TP-LINK TL-SL5428 User Manual
TL-SL5428
24-Port 10/100 + 4-Port Gigabit Managed Switch
Rev: 1.0.0
1910010123
COPYRIGHT & TRADEMARKS
®
is a registered
trademark
of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names
are trademarks or registered trademarks of their respective holders.
No part of the specifications may be reproduced in any form or by any means or used
to make any derivative such as translation, transformation, or adaptation without
permission from TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2008 TP-LINK
TECHNOLOGIES CO., LTD. All rights reserved.
http://www.tp-link.com
Specifications are subject to change without notice.
FCC STATEMENT
This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential installation.
This equipment generates, uses and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions, may cause harmful
interference to radio communications. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which
the receiver is connected.
• Consult the dealer or an experienced radio/ TV technician for help.
This device complies with part 15 of the FCC Rules. Operation is subject to the
following two conditions:
1) This device may not cause harmful interference.
2) This device must accept any interference received, including interference that
may cause undesired operation.
Any changes or modifications not expressly approved by the party responsible for
compliance could void the user’s authority to operate the equipment.
CE Mark Warning
This is a class A product. In a domestic environment, this product may cause radio
interference, in which case the user may be required to take adequate measures.
Contents
Chapter 1: Introduction 1-1
Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6
Chapter 2: Initial Configuration 2-1
Connecting to the Switch 2-1
Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3
Basic Configuration 2-3
Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4
Manual Configuration 2-4
Dynamic Configuration 2-5
Enabling SNMP Management Access 2-6
Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8
Saving Configuration Settings 2-8
Managing System Files 2-9
Chapter 3: Configuring the Switch 3-1
Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2
Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-12
Displaying System Information 3-12
Displaying Switch Hardware/Software Versions 3-13
Displaying Bridge Extension Capabilities 3-15
Setting the Switch’s IP Address 3-16
Manual Configuration 3-17
Using DHCP/BOOTP 3-18
Enabling Jumbo Frames 3-19
Managing Firmware 3-19
Downloading System Software from a Server 3-20
i
Contents
Saving or Restoring Configuration Settings 3-21
Downloading Configuration Settings from a Server 3-22
Console Port Settings 3-23
Telnet Settings 3-25
Configuring Event Logging 3-28
Displaying Log Messages 3-28
System Log Configuration 3-28
Remote Log Configuration 3-30
Simple Mail Transfer Protocol 3-31
Resetting the System 3-33
Setting the System Clock 3-34
Setting the Time Manually 3-34
Configuring SNTP 3-34
Configuring NTP 3-35
Setting the Time Zone 3-37
Simple Network Management Protocol 3-38
Setting Community Access Strings 3-40
Specifying Trap Managers and Trap Types 3-41
Enabling SNMP Agent Status 3-42
Configuring SNMPv3 Management Access 3-43
Setting the Local Engine ID 3-43
Specifying a Remote Engine ID 3-45
Configuring SNMPv3 Users 3-45
Configuring Remote SNMPv3 Users 3-47
Configuring SNMPv3 Groups 3-48
Setting SNMPv3 Views 3-50
User Authentication 3-51
Configuring User Accounts 3-52
Configuring Local/Remote Logon Authentication 3-54
Configuring Encryption Keys 3-58
AAA Authorization and Accounting 3-59
Configuring AAA RADIUS Group Settings 3-60
Configuring AAA TACACS+ Group Settings 3-60
Configuring AAA Accounting 3-61
AAA Accounting Update 3-63
AAA Accounting 802.1X Port Settings 3-63
AAA Accounting Exec Command Privileges 3-64
AAA Accounting Exec Settings 3-66
AAA Accounting Summary 3-66
Authorization Settings 3-68
Authorization EXEC Settings 3-69
Authorization Summary 3-69
Configuring HTTPS 3-70
Replacing the Default Secure-site Certificate 3-71
Configuring the Secure Shell 3-72
ii
Contents
Configuring the SSH Server 3-75
Generating the Host Key Pair 3-76
Importing User Public Keys 3-77
Configuring Port Security 3-81
Configuring 802.1X Port Authentication 3-82
Displaying 802.1X Global Settings 3-84
Configuring 802.1X Global Settings 3-84
Configuring Port Settings for 802.1X 3-85
Displaying 802.1X Statistics 3-88
Web Authentication 3-89
Configuring Web Authentication 3-90
Configuring Web Authentication for Ports 3-91
Displaying Web Authentication Port Information 3-92
Re-authenticating Web Authenticated Ports 3-93
Network Access – MAC Address Authentication 3-94
Configuring the MAC Authentication Reauthentication Time 3-95
Configuring MAC Authentication for Ports 3-95
Configuring Port Link Detection 3-97
Displaying Secure MAC Address Information 3-98
MAC Authentication 3-99
Configuring MAC authentication parameters for ports 3-99
Access Control Lists 3-100
Configuring Access Control Lists 3-101
Setting the ACL Name and Type 3-101
Configuring a Standard IP ACL 3-102
Configuring an Extended IP ACL 3-103
Configuring a MAC ACL 3-106
Binding a Port to an Access Control List 3-107
Filtering IP Addresses for Management Access 3-108
Port Configuration 3-111
Displaying Connection Status 3-111
Configuring Interface Connections 3-113
Creating Trunk Groups 3-115
Statically Configuring a Trunk 3-116
Enabling LACP on Selected Ports 3-117
Configuring LACP Parameters 3-119
Displaying LACP Port Counters 3-121
Displaying LACP Settings and Status for the Local Side 3-123
Displaying LACP Settings and Status for the Remote Side 3-125
Setting Broadcast Storm Thresholds 3-126
Configuring Port Mirroring 3-128
Configuring Rate Limits 3-129
Rate Limit Configuration 3-129
Showing Port Statistics 3-130
Address Table Settings 3-134
iii
Contents
Setting Static Addresses 3-134
Displaying the Address Table 3-135
Changing the Aging Time 3-137
Spanning Tree Algorithm Configuration 3-137
Configuring Port and Trunk Loopback Detection 3-139
Displaying Global Settings 3-141
Configuring Global Settings 3-143
Displaying Interface Settings 3-147
Configuring Interface Settings 3-149
Configuring Multiple Spanning Trees 3-151
Displaying Interface Settings for MSTP 3-154
Configuring Interface Settings for MSTP 3-156
VLAN Configuration 3-158
IEEE 802.1Q VLANs 3-158
Enabling or Disabling GVRP (Global Setting) 3-161
Displaying Basic VLAN Information 3-162
Displaying Current VLANs 3-162
Creating VLANs 3-164
Adding Static Members to VLANs (VLAN Index) 3-165
Adding Static Members to VLANs (Port Index) 3-167
Configuring VLAN Behavior for Interfaces 3-168
Configuring IEEE 802.1Q Tunneling 3-170
Enabling QinQ Tunneling on the Switch 3-173
Adding an Interface to a QinQ Tunnel 3-175
Private VLANs 3-176
Displaying Current Private VLANs 3-177
Configuring Private VLANs 3-178
Associating VLANs 3-179
Displaying Private VLAN Interface Information 3-180
Configuring Private VLAN Interfaces 3-181
Protocol VLANs 3-182
Protocol VLAN Group Configuration 3-182
Protocol VLAN System Configuration 3-183
Link Layer Discovery Protocol 3-184
Setting LLDP Timing Attributes 3-184
Configuring LLDP Interface Attributes 3-186
Displaying LLDP Local Device Information 3-189
Displaying LLDP Remote Port Information 3-190
Displaying LLDP Remote Information Details 3-191
Displaying Device Statistics 3-192
Displaying Detailed Device Statistics 3-193
Class of Service Configuration 3-194
Layer 2 Queue Settings 3-194
Setting the Default Priority for Interfaces 3-194
Mapping CoS Values to Egress Queues 3-195
iv
Contents
Enabling CoS 3-197
Selecting the Queue Mode 3-198
Setting the Service Weight for Traffic Classes 3-198
Layer 3/4 Priority Settings 3-199
Mapping Layer 3/4 Priorities to CoS Values 3-199
Enabling IP DSCP Priority 3-200
Mapping DSCP Priority 3-201
Quality of Service 3-202
Configuring Quality of Service Parameters 3-203
Configuring a Class Map 3-203
Creating QoS Policies 3-206
Attaching a Policy Map to Ingress Queues 3-209
VoIP Traffic Configuration 3-210
Configuring VoIP Traffic 3-210
Configuring VoIP Traffic Port 3-211
Configuring Telephony OUI 3-213
Multicast Filtering 3-215
Layer 2 IGMP (Snooping and Query) 3-215
Configuring IGMP Snooping and Query Parameters 3-216
Enabling IGMP Immediate Leave 3-218
Displaying Interfaces Attached to a Multicast Router 3-219
Specifying Static Interfaces for a Multicast Router 3-220
Displaying Port Members of Multicast Services 3-221
Assigning Ports to Multicast Services 3-222
IGMP Filtering and Throttling 3-223
Enabling IGMP Filtering and Throttling 3-224
Configuring IGMP Filter Profiles 3-225
Configuring IGMP Filtering and Throttling for Interfaces 3-226
Multicast VLAN Registration 3-228
Configuring Global MVR Settings 3-229
Displaying MVR Interface Status 3-230
Displaying Port Members of Multicast Groups 3-231
Configuring MVR Interface Status 3-232
Assigning Static Multicast Groups to Interfaces 3-234
DHCP Snooping 3-235
DHCP Snooping Configuration 3-236
DHCP Snooping VLAN Configuration 3-236
DHCP Snooping Information Option Configuration 3-237
DHCP Snooping Port Configuration 3-238
DHCP Snooping Binding Information 3-239
IP Source Guard 3-240
IP Source Guard Port Configuration 3-240
Static IP Source Guard Binding Configuration 3-241
Dynamic IP Source Guard Binding Information 3-242
Switch Clustering 3-243
v
Contents
Cluster Configuration 3-244
Cluster Member Configuration 3-245
Cluster Member Information 3-246
Cluster Candidate Information 3-247
UPnP 3-248
UPnP Configuration 3-248
Chapter 4: Command Line Interface 4-1
Using the Command Line Interface 4-1
Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-2
Entering Commands 4-3
Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-6
Negating the Effect of Commands 4-6
Using Command History 4-6
Understanding Command Modes 4-6
Exec Commands 4-7
Configuration Commands 4-8
Command Line Processing 4-10
Command Groups 4-11
Line Commands 4-12
line 4-13
login 4-13
password 4-14
timeout login response 4-15
exec-timeout 4-15
password-thresh 4-16
silent-time 4-17
databits 4-17
parity 4-18
speed 4-19
stopbits 4-19
disconnect 4-20
show line 4-20
General Commands 4-21
enable 4-21
disable 4-22
configure 4-23
vi
Contents
show history 4-23
reload 4-24
reload cancel 4-24
show reload 4-25
end 4-25
exit 4-26
quit 4-26
System Management Commands 4-27
Device Designation Commands 4-27
prompt 4-27
hostname 4-28
Banner 4-28
banner configure 4-29
banner configure company 4-30
banner configure dc-power-info 4-31
banner configure department 4-31
banner configure equipment-info 4-32
banner configure equipment-location 4-33
banner configure ip-lan 4-33
banner configure lp-number 4-34
banner configure manager-info 4-35
banner configure mux 4-35
banner configure note 4-36
show banner 4-37
User Access Commands 4-38
username 4-38
enable password 4-39
IP Filter Commands 4-40
management 4-40
show management 4-41
Web Server Commands 4-42
ip http port 4-42
ip http server 4-42
ip http secure-server 4-43
ip http secure-port 4-44
Telnet Server Commands 4-45
ip telnet port 4-45
ip telnet server 4-45
Secure Shell Commands 4-46
ip ssh server 4-48
ip ssh timeout 4-49
ip ssh authentication-retries 4-49
ip ssh server-key size 4-50
delete public-key 4-50
ip ssh crypto host-key generate 4-51
vii
Contents
ip ssh crypto zeroize 4-51
ip ssh save host-key 4-52
show ip ssh 4-52
show ssh 4-53
show public-key 4-54
Event Logging Commands 4-55
logging on 4-55
logging history 4-56
logging host 4-57
logging facility 4-57
logging trap 4-58
clear logging 4-58
show logging 4-59
show log 4-60
SMTP Alert Commands 4-61
logging sendmail host 4-61
logging sendmail level 4-62
logging sendmail source-email 4-63
logging sendmail destination-email 4-63
logging sendmail 4-64
show logging sendmail 4-64
Time Commands 4-65
sntp client 4-65
sntp server 4-66
sntp poll 4-67
show sntp 4-67
ntp client 4-68
ntp server 4-69
ntp poll 4-70
ntp authenticate 4-70
ntp authentication-key 4-71
show ntp 4-72
clock timezone-predefined 4-72
clock timezone 4-73
clock summer-time (date) 4-74
clock summer-time (predefined) 4-75
clock summer-time (recurring) 4-76
calendar set 4-77
show calendar 4-77
System Status Commands 4-78
show startup-config 4-78
show running-config 4-79
show system 4-82
show users 4-82
show version 4-83
viii
Contents
Frame Size Commands 4-84
jumbo frame 4-84
Flash/File Commands 4-85
copy 4-85
delete 4-88
dir 4-89
whichboot 4-90
boot system 4-90
Authentication Commands 4-91
Authentication Sequence 4-91
authentication login 4-92
authentication enable 4-93
RADIUS Client 4-94
radius-server host 4-95
radius-server acct-port 4-95
radius-server auth-port 4-96
radius-server key 4-96
radius-server retransmit 4-97
radius-server timeout 4-97
show radius-server 4-97
TACACS+ Client 4-98
tacacs-server host 4-98
tacacs-server port 4-99
tacacs-server key 4-99
tacacs-server retransmit 4-100
tacacs-server timeout 4-100
show tacacs-server 4-101
AAA Commands 4-102
aaa group server 4-102
server 4-103
aaa accounting dot1x 4-103
aaa accounting exec 4-104
aaa accounting commands 4-105
aaa accounting update 4-106
accounting dot1x 4-107
accounting exec 4-107
accounting commands 4-108
aaa authorization exec 4-108
authorization exec 4-109
show accounting 4-110
Port Security Commands 4-111
port security 4-111
802.1X Port Authentication 4-112
dot1x system-auth-control 4-113
dot1x default 4-113
ix
Contents
dot1x max-req 4-114
dot1x port-control 4-114
dot1x operation-mode 4-115
dot1x re-authenticate 4-115
dot1x re-authentication 4-116
dot1x timeout quiet-period 4-116
dot1x timeout re-authperiod 4-117
dot1x timeout tx-period 4-117
dot1x intrusion-action 4-118
show dot1x 4-118
Network Access – MAC Address Authentication 4-121
network-access mode 4-121
network-access max-mac-count 4-122
mac-authentication intrusion-action 4-123
mac-authentication max-mac-count 4-123
network-access dynamic-qos 4-124
network-access dynamic-vlan 4-124
network-access guest-vlan 4-125
network-access link-detection 4-125
network-access link-detection link-down 4-126
network-access link-detection link-up 4-126
network-access link-detection link-up-down 4-127
mac-authentication reauth-time 4-127
clear network-access 4-128
show network-access 4-128
show network-access mac-address-table 4-129
Web Authentication 4-130
web-auth login-attempts 4-131
web-auth login-fail-page-url 4-131
web-auth login-page-url 4-132
web-auth login-success-page-url 4-132
web-auth quiet-period 4-133
web-auth session-timeout 4-133
web-auth system-auth-control 4-134
web-auth 4-134
show web-auth 4-135
show web-auth interface 4-135
web-auth re-authenticate (Port) 4-136
web-auth re-authenticate (IP) 4-136
show web-auth summary 4-137
Access Control List Commands 4-139
IP ACLs 4-140
access-list ip 4-140
permit, deny (Standard ACL) 4-141
permit, deny (Extended ACL) 4-141
x
Contents
show ip access-list 4-143
ip access-group 4-143
show ip access-group 4-144
MAC ACLs 4-144
access-list mac 4-145
permit, deny (MAC ACL) 4-146
show mac access-list 4-147
mac access-group 4-148
show mac access-group 4-148
ACL Information 4-149
show access-list 4-149
show access-group 4-149
SNMP Commands 4-150
snmp-server 4-151
show snmp 4-151
snmp-server community 4-152
snmp-server contact 4-153
snmp-server location 4-153
snmp-server host 4-154
snmp-server enable traps 4-156
snmp-server engine-id 4-157
show snmp engine-id 4-158
snmp-server view 4-159
show snmp view 4-160
snmp-server group 4-160
show snmp group 4-161
snmp-server user 4-163
show snmp user 4-165
Interface Commands 4-166
interface 4-166
description 4-167
speed-duplex 4-167
negotiation 4-168
capabilities 4-169
flowcontrol 4-170
shutdown 4-171
switchport packet-rate 4-172
clear counters 4-172
show interfaces status 4-173
show interfaces counters 4-174
show interfaces switchport 4-175
Mirror Port Commands 4-177
port monitor 4-177
show port monitor 4-178
Rate Limit Commands 4-179
xi
Contents
rate-limit 4-179
Link Aggregation Commands 4-180
channel-group 4-181
lacp 4-182
lacp system-priority 4-183
lacp admin-key (Ethernet Interface) 4-184
lacp admin-key (Port Channel) 4-185
lacp port-priority 4-186
show lacp 4-186
Address Table Commands 4-190
mac-address-table static 4-190
clear mac-address-table dynamic 4-191
show mac-address-table 4-191
mac-address-table aging-time 4-192
show mac-address-table aging-time 4-193
LLDP Commands 4-193
lldp 4-195
lldp holdtime-multiplier 4-195
lldp medFastStartCount 4-196
lldp notification-interval 4-196
lldp refresh-interval 4-197
lldp reinit-delay 4-198
lldp tx-delay 4-198
lldp admin-status 4-199
lldp notification 4-199
lldp mednotification 4-200
lldp basic-tlv management-ip-address 4-201
lldp basic-tlv port-description 4-201
lldp basic-tlv system-capabilities 4-202
lldp basic-tlv system-description 4-202
lldp basic-tlv system-name 4-203
lldp dot1-tlv proto-ident 4-203
lldp dot1-tlv proto-vid 4-204
lldp dot1-tlv pvid 4-204
lldp dot1-tlv vlan-name 4-205
lldp dot3-tlv link-agg 4-205
lldp dot3-tlv mac-phy 4-206
lldp dot3-tlv max-frame 4-206
lldp dot3-tlv poe 4-207
lldp medtlv extpoe 4-207
lldp medtlv inventory 4-208
lldp medtlv location 4-208
lldp medtlv med-cap 4-209
lldp medtlv network-policy 4-209
show lldp config 4-210
xii
Contents
show lldp info local-device 4-212
show lldp info remote-device 4-213
show lldp info statistics 4-213
UPnP Commands 4-215
upnp device 4-215
upnp device ttl 4-216
upnp device advertise duration 4-216
show upnp 4-217
Spanning Tree Commands 4-217
spanning-tree 4-218
spanning-tree mode 4-219
spanning-tree forward-time 4-220
spanning-tree hello-time 4-221
spanning-tree max-age 4-221
spanning-tree priority 4-222
spanning-tree pathcost method 4-222
spanning-tree transmission-limit 4-223
spanning-tree mst-configuration 4-223
mst vlan 4-224
mst priority 4-225
name 4-225
revision 4-226
max-hops 4-226
spanning-tree spanning-disabled 4-227
spanning-tree cost 4-227
spanning-tree port-priority 4-228
spanning-tree edge-port 4-229
spanning-tree portfast 4-230
spanning-tree link-type 4-231
spanning-tree loopback-detection 4-231
spanning-tree loopback-detection release-mode 4-232
spanning-tree loopback-detection trap 4-233
spanning-tree mst cost 4-233
spanning-tree mst port-priority 4-234
spanning-tree protocol-migration 4-235
show spanning-tree 4-235
show spanning-tree mst configuration 4-237
VLAN Commands 4-238
GVRP and Bridge Extension Commands 4-238
bridge-ext gvrp 4-239
show bridge-ext 4-239
switchport gvrp 4-240
show gvrp configuration 4-240
garp timer 4-241
show garp timer 4-241
xiii
Contents
Editing VLAN Groups 4-242
vlan database 4-242
vlan 4-243
Configuring VLAN Interfaces 4-244
interface vlan 4-244
switchport mode 4-245
switchport acceptable-frame-types 4-246
switchport ingress-filtering 4-246
switchport native vlan 4-247
switchport allowed vlan 4-248
switchport forbidden vlan 4-249
Displaying VLAN Information 4-250
show vlan 4-250
Configuring IEEE 802.1Q Tunneling 4-251
dot1q-tunnel system-tunnel-control 4-251
switchport dot1q-tunnel mode 4-252
switchport dot1q-tunnel tpid 4-253
show dot1q-tunnel 4-253
Configuring Private VLANs 4-254
private-vlan 4-256
private vlan association 4-256
switchport mode private-vlan 4-257
switchport private-vlan host-association 4-258
switchport private-vlan isolated 4-258
switchport private-vlan mapping 4-259
show vlan private-vlan 4-259
Configuring Protocol-based VLANs 4-261
protocol-vlan protocol-group (Configuring Groups) 4-261
protocol-vlan protocol-group (Configuring VLANs) 4-262
show protocol-vlan protocol-group 4-263
show protocol-vlan protocol-group-vid 4-263
Priority Commands 4-264
Priority Commands (Layer 2) 4-264
queue mode 4-265
switchport priority default 4-265
queue bandwidth 4-266
queue cos-map 4-267
show queue mode 4-268
show queue bandwidth 4-268
show queue cos-map 4-269
Priority Commands (Layer 3 and 4) 4-269
map ip dscp (Global Configuration) 4-269
map ip dscp (Interface Configuration) 4-270
show map ip dscp 4-271
Quality of Service Commands 4-272
xiv
Contents
class-map 4-273
match 4-274
policy-map 4-275
class 4-276
set 4-277
police 4-277
service-policy 4-278
show class-map 4-279
show policy-map 4-279
show policy-map interface 4-280
Voice VLAN Commands 4-280
voice vlan 4-281
voice vlan aging 4-282
voice vlan mac-address 4-282
switchport voice vlan 4-283
switchport voice vlan rule 4-284
switchport voice vlan security 4-284
switchport voice vlan priority 4-285
show voice vlan 4-286
Multicast Filtering Commands 4-287
IGMP Snooping Commands 4-287
ip igmp snooping 4-288
ip igmp snooping vlan static 4-288
ip igmp snooping version 4-289
ip igmp snooping leave-proxy 4-289
ip igmp snooping immediate-leave 4-290
show ip igmp snooping 4-291
show mac-address-table multicast 4-291
IGMP Query Commands (Layer 2) 4-292
ip igmp snooping querier 4-292
ip igmp snooping query-count 4-293
ip igmp snooping query-interval 4-293
ip igmp snooping query-max-response-time 4-294
ip igmp snooping router-port-expire-time 4-295
Static Multicast Routing Commands 4-295
ip igmp snooping vlan mrouter 4-296
show ip igmp snooping mrouter 4-296
IGMP Filtering and Throttling Commands 4-297
ip igmp filter (Global Configuration) 4-298
ip igmp profile 4-298
permit, deny 4-299
range 4-299
ip igmp filter (Interface Configuration) 4-300
ip igmp max-groups 4-300
ip igmp max-groups action 4-301
xv
Contents
show ip igmp filter 4-302
show ip igmp profile 4-302
show ip igmp throttle interface 4-303
Multicast VLAN Registration Commands 4-304
mvr (Global Configuration) 4-304
mvr (Interface Configuration) 4-305
show mvr 4-307
IP Interface Commands 4-309
ip address 4-309
ip default-gateway 4-310
ip dhcp restart 4-311
show ip interface 4-311
show ip redirects 4-312
ping 4-312
IP Source Guard Commands 4-313
ip source-guard 4-313
ip source-guard binding 4-315
show ip source-guard 4-316
show ip source-guard binding 4-316
DHCP Snooping Commands 4-317
ip dhcp snooping 4-317
ip dhcp snooping vlan 4-319
ip dhcp snooping trust 4-320
ip dhcp snooping verify mac-address 4-321
ip dhcp snooping information option 4-321
ip dhcp snooping information policy 4-322
ip dhcp snooping database flash 4-323
show ip dhcp snooping 4-323
show ip dhcp snooping binding 4-324
Switch Cluster Commands 4-324
cluster 4-324
cluster commander 4-325
cluster ip-pool 4-326
cluster member 4-326
rcommand 4-327
show cluster 4-327
show cluster members 4-328
show cluster candidates 4-328
Appendix A: Software Specifications A-1
Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3
xvi
Contents
Appendix B: Troubleshooting B-1
Problems Accessing the Management Interface B-1
Using System Logs B-2
Glossary
Index
xvii
Contents
xviii
Tables
Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-6
Table 3-1 Configuration Options 3-3
Table 3-2 Main Menu 3-4
Table 3-3 Logging Levels 3-29
Table 3-5 Supported Notification Messages 3-48
Table 3-6 HTTPS System Support 3-70
Table 3-7 802.1X Statistics 3-88
Table 3-8 LACP Port Counters 3-121
Table 3-9 LACP Internal Configuration Information 3-123
Table 3-10 LACP Neighbor Configuration Information 3-125
Table 3-11 Port Statistics 3-130
Table 3-12 Mapping CoS Values to Egress Queues 3-196
Table 3-13 CoS Priority Levels 3-196
Table 3-14 Mapping DSCP Priority Values 3-201
Table 4-1 Command Modes 4-7
Table 4-2 Configuration Modes 4-8
Table 4-3 Command Line Processing 4-10
Table 4-4 Command Groups 4-11
Table 4-5 Line Commands 4-12
Table 4-6 General Commands 4-21
Table 4-7 System Management Commands 4-27
Table 4-8 Device Designation Commands 4-27
Table 4-9 Banner Commands 4-28
Table 4-10 User Access Commands 4-38
Table 4-11 Default Login Settings 4-38
Table 4-12 IP Filter Commands 4-40
Table 4-13 Web Server Commands 4-42
Table 4-14 HTTPS System Support 4-43
Table 4-15 Telnet Server Commands 4-45
Table 4-16 SSH Commands 4-46
Table 4-17 show ssh - display description 4-53
Table 4-18 Event Logging Commands 4-55
Table 4-19 Logging Levels 4-56
Table 4-20 show logging flash/ram - display description 4-59
Table 4-21 show logging trap - display description 4-60
Table 4-22 SMTP Alert Commands 4-61
Table 4-23 Time Commands 4-65
Table 4-24 Predefined Summer-Time Parameters 4-75
Table 4-25 System Status Commands 4-78
Table 4-26 Frame Size Commands 4-84
Table 4-27 Flash/File Commands 4-85
xix
Tables
Table 4-28 File Directory Information 4-89
Table 4-29 Authentication Commands 4-91
Table 4-30 Authentication Sequence 4-91
Table 4-31 RADIUS Client Commands 4-94
Table 4-32 TACACS Commands 4-98
Table 4-34 Port Security Commands 4-111
Table 4-35 802.1X Port Authentication 4-112
Table 4-36 Network Access 4-121
Table 4-37 Web Authentication 4-130
Table 4-38 Access Control Lists 4-139
Table 4-39 IP ACLs 4-140
Table 4-40 MAC ACL Commands 4-144
Table 4-41 ACL Information 4-149
Table 4-42 SNMP Commands 4-150
Table 4-43 show snmp engine-id - display description 4-158
Table 4-44 show snmp view - display description 4-160
Table 4-45 show snmp group - display description 4-163
Table 4-46 show snmp user - display description 4-165
Table 4-47 Interface Commands 4-166
Table 4-48 Interfaces Switchport Statistics 4-176
Table 4-49 Mirror Port Commands 4-177
Table 4-50 Rate Limit Commands 4-179
Table 4-51 Link Aggregation Commands 4-180
Table 4-52 show lacp counters - display description 4-187
Table 4-53 show lacp internal - display description 4-188
Table 4-54 show lacp neighbors - display description 4-189
Table 4-55 show lacp sysid - display description 4-189
Table 4-56 Address Table Commands 4-190
Table 4-57 LLDP Commands 4-193
Table 4-58 Spanning Tree Commands 4-217
Table 4-59 VLANs 4-238
Table 4-60 GVRP and Bridge Extension Commands 4-238
Table 4-61 Editing VLAN Groups 4-242
Table 4-62 Configuring VLAN Interfaces 4-244
Table 4-63 Show VLAN Commands 4-250
Table 4-64 IEEE 802.1Q Tunneling Commands 4-251
Table 4-65 Private VLAN Commands 4-254
Table 4-66 Protocol-based VLAN Commands 4-261
Table 4-67 Priority Commands 4-264
Table 4-68 Priority Commands (Layer 2) 4-264
Table 4-69 Default CoS Values to Egress Queues 4-267
Table 4-70 Priority Commands (Layer 3 and 4) 4-269
Table 4-71 IP DSCP to CoS Vales 4-270
Table 4-72 Quality of Service Commands 4-272
Table 4-73 Voice VLAN Commands 4-280
xx
Ta bl e s
Table 4-74 Multicast Filtering Commands 4-287
Table 4-75 IGMP Snooping Commands 4-287
Table 4-76 IGMP Query Commands (Layer 2) 4-292
Table 4-77 Static Multicast Routing Commands 4-295
Table 4-78 IGMP Filtering and Throttling Commands 4-297
Table 4-79 Multicast VLAN Registration Commands 4-304
Table 4-80 show mvr - display description 4-307
Table 4-81 show mvr interface - display description 4-308
Table 4-82 show mvr members - display description 4-308
Table 4-83 IP Interface Commands 4-309
Table 4-84 IP Source Guard Commands 4-313
Table 4-85 DHCP Snooping Commands 4-317
Table 4-86 Switch Cluster Commands 4-324
Table B-1 Troubleshooting Chart B-1
xxi
Tables
xxii
Figures
Figure 3-1 Home Page 3-2
Figure 3-2 Panel Display 3-3
Figure 3-3 System Information 3-12
Figure 3-4 Switch Information 3-14
Figure 3-5 Bridge Extension Configuration 3-15
Figure 3-6 Manual IP Configuration 3-17
Figure 3-7 DHCP IP Configuration 3-18
Figure 3-8 Jumbo Frames Configuration 3-19
Figure 3-9 Copy Firmware 3-20
Figure 3-10 Setting the Startup Code 3-20
Figure 3-11 Deleting Files 3-21
Figure 3-12 Downloading Configuration Settings for Startup 3-22
Figure 3-13 Setting the Startup Configuration Settings 3-23
Figure 3-14 Console Port Settings 3-24
Figure 3-15 Enabling Telnet 3-26
Figure 3-16 Displaying Logs 3-28
Figure 3-17 System Logs 3-29
Figure 3-18 Remote Logs 3-31
Figure 3-19 Enabling and Configuring SMTP 3-32
Figure 3-20 Resetting the System 3-33
Figure 3-21 SNTP Configuration 3-35
Figure 3-22 NTP Client Configuration 3-36
Figure 3-23 Setting the System Clock 3-38
Figure 3-24 Configuring SNMP Community Strings 3-41
Figure 3-25 Configuring IP Trap Managers 3-42
Figure 3-26 Enabling SNMP Agent Status 3-43
Figure 3-27 Setting an Engine ID 3-44
Figure 3-28 Setting a Remote Engine ID 3-45
Figure 3-29 Configuring SNMPv3 Users 3-46
Figure 3-30 Configuring Remote SNMPv3 Users 3-47
Figure 3-31 Configuring SNMPv3 Groups 3-50
Figure 3-32 Configuring SNMPv3 Views 3-51
Figure 3-33 Access Levels 3-53
Figure 3-34 Authentication Settings 3-56
Figure 3-35 Encryption Key Settings 3-58
Figure 3-36 AAA Radius Group Settings 3-60
Figure 3-37 AAA TACACS+ Group Settings 3-61
Figure 3-38 AAA Accounting Settings 3-62
Figure 3-39 AAA Accounting Update 3-63
Figure 3-40 AAA Accounting 802.1X Port Settings 3-64
Figure 3-41 AAA Accounting Exec Command Privileges 3-65
Figure 3-42 AAA Accounting Exec Settings 3-66
xxiii
Figures
Figure 3-43 AAA Accounting Summary 3-67
Figure 3-44 AAA Authorization Settings 3-68
Figure 3-45 AAA Authorization Exec Settings 3-69
Figure 3-46 AAA Authorization Summary 3-70
Figure 3-47 HTTPS Settings 3-71
Figure 3-48 HTTPS Settings 3-72
Figure 3-49 SSH Server Settings 3-75
Figure 3-50 SSH Host-Key Settings 3-77
Figure 3-51 SSH User Public-Key Settings 3-79
Figure 3-52 Configuring Port Security 3-82
Figure 3-53 802.1X Global Information 3-84
Figure 3-54 802.1X Global Configuration 3-85
Figure 3-55 802.1X Port Configuration 3-86
Figure 3-56 Displaying 802.1X Port Statistics 3-89
Figure 3-57 Web Authentication Configuration 3-90
Figure 3-58 Web Authentication Port Configuration 3-91
Figure 3-59 Web Authentication Port Information 3-93
Figure 3-60 Web Authentication Port Re-authentication 3-93
Figure 3-61 Network Access Configuration 3-95
Figure 3-62 Network Access Port Configuration 3-96
Figure 3-63 Network Access Port Link Detection Configuration 3-98
Figure 3-64 Network Access MAC Address Information 3-99
Figure 3-65 MAC Authentication Port Configuration 3-100
Figure 3-66 Selecting ACL Type 3-102
Figure 3-67 Configuring Standard IP ACLs 3-103
Figure 3-68 Configuring Extended IP ACLs 3-105
Figure 3-69 Configuring MAC ACLs 3-107
Figure 3-70 Configuring ACL Port Binding 3-108
Figure 3-71 Creating an IP Filter List 3-110
Figure 3-72 Displaying Port/Trunk Information 3-111
Figure 3-73 Port/Trunk Configuration 3-114
Figure 3-74 Configuring Static Trunks 3-116
Figure 3-75 LACP Trunk Configuration 3-118
Figure 3-76 LACP Port Configuration 3-120
Figure 3-77 LACP - Port Counters Information 3-122
Figure 3-78 LACP - Port Internal Information 3-124
Figure 3-79 LACP - Port Neighbors Information 3-125
Figure 3-80 Port Broadcast Control 3-127
Figure 3-81 Mirror Port Configuration 3-128
Figure 3-82 Input Rate Limit Port Configuration 3-129
Figure 3-83 Port Statistics 3-133
Figure 3-84 Configuring a Static Address Table 3-135
Figure 3-85 Configuring a Dynamic Address Table 3-136
Figure 3-86 Setting the Address Aging Time 3-137
Figure 3-87 Configuring Port Loopback Detection 3-140
xxiv
Figures
Figure 3-88 Displaying Spanning Tree Information 3-142
Figure 3-89 Configuring Spanning Tree 3-146
Figure 3-90 Displaying Spanning Tree Port Information 3-149
Figure 3-91 Configuring Spanning Tree per Port 3-151
Figure 3-92 Configuring Multiple Spanning Trees 3-153
Figure 3-93 Displaying MSTP Interface Settings 3-155
Figure 3-94 Displaying MSTP Interface Settings 3-158
Figure 3-95 Globally Enabling GVRP 3-161
Figure 3-96 Displaying Basic VLAN Information 3-162
Figure 3-97 Displaying Current VLANs 3-163
Figure 3-98 Configuring a VLAN Static List 3-165
Figure 3-99 Configuring a VLAN Static Table 3-167
Figure 3-100 VLAN Static Membership by Port 3-167
Figure 3-101 Configuring VLANs per Port 3-169
Figure 3-102 802.1Q Tunnel Status and Ethernet Type 3-174
Figure 3-103 Tunnel Port Configuration 3-176
Figure 3-104 Private VLAN Information 3-178
Figure 3-105 Private VLAN Configuration 3-179
Figure 3-106 Private VLAN Association 3-179
Figure 3-107 Private VLAN Port Information 3-180
Figure 3-108 Private VLAN Port Configuration 3-182
Figure 3-109 Protocol VLAN Configuration 3-183
Figure 3-110 Protocol VLAN System Configuration 3-184
Figure 3-111 LLDP Configuration 3-186
Figure 3-112 LLDP Port Configuration 3-188
Figure 3-113 LLDP Local Device Information 3-189
Figure 3-114 LLDP Remote Port Information 3-190
Figure 3-115 LLDP Remote Information Details 3-191
Figure 3-116 LLDP Device Statistics 3-192
Figure 3-117 LLDP Device Statistics Details 3-193
Figure 3-118 Port Priority Configuration 3-195
Figure 3-119 Traffic Classes 3-197
Figure 3-120 Enable Traffic Classes 3-198
Figure 3-121 Queue Mode 3-198
Figure 3-122 Configuring Queue Scheduling 3-199
Figure 3-123 IP DSCP Priority Status 3-200
Figure 3-124 Mapping IP DSCP Priority Values 3-201
Figure 3-125 Configuring Class Maps 3-205
Figure 3-126 Configuring Policy Maps 3-208
Figure 3-127 Service Policy Settings 3-209
Figure 3-128 Configuring VoIP Traffic 3-211
Figure 3-129 VoIP Traffic Port Configuration 3-212
Figure 3-130 Telephony OUI List 3-214
Figure 3-131 IGMP Configuration 3-218
Figure 3-132 IGMP Immediate Leave 3-219
xxv
Figures
Figure 3-133 Displaying Multicast Router Port Information 3-220
Figure 3-134 Static Multicast Router Port Configuration 3-221
Figure 3-135 IP Multicast Registration Table 3-222
Figure 3-136 IGMP Member Port Table 3-223
Figure 3-137 Enabling IGMP Filtering and Throttling 3-224
Figure 3-138 IGMP Profile Configuration 3-226
Figure 3-139 IGMP Filter and Throttling Port Configuration 3-227
Figure 3-140 MVR Global Configuration 3-230
Figure 3-141 MVR Port Information 3-231
Figure 3-142 MVR Group IP Information 3-232
Figure 3-143 MVR Port Configuration 3-233
Figure 3-144 MVR Group Member Configuration 3-234
Figure 3-145 DHCP Snooping Configuration 3-236
Figure 3-146 DHCP Snooping VLAN Configuration 3-237
Figure 3-147 DHCP Snooping Information Option Configuration 3-238
Figure 3-148 DHCP Snooping Port Configuration 3-238
Figure 3-149 DHCP Snooping Binding Information 3-239
Figure 3-150 IP Source Guard Port Configuration 3-240
Figure 3-151 Static IP Source Guard Binding Configuration 3-242
Figure 3-152 Dynamic IP Source Guard Binding Information 3-243
Figure 3-153 Cluster Member Choice 3-244
Figure 3-154 Cluster Configuration 3-245
Figure 3-155 Cluster Member Configuration 3-246
Figure 3-156 Cluster Member Information 3-246
Figure 3-157 Cluster Candidate Information 3-247
Figure 3-158 UPnP Configuration 3-248
xxvi
Chapter 1: Introduction
This switch provides a broad range of features for Layer 2 switching. It includes a
management agent that allows you to configure the features listed in this manual.
The default configuration can be used for most of the features provided by this
switch. However, there are many options that you should configure to maximize the
switch’s performance for your particular network environment.
Key Features
Table 1-1 Key Features
Feature Description
Configuration Backup and
Restore
Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+
Access Control Lists Supports IP and MAC ACLs, 100 rules per system
DHCP Client Supported
DHCP Snooping Supported with Option 82 relay information
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input rate limiting per port
Port Mirroring One port mirrored to a single analysis port
Port Trunking Supports up to 8 trunks using either static or dynamic trunking (LACP)
Broadcast Storm Control Supported
Static Address Up to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward Switching Supported to ensure wire-speed switching while eliminating bad frames
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, or private VLANs
Traffic Prioritization Default port priority, traffic class map, queue scheduling, or Differentiated
Quality of Service Supports Differentiated Services (DiffServ)
Multicast Filtering Supports IGMP snooping and query, as well as Multicast VLAN Registration
Backup to TFTP server
Web – HTTPS
Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering, Web Authentication
Spanning Trees (MSTP)
Services Code Point (DSCP), and TCP/UDP Port
1-1
Loading...