IntraCore® 36000 Series Managed Gigabit Ethernet Switches User’s Manual
IntraCore 36000 Series Managed Gigabit Ethernet Switches User’s Manual Revision 1.0 Asanté Technologies, Inc. 821 Fox Lane San Jose, CA 95131 USA SALES 800-662-9686 Home/Office Solutions 800-303-9121 Enterprise Solutions 408-435-8388 TECHNICAL SUPPORT 801-566-8991: Worldwide 801-566-3787: Fax www.asante.com/support support@asante.com [Default IP Address: 192.168.0.1] [Default username: root [Default password: Asante ] ] Copyright © 2004 Asanté Technologies, Inc. All rights reserved.
Table of Contents Table of Contents 3 Chapter 1: Introduction 16 1.1 Description of Software Features.................................................................................................................... 16 1.2 System Defaults.............................................................................................................................................. 19 Chapter 2: Initial Configuration 22 2.1 Connecting to the Switch .......................................................
6.3 Configuring HTTPS......................................................................................................................................... 59 6.4 Configuring the Secure Shell .......................................................................................................................... 61 6. 5 Configuring Port Security ............................................................................................................................... 65 6.6 Configuring 802.
11.5 Selecting IP Precedence/DSCP Priority...................................................................................................... 130 11.6 Mapping CoS Values to ACLs .................................................................................................................... 134 11.7 Changing Priorities Based on ACL Rules ................................................................................................... 135 Chapter 12: Layer 2 IGMP (Snooping and Query) 138 12.
15.16 Priority Commands ................................................................................................................................... 172 15.17 Multicast Filtering Commands................................................................................................................... 173 15.18 IP Interface Commands ............................................................................................................................ 175 Chapter 16: Command Reference 176 16.
16.26 dir.............................................................................................................................................................. 195 16.27 disable ...................................................................................................................................................... 196 16.28 disconnect................................................................................................................................................. 197 16.
16.55 ip host ....................................................................................................................................................... 215 16.56 ip http port................................................................................................................................................. 216 16.57 ip http secure-port ..................................................................................................................................... 216 16.
16.84 logging facility ........................................................................................................................................... 236 16.85 logging history........................................................................................................................................... 237 16.86 logging host .............................................................................................................................................. 238 16.
16.113 mst vlan .................................................................................................................................................. 261 16.114 name....................................................................................................................................................... 262 16.115 negotiation .............................................................................................................................................. 263 16.
16.142 show access-list ip mask-precedence..................................................................................................... 284 16.143 show access-list mac mask-precedence................................................................................................. 285 16.144 show bridge-ext....................................................................................................................................... 285 16.145 show calendar.....................................
16.171 show mac-address-table aging-time ....................................................................................................... 309 16.172 show mac-address-table multicast.......................................................................................................... 309 16.173 show map access-list ip .......................................................................................................................... 310 16.174 show map access-list mac .......................
16.200 shutdown ................................................................................................................................................ 332 16.201 silent-time ............................................................................................................................................... 332 16.202 snmp-server community.......................................................................................................................... 333 16.
16.229 speed-duplex .......................................................................................................................................... 353 16.230 stopbits ................................................................................................................................................... 354 16.231 switchport acceptable-frame-types ......................................................................................................... 355 16.
Appendix D: Troubleshooting and Pinouts 380 D.1 Troubleshooting Chart.................................................................................................................................. 380 D.2 Console Port Pin Assignments ..................................................................................................................... 380 Appendix E: FCC Compliance and Warranty Statements 381 E.1 FCC Compliance Statement..................................................................
Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. You can also configure the switch to maximize the network performance.
Authentication – Permit management access through the console port, Telnet or web browser. User names and passwords are configured locally or verified through a remote authentication server (RADIUS or TACACS+). Port-based authentication is supported using the IEEE 802.1x protocol. This protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request a user name and password from the 802.1x client, and then verifies the client’s right to access the network.
between any two stations on the network, preventing the creation of loops. If the path should fail, an alternate path is activated to maintain the connection. Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – Reduce the convergence time for network topology changes to about 10% required by the older IEEE 802.1D STP standard.
1.2 System Defaults The system defaults are in the configuration file “Factory_Default_Config.cfg.” Set this files as the startup configuration file to resent the defaults (see, 2.9.1 Downloading Configuration Settings from a Server). The following table lists some of the basic system defaults.
Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Port Capability 1000BASE-T – 10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disabled 1000BASE-SX/LX/LH – 1000 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disabled Rate Limiting Input and Output Limits Disabled Port Trucking Static Trucks None LACP (all ports) Disab
Traffic Prioritization Ingress Port Priority 0 Weighted Round Robin Queue: 0 1 2 3 4 5 6 7 Weight: 2 0 1 3 4 5 6 7 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled IP Address 192.168.0.1 Subnet Mask 255.255.255.0 Default Gateway 0.0.0.
Chapter 2: Initial Configuration 2.1 Connecting to the Switch The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web-based interface. You can connect a PC directly to the switch for configuration and monitoring via a command line interface (CLI). Note: The IP address for this switch is 192.168.0.1. To change this address, refer to Section 2.4 Setting an IP Address.
• Set the speed/duplex mode for any port • Configure the bandwidth of any port by limiting input or output rates • Control port access through IEEE 802.1x security or static address filtering • Filter packets using Access Control Lists (ACLs) • Configure up to 255 IEEE 802.
4. When using HyperTerminal, select Terminal keys, not Windows keys. ® ® When using HyperTerminal with Microsoft Windows 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs. Refer to section 15.1 Line Commands for a complete description of console configuration options.
2. Type configure and press Enter. 3. Type username guest password 0 [p asswo rd] where passw ord is your new password. Press Enter. Switch> enable Password: Switch# configure Switch(config)#username admin password 0 [password ] Switch(config)# admin Password Switch(config)# exit 2.4 Setting an IP Address This section describes how to configure an IP interface for management access over the network. Note: By default, DHCP provides the IP address for the switch.
2.4.1 Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.
2.4.2 Dynamic Configuration You can set the switch for dynamic configuration when your network provides DHCP/BOOTP services. If you select the “bootp” or “dhcp” option, IP is active but does not function until a BOOTP or DHCP reply is received. You need to use the ip dhcp restart command to start broadcasting service requests. To obtain IP configuration information, the switch periodically sends requests. BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.
4. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press Enter. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#ip dhcp restart Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming. \Write to FLASH finish.
Console(config)#snmp-server community private Console(config)# 2.5.2 Trap Receivers You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, complete the following steps: 1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host and press Enter. 2.
Operation Code — System software that is executed after boot-up, also known as run-time code. This code runs the switch operations and provides the CLI and web management interfaces. See Section 2.8 Managing Firmware for more information. Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test). Due to the size limit of the flash memory, the switch supports only two operation code files.
If you download to a new destination file, then select the file from the drop-down box for the operation code used at startup, and click Apply Changes. To start the new firmware, reboot the system via the System/Reset menu. CLI Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file TFTP server ip address: 10.1.0.19 Choose file type: 1.
If you download to a new file name, then select the new file from the drop-down box for Startup Configuration File, and press Apply Changes. To use the new settings, reboot the system via the System/Reset menu. CLI Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config TFTP server ip address: 192.168.1.
CLI Use the reload command to restart the switch. Console#reload System will be restarted, continue ? Note: When restarting the system, it will always run the Power-On Self-Test. 2.9.3 Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period. If the address expires or the switch is moved to another network segment, you lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service through the CLI.
Field Attributes System Name: Name assigned to the switch system. Object ID: MIB II object ID for switch’s network management subsystem. Location – Specifies the system location. Contact: Administrator responsible for the system. System Up Time: Length of time the management agent has been running. These additional parameters are displayed for the CLI. MAC Address: The physical layer address for this switch. Web server: Shows if management access using HTTP is active.
System information System Up time: 0 days, 2 hours, 4 minutes, and 7.13 seconds System Name : R&D 5 System Location : WC 9 System Contact : James MAC address : 00-30-f1-47-58-3a Web server : enable Web server port : 80 Web secure server : enable Web secure server port : 443 POST result DUMMY Test 1.................PASS UART LOOP BACK Test..........PASS DRAM Test....................PASS Timer Test...................PASS PCI Device 1 Test............PASS Switch Int Loopback test.....
CLI Use the following command to display version information. Console#show version Unit1 Serial number Hardware version Number of ports Main power status Redundant power status Agent(master) Unit id Loader version Boot rom version Operation code version Console# :A305051234 :R0A :24 :up :not present :1 :1.0.0.1 :1.0.0.1 :1.1.0.13 2.10.4 Displaying Bridge Extension Capabilities The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs.
Local VLAN Capable: This switch supports multiple local bridges; For example, multiple spanning trees. (Refer to section 3.3 Configuring Multiple Spanning Trees.) GMRP: GARP Multicast Registration Protocol (GMRP) allows network devices to register end stations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering. Web Click System – Bridge Extension. CLI Enter the following command.
Chapter 3: Configuring Global Settings The switch’s HTTP web agent allows you to configure switch parameters, monitor port connections and display statistics using a standard web browser such as Internet Explorer 5, Netscape 6, Apple Safari 1.2, Mozilla Firefox 0.8 or later, using Windows Me/2000/XP, Mac OS X 10.3 or Linex. The recommended screen resolution is 1024 x 768 or higher. You can access the switch’s web management interface from any computer attached to the network.
You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to Appendix A: Web and Command Line Interface Overview. 3.1 Configuring Spanning Tree The follow section describe using and configuring spanning tree protocols including rapid spanning tree (RSTP) and multiple spanning trees (MSTP). 3.1.1 Spanning Tree Global Settings Global settings apply to the entire switch.
Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network, you must configure a related set of bridges with the same MSTP configuration, allowing them to participate in a specific set of spanning tree instances. • A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments. • Be careful when switching between spanning tree modes.
• Default: 20 • Minimum: The higher of 6 or [2 x (Hello Time + 1)]. • Maximum: The lower of 40 or [2 x (Forward Delay - 1)] Forward Delay – The maximum time (in seconds) this device will wait before changing states (For example, discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
CLI This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters.
Forward Transitions – The number of times this port has transitioned from the Learning state to the Forwarding state. Designated Cost – The cost for a packet to travel from this port to the root in the current Spanning Tree configuration. The slower the media, the higher the cost. Designated Bridge – The bridge priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree.
tree to reconfigure when the interface changes state, and also overcomes other STA-related timeout problems. The Edge Port should only be enabled for ports connected to an end-node device. Admin Link Type – The link type attached to this interface. Point-to-Point – A connection to exactly one other bridge. Shared – A connection to two or more bridges. Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media.
the preferred path, link type to indicate a point-to-point connection or shared-media connection, and edge port to indicate if the attached device can support fast forwarding. 3.2.1 Attributes Read-Only Attributes STA State – Displays current state of this port within the Spanning Tree. (For more information, refer to section 3.1.5 Displaying Interface Settings.) • Discarding - Port receives STA configuration messages, but does not forward packets.
Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media. (This is the default setting.) Admin Edge Port (Fast Forwarding) – Enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
Region (section 3.1.1) with the same set of instances, and the same instance (on each bridge) with the same set of VLANs. Also, note that RSTP treats each MSTI region as a single node, connecting all regions to the Common Spanning Tree. To use multiple spanning trees: 1. Set the spanning tree type to MSTP (STA Configuration, section 3.1.1). 2. Enter the spanning tree priority for the selected MST instance (MSTP VLAN Configuration). 3. Add the VLANs that will share this MSTI (MSTP VLAN Configuration).
CLI This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 1 Spanning-tree information --------------------------------------------------------------Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :1 Vlans configuration :1-5 Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.) :20 Root Forward Delay (sec.
Designated root Designated bridge Fast forwarding Forward transitions Admin edge port Oper edge port Admin Link type Oper Link type Spanning Tree Status . . . : : : : : : : : : 4096.2.0000E9313131 4096.2.0000E9313131 enable 0 enable enable auto point-to-point enable CLI This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. Console(config)#spanning-tree mst configuration Console(config-mst)#mst 1 priority 4096 Console(config-mstp)#mst 1 vlan 1-5 Console(config-mst)# 3.3.
CLI This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are global settings that apply to the IST (section 9.1.1), the settings for other instances only apply to the local spanning tree. Console#show spanning-tree mst 0 Spanning-tree information --------------------------------------------------------------Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :0 Vlans configuration :1-4094 Priority :32768 Bridge Hello Time (sec.
Field Attributes Read Only Attributes STA State – Displays current state of this port within the Spanning Tree. (For more information, refer to section 3.1.5 Displaying Interface Settings.) • Discarding - Port receives STA configuration messages, but does not forward packets. • Learning - Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information. Port address table is cleared, and the port begins learning addresses.
CLI This example sets the MSTP attributes for port 4.
Chapter 4: Configuring SNTP You can configure the switch to send time synchronization requests to specific time servers (For example, client mode), update its clock based on broadcasts from time servers, or use both methods. When both methods are enabled, the switch will update its clock using information broadcast from time servers, but will query the specified server(s) if a broadcast is not received within the polling interval. 4.
4.2.1 Attributes Current Time – Displays the current time. Name – Assigns a name to the time zone. Hours (0-12) – The number of hour’s before/after UTC. Minutes (0-59) – The number of minute’s before/after UTC. Direction – Configures the time zone to be before (east) or after (west) UTC. Configuring Switch Using the Web or CLI Web Select SNTP – Clock Time Zone. Set the offset for your time zone relative to the UTC, and click Apply. CLI This example shows how to set the time zone for the system clock.
Chapter 5: Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
CLI The following example adds the string “james” with read/write access. Console(config)#snmp-server community james rw Console(config)# 5.2 Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as HP OpenView).
Chapter 6: Configuring Security You can restrict management access to this switch using the following options: User Accounts – Manually configure access rights on the switch for specified users. Authentication Settings – Use remote authentication to configure access rights. HTTPS Settings – Provide a secure web connection. SSH Settings – Provide a secure shell (for secure Telnet access). Port Security – Configure secure addresses for individual ports. 802.1x – Use IEEE 802.
6.2.1 Usage Guidelines By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol. Local and remote logon authentication control management access via the console port, web browser, or Telnet.
Configuring Switch Using the Web or CLI Web Click Security – Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (For example, one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply. CLI Specify all the required parameters to enable logon authentication. Console#show radius-server Remote radius server configuration: Server IP address: 0.0.0.
If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number] • When you start HTTPS, the connection is established in this way: • The client authenticates the server using the server’s digital certificate. • The client and server negotiate a set of security protocols to use for the connection. • The client and server generate session keys for encrypting and decrypting data. The client and server establish a secure encrypted connection.
6.3.2 Replacing the Default Secure-site Certificate When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL) certificate appears for the switch. By default, the certificate that Netscape and Internet Explorer display will be associated with a warning that the site is not recognized as a secure site. This is because the certificate has not been signed by an approved certification authority.
1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a host public/private key pair. 2. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An entry for a public key in the known hosts file would appear similar to the following example: 10.1.0.
6.4.2 Generating the Host Key Pair A host public/private key pair is used to provide secure communications between an SSH client and the switch. After generating this key pair, you must provide the host public key to SSH clients and import the client’s public key to the switch as described in the proceeding section (Usage). Field Attributes Public-Key of Host-Key – The public key for the host. • RSA (Version 1): The first field indicates the size of the host key (e.g.
CLI This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then displays the host’s public keys.
Configuring Switch Using the Web or CLI Web Click Security – SSH, Settings. Enable SSH and adjust the authentication parameters as required, then click Apply. Note that you must first generate the host key pair on the SSH Host-Key Settings page before you can enable the SSH server. CLI This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the administrator has made a connection through SHH, and then disables this connection.
To add new VLAN members later, you can manually add secure addresses with the Static Address Table (section 8.1 Setting Static Addresses), or turn off port security to reenable the learning function long enough for new VLAN members to be registered. Learning may then be disabled again, if desired, for security. 6.5.1 Guidelines A secure port has the following restrictions: • Cannot use port monitoring. • Cannot be a multi-VLAN port. • Cannot be used as a member of a static or dynamic trunk.
CLI This example sets the command mode to Port 5, sets the port security action to send a trap and disable the port, and then enables port security for the switch. Console(config)#interface ethernet 1/5 Console(config-if)#port security action trap-and-shutdown Console(config-if)#port security Console(config-if)# 6.6 Configuring 802.1x Port Authentication Network switches can provide open and easy access to network resources by simply attaching a client PC.
• Each client that needs to be authenticated must have dot1x client software installed and properly configured. • The RADIUS server and 802.1x client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) • The RADIUS server and client also have to support the same EAP authentication type – MD5, (Some clients have native support in Windows, otherwise the dot1x client must support it.) 6.6.1: Displaying 802.
CLI This example shows the default protocol settings for 802.1x. For a description of the additional entries displayed in the CLI, See the show dot1x command. Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: 3600 quiet-period: 60 tx-period: 30 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.1X Port Summary Port Name Status 1/1 disabled 1/2 disabled . . .
Port-control Supplicant Current Identifier Auto 00-00-e8-49-5e-dc 3 Authenticator State Machine State Authenticated Reauth Count 0 Backend State Machine State Idle Request Count 0 Identifier(Server) 2 Reauthentication State Machine State Initialize Console# 6.6.2 Configuring 802.
CLI This enables re-authentication and sets all of the global parameters for 802.1x. Console(config)#dot1x re-authentication Console(config)#dot1x max-req 5 Console(config)#dot1x timeout quiet-period 40 Console(config)#dot1x timeout re-authperiod 5 Console(config)#dot1x timeout tx-period 40 Console(config)#authentication dot1x default radius Console(config)# 6.6.3 Configuring Port Authorization Mode When dot1x is enabled, you need to specify the dot1x authentication mode configured for each port.
Configuring Switch Using the Web or CLI Web Click Security – 802.1x, Port Configuration. Select the authentication mode from the drop-down box and click Apply. CLI This example sets the authentication mode to enable 802.1x on port 2, and allows up to ten clients to connect to this port. Console(config)#interface ethernet 1/2 Console(config-if)#dot1x port-control auto Console(config-if)#dot1x operation-mode multi-host max-count 10 Console(config-if)# 6.6.4 Displaying 802.
which the Packet Body Length field is invalid. Rx Last EAPOLVer The protocol version number carried in the most recently received EAPOL frame. Rx Last EAPOLSrc The source MAC address carried in the most recently received EAPOL frame. Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Authenticator. Tx EAP Req/Id The number of EAP Req/Id frames that have been transmitted by this Authenticator.
Console# 6.7 Configuring Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, specify a mask to modify the precedence in which the rules are checked, and then bind the list to a specific port. 6.7.
Command Attributes Name – Name of the ACL. (Maximum length: 16 characters) Type – There are three filtering modes: • Standard: IP ACL mode that filters packets based on the source IP address. • Extended: IP ACL mode that filters packets based on source or destination IP address, as well as protocol type and protocol port number. If the “TCP” protocol is specified, then you can also filter packets based on the TCP control code.
Configuring Switch Using the Web or CLI Web Specify the action (For example, Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Then click Add. Jaci need picture here Need Breen to help with illo CLI This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask.
• 1 (fin) – Finish • 2 (syn) – Synchronize • 4 (rst) – Reset • 8 (psh) – Push • 16 (ack) – Acknowledgement • 32 (urg) – Urgent pointer For example, use the code value and mask below to catch packets with the following flags set: SYN flag valid, use control-code 2, control bitmask 2 Both SYN and ACK valid, use control-code 18, control bitmask 18 SYN valid and ACK invalid, use control-code 2, control bitmask 18 Configuring Switch Using the Web or CLI Web Specify the action (For example, Permit or
Command Attributes Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules) Source/Destination MAC – Use “Any” to include all possible addresses, “Host” to indicate a specific MAC address, or “MAC” to specify an address range with the Address and Bitmask fields. (Options: Any, Host, MAC; Default: Any) Source/Destination MAC Address – Source or destination MAC address. Source/Destination MAC Bitmask – Hexadecimal mask for source or destination MAC address. VID – VLAN ID.
6.7.6 Configuring ACL Masks You can specify optional masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ingress or egress ACL.
Follow these guidelines. Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes. Command Attributes Src/Dst IP – Specifies the source or destination IP address. Use “Any” to match any address, “Host” to specify a host address (not a subnet), or “IP” to specify a range of addresses. (Options: Any, Host, IP; Default: Any) Src/Dst IP Bitmask – Source or destination address of rule must match this bitmask.
Console(config-std-acl)#deny 10.1.1.1 255.255.255.255 Console(config-std-acl)#exit Console(config)#access-list ip mask-precedence in Console(config-ip-mask-acl)#mask host any Console(config-ip-mask-acl)#mask 255.255.255.0 any Console(config-ip-mask-acl)# 6.7.8 Configuring a MAC ACL Mask This mask defines the fields to check in the packet header. Follow these guidelines. You must configure a mask for an ACL rule before you can bind it to a port.
CLI This example shows how to create an Ingress MAC ACL and bind it to a port. You can see the mask has changed the order of the rules.
IN – ACL for ingress packets. OUT – ACL for egress packets. ACL Name – Name of the ACL. Configuring Switch Using the Web or CLI Web Click Security – ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egress traffic, select the required ACL from the drop-down list, then click Apply. CLI This examples assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2.
SNMP IP Filter List – Configures IP address(es) for the SNMP group. Telnet IP Filter List – Configures IP address(es) for the Telnet group. IP Filter List – IP addresses which are allowed management access to this interface. Start IP Address – A single IP address, or the starting address of a range. End IP Address – The end address of a range. Configuring Switch Using the Web or CLI Web Click Security – IP Filter.
Chapter 7: Configuring Ports 7.1 Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Field Attributes (Web) Name – Interface label. Type – Indicates the port type. (1000BASE-T, 1000BASE-SX, 1000BASE-LX or 100BASE-LH) Admin Status – Shows if the interface is enabled or disabled. Oper Status – Indicates if the link is Up or Down.
Field Attributes (CLI) Basic information Port type – Indicates the port type. (1000BASE-T, 1000BASE-SX, 1000BASE-LX or 1000BASE-LH) MAC address – The physical layer address for this port. (To access this item on the web, see section 2.4 Setting an IP Address.) Configuration Name – Interface label. Port admin – Shows if the interface is enabled or disabled (For example, up or down). Speed-duplex – Shows the current speed and duplex mode.
Operation speed-duplex – Shows the current speed and duplex mode. Flow control type – Indicates the type of flow control currently in use. (IEEE 802.3x, Back-Pressure or none) CLI This example shows the connection status for Port 5.
• 10full - Supports 10 Mbps full-duplex operation • 100half - Supports 100 Mbps half-duplex operation • 100full - Supports 100 Mbps full-duplex operation • 1000full - Supports 1000 Mbps full-duplex operation • Sym (Gigabit only) - Check this item to transmit and receive pause frames, or clear it to auto-negotiate the sender and receiver for asymmetric pause frames. (The current switch chip only supports symmetric pause frames.) • FC - Supports flow control.
CLI Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 Console(config-if)#shutdown . Console(config-if)#no shutdown Console(config-if)#no negotiation Console(config-if)#speed-duplex 100half Console(config-if)#flowcontrol .
• All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN. • STP, VLAN, and IGMP settings can only be made for the entire trunk. 7.3.1 Creating a Static Trunk When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. The static trunks on this switch are Cisco EtherChannel compatible.
Port security: Disabled Max MAC count: 0 Current status: Created by: User Link status: Down Operation speed-duplex: 1000full Flow control type: None Member Ports: Eth1/1, Eth1/2, Console# 7.4 Enabling LACP on Selected Ports To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports before disabling LACP. If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically.
Console(config)#interface ethernet 1/6 Console(config-if)#lacp Console(config-if)#end Console#show interfaces status port-channel 1 Information of Trunk 1 Basic information: Port type: 1000T Mac address: 22-22-22-22-22-2d Configuration: Name: Port admin status: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full, Flow control status: Disabled Port security: Disabled Max MAC count: 0 Port security action: None Combo forced mode: None Current status: Created by: Lacp Link status: Up
Admin Key – The LACP administration key must be set to the same value for ports that belong to the same LAG. (Range: 0-65535; Default: 0) Port Priority – If a link goes down, LACP port priority is used to select a backup link. (Range: 0-65535; Default: 32768) Set Port Partner – This menu sets the remote side of an aggregate link; For example, the ports on the attached device. The command attributes have the same meaning as those used for the port actor.
4 32768 00-00-E9-31-31-31 5 32768 00-00-E9-31-31-31 6 32768 00-00-E9-31-31-31 Console#show lacp 1 internal Channel group : 1 ------------------------------------------------------------------------Oper Key : 120 Admin Key : 120 Console# 7.4.2 Displaying LACP Port Counters You can display statistics for LACP protocol messages. The following table shows the counter information for the LACP statistics Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group.
CLI The following example displays LACP counters for port channel 1. Console#show lacp 1 counters Channel group : 1 -----------------------------------------------------------Eth 1/ 1 --------------------------------------------------------------------LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts : 0 LACPDUs Illegal Pkts : 0 . . . Console# 7.4.
Aggregation – The system considers this link to be aggregatable; For example, a potential candidate for aggregation. Long timeout – Periodic transmission of LACPDUs uses a slow transmission rate. LACP-Activity – Activity control value with regard to this link. (0: Passive; 1: Active) Web Click Port – LACP, Port Internal Information. Select a port channel to display the corresponding information.
7.4.4 Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. The following table lists the display information from the LACP remote setting output. Field Description Partner Admin System ID LAG partner’s system ID assigned by the user. Partner Oper System ID LAG partner’s system ID assigned by the LACP protocol.
CLI The following example displays the LACP configuration settings and operational state for the remote side of port channel 1.
7.5.1 Guidelines Broadcast Storm Control is enabled by default. The default threshold is 500 packets per second. Broadcast control does not effect IP multicast traffic. The specified threshold applies to all ports on the switch. Command Attributes Port – Port number. Type – Indicates the port type. (1000BASE-T, 1000BASE-SX, 1000BASE-LX or 100BASE-LH) Protect Status – Shows whether or not broadcast storm control has been enabled. (Default: Enabled) Threshold – Threshold as percentage of port bandwidth.
Acceptable frame type: All frames Native VLAN: 1 Priority for untagged traffic: 0 Gvrp status: Disabled Allowed Vlan: 1(u), Forbidden Vlan: Console# 7.6 Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. 7.6.
Console(config)#interface ethernet 1/10 Console(config-if)#port monitor ethernet 1/13 Console(config-if)# 7.7 Configuring Rate Limits This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic coming out of the switch. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
problems with the switch (such as a faulty port or unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of different frame types and sizes passing through each port. All values displayed have been accumulated since the last system reboot, and are shown as counts per second. Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as HP OpenView.
errors. Etherlike Statistics Alignment Errors The number of alignment errors (missynchronized data packets). Late Collisions The number of times that a collision is detected later than 512 bit-times into the transmission of a packet. FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check. This count does not include frames received with frame-too-long or frame-too-short error.
Broadcast Frames The total number of good frames received that were directed to the broadcast address. Note that this does not include multicast packets. Multicast Frames The total number of good frames received that were directed to this multicast address. CRC/Alignment Errors The number of CRC/alignment errors (FCS or alignment errors).
CLI This example shows statistics for port 13.
Chapter 8: Configuring Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port. 8.1 Setting Static Addresses A static address can be assigned to a specific interface on this switch.
8.2 Displaying the Dynamic Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port. Otherwise, the traffic is flooded to all ports. Command Attributes Interface – Indicates a port or trunk. MAC Address – Physical address associated with this interface.
--------- ----------------- ---- ----------------Eth 1/ 1 00-E0-29-94-34-DE 1 Permanent Eth 1/ 1 00-20-9C-23-CD-60 2 Learned Console# 8.3 Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes Aging Status – Enables or disables the aging time. Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 seconds; Default: 300 seconds) Configuring Switch Using the Web or CLI Web Click Address Table – Address Aging.
Chapter 9: Configuring Spanning Tree The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links that automatically take over when a primary link goes down.
messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network. (References to “ports” in this section mean “interfaces,” which includes both ports and trunks.) Hello Time – Interval (in seconds) at which the root device transmits a configuration message.
Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. Max hops – The max number of hop counts for the MST region. Remaining hops – The remaining number of hop counts for the MST instance. Transmission limit – The minimum interval between the transmissions of consecutive RSTP/MSTP BPDUs. Path Cost Method – The path cost is used to determine the best path between devices.
Chapter 10: Configuring VLAN In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks. This also provides a more secure and cleaner network environment. An IEEE 802.
VLANs configured on the switch. Packets are forwarded only between ports that are designated for the same VLAN. Untagged VLANs can be used to manually isolate user groups or subnets. Use IEEE 802.3 tagged VLANs with GVRP to fully automate VLAN registration. Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system where the switch can automatically learn the VLANs to which each end station should be assigned. If an end station (or its network adapter) supports the IEEE 802.
CLI This example enables GVRP for the switch. Console(config)#bridge-ext gvrp Console(config)# 10.1.3 Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch. Field Attributes VLAN Version Number (Web Only) – The VLAN version used by this switch as specified in the IEEE 802.1Q standard. Maximum VLAN ID – Maximum VLAN ID recognized by this switch.
Command Attributes (Web) VLAN ID – ID of configured VLAN (1-4094). Up Time at Creation – Time this VLAN was created (For example, System Up Time). Status – Shows how this VLAN was added to the switch. • Dynamic GVRP: Automatically learned via GVRP. • Permanent: Added as a static entry. Egress Ports – Shows all the VLAN port members. Untagged Ports – Shows the untagged VLAN port members. Configuring Switch Using the Web or CLI Web Click VLAN – 802.1Q VLAN, Current Table.
Status – Shows if this VLAN is enabled or disabled. • Active: VLAN is operational. • Suspend: VLAN is suspended; For example, does not pass packets. Ports / Channel groups – Shows the VLAN interface members. CLI Current VLAN information can be displayed with the following command. Console#show VLAN Type ---- ------1 Static Console# vlan id Name Status Ports/Channel groups ----------- ----------------------------------------DefaultVlan Active Eth1/1 Eth1/2 10.1.
Configuring Switch Using the Web or CLI Web Click VLAN – 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add. CLI This example creates a new VLAN.
Name – Name of the VLAN (1 to 32 characters). Status – Enables or disables the specified VLAN. • Enable: VLAN is operational. • Disable: VLAN is suspended; For example, does not pass packets. Port – Port identifier. Trunk – Trunk identifier. Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: • Tagged: Interface is a member of the VLAN. All packets transmitted by the port carries a tag with VLAN or CoS information.
Console(config)#interface ethernet 1/2 Console(config-if)#switchport allowed vlan add 2 untagged Console(config-if)#exit Console(config)#interface ethernet 1/13 Console(config-if)#switchport allowed vlan add 2 tagged 10.1.7 Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member. Command Attributes Interface – Port or trunk identifier. Member – VLANs for which the selected interface is a tagged member.
Usage Guidelines GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information to automatically register VLAN members on interfaces across the network. GARP – Group Address Registration Protocol is used by GVRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate.
to the port’s default VLAN (For example, associated with the PVID) are also transmitted as tagged frames. • Hybrid – Specifies a hybrid VLAN interface. The port may transmit tagged or untagged frames. Trunk Member – Indicates if a port is a member of a trunk. To add a trunk to the selected VLAN, use the last table on the VLAN Static Table page. Configuring Switch Using the Web or CLI Web Click VLAN – 802.1Q VLAN, Port Configuration or VLAN Trunk Configuration.
CLI This example enables private VLANs. Console(config)#pvlan Console(config)# 10.2.2 Configuring Uplink and Downlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with any other ports on the switch and with any designated downlink ports. Configuring Switch Using the Web or CLI Web Click VLAN – Private VLAN, Link Status.
1. Configure VLAN groups for the protocols you want to use (section 10.1.5). You should configure a separate VLAN for each major protocol running on your network. Do not add port members at this time. 2. Create a protocol group for each of the protocols you want to assign to a VLAN using the Protocol VLAN Configuration page. 3. Then map the protocol for each interface to the appropriate VLAN using the Protocol VLAN Port Configuration page. 10.3.
Usage Guidelines When creating a protocol-based VLAN, only assign interfaces using this configuration screen. If you assign interfaces using any of the other VLAN commands such as VLAN Static Table (section 10.1.6 Adding Static Members to VLANs (VLAN Index).) or VLAN Static Membership (in section 10.1.7 Adding Static Members to VLANs (Port Index), these interfaces will admit traffic of any protocol type into the associated VLAN.
Chapter 11: Configuring Packet Priority Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues. You can set the default priority for each interface, and configure the mapping of frame priority tags to the switch’s priority queues. 11.
Console#show interfaces switchport ethernet 1/5 Information of Eth 1/3 Broadcast threshold: Enabled, 500 packets/second Lacp status: Disabled Ingress rate limit: disable,1000M bits per second Egress rate limit: disable,1000M bits per second VLAN membership mode: Hybrid Ingress rule: Disabled Acceptable frame type: All frames Native VLAN: 1 Priority for untagged traffic: 5 Gvrp status: Disabled Allowed Vlan: 1(u), Forbidden Vlan: Console# 11.
Command Attributes Priority – CoS value. (Range: 0-7, where 7 is the highest priority) Traffic Class (CLI show queue)– Output queue buffer. (Range: 0-7, where 7 is the highest CoS priority queue) Configuring Switch Using the Web or CLI Web Click Priority – Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to output queues. Assign priorities to the traffic classes (for example, output queues) for the selected interface, then click Apply.
Command Attributes WRR - Weighted Round-Robin shares bandwidth at the egress ports by using scheduling weights 1, 2, 4, 6, 8, 10, 12, 14 for queues 0 through 7 respectively. (This is the default selection.) Strict - Services the egress queues in sequential order, transmitting all traffic in the higher priority queues before servicing lower priority queues. Configuring Switch Using the Web or CLI Web Click Priority – Queue Mode. Select Strict or WRR, then click Apply.
CLI The following example shows how to assign WRR weights to each of the priority queues. Console(config)#interface ethernet 1/1 Console(config-if)#queue bandwidth 1 3 5 7 9 11 13 15 4-189 Console(config-if)#end Console#show queue bandwidth Information of Eth 1/1 Queue ID Weight -------- -----0 1 1 3 2 5 3 7 4 9 5 11 6 13 7 15 Information of Eth 1/2 Queue ID Weight . . . 11.4.
11.5 Selecting IP Precedence/DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority. Select one of the methods or disable this feature. Command Attributes Disabled – Disables both priority services. (This is the default setting.) IP Precedence – Maps layer 3/4 priorities using IP Precedence. IP DSCP – Maps layer 3/4 priorities using Differentiated Services Code Point Mapping.
Command Attributes IP Precedence Priority Table – Shows the IP Precedence to CoS map. Class of Service Value – Maps a CoS value to the selected IP Precedence value. Note that “0” represents low priority and “7” represent high priority. Configuring Switch Using the Web or CLI Web Click Priority – IP Precedence Priority. Select an entry from the IP Precedence Priority Table, enter a value in the Class of Service Value field, and then click Apply.
11.5.2 Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP default values are defined in the following table.
CLI The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings. Console(config)#map ip dscp Console(config)#interface ethernet 1/1 Console(config-if)#map ip dscp 1 cos 0 Console(config-if)#end Console#show map ip dscp ethernet 1/1 DSCP mapping status: enabled Port DSCP COS --------- ---- --Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 . . .
Web Click Priority–IP Port Priority. Enter the IP port number for a network application in the IP Port Number box and the new CoS values in the Class of Service box, and then click Apply. Mapping specific values for IP Precedence is implemented as an interface configuration command, and any changes apply to the all interfaces on the switch.
11.6.1 Guidelines You must configure an ACL mask before you can map CoS values to the rule. Command Attributes Port – Port identifier. Name – Name of ACL. For information on configuring ACLs, see section 6.7 Configuring Access Control Lists. Type – Type of ACL (IP or MAC). CoS Priority – CoS value used for packets matching an IP ACL rule. (Range: 0-7) Configuring Switch Using the Web or CLI Web Click Priority – ACL CoS Priority.
The IP frame header also includes priority bits in the Type of Service (ToS) octet. The Type of Service octet may contain three bits for IP Precedence or six bits for Differentiated Services Code Point (DSCP) service. Note that the IP frame header can include either the IP Precedence or the DSCP priority type. The precedence for priority mapping by this switch is IP Precedence or DSCP Priority, and then 802.1p priority. Command Attributes Port – Port identifier. Name – Name of ACL.
Console# The purpose of IP multicast filtering is to optimize a switched network’s performance, so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers/switches, instead of flooding traffic to all ports in the subnet (VLAN).
Chapter 12: Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If multicast routing is not supported on other switches in your network, you can use IGMP Snooping and Query (section 12.1.1 Configuring IGMP Snooping and Query Parameters) to monitor IGMP service requests passing between multicast clients and servers, and dynamically configure the switch ports that need to forward multicast traffic.
Act as IGMP Querier — When enabled, the switch can serve as the Querier, which is responsible for asking hosts if they want to receive multicast traffic. (Default: Enabled) IGMP Query Count — Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group. (Range: 2-10, Default: 2) IGMP Query Interval — Sets the frequency at which the switch sends IGMP host-query messages.
Query interval Query max response time Router port expire time IGMP snooping version Console# : : : : 100 sec 20 sec 300 sec Version 2 12.1.2 Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet.
VLAN ID – Selects the VLAN to propagate all multicast traffic coming from the attached multicast router. Port or Trunk – Specifies the interface attached to a multicast router. Configuring Switch Using the Web or CLI Web Click IGMP Snooping–Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLANs forwarded all the corresponding multicast traffic, and then click Add. After you have finished adding interfaces to the list, click Apply.
CLI This example displays all the known multicast services supported on VLAN 1, along with the ports propagating the corresponding services. The Type field shows if this entry was learned dynamically or was statically configured. Console#show mac-address-table multicast vlan 1 VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------1 224.1.1.12 Eth1/12 USER 1 224.1.2.3 Eth1/12 IGMP Console# 12.1.
CLI This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.1.1.12 ethernet 1/12 Console(config)#exit Console#show mac-address-table multicast vlan 1 VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------1 224.1.1.12 Eth1/12 USER 1 224.1.2.
Chapter 13: Configuring Domain Name Service The Domain Naming System (DNS) service on this switch allows host names to be mapped to IP addresses using static table entries or by redirection to other name servers on the network. When a client device designates this switch as a DNS server, the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the switch, and waiting for a response.
CLI This example sets a default domain name and a domain list. If a domain list is specified, the default domain name is not used. Console(config)#ip domain-name sample.com Console(config)#ip domain-list sample.com.uk Console(config)#ip domain-list sample.com.jp Console(config)#ip name-server 192.168.1.55 10.1.0.55 Console(config)#ip domain-lookup Console(config)#end Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.uk sample.com.
Field Attributes Host Name – Name of a host device that is mapped to one or more IP addresses. (Range: 1-64 characters) IP Address – Internet address(es) associated with a host name. (Range: 1-8 addresses) Alias – Displays the host names that are mapped to the same address(es) as a previously configured entry. Configuring the Switch Using the Web or CLI Web Select DNS – Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.
13.3 Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers. Field Attributes No – The entry number for each resource record. Flag – The flag is always “4” indicating a cache entry and therefore unreliable. Type – This field includes CNAME, which specifies the canonical or primary name for the owner, and ALIAS, which specifies multiple domain names that are mapped to the same IP address as an existing entry.
Chapter 14: Using the Command Line Interface The command set is divided into Exec and Configuration classes. Exec commands generally display information on system status or clear statistical counters. Configuration commands, on the other hand, modify interface parameters or enable certain switching functions. These classes are further divided into different modes. Available commands depend on the selected mode.
14.2 Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands only modify the running configuration. When the switch is rebooted, the start-up configuration is used. To store the running configuration use the copy running-config startup-config command.
access-list mac mask-precedence Console(config-mac-mask-acl) For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mode Console(config)#interface ethernet 1/5 . . . Console(config-if)#exit Console(config)# 14.3 Command Groups The system commands can be broken down into the functional groups shown below.
clears the table, or sets the aging time Spanning Tree Configures Spanning Tree settings for the switch VLANs Configures VLAN settings, and defines port membership for VLAN groups; also enables or configures private VLANs and protocol VLANs GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning; shows the configuration for the bridge extension MIB Priority Sets port priority for untagged frames, selects strict priority or weighted round robin, relative weight for each
Chapter 15: Configuration Guide This chapter provides information about each of the features and an overview of the CLI commands needed to configure, manage and maintain the switch. For more complete information about the commands refer to Chapter 16: Command Reference. 15.1 Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port.
disable Returns to normal mode from privileged mode PE configure Activates global configuration mode PE show history Shows the command history buffer NE, PE reload Restarts the system PE end Returns to Privileged Exec mode any config. mode exit Returns to the previous configuration mode, or exits the CLI any quit Exits a CLI session NE, PE help Shows how to use help any ? Shows options for command completion (context sensitive) any 15.2.
Secure Shell Provides secure replacement for Telnet Event Logging Controls logging of error messages SMTP Alerts Configures SMTP email alerts Time (System Clock) Sets the system clock automatically via NTP/SNTP server or manually System Status Displays system configuration, active managers, and version information Frame Size Enables support for jumbo frames 15.3.
15.3.4 Web Server Commands The following table lists the web server commands and describes the functions and command modes of each command. Command Function Mode ip http port Specifies the port to be used by the Web browser interface GC ip http server Allows the switch to be monitored or configured from a browser GC ip http secure-server Enables HTTPS/SSL for encrypted communications GC ip http secure-port Specifies the UDP port number for HTTPS/SSL GC 15.3.
ip ssh crypto zeroize Clear the host key from RAM PE ip ssh save host-key Saves the host key from RAM to flash memory PE disconnect Terminates a line connection PE show ip ssh Displays the status of the SSH server and the configured values for authentication timeout and retries PE show ssh Displays the status of current SSH sessions PE show public-key Shows the public key for the specified user or for the host PE show users Shows SSH users, including privilege level and public key type P
clients that have a private key corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this process: • The client sends its public key to the switch. • The switch compares the client's public key to those stored in memory. • If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the client.
logging sendmail destination-email Email recipients of alert messages GC logging sendmail Enables SMTP event handling GC show logging sendmail Displays SMTP event handler settings NE, PE 15.3.8 Time Commands The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP), or by using information broadcast by local time servers.
jumbo frame Enables support for jumbo frames GC 15.4 Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x. The following table lists the authentication commands and describes the functions and command modes of each command.
show radius-server Shows the current RADIUS settings PE 15.4.3 TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.
dot1x operation-mode Allows single or multiple hosts on an dot1x port IC dot1x re-authenticate Forces re-authentication on specific ports PE dot1x re-authentication Enables re-authentication for all ports GC dot1x timeout quiet-period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client GC dot1x timeout reauthperiod Sets the time period after which a connected client must be reauthenticated GC dot1x timeout tx-period S
• You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.
permit, deny Filters packets meeting the specified criteria, including source and destination IP address, TCP/UDP port number, protocol type, and TCP control code EXTACL show ip access-list Displays the rules for configured IP ACLs PE access-list ip maskprecedence Changes to the mode for configuring access control masks GC Mask Sets a precedence mask for the ACL rules IP-Mask show access-list ip maskprecedence Shows the ingress or egress rule masks for IP ACLs PE ip access-group Adds a port
map access-list mac Sets the CoS value and corresponding output queue for packets matching an ACL rule IC show map access-list mac Shows CoS value mapped to an access list for an interface PE match access-list mac Changes the 802.1p priority the priority of a frame matching the defined rule (For example, also called packet marking) IC show marking Displays the current configuration for packet marking PE 15.5.
15.7.1 DNS Commands These commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS domain name to IP address mapping table, configure default domain names, or specify one or more name servers to use for domain name to address translation. Domain name services is not be enabled until at least one name server is specified with the ip name-server command and domain lookup is enabled with the ip domain-lookup command.
shutdown Disables an interface IC switchport broadcast packet-rate Configures the broadcast storm control threshold IC clear counters Clears statistics on an interface PE show interfaces status Displays status for the specified interface NE, PE show interfaces counters Displays statistics for the specified interfaces NE, PE show interfaces switchport Displays the administrative and operational status of an interface NE, PE 15.
Command Function Mode interface port-channel Enters interface configuration mode and Configures a trunk GC Channel-group Adds a port to a trunk IC (Ethernet) Dynamic Configuration Command lacp Configures LACP for the current interface IC (Ethernet) lacp system-priority Configures a port's LACP system priority IC (Ethernet) lacp admin-key Configures a port's administration key IC (Ethernet) lacp admin-key Configures an port channel’s administration key IC (Port Channel) lacp port-priorit
• If the port channel admin key is set, then the port admin key must be set to the same value for a port to be allowed to join a channel group. • If a link goes down, LACP port priority is used to select the backup link. 15.12 Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time.
mst vlan Adds VLANs to a spanning tree instance MST mst priority Configures the priority of a spanning tree instance MST Name Configures the name for the multiple spanning tree MST Revision Configures the revision number for the multiple spanning tree MST max-hops Configures the maximum number of hops allowed in the region before a BPDU is discarded MST spanning-tree spanningdisabled Disables spanning tree for an interface IC spanning-tree cost Configures the spanning tree path cost of an
Configuring Protocol VLANs Configures protocol-based VLANs based on frame type and protocol 15.14.1 Editing VLANs The following table list the commands for editing VLAN groups. Command Function Mode vlan database Enters VLAN database mode to add, change, and delete VLANs GC vlan Configures a VLAN, including VID, name and state VC 15.14.
Command Function Mode Pvlan Enables and configured private VLANS GC show pvlan Displays the configured private VLANS PE 15.14.5 Configuring Protocol-based VLANs Using the CLI The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
show bridge-ext Shows the global bridge extension configuration PE switchport gvrp Enables GVRP for an interface IC switchport forbidden vlan Configures forbidden VLANs for an interface IC show gvrp configuration Displays GVRP configuration for the selected interface NE, PE garp timer Sets the GARP timer for the selected function IC show garp timer Shows the GARP timer for the selected function NE, PE 15.
15.16.2 Priority Commands (Layer 3 and 4) The following table lists the layer 3 and 4 priority commands.
15.17.1 IGMP Snooping Commands The following table lists the IGMP snooping commands. Command Function Mode ip igmp snooping Enables IGMP snooping GC ip igmp snooping vlan static Adds an interface as a member of a multicast group GC ip igmp snooping version Configures the IGMP version for snooping GC show ip igmp snooping Shows the IGMP snooping and query configuration PE show mac-address-table multicast Shows the IGMP snooping MAC multicast list PE 15.17.
15.18 IP Interface Commands There are no IP addresses assigned to this switch by default. You must manually configure a new address to manage the switch over your network. You may also need to a establish a default gateway between this device and management stations or other devices that exist on another network segment. The following table lists the basic IP configuration commands.
Chapter 16: Command Reference The section contains an alphabetical listing of all the commands used to configure, manage and maintain your switch. Refer to Chapter 15: Configuration Guide, for information on specific features and associated commands. 16.1 access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the no form to remove the specified ACL.
ip access-group show ip access-list 16.2 access-list ip mask-precedence This command changes to the IP Mask mode used to configure access control masks. Use the no form to delete the mask table. Syntax Description [no] access-list ip mask-precedence {in | out} In Ingress mask for ingress ACLs. Out Egress mask for egress ACLs. Default Default system mask: Filter inbound packets according to specified IP ACLs.
Syntax Description [no] access-list mac acl_name acl_name Name of the ACL. (Maximum length: 16 characters) Default None Command Mode Global Configuration Usage Guidelines An egress ACL must contain all deny rules. When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To create an ACL, you must add at least one rule to the list.
Default Default system mask: Filter inbound packets according to specified MAC ACLs. Command Mode Global Configuration Usage Guidelines You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule. A mask can only be used by all ingress ACLs or all egress ACLs.
Console(config)# 16.6 authentication enable This command defines the authentication method and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command in Chpater 16. Use the no form to restore the default. Syntax Description authentication enable {[local] [radius] [tacacs]} no authentication enable Local Use local password only. radius Use RADIUS server password only. tacacs Use TACACS server password.
16.7 authentication login This command defines the login authentication method and precedence. Use the no form to restore the default. Syntax Description authentication login {[local] [radius] [tacacs]} no authentication login Local Use local password. radius Use RADIUS server password. tacacs Use TACACS server password. Default Local Command Mode Global Configuration Usage Guidelines RADIUS uses UDP while TACACS+ uses TCP.
Syntax Description boot system {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: boot-rom Boot ROM. Config Configuration file. opcode Run-time operation code. filename Name of the configuration file or image name. The colon (:) is required before the filename. Default None Command Mode Global Configuration Usage Guidelines A colon (:) is required after the specified file type. If the file contains an error, it cannot be set as the default file.
Command Mode Global Configuration Usage Guidelines GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs that extend beyond the local switch. Example The following is sample output from the bridge-ext gvrp command. Console(config)#bridge-ext gvrp Console(config)# 16.10 calendar set This command sets the system clock.
16.11 capabilities This command advertises the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capability, or the no form without parameters to restore the default values.
Related Commands negotiation speed-duplex flowcontrol 16.12 channel-group This command adds a port to a trunk. Use the no form to remove a port from a trunk. Syntax Description channel-group channel-id no channel-group channel-id Trunk index (Range: 1-6) Default The current port will be added to this trunk. Command Mode Interface Configuration (Ethernet) Usage Guidelines When configuring static trunks, the switches must comply with the Cisco EtherChannel standard.
Interface ethernet unit/port unit – This is device 1. port - Port number. Port-channel Channel-id (Range: 1-6) Default None Command Mode Privileged Exec Usage Guidelines Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session. If you log out and back into the management interface, the statistics displayed will show the absolute value accumulated since the last power reset.
16.15 clear host This command deletes entries from the DNS table. Syntax Description clear host {name | *} Name Name of the host. (Range: 1-64 characters) * Removes all entries. Default None Command Mode Privileged Exec Example This example clears all static entries from the DNS table. Console#clear host * Console# 16.16 clear logging This command clears messages from the log buffer.
Console#clear logging Console# Related Commands show logging 16.17 clear mac-address-table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries. Default None Command Mode Privileged Exec Example The following is sample output from the clear command using the mac-address argument. Console#clear mac-address-table dynamic 16.
Usage Guidelines This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean Time or GMT), based on the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC. Example The following is an example of using the clock timezone command.
16.20 configure This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration. See section 14.5 Understanding Command Modes.
public-key Keyword that allows you to copy a SSH key from a TFTP server. Default None Command Mode Privileged Exec Usage Guidelines The system prompts for data required to complete the copy command. The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.
\Write to FLASH finish. Success. Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01 Startup configuration file name [startup]: Write to FLASH Programming. \Write to FLASH finish. Success. Console# The following example shows how to copy a secure-site certificate from an TFTP server.
Syntax Description databits {7 | 8} no databits 7 Seven data bits per character. 8 Eight data bits per character. Default 8 data bits per character Command Mode Line Configuration Usage Guidelines The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character.
Usage Guidelines If the file type is used for system startup, then this file cannot be deleted. “Factory_Default_Config.cfg” cannot be deleted. Example This example shows how to delete the test2.cfg configuration file from flash memory. Console#delete test2.cfg Console# Related Commands dir delete public-key 16.24 delete public-key Use this command to delete the specified user’s public key. Syntax Description delete public-key username [dsa | rsa] username Name of an SSH user.
Syntax Description description string no description String Comment or a description to help you remember what is attached to this interface. (Range: 1-64 characters) Default None Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 24. Console(config)#interface ethernet 1/24 Console(config-if)#description RD-SW#3 Console(config-if)# 16.26 dir This command displays a list of files in flash memory.
Usage Guidelines If you enter the dir command without any parameters, the system displays all files. File information is shown below: Column Heading Description file name The name of the file. file type File types: Boot-Rom, Operation Code, and Config file. startup Shows if this file is used when the system is started. Size The length of the file in bytes.
Console#disable Console> Related Commands enable 16.28 disconnect Use this command to terminate an SSH, Telnet, or console connection. Syntax Description disconnect session-id session-id The session identifier for an SSH, Telnet or console connection. (Range: 0-4) Command Mode Privileged Exec Usage Guidelines Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection.
Example Console(config)#dot1x default Console(config)# 16.30 dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session. Use the no form to restore the default. Syntax Description dot1x max-req count no dot1x max-req count The maximum number of requests.
Default Single-host Command Mode Interface Configuration Example The following example shows setting the system to allow a maximum of 10 hosts to connect to a port. Console(config)#interface eth 1/2 Console(config-if)#dot1x operation-mode multi-host max-count 10 Console(config-if)# 16.32 dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default.
Syntax Description dot1x re-authenticate [interface] The interface argument includes Ethernet as follows: unit This is device 1. port Port number. Command Mode Privileged Exec Example Console#dot1x re-authenticate Console# 16.34 dot1x re-authentication This command enables periodic re-authentication globally for all ports. Use the no form to disable reauthentication.
Default 60 seconds Command Mode Global Configuration Example Console(config)#dot1x timeout quiet-period 350 Console(config)# 16.36 dot1x timeout re-authperiod This command sets the period of time before a connected client must be re-authenticated. Syntax Description dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod seconds The number of seconds.
Default 30 seconds Command Mode Global Configuration Example Console(config)#dot1x timeout tx-period 300 Console(config)# 16.38 enable This command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See section 14.5 Understanding Command Modes. Syntax Description enable [level] level Privilege level to log into the device. The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec.
16.39 enable password After initially logging onto the system, you should set the Privileged Exec password. Remember to record it in a safe place. This command controls access to the Privileged Exec level from the Normal Exec level. Use the no form to reset the default password. Syntax Description enable password [level level] {0 | 7} password no enable password [level level] level level Level 15 for Privileged Exec. (Levels 0 and 14 are not used.
Command Mode Global Configuration, Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console# 16.41 exec-timeout This command sets the interval that the system waits until user input is detected. Use the no form to restore the default.
16.42 exit This command returns to the previous configuration mode or exit the configuration program. Default None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: 16.43 flowcontrol This command enables flow control. Use the no form to disable flow control.
Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise, back pressure jamming signals may degrade overall performance for the segment attached to the hub. Example The following example enables flow control on port 5. Console(config)#interface ethernet 1/5 Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation capabilities (flowcontrol, symmetric) 16.
Usage Guidelines Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate. Unless you are experiencing, difficulties with GMRP or GVRP registration/deregistration do not change timer values. Timer values are applied to GVRP for all the ports on all VLANs.
Console(config)# 16.46 interface This command configures an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax Description interface interface no interface port-channel channel-id interface ethernet unit/port unit - This is device 1. port - Port number.
Command Mode Global Configuration Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands shutdown 16.48 ip access-group This command binds a port to an IP ACL. Use the no form to remove the port. Syntax Description [no] ip access-group acl_name {in | out} acl_name Name of the ACL.
Console(config-if)# Related Commands show ip access-list 16.49 ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax Description ip address {ip-address netmask | bootp | dhcp} no ip address ip-address IP address netmask Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. Bootp Obtains IP address from BOOTP.
Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)# Related Commands ip dhcp restart 16.50 ip default-gateway This command establishes a static route between this switch and management stations that exist on another network segment. Use the no form to remove the static route. Syntax Description ip default-gateway gateway no ip default-gateway gateway IP address of the default gateway. Default No static route is established.
Command Mode Privileged Exec Usage Guidelines This command issues a BOOTP or DHCP client request for any IP interface set to BOOTP or DHCP mode using the ip address command. DHCP requires the server to reassign the client’s last address if available. If the BOOTP or DHCP server was moved to a different domain, the network portion of the address provided to the client is based on this new domain.
Usage Guidelines Domain names are added to the end of the list one at a time. When an incomplete host name is received by the DNS server on this switch, it will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match. If there is no domain list, the domain name specified with the ip domain-name command is used. If there is a domain list, the default domain name is not used.
If all name servers are deleted, DNS is automatically disabled. Example This example enables DNS and then displays the configuration. Console(config)#ip domain-lookup Console(config)#end Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.jp sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# Related Commands ip domain-name ip name-server show dns 16.
Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: sample.com Domain Name List: Name Server List: Console# Related Commands ip domain-list ip name-server ip domain-lookup show dns 16.55 ip host This command creates a static entry in the DNS table that maps a host name to an IP address. Use the no form to remove an entry. Syntax Description [no] ip host name address1 [address2 … address8] name Name of the host.
Console(config)#end Console#show hosts Hostname rd5 Inet address 192.168.1.55 10.1.0.55 Alias Console# Related Commands show hosts 16.56 ip http port This command specifies the TCP port number used by the Web browser interface. Use the no form to use the default port. Syntax Description ip http port port-number no ip http port port-number The TCP port to be used by the browser interface.
Syntax Description ip http secure-port port_number no ip http secure-port port_number The UDP port used for HTTPS/SSL. (Range: 1-65535) Default 443 Command Mode Global Configuration Usage Guidelines You cannot configure HTTP and HTTPS servers to use the same port.
Usage Guidelines Both HTTP and HTTPS service can be enabled independently on the switch. You cannot configure the HTTP and HTTPS servers to use the same UDP port. If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number] When you start HTTPS, the connection is established in this way: • The client authenticates the server using the server’s digital certificate.
Default Enabled Command Mode Global Configuration Example The following example shows setting the device to be monitored from the server. Console(config)#ip http server Console(config)# Related Commands ip http port 16.60 ip igmp snooping This command enables IGMP snooping on this switch. Use the no form to disable it. Syntax Description [no] ip igmp snooping Default Enabled Command Mode Global Configuration Example The following example enables IGMP snooping.
Command Mode Global Configuration Usage Guidelines If enabled, the switch serves as source that queries other hosts if elected. The switch is responsible for pinging hosts to receive multicast traffic connections. Example Console(config)#ip igmp snooping querier Console(config)# 16.62 ip igmp snooping query-count This command configures the query count. Use the no form to restore the default.
16.63 ip igmp snooping query-interval This command configures the query interval. Use the no form to restore the default. Syntax Description ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds The frequency at which the switch sends IGMP host-query messages.
This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries defined by the ip igmp snooping query-count, but a client has not responded, a countdown timer is started using an initial value set by this command. If the countdown finishes, and the client still has not responded, then that client is considered to have left the multicast group.
16.66 ip igmp snooping version This command configures the IGMP snooping version. Use the no form to restore the default. Syntax Description ip igmp snooping version {1 | 2} no ip igmp snooping version 1 IGMP Version 1 2 IGMP Version 2 Default IGMP Version 2 Command Mode Global Configuration Usage Guidelines All systems on the subnet must support the same version. If there are legacy devices in your network that only support Version 1, you will also have to configure this switch to use Version 1.
port-channel channel-id (Range: 1-6) Default No static multicast router ports are configured. Command Mode Global Configuration Usage Guidelines Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Example The following shows how to statically configure a multicast group on a port: Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/5 Console(config)# 16.69 ip name-server This command specifies the address of one or more domain name servers to use for name-to-address resolution. Use the no form to remove a name server from this list. Syntax Description [no] ip name-server server-address1 [server-address2 … server-address6] server-address1 IP address of domain-name server.
Related Commands ip domain-name ip domain-lookup show dns 16.70 ip ssh authentication-retries Use this command to configure the number of times the SSH server attempts to reauthenticate a user. Use the no form to restore the default setting. Syntax Description ip ssh authentication-retries count no ip ssh authentication-retries count The number of authentication attempts permitted after which the interface is reset.
Default Generates both Command Mode Privileged Exec Usage Guidelines This command stores the host key pair in memory (For example, RAM). Use the ip ssh save host-key command to save the host key pair to flash memory. Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process. Otherwise, you must manually create a known hosts file and place the host public key in it.
Usage Guidelines This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to clear the host key from flash memory. The SSH server must be disabled before you can execute this command. Example Console#ip ssh crypto zeroize dsa Console# Related Commands ip ssh crypto host-key generate ip ssh save host-key no ip ssh server 16.73 ip ssh save host-key Use this command to save host key from RAM to flash memory.
no ip ssh server Default Disabled Command Mode Global Configuration Usage Guidelines The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions. The SSH server uses DSA or RSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption. You must generate the host key before enabling the SSH server.
Usage Guidelines The server key is a private key that is never shared outside the switch. The host key is shared with the SSH client, and is fixed at 1024 bits. Example The following example shows setting the private key to 512. Console(config)#ip ssh server-key size 512 Console(config)# 16.76 ip ssh timeout Use this command to configure the timeout for the SSH server. Use the no form to restore the default setting.
16.77 jumbo frame This command enables support for jumbo frames. Use the no form to disable it. Syntax Description [no] jumbo frame Default Disabled Command Mode Global Configuration Usage Guidelines This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
Usage Guidelines The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or autonegotiation. A trunk formed with another switch using LACP will automatically be assigned the next available portchannel ID. If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically.
Syntax Description lacp {actor | partner} admin-key key [no] lacp {actor | partner} admin-key actor The local side an aggregate link. partner The remote side of an aggregate link. key The port admin key must be set to the same value for ports that belong to the same link aggregation group (LAG).
Default 0 Command Mode Interface Configuration (Port Channel) Usage Guidelines Ports are only allowed to join the same LAG if (1) the LACP system priority matches, (2) the LACP port admin key matches, and (3) the LACP port channel key matches (if configured).
If an active port link goes down, the backup port with the highest priority replaces the downed link. If two or more ports have the same LACP port priority, the port with the lowest physical port number is used as the backup port. Once the remote side of a link is established, LACP operational settings are in use on that side.
16.83 line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax Description line {console | vty} console Console terminal line. vty Virtual terminal for remote console access (For example, Telnet). Default There is no default line. Command Mode Global Configuration Usage Guidelines Telnet is a virtual terminal connection and is shown as “Vty” in screen displays such as show users.
Default 23 Command Mode Global Configuration Usage Guidelines The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. It may be used by the syslog server to sort messages or to store messages in the corresponding database. Example Console(config)#logging facility 19 Console(config)# 16.85 logging history This command limits syslog messages saved to switch memory based on severity.
critical 2 Critical conditions (such as, memory allocation, or free memory error - resource exhausted) Alerts 1 Immediate action needed emergencies 0 System unusable Note: Error messages are only at Level 2, 5 and 6. Default Flash: errors (level 3 - 0) RAM: warnings (level 7 - 0) Command Mode Global Configuration Usage Guidelines The message level specified for flash memory must be a higher priority (for example, numerically lower) than that specified for RAM.
The maximum number of host IP addresses allowed is five. Example Console(config)#logging host 10.1.0.3 Console(config)# 16.87 logging on This command controls logging of error messages, sending debug or error messages to switch memory. The no form disables the logging process. Syntax Description [no] logging on Default None Command Mode Global Configuration Usage Guidelines The logging process controls error messages saved to switch memory.
Command Mode Global Configuration Example Console(config)#logging sendmail Console(config)# 16.89 logging sendmail destination-email This command specifies the email recipients of alert messages. Use the no form to remove a recipient. Syntax Description [no] logging sendmail destination-email email-address Email-address The source email address used in alert messages.
Command Mode Global Configuration Usage Guidelines You can specify up to three SMTP servers for event handing. You must enter a separate command to specify each server. To send email alerts, the switch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection. To open a connection, the switch first selects the server that successfully sent mail during the last connection, or the first server configured by this command.
16.92 logging sendmail source-email This command sets the email address used for the “From” field in alert messages. Syntax Description logging sendmail source-email email-address Email-address The source email address used in alert messages. (Range: 1-41 characters) Default None Command Mode Global Configuration Usage Guidelines You may use a symbolic email address that identifies the switch, or the address of an administrator responsible for the switch.
Example Console(config)#logging trap 4 Console(config)# 16.94 login This command enables password checking at login. Use the no form to disable password checking and allow connections without a password. Syntax Description login [local] no login Local Selects local password checking. Authentication is based on the user name specified with the username command.
password 16.95 mac access-group This command binds a port to a MAC ACL. Use the no form to remove the port. Syntax Description mac access-group acl_name {in | out} acl_name Name of the ACL. (Maximum length: 16 characters) In Indicates that this list applies to ingress packets. Out Indicates that this list applies to egress packets. Default None Command Mode Interface Configuration (Ethernet) Usage Guidelines A port can only be bound to one ACL.
Default 300 seconds Command Mode Global Configuration Usage Guidelines Use this command to dynamically delete learned forwarding information after a specified period of time. Example Console(config)#mac-address-table aging-time 100 Console(config)# 16.97 mac-address-table static This command maps a static address to a destination port in a VLAN. Use the no form to remove an address.
Command Mode Global Configuration Usage Guidelines You can define the static address for a host device to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table. Static addresses have the following characteristics: Static addresses remain in the address table if the interface link is down. Static addresses are bound to the assigned interface. When a static address is detected on another interface, the address is ignored and not added to the address table.
Usage Guidelines If anyone tries to access a management interface on the switch from an invalid address, the switch rejects the connection, enter an event message in the system log, and send a trap message to the trap manager. IP address can be configured for SNMP, Web and Telnet access respectively. Each of these groups can either include up to five different sets of addresses, individual addresses or address ranges.
A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table. For information on mapping the CoS values to output queues, see queue cos-map command. Priority 0 1 2 3 4 5 6 7 Queue 1 2 0 3 4 5 6 7 Example Console(config)#interface ethernet 1/25 Console(config-if)#map access-list ip david cos 0 Console(config-if)# Related Commands queue cos-map show map access-list ip 16.100 mask (IP ACL) This command defines a mask for IP ACLs.
source-port Check the protocol source port field. destination-port Check the protocol destination port field. port-bitmask Protocol port of rule must match this bitmask. (Range: 0-65535) control-flag Check the field for control flags. flag-bitmask Control flags of rule must match this bitmask. (Range: 0-63) Default None Command Mode IP Mask Usage Guidelines Use this command to check packets crossing a port against the rules set in the ACL until it finds a match.
This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others. Console(config)#access-list ip standard A2 Console(config-std-acl)#permit any Console(config-std-acl)#deny host 171.69.198.102 Console(config-std-acl)#end Console#show access-list IP standard access-list A2: deny host 171.69.198.
Switch(config-ext-acl)#permit any any Switch(config-ext-acl)#deny tcp any any control-flag 2 2 Switch(config-ext-acl)#end Console#show access-list IP extended access-list A6: permit any any deny tcp any any control-flag 2 2 Console#configure Switch(config)#access-list ip mask-precedence in Switch(config-ip-mask-acl)#mask protocol any any control-flag 2 Switch(config-ip-mask-acl)#end Console#sh access-list IP extended access-list A6: permit any any deny tcp any any control-flag 2 2 IP ingress mask ACL: mask
A packet matching a rule within the specified ACL then maps to one of the output queues as shown below. Priority 0 1 2 3 4 5 6 7 Queue 1 2 0 3 4 5 6 7 Example Console(config)#int eth 1/5 Console(config-if)#map access-list mac M5 cos 0 Console(config-if)# Related Commands queue cos-map show map access-list mac 16.102 map ip dscp (Global Configuration) This command enables IP DSCP mapping (For example, Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping.
Syntax Description map ip dscp dscp-value cos cos-value no map ip dscp dscp-value DSCP value. (Range: 0-63) cos-value Class-of-Service value (Range: 0-7) Default The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0.
16.104 map ip port (Global Configuration) This command enables IP port mapping (For example, class of service mapping for TCP/UDP sockets). Use the no form to disable IP port mapping. Syntax Description [no] map ip port Default Disabled Command Mode Global Configuration Usage Guidelines The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.
This command sets the IP port priority for all interfaces. Example The following example shows how to map HTTP traffic to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip port 80 cos 0 Console(config-if)# 16.106 map ip precedence (Global Configuration) This command enables IP precedence mapping (for example, IP Type of Service). Use the no form to disable IP precedence mapping.
cos-value Class-of-Service value (Range: 0-7) Default The list below shows the default priority mapping. IP Precedence Value 0 1 2 3 4 5 6 7 CoS Value 0 1 2 3 4 5 6 7 Command Mode Interface Configuration (Ethernet, Port Channel) Usage Guidelines The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. IP Precedence values are mapped to default Class of Service values on a one-to-one basis according to recommendations in the IEEE 802.
source-bitmask Source address of rule must match this bitmask. destination-bitmask Destination address of rule must match this bitmask. vid Check the VLAN ID field. vid-bitmask VLAN ID of rule must match this bitmask. Ethertype Check the Ethernet type field. ethertype-bitmask Ethernet type of rule must match this bitmask. Default None Command Mode MAC Mask Usage Guidelines Up to seven masks can be assigned to an ingress or egress ACL.
Console# This example creates an Egress MAC ACL. Console(config)#access-list mac M5 Console(config-mac-acl)#deny tagged-802.3 host 00-11-11-11-11-11 any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any vid 3 ethertype 0806 Console(config-mac-acl)#end Console#show access-list MAC access-list M5: deny tagged-802.
Command Mode Interface Configuration (Ethernet) Usage Guidelines You must configure an ACL mask before you can change frame priorities based on an ACL rule. Traffic priorities may be included in the IEEE 802.1p priority tag. This tag is also incorporated as part of the overall IEEE 802.1Q VLAN tag. To specify this priority, use the set priority keywords. The IP frame header also includes priority bits in the Type of Service (ToS) octet.
Usage Guidelines You must configure an ACL mask before you can change frame priorities based on an ACL rule. Example Console(config)#interface ethernet 1/12 Console(config-if)#match access-list mac james set priority 0 Console(config-if)# Related Commands show marking 16.111 max-hops This command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to restore the default.
Syntax Description mst instance_id priority priority no mst instance_id priority instance_id Instance identifier of the spanning tree. (Range: 0-64) priority Priority of the a spanning tree instance.
Command Mode MST Configuration Usage Guidelines Use this command to group VLANs into spanning tree instances. MSTP generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Related Commands revision 16.115 negotiation This command enables auto-negotiation for a specified interface. Use the no form to disable a previously set auto-negotiation. Syntax Description [no] negotiation Default Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Usage Guidelines When auto-negotiation is enabled, the switch negotiates the best settings for a link based on the capabilities command.
none No parity even Even parity odd Odd parity Default no parity Command Mode Line Configuration Usage Guidelines Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. Example To specify even parity, enter this command: Console(config-line)#parity even Console(config-line)# 16.117 password This command specifies the password for a line. Use the no form to remove the password.
set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state. The encrypted password is required for compatibility with legacy password settings (For example, plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.
Related Commands silent-time 16.119 permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule.
port-bitmask Decimal number representing the port bits to match. (Range: 0-65535) control-flags Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63) flag-bitmask Decimal number representing the code bits to match. (Range: 0-63) Default None Command Mode Extended ACL Usage Guidelines All new rules are appended to the end of the list.
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any Console(config-ext-acl)# This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set for destination TCP port 80 (For example, HTTP). Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any destination-port 80 Console(config-ext-acl)# This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.
host A specific MAC address. source Source MAC address. destination Destination MAC address range with bitmask. address-bitmask Bitmask for MAC address (in hexadecimal format) ) (1 means care and 0 means ignore). vid VLAN ID. (Range: 1-4095). vid-bitmask VLAN bitmask. (Range: 1-4095) (1 means care and 0 means ignore). protocol A specific Ethernet protocol number. (Range: 600-fff hex.) protocol-bitmask Protocol bitmask. (Range: 600-fff hex.) (1 means care and 0 means ignore).
16.121 permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source. Use the no form to remove a rule. Syntax Description [no] {permit | deny} {any | source bitmask | host source} any Any source IP address. source Source IP address. bitmask Decimal number representing the address bits to match. host Keyword followed by a specific IP address.
host IP address or IP alias of the host. size Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the size specified because the switch adds header information. count Number of packets to send. (Range: 1-16, default: 5) Default This command has no default for the host. Command Mode Normal Exec, Privileged Exec Usage Guidelines Use the ping command to see if another site on the network can be reached. Press to stop pinging.
16.123 port security This command enables or configures port security. Use the no form without any keywords to disable port security. Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses. Syntax Description port security [action {shutdown | trap | trap-and-shutdown} | max-maccount address-count] no port security [action | max-mac-count] action Response to take when port security is violated.
• Cannot be a multi-VLAN port. • Cannot be connected to a network interconnection device. • Cannot be a trunk port. If a port is disabled due to a security violation, it must be manually re-enabled using the no shutdown command.
16.125 protocol-vlan protocol-group (Configuring Groups) This command creates a protocol group, or to add specific protocols to a group. Use the no form to remove a protocol group. Syntax Description protocol-vlan protocol-group group-id [{add | remove} frame_type frame protocol-type protocol] no protocol-vlan protocol-group group-id group-id Group identifier of this protocol group. (Range: 1-2147483647) frame Frame type used by this protocol.
Default No protocol groups are mapped for any interface. Command Mode Interface Configuration (Ethernet, Port Channel) Usage Guidelines When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces using any of the other VLAN commands (see 15.14.2), these interfaces will admit traffic of any protocol type into the associated VLAN.
Usage Guidelines A private VLAN provides port-based security and isolation between ports within the VLAN. Data traffic on the downlink ports can only be forwarded to, and from, the uplink port. Private VLANs and normal VLANs can exist simultaneously within the same switch. Entering the pvlan command without any parameters enables the private VLAN. Entering no pvlan disables the private VLAN. Example This example enables the private VLAN, and then sets port 24 as the uplink and ports 1-4 as the downlinks.
16.129 queue cos-map This command assigns class of service (CoS) values to the priority queues (For example, hardware output queues 0 - 7). Use the no form set the CoS map to the default values. Syntax Description queue cos-map queue_id [cos1 ... cosn] no queue cos-map queue_id The ID of the priority queue. Ranges are 0 to 7, where 7 is the highest priority queue. cos1 .. cosn The CoS values that are mapped to the queue ID. It is a space-separated list of numbers.
Related Commands show queue cos-map 16.130 queue mode This command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) priority queues. Use the no form to restore the default value. Syntax Description queue mode {strict | wrr} no queue mode strict Services the egress queues in sequential order, transmitting all traffic in the higher priority queues before servicing lower priority queues.
Command Mode Normal Exec, Privileged Exec Usage Guidelines The quit and exit commands can both exit the configuration program. Example This example shows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username: 16.132 radius-server host This command specifies the RADIUS server. Use the no form to restore the default. Syntax Description radius-server host host_ip_address no radius-server host host_ip_address IP address of server. Default 10.1.0.
no radius-server key key_string Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default None Command Mode Global Configuration Example Console(config)#radius-server key green Console(config)# 16.134 radius-server port This command sets the RADIUS server network port. Use the no form to restore the default.
number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - 30) Default 2 Command Mode Global Configuration Example Console(config)#radius-server retransmit 5 Console(config)# 16.136 radius-server timeout This command sets the interval between transmitting authentication requests to the RADIUS server. Use the no form to restore the default.
no rate-limit {input | output} input Input rate output Output rate rate Maximum value in Mbps. (Range: 1 to 1000 Mbps) Default 1000 Mbps Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/1 Console(config-if)#rate-limit input 600 Console(config-if)# 16.138 reload This command restarts the system. Note: When the system is restarted, it runs the Power-On Self-Test.
Syntax Description revision number number Revision number of the spanning tree. (Range: 0-65535) Default 0 Command Mode MST Configuration Usage Guidelines The MST region name and revision number are used to designate a unique MST region. A bridge (for example, spanning-tree compliant device such as this switch) can only belong to one MST region. In addition, all bridges in the same region must be configured with the same MST instances.
Command Mode Privileged Exec Usage Guidelines Once the ACL is bound to an interface (for example, the ACL is active), the order in which the rules are displayed is determined by the associated mask. Example The following is sample output from the show access-list command. Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 0.0.15.255 IP extended access-list bob: permit 10.7.1.1 0.0.0.255 any permit 192.168.1.0 0.0.0.255 any dport 80 permit 192.168.1.0 0.0.0.
Related Commands mask (IP ACL) 16.143 show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs. Syntax Description show access-list mac mask-precedence [in | out] in Ingress mask precedence for ingress ACLs. out Egress mask precedence for egress ACLs. Command Mode Privileged Exec Example The following is sample output from the show access-list mac mask-precedence command.
Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Enabled GMRP: Disabled Console# 16.145 show calendar This command displays the system clock. Default None Command Mode Normal Exec, Privileged Exec Example The following is sample output from the show calendar command.
10.1.0.55 Console# 16.147 show dns cache This command displays entries in the DNS cache. Default None Command Mode Privileged Exec Example The following is sample output from the show dns cache command. Console#show dns cache NO FLAG TYPE 0 4 CNAME 1 4 CNAME 2 4 CNAME 3 4 CNAME 4 4 CNAME 5 4 CNAME 6 4 CNAME 7 4 CNAME 8 4 ALIAS Console# IP 10.2.44.96 10.2.44.3 66.218.71.84 66.218.71.83 66.218.71.81 66.218.71.80 66.218.71.89 66.218.71.
Syntax Description show dot1x [statistics] [interface interface] interface ethernet unit/port • unit - This is device 1. • port - Port number. Command Mode Privileged Exec Usage Guidelines This command displays the following information: Global 802.1X Parameters – Displays the global port access control parameters that can be configured for this switch as described in the preceding pages, including reauth-enabled, reauth-period, quiet-period, tx-period and max-req commands.
Backend State Machine State Current state (including request, response, success, fail, timeout, idle, initialize). Request Count Number of EAP Request packets sent to the Supplicant without receiving a response. Identifier(Server) Identifier carried in the most recent EAP Success, Failure or Request packet received from the Authentication Server. Reauthentication State Machine State Current state (including initialize, reauthenticate).
Supplicant Current Identifier 00-00-e8-49-5e-dc 3 Authenticator State Machine State Authenticated Reauth Count 0 Backend State Machine State Idle Request Count 0 Identifier(Server) 2 Reauthentication State Machine State Initialize Console# 16.149 show garp timer This command shows the GARP timers for the selected interface. Syntax Description show garp timer [interface] interface port-channel ethernet unit/port • unit - This is device 1. • port - Port number.
16.150 show gvrp configuration This command shows if GVRP is enabled. Syntax Description show gvrp configuration [interface] interface port-channel ethernet unit/port • unit - This is device 1. • port - Port number. channel-id (Range: 1-6) Default Shows both global and interface-specific configuration. Command Mode Normal Exec, Privileged Exec Example The following is sample output from the show gvrp configuration command .
Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration modes. In this example, the !2 command repeats the second command in the Execution history buffer (config).
interface ethernet unit/port (source port) unit - Switch (unit 1). port - port number port-channel channel-id (Range: 1-6) Default Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Usage Guidelines If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see section 7.8 Showing Port Statistics. Example The following is sample output from the show interfaces counters command .
16.154 show interfaces protocol-vlan protocol-group This command shows the mapping from protocol groups to VLANs for the selected interfaces. Syntax Description show interfaces protocol-vlan protocol-group [interface] interface interface port-channel ethernet unit/port • unit - This is device 1. • port - Port number. channel-id (Range: 1-6) Default The mapping for all interfaces is displayed.
port-channel Channel-id (Range: 1-6) vlan Vlan-id (Range: 1-4094) Default Shows the status for all interfaces. Command Mode Normal Exec, Privileged Exec Usage Guidelines If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see section 7.1 Displaying Connection Status. Example The following is sample output from the show interfaces status command.
interface Ethernet unit/port (source port) unit - Switch (unit 1). port - Port number. port-channel channel-id (Range: 1-6) Default Shows all interfaces. Command Mode Normal Exec, Privileged Exec Usage Guidelines If no interface is specified, information on all interfaces is displayed. Example The following is sample output from the show interfaces switchport command . This example shows the configuration setting for port 24.
Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only. Native VLAN Indicates the default Port VLAN ID. Priority for untagged traffic Indicates the default priority for untagged frames. Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled. Allowed Vlan Shows the VLANs this interface has joined, where “(u)” indicates untagged and “(t)” indicates tagged. Forbidden Vlan Shows the VLANs this interface can not dynamically join via GVRP.
Example The following is sample output from the show ip access-list command. Console#show ip access-list standard IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 0.0.15.255 Console# Related Commands permit, deny ip access-group 16.159 show ip igmp snooping This command shows the IGMP snooping configuration. Default None Command Mode Privileged Exec Usage Guidelines See section 12.1.1 Configuring IGMP Snooping and Query Parameters for a description of the displayed items.
vlan-id VLAN ID (Range: 1-4094) Default Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Usage Guidelines Multicast router port types displayed include Static or Dynamic. Example The following is sample output from the show ip igmp snooping mrouter command.
16.162 show ip redirects This command shows the default gateway configured for this device. Default None Command Mode Privileged Exec Example The following is sample output from the show ip redirects command. Console#show ip redirects ip default gateway 10.1.0.254 Console# Related Commands ip default-gateway 16.163 show ip ssh Use this command to display the connection settings used when authenticating client access to the SSH server.
counters Statistics for LACP protocol messages. internal Configuration settings and operational state for local side. neighbors Configuration settings and operational state for remote side. sysid Summary of system priority and MAC address for all channel groups. Default Port Channel: all Command Mode Privileged Exec Example The following is sample output from the show lacp command.
Console#show lacp 1 internal Channel group : 1 ------------------------------------------------------------------------Oper Key : 4 Admin Key : 0 Eth 1/1 ------------------------------------------------------------------------LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin Key : 4 Oper Key : 4 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State : distributing, collecting, synchronization, aggregation, long timeout, LACP-activity . . .
Aggregation – The system considers this link to be aggregatable; For example, a potential candidate for aggregation. Long timeout – Periodic transmission of LACPDUs uses a slow transmission rate. LACP-Activity – Activity control value with regard to this link.
Oper State Operational values of the partner’s state parameters. (See preceding table.) The following is sample output from the show lacp sysid command.
Example The following is sample output from the show line command. Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 600 sec Console# 16.166 show logging This command displays the logging configuration, along with any system and event messages stored in memory.
Console# The following table show logging output. Field Description Syslog logging Shows if system logging has been enabled via the logging on command. History logging in FLASH The message level(s) reported based on the logging history command. History logging in RAM The message level(s) reported based on the logging history command. The following example displays settings for the trap function.
Command Mode Normal Exec, Privileged Exec Example The following is sample output from the show logging sendmail command . Console#show logging sendmail SMTP servers ----------------------------------------------Active SMTP server: 192.168.1.19 SMTP minimum severity level: 7 SMTP destination email addresses ----------------------------------------------1. ted@this-company.com SMTP source email address: bill@this-company.com SMTP status: Enable Console# 16.
acl_name Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example The following is sample output from the show mac access-list command. Console#show mac access-list MAC access-list jerry: permit any 00-e0-29-94-34-de ethertype 0800 Console# Related Commands permit, deny mac access-group 16.170 show mac-address-table This command shows classes of entries in the bridge-forwarding database.
Usage Guidelines The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: • Learned - Dynamic address entries • Permanent - Static entry • Delete-on-reset - Static entry to be deleted when system is reset The mask should be hexadecimal numbers (representing an equivalent bit mask) in the form xx-xx-xx-xx-xxxx that is applied to the specified MAC address.
vlan- id VLAN ID (1 to 4094) user Display only the user configured multicast entries. Igmp- snooping Display only entries learned through IGMP snooping. Default None Command Mode Privileged Exec Usage Guidelines Member types displayed include IGMP or USER, depending on selected options. Example The following is sample output from the mac-address-table command with the multicast argument.
Console#show map access-list ip Eth 1/25 access-list ip david cos 0 Console# Related Commands map access-list ip 16.174 show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) Syntax Description show map access-list mac [interface] interface ethernet unit/port • unit - This is device 1. • port - Port number.
port - Port number. port-channel channel-id (Range: 1-6) Default None Command Mode Privileged Exec Example The following is sample output from the show map ip dscp command with the argument. Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 . . . Eth 1/ 1 61 0 Eth 1/ 1 62 0 Eth 1/ 1 63 0 Console# Related Commands map ip dscp (Global Configuration) map ip dscp (Interface Configuration) 16.
Command Mode Privileged Exec Example The following is sample output from the show map ip port command. The example shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port ethernet 1/5 TCP port mapping status: enabled Port Port no. COS --------- ---------- --Eth 1/ 5 80 0 Console# Related Commands map ip port (Global Configuration) map ip port (Interface Configuration) 16.177 show map ip precedence This command shows the IP precedence priority map.
Eth 1/ Eth 1/ Eth 1/ Eth 1/ Eth 1/ Eth 1/ Eth 1/ Eth 1/ Console# 5 5 5 5 5 5 5 5 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 Related Commands map ip port (Global Configuration) map ip precedence (Interface Configuration) 16.178 show management This command displays the client IP addresses that are allowed management access to the switch through various protocols.
Telnet-Client: Start ip address End ip address ----------------------------------------------1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 Console# Related Commands Management 16.179 show marking This command displays the current configuration for packet marking. Command Mode Privileged Exec Example The following is sample output from the show marking command.
Command Mode Privileged Exec Usage Guidelines This command displays the currently configured source port, destination port, and mirror mode (For example, RX, TX, RX/TX). Example The following is sample output from the show port monitor command.
Console# 16.182 show public-key Use this command to show the public key for the specified user or for the host. Syntax Description show public-key [user [username]| host] username Name of an SSH user. (Range: 1-8 characters) Default Shows all public keys. Command Mode Privileged Exec Usage Guidelines If no parameters are entered, all keys are displayed. If the user keyword is entered, but no user name is specified, then the public keys for all users are displayed.
16.183 show pvlan This command displays the configured private VLAN. Command Mode Privileged Exec Example The following is sample output from the show pvlan command. Console#show pvlan Private VLAN status: Enabled Up-link port: Ethernet 1/24 Down-link port: Ethernet 1/1 Ethernet 1/2 Ethernet 1/3 Ethernet 1/4 Console# 16.184 show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues.
16.185 show queue cos-map This command shows the class of service priority map. Syntax Description show queue cos-map [interface] interface ethernet unit/port unit - This is device 1. port - Port number. port-channel channel-id (Range: 1-6) Default None Command Mode Privileged Exec Example The following is sample output from the show queue cos-map command. Console#show queue Information of Eth CoS Value : 0 Priority Queue: 0 Console# cos-map ethernet 1/1 1/1 1 2 3 4 5 6 7 1 2 3 4 5 6 7 16.
16.187 show radius-server This command displays the current settings for the RADIUS server. Default None Command Mode Privileged Exec Example The following is sample output from the show radius-server command. Console#show radius-server Server IP address: 10.1.0.1 Communication key with radius server: Server port number: 1812 Retransmit times: 2 Request timeout: 5 Console# 16.188 show running-config This command displays the configuration information currently in use.
• Spanning tree settings • Any configured settings for the console port and Telnet Example The following is sample output from the show running-config command. Console#show running-config building running-config, please wait..... ! phymap 00-00-a3-42-00-80 ! sntp server 0.0.0.0 0.0.0.0 0.0.0.
line console ! line vty ! end Console# Related Commands show startup-config 16.189 show snmp This command checks the status of SNMP communications. Default None Command Mode Normal Exec, Privileged Exec Usage Guidelines This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
0 Set-request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP logging: enabled Logging to 10.1.19.23 batman version 1 Console# 16.190 show sntp This command displays the current time and configuration settings for the SNTP client, and indicates whether or not the local time has been properly updated.
zeroes) Default None Command Mode Privileged Exec Usage Guidelines Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree (CST) and for every interface in the tree. Use the show spanning-tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree (CST).
Role State External path cost Internal path cost Priority Designated cost Designated port Designated root Designated bridge Fast forwarding Forward transitions Admin edge port Oper edge port Admin Link type Oper Link type Spanning Tree Status . . . Console# : : : : : : : : : : : : : : : : root forwarding 100000 100000 128 200000 128.24 32768.0.0000ABCD0000 32768.0.0030F1552000 disable 1 enable disable auto point-to-point enable 16.
Example The following is sample output from the show ssh command. Console#show ssh Connection Version State 0 2.0 Session-Started Username Encryption admin ctos aes128-cbc-hmac-md5 stoc aes128-cbc-hmac-md5 Console# The following table describes the output fields. Field Description Session The session number. (Range: 0-3) Version The Secure Shell version number. State The authentication negotiation state.
3DES Triple DES (Uses three iterations of DES, 112- bit key) Aes Advanced Encryption Standard (160 or 224-bit key) Blowfish Blowfish (32-448 bit key) Cbc Cipher-block chaining sha1 Secure Hash Algorithm 1 (160-bit hashes) md5 Message Digest algorithm number 5 (128-bit hashes) 16.194 show startup-config This command displays the configuration file stored in non-volatile memory that is used to start up the system.
building startup-config, please wait..... ! phymap 00-00-a3-42-00-80 ! sntp server 0.0.0.0 0.0.0.0 0.0.0.0 ! snmp-server community private rw snmp-server community public ro ! username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca! ! ! ! vlan database vlan 1 name DefaultVlan media ethernet state active . .
16.195 show system This command displays system information. Default None Command Mode Normal Exec, Privileged Exec Usage Guidelines For a description of the items shown by this command, refer to section 2.10.2 Displaying System Information. The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example The following is sample output from the show system command.
Command Mode Privileged Exec Example The following is sample output from the show tacacs-server command. Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with radius server: green Server port number: 49 Console# 16.197 show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.
Default None Command Mode Normal Exec, Privileged Exec Usage Guidelines See section 2.10.3 Displaying Switch Hardware/Software Versions for detailed information on the items displayed by this command. Example The following is sample output from the show version command.
Example This example shows how to display information for VLAN 1: Console#show vlan id 1 VLAN Type Name Status Ports/Channel groups ---- ------- ---------------- --------- ---------------------------------1 Static DefaultVlan Active Eth1/ 1 Eth1/2 Console# 16.200 shutdown This command disables an interface. To restart a disabled interface, use the no form. Syntax Description [no] shutdown Default All interfaces are enabled.
Default no silent-time. Command Mode Line Configuration Example The following is sample output from the silent-time command. To set the silent time to 60 seconds, enter this command: Console(config-line)#silent-time 60 Console(config-line)# Related Commands password-thresh 16.202 snmp-server community This command defines the community access string for the Simple Network Management Protocol. Use the no form to remove the specified community string.
Usage Guidelines The first snmp-server community command you enter enables SNMP (SNMPv1). The no snmp-server community command disables SNMP. Example The following is sample output from the snmp-server community command . Console(config)#snmp-server community alpha rw Console(config)# 16.203 snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information.
authentication Keyword to issue authentication failure traps. link-up-down Keyword to issue link-up or link-down traps. The link-up-down trap can only be enabled/disabled via the CLI. Default Issue authentication and link-up-down traps. Command Mode Global Configuration Usage Guidelines If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent.
version Specifies whether to send notifications as SNMP v1 or v2c traps. Default Host Address: None SNMP Version: 1 Command Mode Global Configuration Usage Guidelines If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. In order to enable multiple hosts, you must issue a separate snmp-server host command for each host.
Default None Command Mode Global Configuration Example The following is sample output from the snmp-server location command . Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact 16.207 sntp broadcast client This command synchronizes the switch’s clock based on time broadcast from time servers (using the multicast address 224.0.1.1). Use the no form to disable SNTP broadcast client mode.
Default Disabled Command Mode Global Configuration Usage Guidelines The time acquired from time servers is used to record accurate dates and times for log events. Without SNTP, the switch only records the time starting from the factory default set at the last bootup (For example, 00:00:00, Jan. 1, 2001). This command enables client time requests to time servers specified via the sntp servers command. It issues time synchronization requests based on the interval set via the sntp poll command.
seconds Interval between time requests. (Range: 16 - 16384 seconds) Default 16 seconds Command Mode Global Configuration Usage Guidelines This command is only applicable when the switch is set to SNTP client Command Mode. Example The following is sample output from the sntp poll command. Console(config)#sntp poll 60 Console# Related Commands sntp client 16.210 sntp server This command sets the IP address of the servers to which SNTP time requests are issued.
Console(config)#sntp server 10.1.0.19 Console# Related Commands sntp client sntp poll show sntp 16.211 spanning-tree This command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it. Syntax Description [no] spanning-tree Default Spanning tree is enabled. Command Mode Global Configuration Usage Guidelines The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
cost The path cost for the port.
Usage Guidelines You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
Example The following is sample output from the spanning-tree forward-time command. Console(config)#spanning-tree forward-time 20 Console(config)# 16.215 spanning-tree hello-time This command configures the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax Description spanning-tree hello-time time no spanning-tree hello-time time Time in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1].
auto Automatically derived from the duplex mode setting. point-to-point Point-to-point link. shared Shared medium. Default auto Command Mode Interface Configuration (Ethernet, Port Channel) Usage Guidelines Specify a point-to-point link if the interface can only be connected to exactly one other bridge, or a shared link if it can be connected to two or more bridges. When automatic detection is selected, the switch derives the link type from the duplex mode.
Default Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000 Fast Ethernet – half duplex: 200,000; full duplex: 100,000; trunk: 50,000 Gigabit Ethernet – full duplex: 10,000; trunk: 5,000 Command Mode Interface Configuration (Ethernet, Port Channel) Usage Guidelines Each spanning-tree instance is associated with a unique set of VLAN IDs. This command is used by the multiple spanning-tree algorithm to determine the best path between devices.
Command Mode Interface Configuration (Ethernet, Port Channel) Usage Guidelines This command defines the priority for the use of an interface in the multiple spanning-tree. If the path cost for all interfaces on a switch are the same, the interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. Where more than one interface is assigned the highest priority, the interface with lowest numeric identifier will be enabled.
configuration message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network. Example The following is sample output from the spanning-tree max-age command. Console(config)#spanning-tree max-age 40 Console(config)# 16.220 spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to restore the default.
Multiple Spanning Tree Protocol • To allow multiple spanning trees to operate over the network, you must configure a related set of bridges with the same MSTP configuration, allowing them to participate in a specific set of spanning tree instances. • A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments. • Be careful when switching between spanning tree modes.
16.222 spanning-tree pathcost method This command configures the path cost method used for Rapid Spanning Tree and Multiple Spanning Tree. Use the no form to restore the default. Syntax Description spanning-tree pathcost method {long | short} no spanning-tree pathcost method long Specifies 32-200,000,000. short Specifies 16bit based values that range from 1-65535.
Usage Guidelines This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and proceed straight to Forwarding. Since end-nodes cannot cause forwarding loops, they can be passed through the spanning tree state changes more quickly than allowed by standard convergence time. Fast forwarding can achieve quicker convergence for end-node workstations and servers, and also overcome other STA related timeout problems.
Example The following is sample output from the spanning-tree port-priority command. Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree port-priority 0 Related Commands spanning-tree cost 16.225 spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax Description spanning-tree priority priority no spanning-tree priority priority Priority of the bridge.
Syntax Description [no] spanning-tree spanning-disabled Default Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Example This example disables the spanning tree algorithm for port 5. Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree spanning-disabled Console(config-if)# 16.227 spanning-tree transmission-limit This command configures the minimum interval between the transmissions of consecutive RSTP/MSTP BPDUs. Use the no form to restore the default.
16.228 speed This command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting. Syntax Description speed bps no speed bps Baud rate in bits per second. (Options: 9600, 19200, 38400, 57600, 115200 bps, or auto) Default auto Command Mode Line Configuration Usage Guidelines Set the speed to match the baud rate of the device connected to the serial port.
10full Forces 10 Mbps full-duplex operation 10half Forces 10 Mbps half-duplex operation Default Auto-negotiation is enabled by default. When auto-negotiation is disabled, the default speed-duplex setting is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports.
Default 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits, enter this command: Console(config-line)#stopbits 2 Console(config-line)# 16.231 switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore the default. Syntax Description switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types all The port accepts all frames, tagged or untagged. tagged The port only receives tagged frames.
Related Commands switchport mode 16.232 switchport allowed vlan This command configures VLAN groups on the selected interface. Use the no form to restore the default. Syntax Description switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list} no switchport allowed vlan add vlan- list List of VLAN identifiers to add. remove vlan-list List of VLAN identifiers to remove.
Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged Console(config-if)# 16.233 switchport broadcast packet-rate This command configures broadcast storm control. Use the no form to disable broadcast storm control. Syntax Description switchport broadcast packet-rate rate no switchport broadcast rate Threshold level as a rate; For example, packets per second.
remove vlan-list List of VLAN identifiers to remove. vlan-list Separate nonconsecutive VLAN identifiers with a comma and no spaces; use a hyphen to designate a range of IDs. Do not enter leading zeros. (Range: 14094). Default No VLANs are included in the forbidden list. Command Mode Interface Configuration (Ethernet, Port Channel) Usage Guidelines This command prevents a VLAN from being automatically added to the specified interface via GVRP.
Console(config-if)# 16.236 switchport ingress-filtering This command enables ingress filtering for an interface. Use the no form to restore the default. Syntax Description [no] switchport ingress-filtering Default Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Usage Guidelines Ingress filtering only affects tagged frames.
hybrid Specifies a hybrid VLAN interface. The port may transmit tagged or untagged frames. Default All ports are in hybrid mode with the PVID set to VLAN 1. Command Mode Interface Configuration (Ethernet, Port Channel) Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid: Console(config)#interface ethernet 1/1 Console(config-if)#switchport mode hybrid Console(config-if)# Related Commands switchport acceptable-frame-types 16.
Example The following is sample output from the switchport native vlan command. This example shows how to set the PVID for port 1 to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport native vlan 3 Console(config-if)# 16.239 switchport priority default This command sets a priority for incoming untagged frames. Use the no form to restore the default value.
16.240 tacacs-server host This command specifies the TACACS+ server. Use the no form to restore the default. Syntax Description tacacs-server host host_ip_address no tacacs-server host host_ip_address IP address of a TACACS+ server. Default 10.11.12.13 Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25 Console(config)# 16.241 tacacs-server key This command sets the TACACS+ encryption key. Use the no form to restore the default.
16.242 tacacs-server port This command specifies the TACACS+ server network port. Use the no form to restore the default. Syntax Description tacacs-server port port_number no tacacs-server port port_number TACACS+ server TCP port used for authentication messages. (Range: 165535) Default 49 Command Mode Global Configuration Example Console(config)#tacacs-server port 181 Console(config)# 16.
Default The default access level is Normal Exec. The factory defaults for the user name and password is: [Default IP Address: 192.168.0.1] [Default username: root [Default password: Asante ] ] Command Mode Global Configuration Usage Guidelines The encrypted password is required for compatibility with legacy password settings (For example, plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server.
Related Commands show vlan 16.245 vlan This command configures a VLAN. Use the no form to restore the default settings or delete a VLAN. Syntax Description vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] vlan-id ID of configured VLAN. (Range: 1-4094, no leading zeroes) name Keyword followed by the VLAN name. vlan-name ASCII string from 1 to 32 characters. media ethernet Ethernet media type. state Keyword to be followed by the VLAN state.
Related Commands show vlan 16.246 whichboot This command shows which files were booted when the system powered up. Default None Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command. See the dir command for a description of the file information displayed by this command. Console#whichboot file name file type startup size (byte) -------------------------------- -------------- ------- ----------Unit1: Diag.bix Boot-Rom image Y 818812 ES4548C_ZZ(V0.1.0.
Appendix A: Web Browser Interface and Command Line Interface Overview A.1 Navigating the Web Browser Interface To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.” A.1.1 Home Page When your web browser connects with the switch’s web agent, the home page is displayed as shown below.
Revert Cancels specified values and restores current values prior to pressing Apply. Apply Sets specified values to the system. Help Links directly to webhelp. To ensure proper screen refresh, be sure that Internet Explorer 5.x is configured as follows: Under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings,” the setting for item “Check for newer versions of stored pages” should be “Every visit to the page.” Note: When using Internet Explorer 5.
To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.254 If your corporate network is connected to another network outside your office or to the Internet, you need to apply for a registered IP address.
Console>enable Console#show startup-config • To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter: Console(config)#username admin password 0 smith Minimum Abbreviation The CLI accepts a minimum number of characters that uniquely identify a command. For example, the command “configure” can be entered as con. If an entry is ambiguous, the system will prompt for further input. A.7.
pvlan queue radius-server running-config snmp sntp spanning-tree ssh startup-config system tacacs-server users version vlan Console#show Information of private VLAN Information of priority queue RADIUS server information The system configuration of running SNMP statistics Sntp Specify spanning-tree Secure shell The system configuration of starting up Information of system Login by tacacs server Display information about terminal lines System hardware and software status Switch VLAN Virtual Interface The c
display a list of possible matches. You can also use the following editing keystrokes for command-line processing: Keystroke Function Ctrl-A Shifts cursor to start of command line. Ctrl-B Shifts cursor to the left one character. Ctrl-C Terminates the current task and displays the command prompt. Ctrl-E Shifts cursor to end of command line. Ctrl-F Shifts cursor to the right one character. Ctrl-K Deletes all characters from the cursor to the end of the line.
Appendix B: Upgrading Firmware Through the Serial Port The switch contains three firmware components that can be upgraded; the loader code, diagnostics (or Boot-ROM) code, and runtime operation code. The runtime code can be upgraded via the switch’s RS232 serial console port, via a network connection to a TFTP server, or using SNMP management software. The loader code and diagnostics code can be upgraded only via the switch’s RS232 serial console port.
Press x to start downloading the new code file. If using Windows HyperTerminal, click the “Transfer” button, and then click “Send File....” Select the XModem Protocol and then use the “Browse” button to select the required firmware code file from your PC system. The “Xmodem file send” window displays the progress of the download procedure. The download file must be a binary software file for this switch.
Appendix C: Software Specifications Authentication • Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists • IP, MAC (up to 32 lists) DHCP Client, Relay, Server DNS Server Port Configuration • 1000BASE-T: 10/100/1000 Mbps, half/full duplex • 1000BASE-SX/LX/LH: 1000 Mbps, full duplex Flow Control • Full Duplex: IEEE 802.
• Up to 255 groups; port-based, protocol-based, or tagged (802.
• Trap management to specified hosts RMON • Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event) Standards • IEEE 802.3 Ethernet, • IEEE 802.3u Fast Ethernet • IEEE 802.3x Full-duplex flow control (ISO/IEC 8802-3) • IEEE 802.3z Gigabit Ethernet, • IEEE 802.3ab 1000BASE-T • IEEE 802.3ac VLAN tagging • IEEE 802.1Q VLAN • IEEE 802.1v Protocol-based VLANs • IEEE 802.3ad Link Aggregation Control Protocol • IEEE 802.1D Spanning Tree Protocol and traffic priorities • IEEE 802.
• SNMP (RFC 1157) • SNMPv2 (RFC 1907) • RIPv2 (RFC 2453) • OSPF (RFC 2328, 1587) • SNTP (RFC 2030) • SSH (Version 2.
• RMON II Probe Configuration Group (RFC 2021, partial implementation) • TACACS+ Authentication Client MIB • TCP MIB (RFC 2013) • Trap (RFC 1215) • UDP MIB (RFC 2012) User’s Manual 379
Appendix D: Troubleshooting and Pinouts D.1 Troubleshooting Chart Symptom Action Cannot connect using Telnet, Web browser, or SNMP software Be sure you have configured the agent with a valid IP address, subnet mask and default gateway. If you are trying to connect to the agent via the IP address for a tagged VLAN group, your management station must include the appropriate tag in its transmitted frames.
Appendix E: FCC Compliance and Warranty Statements E.1 FCC Compliance Statement This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
E.3 IntraCare Warranty Statement Products: IntraCore 36240 IntraCore 36480 Duration: 3 years product warranty; 1 year technical support and updates Replacement: Other Countries: See your local distributor or reseller. 1. Asanté Technologies warrants (to the original end-user purchaser) the covered IntraCore products against defects in materials and workmanship for the period specified above.
Appendix F. Online Warranty Registration Please register the switch online at www.asante.com/support/warranty/index.html. By doing so, you’ll be entitled to special offers, up-to-date information, and important product bulletins. You may also register the switch by returning the following warranty card by mail.
Asanté IntraCore 36000 Series
User’s Manual 385
