dge no e e is ther l im it erm no p e is ther anen e t cor Gigabit Ethernet Switch Management Guide
Management Guide Gigabit Ethernet Switch Layer 3 Workgroup Switch with 8 SFP Ports, and 4 Gigabit Combination (RJ-45/SFP) Ports
ES4612 F1.0.2.
Contents Chapter 1: Introduction Key Features Description of Software Features System Defaults 1-1 1-1 1-2 1-6 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options Required Connections Remote Connections Basic Configuration Console Connection Setting Passwords Setting an IP Address Manual Configuration Dynamic Configuration Enabling SNMP Management Access Community Strings (for SNMP version 1 and 2c clients) Trap Receivers Configuring Access for SNMP Version 3 Clients Saving Con
Contents Console Port Settings Telnet Settings Configuring Event Logging System Log Configuration Remote Log Configuration Displaying Log Messages Resetting the System Setting the System Clock Configuring SNTP Setting the Time Zone Simple Network Management Protocol Enabling the SNMP Agent Setting Community Access Strings Specifying Trap Managers and Trap Types Configuring SNMPv3 Management Access Setting an Engine ID Configuring SNMPv3 Users Configuring SNMPv3 Groups Setting SNMPv3 Views User Authenticatio
Contents Port Configuration Displaying Connection Status Configuring Interface Connections Creating Trunk Groups Statically Configuring a Trunk Enabling LACP on Selected Ports Configuring LACP Parameters Displaying LACP Port Counters Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Remote Side Setting Broadcast Storm Thresholds Configuring Port Mirroring Configuring Rate Limits Showing Port Statistics Address Table Settings Setting Static Addresses Displayin
Contents Selecting the Queue Mode Setting the Service Weight for Traffic Classes Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority Mapping IP Precedence Mapping DSCP Priority Mapping IP Port Priority Mapping CoS Values to ACLs Changing Priorities Based on ACL Rules Multicast Filtering IGMP Protocol Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters Displaying Interfaces Attached to a Multicast Router Specifying Static I
Contents Configuring IP Routing Interfaces Address Resolution Protocol Proxy ARP Basic ARP Configuration Configuring Static ARP Addresses Displaying Dynamically Learned ARP Entries Displaying Local ARP Entries Displaying ARP Statistics Displaying Statistics for IP Protocols IP Statistics ICMP Statistics UDP Statistics TCP Statistics Configuring Static Routes Displaying the Routing Table Configuring the Routing Information Protocol Configuring General Protocol Settings Specifying Network Interfaces for RIP C
Contents Displaying Neighbor Information 3-264 Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands Configuration Commands Command Line Processing Command Groups Line Commands line login password tim
Contents System Management Commands Device Designation Commands prompt hostname User Access Commands username enable password IP Filter Commands management show management Web Server Commands ip http port ip http server ip http secure-server ip http secure-port Telnet Server Commands ip telnet port ip telnet server Secure Shell Commands ip ssh server ip ssh timeout ip ssh authentication-retries ip ssh server-key size delete public-key ip ssh crypto host-key generate ip ssh crypto zeroize ip ssh save host-ke
Contents Time Commands sntp client sntp server sntp poll show sntp clock timezone calendar set show calendar System Status Commands show startup-config show running-config show system show users show version Frame Size Commands jumbo frame Flash/File Commands copy delete dir whichboot boot system Authentication Commands Authentication Sequence authentication login authentication enable RADIUS Client radius-server host radius-server port radius-server key radius-server retransmit radius-server timeout show r
Contents dot1x operation-mode dot1x re-authenticate dot1x re-authentication dot1x timeout quiet-period dot1x timeout re-authperiod dot1x timeout tx-period show dot1x Access Control List Commands IP ACLs access-list ip permit, deny (Standard ACL) permit, deny (Extended ACL) show ip access-list access-list ip mask-precedence mask (IP ACL) show access-list ip mask-precedence ip access-group show ip access-group map access-list ip show map access-list ip match access-list ip show marking MAC ACLs access-list ma
Contents snmp-server engine-id show snmp engine-id snmp-server view show snmp view snmp-server group show snmp group snmp-server user show snmp user snmp ip filter DHCP Commands DHCP Client ip dhcp client-identifier ip dhcp restart client DHCP Relay ip dhcp restart relay ip dhcp relay server DHCP Server service dhcp ip dhcp excluded-address ip dhcp pool network default-router domain-name dns-server next-server bootfile netbios-name-server netbios-node-type lease host client-identifier hardware-address clear
Contents Interface Commands interface description speed-duplex negotiation capabilities media-type shutdown switchport broadcast packet-rate clear counters show interfaces status show interfaces counters show interfaces switchport Mirror Port Commands port monitor show port monitor Rate Limit Commands rate-limit Link Aggregation Commands channel-group lacp Address Table Commands mac-address-table static clear mac-address-table dynamic show mac-address-table mac-address-table aging-time show mac-address-tabl
Contents spanning-tree edge-port spanning-tree portfast spanning-tree link-type spanning-tree mst cost spanning-tree mst port-priority spanning-tree protocol-migration show spanning-tree show spanning-tree mst configuration VLAN Commands Editing VLAN Groups vlan database vlan Configuring VLAN Interfaces interface vlan switchport mode switchport acceptable-frame-types switchport ingress-filtering switchport native vlan switchport allowed vlan switchport forbidden vlan Displaying VLAN Information show vlan Co
Contents show queue cos-map Priority Commands (Layer 3 and 4) map ip port (Global Configuration) map ip port (Interface Configuration) map ip precedence (Global Configuration) map ip precedence (Interface Configuration) map ip dscp (Global Configuration) map ip dscp (Interface Configuration) show map ip port show map ip precedence show map ip dscp Multicast Filtering Commands IGMP Snooping Commands ip igmp snooping ip igmp snooping vlan static ip igmp snooping version show ip igmp snooping show mac-address-
Contents arp arp-timeout clear arp-cache show arp ip proxy-arp IP Routing Commands Global Routing Configuration ip routing ip route clear ip route show ip route show ip host-route show ip traffic Routing Information Protocol (RIP) router rip timers basic network neighbor version ip rip receive version ip rip send version ip split-horizon ip rip authentication key ip rip authentication mode show rip globals show ip rip Open Shortest Path First (OSPF) router ospf router-id compatible rfc1583 default-informati
Contents ip ospf hello-interval ip ospf priority ip ospf retransmit-interval ip ospf transmit-delay show ip ospf show ip ospf border-routers show ip ospf database show ip ospf interface show ip ospf neighbor show ip ospf summary-address show ip ospf virtual-links Multicast Routing Commands Static Multicast Routing Commands ip igmp snooping vlan mrouter show ip igmp snooping mrouter General Multicast Routing Commands ip multicast-routing show ip mroute DVMRP Multicast Routing Commands router dvmrp probe-inte
Contents Router Redundancy Commands Virtual Router Redundancy Protocol Commands vrrp ip vrrp authentication vrrp priority vrrp timers advertise vrrp preempt show vrrp show vrrp interface show vrrp router counters show vrrp interface counters clear vrrp router counters clear vrrp interface counters Hot Standby Router Protocol Commands standby ip standby priority standby preempt standby authentication standby timers standby track show standby show standby interface 4-311 4-311 4-312 4-313 4-313 4-314 4-315 4
Tables Table 1-1 Table 1-2 Table 3-1 Table 3-2 Table 3-3 Table 3-4 Table 3-5 Table 3-6 Table 3-7 Table 3-8 Table 3-9 Table 3-10 Table 3-11 Table 3-12 Table 3-13 Table 3-14 Table 3-15 Table 3-16 Table 3-17 Table 3-18 Table 3-19 Table 3-20 Table 3-21 Table 3-22 Table 4-1 Table 4-2 Table 4-3 Table 4-4 Table 4-5 Table 4-6 Table 4-7 Table 4-8 Table 4-9 Table 4-10 Table 4-11 Table 4-12 Table 4-13 Table 4-14 Table 4-15 Table 4-16 Table 4-17 xxi Key Features System Defaults Web Page Configuration Buttons Switch Ma
Tables Table 4-18 Table 4-19 Table 4-20 Table 4-21 Table 4-22 Table 4-23 Table 4-24 Table 4-25 Table 4-26 Table 4-27 Table 4-28 Table 4-29 Table 4-30 Table 4-31 Table 4-32 Table 4-33 Table 4-34 Table 4-35 Table 4-36 Table 4-37 Table 4-38 Table 4-39 Table 4-40 Table 4-41 Table 4-42 Table 4-43 Table 4-44 Table 4-45 Table 4-46 Table 4-47 Table 4-48 Table 4-49 Table 4-50 Table 4-51 Table 4-52 Table 4-53 Table 4-54 Table 4-55 Table 4-56 Table 4-57 Table 4-58 Table 4-59 Table 4-60 Table 4-61 Table 4-62 xxii show
Tables Table 4-63 Table 4-64 Table 4-65 Table 4-66 Table 4-67 Table 4-68 Table 4-69 Table 4-70 Table 4-71 Table 4-72 Table 4-73 Table 4-74 Table 4-75 Table 4-76 Table 4-77 Table 4-78 Table 4-79 Table 4-80 Table 4-81 Table 4-82 Table 4-83 Table 4-84 Table 4-85 Table 4-87 Table 4-86 Table 4-88 Table 4-89 Table 4-90 Table 4-91 Table 4-92 Table 4-93 Table 4-94 Table 4-95 Table 4-96 Table 4-97 Table 4-98 Table 4-99 Table 4-100 Table 4-101 Table 4-102 Table 4-103 Table 4-104 Table 4-105 Table 4-106 Table 4-107 P
Tables Table 4-108 Table 4-110 Table 4-109 Table 4-111 Table 4-112 Table 4-113 Table B-1 xxiv VRRP Commands show vrrp brief - display description show vrrp - display description HSRP Commands show standby - display description show standby brief - display description Troubleshooting Chart 4-311 4-317 4-317 4-320 4-327 4-328 B-1
Figures Figure 3-1 Figure 3-2 Figure 3-3 Figure 3-4 Figure 3-5 Figure 3-6 Figure 3-7 Figure 3-8 Figure 3-9 Figure 3-10 Figure 3-11 Figure 3-12 Figure 3-13 Figure 3-14 Figure 3-15 Figure 3-16 Figure 3-17 Figure 3-18 Figure 3-19 Figure 3-20 Figure 3-21 Figure 3-22 Figure 3-23 Figure 3-24 Figure 3-25 Figure 3-26 Figure 3-27 Figure 3-28 Figure 3-29 Figure 3-30 Figure 3-31 Figure 3-32 Figure 3-33 Figure 3-34 Figure 3-35 Figure 3-36 Figure 3-37 Figure 3-38 Figure 3-39 Figure 3-40 Figure 3-41 Home Page Front Pane
Figures Figure 3-42 Figure 3-43 Figure 3-44 Figure 3-45 Figure 3-46 Figure 3-47 Figure 3-48 Figure 3-49 Figure 3-50 Figure 3-51 Figure 3-52 Figure 3-53 Figure 3-54 Figure 3-55 Figure 3-56 Figure 3-57 Figure 3-58 Figure 3-59 Figure 3-60 Figure 3-61 Figure 3-62 Figure 3-63 Figure 3-64 Figure 3-65 Figure 3-66 Figure 3-67 Figure 3-68 Figure 3-69 Figure 3-70 Figure 3-71 Figure 3-72 Figure 3-73 Figure 3-74 Figure 3-75 Figure 3-76 Figure 3-77 Figure 3-78 Figure 3-79 Figure 3-80 Figure 3-81 Figure 3-82 Figure 3-83
Figures Figure 3-87 Figure 3-88 Figure 3-89 Figure 3-90 Figure 3-91 Figure 3-92 Figure 3-93 Figure 3-94 Figure 3-95 Figure 3-96 Figure 3-97 Figure 3-98 Figure 3-99 Figure 3-100 Figure 3-101 Figure 3-102 Figure 3-103 Figure 3-104 Figure 3-105 Figure 3-106 Figure 3-107 Figure 3-108 Figure 3-109 Figure 3-110 Figure 3-111 Figure 3-112 Figure 3-113 Figure 3-114 Figure 3-115 Figure 3-116 Figure 3-117 Figure 3-118 Figure 3-119 Figure 3-120 Figure 3-121 Figure 3-122 Figure 3-123 Figure 3-124 Figure 3-125 Figure 3-1
Figures Figure 3-132 Figure 3-133 Figure 3-134 Figure 3-135 Figure 3-136 Figure 3-137 Figure 3-138 Figure 3-139 Figure 3-140 Figure 3-141 Figure 3-142 Figure 3-143 Figure 3-144 Figure 3-145 Figure 3-146 Figure 3-147 Figure 3-148 Figure 3-149 Figure 3-150 Figure 3-151 Figure 3-152 Figure 3-153 xxviii OSPF Area Configuration OSPF Range Configuration OSPF Interface Configuration OSPF Interface Configuration - Detailed OSPF Virtual Link Configuration OSPF Network Area Address Configuration OSPF Summary Addres
Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
1 Introduction Table 1-1 Key Features (Continued) Feature Description Router Redundancy Router backup is provided with the Virtual Router Redundancy Protocol (VRRP) and the Hot Standby Router Protocol (HSRP) IP Routing Routing Information Protocol (RIP), Open Shortest Path First (OSPF), static routes ARP Static and dynamic address configuration, proxy ARP Multicast Filtering Supports IGMP snooping and query for Layer 2, and IGMP for Layer 3 Multicast Routing Supports DVMRP and PIM-DM Descripti
Description of Software Features 1 DHCP Server and DHCP Relay – A DHCP server is provided to assign IP addresses to host devices. Since DHCP uses a broadcast mechanism, a DHCP server and its client must physically reside on the same subnet. Since it is not practical to have a DHCP server on every subnet, DHCP Relay is also supported to allow dynamic configuration of local clients from a DHCP server located in a different network.
1 Introduction To avoid dropping frames on congested ports, the switch provides 1 MB for frame buffering. This buffer can queue packets awaiting transmission on congested networks. Spanning Tree Protocol – The switch supports these spanning tree protocols: Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol adds a level of fault tolerance by allowing two or more redundant connections to be created between a pair of LAN segments.
Description of Software Features 1 This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet or the number of the TCP/UDP port. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue. IP Routing – The switch provides Layer 3 IP routing.
1 Introduction Multicast Routing – Routing for multicast packets is supported by the Distance Vector Multicast Routing Protocol (DVMRP) and Protocol-Independent Multicasting Dense Mode (PIM-DM). These protocols work in conjunction with IGMP to filter and route multicast traffic. DVMRP is a more comprehensive implementation that maintains its own routing table, but is gradually being replacing by most network managers with PIM, Dense Mode and Sparse Mode.
System Defaults 1 Table 1-2 System Defaults (Continued) Function Parameter Default Web Management HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabled Link-up-down events: enabled SNMP V3 View: defaultview Group: public (read only), private (read/write) Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Port Capability 1000BAS
1 Introduction Table 1-2 System Defaults (Continued) Function Parameter Default Spanning Tree Protocol Status Enabled, MSTP (Defaults: All values based on IEEE 802.
System Defaults 1 Table 1-2 System Defaults (Continued) Function Parameter Default Router Redundancy HSRP Disabled VRRP Disabled IGMP Snooping (Layer 2) Snooping: Enabled Querier: Disabled IGMP (Layer 3) Disabled DVMRP Disabled PIM-DM Disabled Status Enabled Messages Logged Levels 0-7 (all) Multicast Filtering Multicast Routing System Log Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler Disabled SNTP Clock Synchronization Disabled 1-9
1 1-10 Introduction
Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI). Note: The IP address for this switch is obtained via DHCP by default. To change this address, see “Setting an IP Address” on page 2-4.
2 • • • • • • Initial Configuration Configure Spanning Tree parameters Configure Class of Service (CoS) priority queuing Configure up to 6 static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information and statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.
Basic Configuration 2 Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. The IP address for this switch is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 2-4. Notes: 1.
2 Initial Configuration Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names using the “username” command, record them and put them in a safe place. Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows: 1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level.
Basic Configuration 2 Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this network To assign an IP address to the switch, complete the following steps: 1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press . 2.
2 Initial Configuration 5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press . 6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press . Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#ip dhcp restart client Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.
Basic Configuration 2 The default strings are: • public - with read-only access. Authorized management stations are only able to retrieve MIB objects. • private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects. To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default community strings. To configure a community string, complete the following steps: 1.
2 Initial Configuration Configuring Access for SNMP Version 3 Clients To configure management access for SNMPv3 clients, you need to first create a view that defines the portions of MIB that the client can read or write, assign the view to a group, and then assign the user to a group. The following example creates one view called “mib-2” that includes the entire MIB-2 tree branch, and then another view that includes the IEEE 802.1d bridge MIB.
Managing System Files 2 Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file. The three types of files are: • Configuration — This file stores system configuration information and is created when configuration settings are saved.
2 2-10 Initial Configuration
Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Note: You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet.
3 Configuring the Switch Navigating the Web Browser Interface To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.” Home Page When your web browser connects with the switch’s web agent, the home page is displayed as shown below.
Navigating the Web Browser Interface 3 Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons. Table 3-1 Web Page Configuration Buttons Button Action Revert Cancels specified values and restores current values prior to pressing “Apply” or “Apply Changes.
3 Configuring the Switch Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.
Navigating the Web Browser Interface 3 Table 3-2 Switch Main Menu (Continued) Menu Description Security Page 3-36 User Accounts Configures user names, passwords, and access levels 3-44 Authentication Settings Configures authentication sequence, RADIUS and TACACS 3-46 HTTPS Settings Configures secure HTTP settings 3-48 SSH 3-50 Settings Configures Secure Shell server settings 3-54 Host-Key Settings Generates the host key pair (public and private) 3-52 Port Security Configures per port
3 Configuring the Switch Table 3-2 Switch Main Menu (Continued) Menu Description Rate Limit Input Port Configuration Page 3-96 Sets the input rate limit for each port 3-96 Input Trunk Configuration Sets the input rate limit for each trunk 3-96 Output Port Configuration Sets the output rate limit for each port 3-96 Output Trunk Configuration Sets the output rate limit for each trunk Port Statistics Lists Ethernet and RMON port statistics Address Table 3-96 3-97 3-101 Static Addresses Displ
Navigating the Web Browser Interface 3 Table 3-2 Switch Main Menu (Continued) Menu Description Page Static Membership Configures membership type for interfaces, including tagged, untagged or forbidden 3-131 Port Configuration Specifies default PVID and VLAN attributes 3-132 Trunk Configuration Specifies default trunk VID and VLAN attributes 3-132 Status Enables or disables the private VLAN 3-134 Link Status Configures the private VLAN 3-135 Private VLAN Protocol VLAN Configuration Crea
3 Configuring the Switch Table 3-2 Switch Main Menu (Continued) Menu Description Page IP Multicast Registration Table Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID 3-158 IGMP Member Port Table Indicates multicast addresses associated with the selected VLAN 3-159 DNS 3-164 General Configuration Enables DNS; configures domain name and domain list; and specifies IP address of name servers for dynamic lookup 3-164 Static Host Table Configures
Navigating the Web Browser Interface 3 Table 3-2 Switch Main Menu (Continued) Menu Description Page UDP Shows statistics for UDP, including the amount of traffic and errors 3-209 TCP Shows statistics for TCP, including the amount of traffic and TCP connection activity 3-210 Routing 3-194 Static Routes Configures and display static routing entries 3-211 Routing Table Shows all routing entries, including local, static and dynamic routes 3-212 General Settings Globally enables multicast rou
3 Configuring the Switch Table 3-2 Switch Main Menu (Continued) Menu Description Page Interface Configuration Shows area ID and designated router; also configures OSPF protocol settings and authentication for each interface 3-232 Virtual Link Configuration Configures a virtual link through a transit area to the backbone 3-236 Network Area Address Configuration Defines OSPF areas and associated interfaces 3-238 Summary Address Configuration Aggregates routes learned from other protocols for ad
Basic Configuration 3 Basic Configuration Displaying System Information You can easily identify the system by displaying the device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Administrator responsible for the system. • System Up Time – Length of time the management agent has been up.
3 Configuring the Switch CLI – Specify the hostname, location and contact information. Console(config)#hostname R&D 5 4-26 Console(config)#snmp-server location WC 9 4-116 Console(config)#snmp-server contact Ted 4-115 Console(config)#exit Console#show system 4-61 System description: 8 SFP ports + 4 Gigabit Combo ports L2/L3/L4 managed standalone switch System OID string: 1.3.6.1.4.1.259.6.10.57 System information System Up time: 0 days, 2 hours, 4 minutes, and 7.
Basic Configuration 3 These additional parameters are displayed for the CLI. • Unit ID – Unit number in stack. • Redundant Power Status – Displays the status of the redundant power supply. Web – Click System, Switch Information. Figure 3-4 Switch Information CLI – Use the following command to display version information.
3 Configuring the Switch Displaying Bridge Extension Capabilities The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables. Field Attributes • Extended Multicast Filtering Services – This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).
Basic Configuration 3 CLI – Enter the following command. Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: Yes Traffic classes: Enabled Global GVRP status: Disabled GMRP: Disabled Console# 4-204 Setting the Switch’s IP Address This section describes how to configure an initial IP interface for management access over the network.
3 Configuring the Switch Command Attributes • VLAN – ID of the configured VLAN (1-4094, no leading zeroes). By default, all ports on the switch are members of VLAN 1. However, the management station can be attached to a port belonging to any VLAN, as long as that VLAN has been assigned an IP address. • IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configuration Protocol (DHCP), or Boot Protocol (BOOTP).
3 Basic Configuration Click IP, Global Setting. If this switch and management stations exist on other network segments, then specify the default gateway, and click Apply. Figure 3-7 Default Gateway CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.253 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.
3 Configuring the Switch Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services. Web – Click IP, General, Routing Interface. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes. Then click Restart DHCP to immediately request a new address. Note that the switch will also broadcast a request for IP configuration settings on each power reset.
Basic Configuration 3 Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web interface. You can only restart DHCP service via the web interface if the current address is still available. CLI – Enter the following command to restart DHCP service. Console#ip dhcp restart client 4-127 Managing Firmware You can upload/download firmware to or from a TFTP server.
3 Configuring the Switch Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file. Web – Click System, File Management, Copy Operation.
Basic Configuration 3 To delete a file select System, File, Delete. Select the file name from the given list by checking the tick box and click Apply. Note that the file currently designated as the startup code cannot be deleted. Figure 3-11 Deleting Files CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “config” as the file type, then enter the source and destination file names.
3 Configuring the Switch Saving or Restoring Configuration Settings You can upload/download configuration settings to/from a TFTP server. The configuration file can be later downloaded to restore the switch’s settings. Command Attributes • File Transfer Method – The configuration copy operation includes these options: - file to file – Copies a file within the switch directory, assigning it a new name. - file to running-config – Copies a file in the switch to the running configuration.
Basic Configuration 3 Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg” can be copied to the TFTP server, but cannot be used as the destination on the switch. Web – Click System, File Management, Copy Operation.
3 Configuring the Switch CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config TFTP server ip address: 192.168.1.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming. -Write to FLASH finish. Success.
Basic Configuration 3 • Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match the baud rate of the device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Auto; Default: Auto) • Stop Bits – Sets the number of the stop bits transmitted per byte. (Range: 1-2; Default: 1 stop bit) • Password3 – Specifies a password for the line connection.
3 Configuring the Switch CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level.
Basic Configuration 3 • Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts) • Password4 – Specifies a password for the line connection.
3 Configuring the Switch CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the current virtual terminal settings, use the show line command from the Normal Exec level.
Basic Configuration 3 Table 3-3 Logging Levels Level Name Level Description debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition, such as cold start warnings 4 Warning conditions (e.g., return false, unexpected return) errors 3 Error conditions (e.g., invalid input, default used) critical 2 Critical conditions (e.g.
3 Configuring the Switch Remote Log Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the event messages sent to only those messages at or above a specified level. Command Attributes • Remote Log Status – Enables/disables the logging of debug or error messages to the remote logging process. (Default: enabled) • Logging Facility – Sets the facility type for remote logging of syslog messages.
Basic Configuration 3 Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP List, and then click Remove. Figure 3-17 Remote Logs CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap. Console(config)#logging host 10.1.0.
3 Configuring the Switch Displaying Log Messages Use the Logs page to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory. Web – Click System, Log, Logs. Figure 3-18 Displaying Logs CLI – This example shows that system logging is enabled, the message level for flash memory is “errors” (i.e.
Basic Configuration 3 Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock using the CLI. (See “calendar set” on page 4-57.) If the clock is not set, the switch will only record the time from the factory default set at the last bootup.
3 Configuring the Switch CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings. Console(config)#sntp client Console(config)#sntp poll 16 Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2 Console(config)#exit Console#show sntp Current time: Jan 6 14:56:05 2004 Poll interval: 60 Current mode: unicast SNTP status : Enabled SNTP server 10.1.0.19 137.82.140.80 128.250.36.2 Current server: 128.250.36.
Simple Network Management Protocol 3 Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
3 Configuring the Switch Table 3-4 SNMPv3 Security Models and Levels (Continued) Model Level Group Read View Write View Security v3 AuthNoPriv user defined user defined user defined Provides user authentication via MD5 or SHA algorithms v3 AuthPriv user defined user defined user defined Provides user authentication via MD5 or SHA algorithms and data privacy using DES 56-bit encryption Note: The predefined default groups and view can be deleted from the system.
Simple Network Management Protocol 3 • Access Mode – Specifies the access rights for the community string: - Read-Only – Authorized management stations are only able to retrieve MIB objects. - Read/Write – Authorized management stations are able to both retrieve and modify MIB objects. Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Access Mode drop-down list, then click Add.
3 Configuring the Switch • Enable Authentication Traps – Issues a trap message to specified IP trap managers whenever authentication of an SNMP request fails. (Default: Enabled) • Enable Link-up and Link-down Traps – Issues a trap message whenever a port link is established or broken. (Default: Enabled) Web – Click SNMP, Configuration. Enter the IP address and community string for each management station that will receive trap messages, specify the UDP port and SNMP version, and then click Add.
3 Simple Network Management Protocol A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engineID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users. Web – Click SNMP, SNMPv3, Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save. Figure 3-25 Setting the SNMPv3 Engine ID CLI – This example sets an SNMPv3 engine ID.
3 Configuring the Switch • Privacy – The encryption algorithm use for data privacy; only 56-bit DES is currently available • Actions – Enables the user to be assigned to another SNMPv3 group. Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.
3 Simple Network Management Protocol CLI – Use the snmp-server user command to configure a new user name and assign it to a group.
3 Configuring the Switch Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a security model and level, and then select read and write views. Click Add to save the new group and return to the Groups list. To delete a group, check the box next to the group name, then click Delete.
Simple Network Management Protocol 3 Setting SNMPv3 Views SNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined view “defaultview” includes access to the entire MIB tree. Command Attributes • View Name – The name of the SNMP view. (Range: 1-64 characters) • View OID Subtrees – Shows the currently configured object identifiers of branches within the MIB tree that define the SNMP view.
3 Configuring the Switch CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the wildcard mask selects all index entries. Console(config)#snmp-server view ifEntry.a 1.3.6.1.2.1.2.2.1.1.* included Console(config)#exit Console#show snmp view View Name: ifEntry.a Subtree OID: 1.3.6.1.2.1.2.2.1.1.* View Type: included Storage Type: nonvolatile Row Status: active 4-120 4-121 View Name: readaccess Subtree OID: 1.3.6.1.
User Authentication 3 Command Attributes • Account List – Shows the list of users that are allowed management access. (Defaults: admin, and guest) • New Account – Displays configuration settings for a new account. - User Name – The name of the user. (Maximum length: 8 characters; maximum number of users: 16) - Access Level – Specifies the user level. (Options: Normal and Privileged) - Password – Specifies the user password.
3 Configuring the Switch Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols.
User Authentication 3 • RADIUS Settings - Server IP Address – Address of authentication server. (Default: 10.1.0.1) - Server Port Number – Network (UDP) port of authentication server used for authentication messages. (Range: 1-65535; Default: 1812) - Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
3 Configuring the Switch CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius Console(config)#radius-server host 192.168.1.25 Console(config)#radius-server port 181 Console(config)#radius-server key green Console(config)#radius-server retransmit 5 Console(config)#radius-server timeout 10 Console#show radius-server Server IP address: 192.168.1.
User Authentication 3 • The following web browsers and operating systems currently support HTTPS: Table 3-5 HTTPS System Support Web Browser Operating System Internet Explorer 5.0 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP Netscape Navigator 4.76 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP, Solaris 2.6 • To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” on page 3-49.
3 Configuring the Switch When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line interface to replace the default (unrecognized) certificate with an authorized one: Console#copy tftp https-certificate TFTP server ip address: Source certificate file name: Source private file name: Private password: 4-64 Note: The switch must be reset for the new c
User Authentication 3 Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An entry for a public key in the known hosts file would appear similar to the following example: 10.1.0.
3 Configuring the Switch Notes: 1. To use SSH with only password authentication, the host public key must still be given to the client, either during initial connection or manually entered into the known host file. However, you do not need to configure the client’s keys. 2. The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions.
User Authentication 3 Web – Click Security, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host key from memory to flash (if required) prior to generating the key, and then click Generate. Figure 3-32 SSH Host-Key Settings CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then displays the host’s public keys.
3 Configuring the Switch Configuring the SSH Server The SSH server includes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Enabled) • Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.
User Authentication 3 CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the administrator has made a connection via SHH, and then disables this connection. Console(config)#ip ssh server Console(config)#ip ssh timeout 100 Console(config)#ip ssh authentication-retries 5 Console(config)#ip ssh server-key size 512 Console(config)#end Console#show ip ssh SSH Enabled - version 2.
3 Configuring the Switch • If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configuration page (page 3-81). Command Attributes • Port – Port number. • Name – Descriptive text (page 4-150). • Action – Indicates the action to be taken when a port security violation is detected: - None: No action should be taken. (This is the default.) - Trap: Send an SNMP trap message. - Shutdown: Disable the port.
User Authentication 3 CLI – This example sets the command mode to Port 5, sets the port security action to send a trap and disable the port, and specifies a maximum address count, and then enables port security for the port. Console(config)#interface ethernet 1/5 Console(config-if)#port security action trap-and-shutdown Console(config-if)#port security max-mac-count 20 Console(config-if)#port security Console(config-if)# 4-78 Configuring 802.
3 Configuring the Switch The operation of dot1x on the switch requires the following: • The switch must have an IP address assigned. • RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified. • Each switch port that will be used must be set to dot1x “Auto” mode. • Each client that needs to be authenticated must have dot1x client software installed and properly configured. • The RADIUS server and 802.1x client support EAP.
User Authentication 3 Web – Click 802.1x, Information. Figure 3-35 802.1X Information CLI – This example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the CLI, see “show dot1x” on page 4-85. Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.1X Port Port Name 1/1 1/2 . . .
3 Configuring the Switch Backend State Machine State Idle Request Count 0 Identifier(Server) 3 Reauthentication State Machine State Initialize Console# Configuring 802.1x Global Settings The dot1x protocol includes global parameters that control the client authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
User Authentication 3 Web – Select Security, 802.1x, Configuration. Enable dot1x globally for the switch, modify any of the parameters required, and then click Apply. Figure 3-36 802.1X Configuration CLI – This enables re-authentication and sets all of the global parameters for dot1x.
3 Configuring the Switch • Supplicant – Indicates the MAC address of a connected client. • Trunk – Indicates if the port is configured as a trunk port. Web – Click Security, 802.1x, Port Configuration. Select the authentication mode from the drop-down box and click Apply. Figure 3-37 802.1X Port Configuration CLI – This example sets the authentication mode to enable 802.1x on port 2, and allows up to ten clients to connect to this port.
User Authentication 3 Table 3-6 802.1x Statistics (Continued) Parameter Description Rx EAP Resp/Oth The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator. Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid. Rx Last EAPOLVer The protocol version number carried in the most recently received EAPOL frame.
3 Configuring the Switch CLI – This example displays the dot1x statistics for port 4.
User Authentication 3 Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interface, and click Add IP Filtering Entry. Figure 3-39 IP Filter CLI – This example restricts management access for Telnet clients. Console(config)#management telnet-client 192.168.1.19 Console(config)#management telnet-client 192.168.1.25 192.168.1.
3 Configuring the Switch Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, specify a mask to modify the precedence in which the rules are checked, and then bind the list to a specific port.
Access Control Lists 3 Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum length: 16 characters) • Type – There are three filtering modes: - Standard: IP ACL mode that filters packets based on the source IP address. - Extended: IP ACL mode that filters packets based on source or destination IP address, as well as protocol type and protocol port number.
3 Configuring the Switch and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned. Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Then click Add. Figure 3-41 ACL Configuration - Standard IP CLI – This example configures one permit rule for the specific address 10.1.1.
Access Control Lists 3 Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain either all permit rules or all deny rules. (Default: Permit rules) • Source/Destination Address Type – Specifies the source or destination IP address. Use “Any” to include all possible addresses, “Host” to specify a specific host address in the Address field, or “IP” to specify a range of addresses with the Address and SubMask fields.
3 Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Set any other required criteria, such as service type, protocol type, or TCP control code. Then click Add. Figure 3-42 ACL Configuration - Extended IP CLI – This example adds three rules: 1.
Access Control Lists 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules) • Source/Destination Address Type – Use “Any” to include all possible addresses, “Host” to indicate a specific MAC address, or “MAC” to specify an address range with the Address and Bitmask fields. (Options: Any, Host, MAC; Default: Any) • Source/Destination MAC Address – Source or destination MAC address.
3 Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter a base address and a hexidecimal bitmask for an address range. Set any other required criteria, such as VID, Ethernet type, or packet format. Then click Add.
3 Access Control Lists Configuring ACL Masks You must specify masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ingress or egress ACL. A mask must be bound exclusively to one of the basic ACL types (i.e.
3 Configuring the Switch Configuring an IP ACL Mask This mask defines the fields to check in the IP header. Command Usage • Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes. Command Attributes • Source/Destination Address Type – Specifies the source or destination IP address. Use “Any” to match any address, “Host” to specify a host address (not a subnet), or “IP” to specify a range of addresses.
Access Control Lists 3 Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or destination address, a specific host address, or an address range. Include other criteria to search for in the rules, such as a protocol type or one of the service types. Or use a bitmask to search for specific protocol port(s) or TCP control code(s). Then click Add.
3 Configuring the Switch Configuring a MAC ACL Mask This mask defines the fields to check in the packet header. Command Usage You must configure a mask for an ACL rule before you can bind it to a port. Command Attributes • Source/Destination Address Type – Use “Any” to match any address, “Host” to specify the host address for a single node, or “MAC” to specify a range of addresses. (Options: Any, Host, MAC; Default: Any) • Source/Destination Bitmask – Address of rule must match this bitmask.
Access Control Lists 3 CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask.
3 Configuring the Switch Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egress traffic, select the required ACL from the drop-down list, then click Apply. Figure 3-47 ACL Port Binding CLI – This examples assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2.
Port Configuration 3 • Media Type6 – Shows the forced/preferred port type to use for combination ports 9-12. (Copper-Forced, Copper-Preferred-Auto, SFP-Forced, SFP-Preferred-Auto) • Trunk Member6 – Shows if port is a trunk member. • Creation7 – Shows if a trunk is manually configured or dynamically set via LACP. Web – Click Port, Port Information or Trunk Information. Figure 3-48 Port - Port Information Field Attributes (CLI) Basic information: • Port type – Indicates the port type.
3 Configuring the Switch • • • • Flow control – Shows if flow control is enabled or disabled. LACP – Shows if LACP is enabled or disabled. Port Security – Shows if port security is enabled or disabled. Max MAC count – Shows the maximum number of MAC address that can be learned by a port. (0 - 1024 addresses) • Port security action – Shows the response to take when a security violation is detected.
Port Configuration 3 Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. Command Attributes • Name – Allows you to label an interface. (Range: 1-64 characters) • Admin – Allows you to manually disable an interface. You can disable an interface due to abnormal behavior (e.g.
3 Configuring the Switch Note: Auto-negotiation must be disabled before you can configure or force the interface to use the Speed/Duplex Mode or Flow Control options. Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. Figure 3-49 Port - Port Configuration CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 Console(config-if)#shutdown .
Port Configuration 3 Creating Trunk Groups You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices. You can create up to six trunks at a time. The switch supports both static trunking and dynamic Link Aggregation Control Protocol (LACP).
3 Configuring the Switch Statically Configuring a Trunk Command Usage statically configured } • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.
Port Configuration 3 CLI – This example creates trunk 2 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to form a trunk.
3 Configuring the Switch Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply. Figure 3-51 LACP Trunk Configuration CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/1 Console(config-if)#lacp Console(config-if)#exit . . .
Port Configuration 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assigned to a common port channel must meet the following criteria: • Ports must have the same LACP System Priority. • Ports must have the same LACP port Admin Key. Command Attributes Set Port Actor – This menu sets the local side of an aggregate link; i.e., the ports on this switch. • Port – Port number.
3 Configuring the Switch Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the administrative state of the partner, and will not take effect until the next time an aggregate link is formed with this device.) After you have completed setting the port LACP parameters, click Apply.
Port Configuration 3 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Table 3-7 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group. LACPDUs Received Number of valid LACPDUs received by this channel group. Marker Sent Number of valid Marker PDUs transmitted from this channel group. Marker Received Number of valid Marker PDUs received by this channel group.
3 Configuring the Switch Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of an link aggregation. Table 3-8 Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Current administrative value of the key for the aggregation port. LACPDUs Internal Number of seconds before invalidating received LACPDU information.
Port Configuration 3 Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information. Figure 3-54 LACP - Port Internal Information CLI – This function is not supported by the CLI.
3 Configuring the Switch Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. Table 3-9 Neighbor Configuration Information Field Description Partner Admin System ID LAG partner’s system ID assigned by the user. Partner Oper System ID LAG partner’s system ID assigned by the LACP protocol. Partner Admin Port Number Current administrative value of the port number for the protocol Partner.
Port Configuration 3 Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt. You can protect your network from broadcast storms by setting a threshold for broadcast traffic for each port.
3 Configuring the Switch CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 packets per second for port 2.
Port Configuration 3 Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. Source port(s) Command Usage Single target port • Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port.
3 Configuring the Switch Configuring Rate Limits This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the switch. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped. Rate limiting can be applied to individual ports or trunks.
Port Configuration 3 Showing Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading).
3 Configuring the Switch Table 3-10 Port Statistics (Continued) Parameter Description Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. Transmit Errors The number of outbound packets that could not be transmitted because of errors.
Port Configuration 3 Table 3-10 Port Statistics (Continued) Parameter Description Received Frames The total number of frames (bad, broadcast and multicast) received. Broadcast Frames The total number of good frames received that were directed to the broadcast address. Note that this does not include multicast packets. Multicast Frames The total number of good frames received that were directed to this multicast address.
3 Configuring the Switch Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen.
Address Table Settings 3 CLI – This example shows statistics for port 12.
3 Configuring the Switch Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. Figure 3-60 Static Addresses CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.
Address Table Settings 3 Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query. Figure 3-61 Dynamic Addresses CLI – This example also displays the address table entries for port 1.
3 Configuring the Switch Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables/disables the aging function. • Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 seconds; Default: 300 seconds) Web – Click Address Table, Address Aging. Specify the new aging time, click Apply. Figure 3-62 Address Aging CLI – This example sets the aging time to 400 seconds.
Spanning Tree Algorithm Configuration 3 Designated Root x x x Designated Bridge x Designated Port Root Port x Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
3 Configuring the Switch • Hello Time – Interval (in seconds) at which the root device transmits a configuration message. • Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
Spanning Tree Algorithm Configuration • • • • • 3 information that would make it return to a discarding state; otherwise, temporary data loops might result. Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. Max hops – The max number of hop counts for the MST region. Remaining hops – The remaining number of hop counts for the MST instance.
3 Configuring the Switch CLI – This command displays global STA settings, followed by settings for each port. Console#show spanning-tree Spanning-tree information --------------------------------------------------------------Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :0 Vlans configuration :1-4094 Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.) :20 Root Forward Delay (sec.
Spanning Tree Algorithm Configuration 3 • Multiple Spanning Tree Protocol - To allow multiple spanning trees to operate over the network, you must configure a related set of bridges with the same MSTP configuration, allowing them to participate in a specific set of spanning tree instances. - A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments. - Be careful when switching between spanning tree modes.
3 Configuring the Switch • Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. • Default: 15 • Minimum: The higher of 4 or [(Max.
Spanning Tree Algorithm Configuration 3 Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.
3 Configuring the Switch CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters.
Spanning Tree Algorithm Configuration 3 • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is determined by manual configuration or by auto-detection, as described for Admin Link Type in STA Port Configuration on page 3-115. • Oper Edge Port – This parameter is initialized to the setting for Admin Edge Port in STA Port Configuration on page 3-115 (i.e.
3 Configuring the Switch • Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops.
Spanning Tree Algorithm Configuration 3 CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 Eth 1/ 5 information -------------------------------------------------------------Admin status : enable Role : disable State : discarding External path cost : 10000 Internal path cost : 10000 Priority : 128 Designated cost : 200000 Designated port : 128.5 Designated root : 61440.0.0000E9313131 Designated bridge : 61440.0.
3 Configuring the Switch Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled. • Default: 128 • Range: 0-240, in steps of 16 • Path Cost – This parameter is used by the STP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.
Spanning Tree Algorithm Configuration 3 Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Apply. Figure 3-66 STA Port Configuration CLI – This example sets STA attributes for port 7.
3 Configuring the Switch To ensure that the MSTI maintains connectivity across the network, you must configure a related set of bridges with the same MSTI settings. Command Attributes • MST Instance – Instance identifier of this spanning tree. (Default: 0) • Priority – The priority of a spanning tree instance.
Spanning Tree Algorithm Configuration 3 CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 2 Spanning-tree information --------------------------------------------------------------Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :2 Vlans configuration :2 Priority :4096 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.
3 Configuring the Switch Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selected MST instance. Field Attributes • MST Instance ID – Instance identifier to configure. (Range: 0-57; Default: 0) The other attributes are described under “Displaying Interface Settings,” page 3-112. Web – Click Spanning Tree, MSTP, Port Information or Trunk Information.
Spanning Tree Algorithm Configuration 3 --------------------------------------------------------------Eth 1/ 1 information --------------------------------------------------------------Admin status : enable Role : root State : forwarding External path cost : 100000 Internal path cost : 100000 Priority : 128 Designated cost : 200000 Designated port : 128.24 Designated root : 32768.0.0000ABCD0000 Designated bridge : 32768.0.
3 Configuring the Switch • MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.) Note that when the Path Cost Method is set to short (page 3-63), the maximum path cost is 65,535.
VLAN Configuration 3 VLAN Configuration Configuring IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks. This also provides a more secure and cleaner network environment. An IEEE 802.
3 Configuring the Switch Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. tagged frames VA VA VA: VLAN Aware VU: VLAN Unaware tagged frames VA untagged frames VA VU VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways.
VLAN Configuration 3 these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine security boundaries in the network and disable GVRP on the boundary ports to prevent advertisements from being propagated, or forbid those ports from joining restricted VLANs.
3 Configuring the Switch Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network. GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. (Default: Disabled) Web – Click VLAN, 802.
3 VLAN Configuration CLI – Enter the following command.
3 Configuring the Switch Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. • Name – Name of the VLAN (1 to 32 characters). • Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is operational. - Suspend: VLAN is suspended; i.e., does not pass packets. • Ports / Channel groups – Shows the VLAN interface members.
VLAN Configuration 3 Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add. Figure 3-73 VLAN Static List - Creating VLANs CLI – This example creates a new VLAN.
3 Configuring the Switch Command Attributes • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable: VLAN is operational. - Disable: VLAN is suspended; i.e., does not pass packets. • Port – Port identifier. • Trunk – Trunk identifier.
3 VLAN Configuration CLI – The following example adds tagged and untagged ports to VLAN 2.
3 Configuring the Switch Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network.
VLAN Configuration 3 Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-3000 centiseconds; Default: 60) • GARP LeaveAll Timer11 – The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group. This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group.
3 Configuring the Switch CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
3 VLAN Configuration Configuring Uplink and Downlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with any other ports on the switch and with any designated downlink ports. Web – Click VLAN, Private VLAN, Link Status. Mark the ports that will serve as uplinks and downlinks for the private VLAN, then click Apply.
3 Configuring the Switch Configuring Protocol Groups Create a protocol group for one or more protocols. Command Attributes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type used by this protocol. (Options: Ethernet, RFC_1042, SNAP_8021h, SNAP_other, LLC_other) • Protocol Type – The only option for the LLC_other frame type is IPX_raw. The options for all other frames types include: IP, ARP, RARP. Web – Click VLAN, Protocol VLAN, Configuration.
3 VLAN Configuration - If the frame is untagged and the protocol type matches, the frame is forwarded to the appropriate VLAN. - If the frame is untagged but the protocol type does not match, the frame is forwarded to the default VLAN for this interface. Command Attributes • Interface – Port or trunk identifier. • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • VLAN ID – VLAN to which matching protocol traffic is forwarded.
3 Configuring the Switch Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Class of Service Configuration 3 Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. Figure 3-81 Default Port Priority CLI – This example assigns a default priority of 5 to port 3.
3 Configuring the Switch Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service schedules based on strict or Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table.
3 Class of Service Configuration Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to output queues. Assign priorities to the traffic classes (i.e., output queues) for the selected interface, then click Apply. Figure 3-82 Traffic Classes CLI – The following example shows how to change the CoS assignments to a one-to-one mapping.
3 Configuring the Switch Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue. WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue.
3 Class of Service Configuration Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), enter a weight, then click Apply. Figure 3-84 Queue Scheduling CLI – The following example shows how to assign WRR weights to each of the priority queues.
3 Configuring the Switch Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet or the number of the TCP port.
Class of Service Configuration 3 Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).
3 Configuring the Switch CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings.
Class of Service Configuration 3 Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service Value field, then click Apply. Figure 3-87 IP DSCP Priority CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings.
3 Configuring the Switch Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110. Command Attributes • • • • • IP Port Priority Status – Enables or disables the IP port priority. Interface – Selects the port or trunk interface to which the settings apply.
3 Class of Service Configuration CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS value 0, and then displays the IP Port Priority settings. Console(config)#map ip port Console(config)#interface ethernet 1/1 Console(config-if)#map ip port 80 cos 0 Console(config-if)#end Console#show map ip port ethernet 1/5 TCP port mapping status: disabled 4-213 4-149 4-214 4-217 Port Port no.
3 Configuring the Switch Web – Click Priority, ACL CoS Priority. Select a port, select an ACL rule, specify a CoS priority, then click Add. Figure 3-90 ACL CoS Priority CLI – This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 1.
Class of Service Configuration 3 Command Attributes • Port – Port identifier. • • • • • Name16 – Name of ACL. Type – Type of ACL (IP or MAC). Precedence – IP Precedence value. (Range: 0-7) DSCP – Differentiated Services Code Point value. (Range: 0-63) 802.1p Priority – Class of Service value in the IEEE 802.1p priority tag. (Range: 0-7; 7 is the highest priority) Web – Click Priority, ACL Marker. Select a port and an ACL rule.
3 Configuring the Switch Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/ router.
Multicast Filtering 3 Based on the group membership information learned from IGMP, a router/switch can determine which (if any) multicast traffic needs to be forwarded to each of its ports. At Layer 3, multicast routers use this information, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. Note that IGMP neither alters nor routes IP multicast packets.
3 Configuring the Switch Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance.
3 Multicast Filtering Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) Figure 3-92 IGMP Configuration CLI – This example modifies the settings for multicast filtering, and then displays the current status.
3 Configuring the Switch Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.
Multicast Filtering 3 Specifying Static Interfaces for a Multicast Router Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/ switch connected over the network to an interface (port or trunk) on your switch, you can manually configure the interface (and a specified VLAN) to join all the current multicast groups supported by the attached router.
3 Configuring the Switch Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service. Command Attribute • VLAN ID – Selects the VLAN for which to display port members. • Multicast IP Address – The IP address for a specific multicast service. • Multicast Group Port List – Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service.
3 Multicast Filtering Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in “Configuring IGMP Snooping and Query Parameters” on page 3-154. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
3 Configuring the Switch Layer 3 IGMP (Query used with Multicast Routing) IGMP Snooping – IGMP Snooping is a Layer 2 function (page 3-154) that can be used to provide multicast filtering when no other switches in the network support multicast routing. (Note that IGMP Snooping can only be globally enabled.) IGMP Query – Multicast query is used to poll each known multicast group for active members, and dynamically configure the switch ports which need to forward multicast traffic.
Multicast Filtering 3 • Last Member Query Interval – A multicast client sends an IGMP leave message when it leaves a group. The router then checks to see if this was the last host in the group by sending an IGMP query and starting a timer based on this command. If no reports are received before the timer expires, the group is deleted. (Range: 0-25 seconds; Default: 1 second) - This value may be tuned to modify the leave latency of the network.
3 Configuring the Switch Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parameters for each interface, then click Apply. Figure 3-97 IGMP Interface Settings CLI – This example configures the IGMP parameters for VLAN 1.
Multicast Filtering 3 Displaying Multicast Group Information When IGMP (Layer 3) is enabled on this switch the current multicast groups learned via IGMP can be displayed in the IP/IGMP/Group Information page. When IGMP (Layer 3) is disabled and IGMP (Layer 2) is enabled, you can view the active multicast groups in the IGMP Snooping/IP Multicast Registration Table (see page 3-158).
3 Configuring the Switch Configuring Domain Name Service The Domain Naming System (DNS) service on this switch allows host names to be mapped to IP addresses using static table entries or by redirection to other name servers on the network. When a client device designates this switch as a DNS server, the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the switch, and waiting for a response.
Configuring Domain Name Service 3 Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name servers to use to use for address resolution, enable domain lookup status, and click Apply. Figure 3-99 DNS General Configuration CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specified, the default domain name is not used. Console(config)#ip domain-name sample.
3 Configuring the Switch Configuring Static DNS Host to Address Entries You can manually configure static entries in the DNS table that are used to map domain names to IP addresses. Command Usage • Static entries may be used for local devices connected directly to the attached network, or for commonly used resources located elsewhere on the network. • Servers or other network devices may support one or more connections via multiple IP addresses.
Configuring Domain Name Service 3 Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply. Figure 3-100 DNS Static Host Table CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses. Console(config)#ip host rd5 192.168.1.55 10.1.0.55 Console(config)#ip host rd6 10.1.0.55 Console#show host 4-141 4-146 Hostname rd5 Inet address 10.1.0.55 192.168.1.55 Alias 1.
3 Configuring the Switch Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers. Field Attributes • No – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefore unreliable. • Type – This field includes CNAME which specifies the canonical or primary name for the owner, and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry.
Dynamic Host Configuration Protocol 3 CLI - This example displays all the resource records learned from the designated name servers. Console#show dns cache NO FLAG TYPE 0 4 CNAME 1 4 CNAME 2 4 CNAME 3 4 CNAME 4 4 CNAME 5 4 ALIAS 6 4 CNAME 7 4 ALIAS 8 4 CNAME 9 4 ALIAS 10 4 CNAME Console# IP 207.46.134.222 207.46.134.190 207.46.134.155 207.46.249.222 207.46.249.27 POINTER TO:4 207.46.68.27 POINTER TO:6 65.54.131.192 POINTER TO:8 165.193.72.
3 Configuring the Switch Command Usage You must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP relay agent will not forward client requests to a DHCP server. Command Attributes • VLAN ID – ID of configured VLAN. • VLAN Name – Name of the VLAN. • Server IP Address – Addresses of DHCP servers to be used by the switch’s DHCP relay agent in order of preference. Web – Click DHCP, Relay Configuration.
Dynamic Host Configuration Protocol 3 Configuring the DHCP Server This switch includes a Dynamic Host Configuration Protocol (DHCP) server that can assign temporary IP addresses to any attached host requesting service. It can also provide other network settings such as the domain name, default gateway, Domain Name Servers (DNS), Windows Internet Naming Service (WINS) name servers, or information on the bootup file for the host device to download.
3 Configuring the Switch Web – Click DHCP, Server, General. Enter a single address or an address range, and click Add. Figure 3-103 DHCP Server General Configuration CLI – This example enables the DHCP and sets an excluded address range. Console(config)#service dhcp Console(config)#ip dhcp excluded-address 10.1.0.250 10.1.0.
Dynamic Host Configuration Protocol 3 Configuring Address Pools You must configure IP address pools for each IP interface that will provide addresses to attached clients via the DHCP server. Command Usage • First configure address pools for the network interfaces. Then you can manually bind an address to a specific client if required. However, note that any static host address must fall within the range of an existing network address pool.
3 Configuring the Switch • Client-Identifier – A unique designation for the client device, either a text string (1-15 characters) or hexadecimal value. Setting the Optional Parameters • Default Router – The IP address of the primary and alternate gateway router. The IP address of the router should be on the same subnet as the client. • DNS Server – The IP address of the primary and alternate DNS server. DNS servers must be configured for a DHCP client to map host names to IP addresses.
Dynamic Host Configuration Protocol 3 Configuring a Network Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Network.” Enter the IP address and subnet mask for the network pool. Configure the optional parameters such as gateway server and DNS server. Then click Apply. Figure 3-105 DHCP Server Pool - Network Configuration CLI – This example configures a network address pool.
3 Configuring the Switch Configuring a Host Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Host.” Enter the IP address, subnet mask, and hardware address for the client device. Configure the optional parameters such as gateway server and DNS server. Then click Apply. Figure 3-106 DHCP Server Pool - Host Configuration CLI – This example configures a host address pool.
3 Dynamic Host Configuration Protocol Displaying Address Bindings You can display the host devices which have acquired an IP address from this switch’s DHCP server. Command Attributes • • • • • IP Address – IP address assigned to host. Mac Address – MAC address of host. Lease time – Duration that this IP address can be used by the host. Start time – Time this address was assigned by the switch. Delete – Clears this binding to the host.
3 Configuring the Switch Configuring Router Redundancy Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load. The primary goal of router redundancy is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down.
Configuring Router Redundancy 3 • Several virtual master routers configured for mutual backup and load sharing. Load sharing can be accomplished by assigning a subset of addresses to different host address pools using the DHCP server. (See “Configuring Address Pools” on page 3-173.) Router 1 Router 2 VRID 23 (Master) IP(R1) = 192.168.1.3 IP(VR23) = 192.168.1.3 VR Priority = 255 VRID 23 (Backup) IP(R1) = 192.168.1.5 IP(VR23) = 192.168.1.3 VR Priority = 100 VRID 25 (Backup) IP(R1) = 192.168.1.
3 Configuring the Switch • VRRP creates a virtual MAC address for the master router based on a standard prefix, with the last octet equal to the group ID. When a backup router takes over as the master, it continues to forward traffic addressed to this virtual MAC address. However, the backup router cannot reply to ICMP pings sent to addresses associated with the virtual group because the IP address owner is off line.
Configuring Router Redundancy 3 Command Attributes (VRRP Group Configuration Detail) • Associated IP Table – IP interfaces associated with this virtual router group. • Associated IP – IP address of the virtual router, or secondary IP addresses assigned to the current VLAN interface that are supported by this VRRP group. If this address matches a real interface on this switch, then this interface will become the virtual master router for this VRRP group.
3 Configuring the Switch Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add.
Configuring Router Redundancy 3 Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real interface on this router to make it the master virtual router for the group. Otherwise, enter the virtual address for an existing group to make it a backup router. Click Add IP to enter an IP address into the Associated IP Table. Then set any of the other parameters as required, and click Apply.
3 Configuring the Switch CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary interface address for the selected VLAN to the virtual IP address. It then adds a secondary IP address to the VRRP group, sets all of the other VRRP parameters, and then displays the configured settings. Console(config)#interface vlan 1 Console(config-if)#vrrp 1 ip 192.168.1.6 Console(config-if)#vrrp 1 ip 192.168.2.
Configuring Router Redundancy 3 CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch. Console#show vrrp router counters VRRP Packets with Invalid Checksum : 0 VRRP Packets with Unknown Error : 0 VRRP Packets with Invalid VRID : 0 Console# 4-318 Displaying VRRP Group Statistics The VRRP Group Statistics page displays counters for VRRP protocol events and errors that have occurred on a specific VRRP interface.
3 Configuring the Switch Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group. Figure 3-111 VRRP Group Statistics CLI – This example displays VRRP protocol statistics for group 1, VLAN 1.
Configuring Router Redundancy 3 Command Usage Address Assignment – • The designated virtual IP address must be configured on at least one router in the virtual router group. If an IP address is not specified, the designated address is learned through the exchange of HSRP messages. Note that the designated address cannot be the same as a physical address. • The subnet mask for the physical interface on which the designated address is configured is used as the subnet mask of the designated address.
3 Configuring the Switch stops sending hello messages or sends other messages indicating that it is no longer acting as the designated router. • You can add a delay to the preempt function to give additional time to receive an advertisement message from the current master before taking control. If the router attempting to become the master has just come on line, this delay also gives it time to gather information for its routing table before actually preempting the currently active master router.
Configuring Router Redundancy 3 • Authentication String – Key used to authenticate HSRP packets received from other routers. (Range: 1-8 alphanumeric characters) - All routers in the same HSRP group must be configured with the same authentication string. When a HSRP packet is received from another router in the group, its authentication string is compared to the string configured on this router. If the strings match, the message is accepted. Otherwise, the packet is discarded.
3 Configuring the Switch Web – Click IP, HSRP, Group Configuration. Select the VLAN ID, enter the HSRP group number, and click Add.
Configuring Router Redundancy 3 Click the Edit button for a group entry to open the detailed configuration window. Set the values for the advertisement interval, preemption, priority, and authentication as required. Enter the virtual IP address for the group. You can also enter secondary IP addresses that will be supported by the group. Enter any IP interfaces for which the status should be tracked, and the corresponding value by which to adjust the priority when the interface state changes.
3 Configuring the Switch CLI – This example creates HSRP group 1, sets the virtual router’s address, adds a secondary IP address to the group, specifies an interface for tracking, sets all the other HSRP parameters, and then displays the configured settings. Console(config)#interface vlan 1 Console(config-if)#standby 1 ip 192.168.1.7 Console(config-if)#standby 1 ip 192.168.2.
IP Routing 3 IP Routing Overview This switch supports IP routing and routing path management via static routing definitions (page 3-211) and dynamic routing such as RIP (page 3-213) or OSPF (page 3-223). When IP routing is enabled (page 3-214), this switch acts as a wire-speed router, passing traffic between VLANs using different IP interfaces, and routing traffic to external IP networks. However, when the switch is first booted, no default routing is defined.
3 Configuring the Switch IP Switching IP Switching (or packet forwarding) encompasses tasks required to forward packets for both Layer 2 and Layer 3, as well as traditional routing.
IP Routing 3 the high throughput and low latency of switching by enabling the traffic to bypass the routing engine once the path calculation has been performed. Routing Path Management Routing Path Management involves the determination and updating of all the routing information required for packet forwarding, including: • Handling routing protocols • Updating the routing table • Updating the Layer 3 switching database Routing Protocols The switch supports both static and dynamic routing.
3 Configuring the Switch Basic IP Interface Configuration To allow routing between different IP subnets, you must enable IP Routing as described in this section. You also need to you define a VLAN for each IP subnet that will be connected directly to this switch. Note that you must first create a VLAN as described under “Creating VLANs” on page 3-128 before configuring the corresponding subnet.
IP Routing 3 Configuring IP Routing Interfaces You can specify the IP subnets connected to this router by manually assigning an IP address to each VLAN, or by using the RIP or OSPF dynamic routing protocol to identify routes that lead to other interfaces by exchanging protocol messages with other routers on the network.
3 Configuring the Switch Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnets. First specify a primary address, and click Set IP Configuration. If you need to assign secondary addresses, enter these addresses one at a time, and click Set IP Configuration after entering each address.
IP Routing 3 Address Resolution Protocol If IP routing is enabled (page 3-196), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next. ARP is used to map an IP address to a physical layer (i.e., MAC) address. When an IP frame is received by this router (or any standardsbased router), it first looks up the MAC address corresponding to the destination IP address in the ARP cache.
3 Configuring the Switch Basic ARP Configuration You can use the ARP General configuration menu to specify the timeout for ARP cache entries, or to enable Proxy ARP for specific VLAN interfaces. Command Usage • The aging time determines how long dynamic entries remain the cache. If the timeout is too short, the router may tie up resources by repeating ARP requests for addresses recently flushed from the table. • End stations that require Proxy ARP must view the entire network as a single network.
3 IP Routing Configuring Static ARP Addresses For devices that do not respond to ARP requests, traffic will be dropped because the IP address cannot be mapped to a physical address. If this occurs, you can manually map an IP address to the corresponding physical address in the ARP. Command Usage • You can define up to 128 static entries in the ARP cache. • Static entries will not be aged out or deleted when power is reset. You can only remove a static entry via the configuration interface.
3 Configuring the Switch Displaying Dynamically Learned ARP Entries The ARP cache contains entries that map IP addresses to the corresponding physical address. Most of these entries will be dynamically learned through replies to broadcast messages. You can display all of the dynamic entries in the ARP cache, change specific dynamic entries into static entries, or clear all dynamic entries from the cache. Command Attributes • IP Address – IP address of a dynamic entry in the cache.
IP Routing 3 CLI - This example shows all entries in the ARP cache. Console#show arp Arp cache timeout: 1200 (seconds) IP Address --------------10.1.0.0 10.1.0.11 10.1.0.12 10.1.0.19 10.1.0.253 10.1.0.
3 Configuring the Switch CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache. Console#show arp Arp cache timeout: 1200 (seconds) IP Address --------------10.1.0.0 10.1.0.11 10.1.0.12 10.1.0.19 10.1.0.253 10.1.0.
IP Routing 3 CLI - This example provides detailed statistics on common IP-related protocols.
3 Configuring the Switch Table 3-18 IP Statistics (Continued) Parameter Description Datagrams Forwarded The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. Reassembly Required The number of IP fragments received which needed to be reassembled at this entity.
IP Routing 3 Web - Click IP, Statistics, IP. Figure 3-121 IP Statistics CLI - See the example on page 3-204. ICMP Statistics Internet Control Message Protocol (ICMP) is a network layer protocol that transmits message packets to report errors in processing IP packets. ICMP is therefore an integral part of the Internet Protocol.
3 Configuring the Switch Table 3-19 ICMP Statistics (Continued) Parameter Description Timestamps The number of ICMP Timestamp (request) messages received/sent. Timestamp Replies The number of ICMP Timestamp Reply messages received/sent. Address Masks The number of ICMP Address Mask Request messages received/sent. Address Mask Replies The number of ICMP Address Mask Reply messages received/sent. Web - Click IP, Statistics, ICMP. Figure 3-122 ICMP Statistics CLI - See the example on page 3-204.
IP Routing 3 UDP Statistics User Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying transport mechanism, providing access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets. UDP is useful when TCP would be too complex, too slow, or just unnecessary.
3 Configuring the Switch TCP Statistics The Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, and is used in conjunction with IP to support a wide variety of Internet protocols. Table 3-21 TCP Statistics Parameter Description Segments Received The total number of segments received, including those received in error. This count includes segments received on currently established connections.
IP Routing 3 Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF). However, you can also manually enter static routes in the routing table. Static routes may be required to access network segments where dynamic routing is not supported, or can be set to force the use of a specific route to a subnet, rather than using dynamic routing.
3 Configuring the Switch Displaying the Routing Table You can display all the routes that can be accessed via the local network interfaces, via static routes, or via a dynamically learned route. If route information is available through more than one of these methods, the priority for route selection is local, static, and then dynamic. Also note that the route for a local interface is not enabled (i.e., listed in the routing table) unless there is at least one active link connected to that interface.
IP Routing 3 CLI - This example shows routes obtained from various methods. Console#show ip route 4-246 Ip Address Netmask Next Hop Protocol Metric Interface --------------- --------------- --------------- -------- ------ --------0.0.0.0 0.0.0.0 10.1.0.254 static 1 1 10.1.0.0 255.255.255.0 10.1.0.253 local 1 1 10.1.1.0 255.255.255.0 10.1.0.254 RIP 2 1 Total entries: 3 Console# Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol.
3 Configuring the Switch routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks. Moreover, RIP (version 1) wastes valuable network bandwidth by propagating routing information via broadcasts; it also considers too few network variables to make the best routing decision. Configuring General Protocol Settings RIP is used to specify how routers exchange routing information.
IP Routing 3 Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset interfaces to RIPv1 or RIPv2, set the basic update timer, and then click Apply. Figure 3-127 RIP General Settings CLI - This example sets the router to use RIP Version 2, and sets the basic timer to 15 seconds.
3 Configuring the Switch Specifying Network Interfaces for RIP You must specify network interfaces that will be included in the RIP routing process. Command Usage • RIP only sends updates to interfaces specified by this command. • Subnet addresses are interpreted as class A, B or C, based on the first field in the specified address. In other words, if a subnet address nnn.xxx.xxx.
IP Routing 3 Configuring Network Interfaces for RIP For each interface that participates in the RIP routing process, you must specify the protocol message type accepted (i.e., RIP version) and the message type sent (i.e., RIP version or compatibility mode), the method for preventing loopback of protocol messages, and whether or not authentication is used (i.e., authentication only applies if RIPv2 messages are being sent or received).
3 Configuring the Switch Protocol Message Authentication RIPv1 is not a secure protocol. Any device sending protocol messages from UDP port 520 will be considered a router by its neighbors. Malicious or unwanted protocol messages can be easily propagated throughout the network if no authentication is required. RIPv2 supports authentication via a simple password.
IP Routing 3 • Authentication Key – Specifies the key to use for authenticating RIPv2 packets. For authentication to function properly, both the sending and receiving interface must use the same password. (Range: 1-16 characters, case sensitive) Web - Click Routing Protocol, RIP, Interface Settings. Select the RIP protocol message types that will be received and sent, the method used to provide faster convergence and prevent loopback (i.e.
3 Configuring the Switch Displaying RIP Information and Statistics You can display basic information about the current global configuration settings for RIP, statistics about route changes and queries, information about the interfaces on this router that are using RIP, and information about known RIP peer devices. Table 3-22 RIP Information and Statistics Parameter Description Globals RIP Routing Process Indicates if RIP has been enabled or disabled.
IP Routing 3 Web - Click Routing Protocol, RIP, Statistics.
3 Configuring the Switch CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the following commands. Console#show rip globals 4-257 RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4 Number of Queries: 0 Console#show ip rip configuration 4-257 Interface SendMode ReceiveMode Poison Authentication --------------- --------------- ------------- -------------- -----------------10.1.0.
IP Routing 3 Configuring the Open Shortest Path First Protocol Open Shortest Path First (OSPF) is more suited for large area networks which experience frequent changes in the links. It also handles subnets much better than RIP. OSPF protocol actively tests the status of each link to its neighbors to generate a shortest path tree, and builds a routing table based on this information. OSPF then utilizes IP multicast to propagate routing information.
3 Configuring the Switch • OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of a point-to-multipoint interface which allows OSPF to run over non-broadcast networks, as well as support for overlapping area ranges. • When using OSPF, you must organize your network (i.e.
3 IP Routing • AS Boundary Router20 – Allows this router to exchange routing information with boundary routers in other autonomous systems to AS 2 AS 1 ASBR ASBR which it may be attached. If a router is enabled as an ASBR, then every other router in the autonomous system can learn about external routes from this device.
3 Configuring the Switch Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters as required, and click Apply. Figure 3-131 OSPF General Configuration CLI - This example configures the router with the same settings as shown in the screen capture for the web interface. Console(config)#router ospf Console(config-router)#router-id 10.1.1.
IP Routing 3 Configuring OSPF Areas An autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default, all other areas are created as normal transit areas. Routers in a normal area may import or export routing information about individual nodes. To reduce the amount of routing traffic flooded onto the network, you can configure an area to export a single summarized route that covers a broad range of network addresses within the area (page 3-230).
3 Configuring the Switch default external route for another routing domain 5 backbone 7 ABR NSSA ASBR Router default external route for local AS external network AS • Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned via OSPF, the default route, static routes, routes derived from other routing protocols such as RIP, or directly connected networks that are not running OSPF.
IP Routing 3 Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default summary route sent into a stub, and click Apply. Figure 3-132 OSPF Area Configuration CLI - This example configures area 0.0.0.1 as a normal area, area 0.0.0.2 as a stub, and area 0.0.0.3 as an NSSA. It also configures the router to propagate a default summary route into the stub and sets the cost for this default route to 10.
3 Configuring the Switch Console#show ip ospf Routing Process with ID 192.168.1.253 Supports only single TOS(TOS0) route Number of area in this router is 3 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 40 times Area 0.0.0.2 (STUB) Number of interfaces in this area is 1 SPF algorithm executed 8 times Area 0.0.0.
IP Routing 3 Web - Click Routing Protocol, OSPF, Area Range Configuration. Specify the area identifier, the base address and network mask, select whether or not to advertise the summary route to other areas, and then click Apply. Figure 3-133 OSPF Range Configuration CLI - This example summarizes all the routes for area 1. Note that the default for the area range command is to advertise the route summary. The configured summary route is shown in the list of information displayed for area 1.
3 Configuring the Switch Configuring OSPF Interfaces You should specify a routing interface for any local subnet that needs to communicate with other network segments located on this router or elsewhere in the network. First configure a VLAN for each subnet that will be directly connected to this router, assign IP interfaces to each VLAN (i.e.
IP Routing 3 - On slow links, the router may send packets more quickly than devices can receive them. To avoid this problem, you can use the transmit delay to force the router to wait a specified interval between transmissions. • Retransmit Interval – Sets the time between resending link-state advertisements. (Range: 1-65535 seconds; Default: 1) - A router will resend an LSA to a neighbor if it receives no acknowledgment.
3 Configuring the Switch - You can assign a unique password to each network (i.e., autonomous system) to improve the security of the routing database. However, the password must be used consistently on all neighboring routers throughout a network. • Message Digest Key-id – Assigns a key-id used in conjunction with the authentication key to verify the authenticity of routing protocol messages sent to neighboring routers.
3 IP Routing Change any of the interface-specific protocol parameters, and then click Apply. Figure 3-135 OSPF Interface Configuration - Detailed CLI - This example configures the interface parameters for VLAN 1.
3 Configuring the Switch Configuring Virtual Links All OSPF areas must connect to the backbone. If an area does not have a direct physical connection to the isolated backbone, you can configure a area virtual link that provides a logical path to the backbone. To connect an isolated area to the backbone, the ABR logical path can cross a single non-backbone area (i.e., transit area) virtual link to reach the backbone.
IP Routing 3 Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router ID, configure the link attributes, and click Add. To modify the settings for an existing link, click the Detail button for the required entry, modify the link settings, and click Set. Figure 3-136 OSPF Virtual Link Configuration CLI - This example configures a virtual link from the ABR adjacent to area 0.0.0.
3 Configuring the Switch Configuring Network Area Addresses OSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricted by area to limit their impact on network performance. A large network should be split up into separate OSPF areas to increase network stability, and to reduce protocol traffic by summarizing routing information into more compact messages.
IP Routing 3 Web - Click Routing Protocol, OSPF, Network Area Address Configuration. Configure a backbone area that is contiguous with all the other areas in your network, configure an area for all of the other OSPF interfaces, then click Apply.
3 Configuring the Switch CLI - This example configures the backbone area and one transit area. Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.0 Console(config-router)#network 10.1.1.0 255.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 8 times Area 0.0.0.
IP Routing 3 Configuring Summary Addresses (for External AS Routes) An Autonomous System Boundary Router (ASBR) can redistribute routes learned from other protocols into all attached autonomous systems. (See “Redistributing External Routes” on page 3-242) To reduce the amount of external LSAs imported into your local routing domain, you can configure the router to advertise an aggregate route that consolidates a broad range of external addresses.
3 Configuring the Switch CLI - This example This example creates a summary address for all routes contained in 192.168.x.x. Console(config-router)#summary-address 192.168.0.0 255.255.0.0 Console(config-router)# 4-265 Redistributing External Routes You can configure this router to import external routing information from other routing protocols into the autonomous system. Router ASBR OSPF AS RIP, or static routes Command Usage • This router supports redistribution for both RIP and static routes.
3 IP Routing Web - Click Routing Protocol, OSPF, Redistribute. Specify the protocol type to import, the metric type and path cost, then click Add. Figure 3-139 OSPF Redistribute Configuration CLI - This example redistributes routes learned from RIP as Type 1 external routes.
3 Configuring the Switch Note: This router supports up 16 areas, either normal transit areas, stubs, or NSSAs. Web - Click Routing Protocol, OSPF, NSSA Settings. Create a new NSSA or modify the routing behavior for an existing NSSA, and click Apply. Figure 3-140 OSPF NSSA Settings CLI - This example configures area 0.0.0.1 as a stub and sets the cost for the default summary route to 10. Console(config-router)#area 0.0.0.1 nssa default-information- originate Console(config-router)#area 0.0.0.
IP Routing 3 Displaying Link State Database Information OSPF routers advertise routes using Link State Advertisements (LSAs). The full collection of LSAs collected by a router interface from the attached area is known as a link state database. Routers that are connected to multiple interfaces will have a separate database for each area. Each router in the same area should have an identical database describing the topology for that area, and the shortest path to external destinations.
3 Configuring the Switch Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display, then click Query. Figure 3-141 OSPF Link State Database Information CLI - The CLI provides a wider selection of display options for viewing the Link State Database. See “show ip ospf database” on page 4-280.
IP Routing 3 Displaying Information on Border Routers You can display entries in the local routing table for Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR) known by this device. Field Attributes • • • • • • • Destination – Identifier for the destination router. Next Hop – IP address of the next hop toward the destination. Cost – Link metric for this route. Type – Router type of the destination; either ABR, ASBR or both.
3 Configuring the Switch Displaying Information on Neighbor Routers You can display about neighboring routers on each interface within an OSPF area. Field Attributes • ID – Neighbor’s router ID. • Priority – Neighbor’s router priority. • State – OSPF state and identification flag.
Multicast Routing 3 Multicast Routing This router can route multicast traffic to different subnetworks using either Distance Vector Multicast Routing Protocol (DVMRP) or Protocol-Independent Multicasting Dense Mode (PIM-DM). These protocols flood multicast traffic downstream, and calculate the shortest-path, source-rooted delivery tree between each source and destination host group.
3 Configuring the Switch Displaying the Multicast Routing Table You can display information on each multicast route this router has learned via DVMRP or PIM. The router learns multicast routes from neighboring routers, and also advertises these routes to its neighbors. The router stores entries for all paths learned by itself or from other routers, without considering actual group membership or prune messages.
Multicast Routing 3 Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry.
3 Configuring the Switch CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multicast source routed by DVMRP, and another source routed via PIM. Console#show ip mroute IP Multicast Forwarding is enabled. IP Multicast Routing Table Flags: P - Prune, F - Forwarding (234.5.6.7, 10.1.0.0, 255.255.255.0) Owner: DVMRP Upstream Interface: vlan2 Upstream Router: 10.1.0.0 Downstream: (234.5.6.8, 10.1.5.19, 255.255.255.
Multicast Routing 3 Configuring DVMRP The Distance-Vector Multicast Routing Protocol (DVMRP) behaves somewhat similarly to RIP. A router supporting DVMRP periodically floods its attached networks to pass information about supported multicast services along to new routers and hosts. Routers that receive a DVMRP packet send a copy out to all paths (except the path back to the origin).
3 Configuring the Switch Command Usage Broadcasting periodically floods the network with traffic from any active multicast server. If IGMP snooping is disabled, multicast traffic is flooded to all ports on the router. However, if IGMP snooping is enabled, then the first packet for any source group pair is flooded to all DVMRP downstream neighbors.
Multicast Routing • • • • 3 which this device has received probes, and is used to verify whether or not these neighbors are still active members of the multicast tree. (Range: 1-65535 seconds; Default: 10 seconds) Neighbor Timeout Interval – Sets the interval to wait for messages from a DVMRP neighbor before declaring it dead. This command is used for timing out routes, and for setting the children and leaf flags.
3 Configuring the Switch Web – Click Routing Protocol, DVMRP, General Settings. Enable or disable DVMRP. Set the global parameters that control neighbor timeout, the exchange of routing information, or the prune lifetime, and click Apply. Figure 3-146 DVMRP General Settings CLI – This sets the global parameters for DVMRP and displays the current settings.
Multicast Routing 3 DVMRP Interface Settings • VLAN – Selects a VLAN interface on this router. • Metric – Sets the metric for this interface used to calculate distance vectors. • Status – Enables or disables DVMRP. - If DVMRP is enabled on any interface, Layer 3 IGMP should also be enabled on the router (page 3-159). - If DVMRP is disabled, the interface cannot propagate IP multicast routing information.
3 Configuring the Switch Displaying Neighbor Information You can display all the neighboring DVMRP routers. Command Attributes • Neighbor Address – The IP address of the network device immediately upstream for this multicast delivery tree. • Interface – The IP interface on this router that connects to the upstream neighbor. • Up time – The time since this device last became a DVMRP neighbor to this router. • Expire – The time remaining before this entry will be aged out.
Multicast Routing 3 Displaying the Routing Table The router learns source-routed information from neighboring DVMRP routers and also advertises learned routes to its neighbors. The router merely records path information it has learned on its own or from other routers. It does not consider group membership or prune messages.
3 Configuring the Switch CLI – This example displays known DVMRP routes. Console#show ip dvmrp route 4-302 Source Mask Upstream_nbr Interface Metric UpTime Expire --------------- --------------- --------------- --------- ------ ------ -----10.1.0.0 255.255.255.0 10.1.0.253 vlan1 1 84438 0 10.1.1.0 255.255.255.0 10.1.1.253 vlan2 1 84987 0 10.1.8.0 255.255.255.0 10.1.0.
Multicast Routing 3 Web – Click Routing Protocol, PIM-DM, General Settings. Enable or disable PIM-DM globally for the router, and click Apply. Figure 3-150 PIM-DM General Settings CLI – This example enables PIM-DM globally and displays the current status.
3 Configuring the Switch • Trigger Hello Interval – Configures the maximum time before transmitting a triggered PIM hello message after the router is rebooted or PIM is enabled on an interface. (Range: 1-65535 seconds; Default: 5) - When a router first starts or PIM is enabled on an interface, the hello-interval is set to random value between 0 and the Trigger Hello Interval. This prevents synchronization of Hello messages on multi-access links if multiple routers are powered on simultaneously.
Multicast Routing 3 Web – Click Routing Protocol, PIM-DM, Interface Settings. Select a VLAN, enable or disable PIM-DM for the selected interface, modify any of the protocol parameters as required, and click Apply. Figure 3-151 PIM-DM Interface Settings CLI – This example sets the PIM-DM protocol parameters for VLAN 2, and displays the current settings.
3 Configuring the Switch Displaying Interface Information You can display a summary of the current interface status for PIM-DM, including the number of neighboring PIM routers, and the address of the designated PIM router. Command Attributes • • • • • Interface – A VLAN interface on this router. Address – The IP address for this interface. Mode – The PIM mode in use. (This router only supports Dense Mode at this time.) Neighbor Count – The number of PIM neighbors detected on this interface.
Multicast Routing 3 Web – Click Routing Protocol, PIM-DM, Neighbor Information. Figure 3-153 PIM-DM Neighbor Information CLI – This example displays the only neighboring PIM-DM router. Console#show ip pim neighbor Address VLAN Interface Uptime Expire Mode --------------- ---------------- -------- -------- ------10.1.0.
3 3-266 Configuring the Switch
Chapter 4: Command Line Interface This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands on a UNIX system.
4 Command Line Interface To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.
Entering Commands 4 Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
4 Command Line Interface Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, DHCP, Interface, Line, Router, VLAN Database, or MSTP). You can also display a list of valid keywords for a specific command.
Entering Commands 4 The command “show interfaces ?” will display the following information: Console#show interfaces ? counters Information of interfaces counters protocol-vlan Protocol-vlan information status Information of interfaces status switchport Information of interfaces switchport Console# Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.
4 Command Line Interface Understanding Command Modes The command set is divided into Exec and Configuration classes. Exec commands generally display information on system status or clear statistical counters. Configuration commands, on the other hand, modify interface parameters or enable certain switching functions. These classes are further divided into different modes. Available commands depend on the selected mode.
Entering Commands 4 Username: guest Password: [guest login password] CLI session with the switch is opened. To end the CLI session, enter [Exit]. Console#enable Password: [privileged level password] Console# Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted.
4 Command Line Interface To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode.
Entering Commands 4 Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?” character to display a list of possible matches.
4 Command Line Interface Command Groups The system commands can be broken down into the functional groups shown below.
4 Line Commands Table 4-4 Command Group Index (Continued) Command Group Description Multicast Routing Configures multicast routing protocols DVMRP and PIM-DM Page 4-291 Router Redundancy Configures router redundancy to create primary and backup routers 4-311 The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) PE (Privileged Exec) GC (Global Configuration) LC (Line Configuration) IC (Interface Configuration) VC (VLAN Database Configuration) MST (Multi
4 Command Line Interface line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line. Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty” in screen displays such as show users.
Line Commands 4 Command Usage • There are three authentication modes provided by the switch itself at login: - login selects authentication by a single global password as specified by the password line configuration command. When using this method, the management interface starts in Normal Exec (NE) mode. - login local selects authentication via the user name and password specified by the username command (i.e., default setting).
4 Command Line Interface number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state. • The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.
Line Commands 4 exec-timeout This command sets the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout [seconds] no exec-timeout seconds - Integer that specifies the number of seconds.
4 Command Line Interface Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down. • This command applies to both the local console and Telnet connections.
Line Commands 4 databits This command sets the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits • 7 - Seven data bits per character. • 8 - Eight data bits per character. Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity.
4 Command Line Interface Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. Example To specify no parity, enter this command: Console(config-line)#parity none Console(config-line)# speed This command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting.
Line Commands 4 Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits, enter this command: Console(config-line)#stopbits 2 Console(config-line)# disconnect This command terminates an SSH, Telnet, or console connection. Syntax disconnect session-id session-id – The session identifier for an SSH, Telnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection.
4 Command Line Interface Command Mode Normal Exec, Privileged Exec Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 65535 General Commands Table 4-6 General Commands Command Function Mode enable Activates privileged mode NE Page 4-21 disable Returns to normal mo
General Commands 4 enable This command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 4-6. Syntax enable [level] level - Privilege level to log into the device. The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. Enter level 15 to access Privileged Exec mode.
4 Command Line Interface Example Console#disable Console> Related Commands enable (4-21) configure This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration. See “Understanding Command Modes” on page 4-6.
General Commands 4 Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration m
4 Command Line Interface end This command returns to Privileged Exec mode. Default Setting None Command Mode Global Configuration, Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console# exit This command returns to the previous configuration mode or exits the configuration program.
System Management Commands 4 Example This example shows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username: System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information.
4 Command Line Interface prompt This command customizes the CLI prompt. Use the no form to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Console Command Mode Global Configuration Example Console(config)#prompt RD2 RD2(config)# hostname This command specifies or modifies the host name for this device. Use the no form to restore the default host name.
System Management Commands 4 User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 4-11), user authentication via a remote authentication server (page 4-70), and host access authentication for specific ports (page 4-79).
4 Command Line Interface Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example This example shows how the set the access level and password for a user.
4 System Management Commands Related Commands enable (4-21) IP Filter Commands Table 4-11 IP Filter Commands Command Function Mode Page management Configures IP addresses that are allowed management access GC 4-29 show management Displays the switch to be monitored or configured from a browser 4-30 PE management This command specifies the client IP addresses that are allowed management access to the switch through various protocols. Use the no form to restore the default setting.
4 Command Line Interface • You can delete an address range just by specifying the start address, or by specifying both the start address and end address. Example This example restricts management access to the indicated addresses. Console(config)#management all-client 192.168.1.19 Console(config)#management all-client 192.168.1.25 192.168.1.30 Console# show management This command displays the client IP addresses that are allowed management access to the switch through various protocols.
System Management Commands 4 Web Server Commands Table 4-12 Web Server Commands Command Function Mode ip http port Specifies the port to be used by the web browser interface GC Page 4-31 ip http server Allows the switch to be monitored or configured from a browser GC 4-31 ip http secure-server Enables HTTPS/SSL for encrypted communications GC 4-32 ip http secure-port Specifies the UDP port number for HTTPS/SSL GC 4-33 ip http port This command specifies the TCP port number used by the we
4 Command Line Interface Example Console(config)#ip http server Console(config)# Related Commands ip http port (4-31) ip http secure-server This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Use the no form to disable this function.
System Management Commands 4 Example Console(config)#ip http secure-server Console(config)# Related Commands ip http secure-port (4-33) copy tftp https-certificate (4-64) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’s web interface. Use the no form to restore the default port. Syntax ip http secure-port port_number no ip http secure-port port_number – The UDP port used for HTTPS/SSL.
4 Command Line Interface Telnet Server Commands Command Function Mode Page ip telnet port Specifies the port to be used by the Telnet interface GC 4-31 ip telnet server Allows the switch to be monitored or configured from Telnet GC 4-31 ip telnet port This command specifies the TCP port number used by the Telnet interface. Use the no form to use the default port. Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface.
System Management Commands 4 Related Commands ip telnet port (4-34) Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
4 Command Line Interface The SSH server on this switch supports both password and public key authentication. If password authentication is specified by the SSH client, then the password can be authenticated either locally or via a RADIUS or TACACS+ remote authentication server, as specified by the authentication login command on page 4-70.
System Management Commands 4 corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this process: a. b. c. d. e. The client sends its public key to the switch. The switch compares the client's public key to those stored in memory. If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the client.
4 Command Line Interface ip ssh timeout This command configures the timeout for the SSH server. Use the no form to restore the default setting. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation. (Range: 1-120) Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase.
System Management Commands 4 Example Console(config)#ip ssh authentication-retires 2 Console(config)# Related Commands show ip ssh (4-41) ip ssh server-key size This command sets the SSH server key size. Use the no form to restore the default setting. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server key.
4 Command Line Interface Example Console#delete public-key admin dsa Console# ip ssh crypto host-key generate This command generates the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [dsa | rsa] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) key type. Default Setting Generates both the DSA and RSA key pairs. Command Mode Privileged Exec Command Usage • This command stores the host key pair in memory (i.e., RAM).
System Management Commands 4 Command Mode Privileged Exec Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to clear the host key from flash memory. • The SSH server must be disabled before you can execute this command.
4 Command Line Interface Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentication retries: 3 Server key size: 768 bits Console# show ssh This command displays the current SSH server connections. Command Mode Privileged Exec Example Console#show ssh Connection Version State 0 2.
System Management Commands 4 show public-key This command shows the public key for the specified user or for the host. Syntax show public-key [user [username]| host] username – Name of an SSH user. (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage • If no parameters are entered, all keys are displayed. If the user keyword is entered, but no user name is specified, then the public keys for all users are displayed.
4 Command Line Interface Event Logging Commands Table 4-16 Event Logging Commands Command Function Mode logging on Controls logging of error messages GC Page 4-44 logging history Limits syslog messages saved to switch memory based on severity GC 4-45 logging host Adds a syslog server host IP address that will receive logging messages GC 4-46 logging facility Sets the facility type for remote logging of syslog messages GC 4-46 logging trap Limits syslog messages saved to a remote server
System Management Commands 4 logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). • level - One of the levels listed below.
4 Command Line Interface logging host This command adds a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax [no] logging host host_ip_address host_ip_address - The IP address of a syslog server. Default Setting None Command Mode Global Configuration Command Usage • By using this command more than once you can build up a list of host IP addresses. • The maximum number of host IP addresses allowed is five.
System Management Commands 4 logging trap This command enables the logging of system messages to a remote server, or limits the syslog messages saved to a remote server based on severity. Use this command without a specified level to enable remote logging. Use the no form to disable remote logging. Syntax logging trap [level] no logging trap level - One of the level arguments listed below. Messages sent include the selected level up through level 0. (Refer to the table on page 4-45.
4 Command Line Interface Related Commands show logging (4-48) show logging This command displays the logging configuration, along with any system and event messages stored in memory. Syntax show logging {flash | ram | sendmail | trap} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). • sendmail - Displays settings for the SMTP event handler (page 4-52).
4 System Management Commands The following example displays settings for the trap function. Console#show logging trap Syslog logging: Enable REMOTELOG status: disable REMOTELOG facility type: local use 7 REMOTELOG level type: Debugging messages REMOTELOG server IP address: 1.2.3.4 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.
4 Command Line Interface logging sendmail host This command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMTP server. Syntax [no] logging sendmail host ip_address ip_address - IP address of an SMTP server that will be sent alert messages for event handling. Default Setting None Command Mode Global Configuration Command Usage • You can specify up to three SMTP servers for event handing. However, you must enter a separate command to specify each server.
System Management Commands 4 Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to the configured email recipients. (For example, using Level 7 will report all events from level 7 to level 0.) Example This example will send email alerts for system errors from level 3 through 0. Console(config)#logging sendmail level 3 Console(config)# logging sendmail source-email This command sets the email address used for the “From” field in alert messages.
4 Command Line Interface Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify each recipient. Example Console(config)#logging sendmail destination-email ted@this-company.com Console(config)# logging sendmail This command enables SMTP event handling. Use the no form to disable this function.
System Management Commands 4 Time Commands The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. If the clock is not set, the switch will only record the time from the factory default set at the last bootup.
4 Command Line Interface Example Console(config)#sntp server 10.1.0.19 Console(config)#sntp poll 60 Console(config)#sntp client Console(config)#end Console#show sntp Current time: Dec 23 02:52:44 2002 Poll interval: 60 Current mode: unicast SNTP status : Enabled SNTP server 137.92.140.80 0.0.0.0 0.0.0.0 Current server: 137.92.140.
System Management Commands 4 Related Commands sntp client (4-53) sntp poll (4-55) show sntp (4-55) sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
4 Command Line Interface Example Console#show sntp Current time: Dec 23 05:13:28 2002 Poll interval: 16 Current mode: unicast SNTP status : Enabled SNTP server 137.92.140.80 0.0.0.0 0.0.0.0 Current server: 137.92.140.80 Console# clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} • • • • • name - Name of timezone, usually an acronym. (Range: 1-29 characters) hours - Number of hours before/after UTC.
System Management Commands 4 calendar set This command sets the system clock. It may be used if there is no time server on your network, or if you have not configured the switch to receive signals from a time server. Syntax calendar set hour min sec {day month year | month day year} • • • • • hour - Hour in 24-hour format. (Range: 0 - 23) min - Minute. (Range: 0 - 59) sec - Second. (Range: 0 - 59) day - Day of month.
4 Command Line Interface System Status Commands Table 4-22 System Status Commands Command Function Mode show startup-config Displays the contents of the configuration file (stored in flash memory) that is used to start up the system PE Page 4-58 show running-config Displays the configuration data currently in use PE 4-59 show system Displays system information NE, PE 4-61 show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet clien
System Management Commands 4 Example Console#show startup-config building startup-config, please wait.....
4 Command Line Interface - VLAN database (VLAN ID, name and state) VLAN configuration settings for each interface Multiple spanning tree instances (name and interfaces) IP address configured for VLANs Routing protocol configuration settings Spanning tree settings Any configured settings for the console port and Telnet Example Console#show running-config building running-config, please wait..... ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.
System Management Commands 4 show system This command displays system information. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage • For a description of the items shown by this command, refer to “Displaying System Information” on page 3-11. • The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance.
4 Command Line Interface show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number.
System Management Commands 4 Example Console#show version Unit1 Serial number Hardware version Number of ports Main power status Redundant power status : : : : : A322043872 R01 12 up down Agent (master) Unit ID Loader version Boot ROM version Operation code version : : : : 1 2.1.0.0 2.0.2.1 1.0.2.
4 Command Line Interface • Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second. (See the switchport broadcast command on page 4-155.) Example Console(config)#jumbo frame Console(config)# Flash/File Commands These commands are used to manage the system code or configuration files.
Flash/File Commands 4 Default Setting None Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.
4 Command Line Interface The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name: startup Write to FLASH Programming. \Write to FLASH finish. Success. Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01 Startup configuration file name [startup]: Write to FLASH Programming.
Flash/File Commands 4 delete This command deletes a file or image. Syntax delete filename filename - Name of the configuration file or image name. Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cfg” cannot be deleted. Example This example shows how to delete the test2.cfg configuration file from flash memory. Console#delete test2.
4 Command Line Interface Command Usage • If you enter the command dir without any parameters, the system displays all files. • File information is shown below: Table 4-25 File Directory Information Column Heading Description file name The name of the file. file type File types: Boot-Rom, Operation Code, and Config file. startup Shows if this file is used when the system is started. size The length of the file in bytes.
Flash/File Commands 4 boot system This command specifies the file or image used to start up the system. Syntax boot system {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: • boot-rom - Boot ROM. • config - Configuration file. • opcode - Run-time operation code. The colon (:) is required. filename - Name of the configuration file or image name.
4 Command Line Interface Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x.
Authentication Commands 4 • RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server. • You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if you enter “authentication login radius tacacs local,” the user name and password on the RADIUS server is verified first.
4 Command Line Interface authentication is attempted on the TACACS+ server. If the TACACS+ server is not available, the local user name and password is checked.
Authentication Commands 4 radius-server port This command sets the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting 1812 Command Mode Global Configuration Example Console(config)#radius-server port 181 Console(config)# radius-server key This command sets the RADIUS encryption key. Use the no form to restore the default.
4 Command Line Interface radius-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server.
Authentication Commands 4 Example Console#show radius-server Server IP address: 10.1.0.1 Communication key with radius server: Server port number: 1812 Retransmit times: 2 Request timeout: 5 Console# TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network.
4 Command Line Interface tacacs-server port This command specifies the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages. (Range: 1-65535) Default Setting 49 Command Mode Global Configuration Example Console(config)#tacacs-server port 181 Console(config)# tacacs-server key This command sets the TACACS+ encryption key. Use the no form to restore the default.
Authentication Commands 4 show tacacs-server This command displays the current settings for the TACACS+ server. Default Setting None Command Mode Privileged Exec Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with TACACS server: green Server port number: 49 Console# Port Security Commands These commands can be used to enable port security on a port.
4 Command Line Interface port security This command enables or configures port security. Use the no form without any keywords to disable port security. Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses.
Authentication Commands 4 Example The following example enables port security for port 5, and sets the response to a security violation to issue a trap message: Console(config)#interface ethernet 1/5 Console(config-if)#port security action trap Related Commands shutdown (4-154) mac-address-table static (4-166) show mac-address-table (4-167) 802.1x Port Authentication The switch supports IEEE 802.
4 Command Line Interface authentication dot1x default This command sets the default authentication server type. Use the no form to restore the default. Syntax authentication dot1x default radius no authentication dot1x Default Setting RADIUS Command Mode Global Configuration Example Console(config)#authentication dot1x default radius Console(config)# dot1x default This command sets all configurable dot1x global and port settings to their default values.
Authentication Commands 4 Command Mode Global Configuration Example Console(config)#dot1x max-req 2 Console(config)# dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control • auto – Requires a dot1x-aware connected client to be authorized by the RADIUS server. Clients that are not dot1x-aware will be denied access.
4 Command Line Interface dot1x operation-mode This command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the no form with no keywords to restore the default to single host. Use the no form with the multi-host max-count keywords to restore the default maximum count. Syntax dot1x operation-mode {single-host | multi-host [max-count count]} no dot1x operation-mode [multi-host max-count] • single-host – Allows only a single host to connect to this port.
Authentication Commands 4 Command Mode Privileged Exec Example Console#dot1x re-authenticate Console# dot1x re-authentication This command enables periodic re-authentication globally for all ports. Use the no form to disable re-authentication.
4 Command Line Interface dot1x timeout re-authperiod This command sets the time period after which a connected client must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod seconds - The number of seconds.
Authentication Commands 4 show dot1x This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] • statistics - Displays dot1x status for each port. • interface • ethernet unit/port - unit - This is device 1. - port - Port number. Command Mode Privileged Exec Command Usage This command displays the following information: • Global 802.
4 Command Line Interface • Backend State Machine - State – Current state (including request, response, success, fail, timeout, idle, initialize). - Request Count – Number of EAP Request packets sent to the Supplicant without receiving a response. - Identifier(Server) – Identifier carried in the most recent EAP Success, Failure or Request packet received from the Authentication Server. • Reauthentication State Machine - State – Current state (including initialize, reauthenticate).
Access Control List Commands 4 Access Control List Commands Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter packets, first create an access list, add the required rules, specify a mask to modify the precedence in which the rules are checked, and then bind the list to a specific port.
4 Command Line Interface The order in which active ACLs are checked is as follows: 1. User-defined rules in the Egress MAC ACL for egress ports. 2. User-defined rules in the Egress IP ACL for egress ports. 3. User-defined rules in the Ingress MAC ACL for ingress ports. 4. User-defined rules in the Ingress IP ACL for ingress ports. 5. Explicit default rule (permit any any) in the ingress IP ACL for ingress ports. 6. Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports. 7.
Access Control List Commands 4 Table 4-33 IP ACL Commands (Continued) Command Function Mode Page show map access-list ip Shows CoS value mapped to an access list for an interface PE 4-100 match access-list ip Changes the 802.1p priority, IP Precedence, or DSCP IC Priority of a frame matching the defined rule (i.e.
4 Command Line Interface permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source. Use the no form to remove a rule. Syntax [no] {permit | deny} {any | source bitmask | host source} • • • • any – Any source IP address. source – Source IP address. bitmask – Decimal number representing the address bits to match. host – Keyword followed by a specific IP address.
Access Control List Commands 4 permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule.
4 Command Line Interface Command Usage • All new rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the specified source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL has been assigned.
Access Control List Commands 4 Related Commands access-list ip (4-89) show ip access-list This command displays the rules for configured IP ACLs. Syntax show ip access-list {standard | extended} [acl_name] • standard – Specifies a standard IP ACL. • extended – Specifies an extended IP ACL. • acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example Console#show ip access-list standard IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 0.0.15.
4 Command Line Interface Command Usage • A mask can only be used by all ingress ACLs or all egress ACLs. • The precedence of the ACL rules applied to a packet is not determined by order of the rules, but instead by the order of the masks; i.e., the first mask that matches a rule will determine the rule that is applied to a packet. • You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule.
Access Control List Commands 4 Command Mode IP Mask Command Usage • Packets crossing a port are checked against all the rules in the ACL until a match is found. The order in which these packets are checked is determined by the mask, and not the order in which the ACL rules were entered. • First create the required ACLs and ingress or egress masks before mapping an ACL to an interface. • If you enter dscp, you cannot enter tos or precedence. You can enter both tos and precedence without dscp.
4 Command Line Interface This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others. Console(config)#access-list ip standard A2 Console(config-std-acl)#permit any Console(config-std-acl)#deny host 171.69.198.102 Console(config-std-acl)#end Console#show access-list IP standard access-list A2: deny host 171.69.198.
Access Control List Commands 4 This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets. It then sets the ingress mask to check the deny rule first, and finally binds port 1 to this ACL. Note that once the ACL is bound to an interface (i.e., the ACL is active), the order in which the rules are displayed is determined by the associated mask.
4 Command Line Interface Related Commands mask (IP ACL) (4-94) ip access-group This command binds a port to an IP ACL. Use the no form to remove the port. Syntax [no] ip access-group acl_name {in | out} • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that this list applies to ingress packets. • out – Indicates that this list applies to egress packets. Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage • A port can only be bound to one ACL.
Access Control List Commands 4 Related Commands ip access-group (4-98) map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself. Use the no form to remove the CoS mapping. Syntax [no] map access-list ip acl_name cos cos-value • acl_name – Name of the ACL. (Maximum length: 16 characters) • cos-value – CoS value.
4 Command Line Interface show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) Syntax show map access-list ip [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Access Control List Commands 4 Command Usage • You must configure an ACL mask before you can change frame priorities based on an ACL rule. • Traffic priorities may be included in the IEEE 802.1p priority tag. This tag is also incorporated as part of the overall IEEE 802.1Q VLAN tag. To specify this priority, use the set priority keywords. • The IP frame header also includes priority bits in the Type of Service (ToS) octet.
4 Command Line Interface MAC ACLs Table 4-35 MAC ACL Commands Command Function Mode Page access-list mac Creates a MAC ACL and enters configuration mode GC 4-102 permit, deny Filters packets matching a specified source and destination address, packet format, and Ethernet type MAC-ACL 4-103 show mac access-list Displays the rules for configured MAC ACLs PE 4-104 access-list mac mask-precedence Changes to the mode for configuring access control masks GC 4-105 mask Sets a precedence mask
Access Control List Commands 4 Example Console(config)#access-list mac jerry Console(config-mac-acl)# Related Commands permit, deny 4-103 mac access-group (4-108) show mac access-list (4-104) permit, deny (MAC ACL) This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source or destination address (i.e., physical layer address), or Ethernet protocol type. Use the no form to remove a rule.
4 Command Line Interface • • • • • • destination – Destination MAC address range with bitmask. address-bitmask25 – Bitmask for MAC address (in hexidecimal format). vid – VLAN ID. (Range: 1-4095) vid-bitmask25 – VLAN bitmask. (Range: 1-4095) protocol – A specific Ethernet protocol number. (Range: 600-fff hex.) protocol-bitmask25 – Protocol bitmask. (Range: 600-fff hex.) Default Setting None Command Mode MAC ACL Command Usage • New rules are added to the end of the list.
Access Control List Commands 4 Example Console#show mac access-list MAC access-list jerry: permit any 00-e0-29-94-34-de ethertype 0800 Console# Related Commands permit, deny 4-103 mac access-group (4-108) access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no form to delete the mask table. Syntax [no] access-list ip mask-precedence {in | out} • in – Ingress mask for ingress ACLs. • out – Egress mask for egress ACLs.
4 Command Line Interface mask (MAC ACL) This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use the no form to remove a mask. Syntax [no] mask [pktformat] {any | host | source-bitmask} {any | host | destination-bitmask} [vid [vid-bitmask]] [ethertype [ethertype-bitmask]] • pktformat – Check the packet format field. (If this keyword must be used in the mask, the packet format must be specified in ACL rule to match.) • any – Any address will be matched.
Access Control List Commands 4 Example This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask.
4 Command Line Interface show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs. Syntax show access-list mac mask-precedence [in | out] • in – Ingress mask precedence for ingress ACLs. • out – Egress mask precedence for egress ACLs.
Access Control List Commands 4 Related Commands show mac access-list (4-104) show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Console#show mac access-group Interface ethernet 1/5 MAC access-list M5 out Console# Related Commands mac access-group (4-108) map access-list mac This command sets the output queue for packets matching an ACL rule.
4 Command Line Interface Example Console(config)#int eth 1/5 Console(config-if)#map access-list mac M5 cos 0 Console(config-if)# Related Commands queue cos-map (4-210) show map access-list mac (4-110) show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) Syntax show map access-list mac [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
4 Access Control List Commands match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching the defined ACL rule. (This feature is commonly referred to as ACL packet marking.) Use the no form to remove the ACL marker. Syntax match access-list mac acl_name set priority priority no match access-list mac acl_name • acl_name – Name of the ACL. (Maximum length: 16 characters) • priority – Class of Service value in the IEEE 802.1p priority tag.
4 Command Line Interface ACL Information Table 4-37 ACL Information Commands Command Function Mode Page show access-list Show all ACLs and associated rules PE 4-112 show access-group Shows the ACLs assigned to each port PE 4-112 show access-list This command shows all ACLs and associated rules, as well as all the user-defined masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interface (i.e.
SNMP Commands 4 SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption; as well as controlling user access to specific areas of the MIB tree.
4 Command Line Interface Command Mode Global Configuration Example Console(config)#snmp-server Console(config)# show snmp This command can be used to check the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
SNMP Commands 4 snmp-server community This command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified community string. Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 32 characters, case sensitive; Maximum number of strings: 5) • ro - Specifies read-only access.
4 Command Line Interface Related Commands snmp-server location (4-116) snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text - String that describes the system location.
SNMP Commands 4 snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host host-addr community-string [version {1 | 2c | 3 {auth | noauth | priv}} [udp-port port]] no snmp-server host host-addr • host-addr - Internet address of the host (the targeted recipient).
4 Command Line Interface supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notifications. • If you specify an SNMP Version 3 host, then the community string is interpreted as an SNMP user name. If you use the V3 “auth” or “priv” options, the user name must first be defined with the snmp-server user command.
SNMP Commands 4 Related Commands snmp-server host (4-117) snmp-server engine-id This command configures an identification string for the SNMPv3 engine. Use the no form to restore the default. Syntax snmp-server engine-id local engineid-string no snmp-server engine-id local engineid-string - String identifying the engine ID. (Range: 1-26 hexadecimal characters) Default Setting A unique engine ID is automatically generated by the switch based on its MAC address.
4 Command Line Interface Table 4-39 show snmp engine-id - display description Field Description Local SNMP engineID String identifying the engine ID. Local SNMP engineBoots The number of times that the engine has (re-)initialized since the snmp EngineID was last configured. snmp-server view This command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.
SNMP Commands 4 show snmp view This command shows information on the SNMP views. Command Mode Privileged Exec Example Console#show snmp view View Name: mib-2 Subtree OID: 1.2.2.3.6.2.1 View Type: included Storage Type: permanent Row Status: active View Name: defaultview Subtree OID: 1 View Type: included Storage Type: permanent Row Status: active Console# Table 4-40 show snmp view - display description Field Description View Name Name of an SNMP view. Subtree OID A branch in the MIB tree.
4 Command Line Interface Default Setting Default groups: public26 (read only), private27 (read/write) readview - Every object belonging to the Internet OID space (1.3.6.1). writeview - Nothing is defined. Command Mode Global Configuration Command Usage • A group sets the access policy for the assigned users. • When authentication is selected, the MD5 or SHA algorithm is used as specified in the snmp-server user command. • When privacy is selected, the DES 56-bit algorithm is used for data encryption.
SNMP Commands 4 show snmp group Four default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access and read/write access.
4 Command Line Interface Table 4-41 show snmp group - display description Field Description groupname Name of an SNMP group. security model The SNMP version. readview The associated read view. writeview The associated write view. notifyview The associated notify view. storage-type The storage type for this entry. Row Status The row status of this entry. snmp-server user This command adds a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View.
SNMP Commands 4 Example Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv des56 einstien Console(config)# show snmp user This command shows information on SNMP users.
4 Command Line Interface Command Usage • You can create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch via SNMP management software. • Address bitmasks are similar to a subnet mask, containing four decimal integers from 0 to 255, each separated by a period. The binary mask uses “1” bits to indicate “match” and “0” bits to indicate “ignore.” • If the IP is the address of a single management station, the bitmask should be set to 255.255.255.255.
DHCP Commands 4 ip dhcp client-identifier This command specifies the DCHP client identifier for the current interface. Use the no form to remove this identifier. Syntax ip dhcp client-identifier {text text | hex hex} no ip dhcp client-identifier • text - A text string. (Range: 1-15 characters) • hex - The hexadecimal value. Default Setting None Command Mode Interface Configuration (VLAN) Command Usage This command is used to include a client identifier in all communications with the DHCP server.
4 Command Line Interface Example In the following example, the device is reassigned the same address. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart client Console#show ip interface Vlan 1 is up, addressing mode is DHCP Interface address is 192.168.1.54, mask is 255.255.255.
DHCP Commands 4 Example In the following example, the device is reassigned the same address. Console(config)#interface vlan 1 Console(config-if)#ip dhcp relay Console(config-if)#end Console#show ip interface Vlan 1 is up, addressing mode is Dhcp Interface address is 10.1.0.254, mask is 255.255.255.
4 Command Line Interface DHCP Server Table 4-46 DHCP Server Commands Command Function Mode Page service dhcp Enables the DHCP server feature on this switch GC 4-130 ip dhcp excluded-address Specifies IP addresses that a DHCP server should not assign to GC DHCP clients 4-131 ip dhcp pool Configures a DHCP address pool on a DHCP Server GC 4-131 network Configures the subnet number and mask for a DHCP address pool DC 4-132 default-router Specifies the default router list for a DHCP client
DHCP Commands 4 Example Console(config)#service dhcp Console(config)# ip dhcp excluded-address This command specifies IP addresses that the DHCP server should not assign to DHCP clients. Use the no form to remove the excluded IP addresses. Syntax [no] ip dhcp excluded-address low-address [high-address] • low-address - An excluded IP address, or the first IP address in an excluded address range. • high-address - The last IP address in an excluded address range.
4 Command Line Interface host command must fall within the range of a configured network address pool. Example Console(config)#ip dhcp pool R&D Console(config-dhcp)# Related Commands network (4-132) host (4-137) network This command configures the subnet number and mask for a DHCP address pool. Use the no form to remove the subnet number and mask. Syntax network network-number [mask] no network • network-number - The IP address of the DHCP address pool.
DHCP Commands 4 default-router This command specifies default routers for a DHCP pool. Use the no form to remove the default routers. Syntax default-router address1 [address2] no default-router • address1 - Specifies the IP address of the primary router. • address2 - Specifies the IP address of an alternate router. Default Setting None Command Mode DHCP Pool Configuration Usage Guidelines The IP address of the router should be on the same subnet as the client. You can specify up to two routers.
4 Command Line Interface dns-server This command specifies the Domain Name System (DNS) IP servers available to a DHCP client. Use the no form to remove the DNS server list. Syntax dns-server address1 [address2] no dns-server • address1 - Specifies the IP address of the primary DNS server. • address2 - Specifies the IP address of the alternate DNS server.
DHCP Commands 4 bootfile This command specifies the name of the default boot image for a DHCP client. This file should placed on the Trivial File Transfer Protocol (TFTP) server specified with the next-server command. Use the no form to delete the boot image name. Syntax bootfile filename no bootfile filename - Name of the file that is used as a default boot image. Default Setting None Command Mode DHCP Pool Configuration Example Console(config-dhcp)#bootfile wme.
4 Command Line Interface Related Commands netbios-node-type (4-136) netbios-node-type This command configures the NetBIOS node type for Microsoft DHCP clients. Use the no form to remove the NetBIOS node type.
DHCP Commands 4 Default Setting One day Command Modes DHCP Pool Configuration Example The following example leases an address to clients using this pool for 7 days. Console(config-dhcp)#lease 7 Console(config-dhcp)# host Use this command to specify the IP address and network mask to manually bind to a DHCP client. Use the no form to remove the IP address for the client. Syntax host address [mask] no host • address - Specifies the IP address of a client. • mask - Specifies the network mask of the client.
4 Command Line Interface • The no host command only clears the address from the DHCP server database. It does not cancel the IP address currently in use by the host. Example Console(config-dhcp)#host 10.1.0.21 255.255.255.0 Console(config-dhcp)# Related Commands client-identifier (4-138) hardware-address (4-139) client-identifier This command specifies the client identifier of a DHCP client. Use the no form to remove the client identifier.
DHCP Commands 4 hardware-address This command specifies the hardware address of a DHCP client. This command is valid for manual bindings only. Use the no form to remove the hardware address. Syntax hardware-address hardware-address type no hardware-address • hardware-address - Specifies the MAC address of the client device. • type - Indicates the following protocol used on the client device: - ethernet - ieee802 - fddi Default Setting If no type is specified, the default protocol is Ethernet.
4 Command Line Interface Usage Guidelines • An address specifies the client’s IP address. If an asterisk (*) is used as the address parameter, the DHCP server clears all automatic bindings. • Use the no host command to delete a manual binding. • This command is normally used after modifying the address pool, or after moving DHCP service to another device. Example.
DNS Commands 4 DNS Commands These commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS domain name to IP address mapping table, configure default domain names, or specify one or more name servers to use for domain name to address translation. Note that domain name services will not be enabled until at least one name server is specified with the ip name-server command and domain lookup is enabled with the ip domain-lookup command.
4 Command Line Interface Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP address is associated with a host name using this command, a DNS client can try each address in succession, until it establishes a connection with the target device. Example This example maps two address to a host name. Console(config)#ip host rd5 192.168.1.55 10.1.0.55 Console(config)#end Console#show hosts Hostname rd5 Inet address 10.1.0.55 192.168.
DNS Commands 4 Default Setting None Command Mode Global Configuration Example Console(config)#ip domain-name sample.com Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: Name Server List: Console# Related Commands ip domain-list (4-143) ip name-server (4-144) ip domain-lookup (4-145) ip domain-list This command defines a list of domain names that can be appended to incomplete host names (i.e.
4 Command Line Interface Example This example adds two domain names to the current list and then displays the list. Console(config)#ip domain-list sample.com.jp Console(config)#ip domain-list sample.com.uk Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.
DNS Commands 4 Example This example adds two domain-name servers to the list and then displays the list. Console(config)#ip domain-server 192.168.1.55 10.1.0.55 Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# Related Commands ip domain-name (4-142) ip domain-lookup (4-145) ip domain-lookup This command enables DNS host name-to-address translation.
4 Command Line Interface Example This example enables DNS and then displays the configuration. Console(config)#ip domain-lookup Console(config)#end Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# Related Commands ip domain-name (4-142) ip name-server (4-144) show hosts This command displays the static host name-to-address mapping table.
4 DNS Commands show dns This command displays the configuration of the DNS server. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.jp sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# show dns cache This command displays entries in the DNS cache.
4 Command Line Interface clear dns cache This command clears all entries in the DNS cache.
4 Interface Commands Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN.
4 Command Line Interface Command Mode Global Configuration Example To specify port 4, enter the following command: Console(config)#interface ethernet 1/4 Console(config-if)# description This command adds a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface.
Interface Commands 4 Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex setting is 1000full for Gigabit Ethernet ports. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation command to disable auto-negotiation on the selected interface.
4 Command Line Interface • If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports. Example The following example configures port 11 to use autonegotiation. Console(config)#interface ethernet 1/11 Console(config-if)#negotiation Console(config-if)# Related Commands capabilities (4-152) speed-duplex (4-150) capabilities This command advertises the port capabilities of a given interface during autonegotiation.
Interface Commands 4 Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control. Console(config)#interface ethernet 1/5 Console(config-if)#capabilities 100half Console(config-if)#capabilities 100full Console(config-if)#capabilities flowcontrol Console(config-if)# Related Commands negotiation (4-151) speed-duplex (4-150) flowcontrol (4-153) flowcontrol This command enables flow control. Use the no form to disable flow control.
4 Command Line Interface Example The following example enables flow control on port 5. Console(config)#interface ethernet 1/5 Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (4-151) capabilities (flowcontrol, symmetric) (4-152) media-type This command forces the port type selected for combination ports 8 - 12. Use the no form to restore the default mode.
Interface Commands 4 Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also want to disable a port for security reasons. Example The following example disables port 5.
4 Command Line Interface Example The following shows how to configure broadcast storm control at 600 packets per second: Console(config)#interface ethernet 1/5 Console(config-if)#switchport broadcast packet-rate 600 Console(config-if)# clear counters This command clears statistics on an interface. Syntax clear counters interface interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Interface Commands 4 show interfaces status This command displays the status for an interface. Syntax show interfaces status [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • vlan vlan-id (Range: 1-4094) Default Setting Shows the status for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed.
4 Command Line Interface show interfaces counters This command displays interface statistics. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed.
4 Interface Commands show interfaces switchport This command displays the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed.
4 Command Line Interface Table 4-50 show interfaces switchport - display description (Continued) Field Description Ingress rule Shows if ingress filtering is enabled or disabled (page 4-193). Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only (page 4-192). Native VLAN Indicates the default Port VLAN ID (page 4-194). Priority for untagged traffic Indicates the default priority for untagged frames (page 4-207).
Mirror Port Commands 4 Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner. • The destination port is set by specifying an Ethernet interface. • The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port.
4 Command Line Interface Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------Destination port(listen port):Eth1/1 Source port(monitored port) :Eth1/6 Mode :RX/TX Console# Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an i
Link Aggregation Commands 4 Example Console(config)#interface ethernet 1/1 Console(config-if)#rate-limit input 600 Console(config-if)# Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
4 Command Line Interface channel-group This command adds a port to a trunk. Use the no form to remove a port from a trunk. Syntax channel-group channel-id no channel-group channel-id - Trunk index (Range: 1-6) Default Setting The current port will be added to this trunk. Command Mode Interface Configuration (Port Channel) Command Usage • When configuring static trunks, the switches must comply with the Cisco EtherChannel standard. • Use no channel-group to remove a port group from a trunk.
Link Aggregation Commands 4 • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. Example The following shows LACP enabled on ports 10-12.
4 Command Line Interface Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time.
Address Table Commands 4 Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table. Static addresses have the following characteristics: • Static addresses will not be removed from the address table when a given interface link is down. • Static addresses are bound to the assigned interface and will not be moved.
4 Command Line Interface Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contains the MAC addresses associated with each interface.
Spanning Tree Commands 4 Example Console(config)#mac-address-table aging-time 100 Console(config)# show mac-address-table aging-time This command shows the aging time for entries in the address table. Default Setting None Command Mode Privileged Exec Example Console#show mac-address-table aging-time Aging time: 300 sec.
4 Command Line Interface Table 4-55 Spanning Tree Commands (Continued) Command Function Mode spanning-tree spanning-disabled Disables spanning tree for an interface IC Page 4-179 spanning-tree cost Configures the spanning tree path cost of an interface IC 4-180 spanning-tree port-priority Configures the spanning tree priority of an interface IC 4-180 spanning-tree edge-port Enables fast forwarding for edge ports IC 4-181 spanning-tree portfast Sets an interface to fast forwarding IC
4 Spanning Tree Commands Example This example shows how to enable the Spanning Tree Algorithm for the switch: Console(config)#spanning-tree Console(config)# spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to restore the default. Syntax spanning-tree mode {stp | rstp | mstp} no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.1D) • rstp - Rapid Spanning Tree Protocol (IEEE 802.1w) • mstp - Multiple Spanning Tree (IEEE 802.
4 Command Line Interface • Multiple Spanning Tree Protocol - To allow multiple spanning trees to operate over the network, you must configure a related set of bridges with the same MSTP configuration, allowing them to participate in a specific set of spanning tree instances. - A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments. - Be careful when switching between spanning tree modes.
Spanning Tree Commands 4 spanning-tree hello-time This command configures the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1].
4 Command Line Interface configuration message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network. Example Console(config)#spanning-tree max-age 40 Console(config)# spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge.
Spanning Tree Commands 4 Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. Note that path cost (page 4-180) takes precedence over port priority (page 4-180).
4 Command Line Interface Command Mode Global Configuration Example Console(config)#spanning-tree mst-configuration Console(config-mstp)# Related Commands mst vlan (4-176) mst priority (4-177) name (4-177) revision (4-178) max-hops (4-179) mst vlan This command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no form without any VLAN parameters to remove all VLANs.
Spanning Tree Commands 4 Example Console(config-mstp)#mst 1 vlan 2-5 Console(config-mstp)# mst priority This command configures the priority of a spanning tree instance. Use the no form to restore the default. Syntax mst instance_id priority priority no mst instance_id priority • instance_id - Instance identifier of the spanning tree. (Range: 0-64) • priority - Priority of the a spanning tree instance.
4 Command Line Interface Default Setting Switch’s MAC address Command Mode MST Configuration Command Usage The MST region name and revision number (page 4-178) are used to designate a unique MST region. A bridge (i.e., spanning-tree compliant device such as this switch) can only belong to one MST region. And all bridges in the same region must be configured with the same MST instances.
Spanning Tree Commands 4 max-hops This command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to restore the default. Syntax max-hops hop-number hop-number - Maximum hop number for multiple spanning tree. (Range: 1-40) Default Setting 20 Command Mode MST Configuration Command Usage An MSTI region is treated as a single node by the STP and RSTP protocols. Therefore, the message age for BPDUs inside an MSTI region is never changed.
4 Command Line Interface spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port.
Spanning Tree Commands 4 Default Setting 128 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command defines the priority for the use of a port in the Spanning Tree Algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. • Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled.
4 Command Line Interface Example Console(config)#interface ethernet ethernet 1/5 Console(config-if)#spanning-tree edge-port Console(config-if)# Related Commands spanning-tree portfast (4-182) spanning-tree portfast This command sets an interface to fast forwarding. Use the no form to disable fast forwarding.
Spanning Tree Commands 4 spanning-tree link-type This command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree link-type {auto | point-to-point | shared} no spanning-tree link-type • auto - Automatically derived from the duplex mode setting. • point-to-point - Point-to-point link. • shared - Shared medium.
4 Command Line Interface Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000 • Fast Ethernet – half duplex: 200,000; full duplex: 100,000; trunk: 50,000 • Gigabit Ethernet – full duplex: 10,000; trunk: 5,000 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Each spanning-tree instance is associated with a unique set of VLAN IDs. • This command is used by the multiple spanning-tree algorithm to determine the best path between devices.
4 Spanning Tree Commands interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. • Where more than one interface is assigned the highest priority, the interface with lowest numeric identifier will be enabled.
4 Command Line Interface show spanning-tree This command shows the configuration for the common spanning tree (CST) or for an instance within the multiple spanning tree (MST). Syntax show spanning-tree [interface | mst instance_id] • interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • instance_id - Instance identifier of the multiple spanning tree.
Spanning Tree Commands 4 Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :0 Vlans configuration :1-4094 Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.) :20 Root Forward Delay (sec.) :15 Max hops :20 Remaining hops :20 Designated Root :32768.0.
4 Command Line Interface show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree.
VLAN Commands 4 Editing VLAN Groups Table 4-57 Commands for Editing VLAN Groups Command Function Mode vlan database Enters VLAN database mode to add, change, and delete VLANs GC Page 4-189 vlan Configures a VLAN, including VID, name and state VC 4-190 vlan database This command enters VLAN database mode. All commands in this mode will take effect immediately.
4 Command Line Interface vlan This command configures a VLAN. Use the no form to restore the default settings or delete a VLAN. Syntax vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] • vlan-id - ID of configured VLAN. (Range: 1-4094, no leading zeroes) • name - Keyword to be followed by the VLAN name. - vlan-name - ASCII string from 1 to 32 characters. • media ethernet - Ethernet media type. • state - Keyword to be followed by the VLAN state.
VLAN Commands 4 Configuring VLAN Interfaces Table 4-58 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN IC Page 4-191 switchport mode Configures VLAN membership mode for an interface IC 4-192 switchport acceptable-frame-types Configures frame types to be accepted by an interface IC 4-192 switchport ingress-filtering Enables ingress filtering on an interface IC 4-193 switchport native vlan Configures t
4 Command Line Interface switchport mode This command configures the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {trunk | hybrid} no switchport mode • trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. Note that frames belonging to the port’s default VLAN (i.e., associated with the PVID) are also transmitted as tagged frames.
VLAN Commands 4 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When set to receive all frame types, any received frames that are untagged are assigned to the default VLAN.
4 Command Line Interface Example The following example shows how to set the interface to port 1 and then enable ingress filtering: Console(config)#interface ethernet 1/1 Console(config-if)#switchport ingress-filtering Console(config-if)# switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port.
VLAN Commands 4 switchport allowed vlan This command configures VLAN groups on the selected interface. Use the no form to restore the default. Syntax switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list} no switchport allowed vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan-list - List of VLAN identifiers to remove. • vlan-list - Separate nonconsecutive VLAN identifiers with a comma and no spaces; use a hyphen to designate a range of IDs.
4 Command Line Interface switchport forbidden vlan This command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan {add vlan-list | remove vlan-list} no switchport forbidden vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan-list - List of VLAN identifiers to remove. • vlan-list - Separate nonconsecutive VLAN identifiers with a comma and no spaces; use a hyphen to designate a range of IDs. Do not enter leading zeros.
VLAN Commands 4 Displaying VLAN Information Table 4-59 Commands for Displaying VLAN Information Command Function Mode show vlan Shows VLAN information NE, PE Page 4-197 show interfaces status vlan Displays status for the specified VLAN interface NE, PE 4-157 show interfaces switchport Displays the administrative and operational status of an interface NE, PE 4-159 show vlan This command shows VLAN information.
4 Command Line Interface Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This section describes commands used to configure private VlANs. Table 4-60 Private VLAN Commands Command Function Mode Page pvlan Enables and configured private VLANS GC 4-198 show pvlan Displays the configured private VLANS PE 4-199 pvlan This command enables or configures a private VLAN. Use the no form to disable the private VLAN.
VLAN Commands 4 show pvlan This command displays the configured private VLAN. Command Mode Privileged Exec Example Console#show pvlan Private VLAN status: Enabled Up-link port: Ethernet 1/12 Down-link port: Ethernet 1/1-8 Console# Configuring Protocol-based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN.
4 Command Line Interface protocol-vlan protocol-group (Configuring Groups) This command creates a protocol group, or to add specific protocols to a group. Use the no form to remove a protocol group. Syntax protocol-vlan protocol-group group-id [{add | remove} frame-type frame protocol-type protocol] no protocol-vlan protocol-group group-id • group-id - Group identifier of this protocol group. (Range: 1-2147483647) • frame - Frame type used by this protocol.
VLAN Commands 4 Command Usage • When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces using any of the other VLAN commands (such as vlan on page 4-190), these interfaces will admit traffic of any protocol type into the associated VLAN. • When a frame enters a port that has been assigned to a protocol VLAN, it is processed in the following manner: - If the frame is tagged, it will be processed according to the standard rules applied to tagged frames.
4 Command Line Interface show interfaces protocol-vlan protocol-group This command shows the mapping from protocol groups to VLANs for the selected interfaces. Syntax show interfaces protocol-vlan protocol-group [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting The mapping for all interfaces is displayed.
GVRP and Bridge Extension Commands 4 GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB.
4 Command Line Interface show bridge-ext This command shows the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 3-126 and “Displaying Bridge Extension Capabilities” on page 3-14 for a description of the displayed items.
GVRP and Bridge Extension Commands 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows both global and interface-specific configuration.
4 Command Line Interface Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate. These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registration/deregistration. • Timer values are applied to GVRP for all the ports on all VLANs.
Priority Commands 4 Related Commands garp timer (4-205) Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
4 Command Line Interface queue mode This command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) priority queues. Use the no form to restore the default value. Syntax queue mode {strict | wrr} no queue mode • strict - Services the egress queues in sequential order, transmitting all traffic in the higher priority queues before servicing lower priority queues.
Priority Commands 4 switchport priority default This command sets a priority for incoming untagged frames. Use the no form to restore the default value. Syntax switchport priority default default-priority-id no switchport priority default default-priority-id - The priority number for untagged ingress traffic. The priority is a number from 0 to 7. Seven is the highest priority. Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero.
4 Command Line Interface queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queues. Use the no form to restore the default weights. Syntax queue bandwidth weight1...weight4 no queue bandwidth weight1...weight4 - The ratio of weights for queues 0 - 7 determines the weights used by the WRR scheduler. (Range: 1 - 15) Default Setting Weights 1, 2, 4, 6, 8, 10, 12, 14 are assigned to queues 0 - 7 respectively.
Priority Commands 4 Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown below.
4 Command Line Interface Example Console#sh queue mode Wrr status: Enabled Console# show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues. Default Setting None Command Mode Privileged Exec Example Console#show queue bandwidth Information of Eth 1/1 Queue ID Weight -------- -----0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 . . . Console# show queue cos-map This command shows the class of service priority map.
4 Priority Commands Example Console#show queue Information of Eth CoS Value : 0 Priority Queue: 2 Console# cos-map ethernet 1/1 1/1 1 2 3 4 5 6 7 0 1 3 4 5 6 7 Priority Commands (Layer 3 and 4) Table 4-66 Priority Commands (Layer 3 and 4) Command Function Mode map ip port Enables TCP/UDP class of service mapping GC Page 4-213 map ip port Maps TCP/UDP socket to a class of service IC 4-214 map ip precedence Enables IP precedence class of service mapping GC 4-214 map ip precedence Maps IP pr
4 Command Line Interface Example The following example shows how to enable TCP/UDP port mapping globally: Console(config)#map ip port Console(config)# map ip port (Interface Configuration) This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port-number cos cos-value no map ip port port-number • port-number - 16-bit TCP/UDP port number.
Priority Commands 4 Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type. Example The following example shows how to enable IP precedence mapping globally: Console(config)#map ip precedence Console(config)# map ip precedence (Interface Configuration) This command sets IP precedence priority (i.e.
4 Command Line Interface map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [no] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled.
Priority Commands 4 Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0.
4 Command Line Interface Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port Port no. COS --------- -------- --Eth 1/ 5 80 0 Console# Related Commands map ip port (Global Configuration) (4-213) map ip port (Interface Configuration) (4-214) show map ip precedence This command shows the IP precedence priority map.
Priority Commands 4 Example Console#show map ip precedence ethernet 1/5 Precedence mapping status: disabled Port Precedence COS --------- ---------- --Eth 1/ 5 0 0 Eth 1/ 5 1 1 Eth 1/ 5 2 2 Eth 1/ 5 3 3 Eth 1/ 5 4 4 Eth 1/ 5 5 5 Eth 1/ 5 6 6 Eth 1/ 5 7 7 Console# Related Commands map ip precedence (Global Configuration) (4-214) map ip precedence (Interface Configuration) (4-215) show map ip dscp This command shows the IP DSCP priority map.
4 Command Line Interface Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 . . .
Multicast Filtering Commands 4 IGMP Snooping Commands Table 4-70 IGMP Snooping Commands Command Function Mode ip igmp snooping Enables IGMP snooping GC Page 4-221 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 4-221 ip igmp snooping version Configures the IGMP version for snooping GC 4-222 show ip igmp snooping Shows the IGMP snooping and query configuration PE 4-222 show mac-address-table multicast Shows the IGMP snooping MAC multicast list PE 4-22
4 Command Line Interface Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port: Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/5 Console(config)# ip igmp snooping version This command configures the IGMP snooping version. Use the no form to restore the default.
Multicast Filtering Commands 4 Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-154 for a description of the displayed items.
4 Command Line Interface IGMP Query Commands (Layer 2) Table 4-71 IGMP Query Commands (Layer 2) Command Function ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC Mode Page 4-224 ip igmp snooping query-count Configures the query count GC 4-224 ip igmp snooping query-interval Configures the query interval GC 4-225 ip igmp snooping query-max-response-time Configures the report delay GC 4-226 ip igmp snooping router-port-expire-time Configures the query
4 Multicast Filtering Commands Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action. If a querier has sent a number of queries defined by this command, but a client has not responded, a countdown timer is started using the time defined by ip igmp snooping query-maxresponse-time.
4 Command Line Interface ip igmp snooping query-max-response-time This command configures the query report delay. Use the no form to restore the default. Syntax ip igmp snooping query-max-response-time seconds no ip igmp snooping query-max-response-time seconds - The report delay advertised in IGMP queries. (Range: 5-30) Default Setting 10 seconds Command Mode Global Configuration Command Usage • The switch must be using IGMPv2 for this command to take effect.
Multicast Filtering Commands 4 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect.
4 Command Line Interface Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Multicast Filtering Commands 4 IGMP Commands (Layer 3) Table 4-73 IGMP Commands (Layer 3) Command Function Mode ip igmp Enables IGMP for the specified interface IC Page 4-229 ip igmp robustval Configures the expected packet loss IC 4-230 ip igmp query-interval Configures frequency for sending host query messages IC 4-230 ip igmp max-resp-interval Configures the maximum host response time IC 4-231 ip igmp last-memb-query-interval Configures frequency for sending group-specific host quer
4 Command Line Interface Related Commands ip igmp snooping (4-221) show ip igmp snooping (4-222) ip igmp robustval This command specifies the robustness (i.e., expected packet loss) for this interface. Use the no form of this command to restore the default value. Syntax ip igmp robustval robust-value no ip igmp robustval robust-value - The robustness of this interface.
Multicast Filtering Commands 4 Command Usage • Multicast routers send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multicast service. Only the designated multicast router for a subnet sends host query messages, which are addressed to the multicast address 224.0.0.1. • For IGMP Version 1, the designated router is elected according to the multicast routing protocol that runs on the LAN.
4 Command Line Interface Related Commands ip igmp version (4-232) ip igmp query-interval (4-230) ip igmp last-memb-query-interval This command configures the last member query interval. Use the no form of this command to restore the default. Syntax ip igmp last-memb-query-interval seconds no ip igmp last-memb-query-interval seconds - The report delay for the last member query.
Multicast Filtering Commands 4 Command Mode Interface Configuration (VLAN) Command Usage • All routers on the subnet must support the same version. However, the multicast hosts on the subnet may support either IGMP version 1 or 2. • The switch must be set to version 2 to enable the ip igmp max-resp-interval (page 4-231).
4 Command Line Interface clear ip igmp group This command deletes entries from the IGMP cache. Syntax clear ip igmp group [group-address | interface vlan vlan-id] • group-address - IP address of the multicast group. • vlan-id - VLAN ID (Range: 1-4094) Default Setting Deletes all entries in the cache if no options are selected. Command Mode Privileged Exec Command Usage Enter the address for a multicast group to delete all entries for the specified group.
Multicast Filtering Commands 4 • If there are Version 1 hosts present for a particular group, the switch will ignore any Leave Group messages that it receives for that group. Example The following shows the IGMP groups currently active on VLAN 1: Console#show ip igmp groups vlan 1 GroupAddress InterfaceVlan Lastreporter Uptime Expire V1Timer --------------- --------------- --------------- -------- -------- --------234.5.6.8 1 10.1.5.
4 Command Line Interface IP Interface Commands There are no IP addresses assigned to this router by default. You must manually configure a new address to manage the router over your network or to connect the router to existing IP subnets. You may also need to a establish a default gateway between this device and management stations or other devices that exist on another network segment (if routing is not enabled).
IP Interface Commands 4 Default Setting IP address: 0.0.0.0 Netmask: 255.0.0.0 Command Mode Interface Configuration (VLAN) Command Usage • If this router is directly connected to end node devices (or connected to end nodes via shared media) that will be assigned to a specific subnet, then you must create a router interface for each VLAN that will support routing. The router interface consists of an IP address and subnet mask.
4 Command Line Interface Example In the following example, the device is assigned an address in VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)# Related Commands ip dhcp restart client (4-127) ip default-gateway This command specifies the default gateway for destinations not found in the local routing tables. Use the no form to remove a default gateway.
IP Interface Commands 4 show ip interface This command displays the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Example Console#show ip interface Vlan 1 is up, addressing mode is User Interface address is 10.1.0.254, mask is 255.255.255.0, Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled Console# Related Commands show ip redirects (4-239) show ip redirects This command shows the default gateway configured for this device.
4 Command Line Interface Default Setting This command has no default for the host. Command Mode Normal Exec, Privileged Exec Command Usage • Use the ping command to see if another site on the network can be reached. • The following are some results of the ping command: - Normal response - The normal response occurs in one to ten seconds, depending on network traffic. - Destination does not respond - If the host does not respond, a “timeout” appears in ten seconds.
IP Interface Commands 4 Address Resolution Protocol (ARP) Table 4-77 Address Resolution Protocol Commands Command Function Mode arp Adds a static entry in the ARP cache GC Page 4-241 arp-timeout Sets the time a dynamic entry remains in the ARP cache GC 4-242 clear arp-cache Deletes all dynamic entries from the ARP cache PE 4-242 show arp Displays entries in the ARP cache NE, PE 4-242 ip proxy-arp Enables proxy ARP service VC 4-243 arp This command adds a static entry in the Address
4 Command Line Interface arp-timeout This command sets the aging time for dynamic entries in the Address Resolution Protocol (ARP) cache. Use the no form to restore the default. Syntax arp-timeout seconds no arp-timeout seconds - The time a dynamic entry remains in the ARP cache. (Range: 300-86400; 86400 is one day) Default Setting 1200 seconds (20 minutes) Command Mode Global Configuration Command Usage Use the show arp command to display the current cache timeout value.
IP Interface Commands 4 Command Usage This command displays information about the ARP cache. The first line shows the cache timeout. It also shows each cache entry, including the corresponding IP address, MAC address, type (static, dynamic, other), and VLAN interface. Note that entry type “other” indicates local addresses for this router. Example This example displays all entries in the ARP cache. Console#show arp Arp cache timeout: 1200 (seconds) IP Address --------------10.1.0.0 10.1.0.254 10.1.0.
4 Command Line Interface IP Routing Commands After you configure network interfaces for this router, you must set the paths used to send traffic between different interfaces. If you enable routing on this device, traffic will automatically be forwarded between all of the local subnetworks.
4 IP Routing Commands Command Usage • The command affects both static and dynamic unicast routing. • If IP routing is enabled, all IP packets are routed using either static routing or dynamic routing via RIP or OSPF, and other packets for all non-IP protocols (e.g., NetBuei, NetWare or AppleTalk) are switched based on MAC addresses. If IP routing is disabled, all packets are switched, with filtering and forwarding decisions based strictly on MAC addresses.
4 Command Line Interface clear ip route This command removes dynamically learned entries from the IP routing table. Syntax clear ip route {network [netmask] | *} • network – Network or subnet address. • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • * – Removes all dynamic routing table entries. Command Mode Privileged Exec Command Usage • This command only clears dynamically learned routes.
4 IP Routing Commands Example Console#show ip route Ip Address Netmask Next Hop Protocol Metric Interface --------------- --------------- --------------- ---------- ------ --------0.0.0.0 0.0.0.0 10.2.48.102 static 0 1 10.2.48.2 255.255.252.0 10.2.48.16 local 0 1 10.2.5.6 255.255.255.0 10.2.8.12 RIP 1 2 10.3.9.1 255.255.255.0 10.2.9.
4 Command Line Interface show ip traffic This command displays statistics for IP, ICMP, UDP, TCP and ARP protocols. Command Mode Privileged Exec Command Usage For a description of the information shown by this command, see “Displaying Statistics for IP Protocols” on page 3-205.
IP Routing Commands 4 Table 4-82 Routing Information Protocol Commands Command Function Mode Page ip rip authentication key Enables authentication for RIP2 packets and specifies keys IC ip rip authentication mode Specifies the type of authentication used for RIP2 packets IC 4-255 4-256 show rip globals Displays global configuration settings and statistics for RIP PE 4-257 show ip rip Displays RIP configuration information for each network interface PE 4-257 router rip This command enables R
4 Command Line Interface Default Setting Update: 30 seconds Timeout: 180 seconds Garbage collection: 120 seconds Command Usage • The update timer sets the rate at which updates are sent. This is the fundamental timer used to control all basic RIP processes. • The timeout timer is the time after which there have been no update messages that a route is declared dead. The route is marked inaccessible (i.e., the metric set to infinite) and advertised as unreachable.
IP Routing Commands 4 Command Usage • RIP only sends updates to interfaces specified by this command. • Subnet addresses are interpreted as class A, B or C, based on the first field in the specified address. In other words, if a subnet address nnn.xxx.xxx.xxx is entered, the first field (nnn) determines the class: 0 - 127 is class A, and only the first field in the network address is used. 128 - 191 is class B, and the first two fields in the network address are used.
4 Command Line Interface version This command specifies a RIP version used globally by the router. Use the no form to restore the default value.
IP Routing Commands 4 ip rip receive version This command specifies a RIP version to receive on an interface. Use the no form to restore the default value. Syntax ip rip receive version {none | 1 | 2 | 1 2} no ip rip receive version • • • • none - Does not accept incoming RIP packets. 1 - Accepts only RIPv1 packets. 2 - Accepts only RIPv2 packets.
4 Command Line Interface ip rip send version This command specifies a RIP version to send on an interface. Use the no form to restore the default value. Syntax ip rip send version {none | 1 | 2 | v2-broadcast} no ip rip send version • • • • none - Does not transmit RIP updates. 1 - Sends only RIPv1 packets. 2 - Sends only RIPv2 packets. v2-broadcast - Route information is broadcast to other routers with RIPv2.
IP Routing Commands 4 ip split-horizon This command enables split-horizon or poison-reverse (a variation) on an interface. Use the no form to disable split-horizon. Syntax ip split-horizon [poison-reverse] no ip split-horizon poison-reverse - Enables poison-reverse on the current interface. Command Mode Interface Configuration (VLAN) Default Setting split-horizon Command Usage • Split horizon never propagates routes back to an interface from which they have been acquired.
4 Command Line Interface • For authentication to function properly, both the sending and receiving interface must be configured with the same password. Example This example sets an authentication password of “small” to verify incoming routing messages and to tag outgoing routing messages.
IP Routing Commands 4 show rip globals This command displays global configuration settings for RIP. Command Mode Privileged Exec Example Console#show rip globals RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 0 Number of Queries: 1 Console# Table 4-83 show rip globals - display description Field Description RIP Process Indicates if RIP has been enabled or disabled. Update Time in Seconds The interval at which RIP advertises known route information.
4 Command Line Interface Example Console#show ip rip configuration Interface SendMode ReceiveMode Poison Authentication --------------- --------------- ------------- -------------- -----------------10.1.0.253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10.1.1.253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication Console#show ip rip status Interface RcvBadPackets RcvBadRoutes SendUpdates --------------- --------------- -------------- --------------10.1.0.253 0 0 13 10.1.1.
IP Routing Commands 4 Open Shortest Path First (OSPF) Table 4-85 Open Shortest Path First Commands Command Function Mode Page Enables or disables OSPF GC 4-260 router-id Sets the router ID for this device RC 4-260 compatible rfc1583 Calculates summary route costs using RFC 1583 (OSPFv1) RC 4-261 default-information originate Generates a default external route into an autonomous system RC 4-262 timers spf Configures the hold time between consecutive SPF calculations RC 4-263 RC 4-264
4 Command Line Interface Table 4-85 Open Shortest Path First Commands (Continued) Command Function Mode Page show ip ospf summary-address Displays all summary address redistribution information PE 4-290 PE 4-290 show ip ospf virtual-links Displays parameters and the adjacency state of virtual links router ospf This command enables Open Shortest Path First (OSPF) routing for all IP interfaces on the router. Use the no form to disable it.
IP Routing Commands 4 Command Usage • The router ID must be unique for every router in the autonomous system. Using the default setting based on the lowest interface address ensures that each router ID is unique. Also, note that you cannot set the router ID to 0.0.0.0 or 255.255.255.255. • If this router already has registered neighbors, the new router ID will be used when the router is rebooted, or manually restarted by entering the no router ospf followed by the router ospf command.
4 Command Line Interface default-information originate This command generates a default external route into an autonomous system. Use the no form to disable this feature. Syntax default-information originate [always] [metric interface-metric] [metric-type metric-type] no default-information originate • always - Always advertise a default route to the local AS regardless of whether the router has a default route. (See “ip route” on page 4-245.) • interface-metric - Metric assigned to the default route.
IP Routing Commands 4 Related Commands ip route (4-245) redistribute (4-266) timers spf This command configures the hold time between making two consecutive shortest path first (SPF) calculations. Use the no form to restore the default value. Syntax timers spf spf-holdtime no timers spf spf-holdtime - Minimum time between two consecutive SPF calculations.
4 Command Line Interface area range This command summarizes the routes advertised by an Area Border Router (ABR). Use the no form to disable this function. Syntax [no] area area-id range ip-address netmask [advertise | not-advertise] • area-id - Identifies an area for which the routes are summarized. (The area ID must be in the form of an IP address.) • ip-address - Base address for the routes to summarize. • netmask - Network mask for the summary route.
IP Routing Commands 4 Default Setting 1 Command Usage • If you enter this command for a normal area, it will changed to a stub. • If the default cost is set to “0,” the router will not advertise a default route into the attached stub or NSSA. Example Console(config-router)#area 10.3.9.0 default-cost 10 Console(config-router)# Related Commands area stub (4-268) summary-address This command aggregates routes learned from other protocols. Use the no form to remove a summary address.
4 Command Line Interface redistribute This command imports external routing information from other routing domains (i.e., protocols) into the autonomous system. Use the no form to disable this feature. Syntax [no] redistribute [rip | static] [metric metric-value] [metric-type type-value] • rip - External routes will be imported from the Routing Information Protocol into this Autonomous System. • static - Static routes will be imported into this Autonomous System.
IP Routing Commands 4 network area This command defines an OSPF area and the interfaces that operate within this area. Use the no form to disable OSPF for a specified interface. Syntax [no] network ip-address netmask area area-id • ip-address - Address of the interfaces to add to the area. • netmask - Network mask of the address range to add to the area. • area-id - Area to which the specified address or range is assigned. An OSPF area identifies a group of routers that share common routing information.
4 Command Line Interface area stub This command defines a stub area. To remove a stub, use the no form without the optional keyword. To remove the summary attribute, use the no form with the summary keyword. Syntax [no] area area-id stub [summary] • area-id - Identifies the stub area. (The area ID must be in the form of an IP address.) • summary - Makes an Area Border Router (ABR) send a summary link advertisement into the stub area.
IP Routing Commands 4 area nssa This command defines a not-so-stubby area (NSSA). To remove an NSSA, use the no form without any optional keywords. To remove an optional attribute, use the no form without the relevant keyword. Syntax [no] area area-id nssa [no-redistribution] [default-information-originate] • area-id - Identifies the NSSA. (The area ID must be in the form of an IP address.
4 Command Line Interface Example This example creates a stub area 10.3.0.0, and assigns all interfaces with class B addresses 10.3.x.x to the NSSA. It also instructs the router to generate external LSAs into the NSSA when it is an NSSA ABR or NSSA ASBR. Console(config-router)#area 10.3.0.0 nssa default-information-originate Console(config-router)#network 10.3.0.0 255.255.0.0 area 10.2.0.0 Console(config-router)# area virtual-link This command defines a virtual link.
IP Routing Commands 4 propagation delays. LSAs have their age incremented by this amount before transmission. This value must be the same for all routers attached to an autonomous system. (Range: 1-3600 seconds; Default: 1 seconds) • dead-interval seconds - Specifies the time that neighbor routers will wait for a hello packet before they declare the router down. This value must be the same for all routers attached to an autonomous system.
4 Command Line Interface Example This example creates a virtual link using the defaults for all optional parameters. Console(config-router)#network 10.4.0.0 0.255.255.0.0 area 10.4.0.0 Console(config-router)#area 10.4.0.0 virtual-link 10.4.3.254 Console(config-router)# This example creates a virtual link using MD5 authentication. Console(config-router)#network 10.4.0.0 0.255.255.0.0 area 10.4.0.0 Console(config-router)#area 10.4.0.0 virtual-link 10.4.3.
IP Routing Commands 4 Related Commands ip ospf authentication-key (4-273) ip ospf message-digest-key (4-274) ip ospf authentication-key This command assigns a simple password to be used by neighboring routers. Use the no form to remove the password. Syntax ip ospf authentication-key key no ip ospf authentication-key key - Sets a plain text password.
4 Command Line Interface ip ospf message-digest-key This command enables message-digest (MD5) authentication on the specified interface and to assign a key-id and key to be used by neighboring routers. Use the no form to remove an existing key. Syntax ip ospf message-digest-key key-id md5 key no ip ospf message-digest-key key-id • key-id - Index number of an MD5 key. (Range: 1-255) • key - Alphanumeric password used to generate a 128 bit message digest or “fingerprint.
IP Routing Commands 4 ip ospf cost This command explicitly sets the cost of sending a packet on an interface. Use the no form to restore the default value. Syntax ip ospf cost cost no ip ospf cost cost - Link metric for this interface. Use higher values to indicate slower ports. (Range: 1-65535) Command Mode Interface Configuration (VLAN) Default Setting 1 Command Usage Interface cost reflects the port speed. This router uses a default cost of 1 for all ports.
4 Command Line Interface Related Commands ip ospf hello-interval (4-276) ip ospf hello-interval This command specifies the interval between sending hello packets on an interface. Use the no form to restore the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval seconds - Interval at which hello packets are sent from an interface. This interval must be set to the same value for all routers on the network.
IP Routing Commands 4 Command Usage • Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to any value other than zero, the router with the highest priority will become the DR and the router with the next highest priority becomes the BDR. If two or more routers are tied with the same highest priority, the router with the higher ID will be elected.
4 Command Line Interface ip ospf transmit-delay This command sets the estimated time to send a link-state update packet over an interface. Use the no form to restore the default value. Syntax ip ospf transmit-delay seconds no ip ospf transmit-delay seconds - Sets the estimated time required to send a link-state update. (Range: 1-65535) Command Mode Interface Configuration (VLAN) Default Setting 1 second Command Usage LSAs have their age incremented by this delay before transmission.
IP Routing Commands 4 Table 4-86 show ip ospf - display description Field Description Routing Process with ID Router ID Supports only single TOS (TOS0) route Type of service is not supported, so you can only assign one cost per interface It is an router type The types displayed include internal, area border, or autonomous system boundary routers Number of areas in this router The number of configured areas Area identifier The area address, and area type if backbone, NSSA or stub Number of inte
4 Command Line Interface show ip ospf database This command shows information about different OSPF Link State Advertisements (LSAs) stored in this router’s database.
IP Routing Commands 4 Command Mode Privileged Exec Examples The following shows output for the show ip ospf database command. Console#show ip ospf database Displaying Router Link States(Area 10.1.0.0) Link ID ADV Router Age Seq# Checksum --------------- --------------- ------ ----------- ----------10.1.1.252 10.1.1.252 26 0X80000005 0X89A1 10.1.1.253 10.1.1.253 23 0X80000002 0X8D9D Displaying Net Link States(Area 10.1.0.
4 Command Line Interface The following shows output when using the asbr-summary keyword. Console#show ip ospf database asbr-summary OSPF Router with id(10.1.1.253) Displaying Summary ASB Link States(Area 0.0.0.0) LS age: 433 Options: (No TOS-capability) LS Type: Summary Links (AS Boundary Router) Link State ID: 192.168.5.1 (AS Boundary Router's Router ID) Advertising Router: 192.168.1.5 LS Sequence Number: 80000002 LS Checksum: 0x51E2 Length: 32 Network Mask: 255.255.255.
IP Routing Commands 4 The following shows output when using the database-summary keyword. Console#show ip ospf database database-summary Area ID (10.1.0.
4 Command Line Interface The following shows output when using the external keyword. Console#show ip ospf database external OSPF Router with id(192.168.5.1) (Autonomous system 5) Displaying AS External Link States LS age: 433 Options: (No TOS-capability) LS Type: AS External Link Link State ID: 10.1.1.253 (External Network Number) Advertising Router: 10.1.2.254 LS Sequence Number: 80000002 LS Checksum: 0x51E2 Length: 32 Network Mask: 255.255.0.
4 IP Routing Commands The following shows output when using the network keyword. Console#show ip ospf database network OSPF Router with id(10.1.1.253) Displaying Net Link States(Area 10.1.0.0) Link State Data Network (Type 2) ------------------------------LS age: 433 Options: Support External routing capability LS Type: Network Links Link State ID: 10.1.1.252 (IP interface address of the Designated Router) Advertising Router: 10.1.1.
4 Command Line Interface The following shows output when using the router keyword. Console#show ip ospf database router OSPF Router with id(10.1.1.253) Displaying Router Link States(Area 10.1.0.0) Link State Data Router (Type 1) ------------------------------LS age: 233 Options: Support External routing capability LS Type: Router Links Link State ID: 10.1.1.252 (Originating Router's Router ID) Advertising Router: 10.1.1.
IP Routing Commands 4 Table 4-93 show ip ospf router - display description (Continued) Field Description Number of TOS metrics Type of Service metric – This router only supports TOS 0 (or normal service) Metrics Cost of the link The following shows output when using the summary keyword. Console#show ip ospf database summary OSPF Router with id(10.1.1.253) Displaying Summary Net Link States(Area 10.1.0.
4 Command Line Interface show ip ospf interface This command displays summary information for OSPF interfaces. Syntax show ip ospf interface [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.1.1.253, Mask 255.255.255.0, Area 10.1.0.0 Router ID 10.1.1.253, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router id 10.1.1.252, Interface address 10.1.1.
IP Routing Commands 4 show ip ospf neighbor This command displays information about neighboring routers on each interface within an OSPF area. Syntax show ip ospf neighbor Command Mode Privileged Exec Example Console#show ip ospf neighbor ID Pri State Address --------------- ------ ---------------- --------------10.1.1.252 1 FULL/DR 10.1.1.
4 Command Line Interface show ip ospf summary-address This command displays all summary address information. Syntax show ip ospf summary-address Command Mode Privileged Exec Example This example shows a summary address and associated network mask. Console#show ip ospf summary-address 10.1.0.0/255.255.0.0 Console# Related Commands summary-address (4-265) show ip ospf virtual-links This command displays detailed information about virtual links.
Multicast Routing Commands 4 Multicast Routing Commands This router uses IGMP snooping and query to determine the ports connected to downstream multicast hosts, and to propagate this information back up through the multicast tree to ensure that requested services are forwarded through each intermediate node between the multicast server and its hosts, and also to filter traffic from all of the other interfaces that do not require these services.
4 Command Line Interface Default Setting No static multicast router ports are configured. Command Mode Global Configuration Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Multicast Routing Commands 4 General Multicast Routing Commands Table 4-100 General Multicast Routing Commands Command Function Mode ip multicast-routing Enables IP multicast routing GC Page 4-293 show ip mroute Shows the IP multicast routing table PE 4-293 ip multicast-routing This command enables IP multicast routing. Use the no form to disable IP multicast routing.
4 Command Line Interface Command Mode Privileged Exec Command Usage This command displays information for multicast routing. If no optional parameters are selected, detailed information for each entry in the multicast address table is displayed. If you select a multicast group and source pair, detailed information is displayed only for the specified entry. If the summary option is selected, an abbreviated list of information for each entry is displayed on a single line.
Multicast Routing Commands 4 This example lists all entries in the multicast table in summary form: Console#show ip mroute summary IP Multicast Forwarding is enabled. IP Multicast Routing Table (Summary) Flags: P - Prune UP Group Source Source Mask Interface Owner Flags --------------- --------------- --------------- ---------- ------- -----224.1.1.1 10.1.0.0 255.255.0.0 vlan1 DVMRP P 224.2.2.2 10.1.0.0 255.255.0.
4 Command Line Interface Command Mode Global Configuration Command Usage This command enables DVMRP globally for the router and enters router configuration mode. Make any changes necessary to the global DVMRP parameters. Then specify the interfaces that will support DVMRP multicast routing using the ip dvmrp command, and set the metric for each interface.
4 Multicast Routing Commands Command Usage Probe messages are sent to neighboring DVMRP routers from which this device has received probes, and is used to verify whether or not these neighbors are still active members of the multicast tree. Example Console(config-router)#probe-interval 30 Console(config-router)# nbr-timeout This command sets the interval to wait for messages from a DVMRP neighbor before declaring it dead. Use the no form to restore the default value.
4 Command Line Interface Command Mode Router Configuration Example Console(config-router)#report-interval 90 Console(config-router)# flash-update-interval This command specifies how often to send trigger updates, which reflect changes in the network topology. Use the no form to restore the default value. Syntax flash-update-interval seconds no flash-update-interval seconds - Interval between sending flash updates when network topology changes have occurred.
Multicast Routing Commands 4 Example Console(config-router)#prune-lifetime 5000 Console(config-router)# default-gateway This command specifies the default DVMRP gateway for IP multicast traffic. Use the no form to remove the default gateway. Syntax default-gateway ip-address no default-gateway ip-address - IP address of the default DVMRP gateway.
4 Command Line Interface Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage To fully enable DVMRP, you need to enable multicast routing globally for the router with the ip multicast-routing command (page 4-293), enable DVMRP globally for the router with the router dvmrp command (page 4-295), and also enable DVMRP for each interface that will participate in multicast routing with the ip dvmrp command.
Multicast Routing Commands 4 Example Console(config)#interface vlan 1 Console(config-if)#ip dvmrp metric 2 Console(config-if)# clear ip dvmrp route This command clears all dynamic routes learned by DVMRP. Command Mode Privileged Exec Example As shown below, this command clears everything from the route table except for the default route.
4 Command Line Interface Example The default settings are shown in the following example: Console#show route dvmrp Admin Status Probe Interval Nbr expire Minimum Flash Update Interval prune lifetime route report Default Gateway Metric of Default Gateway Console# : : : : : : : : enable 10 35 5 7200 60 0.0.0.0 1 show ip dvmrp route This command displays all entries in the DVMRP routing table.
Multicast Routing Commands 4 show ip dvmrp neighbor This command displays all of the DVMRP neighbor routers. Command Mode Normal Exec, Privileged Exec Example Console#show ip dvmrp neighbor Address Interface Uptime Expire Capabilities ---------------- --------------- -------- -------- ------------10.1.0.
4 Command Line Interface PIM-DM Multicast Routing Commands Table 4-105 PIM-DM Multicast Routing Commands Command Function Mode router pim Enables PIM globally for the router GC Page 4-304 ip pim dense-mode Enables PIM on the specified interface IC 4-305 ip pim hello-interval Sets the interval between sending PIM hello messages IC 4-306 ip pim hello-holdtime Sets the time to wait for hello messages from a neighboring IC PIM router before declaring it dead 4-306 ip pim trigger-hello-interv
Multicast Routing Commands 4 Example Console(config)#router pim Console#show router pim Admin Status: Enabled Console# ip pim dense-mode This command enables PIM-DM on the specified interface. Use the no form to disable PIM-DM on this interface.
4 Command Line Interface ip pim hello-interval This command configures the frequency at which PIM hello messages are transmitted. Use the no form to restore the default value. Syntax ip pim hello-interval seconds no pim hello-interval seconds - Interval between sending PIM hello messages.
Multicast Routing Commands 4 Example Console(config-if)#ip pim hello-holdtime 210 Console(config-if)# ip pim trigger-hello-interval This command configures the maximum time before transmitting a triggered PIM Hello message after the router is rebooted or PIM is enabled on an interface. Use the no form to restore the default value. Syntax ip pim triggerr-hello-interval seconds no ip pim triggerr-hello-interval seconds - The maximum time before sending a triggered PIM Hello message.
4 Command Line Interface Default Setting 210 seconds Command Mode Interface Configuration (VLAN) Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM interfaces on the router. If there are no requesting groups on that interface, the leaf node sends a prune message upstream and enters a prune state for this multicast stream.
Multicast Routing Commands 4 ip pim max-graft-retries This command configures the maximum number of times to resend a Graft message if it has not been acknowledged. Use the no form to restore the default value. Syntax ip pim max-graft-retries retries no ip pim graft-retry-interval retries - The maximum number of times to resend a Graft.
4 Command Line Interface Example Console#show ip pim interface 1 Vlan 1 is up PIM is enabled, mode is Dense. Internet address is 10.1.0.253. Hello time interval is 30 sec, trigger hello time interval is 5 sec. Hello holdtime is 105 sec. Join/Prune holdtime is 210 sec. Graft retry interval is 3 sec, max graft retries is 2. DR Internet address is 10.1.0.254, neighbor count is 1. Console# show ip pim neighbor This command displays information about PIM neighbors.
Router Redundancy Commands 4 Router Redundancy Commands Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load. The primary goal of router redundancy is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down.
4 Command Line Interface vrrp ip This command enables the Virtual Router Redundancy Protocol (VRRP) on an interface and specify the IP address of the virtual router. Use the no form to disable VRRP on an interface and remove the IP address from the virtual router. Syntax [no] vrrp group ip ip-address [secondary] • group - Identifies the virtual router group. (Range: 1-255) • ip-address - The IP address of the virtual router.
Router Redundancy Commands 4 vrrp authentication This command specifies the key used to authenticate VRRP packets received from other routers. Use the no form to prevent authentication. Syntax vrrp group authentication key no vrrp group authentication • group - Identifies the virtual router group. (Range: 1-255) • key - Authentication string. (Range: 1-8 alphanumeric characters) Default Setting No key is defined.
4 Command Line Interface Command Usage • A router that has a physical interface with the same IP address as that used for the virtual router will become the master virtual router. The backup router with the highest priority will become the master router if the current master fails. When the original master router recovers, it will take over as the active master router again.
Router Redundancy Commands 4 • VRRP advertisements are sent to the multicast address 224.0.0.8. Using a multicast address reduces the amount of traffic that has to processed by network devices that are not part of the designated VRRP group. • If the master router stops sending advertisements, backup routers will bid to become the master router based on priority.
4 Command Line Interface Related Commands vrrp priority (4-313) show vrrp This command displays status information for VRRP. Syntax show vrrp [brief | group] • brief - Displays summary information for all VRRP groups on this router. • group - Identifies a VRRP group. (Range: 1-255) Defaults None Command Mode Privileged Exec Command Usage • Use this command without any keywords to display the full listing of status information for all VRRP groups configured on this router.
Router Redundancy Commands 4 Table 4-109 show vrrp - display description Field Description State VRRP role of this interface (master or backup) Virtual IP address Virtual address that identifies this VRRP group Virtual MAC address Virtual MAC address derived from the owner of the virtual IP address Advertisement interval Interval at which the master virtual router advertises its role as the master Preemption Shows whether or not a higher priority router can preempt the current acting master Mi
4 Command Line Interface show vrrp interface This command displays status information for the specified VRRP interface. Syntax show vrrp interface vlan vlan-id [brief] • vlan-id - Identifier of configured VLAN interface. (Range: 1-4094) • brief - Displays summary information for all VRRP groups on this router. Defaults None Command Mode Privileged Exec Example This example displays the full listing of status information for VLAN 1.
4 Router Redundancy Commands show vrrp interface counters This command displays counters for VRRP protocol events and errors that have occurred for the specified group and interface. show vrrp group interface vlan interface counters • group - Identifies a VRRP group. (Range: 1-255) • interface - Identifier of configured VLAN interface.
4 Command Line Interface Defaults None Command Mode Privileged Exec Example Console#clear vrrp 1 interface 1 counters Console# Hot Standby Router Protocol Commands To configure HSRP, add the interface for each router that will participate in the virtual router group, set the priorities, and configure an authentication string. The HSRP protocol will automatically select the master and standby router based on the priority settings.
Router Redundancy Commands 4 standby ip This command enables the Hot Standby Router Protocol (HSRP) on an interface and specify the IP address of the virtual router. Use the no form to disable HSRP on an interface and remove the IP address for the virtual router. Syntax standby [group] ip [ip-address [secondary]] no standby [group] ip [ip-address] • group - Identifies the virtual router group. (Range: 0-255) • ip-address - The designated IP address of the virtual router.
4 Command Line Interface Example This example creates HSRP group 1 for VLAN 1, and also adds a secondary interface as a member of the group. Console(config)#interface vlan 1 Console(config-if)#standby 1 ip 192.168.1.7 Console(config-if)#standby 1 ip 192.168.2.6 secondary Console(config-if)# standby priority This command sets the priority of this router in a HSRP group. Use the no form to restore the default setting.
Router Redundancy Commands 4 Related Commands standby authentication (4-324) standby track (4-326) standby preempt This command configures the router to take over as the master virtual router for an HSRP group if it has higher priority than the current master virtual router. Use the no form to disable preemption. Syntax standby [group] preempt [delay seconds] no standby [group] preempt [delay] • group - Identifies the HSRP group.
4 Command Line Interface standby authentication This command specifies the key used to authenticate HSRP packets received from other routers. Use the no form to delete an authentication string. Syntax standby [group] authentication string no standby [group] authentication • group - Identifies the HSRP group. (Range: 0-255) • string - Authentication string.
Router Redundancy Commands 4 standby timers This command sets the time between the master and standby router sending hello packets, and the time before other routers declare the active master router or standby router down. Use the no form to restore the default timer values. Syntax standby [group] timers hellotime holdtime no standby [group] timers • group - Identifies the HSRP group. (Range: 0-255) • hellotime - Advertisement interval for the master and standby virtual router.
4 Command Line Interface standby track This command configures an interface so that the HSRP priority changes based on the availability of other IP interfaces on this router. Use the no form to disable tracking. Syntax standby [group] track vlan vlan-id [interface-priority] no standby [group] track vlan vlan-id • group - Identifies the HSRP group. (Range: 0-255) • vlan-id - VLAN configured with an IP address.
Router Redundancy Commands 4 show standby This command displays status information for HSRP. Syntax show standby [active | init | listen | standby] [brief] • • • • • active - Displays HSRP groups in the active state. init - Displays HSRP groups in the initial state. listen - Displays HSRP groups in the listen or learn state. standby - Displays HSRP groups in the standby or speak state. brief - Displays summary information for all HSRP groups on this router.
4 Command Line Interface Table 4-112 show standby - display description (Continued) Field Description priority Priority of this router. may preempt Router will attempt to take over as the master router if its priority is higher.
Router Redundancy Commands 4 show standby interface This command displays HSRP status information for the specified interface. Syntax show standby interface vlan vlan-id [group group] [active | init | listen | standby] [brief] • • • • • • • vlan-id - Identifier of configured VLAN interface. (Range: 1-4094) group - Identifies the HSRP group. (Range: 0-255) active - Displays HSRP groups in the active state. init - Displays HSRP groups in the initial state.
4 4-330 Command Line Interface
Appendix A: Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) DHCP Client, Relay, Server DNS Server Port Configuration 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex 1000BASE-SX/LX - 1000 Mbps at full duplex (SFP), 1000BASE-LH - 1000 Mbps at full duplex (SFP), 100BASE-FX - 100 Mbps at full duplex (SFP) Flow Control Full Duplex: IEEE 802.
A Software Specifications Multicast Filtering IGMP Snooping (Layer 2) IGMP (Layer 3) Multicast Routing DVMRP, PIM-DM IP Routing ARP, Proxy ARP Static routes RIP, RIPv2 and OSPFv2 dynamic routing VRRP (Virtual Router Redundancy Protocol) HSRP (Hot Standby Router Protocol) Additional Features BOOTP client CIDR (Classless Inter-Domain Routing) SNTP (Simple Network Time Protocol) SNMP (Simple Network Management Protocol) RMON (Remote Monitoring, groups 1,2,3,9) SMTP Email Alerts Management Features In-Band M
Management Information Bases A IEEE 802.3x Full-duplex flow control (ISO/IEC 8802-3) IEEE 802.3z Gigabit Ethernet, IEEE 802.3ab 1000BASE-T IEEE 802.3ac VLAN tagging IEEE 802.
A Software Specifications PIM MIB (RFC 2934) Port Access Entity MIB (IEEE 802.
Appendix B: Troubleshooting Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connect using Telnet, • Be sure the switch is powered up. web browser, or SNMP • Check network cabling between the management station and the switch. software • Check that you have a valid network connection to the switch and that the port you are using has not been disabled.
B Troubleshooting Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: 1. Enable logging. 2. Set the error messages reported to include all categories. 3. Designate the SNMP host that is to receive the error messages. 4. Repeat the sequence of commands or other actions that lead up to the error. 5.
Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol (ARP) ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
Glossary of automatic allocation of reusable network addresses and additional configuration options. Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification. EAPOL is implemented as part of the IEEE 802.1x Port Authentication standard.
Glossary IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value. IEEE 802.1s An IEEE standard for the Multiple Spanning Tree Protocol (MSTP) which provides independent spanning trees for VLAN groups. IEEE 802.
Glossary IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts. IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
Glossary Network Time Protocol (NTP) NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master-slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. Open Shortest Path First (OSPF) OSPF is a link-state routing protocol that functions better over a larger network such as the Internet, as opposed to distance-vector routing protocols such as RIP.
Glossary Remote Monitoring (RMON) RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard SNMP, and can set alarms on a variety of traffic conditions, including specific error types. Rapid Spanning Tree Protocol (RSTP) RSTP reduces the convergence time for network topology changes to about 10% of that required by the older IEEE 802.1D STP standard.
Glossary Terminal Access Controller Access Control System Plus (TACACS+) TACACS+ is a logon authentication protocol that uses software running on a central server to control access to TACACS-compliant devices on the network. Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol suite that includes TCP as the primary transport protocol, and IP as the network layer protocol. Trivial File Transfer Protocol (TFTP) A TCP/IP protocol commonly used for software downloads.
Glossary Glossary-8
Index Numerics D 802.
Index F firmware displaying version 3-12, 4-62 upgrading 3-20, 4-64 G GARP VLAN Registration Protocol See GVRP gateway, default 3-16, 3-196, 4-238 GVRP global setting 3-126, 4-203 interface configuration 3-132, 4-204 H hardware version, displaying 3-12, 4-62 Hot Standby Router Redundancy See HSRP HSRP 3-186, 4-320 authentication 3-189, 4-324 configuration settings 3-186, 4-320 interface tracking 3-189, 4-326 preemption 3-187, 3-188, 4-323 priority 3-187, 3-188, 4-322 timers 3-188, 4-325 virtual address 3
Index mirror port, configuring 3-95, 4-160 MSTP 4-171 global settings 3-117, 4-169 interface settings 3-115, 4-170 multicast filtering 3-152, 4-220 multicast groups 3-158, 3-163, 4-223 displaying 3-163, 4-223 static 3-158, 4-221, 4-223 multicast routing 3-249, 4-291 description 3-249 DVMRP 3-253, 4-295 enabling 3-249, 4-293 general commands 4-293 global settings 3-249, 4-293 PIM-DM 3-260, 4-304 routing table 3-250, 4-293 multicast services configuring 3-159, 4-221 displaying 3-158, 4-223 multicast, static r
Index specifying interfaces 3-216, 4-250 statistics 3-220, 4-258 router redundancy HSRP 3-186, 4-320 protocols 3-178, 4-311 VRRP 3-179, 4-311 routing table, displaying 3-212, 4-246, 4-247 RSTP 3-104, 4-171 global configuration 3-105, 4-171 S secure shell 3-50, 4-35 Secure Shell configuration 3-50, 4-38 serial port configuring 4-11 Simple Network Management Protocol See SNMP SNMP 3-35 community string 3-36, 4-115 enabling traps 3-37, 4-118 filtering IP addresses 4-125 trap manager 3-37, 4-117 software displ
Index egress mode 3-133, 4-192 interface configuration 3-132, 4-192–4-196 private 3-134, 4-198 protocol 3-135, 4-199 VRRP 3-179, 4-311 authentication 3-181, 4-313 configuration settings 3-179, 4-311 group statistics 3-185, 4-316 preemption 3-180, 3-181, 4-315 priority 3-180, 3-181, 4-313 protocol message statistics 3-184, 4-318 timers 3-181, 4-314 virtual address 3-179, 3-181, 4-312 W Web interface access requirements 3-1 configuration buttons 3-3 home page 3-2 menu list 3-4 panel display 3-3 Index-5
Index Index-6
ES4612 E092004-R01 150000046400A
