SMC Networks SMC8724ML3, SMC8748ML3 User Manual

Download

TigerStack 1000

Gigabit Ethernet Switch

◆ 24/48 auto-MDI/MDI-X 10/100/1000BASE-T ports

◆ 4 RJ-45 ports shared with 4 SFP transceiver slots

◆ 1 10GBASE extender module slot

◆ Non-blocking switching architecture

◆ Support for a redundant power unit

◆ Spanning Tree Protocol, RSTP, and MSTP

◆ Up to 32 LACP or static 8-port trunks

◆ Layer 2/3/4 CoS support through eight priority queues

◆ Layer 3/4 traffic priority with IP Precedence and IP DSCP

◆ Full support for VLANs with GVRP

◆ IGMP multicast filtering and snooping

◆ Support for jumbo frames up to 9 KB

◆ Manageable via console, Web, SNMP/RMON

◆ Security features: ACL, RADIUS, 802.1x

◆ Routing features: IP/RIP routing, OSPF, VRRP, CIDR

Management Guide

SMC8724ML3 SMC8748ML3

TigerStack 1000 Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

38 Tesla Irvine, CA 92618 Phone: (949) 679-8000

June 2005

Pub. # 149100023600A

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

IMITED

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC Web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.

ARRANTY

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

ABLE OF

ONTENTS

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Description of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9

2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Stack Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Selecting the Stack Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Selecting the Backup Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Recovering from Stack Failure or Topology Change . . . . . . . . . 2-6

Broken Link for Line and Wrap-around Topologies . . . . . 2-7

Resilient IP Interface for Management Access . . . . . . . . . . 2-7

Resilient Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Renumbering the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Dynamic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Enabling SNMP Management Access . . . . . . . . . . . . . . . . . . . . 2-12

Community Strings (for SNMP version 1 and 2c clients) . 2-13

Trap Receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14

Configuring Access for SNMP Version 3 Clients . . . . . . . 2-14

Saving Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15

Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16

3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

vii

ABLE OF CONTENTS

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

Displaying Switch Hardware/Software Versions . . . . . . . . . . . 3-17

Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . 3-19

Configuring Support for Jumbo Frames . . . . . . . . . . . . . . . . . . 3-21

Setting the Switch’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . 3-22

Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

Downloading System Software from a Server . . . . . . . . . . 3-28

Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . 3-30

Downloading Configuration Settings from a Server . . . . . 3-32

Console Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

Telnet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

Configuring Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

System Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

Remote Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-41

Displaying Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Sending Simple Mail Transfer Protocol Alerts . . . . . . . . . 3-44

Renumbering the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48

Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48

Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-50

Enabling the SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53

Setting Community Access Strings . . . . . . . . . . . . . . . . . . . . . . 3-53

Specifying Trap Managers and Trap Types . . . . . . . . . . . . . . . . 3-54

Configuring SNMPv3 Management Access . . . . . . . . . . . . . . . 3-58

Setting an Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58

Specifying a Remote Engine ID . . . . . . . . . . . . . . . . . . . . . 3-59

Configuring SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . . . 3-60

Configuring Remote SNMPv3 Users . . . . . . . . . . . . . . . . . 3-63

Configuring SNMPv3 Groups . . . . . . . . . . . . . . . . . . . . . . 3-66

viii

ABLE OF CONTENTS

Setting SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72

User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74

Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75

Configuring Local/Remote Logon Authentication . . . . . . . . . 3-76

Configuring HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80

Replacing the Default Secure-site Certificate . . . . . . . . . . . 3-82

Configuring the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83

Generating the Host Key Pair . . . . . . . . . . . . . . . . . . . . . . 3-86

Configuring the SSH Server . . . . . . . . . . . . . . . . . . . . . . . . 3-88

Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90

Configuring 802.1X Port Authentication . . . . . . . . . . . . . . . . . 3-93

Displaying 802.1X Global Settings . . . . . . . . . . . . . . . . . . . 3-94

Configuring 802.1X Global Settings . . . . . . . . . . . . . . . . . 3-95

Configuring Port Settings for 802.1X . . . . . . . . . . . . . . . . 3-96

Displaying 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . . . 3-99

Filtering IP Addresses for Management Access . . . . . . . . . . . 3-101

Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-103

Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . 3-103

Setting the ACL Name and Type . . . . . . . . . . . . . . . . . . . 3-104

Configuring a Standard IP ACL . . . . . . . . . . . . . . . . . . . . 3-105

Configuring an Extended IP ACL . . . . . . . . . . . . . . . . . . 3-106

Configuring a MAC ACL . . . . . . . . . . . . . . . . . . . . . . . . . 3-109

Configuring ACL Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111

Specifying the Mask Type . . . . . . . . . . . . . . . . . . . . . . . . . 3-112

Configuring an IP ACL Mask . . . . . . . . . . . . . . . . . . . . . . 3-113

Configuring a MAC ACL Mask . . . . . . . . . . . . . . . . . . . . 3-115

Binding a Port to an Access Control List . . . . . . . . . . . . . . . . 3-117

Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119

Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . 3-119

Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . 3-122

Creating Trunk Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-125

Statically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . 3-126

Enabling LACP on Selected Ports . . . . . . . . . . . . . . . . . . 3-128

Configuring LACP Parameters . . . . . . . . . . . . . . . . . . . . . 3-130

Displaying LACP Port Counters . . . . . . . . . . . . . . . . . . . 3-134

Displaying LACP Settings and Status for the Local Side 3-135

Displaying LACP Settings and Status for Remote Side . 3-138

ABLE OF CONTENTS

Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . . . . . . . 3-140

Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142

Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144

Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145

Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151

Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151

Displaying the Address Table . . . . . . . . . . . . . . . . . . . . . . . . . 3-153

Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155

Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . . . . . . . 3-155

Displaying Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157

Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161

Displaying Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-166

Configuring Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . 3-170

Configuring Multiple Spanning Trees . . . . . . . . . . . . . . . . . . . 3-173

Displaying Interface Settings for MSTP . . . . . . . . . . . . . . . . . 3-177

Configuring Interface Settings for MSTP . . . . . . . . . . . . . . . . 3-179

VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181

IEEE 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181

Enabling or Disabling GVRP (Global Setting) . . . . . . . 3-185

Displaying Basic VLAN Information . . . . . . . . . . . . . . . 3-186

Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . . . 3-187

Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-188

Adding Static Members to VLANs (VLAN Index) . . . . 3-190

Adding Static Members to VLANs (Port Index) . . . . . . 3-193

Configuring VLAN Behavior for Interfaces . . . . . . . . . . 3-194

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197

Enabling Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 3-197

Configuring Uplink and Downlink Ports . . . . . . . . . . . . 3-198

Configuring Protocol-Based VLANs . . . . . . . . . . . . . . . . . . . 3-199

Configuring Protocol Groups . . . . . . . . . . . . . . . . . . . . . 3-200

Mapping Protocols to VLANs . . . . . . . . . . . . . . . . . . . . . 3-201

Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203

Layer 2 Queue Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203

Setting the Default Priority for Interfaces . . . . . . . . . . . . 3-203

Mapping CoS Values to Egress Queues . . . . . . . . . . . . . 3-205

Selecting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . 3-207

Setting the Service Weight for Traffic Classes . . . . . . . . . 3-208

ABLE OF CONTENTS

Layer 3/4 Priority Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209

Mapping Layer 3/4 Priorities to CoS Values . . . . . . . . . . 3-209

Selecting IP Precedence/DSCP Priority . . . . . . . . . . . . . 3-210

Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210

Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212

Mapping IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . 3-214

Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216

Configuring Quality of Service Parameters . . . . . . . . . . . . . . 3-217

Configuring a Class Map . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218

Creating QoS Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221

Attaching a Policy Map to Ingress Queues . . . . . . . . . . . 3-225

Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226

Layer 2 IGMP (Snooping and Query) . . . . . . . . . . . . . . . . . . . 3-227

Configuring IGMP Snooping and Query Parameters . . . 3-228

Displaying Interfaces Attached to a Multicast Router . . . 3-230

Specifying Static Interfaces for a Multicast Router . . . . . 3-231

Displaying Port Members of Multicast Services . . . . . . . 3-232

Assigning Ports to Multicast Services . . . . . . . . . . . . . . . 3-233

Configuring Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . 3-235

Configuring General DNS Server Parameters . . . . . . . . . . . . 3-235

Configuring Static DNS Host to Address Entries . . . . . . . . . 3-238

Displaying the DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-240

Dynamic Host Configuration Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-242

Configuring DHCP Relay Service . . . . . . . . . . . . . . . . . . . . . . 3-242

Configuring the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . 3-244

Enabling the Server, Setting Excluded Addresses . . . . . . 3-245

Configuring Address Pools . . . . . . . . . . . . . . . . . . . . . . . . 3-246

Displaying Address Bindings . . . . . . . . . . . . . . . . . . . . . . 3-252

Configuring Router Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-254

Virtual Router Redundancy Protocol . . . . . . . . . . . . . . . . . . . . 3-256

Configuring VRRP Groups . . . . . . . . . . . . . . . . . . . . . . . 3-256

Displaying VRRP Global Statistics . . . . . . . . . . . . . . . . . 3-262

Displaying VRRP Group Statistics . . . . . . . . . . . . . . . . . . 3-263

IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-265

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-265

Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-265

ABLE OF CONTENTS

IP Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266

Basic IP Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-269

Configuring IP Routing Interfaces . . . . . . . . . . . . . . . . . . . . . 3-271

Address Resolution Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 3-273

Displaying Statistics for IP Protocols . . . . . . . . . . . . . . . . . . . 3-282

Configuring Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-289

Displaying the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-290

Configuring the Routing Information Protocol . . . . . . . . . . . 3-292

Configuring the Open Shortest Path First Protocol . . . . . . . . 3-303

Routing Path Management . . . . . . . . . . . . . . . . . . . . . . . . 3-268

Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-268

Proxy ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274

Basic ARP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-274

Configuring Static ARP Addresses . . . . . . . . . . . . . . . . . 3-276

Displaying Dynamically Learned ARP Entries . . . . . . . . 3-277

Displaying Local ARP Entries . . . . . . . . . . . . . . . . . . . . . 3-279

Displaying ARP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 3-280

IP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282

ICMP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284

UDP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-287

TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-288

Configuring General Protocol Settings . . . . . . . . . . . . . . 3-293

Specifying Network Interfaces for RIP . . . . . . . . . . . . . . 3-295

Configuring Network Interfaces for RIP . . . . . . . . . . . . . 3-296

Displaying RIP Information and Statistics . . . . . . . . . . . 3-300

Configuring General Protocol Settings . . . . . . . . . . . . . . 3-305

Configuring OSPF Areas . . . . . . . . . . . . . . . . . . . . . . . . . 3-309

Configuring Area Ranges

(Route Summarization for ABRs) . . . . . . . . . . . . 3-313

Configuring OSPF Interfaces . . . . . . . . . . . . . . . . . . . . . . 3-315

Configuring Virtual Links . . . . . . . . . . . . . . . . . . . . . . . . . 3-321

Configuring Network Area Addresses . . . . . . . . . . . . . . . 3-323

Configuring Summary Addresses

(for External AS Routes) . . . . . . . . . . . . . . . . . . . . 3-325

Redistributing External Routes . . . . . . . . . . . . . . . . . . . . 3-327

Configuring NSSA Settings . . . . . . . . . . . . . . . . . . . . . . . 3-329

Displaying Link State Database Information . . . . . . . . . 3-330

xii

ABLE OF CONTENTS

Displaying Information on Border Routers . . . . . . . . . . . 3-333

Displaying Information on Neighbor Routers . . . . . . . . 3-334

4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . 4-1

Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Negating the Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-6

Using Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Understanding Command Modes . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Command Line Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11

Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14

line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

timeout login response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20

silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21

databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21

parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23

stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

xiii

ABLE OF CONTENTS

General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26

enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28

configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28

show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

Device Designation Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-33

prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33

hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

switch renumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

show management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39

Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40

ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42

ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43

Telnet Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

ip telnet server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45

ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48

ip ssh timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49

ip ssh authentication-retries . . . . . . . . . . . . . . . . . . . . . . . . 4-50

ip ssh server-key size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51

delete public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51

ip ssh crypto host-key generate . . . . . . . . . . . . . . . . . . . . . 4-52

ip ssh crypto zeroize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53

ip ssh save host-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54

show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54

xiv

ABLE OF CONTENTS

show ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55

show public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56

Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57

logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58

logging history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58

logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60

logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60

logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61

clear log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62

show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62

show log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64

SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65

logging sendmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65

logging sendmail level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66

logging sendmail source-email . . . . . . . . . . . . . . . . . . . . . . 4-67

logging sendmail destination-email . . . . . . . . . . . . . . . . . . 4-68

logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68

show logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70

sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71

sntp poll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72

show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-73

clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-73

calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74

show calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75

System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75

show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76

show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78

show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-80

show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81

Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82

jumbo frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82

Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83

copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84

delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87

ABLE OF CONTENTS

dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-88

whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89

boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90

Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91

Authentication Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91

authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92

authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93

RADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94

radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95

radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96

radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96

radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97

radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97

show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98

TACACS+ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99

tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99

tacacs-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100

tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100

show tacacs-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101

Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101

port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102

802.1X Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104

dot1x system-auth-control . . . . . . . . . . . . . . . . . . . . . . . . 4-105

dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105

dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105

dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106

dot1x operation-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107

dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108

dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108

dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . 4-109

dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . . . . 4-109

dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110

show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110

Access Control List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114

IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116

access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117

permit, deny (Standard ACL) . . . . . . . . . . . . . . . . . . . . . 4-118

xvi

ABLE OF CONTENTS

permit, deny (Extended ACL) . . . . . . . . . . . . . . . . . . . . . 4-119

show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121

access-list ip mask-precedence . . . . . . . . . . . . . . . . . . . . . 4-122

mask (IP ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123

show access-list ip mask-precedence . . . . . . . . . . . . . . . . 4-126

ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127

show ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128

MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128

access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129

permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 4-130

show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-132

access-list mac mask-precedence . . . . . . . . . . . . . . . . . . . 4-132

mask (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-133

show access-list mac mask-precedence . . . . . . . . . . . . . . 4-135

mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136

show mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137

ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137

show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137

show access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-139

snmp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-140

show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-140

snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-141

snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-142

snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-143

snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-143

snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-146

snmp-server engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147

show snmp engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149

snmp-server view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-150

show snmp view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-151

snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-152

show snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-153

snmp-server user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-154

show snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-156

xvii

ABLE OF CONTENTS

DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-157

DHCP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-157

ip dhcp client-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-157

ip dhcp restart client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-158

DHCP Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159

ip dhcp restart relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-159

ip dhcp relay server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-160

DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161

service dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-162

ip dhcp excluded-address . . . . . . . . . . . . . . . . . . . . . . . . . 4-163

ip dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163

network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-164

default-router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-165

domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-166

dns-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167

next-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167

bootfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-168

netbios-name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-169

netbios-node-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170

lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-171

host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-172

client-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173

hardware-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-174

clear ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175

show ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176

DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-177

ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-178

clear host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-179

ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-179

ip domain-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-180

ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-181

ip domain-lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-182

show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-183

show dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-184

show dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-184

clear dns cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-185

xviii

ABLE OF CONTENTS

Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-186

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-187

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-187

speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-188

negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-189

capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-190

media-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-192

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-193

switchport broadcast packet-rate . . . . . . . . . . . . . . . . . . . . . . . 4-194

clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-195

show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-196

show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-197

show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-199

Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-200

port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-201

show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202

Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-203

rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-203

Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-204

channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-206

lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-206

lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-208

lacp admin-key (Ethernet Interface) . . . . . . . . . . . . . . . . . . . . 4-209

lacp admin-key (Port Channel) . . . . . . . . . . . . . . . . . . . . . . . . . 4-210

lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-211

show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-212

Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-216

mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-217

clear mac-address-table dynamic . . . . . . . . . . . . . . . . . . . . . . . 4-218

show mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-219

mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . 4-220

show mac-address-table aging-time . . . . . . . . . . . . . . . . . . . . . 4-220

Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221

spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222

spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-223

spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-225

spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-226

xix

ABLE OF CONTENTS

spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-226

spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-227

spanning-tree pathcost method . . . . . . . . . . . . . . . . . . . . . . . . 4-228

spanning-tree transmission-limit . . . . . . . . . . . . . . . . . . . . . . . 4-229

spanning-tree mst-configuration . . . . . . . . . . . . . . . . . . . . . . . 4-229

mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230

mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-231

name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-232

revision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233

max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233

spanning-tree spanning-disabled . . . . . . . . . . . . . . . . . . . . . . . 4-234

spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-235

spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-236

spanning-tree edge-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-237

spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-238

spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-239

spanning-tree mst cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-240

spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . . . 4-241

spanning-tree protocol-migration . . . . . . . . . . . . . . . . . . . . . . 4-242

show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-243

show spanning-tree mst configuration . . . . . . . . . . . . . . . . . . 4-245

VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-245

Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-246

vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-246

vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-247

Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 4-248

interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-249

switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-250

switchport acceptable-frame-types . . . . . . . . . . . . . . . . . 4-251

switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . 4-252

switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-253

switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . 4-254

switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . 4-255

Displaying VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . 4-256

show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-256

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 4-257

pvlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-257

ABLE OF CONTENTS

show pvlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-258

Configuring Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . 4-259

protocol-vlan protocol-group (Configuring Groups) . . . 4-260 protocol-vlan protocol-group (Configuring Interfaces) . 4-261

show protocol-vlan protocol-group . . . . . . . . . . . . . . . . . 4-262

show interfaces protocol-vlan protocol-group . . . . . . . . 4-263

GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . . . . . . 4-264

bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-264

show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-265

switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-266

show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 4-266

garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-267

show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-268

Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-269

Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-269

queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-270

switchport priority default . . . . . . . . . . . . . . . . . . . . . . . . 4-271

queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272

queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-273

show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-274

show queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-275

show queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-275

Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . . . . . . 4-276

map ip port (Global Configuration) . . . . . . . . . . . . . . . . . 4-276

map ip port (Interface Configuration) . . . . . . . . . . . . . . . 4-277

map ip precedence (Global Configuration) . . . . . . . . . . . 4-278

map ip precedence (Interface Configuration) . . . . . . . . . 4-278

map ip dscp (Global Configuration) . . . . . . . . . . . . . . . . 4-279

map ip dscp (Interface Configuration) . . . . . . . . . . . . . . . 4-280

show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-281

show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . 4-282

show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-283

Quality of Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-284

class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-286

match . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-287

policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-289

class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-290

xxi

ABLE OF CONTENTS

set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-291

police . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-292

service-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-293

show class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-294

show policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-294

show policy-map interface . . . . . . . . . . . . . . . . . . . . . . . . 4-295

Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-296

IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-296

ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-297

ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . 4-297

ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . . . . 4-298

show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-299

show mac-address-table multicast . . . . . . . . . . . . . . . . . . 4-299

IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-300

ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . 4-301

ip igmp snooping query-count . . . . . . . . . . . . . . . . . . . . . 4-301

ip igmp snooping query-interval . . . . . . . . . . . . . . . . . . . . 4-302

ip igmp snooping query-max-response-time . . . . . . . . . . 4-303

ip igmp snooping router-port-expire-time . . . . . . . . . . . . 4-304

Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-305

ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . 4-305

show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . 4-306

IP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-307

Basic IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-307

ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-308

ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-310

show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-311

show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-311

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-312

Address Resolution Protocol (ARP) . . . . . . . . . . . . . . . . . . . . 4-313

arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-314

arp-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-315

clear arp-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-315

show arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-316

ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-316

xxii

ABLE OF CONTENTS

IP Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-317

Global Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 4-318

ip routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-318

ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-319

clear ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-320

show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-320

show ip host-route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-322

show ip traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-323

Routing Information Protocol (RIP) . . . . . . . . . . . . . . . . . . . . 4-324

router rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-325

timers basic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-325

network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-327

neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-328

version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-328

ip rip receive version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-330

ip rip send version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-331

ip split-horizon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-332

ip rip authentication key . . . . . . . . . . . . . . . . . . . . . . . . . . 4-333

ip rip authentication mode . . . . . . . . . . . . . . . . . . . . . . . . 4-334

show rip globals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-335

show ip rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-336

Open Shortest Path First (OSPF) . . . . . . . . . . . . . . . . . . . . . . 4-338

router ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-340

router-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-340

compatible rfc1583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-341

default-information originate . . . . . . . . . . . . . . . . . . . . . . 4-342

timers spf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-343

area range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-344

area default-cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-345

summary-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-346

redistribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-347

network area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-348

area stub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-350

area nssa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-351

area virtual-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-353

ip ospf authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-356

ip ospf authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . 4-357

xxiii

ABLE OF CONTENTS

ip ospf message-digest-key . . . . . . . . . . . . . . . . . . . . . . . . 4-358

ip ospf cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-359

ip ospf dead-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-360

ip ospf hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-361

ip ospf priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-361

ip ospf retransmit-interval . . . . . . . . . . . . . . . . . . . . . . . . 4-362

ip ospf transmit-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-363

show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-364

show ip ospf border-routers . . . . . . . . . . . . . . . . . . . . . . . 4-365

show ip ospf database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-366

show ip ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-375

show ip ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-376

show ip ospf summary-address . . . . . . . . . . . . . . . . . . . . 4-377

show ip ospf virtual-links . . . . . . . . . . . . . . . . . . . . . . . . . 4-378

Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-379

Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-379

ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . 4-379

show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . 4-380

Router Redundancy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-381

Virtual Router Redundancy Protocol Commands . . . . . . . . . 4-381

vrrp ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-382

vrrp authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-383

vrrp priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-384

vrrp timers advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-385

vrrp preempt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-386

show vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-387

show vrrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-389

show vrrp router counters . . . . . . . . . . . . . . . . . . . . . . . . 4-390

show vrrp interface counters . . . . . . . . . . . . . . . . . . . . . . 4-391

clear vrrp router counters . . . . . . . . . . . . . . . . . . . . . . . . . 4-391

clear vrrp interface counters . . . . . . . . . . . . . . . . . . . . . . . 4-392

xxiv

ABLE OF CONTENTS

APPENDICES:

A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . .A-1

Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3

Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3

Management Information Bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-4

B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-1

Problems Accessing the Management Interface . . . . . . . . . . . . . . . . . . . B-1

Using System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3

Glossary

Index

xxv

ABLE OF CONTENTS

xxvi

ABLES

Table 1-1. Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Table 1-2 System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9

Table 3-1 Web Page Configuration Buttons . . . . . . . . . . . . . . . . . . . 3-4

Table 3-2 Switch Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Table 3-3 Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

Table 3-4. SNMPv3 Security Models and Levels . . . . . . . . . . . . . . . 3-52

Table 3-5 Supported Notification Messages . . . . . . . . . . . . . . . . . . 3-67

Table 3-6 HTTPS System Support . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81

Table 3-7 802.1X Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-99

Table 3-8 LACP Port Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134

Table 3-9 LACP Internal Configuration Information . . . . . . . . . . 3-135

Table 3-10 LACP Neighbor Configuration Information . . . . . . . . 3-138

Table 3-11 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146

Table 3-12 Mapping CoS Values to Egress Queues . . . . . . . . . . . . 3-205

Table 3-13 CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205

Table 3-14 Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . 3-211

Table 3-15 Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . 3-213

Table 3-16 Address Resolution Protocol . . . . . . . . . . . . . . . . . . . . . 3-273

Table 3-17 ARP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280

Table 3-18 IP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282

Table 3-19 ICMP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-285

Table 3-20 USP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-287

Table 3-21 TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-288

Table 3-22 RIP Information and Statistics . . . . . . . . . . . . . . . . . . . . 3-301

Table 4-1 General Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Table 4-2 Configuration Command Modes . . . . . . . . . . . . . . . . . . . 4-10

Table 4-3 Keystroke Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11

Table 4-4 Command Group Index . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

Table 4-5 Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14

Table 4-6 General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26

Table 4-7 System Management Commands . . . . . . . . . . . . . . . . . . . 4-32

Table 4-8 Device Designation Commands . . . . . . . . . . . . . . . . . . . . 4-33

Table 4-9 User Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

Table 4-10 Default Login Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36

Table 4-11 IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

Table 4-12 Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40

xxvii

ABLES

Table 4-13 HTTPS System Support . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43

Table 4-14 Telnet Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

Table 4-15 Secure Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46

Table 4-16 show ssh - display description . . . . . . . . . . . . . . . . . . . . . 4-55

Table 4-17 Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-57

Table 4-18 Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59

Table 4-19 show logging flash/ram - display description . . . . . . . . . 4-63

Table 4-20 show logging trap - display description . . . . . . . . . . . . . . 4-64

Table 4-21 SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65

Table 4-22 Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

Table 4-23 System Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-75

Table 4-24 Frame Size Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82

Table 4-25 Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83

Table 4-26 File Directory Information . . . . . . . . . . . . . . . . . . . . . . . . 4-88

Table 4-27 Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-91

Table 4-28 Authentication Sequence Commands . . . . . . . . . . . . . . . 4-91

Table 4-29 RADIUS Client Commands . . . . . . . . . . . . . . . . . . . . . . . 4-94

Table 4-30 TACACS+ Client Commands . . . . . . . . . . . . . . . . . . . . . 4-99

Table 4-31 Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-102

Table 4-32 802.1X Port Authentication Commands . . . . . . . . . . . . 4-104

Table 4-33 Access Control List Commands . . . . . . . . . . . . . . . . . . . 4-116

Table 4-34 IP ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116

Table 4-35 MAC ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128

Table 4-36 ACL Information Commands . . . . . . . . . . . . . . . . . . . . 4-137

Table 4-37 SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-139

Table 4-38 show snmp engine-id - display description . . . . . . . . . . 4-149

Table 4-39 show snmp view - display description . . . . . . . . . . . . . . 4-151

Table 4-40 show snmp group - display description . . . . . . . . . . . . . 4-154

Table 4-41 show snmp user - display description . . . . . . . . . . . . . . 4-156

Table 4-42 DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-157

Table 4-43 DHCP Client Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-157

Table 4-44 DHCP Relay Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-159

Table 4-45 DHCP Server Commands . . . . . . . . . . . . . . . . . . . . . . . 4-161

Table 4-46 DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-177

Table 4-47 show dns cache - display description . . . . . . . . . . . . . . . 4-185

Table 4-48 Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-186

Table 4-50 Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-200

xxviii

ABLES

Table 4-49 show interfaces switchport - display description . . . . . . 4-200

Table 4-51 Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-203

Table 4-52 Link Aggregation Commands . . . . . . . . . . . . . . . . . . . . . 4-204

Table 4-53 show lacp counters - display description . . . . . . . . . . . . 4-212

Table 4-54 show lacp internal - display description . . . . . . . . . . . . . 4-213

Table 4-55 show lacp neighbors - display description . . . . . . . . . . . 4-215

Table 4-57 Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . 4-216

Table 4-56 show lacp sysid - display description . . . . . . . . . . . . . . . 4-216

Table 4-58 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . 4-221

Table 4-59 VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-245

Table 4-60 Editing VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 4-246

Table 4-61 Configuring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . 4-248

Table 4-62 Displaying VLAN Information . . . . . . . . . . . . . . . . . . . 4-256

Table 4-63 Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . 4-257

Table 4-64 Protocol-based VLAN Commands . . . . . . . . . . . . . . . . 4-259

Table 4-65 GVRP and Bridge Extension Commands . . . . . . . . . . . 4-264

Table 4-66 Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-269

Table 4-67 Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . 4-269

Table 4-68 Default CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . 4-273

Table 4-69 Priority Commands (Layer 3 and 4) . . . . . . . . . . . . . . . . 4-276

Table 4-70 Mapping IP Precedence to CoS Values . . . . . . . . . . . . . 4-279

Table 4-71 Mapping IP DSCP to CoS Values . . . . . . . . . . . . . . . . . 4-280

Table 4-72 Quality of Service Commands . . . . . . . . . . . . . . . . . . . . 4-284

Table 4-73 Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . 4-296

Table 4-74 IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . 4-296

Table 4-75 IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . 4-300

Table 4-76 Static Multicast Routing Commands . . . . . . . . . . . . . . . 4-305

Table 4-77 IP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-307

Table 4-78 Basic IP Configuration Commands . . . . . . . . . . . . . . . . 4-307

Table 4-79 Address Resolution Protocol Commands . . . . . . . . . . . 4-313

Table 4-80 IP Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 4-317

Table 4-81 Global Routing Configuration Commands . . . . . . . . . . 4-318

Table 4-82 show ip route - display description . . . . . . . . . . . . . . . . . 4-321

Table 4-83 show ip host-route - display description . . . . . . . . . . . . 4-322

Table 4-84 Routing Information Protocol Commands . . . . . . . . . . 4-324

Table 4-85 show rip globals - display description . . . . . . . . . . . . . . 4-335

Table 4-86 show ip rip - display description . . . . . . . . . . . . . . . . . . . 4-337

xxix

ABLES

Table 4-87 Open Shortest Path First Commands . . . . . . . . . . . . . . 4-338

Table 4-88 show ip ospf - display description . . . . . . . . . . . . . . . . . 4-364

Table 4-89 show ip ospf border-routers - display description . . . . . 4-365

Table 4-90 show ip ospf database - display description . . . . . . . . . . 4-367

Table 4-91 show ip ospf asbr-summary - display description . . . . . 4-368

Table 4-92 show ip ospf database-summary - display description . 4-369

Table 4-93 show ip ospf external - display description . . . . . . . . . . 4-370

Table 4-94 show ip ospf network - display description . . . . . . . . . . 4-371

Table 4-95 show ip ospf router - display description . . . . . . . . . . . . 4-373

Table 4-96 show ip ospf summary - display description . . . . . . . . . 4-374

Table 4-97 show ip ospf interface - display description . . . . . . . . . . 4-375

Table 4-98 show ip ospf neighbor - display description . . . . . . . . . 4-377

Table 4-99 show ip ospf virtual-links - display description . . . . . . . 4-378

Table 4-100 Static Multicast Routing Commands . . . . . . . . . . . . . . . 4-379

Table 4-101 Router Redundancy Commands . . . . . . . . . . . . . . . . . . 4-381

Table 4-102 VRRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-381

Table 4-103 show vrrp - display description . . . . . . . . . . . . . . . . . . . 4-388

Table 4-104 show vrrp brief - display description . . . . . . . . . . . . . . . 4-389

Table B-1 Troubleshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1

xxx

IGURES

Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Figure 3-2 Front Panel Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Figure 3-3 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

Figure 3-4 Switch Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

Figure 3-5 Displaying Bridge Extension Configuration . . . . . . . . . 3-20

Figure 3-6 Configuring Support for Jumbo Frames . . . . . . . . . . . . 3-21

Figure 3-7 IP Interface Configuration - Manual . . . . . . . . . . . . . . . 3-23

Figure 3-8 Default Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

Figure 3-9 IP Interface Configuration - DHCP . . . . . . . . . . . . . . . 3-25

Figure 3-10 Copy Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28

Figure 3-11 Setting the Startup Code . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

Figure 3-12 Deleting Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

Figure 3-13 Downloading Configuration Settings for Start-Up . . . . 3-32

Figure 3-14 Setting the Startup Configuration Settings . . . . . . . . . . . 3-33

Figure 3-15 Configuring the Console Port . . . . . . . . . . . . . . . . . . . . 3-35

Figure 3-16 Configuring the Telnet Interface . . . . . . . . . . . . . . . . . . 3-37

Figure 3-17 System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40

Figure 3-18 Remote Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42

Figure 3-19 Displaying Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Figure 3-20 Enabling and Configuring SMTP Alerts . . . . . . . . . . . . 3-45

Figure 3-21 Renumbering the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

Figure 3-22 Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

Figure 3-23 SNTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49

Figure 3-24 Clock Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50

Figure 3-25 Enabling the SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . 3-53

Figure 3-26 Configuring SNMP Community Strings . . . . . . . . . . . . 3-54

Figure 3-27 Configuring SNMP Trap Managers . . . . . . . . . . . . . . . . 3-57

Figure 3-28 Setting the SNMPv3 Engine ID . . . . . . . . . . . . . . . . . . . 3-59

Figure 3-29 Setting an Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60

Figure 3-30 Configuring SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . 3-62

Figure 3-31 Configuring Remote SNMPv3 Users . . . . . . . . . . . . . . . 3-65

Figure 3-32 Configuring SNMPv3 Groups . . . . . . . . . . . . . . . . . . . . 3-71

Figure 3-33 Configuring SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . 3-73

Figure 3-34 User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76

Figure 3-35 Authentication Server Settings . . . . . . . . . . . . . . . . . . . . 3-79

Figure 3-36 HTTPS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-82

xxxi

IGURES

Figure 3-37 SSH Host-Key Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87

Figure 3-38 SSH Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89

Figure 3-39 Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92

Figure 3-40 802.1X Global Information . . . . . . . . . . . . . . . . . . . . . . 3-94

Figure 3-41 802.1X Global Configuration . . . . . . . . . . . . . . . . . . . . . 3-95

Figure 3-42 802.1X Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-97

Figure 3-43 802.1X Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 3-100

Figure 3-44 IP Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102

Figure 3-45 Selecting ACL Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105

Figure 3-46 ACL Configuration - Standard IP . . . . . . . . . . . . . . . . 3-106

Figure 3-47 ACL Configuration - Extended IP . . . . . . . . . . . . . . . . 3-108

Figure 3-48 ACL Configuration - MAC . . . . . . . . . . . . . . . . . . . . . . 3-110

Figure 3-49 Selecting ACL Mask Types . . . . . . . . . . . . . . . . . . . . . . 3-112

Figure 3-50 ACL Mask Configuration - IP . . . . . . . . . . . . . . . . . . . 3-114

Figure 3-51 ACL Mask Configuration - MAC . . . . . . . . . . . . . . . . . 3-116

Figure 3-52 ACL Port Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118

Figure 3-53 Port - Port Information . . . . . . . . . . . . . . . . . . . . . . . . 3-120

Figure 3-54 Port - Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-124

Figure 3-55 Static Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . 3-127

Figure 3-56 LACP Trunk Configuration . . . . . . . . . . . . . . . . . . . . . 3-129

Figure 3-57 LACP - Aggregation Port . . . . . . . . . . . . . . . . . . . . . . . 3-132

Figure 3-58 LACP - Port Counters Information . . . . . . . . . . . . . . . 3-134

Figure 3-59 LACP - Port Internal Information . . . . . . . . . . . . . . . . 3-137

Figure 3-60 LACP - Port Neighbors Information . . . . . . . . . . . . . . 3-139

Figure 3-61 Port Broadcast Control . . . . . . . . . . . . . . . . . . . . . . . . . 3-141

Figure 3-62 Mirror Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-143

Figure 3-63 Rate Limit Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-145

Figure 3-64 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150

Figure 3-65 Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152

Figure 3-66 Dynamic Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154

Figure 3-67 Address Aging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155

Figure 3-68 STA Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160

Figure 3-69 STA Global Configuration . . . . . . . . . . . . . . . . . . . . . . 3-165

Figure 3-70 STA Port Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-169

Figure 3-71 STA Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . 3-173

Figure 3-72 MSTP VLAN Configuration . . . . . . . . . . . . . . . . . . . . 3-175

Figure 3-73 MSTP Port Information . . . . . . . . . . . . . . . . . . . . . . . . 3-177

xxxii

IGURES

Figure 3-74 MSTP Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-180

Figure 3-75 Globally Enabling GVRP . . . . . . . . . . . . . . . . . . . . . . . 3-185

Figure 3-76 VLAN Basic Information . . . . . . . . . . . . . . . . . . . . . . . 3-186

Figure 3-77 VLAN Current Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-187

Figure 3-78 VLAN Static List - Creating VLANs . . . . . . . . . . . . . . 3-189

Figure 3-79 VLAN Static Table - Adding Static Members . . . . . . . 3-192

Figure 3-80 VLAN Static Membership by Port . . . . . . . . . . . . . . . . 3-193

Figure 3-81 VLAN Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-196

Figure 3-82 Private VLAN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197

Figure 3-83 Private VLAN Link Status . . . . . . . . . . . . . . . . . . . . . . 3-198

Figure 3-84 Protocol VLAN Configuration . . . . . . . . . . . . . . . . . . . 3-200

Figure 3-85 Protocol VLAN Port Configuration . . . . . . . . . . . . . . 3-202

Figure 3-86 Default Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204

Figure 3-87 Traffic Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206

Figure 3-88 Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207

Figure 3-89 Queue Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208

Figure 3-90 IP Precedence/DSCP Priority Status . . . . . . . . . . . . . . 3-210

Figure 3-91 IP Precedence Priority . . . . . . . . . . . . . . . . . . . . . . . . . 3-211

Figure 3-92 IP DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213

Figure 3-93 IP Port Priority Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215

Figure 3-94 IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215

Figure 3-95 Configuring Class Maps . . . . . . . . . . . . . . . . . . . . . . . . 3-220

Figure 3-96 Configuring Policy Maps . . . . . . . . . . . . . . . . . . . . . . . . 3-224

Figure 3-97 Service Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226

Figure 3-98 IGMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229

Figure 3-99 Multicast Router Port Information . . . . . . . . . . . . . . . 3-231

Figure 3-100 Static Multicast Router Port Configuration . . . . . . . . . 3-232

Figure 3-101 IP Multicast Registration Table . . . . . . . . . . . . . . . . . . 3-233

Figure 3-102 IGMP Member Port Table . . . . . . . . . . . . . . . . . . . . . . 3-234

Figure 3-103 DNS General Configuration . . . . . . . . . . . . . . . . . . . . . 3-237

Figure 3-104 DNS Static Host Table . . . . . . . . . . . . . . . . . . . . . . . . . 3-239

Figure 3-105 DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241

Figure 3-106 DHCP Relay Configuration . . . . . . . . . . . . . . . . . . . . . 3-243

Figure 3-107 DHCP Server General Configuration . . . . . . . . . . . . . 3-245

Figure 3-108 DHCP Server Pool Configuration . . . . . . . . . . . . . . . . 3-248

Figure 3-109 DHCP Server Pool - Network Configuration . . . . . . . 3-249

Figure 3-110 DHCP Server Pool - Host Configuration . . . . . . . . . . 3-251

xxxiii

IGURES

Figure 3-111 DHCP Server - IP Binding . . . . . . . . . . . . . . . . . . . . . . 3-253

Figure 3-112 VRRP Group Configuration . . . . . . . . . . . . . . . . . . . . 3-260

Figure 3-113 VRRP Group Configuration Detail . . . . . . . . . . . . . . . 3-261

Figure 3-114 VRRP Global Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 3-263

Figure 3-115 VRRP Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 3-264

Figure 3-116 IP Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270

Figure 3-117 IP Routing Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-272

Figure 3-118 ARP General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275

Figure 3-119 ARP Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . 3-277

Figure 3-120 ARP Dynamic Addresses . . . . . . . . . . . . . . . . . . . . . . . 3-278

Figure 3-121 ARP Other Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279

Figure 3-122 ARP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280

Figure 3-123 IP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284

Figure 3-124 ICMP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-286

Figure 3-125 UDP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-287

Figure 3-126 TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-289

Figure 3-127 IP Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-290

Figure 3-128 IP Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-291

Figure 3-129 RIP General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-294

Figure 3-130 RIP Network Addresses . . . . . . . . . . . . . . . . . . . . . . . . 3-296

Figure 3-131 RIP Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-300

Figure 3-132 RIP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-302

Figure 3-133 OSPF General Configuration . . . . . . . . . . . . . . . . . . . . 3-308

Figure 3-134 OSPF Area Configuration . . . . . . . . . . . . . . . . . . . . . . 3-312

Figure 3-135 OSPF Range Configuration . . . . . . . . . . . . . . . . . . . . . 3-314

Figure 3-136 OSPF Interface Configuration . . . . . . . . . . . . . . . . . . . 3-319

Figure 3-137 OSPF Interface Configuration - Detailed . . . . . . . . . . 3-320

Figure 3-138 OSPF Virtual Link Configuration . . . . . . . . . . . . . . . . 3-322

Figure 3-139 OSPF Network Area Address Configuration . . . . . . . 3-324

Figure 3-140 OSPF Summary Address Configuration . . . . . . . . . . . 3-326

Figure 3-141 OSPF Redistribute Configuration . . . . . . . . . . . . . . . . 3-328

Figure 3-142 OSPF NSSA Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-330

Figure 3-143 OSPF Link State Database Information . . . . . . . . . . . 3-332

Figure 3-144 OSPF Border Router Information . . . . . . . . . . . . . . . . 3-333

Figure 3-145 OSPF Neighbor Information . . . . . . . . . . . . . . . . . . . . 3-335

xxxiv

HAPTER

NTRODUCTION

This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.

Key Features

Table 1-1 Key Features

Feature Description

Configuration Backup and Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control Lists

DHCP Client, Relay and Server

DNS Server Supported

Port Configuration Speed and duplex mode

Rate Limiting Input and output rate limiting per port

Backup to TFTP server

Web – SSL/HTTPS; Telnet – SSH SNMP v1/2c – Community strings SNMP version 3 – MD5 or SHA password Port – IEEE 802.1X, MAC address filtering

Supports up to 32 IP or MAC ACLs

Supported

1-1

KEY F

EATURES

Table 1-1 Key Features (Continued)

Feature Description

Port Mirroring One or more ports mirrored to single analysis port

Port Trunking Supports up to 32 trunks using either static or dynamic trunking

(LACP)

Broadcast Storm Control

Address Table Up to 16K MAC addresses in forwarding table, 1024 static MAC

IEEE 802.1D Bridge

Store-and-Forward Switching

Spanning Tree Algorithm

Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private

Traffic Prioritization

Qualify of Service Supports Differentiated Services (DiffServ)

Router Redundancy

IP Routing Routing Information Protocol (RIP), Open Shortest Path First

ARP Static and dynamic address configuration, proxy ARP

Multicast Filtering Supports IGMP snooping and query for Layer 2, and IGMP for

Supported

addresses;

Up to 8K IP entries in ARP cache, 64K IP entries in routing table, 256 static IP routes

Supports dynamic data switching and addresses learning

Supported to ensure wire-speed switching while eliminating bad frames

Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Trees (MSTP)

VLANs

Default port priority, traffic class map, queue scheduling, IP Precedence, or Differentiated Services Code Point (DSCP), and TCP/UDP Port

Router backup is provided with the Virtual Router Redundancy Protocol (VRRP)

(OSPF), static routes

Layer 3

1-2

Description of Software Features

The switch provides a wide range of advanced performance enhancing features. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Untagged (port-based), tagged, and protocol-based VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering and routing provides support for real-time network applications. Some of the management features are briefly described below.

Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings.

Authentication – This switch authenticates management access via the console port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1X protocol. This protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1X client, and then uses the EAP between the switch and the authentication server to verify the client’s right to access the network via an authentication server (i.e., RADIUS server).

NTRODUCTION

Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, SNMP Version 3, IP address filtering for SNMP/web/Telnet management access, and MAC address filtering for port access.

Access Control Lists – ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP port number or TCP control code) or any frames (based on MAC address or Ethernet type). ACLs can by used to improve performance by blocking unnecessary network traffic

1-3

ESCRIPTION OF SOFTWARE FEATURES

or to implement security controls by restricting access to specific network resources or protocols.

DHCP Server and DHCP Relay – A DHCP server is provided to assign IP addresses to host devices. Since DHCP uses a broadcast mechanism, a DHCP server and its client must physically reside on the same subnet. Since it is not practical to have a DHCP server on every subnet, DHCP Relay is also supported to allow dynamic configuration of local clients from a DHCP server located in a different network.

Port Configuration – You can manually configure the speed and duplex mode used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of switch connections.

Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.

Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE

802.3-2002 (formerly IEEE 802.3ad) Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 32 trunks.

1-4

NTRODUCTION

Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from overwhelming the network. When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.

Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 16K addresses.

Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the SMC8724ML3 and SMC8748ML3 provide 2 MB and 4 MB, respectively, for frame buffering. This buffer can queue packets awaiting transmission on congested networks.

1-5

ESCRIPTION OF SOFTWARE FEATURES

Spanning Tree Algorithm – The switch supports these spanning tree protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection and recovery by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the convergence time for network topology changes to about 3 to 5 seconds, compared to 30 seconds or more for the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each region, and prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).

Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the

1-6

NTRODUCTION

switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

• Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.

• Provide data security by restricting all traffic to the originating VLAN, except where a connection is explicitly defined via the switch’s routing service.

• Use private VLANs to restrict traffic to pass only between data ports and the uplink ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured.

• Use protocol VLANs to restrict traffic to specified interfaces based on protocol type.

Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using eight priority queues with strict or Weighted Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can be used to provide independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/ 4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet or the number of the TCP/UDP port. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.

IP Routing – The switch provides Layer 3 IP routing. To maintain a high rate of throughput, the switch forwards all traffic passing within the same segment, and routes only traffic that passes between different subnetworks. The wire-speed routing provided by this switch lets you

1-7

ESCRIPTION OF SOFTWARE FEATURES

easily link network segments or VLANs together without having to deal with the bottlenecks or configuration hassles normally associated with conventional routers.

Routing for unicast traffic is supported with the Routing Information Protocol (RIP) and the Open Shortest Path First (OSPF) protocol.

RIP – This protocol uses a distance-vector approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost.

OSPF – This approach uses a link state routing protocol to generate a shortest-path tree, then builds up its routing table based on this tree. OSPF produces a more stable network because the participating routers act on network changes predictably and simultaneously, converging on the best route more quickly than RIP.

Router Redundancy – The Virtual Router Redundancy Protocol (VRRP) uses a virtual IP address to support a primary router and multiple backup routers. The backups can be configured to take over the workload if the master fails or to load share the traffic. The primary goal of this protocol is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down.

Address Resolution Protocol – The switch uses ARP and Proxy ARP to convert between IP addresses and MAC (i.e., hardware) addresses. This switch supports conventional ARP, which locates the MAC address corresponding to a given IP address. This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next. You can configure either static or dynamic entries in the ARP cache.

Proxy ARP allows hosts that do not support routing to determine the MAC address of a device on another network or subnet. When a host sends an ARP request for a remote network, the switch checks to see if it has the best route. If it does, it sends its own MAC address to the host. The host then sends traffic for the remote destination via the switch, which uses its own routing table to reach the destination on the other network.

1-8

Quality of Service – Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.

Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query at Layer 2 and IGMP at Layer 3 to manage multicast group registration.

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-32).

NTRODUCTION

The following table lists some of the basic system defaults.

Table 1-2 System Defaults

Function Parameter Default

Console Port Connection

Baud Rate auto

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

1-9

YSTEM DEFAULTS

Function Parameter Default

Authentication Privileged Exec Level Username “admin”

Web Management HTTP Server Enabled

SNMP SNMP Agent Enabled

Port Configuration Admin Status Enabled

Table 1-2 System Defaults (Continued)

Password “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from Normal Exec Level

RADIUS Authentication Disabled

TACACS Authentication Disabled

802.1X Port Authentication Disabled

HTTPS Enabled

SSH Disabled

Port Security Disabled

IP Filtering Disabled

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Port Number 443

Community Strings “public” (read only)

Traps Authentication traps: enabled

SNMP V3 View: defaultview

Auto-negotiation Enabled

Flow Control

Password “guest”

Password “super”

“private” (read/write)

Link-up-down events: enabled

Group: public (read only); private (read/write)

Disabled

1-10

Table 1-2 System Defaults (Continued)

Function Parameter Default

Rate Limiting Input and output limits Disabled

Port Trunking Static Trunks None

LACP (all ports) Disabled

Broadcast Storm Protection

Spanning Tree Algorithm

Address Table Aging Time 300 seconds

Virtual LANs Default VLAN 1

Traffic Prioritization

Status Enabled (all ports)

Broadcast Limit Rate 500 packets per second

Status Enabled, RSTP

Fast Forwarding (Edge Port)

PVID 1

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode)

GVRP (global) Disabled

GVRP (port interface) Disabled

Ingress Port Priority 0

Weighted Round Robin Queue: 0 1 2 3 4 5 6 7

IP Precedence Priority Disabled

IP DSCP Priority Disabled

IP Port Priority Disabled

(Defaults: All values based on IEEE 802.1w)

Disabled

Hybrid: tagged/untagged frames

Weight: 1 2 4 6 8 10 12 14

NTRODUCTION

1-11

YSTEM DEFAULTS

Function Parameter Default

IP Settings Management. VLAN Any VLAN configured with an

Unicast Routing RIP Disabled

Router Redundancy

Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled

System Log Status Enabled

SMTP Email Alerts Event Handler Enabled (but no server defined)

SNTP Clock Synchronization Disabled

Table 1-2 System Defaults (Continued)

IP address

IP Address 0.0.0.0

Subnet Mask 255.0.0.0

Default Gateway 0.0.0.0

DHCP Client: Enabled

DNS Server: Disabled

BOOTP Disabled

ARP

OSPF Disabled

VRRP Disabled

IGMP (Layer 3) Disabled

Messages Logged Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

Relay: Disabled Server: Disabled

Enabled Cache Timeout: 20 minutes Proxy: Disabled

Querier: Disabled

*There are interoperability problems between Flow Control and Head-of-Line (HOL) blocking for

the switch ASIC; Flow Control is therefore not supported for this switch.

1-12

HAPTER

NITIAL

ONFIGURATION

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).

Note: The IP address for this switch is obtained via DHCP by default.

To change this address, see “Setting an IP Address” on page 2-10.

The switch’s HTTP web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s web management interface can be accessed from any computer attached to the network.

The CLI program can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.

The switch’s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using network management software such as HP OpenView.

2-1

ONNECTING TO THE SWITCH

The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

• Set user names and passwords

• Set an IP interface for any VLAN

• Configure SNMP parameters

• Enable/disable any port

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by limiting input or output rates

• Control port access through IEEE 802.1X security or static address filtering

• Filter packets using Access Control Lists (ACLs)

• Configure up to 255 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Configure IP routing for unicast traffic

• Configure router redundancy

• Configure IGMP multicast filtering

• Upload and download system firmware via TFTP

• Upload and download switch configuration files via TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

• Configure up to 6 static or LACP trunks per switch, up to 32 per stack

• Enable port mirroring

• Set broadcast storm control on any port

• Display system information and statistics

• Configure any stack unit through the same IP address

2-2

NITIAL CONFIGURATION

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.

Note: When configuring a stack, connect to the console port on the

Master unit.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC running terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set to any of the following baud rates: 9600, 19200, 38400, 57600, 115200 (Note: Set to 9600 baud if want to view all the system initialization messages.).

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows keys.

2-3

ONNECTING TO THE SWITCH

Notes: 1. When using HyperTerminal with Microsoft® Windows® 2000,

make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs.

2. Refer to “Line Commands” on page 4-14 for a complete description of console configuration options.

3. Once you have set up the terminal correctly, the console login screen will be displayed.

For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 4-12.

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol.

The IP address for this switch is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 2-10.

Notes: 1. This switch supports four concurrent Telnet/SSH sessions.

2. Each VLAN group can be assigned its own IP interface

address (page 2-10). You can manage the stack via any IP interface in the stack. In other words, the Master unit does not have to include an active port member of a VLAN interface used for management access.

After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any

2-4

NITIAL CONFIGURATION

computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using SNMP network management software.

Note: The onboard program only provides access to basic configuration

functions. To access the full range of SNMP management functions, you must use SNMP-based network management software.

Stack Operations

Up to eight 24-port or 48-port Gigabit switches can be stacked together as described in the Installation Guide. One unit in the stack acts as the Master for configuration tasks and firmware upgrade. All of the other units function in Slave mode, but can automatically take over management of the stack if the Master unit fails.

To configure any unit in the stack, first verify the unit number from the front panel of the switch, and then select the appropriate unit number from the web or console management interface.

Selecting the Stack Master

Note the following points about unit numbering:

• When the stack is initially powered on, the Master unit is designated as unit 1 for a ring topology. For a line topology, the stack is simply numbered from top to bottom, with the first unit in the stack designated at unit 1. This unit identification number appears on the Stack Unit ID LED on the front panel of the switch. It can also be selected on the front panel graphic of the web interface, or from the CLI.

• If more than one stack Master is selected using the Master/Slave push button on the switch’s front panel, the system will select the unit with the lowest MAC address as the Master.

2-5

TACK OPERATIONS

• If the Master unit fails and another unit takes over control of the stack, the unit numbering will not change.

• If a unit in the stack fails or is removed from the stack, the unit numbers will not change. This means that when you replace a unit in the stack, the original configuration for the failed unit will be restored to the replacement unit.

• If a unit is removed from the stack and later reattached to the stack, it will retain the original unit number obtained during stacking.

• If a unit is removed from the stack, and powered up as a stand-alone unit, it will also retain the original unit number obtained during stacking.

Selecting the Backup Unit

Once the Master unit finishes booting up, the Slave unit with the lowest MAC address will be selected from the stack as the primary backup unit. The stack Master immediately downloads all configuration information to the backup unit, and continues to update the backup unit with information about any subsequent configuration changes made to any unit in the stack. If the Master unit fails or is powered off, the backup unit will take control of the stack without any loss of configuration settings.

The Slave unit with the lowest MAC address is selected as the Backup unit. If you want to ensure a logical fail over to next unit down in the stack, place the Slave unit with the lowest MAC address directly beneath the Master unit in the stack.

Recovering from Stack Failure or Topology Change

When a link or unit in the stack fails, a trap message is sent and a failure event is logged. The stack will be rebooted after any system failure or topology change. It takes two to three minutes to for the stack to reboot. If the Master unit fails, the backup unit will take over operations as the new Master unit, reboot the stack, and then select another backup unit after the stack finishes rebooting. Also note that powering down a unit or inserting

2-6

NITIAL CONFIGURATION

a new unit in the stack will cause the stack to reboot. If a unit is removed from the stack (due to a power down or failure) or a new unit added to the stack, the original unit IDs are not affected after rebooting, and a new unit is assigned the lowest available unit ID.

Broken Link for Line and Wrap-around Topologies

All units in the stack must be connected via stacking cable. You can connect the units in a simple cascade configuration from the top to the bottom unit. Using this kind of line topology, if any link or unit in the stack fails, the stack will be broken in two. The Stack Link LED on the unit that is no longer receiving traffic from the next unit up or down in the stack will begin flashing to indicate that the stack link is broken.

When the stack fails, a Master unit is selected from the two stack segments, either the unit with the Master button depressed, or the unit with the lowest MAC address if the Master button is not depressed on any unit. The stack reboots and resumes operations. However, note that the IP address will be the same for any common VLANs (with active port connections) that appear in both of the new stack segments. To resolve the conflicting IP addresses, you should manually replace the failed link or unit as soon as possible. If you are using a wrap-around stack topology, a single point of failure in the stack will not cause the stack to fail. It would take two or more points of failure to break the stack apart.

Note: If a stack breaks apart, the IP address will be the same for any

common VLANs (with active port connections) that appear in both stack segments.

Resilient IP Interface for Management Access

The stack functions as one integral system for management and configuration purposes. You can therefore manage the stack through any IP interface configured on the stack. The Master unit does not even have to include an active port member in the VLAN interface used for management access. However, if the unit to which you normally connect for management access fails, and there are no active port members on the

2-7

ASIC CONFIGURATION

other units within this VLAN interface, then this IP address will no longer be available. To retain a constant IP address for management access across fail over events, you should include port members on several units within the primary VLAN used for stack management.

Resilient Configuration

If a unit in the stack fails, the unit numbers will not change. This means that when you replace a unit in the stack, the original configuration for the failed unit will be restored to the replacement unit. This applies to both the Master and Slave units.

Renumbering the Stack

The startup configuration file maps configuration settings to each switch in the stack based on the unit identification number. If the units are no longer numbered sequentially after several topology changes or failures, you can reset the unit numbers using the “Renumbering” command in the web interface or CLI. Just remember to save the new configuration settings to a startup configuration file prior to powering off the stack Master.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully configure the switch parameters, you must access the CLI at the Privileged Exec level.

Note: You can only access the console interface through the Master unit

in the stack.

Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log

2-8

NITIAL CONFIGURATION

into the CLI at the Privileged Exec level using the default user name and password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level.

Setting Passwords

Note: If this is your first time to log into the CLI program, you should

define new passwords for both default user names using the “username” command, record them and put them in a safe place.

Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows:

1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>.

Username: admin Password:

CLI session with the SMC8748ML3 is opened. To end the CLI session, enter [Exit].

Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)#

2-9

ASIC CONFIGURATION

Setting an IP Address

You must establish IP address information for the stack to obtain management access through the network. This can be done in either of the following ways:

Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the stack’s master unit, you will also need to specify the default gateway router.

Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network.

Manual Configuration

You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment (if routing is not enabled on this switch). Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.

Note: The IP address for this switch is obtained via DHCP by default.

Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:

• IP address for the switch

• Default gateway for the network

• Network mask for this network

To assign an IP address to the switch, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP address and “netmask” is the network mask for the network. Press <Enter>.

2-10

NITIAL CONFIGURATION

3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.

4. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)#

Dynamic Configuration

If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart client” command to start broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information. (BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.)

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on.

To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following commands:

• To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>.

• To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.

2-11

ASIC CONFIGURATION

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

4. Type “ip dhcp restart client” to begin broadcasting service requests. Press <Enter>.

5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>.

6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#ip dhcp restart client Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as HP OpenView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.

The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients. To provide management access for version 1 or 2c clients, you must specify a community string. The switch provides a default MIB View (i.e., an SNMPv3 construct) for the default “public” community

2-12

NITIAL CONFIGURATION

string that provides read access to the entire MIB tree, and a default view for the “private” community string that provides read/write access to the entire MIB tree. However, you may assign new views to version 1 or 2c community strings that suit your specific security requirements (see page 3-72).

Community Strings (for SNMP version 1 and 2c clients)

Community strings are used to control management access to SNMP version 1 and 2c stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users, and set the access level.

The default strings are:

• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

• private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects.

To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt,

type “snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>. (Note that the default mode is read only.)

2. To remove an existing string, simply type “no snmp-server community

string,” where “string” is the community access string to remove. Press <Enter>.

Console(config)#snmp-server community admin rw Console(config)#snmp-server community private Console(config)#

2-13

ASIC CONFIGURATION

Note: If you do not intend to support access to SNMP version 1 and 2c

clients, we recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled.

Trap Receivers

You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, use the “snmp-server host” command. From the Privileged Exec level global configuration mode prompt, type:

“snmp-server host host-address community-string

[version {1 | 2c | 3 {auth | noauth | priv}}]”

where “host-address” is the IP address for the trap receiver, “community-string” specifies access rights for a version 1/2c host, or is the user name of a version 3 host, “version” indicates the SNMP client version, and “auth | noauth | priv” means that authentication, no authentication, or authentication and privacy is used for v3 clients. Then press <Enter>. For a more detailed description of these parameters, see “snmp-server host” on page 4-143. The following example creates a trap host for each type of SNMP client.

Console(config)#snmp-server host 10.1.19.23 batman Console(config)#snmp-server host 10.1.19.98 robin version 2c Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth Console(config)#

Configuring Access for SNMP Version 3 Clients

To configure management access for SNMPv3 clients, you need to first create a view that defines the portions of MIB that the client can read or write, assign the view to a group, and then assign the user to a group. The following example creates one view called “mib-2” that includes the entire MIB-2 tree branch, and then another view that includes the IEEE 802.1d bridge MIB. It assigns these respective read and read/write views to a group call “r&d” and specifies group authentication via MD5 or SHA. In

2-14

NITIAL CONFIGURATION

the last step, it assigns a v3 user to this group, indicating that MD5 will be used for authentication, provides the password “greenpeace” for authentication, and the password “einstien” for encryption.

Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included Console(config)#snmp-server group r&d v3 auth mib-2 802.1d Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv des56 einstien Console(config)#

For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refer to “Simple Network Management Protocol” on page 3-50, or refer to the specific CLI commands for SNMP starting on page 4-139.

Saving Configuration Settings

Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in nonvolatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config

startup-config” and press <Enter>.

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

Console#

2-15

ANAGING SYSTEM FILES

Managing System Files

The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.

The three types of files are:

• Configuration — This file type stores system configuration information and is created when configuration settings are saved. Saved configuration files can be selected as a system start-up file or can be uploaded via TFTP to a server for backup. The file named “Factory_Default_Config.cfg” contains all the system default settings and cannot be deleted from the system. If the system is booted with the factory default settings, the master unit will also create a file named “startup1.cfg” that contains system settings for stack initialization, including information about the unit identifier, MAC address, and installed module type for each unit the stack. The configuration settings from the factory defaults configuration file are copied to this file, which is then used to boot the stack. See “Saving or Restoring Configuration Settings” on page 3-22 for more information. See “Saving or Restoring Configuration Settings” on page 3-30 for more information.

• Operation Code — System software that is executed after boot-up, also known as run-time code. This code runs the switch operations and provides the CLI and web management interfaces. See “Managing Firmware” on page 3-27 for more information.

• Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test).

Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows.

2-16

NITIAL CONFIGURATION

In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded.

Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.

2-17

ANAGING SYSTEM FILES

2-18

HAPTER

ONFIGURING THE

WITCH

Using the Web Interface

This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).

Note: You can also use the Command Line Interface (CLI) to manage

the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to Chapter 4 “Command Line Interface.”

Prior to accessing the switch from a web browser, be sure you have first performed the following tasks:

1. Configure the switch with a valid IP address, subnet mask, and default gateway using an out-of-band serial connection, BOOTP or DHCP protocol. (See “Setting an IP Address” on page 2-10.)

2. Set user names and passwords using an out-of-band serial connection. Access to the web agent is controlled by the same user names and passwords as the onboard configuration program. (See “Setting Passwords” on page 2-9.)

3. After you enter a user name and password, you will have access to the system configuration program.

3-1

ONFIGURING THE SWITCH

Notes: 1. You are allowed three attempts to enter the correct password;

on the third failed attempt the current connection is terminated.

2. If you log into the web interface as guest (Normal Exec level), you can view the configuration settings or change the guest password. If you log in as “admin” (Privileged Exec level), you can change the settings on any page.

3. If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin Edge Port) to improve the switch’s response time to management commands issued through the web interface. See “Configuring Interface Settings” on page 3-170.

3-2

AVIGATING THE WEB BROWSER INTERFACE

Navigating the Web Browser Interface

To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”

Home Page

When your web browser connects with the switch’s web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.

Figure 3-1 Home Page

Note: The examples in this chapter are based on the SMC8724ML3.

Other than the number of fixed ports, there are no major differences between the SMC8724ML3 and SMC8748ML3.

3-3

ONFIGURING THE SWITCH

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.

Table 3-1 Web Page Configuration Buttons

Button Action

Apply Sets specified values to the system.

Revert Cancels specified values and restores current values

prior to pressing “Apply.”

Help Links directly to web help.

Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer

5.x is configured as follows: Under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings,” the setting for item “Check for newer versions of stored pages” should be “Every visit to the page.”

2. When using Internet Explorer 5.0, you may have to manually refresh the screen after making configuration changes by pressing the browser’s refresh button.

Panel Display

The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up

or down), Duplex (i.e., half or full duplex), or Flow Control

. Clicking on the image of a port opens the Port Configuration page as described on page 3-122.

Figure 3-2 Front Panel Indicators

1. There are interoperability problems between Flow Control and Head-of-Line (HOL) blocking for the switch ASIC; Flow Control is therefore not supported for this switch.

3-4

AVIGATING THE WEB BROWSER INTERFACE

Main Menu

Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.

Table 3-2 Switch Main Menu

Menu Description Page

System 3-15

System Information Provides basic system description, including

contact information

Switch Information Shows the number of ports, hardware/

firmware version numbers, and power status

Bridge Extension Shows the bridge extension parameters 3-19

Jumbo Frames Enables support for jumbo frames 3-21

File Management 3-27

Copy Operation Allows the transfer and copying files 3-27

Delete Allows deletion of files from the flash

memory

Set Startup Sets the startup file 3-27

Line 3-34

Console Sets console port connection parameters 3-34

Telnet Sets Telnet connection parameters 3-36

Log

Logs Sends error messages to a logging process

System Logs Stores and displays error messages

Remote Logs Configures the logging of messages to a

remote logging process

SMTP Sends an SMTP client message to a

participating server

Renumbering Renumbers the units in the stack 3-46

Reset Restarts the switch 3-47

3-15

3-17

3-27

3-38

3-43

3-41

3-44

3-5

ONFIGURING THE SWITCH

Menu Description Page

SNTP 3-48

Configuration Configures SNTP client settings, including a

Clock Time Zone Sets the local time zone for the system clock 3-49

SNMP 3-50

Configuration Configures community strings and related

Agent Status Enables or disables SNMP 3-53

SNMPv3 3-58

Engine ID Sets the SNMP v3 engine ID 3-58

Remote Engine ID Sets the SNMP v3 engine ID on a remote

Users Configures SNMP v3 users 3-60

Remote Users Configures SNMP v3 users on a remote

Groups Configures SNMP v3 groups 3-66

Views Configures SNMP v3 views 3-72

Security 3-53

User Accounts Configures user names, passwords, and access

Authentication Settings Configures authentication sequence,

HTTPS Settings Configures secure HTTP settings 3-80

SSH 3-83

Settings Configures Secure Shell server settings 3-88

Host-Key Settings Generates the host key pair (public and

Port Security Configures per port security, including status,

Table 3-2 Switch Main Menu (Continued)

3-48

specified list of servers

3-53

trap functions

3-59

device

3-63

device

3-75

levels

3-76

RADIUS and TACACS

3-86

private)

3-90 response for security breach, and maximum allowed MAC addresses

3-6

AVIGATING THE WEB BROWSER INTERFACE

Table 3-2 Switch Main Menu (Continued)

Menu Description Page

802.1X Port authentication 3-93

Information Displays global configuration settings 3-94

Configuration Configures global configuration parameters 3-95

Port Configuration Sets the authentication mode for individual

ports

Statistics Displays protocol statistics for the selected

port

ACL 3-103

Configuration Configures packet filtering based on IP or

MAC addresses

Mask Configuration Controls the order in which ACL rules are

checked

Port Binding Binds a port to the specified ACL 3-117

IP Filter Configures IP addresses that are allowed

management access

Port 3-119

Port Information Displays port connection status 3-119

Trunk Information Displays trunk connection status 3-119

Port Configuration Configures port connection settings 3-122

Trunk Configuration Configures trunk connection settings 3-122

Trunk Membership Specifies ports to group into static trunks 3-126

LACP 3-125

Configuration Allows ports to dynamically join trunks 3-128

Aggregation Port Configures parameters for link aggregation

group members

Port Counters Information

Port Internal Information

Displays statistics for LACP protocol messages

Displays settings and operational state for the local side

3-96

3-99

3-103

3-111

3-101

3-130

3-134

3-135

3-7

ONFIGURING THE SWITCH

Menu Description Page

Port Neighbors Information

Port Broadcast Control Sets the broadcast storm threshold for each

Trunk Broadcast Control Sets the broadcast storm threshold for each

Mirror Port Configuration

Rate Limit 3-144

Input Port Configuration

Input Trunk Configuration

Output Port Configuration

Output Trunk Configuration

Port Statistics Lists Ethernet and RMON port statistics 3-145

Address Table 3-151

Static Addresses Displays entries for interface, address or

Dynamic Addresses Displays or edits static entries in the Address

Address Aging Sets timeout for dynamically learned entries 3-155

Spanning Tree 3-155

STA

Information Displays STA values used for the bridge 3-157

Configuration Configures global bridge settings for STP,

Port Information Displays individual port settings for STA 3-166

Trunk Information Displays individual trunk settings for STA 3-166

Table 3-2 Switch Main Menu (Continued)

Displays settings and operational state for the remote side

port

trunk

Sets the source and target ports for mirroring 3-142

Sets the input rate limit for each port 3-144

Sets the input rate limit for each trunk 3-144

Sets the output rate limit for each port 3-144

Sets the output rate limit for each trunk 3-144

VLAN

Table

RSTP and MSTP

3-138

3-140

3-151

3-153

3-161

3-8

AVIGATING THE WEB BROWSER INTERFACE

Table 3-2 Switch Main Menu (Continued)

Menu Description Page

Port Configuration Configures individual port settings for STA 3-170

Trunk Configuration Configures individual trunk settings for STA 3-170

MSTP

VLAN Configuration Configures priority and VLANs for a

spanning tree instance

Port Information Displays port settings for a specified MST

instance

Trunk Information Displays trunk settings for a specified MST

instance

Port Configuration Configures port settings for a specified MST

instance

Trunk Configuration Configures trunk settings for a specified MST

instance

VLAN 3-181

802.1Q VLAN

GVRP Status Enables GVRP VLAN registration protocol 3-185

Basic Information Displays information on the VLAN type

supported by this switch

Current Table Shows the current port members of each

VLAN and whether or not the port is tagged or untagged

Static List Used to create or remove VLAN groups 3-188

Static Table Modifies the settings for an existing VLAN 3-190

Static Membership by Port

Port Configuration Specifies default PVID and VLAN attributes 3-194

Trunk Configuration Specifies default trunk VID and VLAN

Configures membership type for interfaces, including tagged, untagged or forbidden

attributes

3-173

3-177

3-179

3-186

3-187

3-193

3-194

3-9

ONFIGURING THE SWITCH

Menu Description Page

Private VLAN

Status Enables or disables the private VLAN 3-197

Link Status Configures the private VLAN 3-198

Protocol VLAN

Configuration Creates a protocol group, specifying the

Port Configuration Maps a protocol group to a VLAN 3-201

Priority 3-203

Default Port Priority Sets the default priority for each port 3-203

Default Trunk Priority Sets the default priority for each trunk 3-203

Traffic Classes Maps IEEE 802.1p priority tags to output

Traffic Classes Status Enables/disables traffic class priorities (not

Queue Mode Sets queue mode to strict priority or Weighted

Queue Scheduling Configures Weighted Round Robin queueing 3-208

IP Precedence/ DSCP Priority Status

IP Precedence Priority Sets IP Type of Service priority, mapping the

IP DSCP Priority Sets IP Differentiated Services Code Point

IP Port Priority Status Globally enables or disables IP Port Priority 3-214

IP Port Priority Sets TCP/UDP port priority, defining the

Table 3-2 Switch Main Menu (Continued)

supported protocols

queues

implemented)

Round-Robin

Globally selects IP Precedence or DSCP Priority, or disables both.

precedence tag to a class-of-service value

priority, mapping a DSCP tag to a class-of-service value

socket number and associated class-of-service value

3-200

3-205

3-207

3-210

3-212

3-214

3-10

AVIGATING THE WEB BROWSER INTERFACE

Table 3-2 Switch Main Menu (Continued)

Menu Description Page

QoS 3-216

DiffServ Configure QoS classification criteria and

service policies

Class Map Creates a class map for a type of traffic 3-218

Policy Map Creates a policy map for multiple interfaces 3-221

Service Policy Applies a policy map defined to an ingress

port

IGMP Snooping 3-226

IGMP Configuration Enables multicast filtering; configures

parameters for multicast query

Multicast Router Port Information

Static Multicast Router Port Configuration

IP Multicast Registration Table

IGMP Member Port Table

DNS 3-235

General Configuration Enables DNS; configures domain name and

Static Host Table Configures static entries for domain name to

Cache Displays cache entries discovered by

Displays the ports that are attached to a neighboring multicast router for each VLAN ID

Assigns ports that are attached to a neighboring multicast router

Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID

Indicates multicast addresses associated with the selected VLAN

domain list; and specifies IP address of name servers for dynamic lookup

address mapping

designated name servers

3-216

3-225

3-228

3-230

3-231

3-232

3-233

3-235

3-238

3-240

3-11

ONFIGURING THE SWITCH

Menu Description Page

DHCP 3-242

Relay Configuration Specifies DHCP relay servers; enables or

Server Configures DHCP server parameters 3-242

General Enables DHCP server; configures excluded

Pool Configuration Configures address pools for network groups

IP Binding Displays addresses currently bound to DHCP

IP 3-265

General 3-269

Global Settings Enables or disables routing, specifies the

Routing Interface Configures the IP interface for the specified

ARP 3-273

General Sets the protocol timeout, and enables or

Static Addresses Statically maps a physical address to an IP

Dynamic Addresses Shows dynamically learned entries in the IP

Other Addresses Shows internal addresses used by the switch 3-279

Statistics Shows statistics on ARP requests sent and

Table 3-2 Switch Main Menu (Continued)

3-242

disables relay service

3-245

address range

3-246

or a specific host

3-252

clients

3-269

default gateway

3-271

VLAN

3-274

disables proxy ARP for the specified VLAN

3-276

address

3-277

routing table

3-280

received

3-12

AVIGATING THE WEB BROWSER INTERFACE

Table 3-2 Switch Main Menu (Continued)

Menu Description Page

Statistics 3-282

IP Shows statistics for IP traffic, including the

amount of traffic, address errors, routing, fragmentation and reassembly

ICMP Shows statistics for ICMP traffic, including

the amount of traffic, protocol errors, and the number of echoes, timestamps, and address masks

UDP Shows statistics for UDP, including the

amount of traffic and errors

TCP Shows statistics for TCP, including the

amount of traffic and TCP connection activity

Routing 3-266

Static Routes Configures and display static routing entries 3-289

Routing Table Shows all routing entries, including local,

static and dynamic routes

VRRP 3-256

Group Configuration Configures VRRP groups, including virtual

interface address, advertisement interval, preemption, priority, and authentication

Global Statistics Displays global statistics for VRRP protocol

packet errors

Group Statistics Displays statistics for VRRP protocol events

and errors on the specified VRRP group and interface

3-282

3-284

3-287

3-288

3-290

3-256

3-262

3-263

3-13

ONFIGURING THE SWITCH

Menu Description Page

Routing Protocol 3-268

RIP 3-292

General Settings Enables or disables RIP, sets the global RIP

Network Addresses Configures the network interfaces that will

Interface Settings Configures RIP parameters for each interface,

Statistics Displays general information on update time,

OSPF 3-303

General Configuration Enables or disables OSPF; also configures the

Area Configuration Specifies rules for importing routes into each

Area Range Configuration

Interface Configuration

Virtual Link Configuration

Network Area Address Configuration

Summary Address Configuration

Redistribute Configuration

Table 3-2 Switch Main Menu (Continued)

version and timer values

use RIP

including send and receive versions, message loopback prevention, and authentication

route changes and number of queries, as well as a list of statistics for known interfaces and neighbors

Router ID and various other global settings

area

Configures route summaries to advertise at an area boundary

Shows area ID and designated router; also configures OSPF protocol settings and authentication for each interface

Configures a virtual link through a transit area to the backbone

Defines OSPF areas and associated interfaces 3-323

Aggregates routes learned from other protocols for advertising into other autonomous systems

Redistributes routes from one routing domain to another

3-293

3-295

3-296

3-300

3-305

3-309

3-313

3-315

3-321

3-325

3-327

3-14

ASIC CONFIGURATION

Table 3-2 Switch Main Menu (Continued)

Menu Description Page

NSSA Settings Configures settings for importing routes into

or exporting routes out of not-so-stubby areas

Link State Database Information

Border Router Information

Neighbor Information Displays information about neighboring

Shows information about different OSPF Link State Advertisements (LSAs) stored in this router’s database

Displays routing table entries for area border routers and autonomous system boundary routers

routers on each interface within an OSPF area

Basic Configuration

Displaying System Information

You can easily identify the system by displaying the device name, location and contact information.

3-329

3-330

3-333

3-334

Field Attributes

• System Name – Name assigned to the switch system.

• Object ID – MIB II object ID for switch’s network management subsystem.

• Location – Specifies the system location.

• Contact – Administrator responsible for the system.

• System Up Time – Length of time the management agent has been up.

These additional parameters are displayed for the CLI.

• MAC Address – The physical layer address for this switch.

• Web server – Shows if management access via HTTP is enabled.

• Web server port – Shows the TCP port number used by the web interface.

3-15

ONFIGURING THE SWITCH

• Web secure server – Shows if management access via HTTPS is enabled.

• Web secure server port – Shows the TCP port used by the HTTPS interface.

• Telnet server – Shows if management access via Telnet is enabled.

• Telnet server port – Shows the TCP port used by the Telnet interface.

• Authentication login – Shows the user login authentication sequence.

• Jumbo Frame – Shows if jumbo frames are enabled.

• POST result – Shows results of the power-on self-test

Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows access to the Command Line Interface via Telnet.)

3-16

Figure 3-3 System Information

ASIC CONFIGURATION

CLI – Specify the hostname, location and contact information.

Console(config)#hostname R&D 5 4-34 Console(config)#snmp-server location WC 9 4-143 Console(config)#snmp-server contact Ted 4-142 Console(config)#exit Console#show system 4-80 System description: SMC8724ML3 L3 GE Switch System OID string: 1.3.6.1.4.1.202.20.45 System information System Up time: 0 days, 1 hours, 28 minutes, and 0.51

seconds System Name: R&D 5 System Location: WC 9 System Contact: Ted MAC address (unit1): 00-30-F1-D4-73-A0 Web server: enabled Web server port: 80 Web secure server: enabled Web secure server port: 443 Telnet server: enable Telnet server port: 23 Authentication login: local RADIUS none Jumbo Frame: Disabled POST result

UART Loopback Test ........... PASS

DRAM Test .................... PASS

Timer Test ................... PASS

PCI Device 1 Test ............ PASS

I2C Bus Initialization ....... PASS

Switch Int Loopback Test ..... PASS

Crossbar Int Loopback Test ... PASS

Fan Speed Test ............... PASS

Done All Pass. Console#

Displaying Switch Hardware/Software Versions

Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system.

Field Attributes

Main Board

• Serial Number – The serial number of the switch.

• Number of Ports – Number of built-in ports.

• Hardware Version – Hardware version of the main board.

3-17

ONFIGURING THE SWITCH

• Internal Power Status – Displays the status of the internal power supply.

Management Software

• EPLD Version – Version number of EEPROM Programmable Logic Device.

• Loader Version – Version number of loader code.

• Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code.

• Operation Code Version – Version number of runtime code.

• Role – Shows that this switch is operating as Master or Slave.

These additional parameters are displayed for the CLI.

• Unit ID – Unit number in stack.

• Redundant Power Status – Displays the status of the redundant power supply.

Web – Click System, Switch Information.

3-18

Figure 3-4 Switch Information

ASIC CONFIGURATION

CLI – Use the following command to display version information.

Console#show version 4-81 Unit 1 Serial number: A422000632 Hardware version: R01 EPLD version: 15.15 Number of ports: 24 Main power status: up Redundant power status: not present

Agent (master) Unit ID: 1 Loader version: 1.0.1.3 Boot ROM version: 1.0.1.6 Operation code version: 1.0.0.0

Console#

Displaying Bridge Extension Capabilities

The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables.

Field Attributes

• Extended Multicast Filtering Services – This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).

• Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes. (Refer to “Class of Service Configuration” on page 3-203.)

• Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses. (Refer to “Setting Static Addresses” on page 3-151.)

• VLAN Learning – This switch uses Independent VLAN Learning (IVL), where each port maintains its own filtering database.

• Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration” on page 3-181.)

3-19

ONFIGURING THE SWITCH

• Local VLAN Capable – This switch does not support multiple local bridges outside of the scope of 802.1Q defined VLANs.

• GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering.

Web – Click System, Bridge Extension.

Figure 3-5 Displaying Bridge Extension Configuration

CLI – Enter the following command.

Console#show bridge-ext 4-265 Max support VLAN numbers: 256 Max support VLAN ID: 4093 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Disabled GMRP: Disabled Console#

3-20

ASIC CONFIGURATION

Configuring Support for Jumbo Frames

The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9000 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.

Command Usage

To use jumbo frames, both the source and destination end nodes (such as a computer or server) must support this feature. Also, when the connection is operating at full duplex, all switches in the network between the two end nodes must be able to accept the extended frame size. And for half-duplex connections, all devices in the collision domain would need to support jumbo frames.

Command Attributes

Jumbo Packet Status – Configures support for jumbo frames.

(Default: Disabled)

Web – Click System, Jumbo Frames. Enable or disable support for jumbo frames, and click Apply.

Figure 3-6 Configuring Support for Jumbo Frames

CLI – This example enables jumbo frames globally for the switch.

Console(config)#jumbo frame 4-82 Console(config)#

3-21

ONFIGURING THE SWITCH

Setting the Switch’s IP Address

This section describes how to configure an initial IP interface for management access over the network. The IP address for this stack is obtained via DHCP by default. To manually configure an address, you need to change the stack’s default settings to values that are compatible with your network. You may also need to a establish a default gateway between the stack and management stations that exist on another network segment (if routing is not enabled on this stack).

You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.

Command Usage

• This section describes how to configure a single local interface for initial access to the stack. To configure multiple IP interfaces on this stack, you must set up an IP interface for each VLAN (page 3-271).

• To enable routing between the different interfaces on this stack, you must enable IP routing (page 3-269).

• To enable routing between the interfaces defined on this stack and external network interfaces, you must configure static routes (page page 3-289) or use dynamic routing; i.e., either RIP (page 3-292) or OSPF (page 3-303).

• The precedence for configuring IP interfaces is the IP / General / Routing Interface menu (page 3-271), static routes (page 3-289), and then dynamic routing.

Command Attributes

• VLAN – ID of the configured VLAN (1-4093). By default, all ports on the stack are members of VLAN 1. However, the management station can be attached to a port belonging to any VLAN, as long as that VLAN has been assigned an IP address.

3-22

ASIC CONFIGURATION

• IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configuration Protocol (DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the server. Requests will be broadcast periodically by the switch for an IP address. (DHCP/BOOTP values can include the IP address, subnet mask, and default gateway.)

• IP Address – Address of the VLAN to which the management station is attached. (Note you can manage the stack through any configured IP interface.) Valid IP addresses consist of four numbers, 0 to 255, separated by periods. (Default: 0.0.0.0)

• Subnet Mask – This mask identifies the host address bits used for routing to specific subnets. (Default: 255.0.0.0)

• Default Gateway – IP address of the gateway router between the stack and management stations that exist on other network segments. (Default: 0.0.0.0)

Manual Configuration

Web – Click IP, General, Routing Interface. Select the VLAN through

which the management station is attached, set the IP Address Mode to “Static,” and specify a “Primary” interface. Enter the IP address, subnet mask and g ateway, then c l i ck Apply.

Figure 3-7 IP Interface Configuration - Manual

3-23

ONFIGURING THE SWITCH

Click IP, Global Setting. If this stack and management stations exist on other network segments, then specify the default gateway, and click Apply.

Figure 3-8 Default Gateway

CLI – Specify the management interface, IP address and default gateway.

Console#config Console(config)#interface vlan 1 4-187 Console(config-if)#ip address 10.1.0.253 255.255.255.0 4-308 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.254 4-310 Console(config)#

3-24

ASIC CONFIGURATION

Using DHCP/BOOTP

If your network provides DHCP/BOOTP services, you can configure the stack to be dynamically configured by these services.

Web – Click IP, General, Routing Interface. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes. Then click Restart DHCP to immediately request a new address. Note that the stack will also broadcast a request for IP configuration settings on each power reset.

Figure 3-9 IP Interface Configuration - DHCP

Note: If you lose your management connection, make a console

connection to the Master unit and enter “show ip interface” to determine the new stack address.

3-25

ONFIGURING THE SWITCH

CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart client” command.

Console#config Console(config)#interface vlan 1 4-187 Console(config-if)#ip address dhcp 4-308 Console(config-if)#end Console#ip dhcp restart client 4-158 Console#show ip interface 4-311

Vlan 1 is up, addressing mode is DHCP Interface address is 192.168.1.253, mask is 255.255.255.0, Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled Console#

Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the stack is moved to another network segment, you will lose management access to the stack. In this case, you can reboot the stack or submit a client request to restart DHCP service via the CLI.

Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web interface. You can only restart DHCP service via the web interface if the current address is still available.

CLI – Enter the following command to restart DHCP service.

Console#ip dhcp restart client 4-158 Console#

3-26

ASIC CONFIGURATION

Managing Firmware

You can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stack. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version. You must specify the method of file transfer, along with the file type and file names as required.

Command Attributes

• File Transfer Method – The firmware copy operation includes these options:

- file to file – Copies a file within the switch directory, assigning it a new

name.

- file to tftp – Copies a file from the switch to a TFTP server.

- tftp to file – Copies a file from a TFTP server to the switch.

- file to unit – Copies a file from this switch to another unit in the stack.

- unit to file – Copies a file from another unit in the stack to this switch.

• TFTP Server IP Address – The IP address of a TFTP server.

• File Type – Specify opcode (operational code) to copy firmware.

• File Name – leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

• Source/Destination Unit – Stack unit. (Range: 1 - 8)

The file name should not contain slashes (\ or /),

the

Note: Up to two copies of the system software (i.e., the runtime

firmware) can be stored in the file directory on the switch. The currently designated startup version of this file cannot be deleted.

3-27

ONFIGURING THE SWITCH

Downloading System Software from a Server

When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file.

Web – Click System, File Management, Copy Operation. Select “tftp to file” as the file transfer method, enter the IP address of the TFTP server, set the file type to “opcode,” enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click Apply. If you replaced the current firmware used for startup and want to start using the new operation code, reboot the system via the System/Reset menu.

3-28

Figure 3-10 Copy Firmware

ASIC CONFIGURATION

If you download to a new destination file, go to the File Management, Set Start-Up menu, mark the operation code file used at startup, and click Apply. To start the new firmware, reboot the system via the System/Reset menu.

Figure 3-11 Setting the Startup Code

To delete a file select System, File Management, Delete. Select the file name from the given list by checking the tick box and click Apply. Note that the file currently designated as the startup code cannot be deleted.

Figure 3-12 Deleting Files

3-29

ONFIGURING THE SWITCH

CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “config” as the file type, then enter the source and destination file names. When the file has finished downloading, set the new file to start up the system, and then restart the switch.

To start the new firmware, enter the “reload” command or reboot the system.

Console#copy tftp file 4-84 TFTP server ip address: 10.1.0.19 Choose file type:

1. config: 2. opcode: <1-2>: 2 Source file name: V1005.bix Destination file name: V1005 \Write to FLASH Programming.

-Write to FLASH finish. Success. Console#config Console(config)#boot system opcode:V1005 4-90 Console(config)#exit Console#reload 4-30

Saving or Restoring Configuration Settings

You can upload/download configuration settings to/from a TFTP server, or copy files to and from switch units in a stack. The configuration file can be later downloaded to restore the switch’s settings.

Command Attributes

• File Transfer Method – The configuration copy operation includes these options:

- file to file – Copies a file within the switch directory, assigning it a new

name.

- file to running-config – Copies a file in the switch to the running

configuration.

- file to startup-config – Copies a file in the switch to the startup

configuration.

- file to tftp – Copies a file from the switch to a TFTP server.

- running-config to file – Copies the running configuration to a file.

- running-config to startup-config – Copies the running config to the

startup config.

3-30

ASIC CONFIGURATION

- running-config to tftp – Copies the running configuration to a TFTP server.

- startup-config to file – Copies the startup configuration to a file on the switch.

- startup-config to running-config – Copies the startup config to the running config.

- startup-config to tftp – Copies the startup configuration to a TFTP server.

- tftp to file – Copies a file from a TFTP server to the switch.

- tftp to running-config – Copies a file from a TFTP server to the running config.

- tftp to startup-config – Copies a file from a TFTP server to the startup config.

- file to unit – Copies a file from this switch to another unit in the stack.

- unit to file – Copies a file from another unit in the stack to this switch.

• TFTP Server IP Address – The IP address of a TFTP server.

• File Type – Specify config (configuration) to copy configuration settings.

• File Name — The configuration file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

• Source/Destination Unit – Stack unit. (Range: 1 - 8)

Note: The maximum number of user-defined configuration files is

limited only by available flash memory space.

3-31

ONFIGURING THE SWITCH

Downloading Configuration Settings from a Server

You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg” can be copied to the TFTP server, but cannot be used as the destination on the switch.

Web – Click System, File Management, Copy Operation. Choose “tftp to startup-config” or “tftp to file,” and enter the IP address of the TFTP server. Specify the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click Apply.

3-32

Figure 3-13 Downloading Configuration Settings for Start-Up

ASIC CONFIGURATION

If you download to a new file name using “tftp to startup-config” or “tftp to file,” the file is automatically set as the start-up configuration file. To use the new settings, reboot the system via the System/Reset menu. You can also select any configuration file as the start-up configuration by using the System/File Management/Set Start-Up page.

Figure 3-14 Setting the Startup Configuration Settings

CLI – Enter the IP address of the TFTP server, specify the source file on

the server, set the startup file name on the switch, and then restart the switch.

Console#copy tftp startup-config 4-84 TFTP server ip address: 192.168.1.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming.

-Write to FLASH finish. Success.

Console#reload

To select another configuration file as the start-up configuration, use the boot system command and then restart the switch.

Console#config Console(config)#boot system config: startup 4-90 Console(config)#exit Console#reload 4-30

3-33

ONFIGURING THE SWITCH

Console Port Settings

You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port. Management access through the console port is controlled by various parameters, including a password, timeouts, and basic communication settings. These parameters can be configured via the web or CLI interface.

Command Attributes

• Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 0 - 300 seconds; Default: 0)

• Exec Timeout – Sets the interval that the system waits until user input is detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 0 - 65535 seconds; Default: 0 seconds)

• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts)

• Silent Time – Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded. (Range: 0-65535; Default: 0)

• Data Bits – Sets the number of data bits per character that are interpreted and generated by the console port. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character. (Default: 8 bits)

• Parity – Defines the generation of a parity bit. Communication protocols provided by some terminals can require a specific parity bit setting. Specify Even, Odd, or None. (Default: None)

• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match the baud rate of the

3-34

ASIC CONFIGURATION

device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Auto; Default: Auto)

• Stop Bits – Sets the number of the stop bits transmitted per byte. (Range: 1-2; Default: 1 stop bit)

• Password

– Specifies a password for the line connection. When a connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. (Default: No password)

• Login – Enables password checking at login. You can select authentication by a single global password as configured for the Password parameter, or by passwords set up for specific user-name accounts. (Default: Local)

Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply.

2. CLI only.

Figure 3-15 Configuring the Console Port

3-35

ONFIGURING THE SWITCH

CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level.

Console(config)#line console 4-15 Console(config-line)#login local 4-16 Console(config-line)#password 0 secret 4-17 Console(config-line)#timeout login response 0 4-18 Console(config-line)#exec-timeout 0 4-19 Console(config-line)#password-thresh 5 4-20 Console(config-line)#silent-time 60 4-21 Console(config-line)#databits 8 4-21 Console(config-line)#parity none 4-22 Console(config-line)#speed auto 4-23 Console(config-line)#stopbits 1 4-24 Console(config-line)#end Console#show line console 4-25 Console configuration: Password threshold: 5 times Interactive timeout: Disabled Login timeout: Disabled Silent time: 60 Baudrate: auto Databits: 8 Parity: none Stopbits: 1 Console#

Telnet Settings

You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other various parameters set, including the TCP port number, timeouts, and a password. These parameters can be configured via the web or CLI interface.

Command Attributes

• Telnet Status – Enables or disables Telnet access to the switch. (Default: Enabled)

• Telnet Port Number – Sets the TCP port number for Telnet on the switch. (Default: 23)

• Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout

3-36

SMC Networks SMC8724ML3, SMC8748ML3 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Key Features

Description of Software Features

System Defaults

Connecting to the Switch

Configuration Options

Required Connections

Remote Connections

Stack Operations

Selecting the Stack Master

Selecting the Backup Unit

Recovering from Stack Failure or Topology Change

Broken Link for Line and Wrap-around Topologies

Resilient IP Interface for Management Access

Resilient Configuration

Renumbering the Stack

Basic Configuration

Console Connection

Setting Passwords

Setting an IP Address

Manual Configuration

Dynamic Configuration

Enabling SNMP Management Access

Community Strings (for SNMP version 1 and 2c clients)

Trap Receivers

Configuring Access for SNMP Version 3 Clients

Saving Configuration Settings

Managing System Files

Using the Web Interface

Navigating the Web Browser Interface

Home Page

Configuration Options

Panel Display

Main Menu

Basic Configuration

Displaying System Information

Displaying Switch Hardware/Software Versions

Displaying Bridge Extension Capabilities

Configuring Support for Jumbo Frames

Setting the Switch’s IP Address

Manual Configuration

Using DHCP/BOOTP

Managing Firmware

Downloading System Software from a Server

Saving or Restoring Configuration Settings

Downloading Configuration Settings from a Server

Console Port Settings

Telnet Settings