SMC Networks TIGERSWITCH 10-100 User Manual

TigerSwitch 10/100

24-Port Fast Ethernet Switch

◆ 24 10BASE-T/100BASE-TX auto MDI/MDI-X ports

◆ Optional 1000BASE-X or 100BASE-FX modules

◆ 8.8 Gbps of aggregate bandwidth

◆ Non-blocking switching architecture

◆ Spanning Tree Protocol

◆ Up to four port trunks

◆ RADIUS authentication

◆ Rate limiting for bandwidth management

◆ QoS support for four-level priority

◆ Full support for VLANs with GVRP

◆ IP Multicasting with IGMP Snooping

◆ Manageable via console, Web, SNMP/RMON

Management Guide

SMC6724L2

TigerSwitch 10/100 Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

38 Tesla Irvine, CA 92618 Phone: (949) 679-8000

May 2003

Pub. # 150200033600A

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

IMITED

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE

ARRANTY

IMITED WARRANTY

FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

ONTENTS

1 Switch Management . . . . . . . . . . . . . . . . . . . . . . 1-1

Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6

Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

Enabling SNMP Management Access . . . . . . . . . . . . . . 1-10

Saving Configuration Settings . . . . . . . . . . . . . . . . . . . 1-12

Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13

System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14

2 Configuring the Switch . . . . . . . . . . . . . . . . . . . . 2-1

Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . 2-2

Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Displaying System Information . . . . . . . . . . . . . . . . . . . 2-9

Setting the IP Address . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Configuring User Authentication . . . . . . . . . . . . . . . . . . . . . . 2-15

Configuring the Logon Password . . . . . . . . . . . . . . . . . 2-15

Configuring RADIUS Logon Authentication . . . . . . . . . 2-17

Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20

Downloading System Software from a Server . . . . . . . . 2-20

Saving or Restoring Configuration Settings . . . . . . . . . . 2-22

Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24

Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . 2-24

Enabling or Disabling GVRP

(Global Setting) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27

Displaying Switch Hardware/Software Versions . . . . . . . . . . 2-28

ONTENTS

Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30

Displaying Connection Status . . . . . . . . . . . . . . . . . . . 2-30

Configuring Interface Connections . . . . . . . . . . . . . . . 2-32

Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . 2-34

Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . 2-37

Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38

Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . 2-39

Displaying the Address Table . . . . . . . . . . . . . . . . . . . 2-40

Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . 2-42

Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . 2-42

Managing Global Settings . . . . . . . . . . . . . . . . . . . . . . 2-43

Displaying the Global Settings for STA . . . . . . . . . . . . 2-45

Configuring the Global Settings for STA . . . . . . . . . . . 2-47

Managing STA Interface Settings . . . . . . . . . . . . . . . . . 2-47

Displaying the Interface Settings for STA . . . . . . . . . . 2-51

Configuring the Interface Settings for STA . . . . . . . . . . 2-52

VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-52

Displaying Basic VLAN Information . . . . . . . . . . . . . . 2-56

Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . 2-57

Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-59

Adding Static Members to VLANs (VLAN Index) . . . . . 2-61

Adding Static Members to VLANs (Port Index) . . . . . . 2-64

Configuring VLAN Behavior for Interfaces . . . . . . . . . 2-65

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 2-68

Displaying Current Private VLANs . . . . . . . . . . . . . . . 2-69

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . 2-71

Associating Community VLANs . . . . . . . . . . . . . . . . . 2-72

Displaying Private VLAN Interface Information . . . . . . 2-73

Configuring Private VLAN Interfaces . . . . . . . . . . . . . . 2-75

Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . 2-77

Setting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . 2-78

Port Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-79

Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-82

Setting Community Access Strings . . . . . . . . . . . . . . . 2-83

Specifying Trap Managers and Trap Types . . . . . . . . . 2-84

Multicast Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-86

Configuring IGMP Parameters . . . . . . . . . . . . . . . . . . 2-87

ONTENTS

Interfaces Attached to a Multicast Router . . . . . . . . . . . 2-89

Specifying Interfaces Attached to a Multicast Router . . . 2-91

Displaying Port Members of Multicast Services . . . . . . . 2-92

Adding Multicast Addresses to VLANs . . . . . . . . . . . . . 2-94

Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-96

Rate Limit Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-98

Configuring 802.1x Port Authentication . . . . . . . . . . . . . . . . 2-100

Displaying 802.1x Global Settings . . . . . . . . . . . . . . . 2-102

Configuring 802.1x Global Settings . . . . . . . . . . . . . . 2-103

Configuring a Port for Authorization . . . . . . . . . . . . . 2-105

Displaying 802.1x Statistics . . . . . . . . . . . . . . . . . . . . 2-107

3 Command Line Interface . . . . . . . . . . . . . . . . . . 3-1

Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . 3-1

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . 3-4

Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . 3-5

Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Negating the Effect of Commands . . . . . . . . . . . . . . . . . 3-6

Using Command History . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Understanding Command Modes . . . . . . . . . . . . . . . . . 3-7

Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . 3-8

Command Line Processing . . . . . . . . . . . . . . . . . . . . . 3-10

Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

iii

ONTENTS

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

System Management Commands . . . . . . . . . . . . . . . . . . . . . 3-26

hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30

ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31

show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32

show running-config . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40

radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41

radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42

radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . 3-42

radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Port Authentication Commands . . . . . . . . . . . . . . . . . . . . . . 3-44

authentication dot1x . . . . . . . . . . . . . . . . . . . . . . . . . 3-45

dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . 3-48

dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . 3-48

dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . 3-49

dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . 3-49

dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . 3-50

ONTENTS

show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54

snmp-server community . . . . . . . . . . . . . . . . . . . . . . . 3-54

snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55

snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . 3-56

snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57

snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . 3-58

show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59

IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 3-61

ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-61

ip igmp snooping query-count . . . . . . . . . . . . . . . . . . 3-62

ip igmp snooping query-max-response-time . . . . . . . . 3-63

ip igmp snooping router-port-expire-time . . . . . . . . . . 3-64

ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . 3-65

show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . 3-66

show mac-address-table multicast . . . . . . . . . . . . . . . . 3-67

Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68

line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69

password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71

exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72

password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73

silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74

databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75

parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76

speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77

stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78

show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78

IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79

ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80

ip dhcp restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81

ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-82

show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83

show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84

HOL Blocking Prevention Commands . . . . . . . . . . . . . . . . . . 3-86

queue hol-prevention . . . . . . . . . . . . . . . . . . . . . . . . . 3-86

ONTENTS

show queue hol-prevention . . . . . . . . . . . . . . . . . . . . 3-87

Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90

speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90

negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92

capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93

flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96

switchport broadcast percent . . . . . . . . . . . . . . . . . . . 3-97

clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-98

show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . 3-99

show interfaces counters . . . . . . . . . . . . . . . . . . . . . .3-100

show interfaces switchport . . . . . . . . . . . . . . . . . . . . .3-102

Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-104

rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-105

Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . .3-106

mac-address-table static . . . . . . . . . . . . . . . . . . . . . . .3-107

clear mac-address-table dynamic . . . . . . . . . . . . . . . .3-108

show mac-address-table . . . . . . . . . . . . . . . . . . . . . . .3-109

mac-address-table aging-time . . . . . . . . . . . . . . . . . . .3-110

show mac-address-table aging-time . . . . . . . . . . . . . .3-111

Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . .3-111

spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-112

spanning-tree forward-time . . . . . . . . . . . . . . . . . . . .3-113

spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . .3-114

spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . .3-115

spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . .3-116

spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . .3-116

spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . .3-117

spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . .3-118

show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . .3-119

VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-121

vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-122

vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-123

interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-124

switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-125

ONTENTS

switchport acceptable-frame-types . . . . . . . . . . . . . . 3-126

switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . 3-127

switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . 3-128

switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . 3-129

switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . 3-130

show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131

Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132

private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134

private vlan association . . . . . . . . . . . . . . . . . . . . . . 3-135

switchport mode private-vlan . . . . . . . . . . . . . . . . . . 3-136

switchport private-vlan host-association . . . . . . . . . . . 3-137

switchport private-vlan mapping . . . . . . . . . . . . . . . . 3-138

show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . 3-139

GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . 3-140

switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140

show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . 3-141

garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142

show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143

bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144

show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145

Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146

queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147

show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147

Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148

port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148

show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149

Port Trunking Commands . . . . . . . . . . . . . . . . . . . . . . . . . 3-150

port-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152

vii

ONTENTS

A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . .A-1

Troubleshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

B Upgrading Firmware via the Serial Port . . . . . . .B-1

Restoring Switch Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4

C Pin Assignments . . . . . . . . . . . . . . . . . . . . . . . . . .C-1

Console Port Pin Assignments . . . . . . . . . . . . . . . . . . . . . . . . C-1

DB-9 Port Pin Assignments . . . . . . . . . . . . . . . . . . . . . C-2

Console Port to 9-Pin DTE Port on PC . . . . . . . . . . . . . C-2

Console Port to 25-Pin DTE Port on PC . . . . . . . . . . . . C-2

Glossary

Index

viii

HAPTER

WITCH

ANAGEMENT

Connecting to the Switch

Configuration Options

This switch includes a built-in network management agent. The agent offers a variety RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).

Note: The IP address for this switch is unassigned by default. To

change this address, see “Setting an IP Address” on page 1-7.

The switch’s HTTP Web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard Web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s Web management interface can be accessed from any computer attached to the network.

of management options, including SNMP,

The switch’s management agent is based on SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using the appropriate management software.

The CLI program can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.

1-1

WITCH MANAGEMENT

The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions:

• Set user names and passwords for up to 16 users

• Set an IP interface for a management VLAN

• Configure SNMP parameters and enable traps

• Enable/disable any port

• Configure private VLANs for port isolation

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by rate limiting

• Configure up to 127 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Upload and download of system firmware via TFTP

• Upload and download of switch configuration files via TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

• Configure up to four static trunks

• Enable port mirroring

• DHCP filtering

• Set broadcast storm control on any port

• Display system information and statistics

• Configure port authentication

1-2

ONNECTING TO THE SWITCH

• RADIUS client support

• MAC filtering security

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in Appendix B.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a

PC running terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on

the switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1, or COM port 2).

• Set the data rate to 9600 baud.

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows keys.

1-3

WITCH MANAGEMENT

Note: When using HyperTerminal with Microsoft® Windows®

2000, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs.

4. Once you have set up the terminal correctly, the console login screen will be displayed.

Note: Refer to “IGMP Snooping Commands” on page 3-61 for a

complete description of console configuration options.

For a description of how to use the CLI, see “Using the Command Line Interface” on page 3-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 3-10.

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol.

The IP address for this switch is unassigned by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 1-7.

Note: This switch supports four concurrent Telnet sessions.

After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a Web

1-4

ASIC CONFIGURATION

browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using network management software.

Note: The onboard program only provides access to basic

configuration functions. To access the full range of SNMP management functions, you must use SNMP-based network management software.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and only allow you to display information and use basic utilities. To fully configure switch parameters, you must access the CLI at the Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level.

1-5

WITCH MANAGEMENT

Setting Passwords

Note: If this is your first time to log into the CLI program, you

should define new passwords for both default user names using the “username” command, record them and put them in a safe place.

Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows:

1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>.

1-6

Username: admin Password:

CLI session with the TigerSwitch 10/100 6724L2 Managed 24+2 Standalone Switch is opened. To end the CLI session, enter [Exit].

Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)#

ASIC CONFIGURATION

Setting an IP Address

You must establish IP address information for the switch to obtain management access through the network. This can be done in either of the following ways:

Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.

Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network.

Note: Only one VLAN interface can be assigned an IP address

(the default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address and this becomes the new management VLAN.

Manual Configuration

You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.

Note: The IP address for this switch is unassigned by default.

Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:

• IP address for the switch

1-7

WITCH MANAGEMENT

• Default gateway for the network

• Network mask for this network

To assign an IP address to the switch, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP address and “netmask” is the network mask for the network. Press <Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.

4. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)#

Dynamic Configuration

If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart” command to start broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information. (BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.)

1-8

ASIC CONFIGURATION

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on.

To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following commands:

• To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>.

• To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

4. Type “ip dhcp restart” to begin broadcasting service requests. Press <Enter>.

5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>.

1-9

WITCH MANAGEMENT

6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart Console#show ip interface IP interface vlan

IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1,

and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup

Console#

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.

Community Strings

Community strings are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users or user groups, and set the access level.

1-10

ASIC CONFIGURATION

The default strings are:

• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

• private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects.

Note: If you do not intend to utilize SNMP, it is recommended

that you delete both of the default community strings. If there are no community strings, then SNMP management access to the switch is disabled.

To prevent unauthorized access to the switch via SNMP, it is recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode

prompt, type “snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>.

2. To remove an existing string, simply type “no snmp-server

community string,” where “string” is the community access string to remove. Press <Enter>.

Console(config)#snmp-server community abc rw Console(config)#snmp-server community private Console(config)#

1-11

WITCH MANAGEMENT

Trap Receivers

You can also specify SNMP stations that are to receive traps from the switch.

To configure a trap receiver, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host. Press <Enter>.

2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either authentication or link-up-down. Press <Enter>.

Console(config)#snmp-server enable traps link-up-down Console(config)#

Saving Configuration Settings

Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in nonvolatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config startup-config” and press <Enter>.

1-12

ANAGING SYSTEM FILES

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

Console#

Managing System Files

The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.

The three types of files are:

• Configuration — This file stores system configuration information and is created when configuration settings are saved. Saved configuration files can be selected as a system start-up file or can be uploaded via TFTP to a server for backup. A file named “Factory_Default_Config.cfg” contains all the system default settings and cannot be deleted from the system. See “Saving or Restoring Configuration Settings” on page 2-22 for more information.

• Operation Code — System software that is executed after boot-up, also known as run-time code. This code runs the switch operation and provides the CLI and Web management interfaces. See “Managing Firmware” on page 2-20 for more information.

• Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test). This code

1-13

WITCH MANAGEMENT

also provides a facility to upload firmware files to the system directly through the console port. See “Upgrading Firmware via the Serial Port” on page B-1.

Due to the size limit of the flash memory, the switch supports only one operation code file, and two diagnostic code files. However, you can have as many configuration files as available flash memory space allows.

In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded. Configuration files can also be loaded while the system is running; however, this will automatically reboot the switch.

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 2-22).

The following table lists some of the basic system defaults.

Function Parameter Default

IP Settings Management VLAN 1

IP Address 0.0.0.0

Subnet Mask 255.0.0.0

Default Gateway 0.0.0.0

DHCP Disabled

BOOTP Disabled

Web Management

HTTP Server Enabled

HTTP Port Number 80

1-14

YSTEM DEFAULTS

Function Parameter Default

SNMP Community Strings “public” (read only)

“private” (read/write)

Traps Authentication traps: enabled

Link-up-down events: enabled

Security Privileged Exec Level Username “admin”

Password “admin”

Normal Exec Level Username “guest”

Password “guest”

Console Port Connection

Enable Privileged Exec from Normal Exec Level

RADIUS Authentication Disabled

Baud Rate 9600

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Password “super”

1-15

WITCH MANAGEMENT

Function Parameter Default

Port Status Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

10/100 Mbps Port Capability

10/100/1000 Mbps Port Capability

Link Aggregation

Spanning Tree Protocol

Address Table Aging Time 300 seconds

Static Trunks None

Status Enabled

Fast Forwarding Disabled

10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex Full-duplex flow control disabled

10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex Symmetric flow control disabled

(Defaults: All values based on IEEE 802.1D)

1-16

+ 288 hidden pages