DCS-3950 series Ethernet Switch Manual Version 1.4 Digitalchina Networks Co.,Ltd All Rights Reserved 2008_06 http://networks.digitalchina.
DCS-3950 series Ethernet switch manual Preface DCS-3950 series is a high performance ethernet switch which support wire-speed Layer 2 switching. DCS-3950 series can seamlessly support various network interfaces from 10Mb, 100Mb, 1000Mb DCS-3950 Ethernets. series is an excellent choice as access layer switch for education, government and large/medium enterprise networks..DCS-3950 DCS-3950-26C, DCS-3950-28CT, DCS-3950-52C.
DCS-3950 series Ethernet switch manual Contents Preface_______________________________________________________________ II Contents____ _________________________________________________________III Chapter 1 Introduction of Products _______________________________________ 1 1.1 Brief Introduction _____________________________________________________ 1 1.1.1 Overview _______________________________________________________________ 3 1.1.
DCS-3950 series Ethernet switch manual 3.3.5 Configuring SNMP______________________________________________________ 21 3.3.6 Exiting Setup Configuration Mode _________________________________________ 22 Chapter 4 Switch Management __________________________________________ 23 4.1 Management Options _________________________________________________ 23 4.1.1 Out-of-band Management ________________________________________________ 23 4.1.
DCS-3950 series Ethernet switch manual 5.4.1 Introduction to SNMP ___________________________________________________ 63 5.4.2 Introduction to MIB _____________________________________________________ 65 5.4.3 Introduction to RMON __________________________________________________ 66 5.4.4 SNMP Configuration ____________________________________________________ 66 5.4.5 Typical SNMP Configuration Example _____________________________________ 73 5.4.
DCS-3950 series Ethernet switch manual 8.1 Introduction to MAC Table ___________________________________________ 137 8.1.1 Obtaining MAC Table __________________________________________________ 137 8.1.2 Forward or Filter ______________________________________________________ 138 8.2 MAC address table configuration Command List _________________________ 139 8.2.1 mac-address-table aging-time ____________________________________________ 139 8.2.
DCS-3950 series Ethernet switch manual 10.2.1 MSTP Configuration Task List __________________________________________ 172 10.2.2 MSTP Command List _________________________________________________ 175 10.3 MSTP Configuration Example _______________________________________ 185 10.4 MSTP Troubleshooting______________________________________________ 190 10.4.1 Monitor and Debug Command List ______________________________________ 190 10.4.
DCS-3950 series Ethernet switch manual 14.4 802.1x Troubleshooting______________________________________________ 241 14.4.1 802.1x Monitor and debug Command List ________________________________ 241 14.4.2 802.1x Troubleshooting ________________________________________________ 248 Chapter 15 ACL Configuration _________________________________________ 249 15.1 Introduction to ACL ________________________________________________ 249 15.
DCS-3950 series Ethernet switch manual 18.2.1 DHCP Sever Configuration Task List_____________________________________ 302 18.2.2 DHCP Server Configuration Command List _______________________________ 304 18.2.3 DHCP Server Configuration Example ____________________________________ 312 18.3 DHCP Troubleshooting _____________________________________________ 313 18.3.1 Monitor and Debug Command List ______________________________________ 313 18.3.
DCS-3950 series Ethernet switch manual Chapter 23 SNTP Configuration ________________________________________ 349 23.1 SNTP Introduction _________________________________________________ 349 23.2 SNTP Configuration ________________________________________________ 350 23.2.1 SNTP Configuration Task List __________________________________________ 350 23.2.2 SNTP Command List __________________________________________________ 350 23.
DCS-3950 series Ethernet switch manual Chapter 1 Introduction of Products 1.
DCS-3950 series Ethernet switch manual Fig 1-3 DCS-3950-28C switch Fig 1-4 DCS-3950-52CT switch 2
DCS-3950 series Ethernet switch manual Fig 1-5 DCS-3950-52C switch 1.1.1 Overview The DCS-3950 series Intelligent Stackable Secure Ethernet Access Switch can not only be utilized in large-scale enterprise networks,campus networks and metropolitan area networks as access equipment, but also can meet the demand for network of medium-scale office environment.
DCS-3950 series Ethernet switch manual network at the same time. PVLAN function can divide ports into isolated ports and community ports, in order to isolate or connect ports as demanded by network applications. QoS DCS-3950 series fully support QoS policy. Users can specify 4 priority queues on each port. WRR/SP/SWRR scheduling is also supported. DCS-3950 series also supports the port security. The traffic can be sorted by port, VLAN, DSCP, IP precedence and ACL table.
DCS-3950 series Ethernet switch manual Spanning tree The DCS-3950 series supports IEEE802.1D spanning tree and IEEE802.1w rapid spanning tree. Spanning tree can effectively avoid loop, and at the same time, create a redundant backup for the link. Port Mirroring The DCS-3950 series supports port mirroring, which can mirror the inbound/outbound traffic of one or more ports to another port, in order to detect relative information of data.
DCS-3950 series Ethernet switch manual Can be fixed in a standard 19-inch frame. 1.
DCS-3950 series Ethernet switch manual RFC1643 Ether-Like MIB Digital -China Private MIB 1.3 Physical Specifications weight Dimension (mm) Operating Temperature Storage Temperature Relative humidity AC Power Input DCS-3950-26C/28CT/28C DCS-3950-52CT/52C 2.25KG 3KG 440×171.2×43 440×229×44 0°C~50°C -40°C~70°C 10%~90%,with no condensate 100~240VAC,50~60Hz Power Consumption Mean Time Between Failures 30W Max 80,000 Hours Table1-1 DCS-3950 series switch physical specification 1.
DCS-3950 series Ethernet switch manual Fig 1-7 DCS-3950-28CT switch front panel view Fig 1-8 DCS-3950-28C switch front panel view Fig 1-9 DCS-3950-52CT switch front panel view Fig 1-10 DCS-3950-52C switch front panel view 1.4.2 Product back panel view DCS-3950 series back panel view as follows: Fig 1-11 DCS-3950-26C/28CT/28C back panel view Fig 1-12 DCS-3950-52CT/52C back panel view 1.4.3 Status LEDs The LEDs of DCS-3950 series switch include: PWR, DIAG, Link/Act and 1000M.
DCS-3950 series Ethernet switch manual Fig 1-13 DCS-3950-26C/28CT/28C switch LED indicator lamp Description of LEDs LED Sstate Description Link/ACT Blink The port is successfully linked and is sending /receiving data right now. Off The state of the port is down. On Link succeeds On The corresponding connecting mode. Off The corresponding G port is in 100M connecting mode or in down state.
DCS-3950 series Ethernet switch manual Chapter 2 Hardware Installation 2.1 Installation Notice To ensure the proper operation of DCS-3950 series and your physical security, please read carefully the following installation guide. 2.1.1 Environmental Requirements The switch must be installed in a clean area. Otherwise, the switch may be damaged by electrostatic adherence. Maintain the temperature within 0 to 50 °C and the humidity within 5% to 95%, non-condensing.
DCS-3950 series Ethernet switch manual threshold value. Gas Average (mg/m³) Max (mg/m³) SO2 0.2 1.5 H2S 0.006 0.03 NO2 0.04 0.15 NH3 0.05 0.15 Cl2 0.01 0.3 Table 2-2 Environmental Requirements: Particles 2.1.1.2 Temperature and Humidity As the switch is designed to no fan, it’s physical heat-away ,the site should still maintain a desirable temperature and humidity.
DCS-3950 series Ethernet switch manual 2.1.1.3 Power Supply DCS-3950 series is designed to use modular switching power supplies. The power input specification is shown below: Nominal Input Voltage: AC: 100 ~ 240 VAC, Frequency: 50-60Hz Total power consumption: ≤30W Before powering on the power supply, please check the power input to ensure proper grounding of the power supply system. The input source for the switch should be reliable and secure; a voltage adaptor can be used if necessary.
DCS-3950 series Ethernet switch manual The dimensions of the switch designed to be mounted on a standard 19’’ rack, please ensure good ventilation for the rack Every device in the rack will generate heat during operation, therefore vent and fans must be provided for an enclosed rack, and devices should not be stacked closely. When mounting devices in an open rack, care should be taken to prevent the rack frame from obstructing the switch ventilation openings.
DCS-3950 series Ethernet switch manual power immediately. WARNING: Situations which are dangerous or harmful include but are not limited to the following items: creepage, over head power lines, broken down of power lines. If any emergency happens, please firstly cut down the power supply, and then dial the local emergency number. 2.2 Installation Preparation 2.2.1 Verify the Packet Contents The above contents are subject to the received packet contents. 2.2.
DCS-3950 series Ethernet switch manual Fig 2-1 DCS-3950 series Rack-mounting 1. Attach the 2 brackets on the DCS-3950 series with screws provided in the accessory kit. 2. Put the bracket-mounted switch smoothly into a standard 19’’ rack. Fasten the DCS-3950 series to the rack with the screws provided. Leave enough space around the switch for good air circulation. Caution! The brackets are used to fix the switch on the rack. They can’t serve as a bearing. Please place a rack shelf under the switch.
DCS-3950 series Ethernet switch manual DCS-3950 series provides a DB9 interface serial console port. The connection procedure is listed below Fig 2-2 Connecting Console to DCS-3950 series 1. Please attach the console cable which is contained in the accessory kit to the Console port of the switch. 2. Connect the other side of the console cable to a character terminal (PC). 3. Power on the switch and the character terminal. Configure the switch through the character terminal.
DCS-3950 series Ethernet switch manual Fig 2-3 Attaching power cable to DCS-3950 series 1. Insert one end of the power cable provided in the accessory kit into the power source socket (with overload and leakage protection), and the other end to the power socket in the back panel of the switch. 2. Check the power status indicator in the front panel of the switch. The corresponding power indicator should light. DCS-3950 series is self-adjustable for the input voltage.
DCS-3950 series Ethernet switch manual Chapter 3 Setup Configuration Setup configuration refers to the initial operation to the switch after the user purchases the switch. For first-time users of the DCS-3950 series, this chapter provides a very practical instruction. When using the CLI (command line interface), the user can type setup under admin mode to enter the Setup configuration interface. 3.
DCS-3950 series Ethernet switch manual Enter without input, the hostname will default to ‘switch’ 3.3.2 Configuring Vlan1 Interface Select ‘1’ in the Setup main menu and press Enter to start configuring the Vlan1 interface Config Interface-Vlan1 [0]: Config interface-Vlan1 IP address [1]: Config interface-Vlan1 status [2]: Exit Selection number: Select ‘0’ in the Vlan1 interface configuration menu and press Enter, the following screen appears Please input interface-Vlan1 IP address (A.B.C.
DCS-3950 series Ethernet switch manual Please input the new telnet user password: Notice: The valid length for the password should be between 1 and 8 characters. After user name and password are configured correctly, system configuration shell will be prompted.
DCS-3950 series Ethernet switch manual 3.3.
DCS-3950 series Ethernet switch manual Enable SNMP-server? (y/n) [y]: Type ‘y’ and press Enter, or just press Enter to enable SNMP service, type ‘n’ and press Enter to disable SNMP service. The SNMP configuration menu appears. Select ‘4’ in the SNMP configuration menu and press Enter, the following screen will appear: Enable SNMP-traps ? (y/n) [y]: Type ‘y’ and press Enter, or just press Enter to enable SNMP Traps, type ‘n’ and press Enter to disable SNMP traps. The SNMP configuration menu appears.
DCS-3950 series Ethernet switch manual Chapter 4 Switch Management 4.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. DCS-3950 series provides two management options: in-band management and out-of-band management. 4.1.1 Out-of-band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
DCS-3950 series Ethernet switch manual Step 2 Entering HyperTerminal. Open the HyperTerminal included in Windows after the connection established. 1) Click Start menu - All Programs – Accessories – Communication - HyperTerminal. 2)Type a name for opening HyperTerminal, such as ‘Switch_A’. Fig 4-2 Opening HyperTerminal 3)In the ‘Connecting with’ drop-list, select the RS-232 serial port used by the PC, e.g. COM1, and click ‘OK’.
DCS-3950 series Ethernet switch manual checksum’, ‘1’ for stop bit and ‘none’ for traffic control; or, you can also click ‘Revert to default’ and click ‘OK’. Fig 4-4 Opening HyperTerminal Step 3 Entering switch CLI interface: Power on the switch. The following appears in the HyperTerminal windows, that is the CLI configuration mode for Testing RAM... 67,108,864 RAM OK. Initializing... Booting...... Starting at 0x10000...
DCS-3950 series Ethernet switch manual Switch> The user can now enter commands to manage the switch. For a detailed description for the commands, please refer to the following chapters. 4.1.2 In-band Management In-band management refers to the management by logging into the switch using Telnet. In-band management enables the function of managing the switch for some devices attached to the switch.
DCS-3950 series Ethernet switch manual Fig 4-5 Manage the switch by Telnet Step 1: Configure the IP addresses for the switch First is the configuration of host IP address, which should be within the same network segment as the switch VLAN1 interface IP address. Suppose the switch VLAN interface IP address 10.1.128.251/24, and then a possible host IP address is 10.1.128.25/24. Run ‘ping 10.1.128.251’ from the host and verify the result, check for reasons if ping fails.
DCS-3950 series Ethernet switch manual telnet-user password {0|7} Assume a authorized user in the switch has a username of ‘test’, and password of ‘test’, the configuration procedure should be like the following: Switch>en Switch#config Switch(Config)#telnet-user test password 0 test Enter valid login name and password in the Telnet configuration interface, Telnet user will be able to enter the switch’s CLI configuration interface.
DCS-3950 series Ethernet switch manual the relevant chapter. To enable the WEB configuration, users should type the CLI command ip http server in the global mode as below: Switch>en Switch#config Switch(Config)#ip http server Step 2: Run HTTP protocol on the host. Open the Web browser on the host and type the IP address of the switch. Or run directly the HTTP protocol on the Windows. For example, the IP address of the switch is ‘10.1.128.251’.
DCS-3950 series Ethernet switch manual 4.1.2.3 Management via LinkManager To manage the switch with LinkManager, the following conditions should be met: 1) Switch has an IP address configured 2) The host IP address (LinkManager) and the switch’s VLAN interface IP address is in the same network segment. 3) If not 2), LinkManager can connect to an IP address of the switch via other devices, such as a router.
DCS-3950 series Ethernet switch manual CLI interface is familiar to most users. As aforementioned, both out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands. Those commands are categorized according to their functions in switch configuration and management. Each category represents a different configuration mode.
DCS-3950 series Ethernet switch manual Under User Mode, no configuration to the switch is allowed, only clock time and version information of the switch can be queries. 4.2.1.1.2 Admin Mode When enable command is used under User Mode,To Admin Mode sees the following: In user entry system, if as Admin user, it is defaulted to Admin Mode.
DCS-3950 series Ethernet switch manual port-channel Type interface port-channel command under Global Mode. Switch(Config-ifport-channelx)# Configure port-channel related settings such as duplex mode, speed, etc. Use the exit command to return to Global Mode. 4.2.1.1.5 VLAN Mode Using the vlan command under Global Mode can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN.
DCS-3950 series Ethernet switch manual shown below: cmdtxt { enum1 | … | enumN } [option] Conventions: cmdtxt in bold font indicates a command keyword; indicates a variable parameter; {enum1 | … | enumN } indicates a mandatory parameter that should be selected from the parameter set enum1~enumN; and the square bracket ([ ]) in [option] indicate an optional parameter.
DCS-3950 series Ethernet switch manual Back Space Delete a character before the cursor, and the cursor moves back. Up ‘↑’ Show previous command entered. Up to ten recently entered commands can be shown. Down ‘↓’ Show next command entered. When use the Up key to get previously entered commands, you can use the Down key to return to the next command Left ‘←’ The cursor moves one character to the left. Right ‘→’ The cursor moves one character to the right. Ctrl +p The same as Up key ‘↑’.
DCS-3950 series Ethernet switch manual command. 3.A ‘?’ immediately following a string. This will display all the commands that begin with that string. 4.2.1.5 Input Verification 4.2.1.5.1 Returned Information: success All commands entered through keyboards undergo syntax check by the Shell. Nothing will be returned if the user entered a correct command under corresponding modes and the execution is successful. 4.2.1.5.
DCS-3950 series Ethernet switch manual command!’ error if only ‘sh r’ is entered, as Shell is unable to tell whether it is ‘show r’ or ‘show running-config’. Therefore, Shell will only recognize the command if ‘sh ru’ is entered. 4.2.2 Web Interface The Web configuration interface has three parts: the upper part, the bottom left part and the bottom right part.
DCS-3950 series Ethernet switch manual new stuff from the server every time instead of the system cache. The following steps will show you how to realize this: Choose the Tools(T)->Internet Options from the menu of a Website or right click the IE browser on the desktop and choose Properities to enter the configuration interface. In the ‘Settings’ dialog box of ‘Temporary Internet File’, under ‘Check for newer versions of stored pages’, click ‘Every visit to the page’.
DCS-3950 series Ethernet switch manual Chapter 5 Basic Switch Configuration 5.1 Basic Switch Configuration Command List Basic switch configuration includes commands for entering and exiting the admin mode, commands for entering and exiting interface mode, for configuring and displaying the switch clock, for displaying the version information of the switch system, etc. Caution! By default, the host name of a switch and the command line prompt is the same as the type of the switch.
DCS-3950 series Ethernet switch manual 5.1.3 exec timeout Command: exec timeout Function: Configure the overtime of quitting privileged configuration mode. Parameter: < minute >is time; the unit is minute(The range 0~300) Command mode: Global Mode Default: The default time is 5 minutes. Usage Guide: For security reason, a timer can be set for the privileged user’s login session through this command. And the timer will be enabled when there are no operations in the login session.
DCS-3950 series Ethernet switch manual 5.1.6 ip host Command: ip host no ip host Function: Set the mapping relationship between the host and IP address; the ‘no ip host’ parameter of this command will delete the mapping. Parameter: is the host name, up to 15 characters are allowed; is the corresponding IP address for the host name, takes a dot decimal format.
DCS-3950 series Ethernet switch manual 5.1.9 reload Command: reload Function: Warm reset the switch. Command mode: Admin Mode Usage Guide: The switch can be rebooted through this command without resetting the power. 5.1.10 set default Command: set default Function: Reset the switch to factory settings. Command mode: Admin Mode Usage Guide: The switch will be reset to the factory state through this command. All the configurations will be reset after system reboot.
DCS-3950 series Ethernet switch manual 5.1.13 web-user Command:web-user password {0|7} no web-user Function:Set a username and its password for a Web client; the ‘no web-user ‘ command is used to delete this Web client.
DCS-3950 series Ethernet switch manual 5.1.16 show tech-support Command:show tech-support Function: Collect tech-support information. Command mode: Admin Mode. Usage Guide: Information can be get through this command for determining the cause of any system failure. Example: Switch#show tech-support 5.1.17 vendorcontact Command:vendorcontact Function:Set vendor contact information in the switch. Parameters:< information > is vendor contact information letters. Command mode:Global Mode.
DCS-3950 series Ethernet switch manual 5.2 Monitor and Debug Command List When the users configures the switch, they will need to verify whether the configurations are correct and the switch is operating as expected, and in network failure, the users will also need to diagnostic the problem. DCS-3950 series switch provides various debug commands including ping, telnet, show and debug, etc. to help the users to check system configuration, operating status and locate problem causes. 5.2.
DCS-3950 series Ethernet switch manual Target IP address: Ip address of the target device. Repeat count [5] Number of ping echo packets to be sent. Default is 5. Datagram size in byte [56] Size of the ping echo packet in bytes. Default is 56. Timeout in milli-seconds [2000]: Timeout for the reply packets in milliseconds. Default is 2 seconds. Extended commands [n]: Whether need to change other option. 5.2.2 Telnet 5.2.2.
DCS-3950 series Ethernet switch manual no telnet-server enable telnet-user password {0|7} no telnet-user switch: the ‘no telnet-server enable’ command disables the Telnet function. Configure the username and password to login to the switch through Telnet: the no telnet-user command disables Telnet accredited user.
DCS-3950 series Ethernet switch manual Example: Configure the authentication method for remote access to be radius. Switch(Config)#authentication login radius Relative Command:aaa enable,radius-server authentication host 5.2.2.3.2 monitor Command: monitor no monitor Function:Make Telnet clients display debug information, and disable Console clients to display debug information function.
DCS-3950 series Ethernet switch manual Then telnet the remote host through the host name. Switch#config Switch(Config)#ip host aa 20.1.1.1 Switch(Config)#exit Switch#telnet aa 23 Trying 20.1.1.1... Service port is 23 Connected to 20.1.1.1 login:123 password:*** router> Relative Command:ip host 5.2.2.3.
DCS-3950 series Ethernet switch manual 5.2.2.3.6 telnet-user Command:telnet-user password {0|7} no telnet-user Function: Configure user names and passwords of Telnet clients. Use the ‘no telnet-user ‘ command to remove the Telnet users. Parameter: is the Telnet client user name.
DCS-3950 series Ethernet switch manual ssh-server enable no ssh-server enable ssh-user password {0|7} no ssh-user Enable SSH function on the switch; the ‘no ssh-server enable’ command disables SSH function. Configure the username and password of SSH client software for logging on the switch; the ‘no ssh-user ‘ command deletes the username.
DCS-3950 series Ethernet switch manual no ssh-user Function: Configure the username and password of SSH client software for logging on the switch; the ‘no ssh-user ‘ command deletes the username. Parameter: is SSH client username. It can’t exceed 16 characters; is SSH client password. It can’t exceed 8 characters; 0|7 stand for unencrypted password and encrypted password. Command mode: Global Mode Default: There are no SSH username and password by default.
DCS-3950 series Ethernet switch manual 5.2.3.3.5 ssh-server host-key create rsa Command:ssh-server host-key create rsa [modulus < modulus >] Function: Generate new RSA host key Parameter: modulus is the modulus which is used to compute the host key; valid range is 768 to 2048. The default value is 1024. Command mode: Global Mode Default: The system uses the key generated when the ssh-server is started at the first time. Usage Guide: This command is used to create new security keys for the host.
DCS-3950 series Ethernet switch manual switch. Switch(Config)#interface vlan 1 Switch(Config-Vlan-1)#ip address 100.100.100.200 255.255.255.0 Switch(Config-Vlan-1)#exit Switch(Config)#ssh-user test password 0 test Switch(Config)#ssh-server enable 5.2.3.5 SSH Monitor and Debug Command List 5.2.3.5.1 show ssh-user Command:show ssh-user Function:Display all the configured SSH usernames. Command mode:Admin Mode. Example: Switch#show ssh-user test Relative Command:ssh-user 5.2.3.5.
DCS-3950 series Ethernet switch manual Command:traceroute { | host }[hops ] [timeout ] Function:This command is used to test the gateways passed by packets on their way from sending equipment to destination equipment, in order to check whether the network can be reached and to locate the fault of network. Parameters:is the IP address of the destination host, in dotted-decimal format; is the host name of the remote host.
DCS-3950 series Ethernet switch manual Example: Switch#show clock Current time is TUE AUG 22 11:00:01 2002 Relative Command: clock set 5.2.5.3 show debugging Command:show debugging Function: Display the debugging state Usage Guide: This command is used to show which debug options are enabled. Command mode: Admin Mode Example: Show the debug options currently configured.
DCS-3950 series Ethernet switch manual interface ethernet 0/0/3 enable show flash show ftp 5.2.5.6 show memory Command:show memory Function:Display the contents in the memory Command mode: Admin Mode Usage Guide: This command is used for debugging purpose. Base memory address and length can be entered through interactive way. The information given by the system falls in to three parts, which are the addresses, memory dump in lexical words, and the corresponding ASCII characters.
DCS-3950 series Ethernet switch manual Command mode: Admin Mode Usage Guide: The ‘show running-config’ is used to verify whether the users had entered the configurations correctly. Example: Switch#show running-config 5.2.5.9 show startup-config Command: show startup-config Function: Display the switch parameter configurations written into the Flash memory at the current operation; those are usually also the configuration files used for the next power-up.
DCS-3950 series Ethernet switch manual current interface is able to maintain. Mode :Access Vlan mode for the current interface. Port VID :1 The vlan id which the current interface belongs to. Trunk native Vlan :1 The PVID of native VLAN for the trunk. Trunk allowed Vlan :ALL VLANs that are allowed to be transferred through trunk. 5.2.5.11 show tcp Command: show tcp Function: Display the current TCP connection status established to the switch.
DCS-3950 series Ethernet switch manual 5.2.5.13 show telnet login Command: show telnet login Function: Display Telnet user information that links with the switch Command mode: Admin Mode. Usage Guide: This command is used to retrieve information about remote telnet login sessions. Example: Switch#show telnet login Authenticate login by local. Login user: Antony Switch# 5.2.5.14 show telnet user Command: show telnet user Function: Display all Telnet user information that can login the switch via Telnet.
DCS-3950 series Ethernet switch manual 5.2.6 Debug All the protocols DCS-3950 series switch supports have their corresponding debug commands. The users can use the information from debug commands for troubleshooting. Debug commands for their corresponding protocols will be introduced in the later chapters. 5.
DCS-3950 series Ethernet switch manual 2. BootP configuration Command Explanation ip bootp-client enable no ip bootp-client enable Enable the switch to be a BootP client and obtain IP address and gateway address through BootP negotiation; the no ip bootp-client enable’ command disables the BootP client function. 3.
DCS-3950 series Ethernet switch manual no ip bootp-client enable Function: Configure the switch as a BootP client. The switch is able to get ip addressed for itself and the gateway through the BootP protocol. If no is put in front of the command, the BootP protocol will be disabled on the switch. Default: BootP client is disabled by default. Command mode: VLAN interface configuration mode.
DCS-3950 series Ethernet switch manual SNMP (Simple Network Management Protocol) is a standard network management protocol widely used in computer network management. SNMP is an evolving protocol.
DCS-3950 series Ethernet switch manual 5.4.2 Introduction to MIB The network management information accessed by NMS is well defined and organized in a Management Information Base (MIB). MIB is pre-defined information which can be accessed by network management protocols. It is in layered and structured form. The pre-defined management information can be obtained from monitored network devices. ISO ASN.1 defines a tree structure for MID.
DCS-3950 series Ethernet switch manual as BRIDGE MIB. Besides, the switch supports self-defined private MIB. 5.4.3 Introduction to RMON RMON is the most important expansion of the standard SNMP. RMON is a set of MIB definitions, used to define standard network monitor functions and interfaces, enabling the communication between SNMP management terminals and remote monitors. RMON provides a highly efficient method to monitor actions inside the subnets. MID of RMON consists of 10 groups.
DCS-3950 series Ethernet switch manual 2. Configure SNMP community string Command Explanation snmp-server community {ro|rw} no snmp-server community Configure the community string for the switch; the ‘no snmp-server community ‘command deletes the configured community string. 3.
DCS-3950 series Ethernet switch manual {include|exclude} no snmp-server view command is used for SNMP v3. 8. Configuring TRAP Command Explanation snmp-server enable traps no snmp-server enable traps Enable the switch to send Trap message. This command is used for SNMP v1/v2/v3.
DCS-3950 series Ethernet switch manual permission can be set through ro|rw. ro is for read only while rw for read/write. Usage Guide: Up to 4 community strings are supported by the switch. Example: Setup a community string as private with read/write permission. Switch(config)#snmp-server community rw private Setup a community string as public with read only permission. Switch(config)#snmp-server community ro public Change the permission of private to read only.
DCS-3950 series Ethernet switch manual 5.4.4.2.5 snmp-server user Command:snmp-server user [[encrypted] {auth {md5|sha} }] no snmp-server user Function: Add a user to an existing group. the ‘no’ form of this command deletes this user Command mode: Global Mode. Parameters: is the name of the user, which can be of 1 to 32 characters long. is the group name for the user to be added to.
DCS-3950 series Ethernet switch manual Delete a group. Switch (Config)#no snmp-server group Group AuthPriv 5.4.4.2.7 snmp-server view Command: snmp-server view {include|exclude} no snmp-server view Function: View configurations can be updated with this command. If no is put in front of this command, corresponding view configuration will be removed. Command mode: Global Mode.
DCS-3950 series Ethernet switch manual Example: Configure the IP address of SNMP server to receive the Trap messages. Switch(config)#snmp-server host 1.1.1.5 v1 trap Remove the Trap meesage delivery configuration. Switch(config)#no snmp-server host 1.1.1.5 v1 trap 5.4.4.2.
DCS-3950 series Ethernet switch manual Disable RMON. Switch(config)#no rmon enable 5.4.5 Typical SNMP Configuration Example The IP address of the NMS is 1.1.1.5; the IP address of the switch (Agent) is 1.1.1.9 Scenario 1: The NMS network administrative software uses SNMP protocol to obtain data from the switch.
DCS-3950 series Ethernet switch manual 5.4.6.1 Monitor and Debug Command List 5.4.6.1.1 show snmp Command: show snmp Function: Display all SNMP counter information.
DCS-3950 series Ethernet switch manual set-request PDUs Number of packets received by ‘set’ requests. snmp packets output Total number of SNMP packet outputs. too big errors Number of ‘Too_ big’ error SNMP packets. maximum packet size Maximum length of SNMP packets. no such name errors Number of packets requesting for non-existent MIB objects. bad values errors Number of ‘Bad_values’ error SNMP packets. general errors Number of ‘General_errors’ error SNMP packets.
DCS-3950 series Ethernet switch manual V3 Trap Host Information Receive V3 Trap Host Information 5.4.6.1.3 show snmp engineid Command: show snmp engineid Function: Display the engine ID commands Command mode: Admin Mode Example: Switch#show snmp engineid SNMP engineID: 18c3159876 Engine Boots is:1 Displayed Information Explanation SNMP engineID Engine number Engine Boots Engine boot counts 5.4.6.1.
DCS-3950 series Ethernet switch manual Write View: Notify View: one Displayed Information Explanation Group Name Group name Security level Security level Read View Read view name Write View Write view name Notify View Notify view name No view name specified by the user 5.4.6.1.6 show snmp view Command: show snmp view Function: Display the view information commands. Command mode: Admin Mode Example: Switch#show snmp view View Name: readview 1.
DCS-3950 series Ethernet switch manual Usage Guide: User can use ‘debug snmp packet’ to enable SNMP debug function and verify debug information to troubleshoot the problems. Usage Guide: Users can troubleshoot the problems by use ‘debug snmp packet’ to enable SNMP debug function and verify debug information. Example: Switch#debug snmp packet 5.4.6.2 SNMP Troubleshooting When users configure the SNMP, the SNMP server may fail to run properly due to physical connection failure and wrong configuration, etc.
DCS-3950 series Ethernet switch manual There are two methods for BootROM upgrade: TFTP and FTP, which can be selected at BootROM command settings. The upgrade procedures are listed below: Step 1: A PC is used as the console for the switch. A console cable is used to connect PC to the management port on the switch. The PC should have FTP/TFTP server software installed and has the img file required for the upgrade. Step 2: Press ‘ctrl+b’ on switch boot up until the switch enters BootROM monitor mode.
DCS-3950 series Ethernet switch manual Host IP Address: 10.1.1.1 192.168.1.189 Server IP Address: 10.1.1.2 192.168.1.101 FTP(1) or TFTP(2): 1 2 Network interface configure OK. [Boot]: Step 4: Enable FTP/TFTP server in the PC. For TFTP, run TFTP server program; for FTP, run FTP server program. Before start downloading upgrade file to the switch, verify the connectivity between the server and the switch by ping from the server.
DCS-3950 series Ethernet switch manual between the client and the server: a management connection and a data connection. A transfer request should be sent by the FTP client to establish management connection on port 21 in the server, and negotiate a data connection through the management connection. There are two types of data connections: active connection and passive connection.
DCS-3950 series Ethernet switch manual file is allowed to save in ROM only. DCS-3950 series switch mandates the name of the boot file to be boot.rom. Configuration file: including start up configuration file and running configuration file. The distinction between start up configuration file and running configuration file can facilitate the backup and update of the configurations. Start up configuration file: refers to the configuration sequence used in switch start up.
DCS-3950 series Ethernet switch manual acknowledgement (4) Shut down TFTP server 1. FTP/TFTP configuration (1)FTP client upload/download file Command Explanation Admin Mode copy [ascii | binary] FTP/TFTP client upload/download file Global Mode Dir For FTP client, server file list can be checked. FtpServerUrl format looks like: ftp: //user: password@IP Address 2.
DCS-3950 series Ethernet switch manual Command Explanation Global Mode tftp-server transmission-timeout Set maximum retransmission time within timeout interval. (3)Modify TFTP server connection retransmission time Command Explanation Global Mode tftp-server retransmission-number Set maximum retransmission time within timeout interval. 5.5.2.2.2 FTP/TFTP Configuration Command List 5.5.2.2.2.
DCS-3950 series Ethernet switch manual Switch,password is Password: Switch#copy nos.img ftp://Switch:Password@10.1.1.1/nos.img (2)Obtain system file nos.img from the FTP server 10.1.1.1, user name is Switch,password is Password: Switch#copy ftp://Switch:Password@10.1.1.1/nos.img nos.img (3)Save the running configuration files Switch#copy running-config startup-config Relative commands: write 5.5.2.2.2.2 dir Command: dir Function: Browse the file list on the FTP server.
DCS-3950 series Ethernet switch manual Default: The system default is 600 seconds. Command mode: Global mode Usage Guide: When FTP data connection idle time exceeds this limit, the FTP management connection will be disconnected. Example: Modify the idle threshold to 100 seconds. Switch#config Switch(Config)#ftp-server timeout 100 5.5.2.2.2.
DCS-3950 series Ethernet switch manual Usage Guide: This command supports command line hints,namely if the user can enter commands in following forms: copy tftp:// or copy tftp:// and press Enter,following hints will be provided by the system: tftp server ip address> tftp filename> Requesting for TFTP server address, file name Example: (1) Copy the system image in the flash to TFTP server at 10.1.1.1. Switch#copy nos.img tftp:// 10.1.1.1/ nos.img (2) Copy the image named nos.
DCS-3950 series Ethernet switch manual Parameters: is the timeout value in seconds, which is limited between 5 and 3600 seconds. Default: The default timeout is set to 600s. Command mode: Global Mode. Example: Change the timeout to be 60s. Switch#config Switch(Config)#tftp-server transmission-timeout 60 5.5.2.3 FTP/TFTP Configuration Example Switch 10.1.1.2 computer 10.1.1.1 Fig 5-2 Download nos.img file as FTP/TFTP client Scenario 1: The switch is used as FTP/TFTP client.
DCS-3950 series Ethernet switch manual Start TFTP server software on the computer and place the ‘nos.img’ file to the appropriate TFTP server directory on the computer. DCS-3950: Switch (Config)#inter vlan 1 Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0 Switch (Config-If-Vlan1)#no shut Switch (Config-If-Vlan1)#exit Switch (Config)#exit Switch#copy tftp: //10.1.1.1/nos.img nos.img Switch#reload Scenario 2: The switch is used as FTP server.
DCS-3950 series Ethernet switch manual DCS-3950: Switch(Config)#inter vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0 Switch(Config-If-Vlan1)#no shut Switch(Config-If-Vlan1)#exit Switch(Config)#ftp-server enable Switch(Config)# ip ftp-server username Switch password 0 Password PC side: Start the FTP server software on the PC and set the username ‘Switch’, and the password ‘Password’,use the IS or DIR command: C:\>ftp 10.1.1.2 Connected to 10.1.1.2. 220 welcome your using ftp server...
DCS-3950 series Ethernet switch manual PC side: Start the FTP server software on the PC and set the username ‘Switch’, and the password ‘Password’. DCS-3950: Switch(Config)#inter vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0 Switch(Config-If-Vlan1)#no shut Switch(Config-If-Vlan1)#exit Switch(Config)#dir ftp://Switch:Password@10.1.1.1 220 Serv-U FTP-Server v2.5 build 6 for WinSock ready... 331 User name okay, need password. 230 User logged in, proceed. 200 PORT Command successful.
DCS-3950 series Ethernet switch manual timeout Time for the timeout timer. Retry Times Number of times to retries to retransmit data packets. 5.5.2.4.1.2 show tftp Command: show tftp Function: TShow configuration of TFTP server. Default: TFTP debug information is disabled by default. Command mode: Admin Mode Example: Switch#sh tftp timeout :60 Retry Times :10 Parameters Description Timeout Time out for timer Retry Times Retry times. 5.5.2.4.
DCS-3950 series Ethernet switch manual write ok 150 Opening ASCII mode data connection for nos.img (1526037 bytes). 226 Transfer complete. & If the switch is upgrading system file or system start up file through FTP, the switch must not be restarted until ‘close ftp client’ or ‘226 Transfer complete.’ is displayed, indicating upgrade is successful, otherwise the switch may be rendered unable to start.
DCS-3950 series Ethernet switch manual filter the information because of its ability to do fine-grain classification. Its combination with Debug program provides a powerful support for the network managers and developers to monitor the operation of network and diagnose the problems of network. The system log of Digital China switch has the following features: z Support the system log output in four directions: Console, Telnet terminal and Dumb terminal(monitor), logbuf, and loghost.
DCS-3950 series Ethernet switch manual Attention:By default the system log is disabled. When it is enabled, because of the classification and output of the information, especially when there is a large amount of information under processing, the system performance will be affected. 5.6.1.
DCS-3950 series Ethernet switch manual this function. 3. Set the output channel of the user’s terminal Command Description Privileged configuration mode logging monitor no logging monitor Open the output channel of the user’s terminal. Prefixing the command with a ‘no’ will disable this function. 4. Set the output channel of the log buffer Command Description Privileged configuration mode logging buffered [] no logging buffered Open the output channel of the log buffer.
DCS-3950 series Ethernet switch manual 5.6.2.2.1 clear logging Command: clear logging Function: Log in the log buffers can be cleared through this command. Command mode: Admin Mode Usage Guide: This command is used to clear all the information in the log buffer zone. Example: Clear all the logs in the log buffer. Switch# clear logging Relative Commands: show logging buffered 5.6.2.2.
DCS-3950 series Ethernet switch manual no logging Function: This command is used to enable certern hosts to be output channel for logging information. If no is put in front of the command, logging host configurations will be removed. Parameters: is the IP address for the host to receive the logs. is the recording equipment of the host with a valid range of local0~ local7. Command mode: Admin Mode Default: No log information output to the log host by default.
DCS-3950 series Ethernet switch manual 5.6.2.2.7 logging source Command: logging source {default|m_shell|sys_event} channel {console|logbuff| loghost|monitor} [ level {critical|debugging|notifications|warnings} [state {on|off}]] no logging source {default|m_shell|sys_event} channel {console|logbuff| loghost|monitor } Function: This command is used to add or remove logging source path. Parameters: m_shell is used to enable shell for logging output path.
DCS-3950 series Ethernet switch manual 5.6.3 System Log Configuration Example When managing VLAN the IPv4 address of the switch is 100.100.100.1, and the IPv4 address of the remote log server is 100.100.100.5. It is required to send the log information with a severity equal to or higher than warnings to this log server and save in the log record equipment local1, Output the log information of a module shell if its Severity Level is warning or critical.
DCS-3950 series Ethernet switch manual Filter Items: Module State Servirity shell On debugging Relative Command:logging on 5.6.4.1.2 show logging buffered Command:show logging buffered [] Function:Display detailed information of the channel of the log buffer Parameters: is the number of the log message to display Command mode:Privileged configuration mode. Default Setting:100 log messages will be displayed without any parameter.
DCS-3950 series Ethernet switch manual Command mode:Privileged configuration mode. Example: Switch# erase logging lastFailureInfo Relative Command:show logging lastFailureInfo 5.6.4.2 System Log troubleshooting Please check the following causes if any problem happens when using the system log: Check if the global log switch is on. Use the show channel command in the privileged mode to check the state of each channel and the state of the modules in filter items. 5.7 Classified Configuration 5.7.
DCS-3950 series Ethernet switch manual enable password level {visitor|admin} To set the password for logging to the configuration mode. 5.7.2.2 Classified Configuration Command list 5.7.2.2.1 Enable Command: Enable [level {visitor|admin} []] Function: Specify the security level for a user to access the switch, guest vistor or administrator. Parameters: is the corresponding password. Command mode: Normal user mode Default: switch is accessed as admin by default.
DCS-3950 series Ethernet switch manual Function: Disable the passwords Command mode: Global Mode. Parameters: is the password to be removed. Default: None Usage Guide: if is not configured, and the password to be deleted is for the admin user, then interactive dialog will be entered. If the password to be deleted belongs to visitor, the option can be obmitted. Example, Remove the password for the admin user, which is Password.
DCS-3950 series Ethernet switch manual 1. Set the uplink port Command Explanation isolate-port allowed ethernet no isolate-port allowed [ethernet ] Enable or disable the port isolation function. A uplink port list is needed to enable it. This command can be called more than once to set or cancel uplink ports. 5.8.2.
DCS-3950 series Ethernet switch manual Chapter 6 Cluster Configuration 6.1 Introduction to Cluster Network Management Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch).
DCS-3950 series Ethernet switch manual 1. Enable or disable cluster function 2. Create cluster 1) Create or delete cluster 2) Configure private IP address pool for member switches of the cluster 3) Add or remove a member switch 3. Configure attributes of the cluster in the commander switch 4.
DCS-3950 series Ethernet switch manual cluster auto-add enable no cluster auto-add enable Enable or disable adding newly discovered candidate switch to the cluster cluster holdtime < second> no cluster holdtime Set holdtime of heartbeat of the cluster cluster heartbeat no cluster heartbeat Set interval of sending heartbeat packets among the switches of the cluster clear cluster candidate-table Clear the list of candidate switches discovered by the commander switch 4.
DCS-3950 series Ethernet switch manual Switch (Config)#no cluster run 6.2.2.2 cluser register timer Command: cluster register timer no cluster register timer Function: Set interval of sending cluster register packet, the ‘no cluster register timer’ command restores the default setting. Parameters: valid range is 30 to 65535 in seconds,. Command mode: Global Mode. Default: Cluster register timer is 60 seconds by default.
DCS-3950 series Ethernet switch manual Default: There is no cluster by default. Command mode: Global Mode Usage Guide: This command sets the switch as a commander switch and creates a cluster. Before executing this command, users must configure a private IP address pool. If users executes this command again, the cluster’s name will be changed and this information is distributed to the member switches. If users execute this command in a member switch, an error will be displayed.
DCS-3950 series Ethernet switch manual Command mode: Global Mode Usage Guide: When this command is executed in the commander switch and the commander switch receives the cluster register packets sent by the new switch, the commander switch adds the candidate switch to the cluster. If this command is executed in a non-commander switch, an error will be displayed. Example: Enable the auto adding function in the commander switch. Switch(config)#cluster auto-add enable 6.2.2.
DCS-3950 series Ethernet switch manual Parameter: is the cluster ID of the member switch, valid rang is 1 to 23. Users can use ‘-’ or ‘;’ to input many . Default: None. Command mode: Admin Mode. Instructions: In the commander switch, users can use this command to reset a member switch. If this command is executed in a non-commander switch, an error will be displayed. Example: In the commander switch, reset the member switch 16. Switch#cluster reset member 16 6.2.2.
DCS-3950 series Ethernet switch manual Function: In the commander switch, set holdtime of heartbeat of the cluster; the ‘no cluster holdtime’ command restores the default setting. Parameter: is the holdtime of heartbeat of the cluster, valid range is 20 to 65535. The holdtime of heartbeat means the maximum valid time of heartbeat packets. When the heartbeat packets are received again, the holdtime is reset. If no heartbeat packets are received in the holdtime, the cluster is invalid.
DCS-3950 series Ethernet switch manual 6.3 Cluster configuration Example Master 网络工作站 Switch 1 Switch 2 Switch 3 Switch n Switch 4 …... 2000E Switch 5 Switch 6 Switch 7 Switch 8 Personal Computer Personal Computer Personal Computer Personal Computer Personal Computer Personal Computer Fig 6.1 Example of Cluster configuration: As above,Numbers of switches connect witch 7 host computers, amongst one Switch is the command switch and connect with the network station.
DCS-3950 series Ethernet switch manual 6.4 Cluster Administration Troubleshooting 6.4.1 Monitor and Debug Command List 6.4.1.1 show cluster Command: show cluster Function: Display the basic information of the member or command switch Parameter: None Default: None. Command mode: Admin Mode Usage Guide: The system will process this command separately for command switch, member switch and candidate switch. Example: 1. Show cluster information on the command switch.
DCS-3950 series Ethernet switch manual number of members that are down. Time since last status change Time since last status change. Heartbeat interval Interval for heartbeat. Heartbeat hold-time Hold-time for heartbeat. For the member switch Description Member switch for cluster Cluster name and role, is the name of the cluster Member number Management IP address ID for the member cluster. Public IP address for the command switch.
DCS-3950 series Ethernet switch manual 6.4.1.3 show cluster members Command: show cluster members Function: Display the statistic information of the joined members on the switch. Parameters: None. Default: None. Command mode: Admin Mode. Usage Guide: Executing this command on the switch will display the information of the joined member switches If this command is not executed on the command switch, error will be returned. Example: Show information for cluster members on the command switch.
DCS-3950 series Ethernet switch manual 6.4.1.5 debug cluster packets Command: debug cluster packets {register|build|heartbeat} {in|out} [detail] no debug cluster packets {register|build|heartbeat} {in|out} [detail] Function: Enable the debugging message of cluster admin receiving and sending packets; the ‘no’ form of this command disables the enabled debugging messages. Parameter: Register displays a register packet of cluster administration.
DCS-3950 series Ethernet switch manual Chapter 7 Port Configuration 7.1 Port Introduction Fig 7-1 Ports on DCS-3950-28CT The ports on DCS-3950 series are showed in the above picture (take DCS-3950-28CT as an example). DCS-3950-28CT provides 24+2+2 ports, 24 of which are 10/100Base-TX ethernet interfaces with fixed configuration, 2 of which are 1000Base-TX/1000Base-FX single/multi mode interfaces, the other 2 of which are 1000Base-TX stack interfaces.
DCS-3950 series Ethernet switch manual (1) Configure combo mode for combo ports (2) Enable/Disable ports (3) Configure port names (4) Configure port cable types (5) Configure port speed and duplex mode (6) Configure bandwidth control (7) Configure traffic control (8) Enable/Disable port loopback function (9) Configure Combo port mode 3. Set the packet suppression function 1.
DCS-3950 series Ethernet switch manual combo-forced-mode {copper-forced | copper-prefered-auto | sfp-forced | sfp-prefered-auto } no combo-forced-mode Sets combo port mode 3. Set the packet suppression function Command Explanation Port configuration mode packet-suppression {broadcast|brmc|brmcdlf|all} no packet-suppression Enable the packet suppresntion function of the switch, and set the max data traffic allowed to pass.
DCS-3950 series Ethernet switch manual multicasted flow. brmcdlf is for boradcasted or multicasted or DLF flow. all is for all types of flow. Command mode: Interface Mode Default: Frame is delivered at line speed by default. Usage Guide: With this command, bandwidth can be controlled for specific flow types. All ports in the switch belong to a same broadcast domain if no VLAN has been set.
DCS-3950 series Ethernet switch manual sfp-prefered-auto } no combo-forced-mode Function: Set to combo port mode (combo ports only); the ‘no combo-forced-mode’ command restores to default combo mode for combo ports, i.e., fiber ports first. Parameters: copper-forced forces use of copper cable port; copper-preferred-auto for copper cable port first; sfp-forced forces use of fiber cable port; sfp-preferred-auto for fiber cable port first.
DCS-3950 series Ethernet switch manual Example: Set ports 0/1/1,0/2/1 to fiber-forced Switch(Config)#interface ethernet 0/1/1;0/2/1 Switch(Config-Port-Range)#combo-forced-mode sfp-forced 7.2.1.2.5 flow control Command: flow control no flow control Function: Enable the flow control function for the port: the ‘no flow control’ command disables the flow control function for the port. Command mode: Interface Mode Default: Port flow control is disabled by default.
DCS-3950 series Ethernet switch manual normally. Example: Enable loopback test in Ethernet ports 0/0/1 -8. Switch(Config)#interface ethernet 0/0/1-8 Switch(Config-Port-Range)#loopback 7.2.1.2.8 mdi Command: mdi {auto|across|normal} no mdi Function: Set the cable types supported by the Ethernet port; the ‘no mdi’ command sets the cable type to auto-identification.
DCS-3950 series Ethernet switch manual Function: Shut down the specified Ethernet port; the ‘no shutdown’ command opens the port. Command mode: Interface Mode . Default: Ethernet port is open by default. Usage Guide: When Ethernet port is shut down, no data frames are sent in the port, and the port status displayed when the user types the ‘show interface’ command is ‘down’. Example: Open ports 0/0/1-8. Switch(Config)#interface ethernet 0/0/1-8 Switch(Config-Port-Range)#no shutdown 7.2.1.2.
DCS-3950 series Ethernet switch manual 7.2.2 VLAN Interface Configuration 7.2.2.1 VLAN Interface Configuration Task List 1. Enter VLAN Mode 2. Configure the IP address for VLAN interface and enable VLAN interface. 1. Enter VLAN Mode Command Explanation Global Mode interface vlan no interface vlan Enters VLAN Interface Mode; the ‘no interface vlan ‘ command deletes specified VLAN interface. 2. Configure the IP address for VLAN interface and enables VLAN interface.
DCS-3950 series Ethernet switch manual 7.2.2.2.2 ip address Command: ip address [secondary] no ip address [ ] [secondary] Function: Set the IP address and mask for the switch; the ‘no ip address [ ][secondary]’ command deletes the specified IP address setting. Parameters: is the IP address in decimal format; is the subnet mask in decimal format; [secondary] indicates the IP configured is a secondary IP address.
DCS-3950 series Ethernet switch manual RMON monitoring instrument is often attached to the mirror destination port to monitor and manage the network and diagnostic. DCS-3950 series switch support one mirror destination port only. The number of mirror source ports are not limited, one or more may be used. Multiple source ports can be within the same VLAN or across several VLANs. The destination port and source port(s) can be located in different VLANs. 7.2.3.2 Port Mirroring Configuration Task List 1. 2.
DCS-3950 series Ethernet switch manual source port ;both refers to the flow both into and out from the mirror source Command mode: Global Mode Usage Guide:This command is for configuring the source port of the mirror. There is no limitation on the DCS-3950 to the mirror source port, which can be one port or many ports, and not only can the bilateral flow be sent out from or received into the mirror source port, but also the sent and received flows are available on single mirror source port.
DCS-3950 series Ethernet switch manual 7.2.3.5.1 show monitor Command:show monitor Function:Display the source and destination port information of the image. Command mode:Admin Mode Usage Guide: Information about source and destination port can be displayed by this command.
DCS-3950 series Ethernet switch manual only or choose a port with greater throughput as the destination port. 7.3 Port Configuration Example Fig 7-2 Port Configuration Example Use default VLAN1 since VLAN is not configured on all of the switches.
DCS-3950 series Ethernet switch manual 7.4 Port Troubleshooting 7.4.1 Monitor and Debug Command List 7.4.1.1 clear counters ethernet Command: clear counters [ethernet ] Function:Clear counters information on Ethernet interface Parameters:is the port ID of Ethernet Command mode:Admin Mode Default: Do not delete the counters information on Ethernet interface Usage Guide: If interface name is not specified, all the interface statistics will be cleared.
DCS-3950 series Ethernet switch manual Interface 0/0/1 0/0/2 0/0/3 0/0/4 Link/Protocol UP/UP UP/UP UP/DOWN A-Down/DOWN Speed f-100M a-100M auto auto Duplex f-full a-full auto auto Vlan 1 trunk 1 1 Type G-TX G-TX G-TX G-TX Alias Name information showed meaning Interface Detail port number, no Ethernet prefix. Link/Protocol Port and protocol connect status, UP or DOWN, with ‘/’ in middle. A-DOWN in link means administratively down. Speed Port speed, the format is mode-rate.
DCS-3950 series Ethernet switch manual 0/0/4 IN OUT 0 0 0 0 information showed meaning Interface detail port number, no Ethernet prefix. IN / OUT direction Unicast Quantity of uicast BroadCast Quantity of broadcast MultiCast Quantity of multicast Err Err 0 0 0 0 7.4.1.
DCS-3950 series Ethernet switch manual Command:show interface ethernet counter Function:Show all Ethernet port packet and rate counter information. Parameters:None. Command mode:Admin Mode Usage Guide:first show packet counter information, and then rate counter information. Example:Show Ethernet port counter information.
DCS-3950 series Ethernet switch manual Chapter 8 MAC Table Configuration 8.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses.
DCS-3950 series Ethernet switch manual Fig 8.1 Dynamic Learning of MAC addresses. The topology of the figure above: 4 PCs connected to DCS-3950 series switch, where PC1 and PC2 belongs to a same physical segment (same collision domain), the physical segment connects to port 5 of DCS-3950 series switch; PC3 and PC4 belongs to the same physical segment that connects to port 12 of DCS-3950 series switch. The initial MAC table contains no address mapping entries.
DCS-3950 series Ethernet switch manual If PC1 sends a message to PC3, the switch will forward the data received on port 5 from port 12. 2. Filter data according to the MAC table If PC1 sends a message to PC2, the switch, on checking the MAC table, will find PC2 and PC1 are in the same physical segment and filter the message (i.e. drop this message).
DCS-3950 series Ethernet switch manual Parameter: < age> is the aging time in seconds, the valid range is 10 to 100000; 0 for no aging. Command mode: Global Mode Default: The system default aging time is 300 seconds. Usage Guide: If the aging time for mac address table is too short, switch performance may be interfered by the unnecessary broadcasting. If the aging time is set too long, some entries in the address table can not be removed when they are not valid.
DCS-3950 series Ethernet switch manual ethernet 0/0/5 8.2.3 mac-address-table blackhole Command:mac-address-table blackhole address vlan no mac-address-table blackhole [address ] [vlan ] Function:Add or modify filtering address entries,the ‘no mac-address-table blackhole [address ] [vlan ]’ deletes filtering address entries.
DCS-3950 series Ethernet switch manual Connect port 5 Connect port 11 Connect port 7 Connect port 9 Fig 8-2 MAC address table configuration example Scenario: Four PCs as shown in the above figure connect to port 5, 7, 9, 11 of switch, all the four PCs belong to the default VLAN1. As required by the network environment, dynamic learning is enabled.
DCS-3950 series Ethernet switch manual 8.4.1.1 show mac-address-table Command: show mac-address-table [static|aging-time|blackhole|count] [address ] [vlan ] [interface ] Parameter: static entry; aging-time address aging time; blackhole filtering entry; count address counter; entry’s MAC address; entry’s VLAN number; entry’s interface name Command mode: Admin Mode Default: MAC address table is not displayed by default.
DCS-3950 series Ethernet switch manual the data stream destined for that MAC address can flow in from the binding port, data stream destined for the other MAC addresses that not bound to the port will not be allowed to pass through the port. 8.5.1.2 MAC Address Binding Configuration 8.5.1.2.1 MAC Address Binding Configuration Task List 1. Enable MAC address binding function for the ports 2. Lock the MAC addresses for a port 3. MAC address binding property configuration 1.
DCS-3950 series Ethernet switch manual switchport port-security maximum no switchport port-security maximum switchport port-security violation {protect | shutdown} no switchport port-security violation Set the maximum number of secure MAC addresses for a port; the ‘no switchport port-security maximum ‘ command restores the default value. Set the violation mode for the port; the ‘ no switchport port-security violation ‘ command restores the default setting. 8.5.1.2.
DCS-3950 series Ethernet switch manual no switchport port-security lock Function: Lock down the specified port. If a port is locked, the MAC address learning of the port will be disabled. If no is put in front of this command, MAC address learning will be restored. Command mode: Interface Mode. Default: All interfaces are not locked by default. Usage Guide: This command is only available when the MAC address binding function of the port has been enabled.
DCS-3950 series Ethernet switch manual 8.5.1.2.2.6 clear port-security dynamic Command: clear port-security dynamic [address |interface ] Function: Clear the Dynamic MAC addresses of the specified port. Command mode: Admin Mode Parameters: stands MAC address; for specified port number. Usage Guide: The secure port must be locked before dynamic MAC clearing operation can be performed in specified port.
DCS-3950 series Ethernet switch manual address binding function is enabled. when the port secure MAC address exceeds the security MAC limit, if the violation mode is protect, the port only disable the dynamic MAC address learning function; while the port will be shut if at shutdown mode. Users can manually open the port with no shutdown command.
DCS-3950 series Ethernet switch manual 8.5.1.3.1.2 show port-security interface Command: show port-security interface Function: Display the secure MAC addresses of the port. Command mode: Admin Mode Parameter: stands for the port to be displayed Default: Configuration of Security Port is not be displayed Usage Guide: This command displays the detailed configuration information for the secure port.
DCS-3950 series Ethernet switch manual ------------------------------------------------------------------------------------------------------Total Addresses :1 Items Notes Vlan The VLAN ID for the secure MAC Address Mac Address Secure MAC address Type Secure MAC address type Ports The port that the secure MAC address belongs to Total Addresses Current secure MAC address number in the system. 8.5.1.3.
DCS-3950 series Ethernet switch manual Chapter 9 VLAN Configuration 9.1 Introduction to VLAN VLAN (Virtual Local Area Network) is a technology that divides the logical addresses of devices within the network to separate network segments basing on functions, applications or management requirements. By this way, virtual workgroups can be formed regardless of the physical location of the devices. IEEE announced IEEE 802.
DCS-3950 series Ethernet switch manual z Enhancing network security VLAN and GVRP (GARP VLAN Registration Protocol) defined by 802.1Q are implemented in DCS-3950 series switch. The chapter will describe the use and configuration of VLAN and GVRP in details. 9.2 VLAN Configuration 9.2.1 VLAN Configuration Task List 1. Creating or deleting VLAN 2. Specifying or deleting name of VLAN 3. Assigning Switch ports for VLAN 4. Set The Switch Port Type 5. Set Trunk port 6. Set Access port 7.
DCS-3950 series Ethernet switch manual Command Explanation Interface Mode switchport mode {trunk|access} Set the current port as Trunk or Access port. 5. Set Trunk port Command Explanation Interface Mode switchport trunk allowed vlan {|all} no switchport trunk allowed vlan switchport trunk native vlan no switchport trunk native vlan Set/delete VLAN allowed to be crossed by Trunk. The ‘no’ command restores the default setting. Set/delete PVID for Trunk port. 6.
DCS-3950 series Ethernet switch manual private-vlan association no private-vlan association Set/delete Private VLAN association 9.2.2 VLAN Configuration Command List 9.2.2.1 vlan Command: vlan no vlan Function: Create VLAN and enter the VLAN configuration mode. In VLAN mode, VLAN names can be set, and interface belonging to the VLAN can be specified. If no is put in front of the command, specified VLAN will be removed.
DCS-3950 series Ethernet switch manual front of the command, the specified port will be removed from the VLAN. Parameters: is for the VLAN ID of the port to be added to the VLAN, which is limited between 1 and 4094. Command mode: Port Mode. Default: All the switch ports belong to VLAN1 by default. Usage Guide: Only the access port on the switch can be added to the specified VLAN. And one access port can be added to only one VLAN at the same time. Example: Add the specified port to VLAN100.
DCS-3950 series Ethernet switch manual Switch(Config-ethernet0/0/5)#switchport mode trunk Switch(Config-ethernet0/0/5)#exit Switch(Config)#interface ethernet 0/0/8 Switch(Config-ethernet0/0/8)#switchport mode access Switch(Config-ethernet0/0/8)#exit 9.2.2.6 switchport trunk allowed vlan Command: switchport trunk allowed vlan {|all} no switchport trunk allowed vlan Function: Configure VLAN lists that can go through the trunk port.
DCS-3950 series Ethernet switch manual 9.2.2.8 vlan ingress enable Command: vlan ingress enable no vlan ingress enable Function: Enable the ingress rull for the VLAN, If no is put in front of the command, ingress rull well be disabled. Command mode: Port Mode. Default: The ingress rule is disabled by default. Usage Guide: If the ingress rule for the VLAN is enabled, the switch will check for each frame for the VLAN membership.
DCS-3950 series Ethernet switch manual Function: Set association of Private VLAN. If no is put in front of the command, Private VLAN association will be removed. Parameters: is the list of Secondary VLANs which are associated with the Primary VLAN. There can be two kinds of Secondary VLAN, the Isolated VLAN and the Community VLAN. And multiple VLANs can be separated by ‘;’ Command mode: VLAN configuration mode. Default: No association for Private VLAN is defined by default.
DCS-3950 series Ethernet switch manual VLAN100 VLAN2 Workstation VLAN200 Workstation IBM PC Desktop PC IBM PC Desktop PC Switch A Trunk Link Switch B VLAN200 Desktop PC VLAN100 IBM PC VLAN2 IBM PC Workstation Workstation Desktop PC Fig 9-2 Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requirements. The three VLANs are VLAN2, VLAN100 and VLAN200. Those three VLANs are cross two different location A and B.
DCS-3950 series Ethernet switch manual The configuration steps are listed below: Switch A: Switch(Config)#vlan 2 Switch(Config-Vlan2)#switchport interface ethernet 0/0/2-8 Switch(Config-Vlan2)#exit Switch(Config)#vlan 100 Switch(Config-Vlan100)#switchport interface ethernet 0/0/9-15 Switch(Config-Vlan100)#exit Switch(Config)#vlan 200 Switch(Config-Vlan200)#switchport interface ethernet 0/0/16-22 Switch(Config-Vlan200)#exit Switch(Config)#interface ethernet 0/0/23 Switch(Config-Ethernet0/0/23)#switchport mod
DCS-3950 series Ethernet switch manual Figure 9-3Typical VLAN Application Topology As shown in Fig 9-3, after being enabled on the user port, dot1q-tunnel assigns each user a SPVLAN identification (SPVID). Here the identification of user is 3. Same SPVID should be assigned for the same network user on different PEs. When packet reaches PE1 from CE1, it carries the VLAN tag 200-300 of the user internal network.
DCS-3950 series Ethernet switch manual 1. Configure the dot1q-tunnel function on the ports 2. Configure the type of protocol (TPID) on the ports 3. Configure the dot1q-tunnel type of the port. 1. Configure the dot1q-tunnel function on the ports Command Explanation Port mode dot1q-tunnel enable no dot1q-tunnel enable Enter/exit the dot1q-tunnel mode on the ports. 2.
DCS-3950 series Ethernet switch manual Function: Configure the type (TPID) of the protocol of switch trunk port. Parameter: None. Command mode: Global Mode. Default: TPID on the port is defaulted at 8100. Usage Guide: This function is to facilitate internetworking with equipments of other manufacturers. If the equipment connected with the switch trunk port sends data packet with a TPID of 9100, the port TPID will be set to 9100, Then switch will receive and process data packets normally.
DCS-3950 series Ethernet switch manual 9.3.3.4 show dot1q-tunnel Command: show dot1q-tunnel Function: Display the information of all the ports at dot1q-tunnel state. Parameters: None. Command mode: Admin Mode. Usage Guide: This command is used for displaying the information of the ports at dot1q-tunnel state. Example: Display current dot1q-tunnel state. Switch#show dot1q-tunnel Tpid: 9100 Port Type -------------------Ethernet0/0/1 Customer Ethernet0/0/20 Uplink 9.3.
DCS-3950 series Ethernet switch manual DCS-3950 (Config-Ethernet0/0/10)#exit DCS-3950 (Config)# PE2: DCS-3950 (Config)#vlan 3 DCS-3950 (Config-Vlan3)#switchport interface ethernet 0/0/1 DCS-3950 (Config-Vlan3)#exit DCS-3950 (Config)#dot1q-tunnel enable DCS-3950 (Config)#interface ethernet 0/0/1 DCS-3950 (Config-Ethernet0/0/1)#switchport dot1q-tunnel mode customer DCS-3950 (Config-Ethernet0/0/1)#exit DCS-3950 (Config)#interface ethernet 0/0/10 DCS-3950 (Config-Ethernet0/0/10)#switchport mode trunk DCS-3950 (
DCS-3950 series Ethernet switch manual original state. Protocol VLANs do not create new VLAN, but share with port-based VLANs. Once the packets enter these VLANs, they will be transmitted according to the same rules as port-based VLANs use. Classified by network layer protocols, different protocols can belongs to different VLANs. This is very attractive for those networks hoping to organize users aiming at specific applications and services.
DCS-3950 series Ethernet switch manual Command: protocol-vlan enable no protocol-vlan enable Function: Enable the protocol VLAN. If no is put in front of the command, the command will be disabled. Command mode: Global Mode Default: Protocol VLAN is disabled by default. Usage Guide: Protocol VLAN should be enabled before executing the following commands. Example: Enable the protocol VLAN. Switch #config Switch (Config)#protocol-vlan enable 9.4.3.
DCS-3950 series Ethernet switch manual 9.4.3.3 show protocol-vlan Command: show portocol-vlan Function: Display the configuration of Protocol-based VLAN on the switch Parameter: None Command mode: Admin Mode Usage Guide: Display the configuration of the protocol based VLAN for the switch. Priority is the priority of the ports. When this value equals to ‘ ‘, this value will be determined by the ports default configuration. Example: Show the configuration of the current protocol based VLANs.
DCS-3950 series Ethernet switch manual VLAN Name Type Status Ports ---- ------------ ---------- --------- ---------------------------------------1 default Static Active Ethernet0/0/1 Ethernet0/0/2 Ethernet0/0/3 Ethernet0/0/4 Ethernet0/0/5 Ethernet0/0/6 Ethernet0/0/7 Ethernet0/0/8 Ethernet0/0/9 Ethernet0/0/10 Ethernet0/0/11 Ethernet0/0/12 Ethernet0/0/13 Ethernet0/0/14 Ethernet0/0/15 Ethernet0/0/16 Ethernet0/0/17 Ethernet0/0/18 Ethernet0/0/19 Ethernet0/0/20 Ethernet0/0/21 Ethernet0/0/22 Ethernet0/0/23 Etherne
DCS-3950 series Ethernet switch manual Chapter 10 MSTP Configuration 10.1 Introduction to MSTP The MSTP (Multiple STP) is a new spanning-tree protocol which is based on the STP and the RSTP. It runs on all the bridges of a bridged-LAN. It calculates a common and internal spanning tree (CIST) for the bridge-LAN which consists of the bridges running the MSTP, the RSTP and the STP. It also calculates the independent multiple spanning-tree instances (MSTI) for each MST domain (MSTP domain).
DCS-3950 series Ethernet switch manual Fig 10-1 Understanding the CIST and MST Region In the above network, if the bridges are running the STP other the RSTP, one port between Bridge M and Bridge B should be blocked. But if the bridges in the yellow range run the MSTP and are configured in the same MST region, MSTP will treat this region as a bridge. Therefore, one port between Bridge B and Root is blocked and one port on Bridge D is blocked. 10.1.1.
DCS-3950 series Ethernet switch manual z CIST port roles: root port, designated port, alternate port and backup port z On top of those roles, each MSTI port has one new role: master port. The port roles in the CIST (root port, designated port, alternate port and backup port) are defined in the same ways as those in the RSTP. 10.1.3 MSTP Load Balance In a MSTP region, VLANs can be mapped to various instances. That can form various topologies.
DCS-3950 series Ethernet switch manual no spanning-tree mst priority Interface Mode spanning-tree mst cost no spanning-tree mst cost Set port path cost for specified instance spanning-tree mst port-priority no spanning-tree mst port-priority Set port priority for specified instance spanning-tree mst rootguard no spanning-tree mst rootguard Set root guard for specified instance.
DCS-3950 series Ethernet switch manual spanning-tree maxage
DCS-3950 series Ethernet switch manual spanning-tree tcflush enable spanning-tree tcflush disable spanning-tree tcflush protect no spanning-tree tcflush Enable: the spanning-tree flush once the topology changes. Disable:the spanning tree don’t flush when the topology changes.
DCS-3950 series Ethernet switch manual 10.2.2.3 instance vlan Command: instance vlan no instance [vlan ] Function: In MSTP region mode, create the instance and set the mappings between VLANs and instances; the command ‘no instance [vlan ]’ removes the specified instance and the specified mappings between the VLANs and instances. Parameter: Normally, sets the instance number.
DCS-3950 series Ethernet switch manual no revision-level Function: In MSTP region mode, this command is to set revision level for MSTP configuration; the command ‘no revision-level’ restores the default setting to 0. Parameter: is revision level. The valid range is from 0 to 65535. Command mode: MSTP region mode Default: The default revision level is 0. Usage Guide: This command is to set revision level for MSTP configuration.
DCS-3950 series Ethernet switch manual Switch(Config)#spanning-tree forward-time 20 10.2.2.8 spanning-tree hello-time Command: spanning-tree hello-time
DCS-3950 series Ethernet switch manual Usage Guide: The lifetime of BPDU is called max age time. The max age is co working with hello time and forward delay. The parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly. 2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds) Example: In global mode, set max age time to 25 seconds. Switch(Config)#spanning-tree maxage 25 10.2.2.
DCS-3950 series Ethernet switch manual Function: Set the spanning-tree mode in the switch; The command ‘no spanning-tree mode’ restores the default setting. Parameter: mstp sets the switch in IEEE802.1s MSTP mode; stp sets the switch in IEEE802.1D STP mode. Command mode: Global Mode Default: The switch is in the MSTP mode by default. Usage Guide: When the switch is in IEEE802.1D STP mode, it only sends standard IEEE802.1D BPDU and TCN BPDU. It drops any MSTP BPDUs. Example: Set the switch in the STP mode.
DCS-3950 series Ethernet switch manual Command mode: Interface Mode Default: By default, the port cost is relevant to the port bandwidth.
DCS-3950 series Ethernet switch manual Function: Set the bridge priority for the specified instance; The command ‘no spanning-tree mst priority’ restores the default setting. Parameters: sets instance ID. The valid range is from 0 to 48; sets the switch priority. The valid range is from 0 to 61440. The value should be the multiples of 4096, such as 0, 4096, 8192…61440. Command mode: Global Mode Default: The default bridge priority is 32768.
DCS-3950 series Ethernet switch manual Usage Guide: When a port is set to be a boundary port, the port converts its status from discarding to forwarding without bearing forward delay. Once the boundary port receives the BPDU, the port becomes a non-boundary port. Example: Set port 0/0/2 as boundary ports. Switch(Config)#interface ethernet 0/0/2 Switch(Config-Ethernet-0/0/2)#spanning-tree portfast bpdufilter Switch(Config-Ethernet-0/0/2)# 10.2.2.
DCS-3950 series Ethernet switch manual 10.2.2.21 spanning-tree digest-snooping Command: spanning-tree digest-snooping no spanning-tree digest-snooping Function: Configure the port to use the authentication string of partner port .the command ‘no spanning-tree digest-snooping’restores to use the port generated authentication string. Default: Don’t use the authentication string of partner port .
DCS-3950 series Ethernet switch manual Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended. Example: Switch(Config)#spanning-tree tcflush disable Switch(Config)# 10.2.2.23 spanning-tree tcflush (port mode) Command: spanning-tree tcflush {enable| disable| protect} no spanning-tree tcflush Function: Configure the spanning-tree flush mode for port once the topology changes .
DCS-3950 series Ethernet switch manual SW1 1 1 5 SW2 2 2 2x 3 3x 1 6 4 6x 4 5x 7 SW3 7x SW4 Figure 10-2 Typical MSTP Application Scenario The connections among the switches are shown in the above figure. All the switches run in the MSTP mode by default, their bridge priority, port priority and port route cost are all in the default values (equal).
DCS-3950 series Ethernet switch manual By default, the MSTP establishes a tree topology (in blue lines) rooted with SwitchA. The ports marked with ‘x’ are in the discarding status, and the other ports are in the forwarding status. Configurations Steps: Step 1: Configure port to VLAN mapping: z Create VLAN 20, 30, 40, 50 in SW2, SW3 and SW4. z Set ports 1-7 as trunk ports in SW2, SW3 and SW4. Step 2: Set SW2, SW3 and SW4 in the same MSTP: z Set SW2, SW3 and SW4 to have the same region name as mstp.
DCS-3950 series Ethernet switch manual SW3(Config)#vlan 40 SW3(Config-Vlan40)#exit SW3(Config)#vlan 50 SW3(Config-Vlan50)#exit SW3(Config)#spanning-tree mst configuration SW3(Config-Mstp-Region)#name mstp SW3(Config-Mstp-Region)#instance 3 vlan 20;30 SW3(Config-Mstp-Region)#instance 4 vlan 40;50 SW3(Config-Mstp-Region)#exit SW3(Config)#interface e 0/0/1-7 SW3(Config-Port-Range)#switchport mode trunk SW3(Config-Port-Range)#exit SW3(Config)#spanning-tree SW3(Config)#spanning-tree mst 3 priority 0 On SW4: SW4(
DCS-3950 series Ethernet switch manual discarding. The other ports are the status of forwarding. Because the instance 3 and the instance 4 are only valid in the MSTP region, the following figure only shows the topology of the MSTP region.
DCS-3950 series Ethernet switch manual Figure 10-4 The Topology Of the Instance 3 after the MSTP Calculation SW2 5x 2 2x 3 3x 6 4 6 4 7x SW3 7 5 SW4 Figure 10-5 The Topology Of the Instance 4 after the MSTP Calculation 10.4 MSTP Troubleshooting 10.4.1 Monitor and Debug Command List 10.4.1.1 show spanning-tree Command: show spanning-tree [mst []] [interface ] [detail] Function: Display the MSTP Information. Parameter: sets the instance ID.
DCS-3950 series Ethernet switch manual ########################### Instance 0 ########################### Self Bridge Id : 32768 - 00:03:0f:01:0e:30 Root Id : 16384.00:03:0f:01:0f:52 Ext.RootPathCost : 200000 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID : 128.1 Current port list in Instance 0: Ethernet0/0/1 Ethernet0/0/2 (Total 2) PortName ID ExtRPC IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --------- --- ---- ------------------ ------Ethernet0/0/1 128.
DCS-3950 series Ethernet switch manual Bridge MAC Bridge MAC address Bridge Times Max Age, Hello Time and Forward Delay of the bridge Force Version Version of STP Instance Information Self Bridge Id The priority and the MAC address of the current bridge for the current instance Root Id The priority and the MAC address of the root bridge for the current instance Ext.RootPathCost Total cost from the current bridge to the root of the entire network Int.
DCS-3950 series Ethernet switch manual 03 30 04 40 ---------------------------------- 10.4.1.3 show mst-pending Command: show mst-pending Function: In the MSTP region mode, display the configuration of the current MSTP region. Command mode: MSTP region mode Usage Guide: In the MSTP region mode, display the configuration of the current MSTP region such as MSTP name, revision, VLAN and instance mapping. Note: Before quitting the MSTP region mode, the displayed parameters may not be effective.
DCS-3950 series Ethernet switch manual 10.4.2 MSTP Troubleshooting z In order to run the MSTP on the switch port, the MSTP has to be enabled globally. If the MSTP is not enabled globally, it can’t be enabled on the port. z The MSTP parameters co work with each other, so the parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly. 2×(Bridge_Forward_Delay -1.0 seconds) >= Bridge_Max_Age Bridge_Max_Age >= 2 ×(Bridge_Hello_Time + 1.
DCS-3950 series Ethernet switch manual Chapter 11 IGMP Snooping 11.1 Introduction to IGMP Snooping IGMP (Internet Group Management Protocol) is a protocol used in IP multicast. IGMP is used by multicast enabled network device (such as a router) for host membership query, and by hosts that are joining a multicast group to inform the router to accept packets of a certain multicast address. All those operations are done through IGMP message exchange. The router will use a multicast address (224.0.0.
DCS-3950 series Ethernet switch manual ‘command will disalbe IGMP function on the sepcified vlan. Ip igmp snooping vlan < vlan-id > limit {group | source } No ip igmp snooping vlan < vlan-id > limit Set the max number of the groups IGMP snooping can join and the max number of sources each group can have.’ No ip igmp snooping vlan < vlan-id > limit ‘ will reset it to default value.
DCS-3950 series Ethernet switch manual tatic-group interface {[ethernet|port-channel] No ip igmp snooping vlan tatic-group interface {[ethernet|port-channel] the ‘No ip igmp snooping vlan tatic-group interface {[ethernet|port-channel] command will cancel the configuration. 11.2.2 IGMP Snooping configuration Command List 11.2.2.
DCS-3950 series Ethernet switch manual Command: ip igmp snooping vlan immediate-leave no ip igmp snooping vlan immediate-leave Function: Enable the IGMP fast leave function for the specified VLAN: the ‘no ip igmp snooping vlan immediate-leave’ command disables the IGMP fast leave function. Parameter: is the VLAN number specified, ranging between <1-4094>. Command mode: Global Mode Default: This function is disabled by default.
DCS-3950 series Ethernet switch manual Command mode: Global Mode Default: IGMP Snooping is disabled by default. Usage Guide: When number of joined group reaches the limit, new group requesting for joining in will be rejected for preventing hostile attacks. To use this command, IGMP snooping must be enabled on vlan. The ‘no’ form of this command restores the default other than set to ‘no limit’. For the safety considerations, this command will not be configured to ‘no limit’.
DCS-3950 series Ethernet switch manual To use this command, IGMP Snooping of this vlan should be enabled previously. Example: Switch(config)#ip igmp snooping vlan 2 mrpt 100 Switch(config)#ip igmp snooping vlan 2 mrpt 100 11.2.2.
DCS-3950 series Ethernet switch manual Example: Switch(config)#ip igmp snooping vlan 2 query- robustness 3 11.2.2.11 ip igmp snooping vlan suppression-query-time Command: ip igmp snooping vlan suppression-query-time no ip igmp snooping vlan suppression-query-time Function: Configure the suppression query time.
DCS-3950 series Ethernet switch manual Fig 11-1 Enabling IGMP Snooping function Example: As shown in the above figure, a VLAN 100 is configured in the switch and includes ports 1, 2, 6, 10 and 12. Four hosts are connected to port 2, 6, 10, 12 respectively and the multicast router is connected to port 1.
DCS-3950 series Ethernet switch manual Scenario 2:IGMP L2-general-querier Fig 11-2 The switches as IGMP Queries The configuration of Switch2 is the same as the switch in scenario 1, SwitchA takes the place of Multicast Router in scenario 1. Let’s assume VLAN 60 is configured in SwitchA, including ports 1, 2, 6, 10 and 12. Port 1 connects to the multicast server, and port 2 connects to Switch2. In order to send Query at regular interval, IGMP query must enabled in Global mode and in VLAN60.
DCS-3950 series Ethernet switch manual Multicast Configuration The same as scenario 1. IGMP Snooping listening result: Similar to scenario 1. 11.4 IGMP Snooping Troubleshooting 11.4.1 IGMP Snooping Monitor and Debug Command List 11.4.1.
DCS-3950 series Ethernet switch manual is enabled. Igmp snooping is turned on for vlan 1(querier) Which vlans of the switch enable igmp snooping function, and whether they are l2-general-queriers 2.
DCS-3950 series Ethernet switch manual Command: show mac-address-table multicast Function: Show the multicast MAC address table messages Parameter: None Command mode: Admin Mode Default: Not showing the multicast MAC address and port mapping by system default Usage Guide: This command shows multicast MAC address table messages of current switch Example: Show the multicast mapping in vlan 100 Vlan Mac Address Type Creator Ports ------ --------------------------- -------- ------------ -----------------------1
DCS-3950 series Ethernet switch manual Chapter 12 Multicast VLAN Configuration 12.1 Multicast VLAN Introduction Based on the current multicast program ordering method, when users in different VLANs order programs, each VLAN will copy a multicast stream within itself. This method will waste lots of bandwidth.
DCS-3950 series Ethernet switch manual ‘ command will disable the IGMP Snooping function of the multicast vlan. ip igmp snooping no ip igmp snooping Start the IGMP Snooping function. The ‘no ip igmp snooping‘ command will disable the IGMP Snooping function globally. 12.2.2 Multicast VLAN Configuration Command List 12.2.2.1 multicast-vlan Command: multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN; the ‘no’ form of this command disables the multicast VLAN function.
DCS-3950 series Ethernet switch manual Switch(config)#vlan 2 Switch (Config-Vlan2)#multicast-vlan Switch (Config-Vlan2)# multicast-vlan association 3, 4 12.3 Multicast VLAN Example SWITCHB SWITCHA Work Station PC1 PC2 Fig 12-1 The function configuration of multicast VLAN As showed in the picture above, multicast server connects to a 3-layer switch switchA via port 0/0/1,and the port 0/0/1 belongs to the vlan10 of the switch. 3-lay switch switchA connects to 2-layer switch switchB via port .
DCS-3950 series Ethernet switch manual SwitchB (config)#vlan 100 SwitchB (config-vlan100)#switchport access ethernet 0/0/15 SwitchB (config-vlan100)exit SwitchB#config SwitchB (config)#vlan 101 SwitchB (config-vlan101)#switchport access ethernet 0/0/20 SwitchB (config-vlan101)exit SwitchB (config)# interface ethernet 0/0/10 SwitchB (Config-Ethernet0/0/10)#switchport mode trunk SwitchB (Config-Ethernet0/0/10)#exit SwitchB (config)#vlan 20 SwitchB (config-vlan20)#multicast-vlan SwitchB (config-vlan20)#multica
DCS-3950 series Ethernet switch manual Chapter 13 DCSCM Configuraion 13.1 DCSCM Introduction DCSCM(security control multicast)technology includes three respects: multicast source controllabillity, multicast users controllabillity and the service-priority-oriented multicast policy.
DCS-3950 series Ethernet switch manual Configuration of source control can be divided into three parts, the first is to enable the source control globally, the following is the command to do this: Command Explantation Global configuration mode [no] ip multicast source-control(necessary) Enable the source control globally, the ‘[no] ip multicast source-control’ command will disable the source control globally.
DCS-3950 series Ethernet switch manual destination control, the switch will not broadcast the multicast data it receives. So, we should avoid connecting two or more other 3-layer switches to a switch with destination control enabled within one VLAN.The following is the command to configure: Command Explantation Global configuration mode [no] ip multicast destination-control(necessary) Enable the destination globally.
DCS-3950 series Ethernet switch manual 3. Configuration of mulicast policy Mulicast policy satisfies the demand of special users by designating priority for specified multicast data. What calls for attention is that multicast data can only be taken special care when it is transmitted on TRUNK .
DCS-3950 series Ethernet switch manual ACLs, and use wildcard character to configure address range, and also specify a host address or all address. Remarkable, ‘all address’ is 224.0.0.0/4 according to group IP address, not 0.0.0.0/0 in other access-list. Example: 0.0.0.255 Switch(Config)#access-list 5000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 13.2.2.
DCS-3950 series Ethernet switch manual Command: ip multicast source-control no ip multicast source-control Function: Configure to globally enable multicast source control, the ‘no ip multicast source-control’ command restores global multicast source control disabled.
DCS-3950 series Ethernet switch manual Command mode: Port Mode Usage Guide: The command is only working under global multicast destination-control enabled, after configuring the command, if IGMP-SPOOPING is enabled, for adding the interface to multicast group, and match configured access-list, such as matching: permit, the interface can be added, otherwise do not be added. Example: Switch(Config)#interface ethernet 0/0/1 Switch(Config-Ethernet0/0/1)#ip multicast destination-control access-group 6000 13.2.
DCS-3950 series Ethernet switch manual Default: None Command mode: Global Mode Usage Guide: The command is only working under global multicast destination-control enabled, after configuring the command, if IGMP-SPOOPING or IGMP is enabled, for adding the members to multicast group. If configuring multicast destination-control on specified net segment of transmitted igmp-report, and match configured access-list, such as matching permit, the interface can be added, otherwise do not be added.
DCS-3950 series Ethernet switch manual Command mode: Global Mode Usage Guide: The command configuration modifies to a specified value through the switch matching priority of specified range multicast data package, and the TOS is specified to the same value simultaneously. Carefully, the packet transmitted in UNTAG mode does not modify its priority. Example: Switch(Config)#ip multicast policy 10.1.1.0 0.0.0.255 225.1.1.0 0.0.0.255 cos 7 13.3 DCSCM Typical Example 1.
DCS-3950 series Ethernet switch manual it will be at priority 4(usually it is a high priority, the higher might be protocol data, but if we set higher priority, when there is too much multicast data, may cause abnormal behavior of the switch protocol) 13.4 DCSCM Troubleshooting 13.4.1 DCSCM Debug and Monitor Command List 13.4.1.
DCS-3950 series Ethernet switch manual 13.4.1.3 show ip multicast policy Command: show ip multicast policy Function: Display the configured multicast policy. Parameters: None. Default:None. Command mode:Admin Mode Usage Guide: The command displays multicast policy of configuration Example: Switch#show ip multicast policy ip multicast-policy 10.1.1.0 0.0.0.255 225.0.0.0 0.255.255.255 cos 5 13.4.1.
DCS-3950 series Ethernet switch manual detail option, and access-list information applied in detail. Example: Switch (Config)#show ip multicast destination-control ip multicast destination-control is enabled ip multicast destination-control 11.0.0.0 0.255.255.255 access-group 6003 ip multicast destination-control 1 00-03-05-07-09-11 access-group 6001 multicast destination-control access-group 6000 used on interface Ethernet 0/0/1 13.4.
DCS-3950 series Ethernet switch manual Chapter 14 802.1x Configuration 14.1 Introduction to 802.1x IEEE 802.1x is a port-based network access management method, which authenticates and manages the accessing devices on the physical access level of the LAN device. The physical access level here is the ports of the switch.
DCS-3950 series Ethernet switch manual authenticating packets. A managed port will be in the connected status when authorized to transfer commutation packets; and is shutdown when not authorized, and cannot transfer any packets. In the IEEE 802.1x application environment, DCS-3950 series is used as the access management unit, and the user connection device is the device with 802.1x client software. An authenticating server usually resides in the Carrier’s AAA center and usually is a Radius server.
DCS-3950 series Ethernet switch manual Global Mode aaa enable no aaa enable Enables the AAA authentication function in the switch; the ‘no aaa enable’ command disables the AAA authentication function. aaa-accounting enable no aaa-accounting enable Enables the accounting function in the switch; the ‘no aaa-accounting enable’ command disables the accounting function aaa-accounting update {enable|disable} Enables/disables accounting update dot1x enable no dot1x enable Enables the 802.
DCS-3950 series Ethernet switch manual Sets the port access management method; dot1x port-method {macbased | portbased | userbased { standard | advanced}} the ‘no dot1x port-method’ command restores MAC-based access management.
DCS-3950 series Ethernet switch manual disable the 802.1x freevlan function. 3. Supplicant related property configuration Command Explanation Global Mode dot1x max-req no dot1x max-req dot1x re-authentication no dot1x re-authentication Sets the number of EAP request/MD5 frame to be sent before the switch re-initials authentication on no supplicant response, the ‘no dot1x max-req’ command restores the default setting.
DCS-3950 series Ethernet switch manual radius-server accounting host [[port {}] [primary]] no radius-server accounting host Specifies the IP address or IPv6 address and listening port number for RADIUS accounting server; the ‘no radius-server authentication host ‘ command deletes the RADIUS server 3) Configure RADIUS Service parameters.
DCS-3950 series Ethernet switch manual Command mode: Global Mode Default: AAA accounting is not enabled by default. Usage Guide: When accounting is enabled in the switch, accounting will be performed according to the traffic or online time for port the authenticated user is using.
DCS-3950 series Ethernet switch manual Only the authentication request initialed by the users in the dot1x address filter table will be accepted, the rest will be rejected. Example: Add MAC address 00-01-34-34-2e-0a to the filter table of Ethernet 0/0/5. Switch(Config)#dot1x accept-mac 00-01-34-34-2e-0a interface ethernet 0/0/5 14.2.2.5 dot1x bpdu-forward enable Command: dot1x bpdu-forward enable no dot1x bpdu-forward enable Function: Enable the forwarding of 802.1x authentication on the switch.
DCS-3950 series Ethernet switch manual Usage Guide: The 802.1x authentication for the switch must be enabled first to enable 802.1x authentication for the respective ports. If Spanning Tree or MAC binding is enabled on the port, or the port is a Trunk port or member of port aggregation group, 802.1x function cannot be enabled for that port unless such conditions are removed. Example: Enable the 802.1x function of the switch and enable 802.1x for port 0/0/12.
DCS-3950 series Ethernet switch manual Command: dot1x macfilter enable no dot1x macfilter enable Function: Enables the dot1x address filter function in the switch; the ‘no dot1x macfilter enable’ command disables the dot1x address filter function. Command mode: Global Mode Default: dot1x address filter is disabled by default. Usage Guide: When dot1x address filter function is enabled, the switch will filter the authentication user by the MAC address.
DCS-3950 series Ethernet switch manual 14.2.2.12 dot1x max-user userbased Command: dot1x max-user userbased no dot1x max-user userbased Function:Set the upper limit of the number of users allowed to access the specified port when using user-based access control mode; the ‘no dot1x max-user userbased’ command is used to reset the default value. Parameters: the maximum number of users allowed to access the network, ranging from 1 to 1~256. Command mode:Interface Mode.
DCS-3950 series Ethernet switch manual sets port-based access management. Command mode: Interface Mode Default: None. Usage Guide: For MAC-based access management, Multi-user is allowed to authenticate.For port-based access management only one user is allowed to authenticate.For both MAC-based and port-based access management, None of the network resource is available for unauthorized user.
DCS-3950 series Ethernet switch manual Usage Guide: This command is an Admin Mode command. It makes the switch to re-authenticate the client at once without waiting for re-authentication timer timeout. This command is no longer valid after authentication. Example: Enable real-time re-authentication on port 0/0/8. Switch#dot1x re-authenticate interface ether 0/0/8 14.2.2.
DCS-3950 series Ethernet switch manual Usage Guide: dot1x re-authentication must be enabled first before supplicant re-authentication interval can be modified. If authentication is not enabled for the switch, the supplicant re-authentication interval set will not take effect. Example: Set the re-authentication time to 1200 seconds. Switch(Config)#dot1x timeout re-authperiod 1200 14.2.2.
DCS-3950 series Ethernet switch manual is the subnet mask in dotted decimal notation. Command mode: Globle Mode. Default: no free resource set. Usage guide: The command is used only for dot1x port-methods user-based access management. For dot1x port-methods userbased access management, the unauthorized user can access the free-resource set by the command. For dot1x port-methods port-based and MAC-based access management, none of resource is accessible for unauthorized user.
DCS-3950 series Ethernet switch manual Command: radius-server authentication host [port ] [primary] no radius-server authentication host ip-address > Function: Specify the IP address and listening port number for the RADIUS server; the ‘no radius-server authentication host ‘ command deletes the RADIUS authentication server Parameters: stands for the server IP address; for listening port number, from 0 to 65535, where 0 stands for non-authenti
DCS-3950 series Ethernet switch manual no radius-server key Function: Specify the key for the RADIUS server (authentication and accounting); the ‘no radius-server key’ command deletes the key for RADIUS server. Parameters: is a key string for RADIUS server, up to 16 characters are allowed. Command mode: Global Mode Usage Guide: The key is used in the encrypted communication between the switch and the specified RADIUS server.
DCS-3950 series Ethernet switch manual waiting time, the switch resends the request packet or sets the server as invalid according to the current conditions. Example: Set the RADIUS authentication timeout timer value to 30 seconds. Switch(Config)# radius-server timeout 30 14.2.2.29 radius-server realtime-accounting timer Command:radius-server realtime-accounting timer Function:Set the interval of sending accounting messages. the no operation of this command will reset to the default configuration.
DCS-3950 series Ethernet switch manual port 1812 and port 1813. The Digital China IEEE802.1x authentication client software is installed on the computer to implement IEEE802.1x authentication。 The following is the procedure of configuration: Switch(Config)#interface vlan 1↵ Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0↵ Switch(Config-if-vlan1)#exit↵ Switch(Config)#radius-server authentication host 10.1.1.3↵ Switch(Config)#radius-server accounting host 10.1.1.
DCS-3950 series Ethernet switch manual .Is Server Dead = 0 .Socket No = 0 authentication server[1].Host IP = 192.168.1.218 .Udp Port = 1812 .Is Primary = 0 .Is Server Dead = 0 .Socket No = 0 accounting server sum = 2 accounting server[0].Host IP = 30.1.1.30 .Udp Port = 1813 .Is Primary = 1 .Is Server Dead = 0 .Socket No = 0 accounting server[1].Host IP = 192.168.1.218 .Udp Port = 1813 .Is Primary = 0 .Is Server Dead = 0 .
DCS-3950 series Ethernet switch manual server. Retransmit Displays the retransmission times for RADIUS server authentication packets. Dead Time Displays the down-restoration time for RADIUS server. Account Time Interval Displays accounting time interval. 14.4.1.2 show aaa authenticated-user Command: show aaa authenticated-user Function: Display the authenticated users online.
DCS-3950 series Ethernet switch manual Parameters: authencated-user displays the authenticated users online; authencating-user displays the authenticating users. Command mode: Admin Mode Usage Guide: The statistics for RADIUS authentication users can be displayed with the ‘show radius count’ command. Example: 1. Display the statistics for RADIUS authenticated users. Switch #show radius authencated-user count The authencated online user num is: 1 2.
DCS-3950 series Ethernet switch manual Notify DCBI is 0 Displayed information Explanation Global 802.1x Parameters Global 802.
DCS-3950 series Ethernet switch manual no debug aaa packet {send|receive|all} interface {[ethernet] } Function:Enable the information on receiving/sending packets of aaa; the ‘no debug aaa packet {send|receive|all} interface {[ethernet] }’ command is used to disable the information on receiving/sending packets of aaa.
DCS-3950 series Ethernet switch manual } no debug dot1x packet {send|receive|all} interface {[ethernet] } Function:Enable the information on receiving/sending packets of dot1x; the ‘ no debug dot1x packet {send|receive|all} interface {[ethernet] } ‘ command is to disable the information on receiving/sending packets of dot1x.
DCS-3950 series Ethernet switch manual authentication state machine information;all represents all the state machine information; is the name of interface. Usage Guide: None. Example: Enable debugging for dot1x state machines. Switch#debug dot1x fsm asm interface 0/0/1 14.4.2 802.1x Troubleshooting It is possible that 802.1x be congfigured on ports and 802.1x authentication be setted to auto,but switch cann’t be to authenticated state after the user runs 802.1x supplicant software.
DCS-3950 series Ethernet switch manual Chapter 15 ACL Configuration 15.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguarding the security of networks. The user can lay down a set of rules according to some information specific to packets, each rule describes the action for a packet with certain information matched: ‘permit’ or ‘deny’.
DCS-3950 series Ethernet switch manual The following rules apply: z An access-list can consist of several rules. Filtering of packets compares packet conditions to the rules, from the first rule to the first matched rule; the rest of the rules will not be processed. z Global default action applies only to IP packets in the incoming direction on the ports. For non- incoming IP packets and all outgoing packets, the default forward action is ‘permit’.
DCS-3950 series Ethernet switch manual c) Exit MAC-IP Configuration Mode 2. Configuring the packet filtering function (1) Enable global packet filtering function (2) Configure default action. 3. Configuring time range function (1) Create the name of the time range (2) Configure periodic time range (3) Configure absolute time range 4. Bind access-list to a specific direction of the specified port. 1.
DCS-3950 series Ethernet switch manual access-list {deny | permit} tcp {{ } | any-source | {host-source }} [s-port ] {{ } | any-destination | {host-destination }} [d-port ] [ack+fin+psh+rst+urg+syn] [precedence ] [tos ][time-range] Creates a numbered TCP extended IP access rule; if the numbered extended access-list of specified number does not exist, then an access-list will be created using this number.
DCS-3950 series Ethernet switch manual Command Explanation Standard IP ACL Mode Exits name-based standard IP ACL configuration mode Exit (4)Configuring an name-based extended IP access-list a.
DCS-3950 series Ethernet switch manual [no] {deny | permit} udp {{ } | any-source | {host-source }} [sPort ] {{ } | any-destination | {host-destination }} [d-port ] [precedence ] [tos ][time-range] [no] {deny | permit} {eigrp | gre | igrp | ipinip | ip | } {{ } | any-source | {host-source }} {{ } | any-destination | {host-destination }} [precedence ] [tos
DCS-3950 series Ethernet switch manual access-list {deny|permit} {any-source-mac| {host-source-mac}|{}}{any-destination-m ac|{host-destination-mac }|{} }[{untagged-eth2|tagged-eth2|untagge d-802.3|tagged-802.
DCS-3950 series Ethernet switch manual [no]{deny|permit}{any-source-mac|{ho st-source-mac }|{} } {any-destination-mac|{host-destinatio n-mac }|{} } [untagged-802.
DCS-3950 series Ethernet switch manual access-list{deny|permit}{any-s ource-mac| {host-source-mac}|{}} {any-destination-mac|{host-destinatio n-mac }|{} }icmp {{}|any-so urce| {host-source}} {{ }|any-destination| {host-destination }}[ []] [precedence ] [tos ][time-range] Creates a numbered mac-ic
DCS-3950 series Ethernet switch manual access-list{deny|permit}{any-s ource-mac| {host-source-mac}|{}}{any-destination-m ac|{host-destination-mac }|{} }tcp {{}|any-so urce| {host-source}}[s-port ] {{ }|any-destination| {host-destination }} [d-port ] [ack+fin+psh+rst+urg+syn] [precedence ] [tos ][time-range
DCS-3950 series Ethernet switch manual access-list{deny|permit}{any-s ource-mac| {host-source-mac}|{}} {any-destination-mac|{host-destinatio n-mac }|{} } {eigrp|gre|igrp|ip|ipinip|ospf|{}} {{}|any-so urce| {host-source}} {{ }|any-destination| {host-destination }} [precedence ] [tos ][time-range] Create
DCS-3950 series Ethernet switch manual [no] {deny|permit} {any-source-mac|{host-source-mac }|{} } {any-destination-mac|{host-destinatio n-mac }|{} }icmp {{}|any-so urce| {host-source}} {{ }|any-destination| {host-destination }} [ []] [precedence ] [tos ][time-range] [no]{deny|permit}{any-source-mac|{ho
DCS-3950 series Ethernet switch manual [no]{deny|permit}{any-source-mac|{ho st-source-mac }|{} } {any-destination-mac|{host-destinatio n-mac }|{} }tcp {{}|any-so urce| {host-source}}[s-port ] {{ }|any-destination| {host-destination }} [d-port ] [ack+fin+psh+rst+urg+syn] [precedence ] [tos ][time-range] [no]{de
DCS-3950 series Ethernet switch manual [no]{deny|permit}{any-source-mac|{ho st-source-mac }|{} } {any-destination-mac|{host-destinatio n-mac }|{} } {eigrp|gre|igrp|ip|ipinip|ospf|{}} {{}|any-so urce| {host-source}} {{ }|any-destination| {host-destination }} [precedence ] [tos ][time-range] c) Exit MAC-IP Conf
DCS-3950 series Ethernet switch manual Global Mode time-range Create a time range named time_range_name no time-range Stop the time range function named time_range_name (2)Configure periodic time range Command Explanation Time range Mode absolute-periodic{Monday|Tuesday|W ednesday|Thursday|Friday|Saturday|S unday}to {Monday|Tuesday|Wednesday|Thursd ay|Friday|Saturday|Sunday} periodic{{Monday+Tuesday+Wednesd ay+Thursday+Friday+Saturday+Sunda y}
DCS-3950 series Ethernet switch manual {ip|mac|mac-ip} access-group {in|out} no {ip|mac|mac-ip} access-group {in|out} Applies an access-list to the specified direction on the port; the ‘no {ip|mac|mac-ip} access-group {in|out}’ command deletes the access-list bound to the port. 5. Clear the filtering information of the specificed port Command Notes Admin Mode clear access-group statistic [ethernet] Clear statistics of the specified interface. 15.3.
DCS-3950 series Ethernet switch manual such a access-list. Parameters: is the No. of access-list, 100-199; is the No.
DCS-3950 series Ethernet switch manual Command: firewall { enable | disable} Functions: Enable or disable firewall Parameters: enable means to enable of firewall; disable means to disable firewall. Default: It is no use if default is firewall Command mode: Global Mode Usage Guide: Whether enabling or disabling firewall, access rules can be configured. But only when the firewall is enabled, the rules can be used in specific orientations of specific ports.
DCS-3950 series Ethernet switch manual standard‘command deletes the name-based standard IPv6 access list (including all entries). Parameters: is the name for access list, the character string length is from 1 to 16, And the string should contain at least one non-numeric character.. Command mode: Global Mode Default: No access list is configured by default Usage Guide: When this command is called for the first time, an empty access list will be created.
DCS-3950 series Ethernet switch manual Command: [no] {deny | permit} icmp {{ } | any | {host }} {{ } | any-destination | {host-destination }} [ []] [precedence ] [tos ][time-range] [no] {deny | permit} igmp {{ } | any | {host }} {{ } | any-destination | {host-destination }} [] [precedence ] [tos ][time-range] [no] {deny |
DCS-3950 series Ethernet switch manual no access-list Functions: Define a standard numeric MAC ACL rule, ‘no access-list ’ command deletes a standard numeric MAC ACL access-list rule Parameters: is the access-list No. which is a decimal’s No.
DCS-3950 series Ethernet switch manual For Offset(x), different types of data frames are with different value ranges: for untagged-eth2 type frame: <12~51> for untagged-802.2 type frame: <12~55> for untagged-eth2 type frame: <12~59> for untagged-eth2 type frame: <12~63> Command mode: Global Mode Default:No access-list configured Usage Guide: When the user assign specific for the first time, ACL of the serial number is created, then the lists are added into this ACL.
DCS-3950 series Ethernet switch manual {any-destination-mac|{host-destination-mac}|{}} [untagged-802-3] [no]{deny|permit} {any-source-mac|{host-source-mac}|{}} {any-destination-mac|{host-destination-mac}|{}} [tagged-eth2 [cos []] [vlanId []] [ethertype []]] [no]{deny|permit} {any-source-mac|{host-source-mac}|{}} {any-destination
DCS-3950 series Ethernet switch manual {{}|any-destination|{host-destination }} [ []] [precedence ] [tos ][time-range] [no]{deny|permit} {any-source-mac|{host-source-mac}|{}} {any-destination-mac|{host-destination-mac}|{}} igmp{{}|any| {host}} {{}|any-destination|{hos
DCS-3950 series Ethernet switch manual the IP address of network; source-wildcard: reverse of source IP. Numbers of 32-bit binary system expressed by decimal’s numbers with four-point separated, reverse mask; destination-host-ip, destination No. of destination network or host to which packets are delivered.
DCS-3950 series Ethernet switch manual Switch(Config-MacIp-Ext-Nacl-macip_acl)# 15.3.2.
DCS-3950 series Ethernet switch manual any-source-mac: any source MAC address; any-destination-mac: any destination MAC address; host_smac , smac: source MAC address; smac-mask: mask (reverse mask) of source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask (reverse mask) of destination MAC address; protocol No. of name or IP protocol. It can be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip, ospf, tcp, or udp, or an integer from 0-255 of list No. of IP address.
DCS-3950 series Ethernet switch manual cannot exceed 16-character long. Command mode: Global Mode Default: No time-range configuration Usage Guide: None. Example: Create a time-range named dc timer. Switch(Config)#timer-range dc_timer 15.3.2.
DCS-3950 series Ethernet switch manual Wednesday, Friday and Sunday. Switch(Config-Time-Range)#periodic monday wednesday friday sunday 14:30:00 to 16:45:00 15.3.2.18 absolute start Command: [no]absolute start [end ] Functions: Define an absolute time-range, this time-range operates subject to the clock of this equipment.
DCS-3950 series Ethernet switch manual Switch(Config-Ethernet0/0/10)#exit Switch(Config)#exit Configuration result: Switch#show firewall Firewall is enabled. Firewall default rule is to permit any packet. Switch#show access-lists access-list 110(used 1 time(s)) access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21 Switch#show access-group interface ethernet 0/0/10 interface name:Ethernet0/0/10 the ingress acl use in firewall is 110.
DCS-3950 series Ethernet switch manual Switch #show access-group interface name:Ethernet0/0/10 MAC Ingress access-list used is 1100. Scenario 3: The user has the following configuration requirement: port 1/10 of the switch connects to 00-12-11-23-XX-XX segment, IP is 10.0.0.0/24 segment , ftp is not desired for the user.
DCS-3950 series Ethernet switch manual Command: show access-lists [|] Functions: Reveal ACL of configuration Parameters: , specific ACL name character string; , specific ACL No. Default: None Command mode:Admin Mode Usage Guide: When not assigning names of ACL, all ACL will be revealed, used x time (s)indicates the times of ACL to be used.
DCS-3950 series Ethernet switch manual Functions: Reveal tying situation of ACL on port Parameters: ,Interface name Default: None Command Mode: Admin mode Usage Guide: When not assigning interface names, all ACL tied to port will be revealed Example: Switch#show access-group interface name:Ethernet0/0/2 IP Ingress access-list used is 111. interface name:Ethernet0/0/1 IP Ingress access-list used is 10.
DCS-3950 series Ethernet switch manual Switch#show time-range time-range timer1 (inactive) absolute-periodic Saturday 0:0:0 to Sunday 23:59:59 time-range timer2 (active) absolute-periodic Monday 0:0:0 to Friday 23:59:59 15.5.
DCS-3950 series Ethernet switch manual Chapter 16 AM Configuration 16.1 AM Introduction AM(access management) compares the information of the received data message ( source IP address or source IP + source MAC ) with the configured hardware address pool, if founds a match, forwards the message, if not, dumps it. 16.2 AM pool AM pool is an address list, each entry of this address list corresponds with a user. Each entry contains address information and its corresponding port.
DCS-3950 series Ethernet switch manual Command Explanation Physical interface configuration mode am port no am port am ip-pool [] no am ip-pool [] Enable or disable the AM function of a physical interface. Configure IP address on a physical interface. The ‘no am ip-pool [] ‘ command will delete all the configured IP addresses on the interface.
DCS-3950 series Ethernet switch manual 16.3.2.2 am port Command: am port no am port Function: Enable the AM function for the physical ports. Parameters: None. Command mode: Port Mode. Default: The AM function is enabled by default. Usage Guide: Users can disable the AM function for physical ports. This command is usually used on uplink ports. Example: Disable the AM function for ethernet 0/0/1. Switch(Config)#am enable Switch(Config)#interface Ethernet 0/0/1 Switch(Config-Ethernet0/0/1)#am port 16.3.2.
DCS-3950 series Ethernet switch manual Default: The MAC-IP pool is empty by default. Usage Guide: This command is used to configure MAC-IP address mapping pool. Only if the packets with source address that comply with the rule can be forwarded. Example: Enable AM on ethernet interface 0/0/4 to allow packets from 192.1.1.2 with mac address as 00-01-10-22-33-10 to be delivered..
DCS-3950 series Ethernet switch manual Global AM is enabled Interface Ethernet0/0/1 am is enable Interface Ethernet0/0/1 am ip-pool 10.1.1.1 8 USER_CONFIG Scenario 2 The configuration demand of the user is that the port 10 of the switch connects to the 10.1.1.0/8 segment, the administrator hopes the binding relationships between users and MAC+IP are user1(100.1.1.1,00-00-00-00-01-12),user2(100.1.1.2,00-00-00-00-00-13).
DCS-3950 series Ethernet switch manual Switch#show am Global AM is enabled Interface Ethernet0/0/10 am mac-ip-pool 00-00-00-00-00-13 100.1.1.2 USER_CONFIG am mac-ip-pool 00-00-00-00-01-12 100.1.1.1 USER_CONFIG Interface Ethernet0/0/1 am ip-pool 10.1.1.1 8 USER_CONFIG Displayed information Explanation Global AM is enabled AM is enabled am mac-ip-pool 00-00-00-00-00-13 100.1.1.2 USER_CONFIG Only the users whose source MAC= 00-00-00-00-00-13 and source IP=100.1.1.2 can pass, this is configured by users.
DCS-3950 series Ethernet switch manual Chapter 17 Port Channel Configuration 17.1 Introduction to Port Channel To understand Port Channel, Port Group should be introduced first. Port Group is a group of physical ports in the configuration level; only physical ports in the Port Group can take part in link aggregation and become a member port of a Port Channel. Logically, Port Group is not a port but a port sequence.
DCS-3950 series Ethernet switch manual same properties as follows: z All ports are in full-duplex mode. z All Ports are of the same speed. z All Ports are of the same type z All ports are Access ports and belong to the same VLAN or are all Trunk ports. z If the ports are Trunk ports, then their ‘Allowed VLAN’ and ‘Native VLAN’ property should also be the same.
DCS-3950 series Ethernet switch manual Interface Mode port-group mode {active|passive|on} no port-group Adds ports to the port group and sets their mode. 3. Enter port-channel configuration mode. Command Explanation Global Mode interface port-channel Enters port-channel configuration mode. 17.2.2 Port ChannelConfiguration Command List 17.2.2.
DCS-3950 series Ethernet switch manual Parameters: is the group number of port channel, from 1 to 8; active enables LACP on the port and sets it in Active mode; passive enables LACP on the port and sets it in Passive mode; on forces the port to join a port channel without enabling LACP. Command mode: Interface Mode Default: Switch ports do not belong to a port channel by default; LACP not enabled by default.
DCS-3950 series Ethernet switch manual Fig 17-2 Configuring Port Channel in LACP Example: The switches in the description below are all DCS-3950 series switch and as shown in the figure, ports 1, 2, 3 of Switch1 are access ports that belong to vlan1. Add those three ports to group1 in active mode. Ports 6, 7, 8 of Switch2 are trunk ports that also belong to vlan1,and allow all. Add these three ports to group2 in passive mode.
DCS-3950 series Ethernet switch manual Fig 17-3 Configuring Port Channel in ON mode Example: As shown in the figure, ports 1, 2, 3 of Switch1 are access ports that belong to vlan1. Add those three port to group1 in ‘on’ mode.
DCS-3950 series Ethernet switch manual to port-group 1 is entered, port 1 and port 2 aggregate to be port-channel 1, when port 3 joins port-group 1, port-channel 1 of port 1 and 2 are ungrouped and re-aggregate with port 3 to form port-channel 1. (It should be noted that whenever a new port joins in an aggregated port group, the group will be ungrouped first and re-aggregated to form a new group.
DCS-3950 series Ethernet switch manual the general information of the port are as follows: portnumber: 1 actor_port_agg_id:0 partner_oper_sys:0x000000000000 partner_oper_key: 0x0001 actor_oper_port_key: 0x0101 mode of the port: ACTIVE lacp_aware: enable begin: FALSE port_enabled: FALSE lacp_ena: FALSE ready_n: TRUE the attributes of the port are as follows: mac_type: ETH_TYPE speed_type: ETH_SPEED_10M duplex_type: FULL port_type: ACCESS the machine state and port state of the port are as the follow mux_stat
DCS-3950 series Ethernet switch manual speed_type Port speed type: 10Mbps, 100Mbps duplex_type Port duplex mode: full-duplex and half-duplex port_type Port VLAN property: access port or trunk port mux_state Status of port binding status machine rcvm_state Status of port receiving status machine prm_state Status of port sending status machine 3. Display load balance information for port-group 1. Switch# show port-group 1 load-balance The loadbalance of the group 1 based on src MAC address.
DCS-3950 series Ethernet switch manual LACP timeout Aggregation Synchronization Collecting Distributing Defaulted Expired 1 1 . . . 1 1 . . . 1 . Selected 1 . Unselected Displayed information Explanation portnumber Port number port priority Port Priority system System ID system priority System Priority LACP activety Whether port is added to the group in ‘active’ mode, 1 for yes. LACP timeout Port timeout mode, 1 for short timeout.
DCS-3950 series Ethernet switch manual Displayed information Explanation Port channels in the group If port-channel does not exist, the above information will not be displayed. Number of port Port number in the port-channel. Standby port Port that is in ‘standby’ status, which means the port is qualified to join the channel but cannot join the channel due to the maximum port limit, thus the port status is ‘standby’ instead of ‘selected’. 17.4.1.
DCS-3950 series Ethernet switch manual be in ACTIVE mode, otherwise LACP packet won’t be initiated. z LACP cannot be used on ports with Security and IEEE 802.1x enabled. z Once the port-channel created, all the configuration of the ports can only be applied to port-channel ports z LACP should be mutually exclusive to Security and 802.1X ports, if a port has been configured with the two protocols above, the LACP is not allowed to be enabled.
DCS-3950 series Ethernet switch manual Chapter 18 DHCP Configuration 18.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway, DNS server, and default route and host image file position within the network. DHCP is the enhanced version of BootP.
DCS-3950 series Ethernet switch manual forward such DHCP packets so that the DHCP packets exchange can be completed between the DHCP client and server. DCS-3950 series switch can act as both a DHCP server and a DHCP relay. DHCP server supports not only dynamic IP address assignment, but also manual IP address binding (i.e. specify a specific IP address to a specified MAC address or specified device ID over a long period.
DCS-3950 series Ethernet switch manual network-address [mask | prefix-length] no network-address Configures the address scope that can be allocated to the address pool default-router [address1[address2[…address8]]] no default-router Configures default gateway for DHCP clients dns-server [address1[address2[…address8]]] no dns-server Configures DNS server for DHCP clients domain-name no domain-name netbios-name-server [address1[address2[…address8]]] no netbios-name-server netbi
DCS-3950 series Ethernet switch manual host
[ | ] no host Specifies the IP address to be assigned to the specified client when binding address manually client-identifier no client-identifier Specifies the unique ID of the user when binding address manually client-name no client-name Configures a client name when binding address manually 3.DCS-3950 series Ethernet switch manual 18.2.2.2 client-identifier Command: client-identifier no client-identifier Function: Specify the unique ID of the user when binding an address manually; the ‘no client-identifier’ command deletes the identifier. Parameters: is the user identifier, in dotted Hex format. Command mode: DHCP Address Pool Mode Usage Guide: This command is used with ‘host’ when binding an address manually.
DCS-3950 series Ethernet switch manual 10.1.128.100. Switch(dhcp-1-config)#default-router 10.1.128.2 10.1.128.100 18.2.2.5 dns-server Command: dns-server [[…]] no dns-server Function: Configure DNS servers for DHCP clients; the ‘no dns-server’ command deletes the default gateway. Parameters: address1…address8 are IP addresses, in decimal format. Default: No DNS server is configured for DHCP clients by default.
DCS-3950 series Ethernet switch manual DHCP server assigns the IP address defined in ‘host’ command to the client. Example: Specify IP address 10.1.128.160 to be bound to the user with hardware address 00-00-e2-3a-26-04 in manual address binding. Switch(dhcp-1-config)#hardware-address 00-00-e2-3a-26-04 Switch(dhcp-1-config)#host 10.1.128.160 24 Related Command:host 18.2.2.
DCS-3950 series Ethernet switch manual Related commands:clear ip dhcp conflict 18.2.2.10 ip dhcp excluded-address Command: ip dhcp excluded-address [] no ip dhcp excluded-address [] Function: Specify addresses excluding from dynamic assignment; the ‘no ip dhcp excluded-address []’ command cancels the setting. Parameters: is the starting IP address, [] is the ending IP address.
DCS-3950 series Ethernet switch manual Usage Guide: To configure the number of ping packets to be sent. The default is two packets. Example: Configure number of ping packets to be 5. Switch(Config)#ip dhcp ping packets 5 Releated Commands: ip dhcp ping timeout 18.2.2.13 ip dhcp ping timeout Command: ip dhcp ping timeout no ip dhcp ping timeout Function: Specify the amount of time the DHCP Server must wait before timing out a ping packet.
DCS-3950 series Ethernet switch manual Function: Set the lease time for addresses in the address pool; the ‘no lease’ command restores the default setting. Parameters: is number of days from 0 to 365; is number of hours from 0 to 23; is number of minutes from 0 to 59; infinite means perpetual use. Default: The default lease duration is 1 day.
DCS-3950 series Ethernet switch manual 18.2.2.18 network-address Command: network-address [ | ] no network-address Function: Set the scope for assignment for addresses in the pool; the ‘no network-address’ command cancels the setting. Parameters: is the network number; is the subnet mask in the decimal format; stands for mask in prefix form. For example, mask 255.255.255.0 in prefix is ‘24’, and mask 255.255.255.
DCS-3950 series Ethernet switch manual to 255 characters; is a value in Hex that is no greater than 510 and must be of even length; is the IP address in decimal format, up to 63 IP addresses can be configured. Command mode: DHCP Address Pool Mode Usage Guide: The switch provides common commands for network parameter configuration as well as various commands useful in network configuration to meet different user needs. The definition of option code is described in detail in RFC2123.
DCS-3950 series Ethernet switch manual Switch(Config)#ip dhcp pool A Switch(dhcp-A-config)#network-address 10.16.1.0 24 Switch(dhcp-A-config)#lease 3 Switch(dhcp-A-config)#default-route 10.16.1.200 10.16.1.201 Switch(dhcp-A-config)#dns-server 10.16.1.202 Switch(dhcp-A-config)#netbios-name-server 10.16.1.209 Switch(dhcp-A-config)#netbios-node-type H-node Switch(dhcp-A-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.1.200 10.16.1.
DCS-3950 series Ethernet switch manual Parameters:
is the IP address that has a binding record in decimal format. all refers to all IP addresses that have a binding record. Command mode: Admin Mode Usage Guide: ‘show ip dhcp binding’ command can be used to view binding information for IP addresses and corresponding DHCP client hardware addresses.DCS-3950 series Ethernet switch manual 18.3.1.4 show ip dhcp binding Command:show ip dhcp binding Function: Display IP-MAC binding information. Command mode: Admin Mode Example: Switch#sh ip dhcp binding IP address Hardware adress 10.1.1.233 00-00-E2-3A-26-04 10.1.1.
DCS-3950 series Ethernet switch manual Automatic bindings Manual bindings Conflict bindings Expiried bindings Malformed message 2 0 0 0 0 Message BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Recieved 3814 1899 6 0 1 1 Message BOOTREPLY DHCPOFFER DHCPACK DHCPNAK DHCPRELAY DHCPFORWARD Switch# Send 1911 6 6 0 1907 0 Displayed information Explanation Memory usage using rate of EMS memory Address pools Number of DHCP address pools configured.
DCS-3950 series Ethernet switch manual DHCPRELAY Number of DHCPRELAY packets DHCPFORWARD Number of DHCPFORWARD packets 18.3.1.7 debug ip dhcp server Command:debug ip dhcp server { events|linkage|packets } no debug ip dhcp server { events|linkage|packets } Function: Enable DHCP server debug information: the ‘no debug ip dhcp server { events|linkage|packets }’ command disables the debug information for DHCP server. Default: Debug information is disabled by default. Command mode: Admin Mode 18.3.1.
DCS-3950 series Ethernet switch manual Chapter 19 DHCP Snooping Configuration 19.1 DHCP Snooping Introduction DHCP Snooping can effectively block attacks from fake DHCP servers.
DCS-3950 series Ethernet switch manual 6. 7. 8. 9. 10. 11. 12. Enable dot1x binding for DHCP snooping. Enable user binding for DHCP snooping. Add static binding entries Configure defense action Enable DHCP Snooping option 82 function Enable debugging. Set log record 1. Enable DHCP Snooping Command Explanation Global configuration mode Ip dhcp snooping enable no Ip dhcp snooping enable Enable or disable dhcp snooping function 2.
DCS-3950 series Ethernet switch manual Commands Explanation Port Mode. Ip dhcp snooping binding dot1x no Ip dhcp snooping binding dot1x Enable/Disable the dot1x binding for DHCP snooping. 7. Enable user binding for DHCP snooping. Command Explanation Port Mode Ip dhcp snooping binding user-control no Ip dhcp snooping binding user-control Enable/Disable user binding for DHCP snooping. 8. Add static binding entries.
DCS-3950 series Ethernet switch manual Debug ip dhcp snooping packet Debug ip dhcp snooping event Debug ip dhcp snooping update Debug ip dhcp snooping binding Please refer to the system debugging chapter. 12. Set log record Command Explanation Admin Mode Login on logging source {default| m_shell|sys_event|anti_attack} channel { console | logbuff | loghost | monitor } [ level { critical | debugging | notifications | warnings } [state { on | off } ] ] Please refer to the chapter on system log 19.2.
DCS-3950 series Ethernet switch manual Switch(Config)#ip dhcp snooping binding enable Related Commands: ip dhcp snooping enable 19.2.2.3 ip dhcp snooping binding user Command:ip dhcp snooping binding user address vlan interface [Ethernet] no Ip dhcp snooping binding user interface [Ethernet] Function: Configure the information of static binding users Parameters: mac:The MAC address of the static binding user, which is the only index of the binding user.
DCS-3950 series Ethernet switch manual prevent these lists entried from being attacked by ARP cheating. At the same time, these static list entries need no reauthenticaiton, which can prenvent the switch from the failing to reauthenticate ARP when it is being attacked by ARP scanning. Only after the DHCP SNOOPING binding function is enabled, the binding ARP function can be set. Example: Enable ARP binding for DHCP snooping.
DCS-3950 series Ethernet switch manual 19.2.2.7 ip dhcp snooping trust Command:ip dhcp snooping trust no ip dhcp snooping trust Function: Set or delete the DHCP Snooping trust attributes of a port. Parameters:None Command mode:Port Mode Default:By default, all ports are non-trusted ports Usage Guide:Only when DHCP Snooping is globally enabled, can this command be set.
DCS-3950 series Ethernet switch manual Parameters: : the number of defense action on each port, the range of which is 1-200, and the value of which is 10 by default default:recover to the default value. Command mode:Globe Mode. Default:The default value is 10. Usage Guide:Set the max number of defense actions to avoid the resource exhaustion of the switch caused by attacks.
DCS-3950 series Ethernet switch manual udp_port:the UDP port of HELPER SERVER, the range of which is1-65535, and its default value is 9119. src_addr:the local management IP address of the switch, in dotted-decimal notation sencondary:whether it is a secondary SERVER address. Command mode:Globe Mode. Default:There is no HELPER SERVER address by default. Usage Guide:DHCP SNOOPING will send the monitored binding information to HELPER SERVER to save it.
DCS-3950 series Ethernet switch manual un-trusted port 0/0/1 of the DCN switch. It acts as DHCP Client, and its IP is 1.1.1.5;DHCP Server and GateWay connect to the trusted ports 0/0/11 and 0/0/12 of the DCN switch; malicious user Mac-BB connects to the un-trusted port 0/0/10, trying to fake a DHCP Server(by sending DHCPACK). Configuring DHCP Snooping on the switch will effectively discover and block such network attacks.
DCS-3950 series Ethernet switch manual expired binding: 0, request binding: 0 interface trust action recovery alarm num --------------- --------- --------- ---------- --------- ---------Ethernet0/0/1 trust none 0second 0 Ethernet0/0/2 untrust none 0second 0 Ethernet0/0/3 untrust none 0second 0 Ethernet0/0/4 untrust none 0second 0 Ethernet0/0/5 untrust none 0second 2 Ethernet0/06 untrust none 0second 0 Ethernet0/07 untrust none 0second 0 Ethernet0/08 untrust none 0second 0 Ethernet0/09 untrust none 0second 0
DCS-3950 series Ethernet switch manual DHCP Snooping alarm count: The number of alarm information. interface Name of the port trust Trust attributes of the port action Automatic defense action of the port recovery The recovery interval of the automatic defense action of the port alarm num The history log number of the automatic defense action of the port bind num The number of port specific binding information.
DCS-3950 series Ethernet switch manual Command: logging source {default| m_shell|sys_event|anti_attack} channel { console | logbuff | loghost | monitor } [ level { critical | debugging | notifications | warnings } [state { on | off } ] ] Function: The details about this command are covered in the chapter on system log; the data source of this command anti_attack records information about all kinds of denfense to network attacks, including the automatic defense action log of dhcp snooping.
DCS-3950 series Ethernet switch manual 19.3.2.2 debug ip dhcp snooping event Command:debug ip dhcp snooping event no debug ip dhcp snooping event Function:This command is used to enable the DHCP SNOOPING debug switch to debug the state of DHCP SNOOPING tasks. Command mode:Admin Mode Usage Guide: This command enables displaying debugging information of DHCP packets for DHCP snooping. 19.3.2.
DCS-3950 series Ethernet switch manual Chapter 20 ARP Guard Configuration 20.1 ARP Guard introduction There is serious security vulnerability in the design of ARP protocol, which is any network device, can send ARP messages to advertise the mapping relationship between IP address and MAC address. This provides a chance for ARP cheating.
DCS-3950 series Ethernet switch manual 20.2 ARP Guard Configuration 20.2.1 ARP GuardConfiguration Task List 1) Configure the protected IP address Command Notes Port Mode arp-guard ip no arp-guard ip Configure/Remove the ARP Guard address. 20.2.2 ARP Guard Command List 20.2.2.1 arp-guard ip Command:arp-guard ip no arp-guard ip Function:Add a ARP GUARD address. Parameters: is the protected IP address, in dotted decimal notation. Command mode:Port configuration mode.
DCS-3950 series Ethernet switch manual Chapter 21 ARP Scanning Prevention 21.1 Introduction ARP scanning is a common method of network attack. In order to detect all the active hosts in a network segment, the attack source will broadcast lots of ARP messages in the segment, which will take up a large part of the bandwidth of the network. It might even do large-traffic-attack in the network via fake ARP messages to collapse of the network by exhausting the bandwidth.
DCS-3950 series Ethernet switch manual Command Notes Global Mode anti-arpscan enable no anti-arpscan enable Enable or disable the ARP Scanning Prevention function globally 2) Configure the threshold of the port-based and IP-based ARP Scanning Prevention Command Notes Global Mode anti-arpscan port-based threshold no anti-arpscan port-based threshol d Set the threshold of the port-based ARP Scanning Prevention anti-arpscan ip-based threshold no anti-arpscan ip-base
DCS-3950 series Ethernet switch manual Global Mode anti-arpscan log enable no anti-arpscan log enable Enable or disable the log function of ARP scanning prevention anti-arpscan trap enable no anti-arpscan trap enable Enable or disable the SNMP Trap function of ARP scanning prevention show anti-arpscan [trust | prohibited ] Display the state of operation and configuration of ARP scanning prevention debug anti-arpscan no debug anti-arpscan Enable o
DCS-3950 series Ethernet switch manual 21.2.2.3 anti-arpscan ip-based threshold Command:anti-arpscan ip-based threshold no anti-arpscan ip-based threshold Function:Set the threshold of received messages of the IP-based ARP scanning prevention. If the rate of received ARP messages exceeds the threshold, the IP messages from this IP will be blocked. The unit is packet/second.
DCS-3950 series Ethernet switch manual Default:By default all the IP are non-trustful. Default mask is 255.255.255.255 Command mode:Global Mode User Guide:If a port is configured as a trusted port, then the ARP scanning prevention function will not deal with this port, even if the rate of received ARP messages exceeds the set threshold, this port will not be closed. If the port is already closed by ARP scanning prevention, its traffic will be recovered right immediately. Example:Set 192.168.1.
DCS-3950 series Ethernet switch manual Command mode:Global Mode User Guide: After enabling ARP scanning prevention log function, users can check the detailed information of ports being closed or automatically recovered by ARP scanning prevention or IP being disabled and recovered by ARP scanning prevention. The level of the log is ‘Warning’. Example:Enable ARP scanning prevention log function of the switch Switch(Config)#anti-arpscan log enable 21.2.2.
DCS-3950 series Ethernet switch manual Function:Display the operation information of ARP scanning prevention function Parameters:None. Default: Display every port to tell whether it is a trusted port and whether it is closed. If the port is closed, then display how long it has been closed. Display all the trusted IP and disabled IP. Command mode:Admin Mode User Guide:Use ‘show anti-arpscan trust port’ if users only want to check trusted ports. The reset follow the same rule.
DCS-3950 series Ethernet switch manual 192.168.99.7 255.255.0.0 21.3.1.2 debug anti-arpscan [port|ip] Command:debug anti-arpscan no debug anti-arpscan Function:Enable the debug switch of ARP scanning prevention;’ no debug anti-arpscan ‘ command disables the switch. Parameters:None.
DCS-3950 series Ethernet switch manual 192.168.1.100), and all the other ports of SWITCH A are connected to common PC. The following configuration can prevent ARP scanning effectively without affecting the normal operation of the system. SWITCH A configuration task sequence: SwitchA(config)#anti-arpscan enable SwitchA(config)#anti-arpscan recovery time 3600 SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.
DCS-3950 series Ethernet switch manual Chapter 22 Port Loopback Detection 22.1 Introduction to Port Loopback Detection With the development of switches, more and more users begin to access the network through Ethernet switches. In enterprise network, users access the network through layer-2 switches, which means urgent demands for both internet and the internal layer 2 Interworking.
DCS-3950 series Ethernet switch manual 4.Display and debug the relevant information of port loopback detection 1) Configure the time interval of loopback detection Commands Notes Global Mode loopback-detection interval-time Configure the time interval of loopback detection 2) Enable the function of port loopback detection Commands Notes Port Mode loopback-detection specified-vlan no loopback-detection specified-vlan Enable and disable the function of
DCS-3950 series Ethernet switch manual no loopback-detection control Function:Enable the function of loopback detection control on a port, the no operation of this command will disable the function. Parameters:shutdown set the control method as shutdown, which means to close down the port if a port loopback is found. block set the control method as block, which means to block a port by allowing bpdu messages only if a port loopback is found.
DCS-3950 series Ethernet switch manual Switch(Config-Ethernet0/0/2)#loopback-detection specified-vlan 1;3;5-20 22.2.2.3 loopback-detection interval-time Command:loopback-detection interval-time Function:Set the loopback detection interval. Parameters: the detection interval if any loopback is found, ranging from 5 to 300, in seconds. the detection interval if no loopback is found, ranging from 1 to 30, in seconds.
DCS-3950 series Ethernet switch manual Switch (config)#interface ethernet 0/0/1 Switch (Config-If-Ethernet0/0/1)#loopback-detection special-vlan 1-3 Switch (Config-If-Ethernet0/0/1)#loopback-detection control block 22.4 Port Loopback Detection Troubleshooting 22.4.1 Port Loopback Debugging Command List 22.4.1.
DCS-3950 series Ethernet switch manual 22.4.2 Port Loopback Dection Troubleshooting The function of port loopback detection is disabled by default and should only be enabled if required, or it might affect the performance of the system because that the loopback detection messages are broadcast messages.
DCS-3950 series Ethernet switch manual Chapter 23 SNTP Configuration 23.1 SNTP Introduction The Network Time Protocol (NTP) is widely used for clock synchronization for global computers connected to the Internet. NTP can assess packet sending/receiving delay in the network, and estimate the computer’s clock deviation independently, so as to achieve high accuracy in network computer clocking.
DCS-3950 series Ethernet switch manual SNTP server function. 23.2 SNTP Configuration 23.2.1 SNTP Configuration Task List 1. Configuration of the time server address. 2. Configuration of the SNTP poll interval.. 3. Configuration of the time zone. 1. Configuration of the time server address Commands Notes Global Mode sntp server [version ] no sntp server To configure or remove SNTP/NTP server address configuration and version. 2.
DCS-3950 series Ethernet switch manual Parameter: is the IPv4 unicast address of the SNTP/NTP server, is the version No. of the SNTP on current server,ranging between 1-4 and defaulted at 1. Default: No sntp/ntp configured by default. Command mode: Global Mode Example: Configure the address of a SNTP/NTP server. Switch(Config)#sntp server 10.1.1.1 version 4 23.2.2.
DCS-3950 series Ethernet switch manual 23.3.1.1 show sntp Command:show sntp Function:Display the current configuration of SNTP client and the server state. Parameters:None Command mode:Admin Mode. Example: Display current SNTP configuration. Switch#show sntp server address version last receive 2.1.0.2 1 never Displayed Information Explanation server address IP address of SNTP server; version The version of SNTP protocol; last receive The IP address of the last received SNTP server. 23.3.1.
DCS-3950 series Ethernet switch manual 23.4 Typical SNTP Configuration Example SW1 SW2 SWn Fig 23-2 Typical SNTP Configuration All DCS-3950 series switch in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured. There should be reachable route between any DCS-3950 series switch and the two SNTP/NTP servers.
DCS-3950 series Ethernet switch manual Chapter 24 QoS Configuration 24.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.
DCS-3950 series Ethernet switch manual Classification: The entry action of QoS, classifying packet traffic according to the classification information carried in the packet and ACLs. Policing: Ingress action of QoS that lays down the policing policy and manages the classified packets. Remark: Ingress action of QoS, perform allowing, degrading or discarding operations to packets according to the policing policies. Queuing: Egress QoS action.
DCS-3950 series Ethernet switch manual Scheduling, where classification, policing and remark are sequential ingress actions, and Queuing and Scheduling are QoS egress actions. Fig 24-3 Basic QoS Model Classification: Classify traffic according to packet classification information and generate internal DSCP value based on the classification information.
DCS-3950 series Ethernet switch manual Fig 24-4 Classification process Policing and remark: Each packet in classified ingress traffic is assigned an internal DSCP value and can be policed and remarked. Policing can be performed based on DSCP value to configure different policies that allocate bandwidth to classified traffic. If the traffic exceeds the bandwidth set in the policy (out of profile), the out of profile traffic can be allowed, discarded or remarked.
DCS-3950 series Ethernet switch manual Fig 24-5 Policing and Remarking process Queuing and scheduling: Packets at the egress will re-map the internal DSCP value to CoS value, the queuing operation assigns packets to appropriate queues of priority according to the CoS value; while the scheduling operation performs packet forwarding according to the prioritized queue weight. The following flowchart describes the operations during queuing and scheduling.
DCS-3950 series Ethernet switch manual Fig 24-6 Queuing and Scheduling process 24.2 QoS Configuration 24.2.1 QoS Configuration Task List 1. Enable QoS QoS can be enabled or disabled in Global Mode. QoS must be enabled first in Global Mode to configure the other QoS commands. 2. Configure class map.
DCS-3950 series Ethernet switch manual the data stream. Different classes of data streams will be processed with different policies. 3. Configure a policy map. After data steam classification, a policy map can be created to associate with the class map created earlier and enter class mode. Then different policies (such as bandwidth limit, priority degrading, assigning new DSCP value) can be applied to different data streams.
DCS-3950 series Ethernet switch manual ‘ command deletes the specified policy map. class no class After a policy map is created, it can be associated to a class. Different policy or new DSCP value can be applied to different data streams in class mode; the ‘no class ‘ command deletes the specified class.
DCS-3950 series Ethernet switch manual | output } the specified policy map applied to the port. Egress policy map is not supported yet. mls qos dscp-mutation no mls qos dscp-mutation Apply DSCP mutation mapping to the port; the ‘no mls qos dscp-mutation command restores the DSCP mutation mapping default. 5.
DCS-3950 series Ethernet switch manual Command mode: Global Mode Default: QoS is disabled by default. Usage Guide: QoS provides 8 queues to handle traffics of 8 priorities. This function cannot be used with the traffic control function. Example: Enable and then disabling the QoS function. Switch(config)#mls qos Switch(config)#no mls qos 24.2.2.
DCS-3950 series Ethernet switch manual Switch(config-ClassMap)#match ip precedence 0 1 Switch(config-ClassMap)#exit 24.2.2.4 policy-map Command: policy-map no policy-map Function: Create a policy map and enters the policy map mode; the ‘no policy-map ‘ command deletes the specified policy map. Parameters: < policy-map-name> is the policy map name. Default: No policy map is configured by default.
DCS-3950 series Ethernet switch manual Default: Not assigning by default Command mode: Policy Class-map Mode Usage Guide: Only the classified traffic which matches the matching standard will be assigned with the new values. Example: Set the IP Precedence of the packets matching the c1 class rule to 3. Switch(config)#policy-map p1 Switch(config-PolicyMap)#class c1 Switch(config--Policy-Class)#set ip precedence 3 Switch(config--Policy-Class)#exit Switch(config-PolicyMap)#exit 24.2.2.
DCS-3950 series Ethernet switch manual Function: Define a policy set that can be used in one policy map by several classes; the ‘no mls qos aggregate-policer ‘ command deletes the specified policy set.
DCS-3950 series Ethernet switch manual trust DSCP value; port priority assigns a priority to the physical port, cos is the priority to be assigned. Default: No trust. Command mode: Interface Mode Example: Configure Ethernet port 0/0/1 to trust CoS value, i.e., classifying the packets awitch(ccording to CoS value, DSCP value should not be changed. Sconfig)#interface ethernet 0/0/1 Switch(Config-Ethernet0/0/1)#mls qos trust cos 24.2.2.
DCS-3950 series Ethernet switch manual Command: mls qos dscp-mutation no mls qos dscp-mutation Function: Apply DSCP mutation mapping to the port; the ‘no mls qos dscp-mutation ‘ command restores the DSCP mutation mapping default. Parameters: is the name of DSCP mutation mapping. Default: There is no policy by default.
DCS-3950 series Ethernet switch manual Command mode: Global Mode. Usage Guide: When this command is configured, packets will not be forwarded through the WRR algorithm, but be forworded queue by queue. Example: Configure enable the prioritized queue. Switch(config)#priority-queue out 24.2.2.16 wrr-queue cos-map Command: wrr-queue cos-map
DCS-3950 series Ethernet switch manual supported, each DSCP value is delimited with space, ranging from 0 to 63, is the sole outgoing DSCP value, the 8 values defined in incoming DSCP will be converted to outgoing DSCP values; ip-prec-dscp defines the conversion from IP precedence to DSCP value,
DCS-3950 series Ethernet switch manual Configuration result: When QoS enabled in Global Mode, the egress queue bandwidth proportion of port ethernet 0/0/1 is 1: 2: 4: 8. When packets have CoS value coming in through port ethernet 0/0/1, it will be map to the queue out according to the CoS value, CoS value 0 to 7 correspond to queue out 1, 1, 2, 2, 3,3,4, 4, respectively. If the incoming packet has no CoS value, it is default to 5 and will be put in queue 6.
DCS-3950 series Ethernet switch manual Fig 24-7 Typical QoS topology As shown in the figure, inside the block is a QoS domain, SwitchA classifies different traffics and assigns different IP precedences. For example, set IP precedence for packets from segment 192.168.1.0 to 5 on port ethernet 1/1. The port connecting to switch2 is a trunk port. In SwitchB, set port ethernet 1/1 that connecting to swtich1 to trust IP precedence.
DCS-3950 series Ethernet switch manual Switch(config)#interface ethernet 0/0/1 Switch(config-Ethernet0/0/1)#mls qos trust cos 24.4 QoS Troubleshooting 24.4.1 QoS Monitor and Debug Command List 24.4.1.1 show mls-qos Command: show mls-qos Function: Display global configuration information for QoS. Parameters: N/A. Default: N/A Command mode: Admin Mode Displayed information Explanation Qos is enabled QoS is enabled. 24.4.1.
DCS-3950 series Ethernet switch manual Command mode: Admin Mode Displayed information Explanation Ethernet1/2 Port name default cos:0 Default CoS value of the port. DSCP Mutation Map: Default DSCP Mutation Map Port DSCP map name Attached policy-map for Ingress: p1 Policy name bound to port. Displayed information Explanation Ethernet0/0/2 Port name buffer size of 4 queue:256 256 256 256 Available buffer number for all 4 queues out on the port, this is a fixed setting that cannot be changed.
DCS-3950 series Ethernet switch manual dscp-mutation for DSCP-DSCP mutation, policed-dscp is DSCP mark down mapping Default: N/A. Command mode: Admin Mode 24.4.1.5 show class-map Command: show class-map [] Function: Display class map of QoS. Parameter: < class-map-name> is the class map name. Default: N/A. Command mode: Admin Mode Usage Guide: Display all configured class-map or specified class-map information.
DCS-3950 series Ethernet switch manual packets (such as BPDU). Choose an array according to the Cos value when QoS is shut down & When QoS is enabled in Global Mode,. QoS is enabled on all ports with 4 traffic queues. The default CoS value of the port is 0; port is in not Trusted state by default; the default queue weight values are 1, 2, 4, 8 in order, all QoS Map is using the default value. & CoS value 7 maps to queue 4 that has the highest priority and usually reserved for certain protocol packets.
DCS-3950 series Ethernet switch manual Chapter 25 Layer 3 Configuration DCS-3950 series switch only supports layer 2 forwarding function. But, we can configure a layer3 control port. On the interface of this port we can configure IP addresses used in communication of various IP-based control protocols. 25.1 Layer 3 Interface 25.1.1 Introduction to Layer 3 Interface Layer3 interface can be created on DCS-3950 series. Layer3 interface is not physical interface but a virtual interface.
DCS-3950 series Ethernet switch manual delete the default gateway address. 25.1.2.2 Layer 3 Interface Command List 25.1.2.2.1 interface vlan Command: interface vlan no interface vlan Function: Create a VLAN interface (a Layer 3 interface); the ‘no interface vlan ‘ command deletes the Layer 3 interface specified. Parameters: is the VLAN ID of the established VLAN. Default: No Layer 3 interface is configured upon switch shipment.
DCS-3950 series Ethernet switch manual 25.1.2.3.1 show ip traffic Command: show ip traffic Function: Display statistics for IP packets. Command mode: Admin Mode Usage Guide: Display statistics for IP and ICMP packets received/sent.
DCS-3950 series Ethernet switch manual packets dropped. Frags: 0 reassembled, 0 timeouts 0 fragment rcvd, 0 fragment dropped 0 fragmented, 0 couldn't fragment, 0 fragment sent Fragmentation statistics: number of packets reassembled, timeouts, fragments received, fragments discarded, packets that cannot be fragmented, number of fragments sent, etc. Sent: Statistics for total packets sent, including number of local packets, forwarded packets, dropped packets and packets without route.
DCS-3950 series Ethernet switch manual UdpOutDatagrams 0 unreachable being received, number of UDP packets being sent. 25.1.2.3.2 debug ip packet Command: debug ip packet no debug ip packet Function: Enable the IP packet debug function: the ‘no debug IP packet’ command disables this debug function. Default: IP packet debugging information is disabled by default. Command mode: Admin Mode Usage Guide: Display statistics for IP packets received/sent, including source/destination address and bytes, etc.
DCS-3950 series Ethernet switch manual Displayed Information Notes C - connected Directly connected routing. S – static Static routing, which is manually configured. R - RIP derived RIP routing, which is learned by Lay 3 switches through RIP protocol. O - OSPF derived OSPF routing, which is learned by Lay 3 switches, through the OSPF protocol. A- OSPF ASE OSPF-ASE routing.
DCS-3950 series Ethernet switch manual 25.2.2.2 ARP Forwarding Command List 25.2.2.2.1 arp Command: arp {[ethernet] } no arp Function: Configure a static ARP entry; the ‘no arp ‘ command deletes a static ARP entry. Parameters: is the IP address; is the MAC address; ethernet stands for Ethernet port; for the name of layer2 port. Default: No static ARP entry is set by default.
DCS-3950 series Ethernet switch manual 00-10-00-00-00-C5 Interface Layer3 interface corresponding to the ARP entry. Port Physical (Layer2) interface corresponding to the ARP entry. Flag Describes whether ARP entry is dynamic or static. 25.2.3.1.2 debug arp Command: debug arp no debug arp Function: Enable the ARP debug function: the ‘no debug arp’ command disables this debug function. Default: ARP debug is disabled by default.
