 4-30 TACACS+ Client Commands . . . . . . . . . . . . . . . . . . . . 4-102
Table 4-31 Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-105
Table 4-32 802.1X Port Authentication Commands . . . . . . . . . . . 4-107
Table 4-33 Access Control List Commands . . . . . . . . . . . . . . . . . . 4-119
Table 4-34 IP ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-119
Table 4-35 Egress Queue Priority Mapping . . . . . . . . . . . . . . . . . . 4-134
Table 4-36 MAC ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-137
Table 4-37 Mapping CoS Values to MAC ACLs . . . . . . . . . . . . . . 4-146
Table 4-38 ACL Information Commands . . . . . . . . . . . . . . . . . . . . 4-149
Table 4-39 SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150
Table 4-40 show snmp engine-id - display description . . . . . . . . . . 4-161
Table 4-41 show snmp view - display description . . . . . . . . . . . . . 4-163
Table 4-42 show snmp group - display description . . . . . . . . . . . . 4-165
Table 4-43 show snmp user - display description . . . . . . . . . . . . . . 4-168
Table 4-44 Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-169
Table 4-45 show interfaces switchport - display description . . . . . 4-181
Table 4-46 Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-182
Table 4-47 Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-184
Table 4-48 Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . 4-186
Table 4-49 show lacp counters - display description . . . . . . . . . . . 4-195
Table 4-50 show lacp internal - display description . . . . . . . . . . . . 4-195
Table 4-51 show lacp neighbors - display description . . . . . . . . . . 4-197
Table 4-52 show lacp sysid - display description . . . . . . . . . . . . . . 4-198
Table 4-53 Address Table Commands . . . . . . . . . . . . . . . . . . . . . . 4-198
xxii
Page 23
T
ABLES
Table 4-54 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . 4-204
Table 4-55 VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-229
Table 4-56 Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . 4-230
Table 4-57 Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . 4-232
Table 4-58 Displaying VLAN Information . . . . . . . . . . . . . . . . . . . 4-239
Table 4-59 Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . 4-240
Table 4-60 Protocol-based VLAN Commands . . . . . . . . . . . . . . . . 4-242
Table 4-61 GVRP and Bridge Extension Commands . . . . . . . . . . 4-247
Table 4-62 Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-252
Table 4-63 Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-252
Table 4-64 Default CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . 4-256
Table 4-65 Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . 4-259
Table 4-66 Mapping IP Precedence to CoS Values . . . . . . . . . . . . 4-262
Table 4-67 Mapping IP DSCP to CoS Values . . . . . . . . . . . . . . . . . 4-263
Table 4-68 Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . 4-267
Table 4-69 IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . 4-268
Table 4-70 IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . 4-272
Table 4-71 Static Multicast Routing Commands . . . . . . . . . . . . . . . 4-276
Table 4-72 Basic IP Configuration Commands . . . . . . . . . . . . . . . 4-278
Table 4-73 DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-284
Table 4-74 show dns cache - display description . . . . . . . . . . . . . . 4-293
Table B-1 Troubleshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
xxiii
Page 24
T
ABLES
xxiv
Page 25
F
IGURES
Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Figure 3-2 Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Figure 3-3 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15
Figure 3-4 Switch Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17
Figure 3-5 Displaying Bridge Extension Configuration . . . . . . . . . 3-19
Figure 3-6 IP Interface Configuration - Manual . . . . . . . . . . . . . . . 3-22
Figure 3-7 IP Interface Configuration - DHCP . . . . . . . . . . . . . . . 3-23
Figure 3-8 Configuring Support for Jumbo Frames . . . . . . . . . . . . 3-25
Figure 3-9 Copy Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27
Figure 3-10 Setting the Startup Code . . . . . . . . . . . . . . . . . . . . . . . . . 3-28
Figure 3-11 Deleting Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28
Figure 3-12 Downloading Configuration Settings for Start-Up . . . . 3-32
Figure 3-13 Setting the Startup Configuration Settings . . . . . . . . . . . 3-33
Figure 3-14 Configuring the Console Port . . . . . . . . . . . . . . . . . . . . 3-35
Figure 3-15 Configuring the Telnet Interface . . . . . . . . . . . . . . . . . . 3-37
Figure 3-16 System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40
Figure 3-17 Remote Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42
Figure 3-18 Displaying Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
Figure 3-19 Enabling and Configuring SMTP Alerts . . . . . . . . . . . . 3-45
Figure 3-20 Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46
Figure 3-21 SNTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48
Figure 3-22 Clock Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49
Figure 3-23 Enabling the SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . 3-53
Figure 3-24 Configuring SNMP Community Strings . . . . . . . . . . . . 3-54
Figure 3-25 Configuring SNMP Trap Managers . . . . . . . . . . . . . . . . 3-58
Figure 3-26 Setting the SNMPv3 Engine ID . . . . . . . . . . . . . . . . . . . 3-59
Figure 3-27 Setting an Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60
Figure 3-28 Configuring SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . 3-62
Figure 3-29 Configuring Remote SNMPv3 Users . . . . . . . . . . . . . . . 3-65
Figure 3-30 Configuring SNMPv3 Groups . . . . . . . . . . . . . . . . . . . . 3-71
Figure 3-31 Configuring SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . 3-73
Figure 3-32 User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76
Figure 3-33 Authentication Server Settings . . . . . . . . . . . . . . . . . . . . 3-80
Figure 3-34 HTTPS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83
Figure 3-35 SSH Host-Key Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88
Figure 3-36 SSH Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90
Figure 3-37 Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93
Page 26
F
IGURES
Figure 3-38 802.1X Global Information . . . . . . . . . . . . . . . . . . . . . . 3-95
Figure 3-39 802.1X Global Configuration . . . . . . . . . . . . . . . . . . . . . 3-96
Figure 3-40 802.1X Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-98
Figure 3-41 802.1X Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102
Figure 3-42 IP Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-104
Figure 3-43 Selecting ACL Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107
Figure 3-44 ACL Configuration - Standard IP . . . . . . . . . . . . . . . . 3-108
Figure 3-45 ACL Configuration - Extended IP . . . . . . . . . . . . . . . . 3-110
Figure 3-46 ACL Configuration - MAC . . . . . . . . . . . . . . . . . . . . . . 3-112
Figure 3-47 Selecting ACL Mask Types . . . . . . . . . . . . . . . . . . . . . . 3-114
Figure 3-48 ACL Mask Configuration - IP . . . . . . . . . . . . . . . . . . . 3-116
Figure 3-49 ACL Mask Configuration - MAC . . . . . . . . . . . . . . . . . 3-118
Figure 3-50 ACL Port Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120
Figure 3-51 Port - Port Information . . . . . . . . . . . . . . . . . . . . . . . . 3-122
Figure 3-52 Port - Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-126
Figure 3-53 Static Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . 3-129
Figure 3-54 LACP Trunk Configuration . . . . . . . . . . . . . . . . . . . . . 3-131
Figure 3-55 LACP - Aggregation Port . . . . . . . . . . . . . . . . . . . . . . . 3-133
Figure 3-56 LACP - Port Counters Information . . . . . . . . . . . . . . . 3-135
Figure 3-57 LACP - Port Internal Information . . . . . . . . . . . . . . . . 3-138
Figure 3-58 LACP - Port Neighbors Information . . . . . . . . . . . . . . 3-140
Figure 3-59 Port Broadcast Control . . . . . . . . . . . . . . . . . . . . . . . . . 3-142
Figure 3-60 Mirror Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-144
Figure 3-61 Rate Limit Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-145
Figure 3-62 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151
Figure 3-63 Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154
Figure 3-64 Dynamic Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155
Figure 3-65 Address Aging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156
Figure 3-66 STA Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161
Figure 3-67 STA Global Configuration . . . . . . . . . . . . . . . . . . . . . . 3-167
Figure 3-68 STA Port Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-172
Figure 3-69 STA Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . 3-175
Figure 3-70 MSTP VLAN Configuration . . . . . . . . . . . . . . . . . . . . 3-178
Figure 3-71 MSTP Port Information . . . . . . . . . . . . . . . . . . . . . . . . 3-180
Figure 3-72 MSTP Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-184
Figure 3-73 Globally Enabling GVRP . . . . . . . . . . . . . . . . . . . . . . . 3-189
Figure 3-74 VLAN Basic Information . . . . . . . . . . . . . . . . . . . . . . . 3-190
xxvi
Page 27
F
IGURES
Figure 3-75 VLAN Current Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-191
Figure 3-76 VLAN Static List - Creating VLANs . . . . . . . . . . . . . . 3-193
Figure 3-77 VLAN Static Table - Adding Static Members . . . . . . . 3-195
Figure 3-78 VLAN Static Membership by Port . . . . . . . . . . . . . . . . 3-196
Figure 3-79 VLAN Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-199
Figure 3-80 Private VLAN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201
Figure 3-81 Private VLAN Link Status . . . . . . . . . . . . . . . . . . . . . . 3-201
Figure 3-82 Protocol VLAN Configuration . . . . . . . . . . . . . . . . . . . 3-203
Figure 3-83 Protocol VLAN Port Configuration . . . . . . . . . . . . . . 3-205
Figure 3-84 Default Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207
Figure 3-85 Traffic Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209
Figure 3-86 Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210
Figure 3-87 Queue Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211
Figure 3-88 IP Precedence/DSCP Priority Status . . . . . . . . . . . . . . 3-213
Figure 3-89 IP Precedence Priority . . . . . . . . . . . . . . . . . . . . . . . . . 3-214
Figure 3-90 IP DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216
Figure 3-91 IP Port Priority Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218
Figure 3-92 IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218
Figure 3-93 ACL CoS Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220
Figure 3-94 IGMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225
Figure 3-95 Multicast Router Port Information . . . . . . . . . . . . . . . 3-226
Figure 3-96 Static Multicast Router Port Configuration . . . . . . . . . 3-228
Figure 3-97 Displaying Port Members of Multicast Services . . . . . 3-229
Figure 3-98 Specifying Multicast Port Membership . . . . . . . . . . . . 3-230
Figure 3-99 DNS General Configuration . . . . . . . . . . . . . . . . . . . . . 3-233
Figure 3-100 DNS Static Host Table . . . . . . . . . . . . . . . . . . . . . . . . . 3-235
Figure 3-101 DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237
xxvii
Page 28
F
IGURES
xxviii
Page 29
C
HAPTER
I
NTRODUCTION
This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.
Key Features
Table 1-1 Key Features
Feature Description
Configuration
Backup and
Restore
Authentication Console, Telnet, web – User name / password, RADIUS,
Access Control
Lists
DHCP Client Supported
DNS Client and proxy service
Port
Configuration
Backup to TFTP server
TACACS+
Web – SSL/HTTPS; Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
Supports up to 32 IP or MAC ACLs
Speed and duplex mode
1
1-1
Page 30
I
NTRODUCTION
Feature Description
Rate Limiting Input and output rate limiting per port
Port Mirroring One or more ports mirrored to single analysis port
Port Trunking Supports up to 4 trunks using either static or dynamic trunking
Broadcast Storm
Control
Address Table Up to 16K MAC addresses in forwarding table
IEEE 802.1D
Bridge
Store-and-Forwa
rd Switching
Spanning Tree
Algorithm
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or
Traffic
Prioritization
Multicast
Filtering
Table 1-1 Key Features (Continued)
(LACP)
Supported
Supports dynamic data switching and addresses learning
Supported to ensure wire-speed switching while eliminating
bad frames
Supports standard STP, Rapid Spanning Tree Protocol (RSTP),
and Multiple Spanning Trees (MSTP)
private VLANs
Default port priority, traffic class map, queue scheduling, IP
Precedence, or Differentiated Services Code Point (DSCP),
and TCP/UDP Port
Supports IGMP snooping and query
1-2
Page 31
D
ESCRIPTION OF SOFTWARE FEATURES
Description of Software Features
The switch provides a wide range of advanced performance enhancing
features. Broadcast storm suppression prevents broadcast traffic storms
from engulfing the network. Untagged (port-based), tagged, and
protocol-based VLANs, plus support for automatic GVRP VLAN
registration provide traffic security and efficient use of network
bandwidth. CoS priority queueing ensures the minimum delay for moving
real-time multimedia data across the network. While multicast filtering
provides support for real-time network applications. Some of the
management features are briefly described below.
Configuration Backup and Restore – You can save the current
configuration settings to a file on a TFTP server, and later download this
file to restore the switch configuration settings.
Authentication – This switch authenticates management access via the
console port, Telnet or web browser. User names and passwords can be
configured locally or can be verified via a remote authentication server (i.e.,
RADIUS or TACACS+). Port-based authentication is also supported via
the IEEE 802.1X protocol. This protocol uses Extensible Authentication
Protocol over LANs (EAPOL) to request user credentials from the 802.1X
client, and then uses the EAP between the switch and the authentication
server to verify the client’s right to access the network via an authentication
server (i.e., RADIUS server).
Other authentication options include HTTPS for secure management
access via the web, SSH for secure management access over a
Telnet-equivalent connection, SNMP Version 3, IP address filtering for
SNMP/web/Telnet management access, and MAC address filtering for
port access.
Access Control Lists – ACLs provide packet filtering for IP frames
(based on address, protocol, TCP/UDP port number or TCP control
code) or any frames (based on MAC address or Ethernet type). ACLs can
1-3
Page 32
I
NTRODUCTION
by used to improve performance by blocking unnecessary network traffic
or to implement security controls by restricting access to specific network
resources or protocols.
Rate Limiting – This feature controls the maximum rate for traffic
transmitted or received on an interface. Rate limiting is configured on
interfaces at the edge of a network to limit traffic into or out of the
network. Traffic that falls within the rate limit is transmitted, while packets
that exceed the acceptable amount of traffic are dropped.
Port Mirroring – The switch can unobtrusively mirror traffic from any
port to a monitor port. You can then attach a protocol analyzer or RMON
probe to this port to perform traffic analysis and verify connection
integrity.
Port Trunking – Ports can be combined into an aggregate connection.
Trunks can be manually set up or dynamically configured using IEEE
802.3-2002 (formerly IEEE 802.3ad) Link Aggregation Control Protocol
(LACP). The additional ports dramatically increase the throughput across
any connection, and provide redundancy by taking over the load if a port
in the trunk should fail. The switch supports up to 4 trunks.
Broadcast Storm Control – Broadcast suppression prevents broadcast
traffic from overwhelming the network. When enabled on a port, the level
of broadcast traffic passing through the port is restricted. If broadcast
traffic rises above a pre-defined threshold, it will be throttled until the level
falls back beneath the threshold.
Static Addresses – A static address can be assigned to a specific interface
on this switch. Static addresses are bound to the assigned interface and will
not be moved. When a static address is seen on another interface, the
address will be ignored and will not be written to the address table. Static
addresses can be used to provide network security by restricting access for
a known host to a specific port.
1-4
Page 33
D
ESCRIPTION OF SOFTWARE FEATURES
IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent
bridging. The address table facilitates data switching by learning addresses,
and then filtering or forwarding traffic based on this information. The
address table supports up to 16K addresses.
Store-and-Forward Switching – The switch copies each frame into its
memory before forwarding them to another port. This ensures that all
frames are a standard Ethernet size and have been verified for accuracy
with the cyclic redundancy check (CRC). This prevents bad frames from
entering the network and wasting bandwidth.
To avoid dropping frames on congested ports, the switch provides 256 KB
for frame buffering. This buffer can queue packets awaiting transmission
on congested networks.
Spanning Tree Algorithm – The switch supports these spanning tree
protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides
loop detection and recovery by allowing two or more redundant
connections to be created between a pair of LAN segments. When there
are multiple physical paths between segments, this protocol will choose a
single path and disable all others to ensure that only one route exists
between any two stations on the network. This prevents the creation of
network loops. However, if the chosen path should fail for any reason, an
alternate path will be activated to maintain the connection.
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to about 3 to
5 seconds, compared to 30 seconds or more for the older IEEE 802.1D
STP standard. It is intended as a complete replacement for STP, but can
still interoperate with switches running the older standard by automatically
reconfiguring ports to STP-compliant mode if they detect STP protocol
messages from attached devices.
1-5
Page 34
I
NTRODUCTION
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is
a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for even
faster convergence than RSTP by limiting the size of each region, and
prevents VLAN members from being segmented from the rest of the
group (as sometimes occurs with IEEE 802.1D STP).
Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is
a collection of network nodes that share the same collision domain
regardless of their physical location or connection point in the network.
The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Members of VLAN groups can be dynamically learned via GVRP, or ports
can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:
• Eliminate broadcast storms which severely degrade performance in a
flat network.
• Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.
• Provide data security by restricting all traffic to the originating VLAN.
• Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need
to be configured.
• Use protocol VLANs to restrict traffic to specified interfaces based on
protocol type.
Traffic Prioritization – This switch prioritizes each packet based on the
required level of service, using eight priority queues with strict or Weighted
Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize
incoming traffic based on input from the end-station application. These
functions can
data and best-effort data.
be used to provide independent priorities for delay-sensitive
1-6
Page 35
S
YSTEM DEFAULTS
This switch also supports several common methods of prioritizing layer 3/
4 traffic to meet application requirements. Traffic can be prioritized based
on the priority bits in the IP frame’s Type of Service (ToS) octet or the
number of the TCP/UDP port. When these services are enabled, the
priorities are mapped to a Class of Service value by the switch, and the
traffic then sent to the corresponding output queue.
Multicast Filtering – Specific multicast traffic can be assigned to its own
VLAN to ensure that it does not interfere with normal network traffic and
to guarantee real-time delivery by setting the required priority level for the
designated VLAN. The switch uses IGMP Snooping and Query to manage
multicast group registration.
System Defaults
The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file
should be set as the startup configuration file (page 3-32).
The following table lists some of the basic system defaults.
Table 1-2 System Defaults
Function Parameter Default
Console Port
Connection
Baud Rate auto
Data bits 8
Stop bits 1
Parity none
Local Console Timeout 0 (disabled)
1-7
Page 36
I
NTRODUCTION
Function Parameter Default
Authentication Privileged Exec Level Username “admin”
Web
Management
SNMP SNMP Agent Enabled
Port
Configuration
Rate Limiting Input and output limits Disabled
Table 1-2 System Defaults (Continued)
Password “admin”
Normal Exec Level Username “guest”
Password “guest”
Enable Privileged Exec
from Normal Exec Level
RADIUS Authentication Disabled
TACACS Authentication Disabled
802.1X Port Authentication Disabled
HTTPS Enabled
SSH Disabled
Port Security Disabled
IP Filtering Disabled
HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Enabled
HTTP Secure Port Number 443
Community Strings “public” (read only)
Traps Authentication traps: enabled
SNMP V3 View: defaultview
Admin Status Enabled
Flow Control
*
Password “super”
“private” (read/write)
Link-up-down events: enabled
Group: public (read only); private
(read/write)
Disabled
1-8
Page 37
Table 1-2 System Defaults (Continued)
Function Parameter Default
Port Trunking Static Trunks None
LACP (all ports) Disabled
Broadcast Storm
Protection
Spanning Tree
Algorithm
Address Table Aging Time 300 seconds
Virtual LANs Default VLAN 1
Traffic
Prioritization
Status Enabled
Broadcast Limit Rate 1042 packets per second
Status Enabled, MSTP
(Defaults: All values based on
IEEE 802.1s)
Fast Forwarding (Edge
Port)
PVID 1
Acceptable Frame Type All
Ingress Filtering Disabled
Switchport Mode (Egress
Mode)
GVRP (global) Disabled
GVRP (port interface) Disabled
Ingress Port Priority 0
Weighted Round Robin Queue: 0 1 2 3 4 5 6 7
IP Precedence Priority Disabled
IP DSCP Priority Disabled
IP Port Priority Disabled
Disabled
Hybrid: tagged/untagged frames
Weight: 1 2 4 6 8 10 12 14
S
YSTEM DEFAULTS
1-9
Page 38
I
NTRODUCTION
Function Parameter Default
IP Settings Management. VLAN Any VLAN configured with an IP
Multicast
Filtering
System Log Status Enabled
SMTP Email
Alerts
SNTP Clock Synchronization Disabled
Table 1-2 System Defaults (Continued)
address
IP Address 0.0.0.0
Subnet Mask 255.0.0.0
Default Gateway 0.0.0.0
DHCP Client: Enabled
DNS
BOOTP Disabled
IGMP Snooping Snooping: Enabled
Querier: Disabled
Messages Logged Levels 0-7 (all)
Messages Logged to Flash Levels 0-3
Event Handler Enabled (but no server defined)
* There are interoperability problems between Flow Control and Head-of-Line
(HOL) blocking for the switch ASIC; Flow Control is therefore not
supported for this switch.
1-10
Page 39
C
HAPTER
I
NITIAL
C
ONFIGURATION
Connecting to the Switch
Configuration Options
The switch includes a built-in network management agent. The agent
offers a variety of management options, including SNMP, RMON and a
web-based interface. A PC may also be connected directly to the switch for
configuration and monitoring via a command line interface (CLI).
Note: The IP address for this switch is obtained via DHCP by default.
To change this address, see “Setting an IP Address” on page 2-6.
The switch’s HTTP web agent allows you to configure switch parameters,
monitor port connections, and display statistics using a standard web
browser such as Netscape Navigator version 6.2 and higher or Microsoft
IE version 5.0 and higher. The switch’s web management interface can be
accessed from any computer attached to the network.
2
The CLI program can be accessed by a direct connection to the RS-232
serial console port on the switch, or remotely by a Telnet connection over
the network.
The switch’s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be
managed from any system in the network using network management
software such as SMC EliteView.
2-1
Page 40
I
NITIAL CONFIGURATION
The switch’s web interface, CLI configuration program, and SNMP agent
allow you to perform the following management functions:
• Set user names and passwords
• Set an IP interface for any VLAN
• Configure SNMP parameters
• Enable/disable any port
• Configure the bandwidth of any port by limiting input or output rates
• Control port access through IEEE 802.1X security or static address
filtering
• Filter packets using Access Control Lists (ACLs)
• Configure up to 255 IEEE 802.1Q VLANs
• Enable GVRP automatic VLAN registration
• Configure IGMP multicast filtering
• Upload and download system firmware via TFTP
• Upload and download switch configuration files via TFTP
• Configure Spanning Tree parameters
• Configure Class of Service (CoS) priority queuing
• Configure up to 4 static or LACP trunks
• Enable port mirroring
• Set broadcast storm control on any port
• Display system information and statistics
Required Connections
The switch provides an RS-232 serial port that enables a connection to a
PC or terminal for monitoring and configuring the switch. A null-modem
console cable is provided with the switch.
Attach a VT100-compatible terminal, or a PC running a terminal
emulation program to the switch. You can use the console cable provided
with this package, or use a null-modem cable that complies with the wiring
assignments shown in the Installation Guide.
2-2
Page 41
C
ONNECTING TO THE SWITCH
To connect a terminal to the console port, complete the following steps:
1. Connect the console cable to the serial port on a terminal, or a PC
running terminal emulation software, and tighten the captive retaining
screws on the DB-9 connector.
2. Connect the other end of the cable to the RS-232 serial port on the
switch.
3. Make sure the terminal emulation software is set as follows:
• Select the appropriate serial port (COM port 1 or COM port 2).
• Set to any of the following baud rates: 9600, 19200, 38400, 57600,
115200 (Note: Set to 9600 baud if want to view all the system
initialization messages.).
• Set the data format to 8 data bits, 1 stop bit, and no parity.
• Set flow control to none.
• Set the emulation mode to VT100.
• When using HyperTerminal, select Terminal keys, not Windows
keys.
Notes: 1. When using HyperTerminal with Microsoft
make sure that you have Windows 2000 Service Pack 2 or later
installed. Windows 2000 Service Pack 2 fixes the problem of
arrow keys not functioning in HyperTerminal’s VT100
emulation. See www.microsoft.com for information on
Windows 2000 service packs.
2. Refer to “Line Commands” on page 4-14 for a complete
description of console configuration options.
3. Once you have set up the terminal correctly, the console login
screen will be displayed.
For a description of how to use the CLI, see “Using the Command Line
Interface” on page 4-1. For a list of all the CLI commands and detailed
information on using the CLI, refer to “Command Groups” on page 4-12.
®
Windows® 2000,
2-3
Page 42
I
NITIAL CONFIGURATION
Remote Connections
Prior to accessing the switch’s onboard agent via a network connection,
you must first configure it with a valid IP address, subnet mask, and default
gateway using a console connection, DHCP or BOOTP protocol.
The IP address for this switch is obtained via DHCP by default. To
manually configure this address or enable dynamic address assignment via
DHCP or BOOTP, see “Setting an IP Address” on page 2-6.
Note: You can manage the switch through the same IP address using any
of the 10 Gigabit data ports (Ports 1-8) or though the Fast
Ethernet management port (Port 9). The management port allows
you to build a separate network for management tasks. It acn also
provide faster management access when the data ports are heavily
loaded.
Note: This switch supports four concurrent Telnet/SSH sessions.
After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The
onboard configuration program can be accessed using Telnet from any
computer attached to the network. The switch can also be managed by any
computer using a web browser (Internet Explorer 5.0 or above, or
Netscape Navigator 6.2 or above), or from a network computer using
SNMP network management software.
Note: The onboard program only provides access to basic configuration
functions. To access the full range of SNMP management
functions, you must use SNMP-based network management
software.
2-4
Page 43
B
ASIC CONFIGURATION
Basic Configuration
Console Connection
The CLI program provides two different command levels — normal
access level (Normal Exec) and privileged access level (Privileged Exec).
The commands available at the Normal Exec level are a limited subset of
those available at the Privileged Exec level and allow you to only display
information and use basic utilities. To fully configure the switch
parameters, you must access the CLI at the Privileged Exec level.
Access to both CLI levels are controlled by user names and passwords.
The switch has a default user name and password for each level. To log
into the CLI at the Privileged Exec level using the default user name and
password, perform these steps:
1. To initiate your console connection, press <Enter>. The “User Access
Verification” procedure starts.
2. At the Username prompt, enter “admin.”
3. At the Password prompt, also enter “admin.” (The password
characters are not displayed on the console screen.)
4. The session is opened and the CLI displays the “Console#” prompt
indicating you have access at the Privileged Exec level.
Setting Passwords
Note: If this is your first time to log into the CLI program, you should
define new passwords for both default user names using the
“username” command, record them and put them in a safe place.
Passwords can consist of up to 8 alphanumeric characters and are case
sensitive. To prevent unauthorized access to the switch, set the passwords
as follows:
1. Open the console interface with the default user name and password
“admin” to access the Privileged Exec level.
2-5
Page 44
I
NITIAL CONFIGURATION
2. Type “configure” and press <Enter>.
3. Type “username guest password 0 password,” for the Normal Exec
level, where password is your new password. Press <Enter>.
4. Type “username admin password 0 password,” for the Privileged Exec
level, where password is your new password. Press <Enter>.
Username: admin
Password:
CLI session with the 8*10GE L2 Switch is opened.
To end the CLI session, enter [Exit].
Console#configure
Console(config)#username guest password 0 [password]
Console(config)#username admin password 0 [password]
Console(config)#
Setting an IP Address
You must establish IP address information for the switch to obtain
management access through the network. This can be done in either of the
following ways:
Manual — You have to input the information, including IP address and
subnet mask. If your management station is not in the same IP subnet as
the switch, you will also need to specify the default gateway router.
Dynamic — The switch sends IP configuration requests to BOOTP or
DHCP address allocation servers on the network.
Manual Configuration
You can manually assign an IP address to the switch. You may also need to
specify a default gateway that resides between this device and management
stations that exist on another network segment. Valid IP addresses consist
of four decimal numbers, 0 to 255, separated by periods. Anything outside
this format will not be accepted by the CLI program.
Note: The IP address for this switch is obtained via DHCP by default.
2-6
Page 45
B
ASIC CONFIGURATION
Before you can assign an IP address to the switch, you must obtain the
following information from your network administrator:
• IP address for the switch
• Default gateway for the network
• Network mask for this network
To assign an IP address to the switch, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1”
to access the interface-configuration mode. Press <Enter>.
2. Type “ip address ip-address netmask,” where “ip-address” is the switch
IP address and “netmask” is the network mask for the network. Press
<Enter>.
3. Type “exit” to return to the global configuration mode prompt. Press
<Enter>.
4. To set the IP address of the default gateway for the network to which
the switch belongs, type “ip default-gateway gateway,” where “gateway”
is the IP address of the default gateway. Press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.5 255.255.255.0
Console(config-if)#exit
Console(config)#ip default-gateway 192.168.1.254
Console(config)#
Dynamic Configuration
If you select the “bootp” or “dhcp” option, IP will be enabled but will not
function until a BOOTP or DHCP reply has been received. You therefore
need to use the “ip dhcp restart client” command to start broadcasting
service requests. Requests will be sent periodically in an effort to obtain IP
configuration information. (BOOTP and DHCP values can include the IP
address, subnet mask, and default gateway.)
2-7
Page 46
I
NITIAL CONFIGURATION
If the “bootp” or “dhcp” option is saved to the startup-config file (step 6),
then the switch will start broadcasting service requests as soon as it is
powered on.
To automatically configure the switch by communicating with BOOTP or
DHCP address allocation servers on the network, complete the following
steps:
1. From the Global Configuration mode prompt, type “interface vlan 1”
to access the interface-configuration mode. Press <Enter>.
2. At the interface-configuration mode prompt, use one of the following
commands:
• To obtain IP settings via DHCP, type “ip address dhcp” and press
<Enter>.
• To obtain IP settings via BOOTP, type “ip address bootp” and
press <Enter>.
3. Type “end” to return to the Privileged Exec mode. Press <Enter>.
4. Type “ip dhcp restart client” to begin broadcasting service requests.
Press <Enter>.
5. Wait a few minutes, and then check the IP configuration settings by
typing the “show ip interface” command. Press <Enter>.
2-8
Page 47
B
ASIC CONFIGURATION
6. Then save your configuration changes by typing “copy running-config
startup-config.” Enter the startup file name and press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
Console(config-if)#end
Console#ip dhcp restart client
Console#show ip interface
IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1,
and address mode: DHCP.
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.
\Write to FLASH finish.
Success.
Enabling SNMP Management Access
The switch can be configured to accept management commands from
Simple Network Management Protocol (SNMP) applications such as SMC
EliteView. You can configure the switch to (1) respond to SNMP requests
or (2) generate SNMP traps.
When SNMP management stations send requests to the switch (either to
return information or to set a parameter), the switch provides the
requested data or sets the specified parameter. The switch can also be
configured to send information to SNMP managers (without being
requested by the managers) through trap messages, which inform the
manager that certain events have occurred.
The switch includes an SNMP agent that supports SNMP version 1, 2c,
and 3 clients. To provide management access for version 1 or 2c clients,
you must specify a community string. The switch provides a default MIB
View (i.e., an SNMPv3 construct) for the default “public” community
string that provides read access to the entire MIB tree, and a default view
for the “private” community string that provides read/write access to the
entire MIB tree. However, you may assign new views to version 1 or 2c
community strings that suit your specific security requirements (see page
3-72).
2-9
Page 48
I
NITIAL CONFIGURATION
Community Strings (for SNMP version 1 and 2c clients)
Community strings are used to control management access to SNMP
version 1 and 2c stations, as well as to authorize SNMP stations to receive
trap messages from the switch. You therefore need to assign community
strings to specified users, and set the access level.
The default strings are:
• public - with read-only access. Authorized management stations are
only able to retrieve MIB objects.
• private - with read-write access. Authorized management stations are
able to both retrieve and modify MIB objects.
To prevent unauthorized access to the switch from SNMP version 1 or 2c
clients, it is recommended that you change the default community strings.
To configure a community string, complete the following steps:
1. From the Privileged Exec level global configuration mode prompt,
type “snmp-server community string mode,” where “string” is the
community access string and “mode” is rw (read/write) or ro (read
only). Press <Enter>. (Note that the default mode is read only.)
2. To remove an existing string, simply type “no snmp-server community
string,” where “string” is the community access string to remove. Press
<Enter>.
Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#
Note: If you do not intend to support access to SNMP version 1 and 2c
clients, we recommend that you delete both of the default
community strings. If there are no community strings, then SNMP
management access from SNMP v1 and v2c clients is disabled.
2-10
Page 49
B
ASIC CONFIGURATION
Trap Receivers
You can also specify SNMP stations that are to receive traps from the
switch. To configure a trap receiver, use the “snmp-server host” command.
From the Privileged Exec level global configuration mode prompt, type:
“snmp-server host host-address community-string
[version {1 | 2c | 3 {auth | noauth | priv}}]”
where “host-address” is the IP address for the trap receiver,
“community-string” specifies access rights for a version 1/2c host, or is
the user name of a version 3 host, “version” indicates the SNMP client
version, and “auth | noauth | priv” means that authentication, no
authentication, or authentication and privacy is used for v3 clients.
Then press <Enter>. For a more detailed description of these parameters,
see “snmp-server host” on page 4-155. The following example creates a
trap host for each type of SNMP client.
Console(config)#snmp-server host 10.1.19.23 batman
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#
Configuring Access for SNMP Version 3 Clients
To configure management access for SNMPv3 clients, you need to first
create a view that defines the portions of MIB that the client can read or
write, assign the view to a group, and then assign the user to a group. The
following example creates one view called “mib-2” that includes the entire
MIB-2 tree branch, and then another view that includes the IEEE 802.1d
bridge MIB. It assigns these respective read and read/write views to a
group call “r&d” and specifies group authentication via MD5 or SHA. In
2-11
Page 50
I
NITIAL CONFIGURATION
the last step, it assigns a v3 user to this group, indicating that MD5 will be
used for authentication, provides the password “greenpeace” for
authentication, and the password “einstien” for encryption.
Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included
Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included
Console(config)#snmp-server group r&d v3 auth mib-2 802.1d
Console(config)#snmp-server user steve r&d v3 auth md5 greenpeace
priv des56 einstien
Console(config)#
For a more detailed explanation on how to configure the switch for access
from SNMP v3 clients, refer to “Simple Network Management Protocol”
on page 3-50, or refer to the specific CLI commands for SNMP starting on
page 4-150.
Saving Configuration Settings
Configuration commands only modify the running configuration file and
are not saved when the switch is rebooted. To save all your configuration
changes in nonvolatile storage, you must copy the running configuration
file to the start-up configuration file using the “copy” command.
To save the current configuration settings, enter the following command:
1. From the Privileged Exec mode prompt, type “copy running-config
startup-config” and press <Enter>.
2. Enter the name of the start-up file. Press <Enter>.
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.
\Write to FLASH finish.
Success.
Console#
2-12
Page 51
M
ANAGING SYSTEM FILES
Managing System Files
The switch’s flash memory supports three types of system files that can be
managed by the CLI program, web interface, or SNMP. The switch’s file
system allows files to be uploaded and downloaded, copied, deleted, and
set as a start-up file.
The three types of files are:
• Configuration — This file type stores system configuration
information and is created when configuration settings are saved.
Saved configuration files can be selected as a system start-up file or can
be uploaded via TFTP to a server for backup. The file named
“Factory_Default_Config.cfg” contains all the system default settings
and cannot be deleted from the system. If the system is booted with
the factory default settings, the switch will also create a file named
“startup1.cfg” that contains all system settings, including information
about the unit identifier and MAC address. The configuration settings
from the factory defaults configuration file are copied to this file,
which is then used to boot the switch. See “Saving or Restoring
Configuration Settings” on page 3-30 for more information. See
“Saving or Restoring Configuration Settings” on page 3-30 for more
information.
• Operation Code — System software that is executed after boot-up,
also known as run-time code. This code runs the switch operations and
provides the CLI and web management interfaces. See “Managing
Firmware” on page 3-25 for more information.
• Diagnostic Code — Software that is run during system boot-up, also
known as POST (Power On Self-Test).
Due to the size limit of the flash memory, the switch supports only two
operation code files. However, you can have as many diagnostic code files
and configuration files as available flash memory space allows.
2-13
Page 52
I
NITIAL CONFIGURATION
In the system flash memory, one file of each type must be set as the
start-up file. During a system boot, the diagnostic and operation code files
set as the start-up file are run, and then the start-up configuration file is
loaded.
Note that configuration files should be downloaded using a file name that
reflects the contents or usage of the file settings. If you download directly
to the running-config, the system will reboot, and the settings will have to
be copied from the running-config to a permanent file.
2-14
Page 53
C
HAPTER
C
ONFIGURING THE
S
WITCH
Using the Web Interface
This switch provides an embedded HTTP web agent. Using a web browser
you can configure the switch and view statistics to monitor network
activity. The web agent can be accessed by any computer on the network
using a standard web browser (Internet Explorer 5.0 or above, or Netscape
Navigator 6.2 or above).
Note: You can also use the Command Line Interface (CLI) to manage
the switch over a serial connection to the console port or via
Telnet. For more information on using the CLI, refer to Chapter 4
“Command Line Interface.”
Prior to accessing the switch from a web browser, be sure you have first
performed the following tasks:
1.Configure the switch with a valid IP address, subnet mask, and default
gateway using an out-of-band serial connection, BOOTP or DHCP
protocol. (See “Setting an IP Address” on page 2-6.)
2. Set user names and passwords using an out-of-band serial connection.
Access to the web agent is controlled by the same user names and
passwords as the onboard configuration program. (See “Setting
Passwords” on page 2-5.)
3. After you enter a user name and password, you will have access to the
system configuration program.
3
Notes: 1. You are allowed three attempts to enter the correct password;
on the third failed attempt the current connection is
terminated.
3-1
Page 54
C
ONFIGURING THE SWITCH
2. If you log into the web interface as guest (Normal Exec level),
you can view the configuration settings or change the guest
password. If you log in as “admin” (Privileged Exec level), you
can change the settings on any page.
3. If the path between your management station and this switch
does not pass through any device that uses the Spanning Tree
Algorithm, then you can set the switch port attached to your
management station to fast forwarding (i.e., enable Admin
Edge Port) to improve the switch’s response time to
management commands issued through the web interface. See
“Configuring Interface Settings” on page 3-172.
3-2
Page 55
N
AVIGATING THE WEB BROWSER INTERFACE
Navigating the Web Browser Interface
To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration
parameters and statistics. The default user name and password for the
administrator is “admin.”
Home Page
When your web browser connects with the switch’s web agent, the home
page is displayed as shown below. The home page displays the Main Menu
on the left side of the screen and System Information on the right side.
The Main Menu links are used to navigate to other menus, and display
configuration parameters and statistics.
Figure 3-1 Home Page
3-3
Page 56
C
ONFIGURING THE SWITCH
Configuration Options
Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the
Apply button to confirm the new setting. The following table summarizes
the web page configuration buttons.
Table 3-1 Web Page Configuration Buttons
Button Action
Apply Sets specified values to the system.
Revert Cancels specified values and restores current values
prior to pressing “Apply.”
Help Links directly to web help.
Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer
5.x is configured as follows: Under the menu “Tools / Internet
Options / General / Temporary Internet Files / Settings,” the
setting for item “Check for newer versions of stored pages”
should be “Every visit to the page.”
2. When using Internet Explorer 5.0, you may have to manually
refresh the screen after making configuration changes by
pressing the browser’s refresh button.
3-4
Page 57
N
AVIGATING THE WEB BROWSER INTERFACE
Panel Display
The web agent displays an image of the switch’s ports. The Mode can be
set to display different information for the ports, including Active (i.e., up
or down), Duplex (i.e., half or full duplex), or Flow Control
the image of a port opens the Port Configuration page as described on
page 3-125.
Figure 3-2 Panel Display
1
. Clicking on
1. There are interoperability problems between Flow Control and Head-of-Line (HOL) blocking for the
switch ASIC; Flow Control is therefore not supported for this switch.
3-5
Page 58
C
ONFIGURING THE SWITCH
Main Menu
Using the onboard web agent, you can define system parameters, manage
and control the switch, and all its ports, or monitor network conditions.
The following table briefly describes the selections available from this
program.
Table 3-2 Main Menu
Menu Description Page
System 3-14
System Information Provides basic system description, including
contact information
Switch Information Shows the number of ports, hardware/
firmware version numbers, and power
status
Bridge Extension Shows the bridge extension parameters 3-18
IP Configuration Sets the IP address for management access 3-20
Jumbo Frames Enables support for jumbo frames 3-24
File Management 3-25
Copy Operation Allows the transfer and copying files 3-25
Delete Allows deletion of files from the flash
memory
Set Startup Sets the startup file 3-25
Line 3-33
Console Sets console port connection parameters 3-33
Telnet Sets Telnet connection parameters 3-36
Log
Logs Sends error messages to a logging process
System Logs Stores and displays error messages
Remote Logs Configures the logging of messages to a
remote logging process
3-14
3-16
3-25
3-38
3-38
3-43
3-40
3-6
Page 59
N
AVIGATING THE WEB BROWSER INTERFACE
Table 3-2 Main Menu (Continued)
Menu Description Page
SMTP Sends an SMTP client message to a
participating server
Reset Restarts the switch 3-46
SNTP 3-47
Configuration Configures SNTP client settings, including a
specified list of servers
Clock Time Zone Sets the local time zone for the system clock 3-49
SNMP 3-50
Configuration Configures community strings and related
trap functions
Agent Status Enables or disables SNMP 3-53
SNMPv3 3-58
Engine ID Sets the SNMP v3 engine ID 3-59
Remote Engine ID Sets the SNMP v3 engine ID on a remote
device
Users Configures SNMP v3 users 3-61
Remote Users Configures SNMP v3 users on a remote
device
Groups Configures SNMP v3 groups 3-66
Views Configures SNMP v3 views 3-72
Security 3-53
User Accounts Configures user names, passwords, and
access levels
Authentication Settings Configures authentication sequence,
RADIUS and TACACS
HTTPS Settings Configures secure HTTP settings 3-81
SSH 3-84
Settings Configures Secure Shell server settings 3-89
3-44
3-47
3-53
3-60
3-63
3-75
3-76
3-7
Page 60
C
ONFIGURING THE SWITCH
Menu Description Page
Host-Key Settings Generates the host key pair (public and
Port Security Configures per port security, including
802.1X Port authentication 3-94
Information Displays global configuration settings 3-95
Configuration Configures global configuration parameters 3-96
Port Configuration Sets the authentication mode for individual
Statistics Displays protocol statistics for the selected
ACL 3-105
Configuration Configures packet filtering based on IP or
Mask Configuration Controls the order in which ACL rules are
Port Binding Binds a port to the specified ACL 3-119
IP Filter Configures IP addresses that are allowed
Port 3-121
Port Information Displays port connection status 3-121
Trunk Information Displays trunk connection status 3-121
Port Configuration Configures port connection settings 3-125
Trunk Configuration Configures trunk connection settings 3-125
Trunk Membership Specifies ports to group into static trunks 3-128
Table 3-2 Main Menu (Continued)
3-87
private)
3-91
status, response for security breach, and
maximum allowed MAC addresses
3-97
ports
3-101
port
3-105
MAC addresses
3-113
checked
3-103
management access
3-8
Page 61
N
AVIGATING THE WEB BROWSER INTERFACE
Table 3-2 Main Menu (Continued)
Menu Description Page
LACP 3-127
Configuration Allows ports to dynamically join trunks 3-130
Aggregation Port Configures parameters for link aggregation
group members
Port Counters
Information
Port Internal
Information
Port Neighbors
Information
Port Broadcast Control Sets the broadcast storm threshold for each
Trunk Broadcast Control Sets the broadcast storm threshold for each
Mirror Port
Configuration
Rate Limit 3-145
Input
Port Configuration
Input
Trunk Configuration
Output
Port Configuration
Output
Trunk Configuration
Port Statistics Lists Ethernet and RMON port statistics 3-146
Address Table 3-152
Static Addresses Displays entries for interface, address or
Dynamic Addresses Displays or edits static entries in the
Displays statistics for LACP protocol
messages
Displays settings and operational state for
the local side
Displays settings and operational state for
the remote side
port
trunk
Sets the source and target ports for
mirroring
Sets the input rate limit for each port 3-145
Sets the input rate limit for each trunk 3-145
Sets the output rate limit for each port 3-145
Sets the output rate limit for each trunk 3-145
VLAN
Address Table
3-132
3-135
3-136
3-139
3-141
3-141
3-143
3-153
3-154
3-9
Page 62
C
ONFIGURING THE SWITCH
Menu Description Page
Address Aging Sets timeout for dynamically learned entries 3-156
Spanning Tree 3-156
STA
Information Displays STA values used for the bridge 3-158
Configuration Configures global bridge settings for STP,
Port Information Displays individual port settings for STA 3-168
Trunk Information Displays individual trunk settings for STA 3-168
Port Configuration Configures individual port settings for STA 3-172
Trunk Configuration Configures individual trunk settings for
MSTP
VLAN Configuration Configures priority and VLANs for a
Port Information Displays port settings for a specified MST
Trunk Information Displays trunk settings for a specified MST
Port Configuration Configures port settings for a specified MST
Trunk Configuration Configures trunk settings for a specified
VLAN 3-184
802.1Q VLAN
GVRP Status Enables GVRP VLAN registration protocol 3-189
Basic Information Displays information on the VLAN type
Current Table Shows the current port members of each
Table 3-2 Main Menu (Continued)
3-163
RSTP and MSTP
3-172
STA
3-176
spanning tree instance
3-180
instance
3-180
instance
3-182
instance
3-182
MST instance
3-189
supported by this switch
3-190
VLAN and whether or not the port is tagged
or untagged
3-10
Page 63
N
AVIGATING THE WEB BROWSER INTERFACE
Table 3-2 Main Menu (Continued)
Menu Description Page
Static List Used to create or remove VLAN groups 3-192
Static Table Modifies the settings for an existing VLAN 3-194
Static Membership by
Port
Port Configuration Specifies default PVID and VLAN
Trunk Configuration Specifies default trunk VID and VLAN
Private VLAN
Status Enables or disables the private VLAN 3-200
Link Status Configures the private VLAN 3-201
Protocol VLAN
Configuration Creates a protocol group, specifying the
Port Configuration Maps a protocol group to a VLAN 3-204
Priority 3-206
Default Port Priority Sets the default priority for each port 3-206
Default Trunk Priority Sets the default priority for each trunk 3-206
Traffic Classes Maps IEEE 802.1p priority tags to output
Traffic Classes Status Enables/disables traffic class priorities (not
Queue Mode Sets queue mode to strict priority or
Queue Scheduling Configures Weighted Round Robin
IP Precedence/
DSCP Priority Status
Configures membership type for interfaces,
including tagged, untagged or forbidden
attributes
attributes
supported protocols
queues
implemented)
Weighted Round-Robin
queueing
Globally selects IP Precedence or DSCP
Priority, or disables both.
3-196
3-197
3-197
3-203
3-208
NA
3-209
3-210
3-213
3-11
Page 64
C
ONFIGURING THE SWITCH
Menu Description Page
IP Precedence Priority Sets IP Type of Service priority, mapping
IP DSCP Priority Sets IP Differentiated Services Code Point
IP Port Priority Status Globally enables or disables IP Port Priority 3-217
IP Port Priority Sets TCP/UDP port priority, defining the
ACL CoS Priority Sets the CoS value and corresponding
IGMP Snooping 3-221
IGMP Configuration Enables multicast filtering; configures
Multicast Router
Port Information
Static Multicast Router
Port Configuration
IP Multicast Registration
Table
IGMP Member
Port Table
Table 3-2 Main Menu (Continued)
the precedence tag to a class-of-service
value
priority, mapping a DSCP tag to a
class-of-service value
socket number and associated
class-of-service value
output queue for packets matching an ACL
rule
parameters for multicast query
Displays the ports that are attached to a
neighboring multicast router for each
VLAN ID
Assigns ports that are attached to a
neighboring multicast router
Displays all multicast groups active on this
switch, including multicast IP addresses and
VLAN ID
Indicates multicast addresses associated
with the selected VLAN
3-213
3-215
3-217
3-219
3-223
3-226
3-227
3-228
3-229
3-12
Page 65
N
AVIGATING THE WEB BROWSER INTERFACE
Table 3-2 Main Menu (Continued)
Menu Description Page
DNS 3-231
General Configuration Enables DNS; configures domain name and
domain list; and specifies IP address of
name servers for dynamic lookup
Static Host Table Configures static entries for domain name
to address mapping
Cache Displays cache entries discovered by
designated name servers
3-231
3-234
3-236
3-13
Page 66
C
ONFIGURING THE SWITCH
Basic Configuration
Displaying System Information
You can easily identify the system by displaying the device name, location
and contact information.
Field Attributes
• System Name – Name assigned to the switch system.
• Object ID – MIB II object ID for switch’s network management
subsystem.
• Location – Specifies the system location.
• Contact – Administrator responsible for the system.
• System Up Time – Length of time the management agent has been
up.
These additional parameters are displayed for the CLI.
• MAC Address – The physical layer address for this switch.
• Web server – Shows if management access via HTTP is enabled.
• Web server port – Shows the TCP port number used by the web
interface.
• Web secure server – Shows if management access via HTTPS is
enabled.
• Web secure server port – Shows the TCP port used by the HTTPS
interface.
• Telnet server – Shows if management access via Telnet is enabled.
• Telnet server port – Shows the TCP port used by the Telnet interface.
• Authentication login – Shows the user login authentication sequence.
• Jumbo Frame – Shows if jumbo frames are enabled.
• POST result – Shows results of the power-on self-test
3-14
Page 67
B
ASIC CONFIGURATION
Web – Click System, System Information. Specify the system name,
location, and contact information for the system administrator, then click
Apply. (This page also
Command Line Interface via Telnet.)
includes a Telnet button that allows access to the
Figure 3-3 System Information
3-15
Page 68
C
ONFIGURING THE SWITCH
CLI – Specify the hostname, location and contact information.
Console(config)#hostname R&D 5 4-34
Console(config)#snmp-server location WC 9 4-154
Console(config)#snmp-server contact Ted 4-153
Console(config)#exit
Console#show system 4-83
System Description: 8*10GE L2 Switch
System OID String: 1.3.6.1.4.1.259.6.10.76
System Information
System Up Time: 0 days, 4 hours, 5 minutes, and 56.31 seconds
System Name: [NONE]
System Location: [NONE]
System Contact: [NONE]
MAC Address (Unit1): 00-0C-DB-21-11-33
Web Server: Enabled
Web Server Port: 80
Web Secure Server: Enabled
Web Secure Server Port: 443
Telnet Server: Enable
Telnet Server Port: 23
Authentication login: local RADIUS none
Jumbo Frame: Disabled
POST Result:
DUMMY Test 1 ................. PASS
UART Loopback Test ........... PASS
DRAM Test .................... PASS
Timer Test ................... PASS
PCI Device 1 Test ............ PASS
I2C Bus Initialization ....... PASS
Switch Int Loopback Test ..... PASS
Done All Pass.
Console#
Displaying Switch Hardware/Software Versions
Use the Switch Information page to display hardware/firmware version
numbers for the main board and management software, as well as the
power status of the system.
Field Attributes
Main Board
• Serial Number – The serial number of the switch.
• Number of Ports – Number of built-in ports.
• Hardware Version – Hardware version of the main board.
3-16
Page 69
B
ASIC CONFIGURATION
• Internal Power Status – Displays the status of the internal power
supply.
Management Software
• EPLD Version – Version number of EEPROM Programmable Logic
Device.
• Loader Version – Version number of loader code.
• Boot-ROM Version – Version of Power-On Self-Test (POST) and
boot code.
• Operation Code Version – Version number of runtime code.
• Role – Shows that this switch is operating as Master (i.e., stand alone).
These additional parameters are displayed for the CLI.
• Unit ID – Unit number in stack.
• Redundant Power Status – Displays the status of the redundant
power supply.
Web – Click System, Switch Information.
Figure 3-4 Switch Information
3-17
Page 70
C
ONFIGURING THE SWITCH
CLI – Use the following command to display version information.
Console#show version 4-84
Unit 1
Serial Number: A000000022
Hardware Version: R01
EPLD Version: 1.00
Number of Ports: 9
Main Power Status: Up
Redundant Power Status: Not present
Agent (Master)
Unit ID: 1
Loader Version: 3.0.0.2
Boot ROM Version: 3.0.0.6
Operation Code Version: 3.0.0.4
Console#
Displaying Bridge Extension Capabilities
The Bridge MIB includes extensions for managed devices that support
Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these
extensions to display default settings for the key variables.
Field Attributes
• Extended Multicast Filtering Services – This switch does not
support the filtering of individual multicast addresses based on GMRP
(GARP Multicast Registration Protocol).
• Traffic Classes – This switch provides mapping of user priorities to
multiple traffic classes. (Refer to “Class of Service Configuration” on
page 3-206.)
• Static Entry Individual Port – This switch allows static filtering for
unicast and multicast addresses. (Refer to “Setting Static Addresses”
on page 3-153.)
• VLAN Learning – This switch uses Independent VLAN Learning
(IVL), where each port maintains its own filtering database.
3-18
Page 71
B
ASIC CONFIGURATION
• Configurable PVID Tagging – This switch allows you to override
the default Port VLAN ID (PVID used in frame tags) and egress status
(VLAN-Tagged or Untagged) on each port. (Refer to “VLAN
Configuration” on page 3-184.)
• Local VLAN Capable – This switch does not support multiple local
bridges outside of the scope of 802.1Q defined VLANs.
• GMRP – GARP Multicast Registration Protocol (GMRP) allows
network devices to register endstations with multicast groups. This
switch does not support GMRP; it uses the Internet Group
Management Protocol (IGMP) to provide automatic multicast
filtering.
Web – Click System, Bridge Extension.
Figure 3-5 Displaying Bridge Extension Configuration
3-19
Page 72
C
ONFIGURING THE SWITCH
CLI – Enter the following command.
Console#show bridge-ext 4-248
Max support VLAN numbers: 256
Max support VLAN ID: 4094
Extended multicast filtering services: No
Static entry individual port: Yes
VLAN learning: IVL
Configurable PVID tagging: Yes
Local VLAN capable: No
Traffic classes: Enabled
Global GVRP status: Disabled
GMRP: Disabled
Console#
Setting the Switch’s IP Address
An IP address may be used for management access to the switch over your
network. By default, the switch uses DHCP to assign IP settings to VLAN
1 on the switch. If you wish to manually configure IP settings, you need to
set an IP address and subnet mask that is compatible with your network.
You may also need to establish a default gateway between the switch and
management stations that exist on another network segment.
You can manually configure a specific IP address, or direct the device to
obtain an address from a BOOTP or DHCP server. Valid IP addresses
consist of four decimal numbers, 0 to 255, separated by periods. Anything
outside this format will not be accepted by the CLI program.
Command Attributes
• Management VLAN – ID of the configured VLAN (1-4093). This is
the only VLAN through which you can gain management access to the
switch. By default, all ports on the switch are members of VLAN 1, so
a management station can be connected to any port on the switch.
However, if other VLANs are configured and you change the
Management VLAN, you may lose management access to the switch.
In this case, you should reconnect the management station to a port
that is a member of the Management VLAN.
3-20
Page 73
B
ASIC CONFIGURATION
• IP Address Mode – Specifies whether IP functionality is enabled via
manual configuration (Static), Dynamic Host Configuration Protocol
(DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled,
IP will not function until a reply has been received from the server.
Requests will be broadcast periodically by the switch for an IP address.
(DHCP/BOOTP values can include the IP address, subnet mask, and
default gateway.)
• IP Address – Address of the VLAN to which the management station
is attached. (Note you can manage the switch through any configured
IP interface.) Valid IP addresses consist of four numbers, 0 to 255,
separated by periods. (Default: 0.0.0.0)
• Subnet Mask – This mask identifies the host address bits used for
routing to specific subnets. (Default: 255.0.0.0)
• Gateway IP address – IP address of the gateway router between this
device and management stations that exist on other network segments.
(Default: 0.0.0.0)
• MAC Address – The MAC address of this switch.
• Restart DHCP – Requests a new IP address from the DHCP server.
3-21
Page 74
C
ONFIGURING THE SWITCH
Manual Configuration
Web – Click System, IP Configuration. Select the VLAN through which
the management station is attached, set the IP Address Mode to “Static.”
Enter the IP address, subnet mask and gateway, then click Apply.
Figure 3-6 IP Interface Configuration - Manual
CLI – Specify the management interface, IP address and default gateway.
Console#config
Console(config)#interface vlan 1 4-170
Console(config-if)#ip address 10.1.0.253 255.255.255.0 4-279
Console(config-if)#exit
Console(config)#ip default-gateway 10.1.0.254 4-280
Console(config)#
Using DHCP/BOOTP
If your network provides DHCP/BOOTP services, you can configure the
switch to be dynamically configured by these services.
3-22
Page 75
B
ASIC CONFIGURATION
Web – Click System, IP Configuration. Specify the VLAN to which the
management station is attached, set the IP Address Mode to DHCP or
BOOTP. Click Apply to save your changes. Then click Restart DHCP to
immediately request a new address. Note that the switch will also broadcast
a request for IP configuration settings on each power reset.
Figure 3-7 IP Interface Configuration - DHCP
Note: If you lose your management connection, make a console
connection to the switch and enter “show ip interface” to
determine the new switch address.
CLI – Specify the management interface, and set the IP address mode to
DHCP or BOOTP, and then enter the “ip dhcp restart client” command.
Console#config
Console(config)#interface vlan 1 4-170
Console(config-if)#ip address dhcp 4-279
Console(config-if)#end
Console#ip dhcp restart 4-281
Console#show ip interface 4-282
IP Address and Netmask: 192.168.1.58 255.255.255.0 on VLAN 1,
Address Mode: DHCP
Console#
3-23
Page 76
C
ONFIGURING THE SWITCH
Renewing DCHP – DHCP may lease addresses to clients indefinitely or
for a specific period of time. If the address expires or the switch is moved
to another network segment, you will lose management access to the
switch. In this case, you can reboot the switch or submit a client request to
restart DHCP service via the CLI.
Web – If the address assigned by DHCP is no longer functioning, you will
not be able to renew the IP settings via the web interface. You can only
restart DHCP service via the web interface if the current address is still
available.
CLI – Enter the following command to restart DHCP service.
Console#ip dhcp restart 4-281
Console#
Configuring Support for Jumbo Frames
The switch provides more efficient throughput for large sequential data
transfers by supporting jumbo frames up to 9000 bytes. Compared to
standard Ethernet frames that run only up to 1.5 KB, using jumbo frames
significantly reduces the per-packet overhead required to process protocol
encapsulation fields.
Command Usage
To use jumbo frames, both the source and destination end nodes (such as a
computer or server) must support this feature. Also, when the connection
is operating at full duplex, all switches in the network between the two end
nodes must be able to accept the extended frame size. And for half-duplex
connections, all devices in the collision domain would need to support
jumbo frames.
Command Attributes
• Jumbo Packet Status – Configures support for jumbo frames.
(Default: Disabled)
3-24
Page 77
B
ASIC CONFIGURATION
Web – Click System, Jumbo Frames. Enable or disable support for jumbo
frames, and click Apply.
Figure 3-8 Configuring Support for Jumbo Frames
CLI – This example enables jumbo frames globally for the switch.
Console(config)#jumbo frame 4-85
Console(config)#
Managing Firmware
You can upload/download firmware to or from a TFTP server, or copy
files to and from switch units in a stack. By saving runtime code to a file on
a TFTP server, that file can later be downloaded to the switch to restore
operation. You can also set the switch to use new firmware without
overwriting the previous version. You must specify the method of file
transfer, along with the file type and file names as required.
Command Attributes
• File Transfer Method – The firmware copy operation includes these
options:
- file to file – Copies a file within the switch directory, assigning it a new
name.
- file to tftp
-tftp to file
- file to unit
- unit to file
• TFTP Server IP Address – The IP address of a TFTP server.
• File Type – Specify opcode (operational code) to copy firmware.
2. Stacking is not supported by this switch.
– Copies a file from the switch to a TFTP server.
– Copies a file from a TFTP server to the switch.
2
– Copies a file from this switch to another unit in the stack.
2
– Copies a file from another unit in the stack to this switch.
3-25
Page 78
C
ONFIGURING THE SWITCH
• File Name –
The file name should not contain slashes (\ or /),
leading letter of the file name should not be a period (.), and the
maximum length for file names on the TFTP server is 127 characters
or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9,
“.”, “-”, “_”)
• Source/Destination Unit
2
– Stack unit.
Note: Up to two copies of the system software (i.e., the runtime
firmware) can be stored in the file directory on the switch. The
currently designated startup version of this file cannot be deleted.
the
3-26
Page 79
B
ASIC CONFIGURATION
Downloading System Software from a Server
When downloading runtime code, you can specify the destination file
name to replace the current image, or first download the file using a
different name from the current runtime code file, and then set the new
file as the startup file.
Web – Click System, File Management, Copy Operation. Select “tftp to
file” as the file transfer method, enter the IP address of the TFTP server,
set the file type to “opcode,” enter the file name of the software to
download, select a file on the switch to overwrite or specify a new file
name, then click Apply. If you replaced the current firmware used for
startup and want to start using the new operation code, reboot the system
via the System/Reset menu.
Figure 3-9 Copy Firmware
If you download to a new destination file, go to the File Management, Set
Start-Up menu, mark the operation code file used at startup, and click
Apply. To start the new firmware, reboot the system via the System/Reset
menu.
3-27
Page 80
C
ONFIGURING THE SWITCH
Figure 3-10 Setting the Startup Code
To delete a file select System, File Management, Delete. Select the file
name from the given list by checking the tick box and click Apply. Note
that the file currently designated as the startup code cannot be deleted.
3-28
Figure 3-11 Deleting Files
Page 81
B
ASIC CONFIGURATION
CLI – To download new firmware form a TFTP server, enter the IP
address of the TFTP server, select “config” as the file type, then enter the
source and destination file names. When the file has finished downloading,
set the new file to start up the system, and then restart the switch.
To start the new firmware, enter the “reload” command or reboot the
system.
Console#copy tftp file 4-87
TFTP server ip address: 10.1.0.19
Choose file type:
1. config: 2. opcode: <1-2>: 2
Source file name: V3002.bix
Destination file name: V3002
\Write to FLASH Programming.
-Write to FLASH finish.
Success.
Console#config
Console(config)#boot system opcode:V3002 4-93
Console(config)#exit
Console#reload 4-30
3-29
Page 82
C
ONFIGURING THE SWITCH
Saving or Restoring Configuration Settings
You can upload/download configuration settings to/from a TFTP server,
or copy files to and from switch units in a stack. The configuration file can
be later downloaded to restore the switch’s settings.
Command Attributes
• File Transfer Method – The configuration copy operation includes
these options:
- file to file – Copies a file within the switch directory, assigning it a
new name.
- file to running-config – Copies a file in the switch to the running
configuration.
- file to startup-config – Copies a file in the switch to the startup
configuration.
- file to tftp – Copies a file from the switch to a TFTP server.
- running-config to file – Copies the running configuration to a file.
- running-config to startup-config – Copies the running config to the
startup config.
- running-config to tftp – Copies the running configuration to a TFTP
server.
- startup-config to file – Copies the startup configuration to a file on
the switch.
- startup-config to running-config – Copies the startup config to the
running config.
- startup-config to tftp – Copies the startup configuration to a TFTP
server.
- tftp to file – Copies a file from a TFTP server to the switch.
- tftp to running-config – Copies a file from a TFTP server to the
running config.
- tftp to startup-config – Copies a file from a TFTP server to the
startup config.
3-30
Page 83
B
ASIC CONFIGURATION
- file to unit3 – Copies a file from this switch to another unit in the
stack.
- unit to file
3
– Copies a file from another unit in the stack to this
switch.
• TFTP Server IP Address – The IP address of a TFTP server.
• File Type – Specify config (configuration) to copy configuration
settings.
•
File Name
(\ or /),
— The configuration file name should not contain slashes
the leading letter of the file name should not be a period (.),
and the maximum length for file names on the TFTP server is 127
characters or 31 characters for files on the switch. (Valid characters:
A-Z, a-z, 0-9, “.”, “-”, “_”)
• Source/Destination Unit
3
– Stack unit.
Note: The maximum number of user-defined configuration files is
limited only by available flash memory space.
3. Stacking is not supported by this switch.
3-31
Page 84
C
ONFIGURING THE SWITCH
Downloading Configuration Settings from a Server
You can download the configuration file under a new file name and then
set it as the startup file, or you can specify the current startup
configuration file as the destination file to directly replace it. Note that the
file “Factory_Default_Config.cfg” can be copied to the TFTP server, but
cannot be used as the destination on the switch.
Web – Click System, File Management, Copy Operation. Choose “tftp to
startup-config” or “tftp to file,” and enter the IP address of the TFTP
server. Specify the name of the file to download, select a file on the switch
to overwrite or specify a new file name, and then click Apply.
Figure 3-12 Downloading Configuration Settings for Start-Up
If you download to a new file name using “tftp to startup-config” or “tftp
to file,” the file is automatically set as the start-up configuration file. To use
the new settings, reboot the system via the System/Reset menu. You can
also select any configuration file as the start-up configuration by using the
System/File Management/Set Start-Up page.
3-32
Page 85
B
ASIC CONFIGURATION
Figure 3-13 Setting the Startup Configuration Settings
CLI – Enter the IP address of the TFTP server, specify the source file on
the server, set the startup file name on the switch, and then restart the
switch.
Console#copy tftp startup-config 4-87
TFTP server ip address: 192.168.1.19
Source configuration file name: config-1
Startup configuration file name [] : startup
\Write to FLASH Programming.
-Write to FLASH finish.
Success.
Console#reload
To select another configuration file as the start-up configuration, use the
boot system command and then restart the switch.
Console#config
Console(config)#boot system config: startup 4-93
Console(config)#exit
Console#reload 4-30
Console Port Settings
You can access the onboard configuration program by attaching a VT100
compatible device to the switch’s serial console port. Management access
through the console port is controlled by various parameters, including a
password, timeouts, and basic communication settings. These parameters
can be configured via the web or CLI interface.
3-33
Page 86
C
ONFIGURING THE SWITCH
Command Attributes
• Login Timeout – Sets the interval that the system waits for a user to
log into the CLI. If a login attempt is not detected within the timeout
interval, the connection is terminated for the session.
(Range: 0 - 300 seconds; Default: 0)
• Exec Timeout – Sets the interval that the system waits until user input
is detected. If user input is not detected within the timeout interval, the
current session is terminated. (Range: 0 - 65535 seconds; Default: 0
seconds)
• Password Threshold – Sets the password intrusion threshold, which
limits the number of failed logon attempts. When the logon attempt
threshold is reached, the system interface becomes silent for a specified
amount of time (set by the Silent Time parameter) before allowing the
next logon attempt. (Range: 0-120; Default: 3 attempts)
• Silent Time – Sets the amount of time the management console is
inaccessible after the number of unsuccessful logon attempts has been
exceeded. (Range: 0-65535; Default: 0)
• Data Bits – Sets the number of data bits per character that are
interpreted and generated by the console port. If parity is being
generated, specify 7 data bits per character. If no parity is required,
specify 8 data bits per character. (Default: 8 bits)
• Parity – Defines the generation of a parity bit. Communication
protocols provided by some terminals can require a specific parity bit
setting. Specify Even, Odd, or None. (Default: None)
• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and
receive (from terminal). Set the speed to match the baud rate of the
device connected to the serial port. (Range: 9600, 19200, 38400, 57600,
or 115200 baud, Auto; Default: Auto)
• Stop Bits – Sets the number of the stop bits transmitted per byte.
(Range: 1-2; Default: 1 stop bit)
3-34
Page 87
B
ASIC CONFIGURATION
• Password4 – Specifies a password for the line connection. When a
connection is started on a line with password protection, the system
prompts for the password. If you enter the correct password, the
system shows a prompt. (Default: No password)
• Login
4
– Enables password checking at login. You can select
authentication by a single global password as configured for the
Password parameter, or by passwords set up for specific user-name
accounts. (Default: Local)
Web – Click System, Line, Console. Specify the console port connection
parameters as required, then click Apply.
4. CLI only.
Figure 3-14 Configuring the Console Port
3-35
Page 88
C
ONFIGURING THE SWITCH
CLI – Enter Line Configuration mode for the console, then specify the
connection parameters as required. To display the current console port
settings, use the show line command from the Normal Exec level.
Console(config)#line console 4-15
Console(config-line)#login local 4-16
Console(config-line)#password 0 secret 4-17
Console(config-line)#timeout login response 0 4-18
Console(config-line)#exec-timeout 0 4-19
Console(config-line)#password-thresh 5 4-20
Console(config-line)#silent-time 60 4-21
Console(config-line)#databits 8 4-22
Console(config-line)#parity none 4-23
Console(config-line)#speed auto 4-23
Console(config-line)#stopbits 1 4-24
Console(config-line)#end
Console#show line console 4-25
Console configuration:
Password threshold: 5 times
Interactive timeout: Disabled
Login timeout: Disabled
Silent time: 60
Baudrate: auto
Databits: 8
Parity: none
Stopbits: 1
Console#
Telnet Settings
You can access the onboard configuration program over the network using
Telnet (i.e., a virtual terminal). Management access via Telnet can be
enabled/disabled and other various parameters set, including the TCP port
number, timeouts, and a password. These parameters can be configured
via the web or CLI interface.
Command Attributes
• Telnet Status – Enables or disables Telnet access to the switch.
(Default: Enabled)
• Telnet Port Number – Sets the TCP port number for Telnet on the
switch. (Default: 23)
• Login Timeout – Sets the interval that the system waits for a user to
log into the CLI. If a login attempt is not detected within the timeout
3-36
Page 89
B
ASIC CONFIGURATION
interval, the connection is terminated for the session.
(Range: 0 - 300 seconds; Default: 300 seconds)
• Exec Timeout – Sets the interval that the system waits until user input
is detected. If user input is not detected within the timeout interval, the
current session is terminated. (Range: 0 - 65535 seconds; Default: 600
seconds)
• Password Threshold – Sets the password intrusion threshold, which
limits the number of failed logon attempts. When the logon attempt
threshold is reached, the system interface becomes silent for a specified
amount of time (set by the Silent Time parameter) before allowing the
next logon attempt. (Range: 0-120; Default: 3 attempts)
• Password
5
– Specifies a password for the line connection. When a
connection is started on a line with password protection, the system
prompts for the password. If you enter the correct password, the
system shows a prompt. (Default: No password)
• Login
5
– Enables password checking at login. You can select
authentication by a single global password as configured for the
Password parameter, or by passwords set up for specific user-name
accounts. (Default: Local)
Web – Click System, Line, Telnet. Specify the connection parameters for
Telnet access, then click Apply.
Figure 3-15 Configuring the Telnet Interface
5. CLI only.
3-37
Page 90
C
ONFIGURING THE SWITCH
CLI – Enter Line Configuration mode for a virtual terminal, then specify
the connection parameters as required. To display the current virtual
terminal settings, use the show line command from the Normal Exec
level.
Console(config)#line vty 4-15
Console(config-line)#login local 4-16
Console(config-line)#password 0 secret 4-17
Console(config-line)#timeout login response 300 4-18
Console(config-line)#exec-timeout 600 4-19
Console(config-line)#password-thresh 3 4-20
Console(config-line)#end
Console#show line vty 4-25
VTY configuration:
Password threshold: 3 times
Interactive timeout: 600 sec
Login timeout: 300 sec
Console#
Configuring Event Logging
The switch allows you to control the logging of error messages, including
the type of events that are recorded in switch memory, logging to a remote
System Log (syslog) server, and displays a list of recent event messages.
System Log Configuration
The system allows you to enable or disable event logging, and specify
which levels are logged to RAM or flash memory.
Severe error messages that are logged to flash memory are permanently
stored in the switch to assist in troubleshooting network problems. Up to
4096 log entries can be stored in the flash memory, with the oldest entries
being overwritten first when the available log memory (256 kilobytes) has
been exceeded.
The System Logs page allows you to configure and limit system messages
that are logged to flash or RAM memory. The default is for event levels 0
to 3 to be logged to flash and levels 0 to 7 to be logged to RAM.
3-38
Page 91
B
ASIC CONFIGURATION
Command Attributes
• System Log Status – Enables/disables the logging of debug or error
messages to the logging process. (Default: Enabled)
• Flash Level – Limits log messages saved to the switch’s permanent
flash memory for all levels up to the specified level. For example, if
level 3 is specified, all messages from level 0 to level 3 will be logged to
flash. (Range: 0-7, Default: 3)
Table 3-3 Logging Levels
Level Level Name Description
7 Debug Debugging messages
6 Informational Informational messages only
5 Notice Normal but significant condition, such as
cold start
4 Warning Warning conditions (e.g., return false,
unexpected return)
3 Error Error conditions (e.g., invalid input, default
used)
2 Critical Critical conditions (e.g., memory allocation,
or free memory error - resource exhausted)
1 Alert Immediate action needed
0 Emergency System unusable
* There are only Level 2, 5 and 6 error messages for the current firmware release.
• RAM Level – Limits log messages saved to the switch’s temporary
RAM memory for all levels up to the specified level. For example, if
level 7 is specified, all messages from level 0 to level 7 will be logged to
RAM. (Range: 0-7, Default: 7)
Note:The Flash Level must be equal to or less than the RAM Level.
3-39
Page 92
C
ONFIGURING THE SWITCH
Web – Click System, Logs, System Logs. Specify System Log Status, set
the
level of event messages to be logged to RAM and flash memory, then click
Apply.
Figure 3-16 System Logs
CLI – Enable system logging and then specify the level of messages to be
logged to RAM and flash memory. Use the show logging command to
display the current settings.
Console(config)#logging on 4-59
Console(config)#logging history ram 0 4-60
Console(config)#exit
Console#show logging ram 4-64
Syslog logging: Disabled
History logging in RAM: level emergencies
Console#
Remote Log Configuration
The Remote Logs page allows you to configure the logging of messages
that are sent to syslog servers or other management stations. You can also
limit the event messages sent to only those messages at or above a
specified level.
Command Attributes
• Remote Log Status – Enables/disables the logging of debug or error
messages to the remote logging process. (Default: Disabled)
• Logging Facility – Sets the facility type for remote logging of syslog
messages. There are eight facility types specified by values of 16 to 23.
3-40
Page 93
B
ASIC CONFIGURATION
The facility type is used by the syslog server to dispatch log messages
to an appropriate service.
The attribute specifies the facility type tag sent in syslog messages. (See
RFC 3164.) This type has no effect on the kind of messages reported by
the switch. However, it may be used by the syslog server to process
messages, such as sorting or storing messages in the corresponding
database. (Range: 16-23, Default: 23)
• Logging Trap – Limits log messages that are sent to the remote syslog
server for all levels up to the specified level. For example, if level 3 is
specified, all messages from level 0 to level 3 will be sent to the remote
server. (Range: 0-7, Default: 7)
• Host IP List – Displays the list of remote server IP addresses that will
receive syslog messages. The maximum number of host IP addresses
allowed is five.
• Host IP Address – Specifies a new server IP address to add to the
Host IP List.
3-41
Page 94
C
ONFIGURING THE SWITCH
Web – Click System, Logs, Remote Logs. To add an IP address to the Host
IP List, type the new IP address in the Host IP Address box, and then click
Add. To delete an IP address, click the entry in the Host IP List, and then
click Remove.
3-42
Figure 3-17 Remote Logs
Page 95
B
ASIC CONFIGURATION
CLI – Enter the syslog server host IP address, choose the facility type and
set the logging trap.
Console(config)#logging host 10.1.0.9 4-61
Console(config)#logging facility 23 4-62
Console(config)#logging trap 4 4-63
Console(config)#logging trap
Console(config)#exit
Console#show logging trap 4-64
Syslog logging: Enabled
REMOTELOG status: Disabled
REMOTELOG facility type: local use 7
REMOTELOG level type: Warning conditions
REMOTELOG server ip address: 10.1.0.9
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
REMOTELOG server ip address: 0.0.0.0
Console#
Displaying Log Messages
Use the Logs page to scroll through the logged system and event messages.
The switch can store up to 2048 log entries in temporary random access
memory (RAM; i.e., memory flushed on power reset) and up to 4096
entries in permanent flash memory.
Web – Click System, Log, Logs.
Figure 3-18 Displaying Logs
3-43
Page 96
C
ONFIGURING THE SWITCH
CLI – This example shows the event message stored in RAM.
Console#show log ram 4-66
[1] 00:01:30 2001-01-01
"VLAN 1 link-up notification."
level: 6, module: 5, function: 1, and event no.: 1
[0] 00:01:30 2001-01-01
"Unit 1, Port 1 link-up notification."
level: 6, module: 5, function: 1, and event no.: 1
Console#
Sending Simple Mail Transfer Protocol Alerts
To alert system administrators of problems, the switch can use SMTP
(Simple Mail Transfer Protocol) to send email messages when triggered by
logging events of a specified level. The messages are sent to specified
SMTP servers on the network and can be retrieved using POP or IMAP
clients.
Command Attributes
• Admin Status – Enables/disables the SMTP function. (Default:
Enabled)
• Email Source Address – Sets the email address used for the “From”
field in alert messages. You may use a symbolic email address that
identifies the switch, or the address of an administrator responsible for
the switch.
• Severity – Sets the syslog severity threshold level (see table on
page 3-39) used to trigger alert messages. All events at this level or
higher will be sent to the configured email recipients. For example,
using Level 7 will report all events from level 7 to level 0. (Default:
Level 7)
• SMTP Server List – Specifies a list of up to three recipient SMTP
servers. The switch attempts to connect to the other listed servers if the
first fails. Use the New SMTP Server text field and the Add/Remove
buttons to configure the list.
3-44
Page 97
B
ASIC CONFIGURATION
• Email Destination Address List – Specifies the email recipients of
alert messages. You can specify up to five recipients. Use the New
Email Destination Address text field and the Add/Remove buttons to
configure the list.
Web – Click System, Log, SMTP. Enable SMTP, specify a source email
address, and select the minimum severity level. To add an IP address to the
SMTP Server List, type the new IP address in the SMTP Server field and
click Add. To delete an IP address, click the entry in the SMTP Server List
and click Remove. Specify up to five email addresses to receive the alert
messages, and click Apply.
Figure 3-19 Enabling and Configuring SMTP Alerts
3-45
Page 98
C
ONFIGURING THE SWITCH
CLI – Enter the IP address of at least one SMTP server, set the syslog
severity level to trigger an email message, and specify the switch (source)
and up to five recipient (destination) email addresses. Enable SMTP with
the logging sendmail command to complete the configuration. Use the
show logging sendmail command to display the current SMTP
configuration.
Console(config)#logging sendmail host 192.168.1.4 4-68
Console(config)#logging sendmail level 3 4-69
Console(config)#logging sendmail source-email
big-wheels@matel.com 4-69
Console(config)#logging sendmail destination-email
chris@matel.com 4-70
Console(config)#logging sendmail 4-71
Console(config)#exit
Console#show logging sendmail 4-71
SMTP servers
-----------------------------------------------
1. 192.168.1.4
SMTP minimum severity level: 4
SMTP destination email addresses
-----------------------------------------------
1. chris@matel.com
SMTP source email address: big-wheels@matel.com
SMTP status: Enabled
Console#
Resetting the System
Web – Click System, Reset. Click the Reset button to restart the switch.
When prompted, confirm that you want reset the switch.
Figure 3-20 Resetting the System
3-46
Page 99
B
ASIC CONFIGURATION
CLI – Use the reload command to restart the switch.
Console#reload 4-30
System will be restarted, continue <y/n>?
Note:When restarting the system, it will always run the Power-On
Self-Test.
Setting the System Clock
Simple Network Time Protocol (SNTP) allows the switch to set its internal
clock based on periodic updates from a time server (SNTP or NTP).
Maintaining an accurate time on the switch enables the system log to
record meaningful dates and times for event entries. You can also manually
set the clock using the CLI. (See “calendar set” on page 4-77.) If the clock
is not set, the switch will only record the time from the factory default set
at the last bootup.
When the SNTP client is enabled, the switch periodically sends a request
for a time update to a configured time server. You can configure up to
three time server IP addresses. The switch will attempt to poll each server
in the configured sequence.
Configuring SNTP
You can configure the switch to send time synchronization requests to
time servers.
Command Attributes
• SNTP Client – Configures the switch to operate as an SNTP client.
This requires at least one time server to be specified in the SNTP
Server field. (Default: Disabled)
• SNTP Poll Interval – Sets the interval between sending requests for
a time update from a time server. (Range: 16-16384 seconds;
Default: 16 seconds)
3-47
Page 100
C
ONFIGURING THE SWITCH
• SNTP Server – Sets the IP address for up to three time servers. The
switch attempts to update the time from the first server, if this fails it
attempts an update from the next server in the sequence.
Web – Select SNTP, Configuration. Modify any of the required
parameters, and click Apply.
Figure 3-21 SNTP Configuration
CLI – This example configures the switch to operate as an SNTP client
and then displays the current time and settings.
Console(config)#sntp client 4-72
Console(config)#sntp poll 16 4-74
Console(config)#sntp server 10.1.0.19 137.82.140.80
128.250.36.2 4-73
Console(config)#exit
Console#show sntp 4-75
Current time: Jan 6 14:56:05 2004
Poll interval: 60
Current mode: unicast
SNTP status : Enabled
SNTP server 10.1.0.19 137.82.140.80 128.250.36.2
Current server: 128.250.36.2
Console#
3-48
Loading...