DL manuals
SMC Networks
Switch
6724AL2
Management Manual

SMC Networks 6724AL2 Management Manual

Other manuals for 6724AL2: Installation Manual

Manual is about: TigerSwitch 10/100 24-Port Fast Ethernet Switch

Page of 424

Download

Print this page

Bookmark us

TigerSwitch 10/100

24-Port Fast Ethernet Switch

◆ 24 10BASE-T/100BASE-TX ports

◆ Optional 1000BASE-X or 100BASE-FX modules

◆ 8.8 Gbps of aggregate bandwidth

◆ Non-blocking switching architecture

◆ Spanning Tree Protocol

◆ Up to 4 port trunks

◆ RADIUS and TACACS+ authentication

◆ Rate limiting for bandwidth management

◆ CoS support for four-level priority

◆ Full support for VLANs with GVRP

◆ IP Multicasting with IGMP Snooping

◆ Manageable via console, Web, SNMP/RMON

Management Guide

SMC6724AL2

1 2 3 4 5 6 7 Next › »

Summary of 6724AL2

Page 1
Tigerswitch 10/100 24-port fast ethernet switch ◆ 24 10base-t/100base-tx ports ◆ optional 1000base-x or 100base-fx modules ◆ 8.8 gbps of aggregate bandwidth ◆ non-blocking switching architecture ◆ spanning tree protocol ◆ up to 4 port trunks ◆ radius and tacacs+ authentication ◆ rate limiting for ba...
Page 2
M ulticast f iltering c ommands 3-207 ip igmp snooping version use this command to configure the igmp snooping version. Use the no form to restore the default. Syntax ip igmp snooping version {1
Page 3: Tigerswitch 10/100
38 tesla irvine, ca 92618 phone: (949) 679-8000 tigerswitch 10/100 management guide from smc’s tiger line of feature-rich workgroup lan solutions january 2004 pub. # 150200037700a.
Page 4
Information furnished by smc networks, inc. (smc) is believed to be accurate and reliable. However, no responsibility is assumed by smc for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or oth- erwis...
Page 5
V l imited w arranty limited warranty statement: smc networks, inc. (“smc”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All smc products carry a standard 90-day limited warranty from the date of purchase ...
Page 6
L imited w arranty vi it any other liability in connection with the sale, installation, maintenance or use of its products. Smc shall not be liable under this warranty if its testing and examination disclose the alleged defect in the product does not exist or was caused by customer’s or any third pe...
Page 7
Vii c ontents 1 switch management . . . . . . . . . . . . . . . . . . . . . . 1-1 connecting to the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 required connections . ...
Page 8
C ontents viii reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28 setting the system clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28 configuring sntp . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 9
C ontents ix spanning tree algorithm configuration . . . . . . . . . . . . . . . . . . . . . . . 2-89 displaying global settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-90 configuring global settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-93 displaying interfac...
Page 10
C ontents x adding multicast addresses to vlans . . . . . . . . . . . . . . . . . 2-153 3 command line interface . . . . . . . . . . . . . . . . . . . 3-1 using the command line interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 accessing the cli . . . . . . . . . . . . . . . . . ...
Page 11
C ontents xi hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28 username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28 enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 12
C ontents xii snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62 snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63 snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63 snmp-server ...
Page 13
C ontents xiii show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-98 address table commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102 show ma...
Page 14
C ontents xiv switchport private-vlan host-association . . . . . . . . . . . . . . . . . 3-137 switchport private-vlan mapping . . . . . . . . . . . . . . . . . . . . . . . 3-138 show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 gvrp and bridge extension comm...
Page 15
C ontents xv dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167 dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167 dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 show dot1x . . . . . ....
Page 16: Glossary
C ontents xvi show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202 show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203 show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204 multicast fil...
Page 17: Connecting To The Switch
1-1 c hapter 1 s witch m anagement connecting to the switch configuration options the smc6724al2 24-port, layer 2 switch includes a built-in network management agent. The agent offers a variety of management options, including snmp, rmon and a web-based interface. A pc may also be connected directly...
Page 18
S witch m anagement 1-2 the switch’s cli configuration program, web interface, and snmp agent allow you to perform the following management functions: • set user names and passwords • set an ip interface for a management vlan • configure snmp parameters • enable/disable any port • set the speed/dupl...
Page 19: Required Connections
C onnecting to the s witch 1-3 required connections the switch provides an rs-232 serial port that enables a connection to a pc or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch. Attach a vt100-compatible terminal, or a pc running a termina...
Page 20: Remote Connections
S witch m anagement 1-4 2. Refer to “line commands” on page 3-74 for a complete description of console configuration options. 3. Once you have set up the terminal correctly, the console login screen will be displayed. For a description of how to use the cli, see “using the command line interface” on...
Page 21: Basic Configuration
B asic c onfiguration 1-5 basic configuration console connection the cli program provides two different command levels — normal access level (normal exec) and privileged access level (privileged exec). The commands available at the normal exec level are a limited subset of those available at the pri...
Page 22: Setting An Ip Address
S witch m anagement 1-6 1. Open the console interface with the default user name and password “admin” to access the privileged exec level. 2. Type “configure” and press . 3. Type “username guest password 0 password,” for the normal exec level, where password is your new password. Press . 4. Type “us...
Page 23
B asic c onfiguration 1-7 manual configuration you can manually assign an ip address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid ip addresses consist of four decimal numbers, 0 to ...
Page 24
S witch m anagement 1-8 dynamic configuration if you select the “bootp” or “dhcp” option, ip will be enabled but will not function until a bootp or dhcp reply has been received. You therefore need to use the “ip dhcp restart” command to start broadcasting service requests. Requests will be sent peri...
Page 25
B asic c onfiguration 1-9 4. Type “ip dhcp restart” to begin broadcasting service requests. Press . 5. Wait a few minutes, and then check the ip configuration settings by typing the “show ip interface” command. Press . 6. Then save your configuration changes by typing “copy running-config startup-co...
Page 26
S witch m anagement 1-10 from the switch. You therefore need to assign community strings to specified users or user groups, and set the access level. The default strings are: • public - specifies read-only access. Authorized management stations are only able to retrieve mib objects. • private - spec...
Page 27
B asic c onfiguration 1-11 to configure a trap receiver, complete the following steps: 1. From the privileged exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the ip address for the trap receiver and “community-string” is the...
Page 28: Managing System Files
S witch m anagement 1-12 managing system files the switch’s flash memory supports three types of system files that can be managed by the cli program, web interface, or snmp. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file. The three ty...
Page 29
M anaging s ystem f iles 1-13 note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a pe...
Page 30: System Defaults
S witch m anagement 1-14 system defaults the switch’s system defaults are provided in the configuration file “factory_default_config.Cfg.” to reset the switch defaults, this file should be set as the startup configuration file. (see “setting the startup configuration file” on page 2-26.) the followi...
Page 31
S ystem d efaults 1-15 console port connection baud rate 9600 data bits 8 stop bits 1 parity none local console timeout 0 (disabled) port status admin status enabled auto-negotiation enabled flow control disabled capabilities 10base-t – 10 mbps half duplex 10 mbps full duplex full-duplex flow contro...
Page 32
S witch m anagement 1-16 spanning tree protocol status enabled (defaults: all parameters based on ieee 802.1w) fast forwarding disabled address table aging time 300 seconds virtual lans default vlan 1 pvid 1 acceptable frame type all ingress filtering disabled gvrp (global) disabled gvrp (port inter...
Page 33: Using The Web Interface
2-1 c hapter 2 c onfiguring the s witch using the web interface this switch provides an embedded http web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser...
Page 34
C onfiguring the s witch 2-2 3. After you enter a user name and password, you will have access to the system configuration program. Note: if the path between your management station and this switch does not pass through any device that uses the spanning tree algorithm, then you can set the switch po...
Page 35: Home Page
N avigating the w eb b rowser i nterface 2-3 navigating the web browser interface to access the web-browser interface you must first enter a user name and password. The administrator has read/write access to all configuration parameters and statistics. The default user name and password for the admi...
Page 36: Configuration Options
C onfiguring the s witch 2-4 you are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated. Configuration options configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be su...
Page 37: Main Menu
M ain m enu 2-5 main menu using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Menu description page system 2-9 system informat...
Page 38
C onfiguring the s witch 2-6 https settings configures secure http settings 2-40 ssh settings configures secure shell settings 2-43 port security configuration configures port security 2-45 dot1x (ieee 802.1x) 2-48 dot1x information displays general port authentication status information 2-49 dot1x ...
Page 39
M ain m enu 2-7 address table 2-86 static addresses displays entries for interface, address or vlan 2-86 dynamic addresses displays or edits static entries in the address table 2-87 address aging sets timeout for dynamically learned entries 2-89 spanning tree 2-90 sta information displays sta values...
Page 40
C onfiguring the s witch 2-8 private vlan port/ trunk information displays the interfaces associated with private vlans 2-127 private vlan port/ trunk configuration sets the private vlan interface type, and associates the interfaces with a private vlan 2-128 priority 2-131 port priority configuratio...
Page 41: Basic Configuration
B asic c onfiguration 2-9 basic configuration displaying system information you can easily identify the system by providing a descriptive name, location and contact information. Command attributes • system name – name assigned to the switch system. • object id – mib ii object id for switch’s network...
Page 42
C onfiguring the s witch 2-10 web – click system, system information. Specify the system name, location, and contact information for the system administrator, then click apply. (this page also includes a telnet button that allows you to access the command line interface via telnet.).
Page 43: Versions
D isplaying s witch h ardware /s oftware v ersions 2-11 cli – specify the hostname, location and contact information. Displaying switch hardware/software versions use the switch information page to display hardware/firmware version numbers for the main board and management software, as well as the p...
Page 44
C onfiguring the s witch 2-12 • internal power status – displays the status of the internal power supply. • redundant power status* – displays the status of the redundant power supply. * cli only. Management software • loader version – version number of loader code. • boot-rom version – version numb...
Page 45
D isplaying s witch h ardware /s oftware v ersions 2-13 web – click system, switch information. Cli – use the following command to display version information. Console#show version 3-43 unit1 serial number :ag1005 service tag : hardware version : module a type :not present module b type :not present...
Page 46: Command Attributes
C onfiguring the s witch 2-14 displaying bridge extension capabilities the bridge mib includes extensions for managed devices that support multicast filtering, traffic classes, and virtual lans. You can access these extensions to display default settings for the key variables, or to configure the gl...
Page 47
D isplaying b ridge e xtension c apabilities 2-15 management protocol (igmp) to provide automatic multicast filtering. • gvrp – garp vlan registration protocol (gvrp) defines a way for switches to exchange vlan information in order to register necessary vlan members on ports across the network. This...
Page 48: Setting The Ip Address
C onfiguring the s witch 2-16 setting the ip address an ip address may be used for management access to the switch over your network. By default, the switch uses dhcp to assign ip settings to vlan 1 on the switch. You can manually configure a specific ip address, or direct the device to obtain an ad...
Page 49: Manual Configuration
D isplaying b ridge e xtension c apabilities 2-17 • gateway ip address – ip address of the gateway router between this device and management stations that exist on other network segments. • mac address – the mac address of this switch. Manual configuration web – click system, ip configuration. Speci...
Page 50: Using Dhcp/bootp
C onfiguring the s witch 2-18 using dhcp/bootp if your network provides dhcp/bootp services, you can configure the switch to be dynamically configured by these services. Web – click system, ip. Specify the management vlan, set the ip address mode to dhcp or bootp. Then click apply to save your chang...
Page 51: System Logs Configuration
S ystem l ogs c onfiguration 2-19 system logs configuration the system can be configured to send debug and error messages to a logging process. This logging process controls the type of error messages that are stored in switch memory or sent to a remote syslog server. The system allows you to specif...
Page 52: Command Attributes
C onfiguring the s witch 2-20 command attributes • system log status – enables/disables the logging of debug or error messages to the logging process. • flash level – limits log messages saved to the switch’s permanent flash memory for all levels up to the specified level. For example, if level 3 is...
Page 53: Remote Logs Configuration
S ystem l ogs c onfiguration 2-21 remote logs configuration the remote logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the error messages sent to only those messages of a specified level. Command attributes • ...
Page 54
C onfiguring the s witch 2-22 web – click system, log, remote logs. To add an ip address to the host ip list, type the new ip address in the host ip address box, and then click add ip host. To delete an ip address, click the entry in the host ip list, and then click remove host ip. Cli – enter the s...
Page 55: Managing Firmware
M anaging f irmware 2-23 managing firmware you can upload/download firmware to or from a tftp server. By saving runtime code to a file on a tftp server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previ...
Page 56
C onfiguring the s witch 2-24 web – click system, file, firmware. Enter the ip address of the tftp server, enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click transfer from server. To start the new firmware, reboot the syst...
Page 57: Command Attributes
M anaging f irmware 2-25 to start the new firmware, enter the “reload” command or reboot the system. Saving or restoring configuration settings you can upload/download configuration settings to/from a tftp server. The configuration file can be later downloaded to restore the switch’s settings. Comma...
Page 58
C onfiguring the s witch 2-26 downloading configuration settings from a server you can save the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “...
Page 59
M anaging f irmware 2-27 cli – enter the ip address of the tftp server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Copying the running configuration to a file you can copy the running configuration to a file. Cli – if you copy the run...
Page 60: Reset
C onfiguring the s witch 2-28 reset web – select system, reset to reboot the switch. When prompted, confirm that you want reset the switch. Cli – use the reload command to reboot the system. Setting the system clock simple network time protocol (sntp) allows the switch to set its internal clock base...
Page 61: Configuring Sntp
S etting the s ystem c lock 2-29 configuring sntp you can configure the switch to send time synchronization requests to specific time servers. Command attributes • sntp client – configures the switch to operate as an sntp unicast client. This mode requires at least one time server to be specified in...
Page 62: Setting The Time Zone
C onfiguring the s witch 2-30 setting the time zone sntp uses coordinated universal time (or utc, formerly greenwich mean time, or gmt) based on the time at the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours a...
Page 63: Configuring Snmp
C onfiguring snmp 2-31 configuring snmp simple network management protocol (snmp) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with snmp includes switches, routers and host computers. Snmp is typically used to configure these devices...
Page 64: Specifying Trap Managers
C onfiguring the s witch 2-32 • access mode - read-only – specifies read-only access. Authorized management stations are only able to retrieve mib objects. - read/write – specifies read-write access. Authorized management stations are able to both retrieve and modify mib objects. Web – click snmp, c...
Page 65: Command Usage
C onfiguring snmp 2-33 command usage • you can enable or disable authentication messages via the web interface. • you can enable or disable authentication messages, link-up-down messages, or all notification types via the cli. Command attributes • trap manager capability – indicates that the switch ...
Page 66
C onfiguring the s witch 2-34 web – click snmp, configuration. Fill in the trap manager ip address box and the trap manager community string box, mark enable authentication traps if required, and then click add. Cli – this example adds a trap manager and enables authentication traps. Console(config)...
Page 67: Security
S ecurity 2-35 security use the passwords or radius/tacacs+ menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch (using the passwords menu), or you can use a remote access authentication server based on the radius/ tac...
Page 68
C onfiguring the s witch 2-36 web – click security, passwords. Enter the old password, enter the new password, confirm it by entering it again, then click apply. Cli – assign a user name to access-level 15 (i.E., administrator), then specify the password. Configuring radius/tacacs logon authenticati...
Page 69: Command Usage
S ecurity 2-37 command usage • by default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protoc...
Page 70: Command Attributes
C onfiguring the s witch 2-38 command attributes • authentication – select the authentication, or authentication sequence required: - radius – user authentication is performed using a radius server only. - tacacs – user authentication is performed using a tacacs+ server only. - local – user authenti...
Page 71
S ecurity 2-39 tacacs+ settings • server ip address – address of the tacacs+ server. (default: 10.1.0.1) • server port number – network (tcp) port of tacacs+ server used for authentication messages. (range: 1-65535; default: 49) • secret text string – encryption key used to authenticate logon access...
Page 72: Configuring Https
C onfiguring the s witch 2-40 cli – specify all the required parameters to enable login authentication. Configuring https you can configure the switch to enable the secure hypertext transfer protocol (https) over the secure socket layer (ssl), providing secure access (i.E., an encrypted connection) ...
Page 73: Command Attributes
C onfiguring https 2-41 • when you start https, the connection is established in this way: - the client authenticates the server using the server’s digital certificate. - the client and server negotiate a set of security protocols to use for the connection. - the client and server generate session k...
Page 74
C onfiguring the s witch 2-42 web – click security, https settings. Enable https and specify the port number, then click apply. Cli – this example enables the http secure server and modifies the port number. Replacing the default secure-site certificate when you log onto the web interface using http...
Page 75: Configuring Ssh
C onfiguring ssh 2-43 when you have obtained these, place them on your tftp server, and use the following command at the switch's command-line interface to replace the default (unrecognized) certificate with an authorized one: note: the switch must be reset for the new certificate to be activated. T...
Page 76: Command Attributes
C onfiguring the s witch 2-44 command attributes • ssh server status – allows you to enable/disable the ssh server feature on the switch. (default: enabled) • ssh authentication timeout – specifies the time interval in seconds that the ssh server waits for a response from a client during an authenti...
Page 77: Configuring Port Security
C onfiguring p ort s ecurity 2-45 cli – this example enables ssh, sets the authentication parameters, and displays the current configuration. It shows that the administrator has made a connection via shh, and then disables this connection. Configuring port security port security is a feature that al...
Page 78: Command Usage
C onfiguring the s witch 2-46 command usage • note that a secure port has the following restrictions: - it should not be connected to a network interconnection device. - it cannot be configured as a member of a static trunk. - it can be configured as an lacp trunk port, but the switch does not allow...
Page 79
C onfiguring p ort s ecurity 2-47 web – click security, port security. In the status column for a port, select enabled, then set the required max mac count and click apply. Cli – this example selects the target port, then uses the port security max-mac-count command to set the maximum mac addresses ...
Page 80
C onfiguring the s witch 2-48 configuring 802.1x port authentication network switches can provide open and easy access to network resources by simply attaching a client pc. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrud...
Page 81
C onfiguring 802.1 x p ort a uthentication 2-49 certificate. The radius server verifies the client credentials and responds with an accept or reject packet. If authentication is successful, the switch allows the client to access the network. Otherwise, network access is denied and the port remains b...
Page 82: Command Attributes
C onfiguring the s witch 2-50 command attributes • dot1x re-authentication - indicates if switch ports require a client to be re-authenticated after a certain period of time. • dot1x max request count - the maximum number of times the switch port will retransmit an eap request packet to the client b...
Page 83
C onfiguring 802.1 x p ort a uthentication 2-51 web - click security, 802.1x, information. Cli – this example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the cli, see “show dot1x” on page 3-168. Console#show dot1x 3-168 global 802.1x parame...
Page 84: Command Attributes
C onfiguring the s witch 2-52 configuring global dot1x parameters the dot1x protocol includes global parameters that control the client authentication process that runs between the client and the switch (i.E., authenticator), as well as the client identity lookup process that runs between the switch...
Page 85: Command Attributes
C onfiguring 802.1 x p ort a uthentication 2-53 web - click security, 802.1x, configuration. Enable dot1x globally for the switch, modify any of the parameters as required, and then click apply. . Cli – this example enables re-authentication and sets all of the global parameters for dot1x. Configuri...
Page 86
C onfiguring the s witch 2-54 • authorized – - yes – connected client is authorized. - no – connected client is not authorized. - blank– displays nothing when dot1x is disabled on a port. • supplicant – indicates the mac address of a connected client. • trunk – indicates if the port is configured as...
Page 87: Statistical Values
C onfiguring 802.1 x p ort a uthentication 2-55 displaying 802.1x statistics this switch can display statistics for dot1x protocol exchanges for any port. Statistical values parameter description rx expol start the number of eapol start frames that have been received by this authenticator. Rx eapol ...
Page 88: Access Control Lists
C onfiguring the s witch 2-56 web – select security, 802.1x, statistics. Select the required port and then click query. Click refresh to update the statistics. Cli – this example displays the dot1x statistics for port 2. Access control lists access control lists (acl) provide packet filtering for ip...
Page 89: Command Attributes
A ccess c ontrol l ists 2-57 configuring access control lists an acl is a sequential list of permit or deny conditions that apply to ip addresses, mac addresses, or other more specific criteria. This switch tests incoming packets against the conditions in an acl one by one. If a list contains all pe...
Page 90
C onfiguring the s witch 2-58 • ip – specifies the source ip address. Use “any” to include all possible addresses, “host” to specify a specific host address in the address field, or “ip” to specify a range of addresses with the address and submask fields. (options: any, host, ip; default: any) • add...
Page 91
A ccess c ontrol l ists 2-59 • control flag – decimal number (representing a bit string) that specifies flag bits in byte 14 of the tcp header. (range: 0-63) • control bitmask – decimal number representing the code bits to match. The control bitmask is a decimal number (for an equivalent binary bit ...
Page 92: Examples
C onfiguring the s witch 2-60 • vid – id of vlan. • ethernet type – this option can only be used to filter ethernet ii formatted packets. (a detailed listing of ethernet protocol types can be found in rfc 1060.) a few of the more common types include 0800 (ip), 0806 (arp), 8137 (ipx). Examples creat...
Page 93
A ccess c ontrol l ists 2-61 4. Click add. Cli – this example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.X – 168.92.31.X using a bitmask. Extended ip acl web – 1. Specify the action (i.E., permit or deny). 2. Select the source ip (a...
Page 94
C onfiguring the s witch 2-62 cli – this example adds three rules: 1. Accept any incoming packets if the source address is in subnet 10.7.1.X. For example, if the rule is matched; i.E., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes throug...
Page 95
A ccess c ontrol l ists 2-63 mac acl web – 1. Specify the action (i.E., permit or deny). 2. Select the source mac address using a dash to separate each two digits (e.G., 11-22-33-44-55-66). Leave this field blank to specify any host address. 3. Specify the source mask using a binary bitmask to indic...
Page 96: Command Attributes
C onfiguring the s witch 2-64 binding a port to an access control list after configuring access control lists (acl), you should bind them to the ports that need to filter traffic. You can only assign one ip access list and/or one mac access list to any port. Command attributes • mac – specifies the ...
Page 97: Port Configuration
P ort c onfiguration 2-65 port configuration displaying connection status you can use the port information or trunk information pages to display the current connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Command attributes • name – interface label. • ...
Page 98
C onfiguring the s witch 2-66 web – click port, port information or trunk information. Modify the required interface settings, and click apply. Cli – this example shows the connection status for port 13. Console#show interfaces status ethernet 1/13 3-94 information of eth 1/13 basic information: por...
Page 99: Command Attributes
P ort c onfiguration 2-67 configuring interface connections you can use the port configuration or trunk configuration page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. Command attributes • ...
Page 100
C onfiguring the s witch 2-68 - fc - supports flow control flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and ieee 802.3x for full-duplex o...
Page 101: Trunk Configuration
T runk c onfiguration 2-69 cli – select the interface, and then enter the required settings. Trunk configuration you can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, ...
Page 102: Command Usage
C onfiguring the s witch 2-70 command usage besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port in the trunk fails. However, before making any physical connections between devices, use the web interface or cli to specify the ...
Page 103: Command Usage
T runk c onfiguration 2-71 statically configuring a trunk command usage • when configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. However, note that the static trunks on this switch are cisco etherchannel compatible. • ...
Page 104: Command Usage
C onfiguring the s witch 2-72 cli – this example creates trunk 1 with ports 11 and 12. Just connect these ports to two static trunk ports on another switch to form a trunk. Dynamically configuring a trunk command usage • to avoid creating a loop in the network, be sure you enable lacp before connect...
Page 105
T runk c onfiguration 2-73 • if more than four ports attached to the same target switch have lacp enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. • all ports on both ends of an lacp trunk must be configured for full duplex, eit...
Page 106
C onfiguring the s witch 2-74 cli – the following example enables lacp for ports 17 and 18. Just connect these ports to two lacp-enabled trunk ports on another switch to form a trunk. Setting broadcast storm thresholds broadcast storms may occur when a device on your network is malfunctioning, or if...
Page 107: Command Usage
T runk c onfiguration 2-75 command usage • broadcast control is disabled by default. • the default threshold is 32000 octets per second. • broadcast control does not effect ip multicast traffic. • the specified threshold applies to all ports on the switch. Command attributes • threshold – threshold ...
Page 108: Configuring Port Mirroring
C onfiguring the s witch 2-76 configuring port mirroring you can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or rmon probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. Comma...
Page 109: Configuring Rate Limits
C onfiguring r ate l imits 2-77 web – click port, mirror port configuration. Specify the source port, the traffic type to be mirrored, and the monitor port, then click add. Cli – use the interface command to select the monitor port, then use the port monitor command to specify the source port. Note ...
Page 110: Rate Limit Granularity
C onfiguring the s witch 2-78 rate limit granularity rate limit granularity can be applied to both fast ethernet and gigabit ethernet interfaces. Command usage • for fast ethernet interfaces, the rate limit granularity is 512 kbps, 1 mbps, or 3.3 mbps. • for gigabit ethernet interfaces, the rate lim...
Page 111: Command Usage
C onfiguring r ate l imits 2-79 rate limit port configuration use the rate limit port configuration pages to apply rate limiting. Command usage • input and output rate limit can be enabled or disabled for individual interfaces. Command attributes • port/trunk – displays the port number. • rate limit...
Page 112: Showing Port Statistics
C onfiguring the s witch 2-80 cli - this example sets the rate limit level for input and output traffic passing through port 3 and 4. Showing port statistics you can display standard statistics on network traffic from the interfaces group and ethernet-like mibs, as well as a detailed breakdown of tr...
Page 113
C onfiguring r ate l imits 2-81 received broadcast packets the number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addressed to a broadcast address at this sub-layer. Received discarded packets the number of inbound packets which were chosen to be discarded even though...
Page 114
C onfiguring the s witch 2-82 late collisions the number of times that a collision is detected later than 512 bit-times into the transmission of a packet. Fcs errors a count of frames received on a particular interface that are an integral number of octets in length but do not pass the fcs check. Th...
Page 115
C onfiguring r ate l imits 2-83 jabbers the total number of frames received that were longer than 1518 octets (excluding framing bits, but including fcs octets), and had either an fcs or alignment error. Received bytes total number of bytes of data received on the network. This statistic can be used...
Page 116
C onfiguring the s witch 2-84 web – click port, port statistics. Select the required interface, and then click query. You can also use the refresh button at the bottom of the page to update the screen..
Page 117
C onfiguring r ate l imits 2-85 cli – this example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 3-96 ethernet 1/13 if table stats: octets input: 868453, octets output: 3492122 unicast input: 7315, unicast output: 6658 discard input: 0, discard output: 0 error input: 0...
Page 118: Address Table Settings
C onfiguring the s witch 2-86 address table settings switches store the addresses for all known devices. This information is used to route traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also ma...
Page 119
A ddress t able s ettings 2-87 web – click address table, static addresses. Specify the interface, the mac address and vlan, then click add static address. Cli – this example adds an address to the static address table, but sets it to be deleted when the switch is reset. Displaying the address table...
Page 120: Command Attributes
C onfiguring the s witch 2-88 command attributes • interface – indicates a port or trunk. • mac address – physical address associated with this interface. • vlan – id of configured vlan (1-4094). • address table sort key – you can sort the information displayed based on interface (port or trunk) or ...
Page 121: Changing The Aging Time
A ddress t able s ettings 2-89 for example, the following screen shows the dynamic addresses for port 21. Cli – this example also displays the address table entries for port 11. Changing the aging time you can change the aging time for entries in the dynamic address table. Command attributes • aging...
Page 122
C onfiguring the s witch 2-90 cli – this example sets the aging time to 300 seconds. Spanning tree algorithm configuration the spanning tree algorithm (sta) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to in...
Page 123: Displaying Global Settings
S panning t ree a lgorithm c onfiguration 2-91 once a stable network topology has been established, all bridges listen for hello bpdus (bridge protocol data units) transmitted from the root bridge. If a bridge does not get a hello bpdu after a predefined interval (maximum age), the bridge assumes th...
Page 124
C onfiguring the s witch 2-92 • hello time – interval (in seconds) at which the root device transmits a configuration message. • forward delay – the maximum time (in seconds) the root device will wait before changing states (i.E., discarding to learning to forwarding). This delay is required because...
Page 125
S panning t ree a lgorithm c onfiguration 2-93 information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. • root hold tim...
Page 126: Configuring Global Settings
C onfiguring the s witch 2-94 cli – this command displays global sta settings, followed by settings for each port. Note: the current root port and current root cost display as zero when this device is not connected to the network. Configuring global settings global settings apply to the entire switc...
Page 127
S panning t ree a lgorithm c onfiguration 2-95 • stp mode – if the switch receives an 802.1d bpdu (i.E., stp bpdu) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1d bridge and starts using only 802.1d bpdus. • rstp mode – if rstp is using 802.1d bpdus on a...
Page 128
C onfiguring the s witch 2-96 root device configuration • hello time – interval (in seconds) at which this device transmits a configuration message. - default: 2 - minimum: 1 - maximum: the lower of 10 or [(max. Message age / 2) -1] • maximum age – the maximum time (in seconds) a device can wait wit...
Page 129
S panning t ree a lgorithm c onfiguration 2-97 advanced configuration settings for rstp • path cost method – the path cost is used to determine the best path between devices. The path cost method is used to determine the range of values that can be assigned to each interface. - long: specifies 32-bi...
Page 130: Command Attributes
C onfiguring the s witch 2-98 cli – this example enables spanning tree protocol, and then sets the indicated attributes. Displaying interface settings the stp port information and stp trunk information pages display the current status of ports and trunks in the spanning tree. Command attributes the ...
Page 131
S panning t ree a lgorithm c onfiguration 2-99 - all ports are discarding when the switch is booted, then some of them change state to learning, and then to forwarding. • forward transitions – the number of times this port has changed from the learning state to the forwarding state. • designated cos...
Page 132
C onfiguring the s witch 2-100 • port role – roles are assigned according to whether the port is part of the active spanning tree topology: - root: the port is connecting the bridge to the root bridge. - designated: the port is connecting a lan through the bridge to the root bridge. - alternate or b...
Page 133
S panning t ree a lgorithm c onfiguration 2-101 • admin link type – the link type attached to this interface. - point-to-point – a connection to exactly one other bridge. - shared – a connection to two or more bridges. - auto – the switch automatically determines if the interface is attached to a po...
Page 134
C onfiguring the s witch 2-102 cli – this example shows general sta configuration and attributes for all ports. Configuring interface settings you can configure rstp attributes for specific interfaces, including port priority, path cost, link type, and edge port. You may use a different priority or ...
Page 135: Command Attributes
S panning t ree a lgorithm c onfiguration 2-103 connection, and edge port to indicate if the attached device can support fast forwarding. (references to “ports” in this section means “interfaces,” which includes both ports and trunks.) command attributes the following attributes are read-only and ca...
Page 136
C onfiguring the s witch 2-104 • path cost – this parameter is used by the stp to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (path cost takes precedence over port priori...
Page 137
S panning t ree a lgorithm c onfiguration 2-105 • migration – if at any time the switch detects stp bpdus, including configuration or topology change notification bpdus, it will automatically set the selected interface to forced stp-compatible mode. However, you can also use the protocol migration b...
Page 138: Vlan Configuration
C onfiguring the s witch 2-106 vlan configuration overview in large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at layer 2 by using vlans to organize any group of network nodes into separate broadcast domains. ...
Page 139: Assigning Ports to Vlans
Vlan c onfiguration 2-107 • end stations can belong to multiple vlans • passing traffic between vlan-aware and vlan-unaware devices • priority tagging assigning ports to vlans before enabling vlans for the switch, you must first assign each port to the vlan group(s) in which it will participate. By ...
Page 140
C onfiguring the s witch 2-108 untagged vlans – untagged (or static) vlans are typically used to reduce broadcast traffic and to increase security. A group of network users assigned to a vlan form a broadcast domain that is separate from other vlans configured on the switch. Packets are forwarded on...
Page 141: Enabling Or Disabling Gvrp
Vlan c onfiguration 2-109 members to vlans (vlan index)” on page 2-115). But you can still enable gvrp on these edge switches, as well as on the core switches in the network. Forwarding tagged/untagged frames if you want to create a small port-based vlan for devices attached directly to a single swi...
Page 142: Command Attributes
C onfiguring the s witch 2-110 web – click system, bridge extension configuration. Enable or disable gvrp, click apply. Cli – this example enables gvrp for the switch. Displaying basic vlan information the vlan basic information page displays basic information on the vlan type supported by the switc...
Page 143: Displaying Current Vlans
Vlan c onfiguration 2-111 web – click vlan, 802.1q vlan, basic information. Cli – enter the following command. Displaying current vlans the vlan current table shows the current port members of each vlan and whether or not the port supports vlan tagging. Ports assigned to a large vlan group that cros...
Page 144
C onfiguring the s witch 2-112 • egress ports – shows all the vlan port members. • untagged ports – shows the untagged vlan port members. Web – click vlan, 802.1q vlan, current table. Select any id from the scroll-down list. Command attributes (cli) • vlan – id of configured vlan (1-4094, no leading...
Page 145: Creating Vlans
Vlan c onfiguration 2-113 • name – name of the vlan (1 to 32 characters). • status – shows if this vlan is enabled or disabled. - active: vlan is operational. - suspend: vlan is suspended; i.E., does not pass packets. • ports / channel groups – shows the vlan interface members. Cli – current vlan in...
Page 146
C onfiguring the s witch 2-114 • status (web) – enables or disables the specified vlan. - enable: vlan is operational. - disable: vlan is suspended; i.E., does not pass packets. • state (cli) – enables or disables the specified vlan. - active: vlan is operational. - suspend: vlan is suspended; i.E.,...
Page 147
Vlan c onfiguration 2-115 cli – this example creates a new vlan. Adding static members to vlans (vlan index) use the vlan static table to configure port members for the selected vlan index. Assign ports as tagged if they are connected to 802.1q vlan compliant devices, or untagged they are not connec...
Page 148
C onfiguring the s witch 2-116 command attributes • vlan – id of configured vlan (1-4094, no leading zeroes). • name – name of the vlan (1 to 32 characters). • status – enables or disables the specified vlan. - enable: vlan is operational. - disable: vlan is suspended; i.E., does not pass packets. •...
Page 149: Command Attributes
Vlan c onfiguration 2-117 web – click vlan, 802.1q vlan, static table. Select a vlan id from the scroll-down list. Modify the vlan name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks. Click apply. Cli – the following example ...
Page 150
C onfiguring the s witch 2-118 • non-member – vlans for which the selected interface is not a tagged member. Web – open vlan, 802.1q vlan, static membership by port. Select an interface from the scroll-down box (port or trunk). Click query to display membership information for the interface. Select ...
Page 151: Command Usage
Vlan c onfiguration 2-119 command usage • gvrp – garp vlan registration protocol defines a way for switches to exchange vlan information in order to automatically register vlan members on interfaces across the network. • garp – group address registration protocol is used by gvrp to register or dereg...
Page 152
C onfiguring the s witch 2-120 • ingress filtering – if ingress filtering is enabled, incoming frames for vlans which do not include this ingress port in their member set will be discarded at the ingress port. (default: disabled) - ingress filtering only affects tagged frames. - if ingress filtering...
Page 153
Vlan c onfiguration 2-121 • garp leaveall timer * – the interval between sending out a leaveall query message for vlan group participants and the port leaving the group. This interval should be considerably larger than the leave time to minimize the amount of traffic generated by nodes rejoining the...
Page 154: Private Vlans
C onfiguring the s witch 2-122 cli – this example sets port 1 to accept only tagged frames, assigns pvid 3 as the native vlan id, enables gvrp, sets the garp timers, and then sets the switchport mode to hybrid. Private vlans private vlans provide port-based security and isolation between ports withi...
Page 155: Command Attributes
P rivate vlan s 2-123 to configure private vlans, follow these steps: 1. Use the private vlan configuration menu (page 2-124) to designate one or more isolated and community vlans, and the primary vlan that will channel traffic outside of the vlan groups. 2. Use the private vlan association menu (pa...
Page 156: Configuring Private Vlans
C onfiguring the s witch 2-124 web – click vlan, private vlan, information. Select the desired port from the vlan id drop-down menu. Cli – this example shows the switch configured with primary vlan 5 and secondary vlan 6. Port 3 has been configured as a promiscuous port and mapped to vlan 5, while p...
Page 157: Command Attributes
P rivate vlan s 2-125 command attributes • vlan id – id of configured vlan (1-4094, no leading zeroes). • type – there are three types of vlans within a private vlan: - primary vlans - conveys traffic between promiscuous ports, and to community ports within secondary vlans. - isolated vlans - convey...
Page 158: Associating Vlans
C onfiguring the s witch 2-126 associating vlans each community or isolated vlan must be associated with a primary vlan. Command attributes • primary vlan id – id of primary vlan (1-4094, no leading zeroes). • association – community or isolated vlans associated with the selected primary vlan. • non...
Page 159: Command Attributes
P rivate vlan s 2-127 cli – this example associates community vlans 6 and 7 with primary vlan 5. Displaying private vlan interface information use the vlan port information and vlan trunk information menus to display the interfaces associated with private vlans. Command attributes • port/trunk – the...
Page 160
C onfiguring the s witch 2-128 web – click vlan, private vlan, port information or trunk information. Cli – this example shows the switch configured with primary vlan 5 and secondary vlan 6. Port 3 has been configured as a promiscuous port and mapped to vlan 5, while ports 4 and 5 have been configur...
Page 161: Command Attributes
P rivate vlan s 2-129 command attributes • port/trunk – the switch interface. • pvlan port type – sets the private vlan port types. - normal – the port is not configured into a private vlan. - host – the port is a community port and can only communicate with other ports in its own community vlan, an...
Page 162
C onfiguring the s witch 2-130 web – click vlan, private vlan, port configuration or trunk configuration. Set the pvlan port type for each port that will join a private vlan. For promiscuous ports, set the associated primary vlan. For host ports, set the associated secondary vlan. For isolated ports...
Page 163: Command Usage
C lass of s ervice c onfiguration 2-131 class of service configuration class of service (cos) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports cos with four egress (output) queues for each port. Data packe...
Page 164: Command Attributes
C onfiguring the s witch 2-132 command attributes • default priority (0-7) * – the priority that is assigned to untagged frames received on the specified interface. (range: 0 - 7, default: 0) • number of egress traffic classes – the number of queue buffers provided for each port. *cli displays this ...
Page 165
C lass of s ervice c onfiguration 2-133 mapping cos values to egress queues this switch processes class of service (cos) priority tagged traffic by using four egress queues for each port, with service schedules based on weighted round robin (wrr). Up to 8 separate traffic priorities are defined in i...
Page 166
C onfiguring the s witch 2-134 the priority levels recommended in the ieee 80.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network. Comma...
Page 167
C lass of s ervice c onfiguration 2-135 web – click priority, traffic classes. Mark an interface and click select to display the current mapping of cos values to output queues. Assign priorities to the traffic classes (i.E., output queues) for the selected interface, then click apply. Cli – the foll...
Page 168: Selecting The Queue Mode
C onfiguring the s witch 2-136 selecting the queue mode you can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use weighted round-robin (wrr) queuing that specifies a relat...
Page 169: Command Attributes
C lass of s ervice c onfiguration 2-137 setting the service weight for traffic classes this switch uses the weighted round robin (wrr) algorithm to determine the frequency at which it services each egress queue. As described in “mapping cos values to egress queues” on page 2-133, the traffic classes...
Page 170
C onfiguring the s witch 2-138 cli – the following example shows how to assign wrr weights of 1, 4, 16 and 64 to the cos priority queues 0, 1, 2 and 3. Mapping layer 3/4 priorities to cos values this switch supports several common methods of prioritizing layer 3/4 traffic to meet application require...
Page 171
C lass of s ervice c onfiguration 2-139 selecting ip precedence/dscp priority the switch allows you to choose between using ip precedence or dscp priority. Select one of the methods or disable this feature. Command attributes • disabled – disables both priority services. (this is the default setting...
Page 172: Mapping Ip Precedence
C onfiguring the s witch 2-140 mapping ip precedence the type of service (tos) octet in the ipv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default ip precedence ...
Page 173
C lass of s ervice c onfiguration 2-141 web – click priority, ip precedence priority. Select a port or trunk from the interface field. Select an entry from the ip precedence priority table, enter a value in the class of service value field, and then click apply. *mapping specific values for ip prece...
Page 174: Mapping Dscp Priority
C onfiguring the s witch 2-142 mapping dscp priority the dscp is six bits wide, allowing coding for up to 64 different forwarding behaviors. The dscp replaces the tos bits, and it retains backward compatibility with the three precedence bits so that non-dscp compliant, tos-enabled devices, will not ...
Page 175
C lass of s ervice c onfiguration 2-143 web – click priority, ip dscp priority. Select a port or trunk from the interface field. Select an entry from the dscp table, enter a value in the class of service value field, then click apply. *mapping specific values for ip precedence is implemented as an i...
Page 176: Mapping Ip Port Priority
C onfiguring the s witch 2-144 cli – the following example globally enables dscp priority service on the switch, maps dscp value 1 to cos value 0 on port 5, and then displays all the dscp priority settings. *mapping specific values for ip precedence is implemented as an interface configuration comma...
Page 177
C lass of s ervice c onfiguration 2-145 • class of service value – sets a cos value for a new ip port. Note that “0” represents low priority and “7” represent high priority. Note: ip port priority settings apply to all interfaces. Web – click priority, ip port priority status. Set ip port priority g...
Page 178: Acl Cos Mapping
C onfiguring the s witch 2-146 cli – the following example globally enables ip port priority service on the switch, maps http traffic on port 5 to cos value 0, and then displays all the ip port priority settings for that port. *mapping specific values for ip precedence is implemented as an interface...
Page 179: Multicast Filtering
M ulticast f iltering 2-147 web – click priority, acl cos mapping. Enable mapping for any port, select an acl from the scroll-down list, then click apply. Cli – this example assigns a cos value of zero to packets matching rules within the specified acl on port 25. Multicast filtering multicasting is...
Page 180: Command Usage
C onfiguring the s witch 2-148 sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service. This procedure is called multicast filtering. The purpose of ip multicast filterin...
Page 181: Command Attributes
M ulticast f iltering 2-149 note: multicast routers use this information, along with a multicast routing protocol such as dvmrp or pim, to support ip multicasting across the internet. Command attributes • igmp status — when enabled, the switch will monitor network traffic to determine which hosts wa...
Page 182
C onfiguring the s witch 2-150 notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for igmpv2, including igmp report delay and igmp query timeout. Web – click igmp snooping, igmp configuration. Adjust the igmp settings as required, and then click ap...
Page 183: Command Attributes
M ulticast f iltering 2-151 interfaces attached to a multicast router multicast routers that are attached to ports on the switch use information obtained from igmp, along with a multicast routing protocol such as dvmrp, to support ip multicasting across the internet. These routers may be dynamically...
Page 184: Command Attributes
C onfiguring the s witch 2-152 cli – this example shows that port 11 has been statically configured as a port attached to a multicast router. Specifying interfaces attached to a multicast router depending on your network connections, igmp snooping may not always be able to locate the igmp querier. T...
Page 185: Command Attributes
M ulticast f iltering 2-153 web – click igmp snooping, static multicast router port configuration. Specify the interfaces attached to a multicast router, indicate the vlan which will forward all the corresponding multicast traffic, and then click add. After you have completed adding interfaces to th...
Page 186
C onfiguring the s witch 2-154 web – click igmp snooping , ip multicast registration table. Select the vlan id and multicast ip address. The switch will display all the ports that are propagating this multicast service. Cli – this example displays all the known multicast services supported on vlan 1...
Page 187: Command Usage
M ulticast f iltering 2-155 command usage • static multicast addresses are never aged out. • when a multicast address is assigned to specific vlan, the corresponding traffic can only be forwarded to ports within that vlan. Command attributes • interface – activates the port or trunk scroll down list...
Page 188
C onfiguring the s witch 2-156 cli – this example assigns a multicast address to vlan 1, and then displays all the known multicast services supported on vlan 1. Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/12 3-206 console(config)#exit console#show mac-address-table multicast...
Page 189: Accessing The Cli
3-1 c hapter 3 c ommand l ine i nterface this chapter describes how to use the command line interface (cli). Using the command line interface accessing the cli when accessing the management interface for the switch over a direct connection to the server’s console port, or via a telnet connection, th...
Page 190: Telnet Connection
C ommand l ine i nterface 3-2 after connecting to the system through the console port, the login screen displays: telnet connection telnet operates over the ip transport protocol. In this environment, your management station and any network device you want to manage over the network must have a vali...
Page 191: Entering Commands
E ntering c ommands 3-3 after you configure the switch with an ip address, you can open a telnet session by performing these steps. 1. From the remote host, enter the telnet command and the ip address of the device you want to access. 2. At the prompt, enter the user name and system password. The cl...
Page 192: Minimum Abbreviation
C ommand l ine i nterface 3-4 interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port. You can enter commands as follows: • to enter a simple command, enter the command keyword. • to enter multiple commands, enter each command in...
Page 193: Showing Commands
E ntering c ommands 3-5 showing commands if you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (normal exec or privileged exec) or configuration class (global, interface, line, or vlan database). You can also display a list of val...
Page 194: Partial Keyword Lookup
C ommand l ine i nterface 3-6 partial keyword lookup if you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (remember not to leave a space between the command and question mark.) for example “s?” shows all the keywords starting with “s.” ne...
Page 195: Exec Commands
E ntering c ommands 3-7 the command classes and associated modes are displayed in the following table: exec commands when you open a new console session on the switch with the user name and password “guest,” the system enters the normal exec command mode (or guest mode), displaying the “console>” co...
Page 196: Configuration Commands
C ommand l ine i nterface 3-8 configuration commands configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in nonvolatile storage, use...
Page 197: Command Line Processing
E ntering c ommands 3-9 • vlan configuration - includes the command to create vlan groups. To enter the global configuration mode, enter the command configure in privileged exec mode. The system prompt will change to “console(config)#” which gives you access privilege to all global configuration com...
Page 198: Command Groups
C ommand l ine i nterface 3-10 followed by the “?” character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing: command groups the system commands can be broken down into the functional groups shown below . Keystroke function ctrl-a ...
Page 199
C ommand g roups 3-11 line sets communication parameters for the serial port, including baud rate and console time-out 3-75 interface configures the connection parameters for all ethernet ports, aggregated links, and vlans 3-85 address table configures the address table for filtering specified addre...
Page 200: General Commands
C ommand l ine i nterface 3-12 the access mode shown in the following tables is indicated by these abbreviations: ne (normal exec) ic (interface configuration) pe (privileged exec) lc (line configuration) gc (global configuration) vc (vlan database configuration) general commands enable use this com...
Page 201: Disable
G eneral c ommands 3-13 syntax enable [level] level - privilege level to log into the device. The device has two predefined privilege levels: 0: normal exec, 15: privileged exec. Enter level 15 to access privileged exec mode. Default setting level 15 command mode normal exec command usage • “super” ...
Page 202: Configure
C ommand l ine i nterface 3-14 default setting none command mode privileged exec command usage the “>” character is appended to the end of the prompt to indicate that the system is in normal access mode. Example related commands enable (3-12) configure use this command to activate global configurati...
Page 203: Show History
G eneral c ommands 3-15 related commands end (3-17) show history use this command to show the contents of the command history buffer. Default setting none command mode normal exec, privileged exec command usage the history buffer size is fixed at 10 execution commands and 10 configuration commands. ...
Page 204: Reload
C ommand l ine i nterface 3-16 in any of the configuration modes. In this example, the !2 command repeats the second command in the execution history buffer (config). Reload use this command to restart the system. Note: when the system is restarted, it will always run the power-on self-test. It will...
Page 205: Prompt
G eneral c ommands 3-17 prompt use this command to customize the cli prompt. Use the no form to revert to the default prompt. Syntax prompt string no prompt string - any alphanumeric string to use for the command prompt. (maximum length: 255 characters) default setting console command mode global co...
Page 206: Exit
C ommand l ine i nterface 3-18 exit use this command to return to the previous configuration mode or exit the configuration program. Default setting none command mode any example this example shows how to return to the privileged exec mode from the global configuration mode, and then quit the cli se...
Page 207: Flash/file Commands
F lash /f ile c ommands 3-19 example this example shows how to quit a cli session: flash/file commands these commands are used to manage the system code or configuration files. Copy use this command to move (upload/download) a code image or configuration file between the switch’s flash memory and a ...
Page 209
F lash /f ile c ommands 3-21 • to replace the startup configuration, you must use startup-config as the destination. • the boot rom image cannot be uploaded or downloaded from the tftp server. You must use a direct console connection and access the download menu during a boot up to download the boot...
Page 210: Delete
C ommand l ine i nterface 3-22 delete use this command to delete a file or image. Syntax delete filename filename - name of the configuration file or image name. Default setting none command mode privileged exec command usage • if the file type is used for system startup, then this file cannot be de...
Page 212: Whichboot
C ommand l ine i nterface 3-24 example whichboot use this command to display which files were booted when the system powered up. Default setting none command mode privileged exec example this example shows the information displayed by the whichboot command. See the table under the dir command for a ...
Page 214: System Management Commands
C ommand l ine i nterface 3-26 system management commands these commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information. Command function mode page device designation command hostname specifies the...
Page 215
S ystem m anagement c ommands 3-27 show running-config displays the configuration data currently in use pe 3-40 show system displays system information ne, pe 3-41 show users shows all active console and telnet sessions, including user name, idle time, and ip address of telnet client ne, pe 3-42 sho...
Page 216: Hostname
C ommand l ine i nterface 3-28 hostname use this command to specify or modify the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - the name of this host. (maximum length: 255 characters) default setting none command mode global conf...
Page 219: Logging On
S ystem m anagement c ommands 3-31 logging on use this command to control logging of error messages. This command sends debug or error messages to a logging process. The no form disables the logging process. Syntax logging on no logging on default setting none command mode global configuration comma...
Page 221: Logging Host
S ystem m anagement c ommands 3-33 example logging host use this command to add a syslog server host ip address that will receive logging messages. Use the no form to remove a syslog server host. Syntax logging host host_ip_address no logging host host_ip_address host_ip_address - the ip address of ...
Page 222: Logging Facility
C ommand l ine i nterface 3-34 logging facility use this command to set the facility type for remote logging of syslog messages. Use the no form to return the type to the default. Syntax logging facility type no logging facility type type - a number that indicates the facility used by the syslog ser...
Page 223: Logging Trap
S ystem m anagement c ommands 3-35 logging trap use this command to limit syslog messages saved to a remote server based on severity. Use the no form to return the remote logging of syslog messages to the default level. Syntax logging trap level no logging trap level level - one of the level argumen...
Page 225
S ystem m anagement c ommands 3-37 • ram - event history stored in temporary ram (i.E., memory flushed on power reset). • trap - messages sent to remote syslog servers. Default setting none command mode privileged exec command usage this command shows the following information: • syslog logging – wh...
Page 226: Show Startup-Config
C ommand l ine i nterface 3-38 show startup-config use this command to display the configuration file stored in non-volatile memory that is used to start up the system. Default setting none command mode privileged exec command usage • use this command in conjunction with the show running-config comm...
Page 227
S ystem m anagement c ommands 3-39 example related commands show running-config (3-40) console#show startup-config building startup-config, please wait..... ! ! Username admin access-level 15 username admin password 0 admin ! Username guest access-level 0 username guest password 0 guest ! Enable pas...
Page 228: Show Running-Config
C ommand l ine i nterface 3-40 show running-config use this command to display the configuration information currently in use. Default setting none command mode privileged exec command usage • use this command in conjunction with the show startup-config command to compare the information in running ...
Page 229: Show System
S ystem m anagement c ommands 3-41 example related commands show startup-config (3-38) show system use this command to display system information. Default setting none console#show running-config building running-config, please wait..... ! ! Snmp-server community private rw snmp-server community pub...
Page 230: Show Users
C ommand l ine i nterface 3-42 command mode normal exec, privileged exec command usage • for a description of the items shown by this command, refer to “displaying system information” on page 2-9. • the post results should all display “pass.” if any post test indicates “fail,” contact your distribut...
Page 231: Show Version
S ystem m anagement c ommands 3-43 command usage the session used to execute this command is indicated by a “*” symbol next to the line (i.E., session) index number. Example show version use this command to display hardware and software version information for the system. Default setting none comman...
Page 232: Web Server Commands
C ommand l ine i nterface 3-44 example web server commands console#show version unit1 serial number :1111111111 service tag : hardware version :r0a module a type :not present module b type :not present number of ports :24 main power status :up redundant power status :not present agent(master) unit i...
Page 233: Ip Http Port
W eb s erver c ommands 3-45 ip http port use this command to specify the tcp port number used by the web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - the tcp port to be used by the browser interface. (range: 1-65535) defaul...
Page 234: Ip Http Secure-Server
C ommand l ine i nterface 3-46 example related commands ip http port (3-45) ip http secure-server use this command to enable the secure hypertext transfer protocol (https) over the secure socket layer (ssl), providing secure access (i.E., an encrypted connection) to the switch’s web interface. Use t...
Page 235: Ip Http Secure-Port
W eb s erver c ommands 3-47 • the client and server establish a secure encrypted connection. A padlock icon should appear in the status bar for internet explorer 5.X and netscape navigator 4.X or later versions. • the following web browsers and operating systems currently support https: • to specify...
Page 236: Secure Shell Commands
C ommand l ine i nterface 3-48 default setting 443 command mode global configuration command usage • you cannot configure the http and https servers to use the same port. • if you change the https port number, clients attempting to connect to the https server must specify the port number in the url,...
Page 237: Ip Ssh Server
S ecure s hell c ommands 3-49 station clients, and ensures that data traveling over the network arrives unaltered. This section describes the commands used to configure the ssh server. However, note that you also need to install a ssh client on the management station when using this protocol to conf...
Page 238: Ip Ssh
C ommand l ine i nterface 3-50 • the ssh server uses rsa for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either des (56-bit) or 3des (168-bit) for data encryption. Example related commands show ssh (3-52) ip ssh use this ...
Page 239: Show Ip Ssh
S ecure s hell c ommands 3-51 example related commands show ip ssh (3-51) show ip ssh use this command to display the connection settings used when authenticating client access to the secure shell (ssh) server. Command mode privileged exec example related commands ip ssh (3-50) disconnect ssh use th...
Page 240: Show Ssh
C ommand l ine i nterface 3-52 example related commands show users (3-42) show ssh use this command to display the current secure shell (ssh) server connections. Command mode privileged exec example console#disconnect ssh 0 console# console#show ssh information of secure shell session username versi...
Page 241: Port Security
S ecure s hell c ommands 3-53 port security use this command to enable and configure port security on a port. Use the no form to disable port security and reset the maximum addresses to the default. Syntax port security [max-mac-count address-number] no port security [max-mac-count] address-number -...
Page 242: Sntp Commands
C ommand l ine i nterface 3-54 • a secure port has the following restrictions: - cannot be connected to a network interconnection device. - cannot be a member of a static trunk. - it can be configured as an lacp trunk port, but the switch does not allow the lacp trunk to be enabled. • a port that is...
Page 243: Sntp Client
Sntp c ommands 3-55 sntp client use this command to enable sntp client requests for time synchronization from ntp or sntp time servers specified with the sntp servers command. Use the no form of this command to disable sntp client requests. Syntax [no] sntp client default setting disabled command mo...
Page 244: Sntp Server
C ommand l ine i nterface 3-56 sntp server use this command to set the ip address of the servers to which sntp time requests are issued. Use this command with no arguments to clear all time servers from the current list. Syntax sntp server [ip1 [ip2 [ip3]]] ip - ip address of a time server (ntp or s...
Page 245: Show Sntp
Sntp c ommands 3-57 syntax sntp poll seconds no sntp poll seconds - interval between time requests. (range: 16-16384 seconds) default setting 16 seconds command mode global configuration command usage this command is only applicable when the switch is set to sntp client mode. Example related command...
Page 248: Snmp Commands
C ommand l ine i nterface 3-60 command mode normal exec, privileged exec example snmp commands controls access to this switch from management stations using the simple network management protocol (snmp), as well as the error types sent to trap managers. Snmp-server community use this command to defi...
Page 250: Snmp-Server Location
C ommand l ine i nterface 3-62 syntax snmp-server contact string no snmp-server contact string - string that describes the system contact information. (maximum length: 255 characters) default setting none command mode global configuration example related commands snmp-server location (3-63) snmp-ser...
Page 251: Snmp-Server Host
Snmp c ommands 3-63 example related commands snmp-server contact (3-63) snmp-server host use this command to specify the recipient of a simple network management protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host {host-addr community-string}[versio...
Page 252: Snmp-Server Enable Traps
C ommand l ine i nterface 3-64 notifications are sent. In order to configure the switch to send snmp notifications, you must enter at least one snmp-server host command. In order to enable multiple hosts, you must issue a separate snmp-server host command for each host. • the snmp-server host comman...
Page 253: Show Snmp
Snmp c ommands 3-65 • link-up-down - keyword to issue link-up or link-down traps. The link-up-down trap can only be enabled/disabled via the cli. Default setting issue authentication and link-up-down traps. Command mode global configuration command usage • if you do not enter an snmp-server enable t...
Page 254
C ommand l ine i nterface 3-66 command mode normal exec, privileged exec command usage this command provides information on the community access strings, counter information for snmp input and output protocol data units, and whether or not snmp logging has been enabled with the snmp-server enable tr...
Page 255: Ip Interface Commands
Ip i nterface c ommands 3-67 example ip interface commands an ip addresses may be used for management access to the switch over your network. By default, the switch uses dhcp to assign ip settings to vlan 1 on the switch. You can manually configure a specific ip address, or direct the device to obta...
Page 257: Ip Dhcp Restart
Ip i nterface c ommands 3-69 command usage • you must assign an ip address to this device to gain management access over the network. You can manually configure a specific ip address, or direct the device to obtain an address from a bootp or dhcp server. Valid ip addresses consist of four numbers, 0...
Page 258: Ip Default-Gateway
C ommand l ine i nterface 3-70 command mode privileged exec command usage • this command issues a bootp or dhcp client request for any ip interface that has been set to bootp or dhcp mode via the ip address command. • dhcp requires the server to reassign the client’s last address if available. • if ...
Page 259: Show Ip Interface
Ip i nterface c ommands 3-71 default setting no static route is established. Command mode global configuration command usage a gateway must be defined if the management station is located in a different ip segment. Example the following example defines a default gateway for this device: related comm...
Page 260: Show Ip Redirects
C ommand l ine i nterface 3-72 show ip redirects use this command to show the default gateway configured for this device. Default setting none command mode privileged exec example related commands ip default-gateway (3-71) ping use this command to send icmp echo request packets to another node on th...
Page 261
Ip i nterface c ommands 3-73 command usage • use the ping command to see if another site on the network can be reached. • following are some results of the ping command: -normal response -the normal response occurs in one to ten seconds, depending on network traffic. -destination does not respond - ...
Page 262: Line Commands
C ommand l ine i nterface 3-74 line commands you can access the onboard configuration program by attaching a vt100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or telnet (i.E., a virtual terminal). Line use this command to...
Page 264
C ommand l ine i nterface 3-76 local - selects local password checking. Authentication is based on the user name specified with the username command. Default setting login local command mode line configuration command usage • there are three authentication modes provided by the switch itself at logi...
Page 266: Exec-Timeout
C ommand l ine i nterface 3-78 example related commands login (3-76) password-thresh (3-80) exec-timeout use this command to set the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout seconds no exec-timeout seconds - integer that...
Page 267: Password-Thresh
L ine c ommands 3-79 password-thresh use this command to set the password intrusion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold value. Syntax password-thresh threshold no password-thresh threshold - the number of allowed password attempts. (ran...
Page 268: Silent-Time
C ommand l ine i nterface 3-80 silent-time use this command to set the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command. Use the no form to remove the silent time value. Syntax silent-time s...
Page 269: Parity
L ine c ommands 3-81 • 7 - seven data bits per character. • 8 - eight data bits per character. Default setting 8 data bits per character command mode line configuration command usage the databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If...
Page 270: Speed
C ommand l ine i nterface 3-82 default setting no parity command mode line configuration command usage communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. Example to specify no parity, enter this command: speed use this command to set...
Page 271: Stopbits
L ine c ommands 3-83 command usage set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on devices connected to the port might not be supported. The system indicates if the speed you selected is not supported. Example to specify 57600 bps, enter ...
Page 273: Interface
I nterface c ommands 3-85 interface use this command to configure an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit/port - unit - this is device 1. - port - port numbe...
Page 274: Description
C ommand l ine i nterface 3-86 default setting none command mode global configuration example to specify the port 25, enter the following command: description use this command to add a description to an interface. Use the no form to remove the description. Syntax description string no description st...
Page 276: Negotiation
C ommand l ine i nterface 3-88 example the following example configures port 5 to 100 mbps, half-duplex operation. Related commands negotiation (3-89) capabilities (3-90) negotiation use this command to enable autonegotiation for a given interface. Use the no form to disable autonegotiation. Syntax ...
Page 277: Capabilities
I nterface c ommands 3-89 example the following example configures port 11 to use autonegotiation. Related commands negotiation (3-89) speed-duplex (3-88) capabilities use this command to advertise the port capabilities of a given interface during autonegotiation. Use the no form with parameters to ...
Page 278: Flowcontrol
C ommand l ine i nterface 3-90 default setting • 100base-tx: 10half, 10full, 100half, 100full • 1000base-t: 10half, 10full, 100half, 100full, 1000full • 1000base-sx/lx/lh: 1000full command mode interface configuration (ethernet, port channel) command usage when auto-negotiation is enabled with the n...
Page 279
I nterface c ommands 3-91 default setting flow control enabled command mode interface configuration (ethernet, port channel) command usage • flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled,...
Page 280: Clear Counters
C ommand l ine i nterface 3-92 clear counters use this command to clear statistics on an interface. Syntax clear counters interface interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-channel channel-id (range: 1-6) default setting none command mode privileged exec...
Page 281: Shutdown
I nterface c ommands 3-93 shutdown use this command to disable an interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown default setting all interfaces are enabled. Command mode interface configuration (ethernet, port channel) command usage this command allows you t...
Page 282: Show Interfaces Status
C ommand l ine i nterface 3-94 default setting enabled for all ports octet-rate limit: 32000 octets per second command mode interface configuration (ethernet) command usage • when broadcast traffic exceeds the specified threshold, octets above that threshold are dropped. • this command can enable or...
Page 283
I nterface c ommands 3-95 default setting shows the status for all interfaces. Command mode normal exec, privileged exec command usage if no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “displaying connection status...
Page 284: Show Interfaces Counters
C ommand l ine i nterface 3-96 show interfaces counters use this command to display interface statistics. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-channel channel-id (range: 1-6) default setting shows the count...
Page 285: Show Interfaces Switchport
I nterface c ommands 3-97 example show interfaces switchport use this command to display the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-channel...
Page 286
C ommand l ine i nterface 3-98 default setting shows all interfaces. Command mode normal exec, privileged exec command usage if no interface is specified, information on all interfaces is displayed. Example this example shows the configuration setting for port 22. Console#show interfaces switchport ...
Page 287: Address Table Commands
A ddress t able c ommands 3-99 address table commands these commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Priority for untagged traffic indicates the default priority for untagged frames ...
Page 288: Mac-Address-Table Static
C ommand l ine i nterface 3-100 mac-address-table static use this command to map a static address to a destination port in a vlan. Use the no form to remove an address. Syntax mac-address-table static mac-address interface interface vlan vlan-id [action] no mac-address-table static mac-address vlan ...
Page 289: Show Mac-Address-Table
A ddress t able c ommands 3-101 • static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. • a static address cannot be learned on another port until the a...
Page 290
C ommand l ine i nterface 3-102 command usage • the mac address table contains the mac addresses associated with each interface. Note that the type field may include the following types: - learned - dynamic address entries - permanent - static entry - delete-on-reset - static entry to be deleted whe...
Page 291: Mac-Address-Table Aging-Time
A ddress t able c ommands 3-103 mac-address-table aging-time use this command to set the aging time for entries in the address table. Use the no form to restore the default aging time. Syntax mac-address-table aging-time seconds seconds - time in number of seconds (10-30000). Default setting 300 sec...
Page 292: Spanning Tree Commands
C ommand l ine i nterface 3-104 spanning tree commands this section includes commands that configure the spanning tree algorithm (sta) globally for the switch, and commands that configure sta for the selected interface. Command function mode page spanning-tree enables the spanning tree protocol gc 3...
Page 293: Spanning-Tree
S panning t ree c ommands 3-105 spanning-tree use this command to enable the spanning tree algorithm globally for the switch. Use the no form to disable it. Syntax spanning-tree no spanning-tree default setting spanning tree is enabled. Command mode global configuration command usage the spanning tr...
Page 295: Spanning-Tree Forward-Time
S panning t ree c ommands 3-107 example the following example configures the switch to use the rapid spanning tree protocol. Spanning-tree forward-time use this command to configure the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spannin...
Page 296: Spanning-Tree Hello-Time
C ommand l ine i nterface 3-108 spanning-tree hello-time use this command to configure the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - time in seconds, (range: 1 - 10 seconds...
Page 297: Spanning-Tree Priority
S panning t ree c ommands 3-109 default setting 20 seconds command mode global configuration command usage this command sets the maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) shou...
Page 298
C ommand l ine i nterface 3-110 command mode global configuration command usage bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the sta root device. However, if all devices have the same priority, the device with the ...
Page 299
S panning t ree c ommands 3-111 example spanning-tree transmission-limit use this command to configure the minimum interval between the transmission of consecutive rstp bpdus. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit co...
Page 300: Spanning-Tree Cost
C ommand l ine i nterface 3-112 spanning-tree cost use this command to configure the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - the path cost for the port. (range: 1-200,000,000)) the recomm...
Page 301: Spanning-Tree Port-Priority
S panning t ree c ommands 3-113 example spanning-tree port-priority use this command to configure the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - the priority for a port. (range: 0...
Page 302: Spanning-Tree Portfast
C ommand l ine i nterface 3-114 spanning-tree portfast use this command to set an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax spanning-tree portfast no spanning-tree portfast default setting disabled command mode interface configuration (ethernet, port channel) c...
Page 303: Spanning-Tree Edge-Port
S panning t ree c ommands 3-115 spanning-tree edge-port use this command to specify an interface as an edge port. Use the no form to restore the default. Syntax spanning-tree edge-port no spanning-tree edge-port default setting disabled command mode interface configuration (ethernet, port channel) c...
Page 304
C ommand l ine i nterface 3-116 spanning-tree protocol-migration use this command to re-check the appropriate bpdu format to send on the selected interface. Syntax spanning-tree protocol-migration interface interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-channe...
Page 306: Show Spanning-Tree
C ommand l ine i nterface 3-118 show spanning-tree use this command to show the spanning tree configuration. Syntax show spanning-tree [interface] interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-channel channel-id (range: 1-6) default setting none command mode ...
Page 307
S panning t ree c ommands 3-119 example console#show spanning-tree spanning-tree information --------------------------------------------------------------- spanning tree mode :rstp spanning tree enable/disable :enable priority :32768 bridge hello time (sec.) :2 bridge max age (sec.) :20 bridge forw...
Page 308: Vlan Commands
C ommand l ine i nterface 3-120 vlan commands a vlan is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create vlan groups, add port members, specify how vlan tagging is used, an...
Page 309: Vlan Database
Vlan c ommands 3-121 vlan database use this command to enter vlan database mode. All commands in this mode will take effect immediately. Default setting none command mode global configuration command usage • use the vlan database command mode to add, change, and delete vlans. After finishing configu...
Page 311: Interface Vlan
Vlan c ommands 3-123 example the following example adds a vlan, using vlan id 105 and name rd5. The vlan is activated by default. Related commands show vlan (3-131) interface vlan use this command to enter interface configuration mode for vlans, and configure a physical interface. Syntax interface v...
Page 314: Switchport Ingress-Filtering
C ommand l ine i nterface 3-126 switchport ingress-filtering use this command to enable ingress filtering for an interface. Use the no form to restore the default. Syntax switchport ingress-filtering no switchport ingress-filtering default setting disabled command mode interface configuration (ether...
Page 315: Switchport Native Vlan
Vlan c ommands 3-127 switchport native vlan use this command to configure the pvid (i.E., default vlan id) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - default vlan id for a port. (range: 1-4094, no leading zeroes) defa...
Page 317: Switchport Forbidden Vlan
Vlan c ommands 3-129 • if a vlan on the forbidden list for an interface is manually added to that interface, the vlan is automatically removed from the forbidden list for that interface. Example the following example shows how to add vlans 1, 2, 5 and 6 to the allowed list as tagged vlans for port 1...
Page 319: Private Vlan Commands
P rivate vlan c ommands 3-131 private vlan commands private vlans provide port-based security and isolation between ports within the assigned vlan. This switch supports three types of private vlan ports: promiscuous, isolated, and community ports. A promiscuous port can communicate with all interfac...
Page 320: Private-Vlan
C ommand l ine i nterface 3-132 2. Use the private-vlan association command to map the secondary (i.E., isolated or community) vlan(s) to the primary vlan. 3. Use the switchport mode private-vlan command to configure ports as promiscuous (i.E., having access to all ports in the primary vlan), isolat...
Page 321: Private-Vlan Association
P rivate vlan c ommands 3-133 command mode vlan configuration command usage • private vlans are used to restrict traffic to ports within the same vlan “community,” and channel traffic passing outside the community through promiscuous ports that have been mapped to the associated “primary” vlan. • po...
Page 322
C ommand l ine i nterface 3-134 command mode vlan configuration command usage secondary vlans provide security for group members. The associated primary vlan provides a common interface for access to other network resources within the primary vlan (e.G., servers configured with promiscuous ports) an...
Page 323
P rivate vlan c ommands 3-135 command mode interface configuration (ethernet, port channel) command usage promiscuous ports assigned to a primary vlan can communicate with all other promiscuous ports in the same vlan, as well as with all the ports in the associated secondary vlans. Example switchpor...
Page 324
C ommand l ine i nterface 3-136 example switchport private-vlan mapping use this command to map an interface to a primary vlan. Use the no form to remove this mapping. Syntax switchport private-vlan mapping primary-vlan-id no switchport private-vlan mapping primary-vlan-id – id of primary vlan. (ran...
Page 326
C ommand l ine i nterface 3-138 gvrp and bridge extension commands garp vlan registration protocol defines a way for switches to exchange vlan information in order to automatically register vlan members on interfaces across the network. This section describes how to enable gvrp for individual interf...
Page 327: Switchport Gvrp
Gvrp and b ridge e xtension c ommands 3-139 switchport gvrp use this command to enable gvrp for a port. Use the no form to disable it. Syntax switchport gvrp no switchport gvrp default setting disabled command mode interface configuration (ethernet, port channel) example show gvrp configuration use ...
Page 329: Show Garp Timer
Gvrp and b ridge e xtension c ommands 3-141 • timer values must meet the following restrictions: - leave >= (2 x join) - leaveall > leave note: set gvrp timers on all layer 2 devices connected in the same network to the same values. Otherwise, gvrp may not operate successfully. Example related comma...
Page 330: Bridge-Ext Gvrp
C ommand l ine i nterface 3-142 example related commands garp timer (3-141) bridge-ext gvrp use this command to enable gvrp globally for the switch. Use the no form to disable it. Syntax bridge-ext gvrp no bridge-ext gvrp default setting disabled command mode global configuration command usage gvrp ...
Page 331: Show Bridge-Ext
Gvrp and b ridge e xtension c ommands 3-143 show bridge-ext use this command to show the configuration for bridge extension commands. Default setting none command mode privileged exec command usage see “displaying basic vlan information” on page 2-110 and “displaying bridge extension capabilities” o...
Page 333: Show Port Monitor
M irror p ort c ommands 3-145 command usage • you can mirror traffic from any source port to a destination port for real-time analysis. You can then attach a logic analyzer or rmon probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner. • the ...
Page 334
C ommand l ine i nterface 3-146 example the following shows mirroring configured from port 6 to port 11: console(config)#interface ethernet 1/11 console(config-if)#port monitor ethernet 1/6 console(config-if)#end console#show port monitor port mirroring ------------------------------------- destinat...
Page 335: Link Aggregation Commands
L ink a ggregation c ommands 3-147 link aggregation commands ports can be statically grouped into an aggregate link (i.E., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the link aggregation control protocol (lacp) to automatically negotiate a tr...
Page 336: Channel-Group
C ommand l ine i nterface 3-148 • all ports in a trunk must be configured in an identical manner, including communication mode (i.E., speed, duplex mode and flow control), vlan assignments, and cos settings. • all the ports in a trunk have to be treated as a whole when moved from/to, added or delete...
Page 337: Lacp
L ink a ggregation c ommands 3-149 example the following example creates trunk 1 and then adds port 11: lacp use this command to enable 802.3ad link aggregation control protocol (lacp) for the current interface. Use the no form to disable it. Syntax lacp no lacp default setting disabled command mode...
Page 338
C ommand l ine i nterface 3-150 example the following shows lacp enabled on ports 11 - 13. Because lacp has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that trunk1 has been established. Console(config)#interface ethernet 1/11 ...
Page 339: Rate Limit Commands
R ate l imit c ommands 3-151 rate limit commands this function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that fall...
Page 340: Rate-Limit Granularity
C ommand l ine i nterface 3-152 • input – input rate. • output – output rate. • level – rate limit level. (range: 1 - 30) default setting 30 command mode interface configuration (ethernet, port channel) command usage actual rate limit = rate limit level * granularity example rate-limit granularity u...
Page 341: Show Rate-Limit
R ate l imit c ommands 3-153 command mode global configuration (ethernet, port channel) command usage actual rate limit = rate limit level * granularity example the following sets fast ethernet granularity to 1 mbps, and gigabit ethernet granularity to 33.3 mbps. Show rate-limit use this command to ...
Page 342: Authentication Commands
C ommand l ine i nterface 3-154 authentication commands you can configure this switch to authenticate users logging into the system for management access using local, radius, or tacacs authentication methods. You can also enable port-based authentication for network client access using ieee 802.1x. ...
Page 343
A uthentication c ommands 3-155 tacacs+ client tacacs-server host specifies the tacacs+ server gc 3-162 tacacs-server port specifies the tacacs+ server network port gc 3-162 tacacs-server key sets the tacacs+ encryption key gc 3-163 show tacacs-server shows the current tacacs+ settings gc 3-163 port...
Page 344: Authentication Login
C ommand l ine i nterface 3-156 authentication login use this command to define the login authentication method and precedence. Use the no form to restore the default. Syntax authentication login {[local] [radius] [tacacs]} no authentication login • local - use local password only. • radius - use ra...
Page 345: Radius-Server Host
A uthentication c ommands 3-157 • you can specify three authentication methods in a single command to indicate the authentication sequence. For example, if you enter “authentication login radius tacacs local,” the user name and password on the radius server is verified first. If the radius server is...
Page 346: Radius-Server Port
C ommand l ine i nterface 3-158 radius-server port use this command to set the radius server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - radius server udp port used for authentication messages. (range: 1-65535) defau...
Page 347: Radius-Server Retransmit
A uthentication c ommands 3-159 command mode global configuration example radius-server retransmit use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - number of times ...
Page 348: Radius-Server Timeout
C ommand l ine i nterface 3-160 radius-server timeout use this command to set the interval between transmitting authentication requests to the radius server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - number of ...
Page 349: Tacacs-Server Host
A uthentication c ommands 3-161 tacacs-server host use this command to specify the tacacs+ server. Use the no form to restore the default. Syntax tacacs-server host host_ip_address no tacacs-server host host_ip_address - ip address of a tacacs+ server. Default setting 10.11.12.13 command mode global...
Page 350: Tacacs-Server Key
C ommand l ine i nterface 3-162 example tacacs-server key use this command to set the tacacs+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - encryption key used to authenticate logon access for the client. Do not use blan...
Page 351: Authentication Dot1X Default
A uthentication c ommands 3-163 example authentication dot1x default sets the default authentication server type. Use the no form to restore the default. Syntax authentication dot1x default radius no authentication dot1x default setting radius command mode global configuration example dot1x default ...
Page 352: Dot1X Max-Req
C ommand l ine i nterface 3-164 dot1x max-req sets the maximum number of times the switch port will retransmit an eap request packet to the client before it times out the authentication session. Use the no form to restore the default. Syntax dot1x max-req count no dot1x max-req count – the maximum n...
Page 353: Dot1X Re-Authenticate
A uthentication c ommands 3-165 • force-unauthorized –configures the port to deny access to all clients, either dot1x-aware or otherwise. Default force-authorized command mode interface configuration example dot1x re-authenticate forces re-authentication on all ports or a specific interface. Syntax ...
Page 354: Dot1X Re-Authentication
C ommand l ine i nterface 3-166 example dot1x re-authentication enables periodic re-authentication globally for all ports. Use the no form to disable re-authentication. Syntax dot1x re-authentication no dot1x re-authentication command mode global configuration example dot1x timeout quiet-period sets...
Page 355: Dot1X Timeout Re-Authperiod
A uthentication c ommands 3-167 example dot1x timeout re-authperiod sets the time period after which a connected client must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod seconds - the number of seconds. (range: 1-65535) default 3600 seconds command m...
Page 356: Show Dot1X
C ommand l ine i nterface 3-168 command mode global configuration example show dot1x use this command to show general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] interface • ethernet unit/port - unit - this is devic...
Page 357
A uthentication c ommands 3-169 • 802.1x port summary – displays the port access control parameters for each interface, including the following items: -status – administrative state for port access control. -mode – dot1x port control mode (page 3-165). -authorized – authorization status (yes or n/a ...
Page 358
C ommand l ine i nterface 3-170 example console#show dot1x global 802.1x parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.1x port summary port name status mode authorized 1 disabled forceauthorized n/a...
Page 359
A ccess c ontrol l ist c ommands 3-171 access control list commands access control lists (acl) provide packet filtering for ip frames (based on address, protocol, tcp/udp port number or tcp control code) or non-ip frames (based on mac address or ethernet type). To filter incoming packets, first crea...
Page 360: Ip Acls
C ommand l ine i nterface 3-172 ip acls command function page ip acls configures acls based on ip addresses, tcp/udp port number, protocol type, and tcp control code 3-173 mac acls configures acls based on hardware addresses and ethernet type 3-183 acl information displays acls and associated rules;...
Page 362: Permit
C ommand l ine i nterface 3-174 related commands permit, deny 3-175 ip access-group (3-179) show ip access-list (3-180) permit , deny (standard acl) use this command to add a rule to a standard ip acl. The rule sets a filter condition for packets emanating from the specified source. Use the no form ...
Page 363: Permit
A ccess c ontrol l ist c ommands 3-175 example this example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.X – 168.92.31.X using a bitmask. Related commands access-list ip (3-174) permit , deny (extended acl) use this command to add a r...
Page 365
A ccess c ontrol l ist c ommands 3-177 • the control-flag bitmask is a decimal number (representing an equivalent bit mask) that is applied to the control code. Enter a decimal number, where the equivalent binary bit “1” means to match a bit and “0” means to ignore a bit. The following bits may be s...
Page 366: Ip Access-Group
C ommand l ine i nterface 3-178 this permits all tcp packets from class c addresses 192.168.1.0 with the tcp control code set to “syn.” related commands access-list ip (3-174) ip access-group use this command to bind a port to an ip acl. Use the no form to remove the port. Syntax ip access-group acl...
Page 367: Show Ip Access-Group
A ccess c ontrol l ist c ommands 3-179 show ip access-group use this command to show the ports assigned to ip acls. Command mode privileged exec example related commands ip access-group (3-179) show ip access-list use this command to display the rules for configured ip acls. Syntax show ip access-li...
Page 368: Map Access-List Ip
C ommand l ine i nterface 3-180 map access-list ip this command sets the output queue for packets matching an acl rule. The specified cos value is only used to map the matching packet to an output queue; it is not written to the packet itself. Use the no form to remove the cos mapping. Syntax [no] m...
Page 369: Show Map Access-List Ip
A ccess c ontrol l ist c ommands 3-181 show map access-list ip this command shows the cos value mapped to an ip acl for the current interface. (the cos value determines the output queue for packets matching an acl rule.) syntax show map access-list ip [interface] interface • ethernet unit/port - uni...
Page 370: Mac Acls
C ommand l ine i nterface 3-182 mac acls access-list mac use this command to add a mac access list and enter mac acl configuration mode. Use the no form to remove the specified acl. Syntax access-list mac acl_name no access-list mac acl_name acl_name – name of the acl. (maximum length: 16 characters...
Page 371: Permit
A ccess c ontrol l ist c ommands 3-183 • to remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule. • an acl can contain up to 32 rules. Example related commands permit, deny 3-184 mac access-group (3-185) show mac access-list (3-187) permit , ...
Page 372: Mac Access-Group
C ommand l ine i nterface 3-184 default setting none command mode mac acl command usage • new rules are added to the end of the list. • the ethertype option can only be used to filter ethernet ii formatted packets. • a detailed listing of ethernet protocol types can be found in rfc 1060. A few of th...
Page 373: Show Mac Access-Group
A ccess c ontrol l ist c ommands 3-185 command mode interface configuration (ethernet) command usage • note although this is a per-port setting, changes affect all ports. Example related commands show mac access-list (3-187) show mac access-group use this command to show the ports assigned to mac ac...
Page 374: Show Mac Access-List
C ommand l ine i nterface 3-186 show mac access-list use this command to display the rules for configured mac acls. Syntax show mac access-list [acl_name] acl_name – name of the acl. (maximum length: 16 characters) command mode privileged exec example related commands permit, deny 3-184 mac access-g...
Page 375: Show Access-Group
A ccess c ontrol l ist c ommands 3-187 example show access-group use this command to show the port assignments of acls. Command mode privileged executive example console#show access-list mac access-list jerry: permit any 00-30-29-94-34-de ethertype 0800 ip standard access-list david: permit host 10....
Page 376: Priority Commands
C ommand l ine i nterface 3-188 priority commands the commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports cos with four egress queues for each port. Data packets in a port’s ...
Page 377: Switchport Priority Default
P riority c ommands 3-189 switchport priority default use this command to set a priority for incoming untagged frames. Use the no form to restore the default value. Syntax switchport priority default default-priority-id no switchport priority default default-priority-id - the priority number for unt...
Page 378: Queue Mode
C ommand l ine i nterface 3-190 • this switch provides four egress queues (traffic classes) for each port. It is configured to use weighted round robin, which can be viewed with the show queue bandwidth command. Inbound frames that do not have vlan tags are tagged with the input port’s default ingre...
Page 379: Queue Bandwidth
P riority c ommands 3-191 command usage you can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use weighted round-robin (wrr) queuing that specifies a relative weight of ea...
Page 380: Queue Cos-Map
C ommand l ine i nterface 3-192 example the following example shows how to assign wrr weights of 1, 4, 16 and 24 to the cos priority queues 0, 1, 2 and 3: related commands show queue bandwidth (3-195) queue cos-map use this command to assign class of service (cos) values to the egress queues (i.E., ...
Page 381
P riority c ommands 3-193 default setting this switch supports class of service by using four egress queues, with weighted round robin queuing for each port. Eight separate priority levels are defined in ieee 802.1p. The default priority levels are assigned according to recommendations in the ieee 8...
Page 382: Show Queue Mode
C ommand l ine i nterface 3-194 related commands show queue cos-map (3-196) show queue mode this command shows the current queue mode. Default setting none command mode privileged exec example show queue bandwidth use this command to display the weighted round-robin (wrr) bandwidth allocation for th...
Page 383: Show Queue Cos-Map
P riority c ommands 3-195 show queue cos-map use this command to show the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-channel channel-id (range: 1-6) default setting none command mode priv...
Page 384: Map Ip Port
C ommand l ine i nterface 3-196 command mode global configuration command usage the precedence for priority mapping is ip port, ip precedence or ip dscp, and default switchport priority. Example the following example shows how to enable tcp/udp port mapping globally: map ip port (interface configura...
Page 385: Map Ip Precedence
P riority c ommands 3-197 example the following example shows how to map http traffic to cos value 0: map ip precedence (global configuration) use this command to enable ip precedence mapping (i.E., ip type of service). Use the no form to disable ip precedence mapping. Syntax map ip precedence no ma...
Page 386: Map Ip Precedence
C ommand l ine i nterface 3-198 map ip precedence (interface configuration) use this command to set ip precedence priority (i.E., ip type of service priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-value cos cos-value no map ip precedence • precedence-v...
Page 387: Map Ip Dscp
P riority c ommands 3-199 example the following example shows how to map ip precedence value 1 to cos value 0: map ip dscp (global configuration) use this command to enable ip dscp mapping (i.E., differentiated services code point mapping). Use the no form to disable ip dscp mapping. Syntax map ip d...
Page 388: Map Ip Dscp
C ommand l ine i nterface 3-200 map ip dscp (interface configuration) use this command to set ip dscp priority (i.E., differentiated services code point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp • dscp-value - 6-bit dscp value...
Page 389: Show Map Ip Port
P riority c ommands 3-201 example the following example shows how to map ip dscp value 1 to cos value 0: show map ip port use this command to show the ip port priority map. Syntax show map ip port [interface] interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-chan...
Page 390: Show Map Ip Precedence
C ommand l ine i nterface 3-202 show map ip precedence use this command to show the ip precedence priority map. Syntax show map ip precedence [interface] interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-channel channel-id (range: 1-6) default setting none comman...
Page 391: Show Map Ip Dscp
P riority c ommands 3-203 show map ip dscp use this command to show the ip dscp priority map. Syntax show map ip dscp [interface] interface • ethernet unit/port - unit - this is device 1. - port - port number. • port-channel channel-id (range: 1-6) default setting none command mode privileged exec e...
Page 392
C ommand l ine i nterface 3-204 multicast filtering commands this switch uses igmp (internet group management protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports o...
Page 393: Ip Igmp Snooping
M ulticast f iltering c ommands 3-205 ip igmp snooping use this command to enable igmp snooping on this switch. Use the no form to disable it. Syntax ip igmp snooping no ip igmp snooping default setting enabled command mode global configuration example the following example enables igmp snooping. Sh...
Page 394: Ip Igmp Snooping Vlan Static
C ommand l ine i nterface 3-206 ip igmp snooping vlan static use this command to add a port to a multicast group. Use the no form to remove the port. Syntax ip igmp snooping vlan vlan-id static ip-address interface no ip igmp snooping vlan vlan-id static ip-address interface • vlan-id - vlan id (ran...
Page 396
C ommand l ine i nterface 3-208 command mode privileged exec command usage see “configuring igmp snooping parameters” on page 2-74 for a description of the displayed items. Example the following shows the current igmp snooping configuration: show mac-address-table multicast use this command to show ...
Page 397: Ip Igmp Snooping Querier
M ulticast f iltering c ommands 3-209 command usage member types displayed include igmp or user, depending on selected options. Example the following shows the multicast entries learned through igmp snooping for vlan 1: ip igmp snooping querier use this command to enable the switch as an igmp querie...
Page 398: Ip Igmp Snooping Query-Count
C ommand l ine i nterface 3-210 ip igmp snooping query-count use this command to configure the query count. Use the no form to restore the default. Syntax ip igmp snooping query-count count no ip igmp snooping query-count count - the maximum number of queries issued for which there has been no respo...
Page 399
M ulticast f iltering c ommands 3-211 ip igmp snooping query-interval use this command to configure the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - the frequency at which the switch sends igmp hos...
Page 400
C ommand l ine i nterface 3-212 command usage • the switch must be using igmpv2 for this command to take effect. • this command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries defined by the ip igmp snooping query...
Page 401
M ulticast f iltering c ommands 3-213 command mode global configuration command usage the switch must use igmpv2 for this command to take effect. Example the following shows how to configure the default timeout to 300 seconds: related commands ip igmp snooping version (3-208) ip igmp snooping vlan m...
Page 402
C ommand l ine i nterface 3-214 command usage depending on your network connections, igmp snooping may not always be able to locate the igmp querier. Therefore, if the igmp querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your switch, you can m...
Page 403
M ulticast f iltering c ommands 3-215 example the following shows the ports in vlan 1 which are attached to multicast routers: console#show ip igmp snooping mrouter vlan 1 vlan m'cast router port type ---- ------------------- ------- 1 eth 1/11 static console#.
Page 404
C ommand l ine i nterface 3-216.
Page 405: Troubleshooting Chart
A-1 a ppendix a t roubleshooting troubleshooting chart troubleshooting chart symptom action cannot connect using telnet, web browser, or snmp software • be sure to have configured the agent with a valid ip address, subnet mask and default gateway. • if you are trying to connect to the agent via the ...
Page 406
T roubleshooting a-2.
Page 407
B-1 a ppendix b u pgrading f irmware via the s erial p ort the switch contains three firmware components that can be upgraded; the diagnostics (or boot-rom) code, runtime operation code, and the loader code. The runtime code can be upgraded via the switch’s rs-232 serial console port, via a network ...
Page 408
U pgrading f irmware via the s erial p ort b-2 4. When the switch initialization screen appears, enter firmware-download mode by pressing immediately after power on or rebooting the switch. Screen text similar to that shown below displays: 5. Press to change the baud rate of the switch’s serial conn...
Page 409
B-3 9. Press to start to download the new code file. If using windows hyperterminal, click the “transfer” button, and then click “send file....” select the xmodem protocol and then use the “browse” button to select the required firmware code file from your pc system. The “xmodem file send” window di...
Page 410
U pgrading f irmware via the s erial p ort b-4 for example, the following screen text shows the download procedure for a runtime code file: 12. To set the new downloaded file as the startup file, use the [s]et startup file menu option. 13. When you have finished downloading code files, use the [c]ha...
Page 411
Glossary-1 g lossary access control list (acl) acls can limit network traffic and restrict access to certain users or devices by checking each packet for certain ip or mac (i.E., layer 2 information). Boot protocol (bootp) boot protocol is used to provide bootup information for network devices, incl...
Page 412
G lossary glossary-2 extensible authentication protocol over lan (eapol) eapol is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A username and password is requested by the switch, and then passed to an authent...
Page 413
G lossary glossary-3 ieee 802.1q vlan tagging—defines ethernet frame tags which carry vlan information. It allows switches to assign endstations to different virtual lans, and defines a standard way for vlans to communicate across switched networks. Ieee 802.1p an ieee standard for providing quality...
Page 414
G lossary glossary-4 igmp snooping listening to igmp query and igmp report packets transferred between ip multicast routers and ip multicast host groups to identify ip multicast group members. Internet group management protocol (igmp) a protocol through which hosts can register with their local rout...
Page 415
G lossary glossary-5 link aggregation control protocol (lacp) allows ports to automatically negotiate a trunked link with lacp-configured ports on another device. Media access control (mac) a portion of the networking protocol that governs access to the transmission medium, facilitating the exchange...
Page 416
G lossary glossary-6 port trunk defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links. Private vlans private vlans provide port-based security and isolation between ports within the assig...
Page 417
G lossary glossary-7 simple network time protocol (sntp) sntp allows a device to set its internal clock based on periodic updates from a network time protocol (ntp) server. Updates can be requested from a specific ntp server, or can be received via broadcasts sent by ntp servers. Spanning tree proto...
Page 418
G lossary glossary-8.
Page 419: Numerics
Index-1 numerics 802.1x commands 3-155 configure 2-51 default 3-164 a access control list see acl acl extended ip 2-56 , 3-172 , 3-173 , 3-176 mac 2-56 , 3-172 , 3-183 , 3-183 – 3-187 standard ip 2-56 , 3-172 , 3-173 , 3-175 address table 2-85 authentication commands 3-155 b bootp 2-18 bpdu 2-89 bro...
Page 420
I ndex index-2 i ieee 802.1d 2-89 , 3-108 ieee 802.1w 2-89 , 3-108 igmp, configuring 2-146 ingress filtering 2-118 ip address bootp/dhcp service 2-18 setting 2-16 ip precedence enabling 2-138 mapping priorities 2-139 l link type, sta 2-100 , 2-103 log in cli interface 3-1 logging enabling 3-31 syslo...
Page 421
I ndex index-3 ssh, configuring 2-43 , 3-50 sta edge port 2-100 interface settings 3-120 link type 2-100 , 2-103 path cost 2-99 priority 2-99 startup files displaying 2-23 setting 2-23 statistics, switch 2-79 stp 2-93 , 3-108 switchport mode 3-126 system clock, setting 2-28 , 3-54 system software do...
Page 422
I ndex index-4.
Page 424
38 tesla irvine, ca 92618 phone: (949) 679-8000 for technical support, call: from u.S.A. And canada (24 hours a day, 7 days a week) (800) smc-4-you; (949) 679-8000; fax: (949) 679-1481 from europe (8:00 am - 5:30 pm uk time) 44 (0) 118 974 8700; fax: 44 (0) 118 974 8701 internet e-mail addresses: te...