User’s Manual of WGSD-1022/WGSD-8000 User's Manual WGSD-1022 8-Port 10/100Mbps + 2-Port Gigabit TP/SFP Combo Managed Ethernet Switch WGSD-8000 8-Port 10/100/1000Mbps with 2 Shared SFP Managed Ethernet Switch -1–
User’s Manual of WGSD-1022/WGSD-8000 Trademarks Copyright © PLANET Technology Corp. 2007. Contents subject to which revision without prior notice. PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners.
User’s Manual of WGSD-1022/WGSD-8000 TABLE OF CONTENTS 1. INTRODUCTION ....................................................................................................................................................................14 How to Use This Manual......................................................................................................................................................14 Product Feature ..................................................................................
User’s Manual of WGSD-1022/WGSD-8000 4.4.4 VLAN to Ports......................................................................................................................................................47 4.4.5 GVRP ..................................................................................................................................................................49 4.5 Statistics ...............................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 4.10.2 Bridge Multicast ...............................................................................................................................................121 4.10.3 Bridge Multicast Forward All ............................................................................................................................123 4.11 SNMP..................................................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 5.3.10 username.........................................................................................................................................................168 5.3.11 show users accounts .......................................................................................................................................168 5.4 Address Table Commands .............................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 5.6.1 copy ...................................................................................................................................................................195 5.6.4 show startup-config............................................................................................................................................199 5.7 Ethernet Configuration Commands............................................................................................
User’s Manual of WGSD-1022/WGSD-8000 5.9.6 ip igmp snooping leave-time-out........................................................................................................................228 5.9.7 show ip igmp snooping mrouter.........................................................................................................................228 5.9.8 show ip igmp snooping interface ...................................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 5.15.3 channel-group..................................................................................................................................................252 5.15.4 show interfaces port-channel...........................................................................................................................253 5.16 Port Monitor Commands ...................................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 5.20.2 snmp-server contact ........................................................................................................................................289 5.20.3 snmp-server location .......................................................................................................................................290 5.20.4 snmp-server enable traps ............................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 5.23.6 hostname.........................................................................................................................................................321 5.23.7 show users ......................................................................................................................................................321 5.23.8 show sessions .............................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 5.27.4 interface vlan ...................................................................................................................................................346 5.27.5 interface range vlan .........................................................................................................................................346 5.27.6 name.........................................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 5.29.14 show dot1x statistics......................................................................................................................................374 5.29.15 dot1x auth-not-req .........................................................................................................................................375 5.29.17 dot1x multiple-hosts...............................................................................................................
User’s Manual of WGSD-1022/WGSD-8000 1. INTRODUCTION Thank you for purchasing PLANET Desktop Managed Switch- WGSD-1022 and WGSD-8000. If any of these are missing or damaged, please contact your dealer immediately, if possible, retain the carton including the original packing material, and use them against to repack the product in case there is a need to return it to us for repair.
User’s Manual of WGSD-1022/WGSD-8000 Product Feature ¾ Physical Port WGSD-1022 8-Port 10/100Base-TX RJ-45 2 10/100/1000Base-T RJ-45 2 SFP slots, shared with Port-9(g1) and Port-10(g2) Console interface for Switch basic management and setup WGSD-8000 8-Port 10/100/1000Base-T RJ-45 2 SFP slots, shared with Port-7 and Port-8 Console interface for Switch basic management and setup ¾ Layer 2 Features Complies with the IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.
User’s Manual of WGSD-1022/WGSD-8000 WEB-Based, Telnet, Console Command Line management SSH( Secure Shell), SSL Access through SNMPv1,v2c and v3 security set and get requests.
User’s Manual of WGSD-1022/WGSD-8000 Display each port’s speed duplex mode, link status, Flow control status. Port Status VLAN Auto negotiation status, trunk status. 802.1q Tagged Based VLAN ,up to 255 VLAN groups Supports 4 groups of 4-Port trunk support Link Aggregation IEEE 802.3ad LACP Traffic classification based on Port Number, 802.1p priority and DS/TOS field QoS IGMP Snooping in IP Packet Allow to be disabled or enable.
User’s Manual of WGSD-1022/WGSD-8000 2. INSTALLATION This section describes the functionalities of the Switch's components and guides how to install it on the desktop or shelf. Basic knowledge of networking is assumed. Please read this chapter completely before continuing. 2.1 Product Description The PLANET WGSD-Series are Full Managed Desktop Switches with gigabit interfaces equipped.
User’s Manual of WGSD-1022/WGSD-8000 38400, N, 8, 1 8-Port Gigabit / 2 Shared SFP Managed Ethernet Switch LNK/ACT 1000 mini-GBIC PWR 1 2 3 4 5 6 7 8 7 8 Figure 2-2 WGSD-8000 front panel. 2.1.3 LED Indications System LED Color PWR Green Function Lights to indicate that the Switch has power. Per 10/100Mbps port LED Color LNK/ACT Green 100 Orange Function Lights to indicate the link through that port is successfully established.
User’s Manual of WGSD-1022/WGSD-8000 2.0A Figure 2-4 WGSD-8000 rear panel Power Notice: 1. The device is a power-required device, it means, it will not work till it is powered. If your networks should active all the time, please consider using UPS (Uninterrupted Power Supply) for your device. It will prevent you from network data loss or network downtime. 2.
User’s Manual of WGSD-1022/WGSD-8000 2.2.2 Rack Mounting To install the switch in a 19-inch standard rack, please follows the instructions described below. Step1: Place the switch on a hard flat surface, with the front panel positioned towards the front side. Step2: Attach the rack-mount bracket to each side of the switch with supplied screws attached to the package. Figure 2-5 shows how to attach brackets to one side of the switch. Figure 2-5 Attach brackets to the switch.
User’s Manual of WGSD-1022/WGSD-8000 Step6: Proceeds with the steps 4 and steps 5 of session 2.2.1 Desktop Installation to connect the network cabling and supply power to the switch. 2.2.3 Installing the SFP transceiver The sections describe how to insert an SFP transceiver into an SFP slot. The SFP transceivers are hot-pluggable and hot-swappable. You can plug-in and out the transceiver to/from any SFP port without having to power down the Switch. As the Figure 2-7 appears.
User’s Manual of WGSD-1022/WGSD-8000 1. Attach the duplex LC connector on the network cable into the SFP transceiver. 2. Connect the other end of the cable to a device – switches with SFP installed, fiber NIC on a workstation or a Media Converter.. 3. Check the LNK/ACT LED of the SFP slot on the front of the Switch. Ensure that the SFP transceiver is operating correctly. 4. Check the Link mode of the SFP port if the link failed.
User’s Manual of WGSD-1022/WGSD-8000 3. CONFIGURATION This chapter explains the methods that you can use to configure management access to the switch. It describes the types of management applications and the communication and management protocols that deliver data between your management device (work-station or personal computer) and the system. It also contains information about port connection options.
User’s Manual of WGSD-1022/WGSD-8000 ‧Security can be compromised (hackers need only know the community name) Table 3-1 Management Methods Comparison 3.1.1 Administration Console The administration console is an internal, character-oriented, and command line user interface for performing system administration such as displaying statistics or changing option settings.
User’s Manual of WGSD-1022/WGSD-8000 3.2 Web Management The switch provides a browser interface that lets you configure and manage the switch remotely. After you set up your IP address for the switch, you can access the switch's Web interface applications directly in your Web browser by entering the IP address of the switch. You can then use your Web browser to list and manage switch configuration parameters from one central location, just as if you were directly connected to the switch's console port.
User’s Manual of WGSD-1022/WGSD-8000 3.4.3 Management Architecture All of the management application modules use the same Messaging Application Programming Interface (MAPI). By unifying management methods with a single MAPI, configuration parameters set using one method (console port, for example) are immediately displayable by the other management methods (for example, SNMP agent of Web browser). The management architecture of the switch adheres to the IEEE open standard.
User’s Manual of WGSD-1022/WGSD-8000 4. Web Configuration The WGSD-1022 can be configured through an Ethernet connection, make sure the manager PC must be set on same the IP subnet address with the switch. For example, if you have changed the default IP address of the Switch to 192.168.1.1 with subnet mask 255.255.255.0 via console, then the manager PC should be set at 192.168.1.x (where x is a number between 1 and 253) with subnet mask 255.255.255.0. Or you can use the factory default IP address 192.168.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-2 WGSD-Switch Web Login screen 3. After entering the username and password, the main screen appears as Figure 4-3. Figure 4-3 Web Main Screen of WGSD-Switch Now, you can use the Web management interface to continue the switch management or manage the switch by console interface. #Note: It is recommended to use Internet Explore 6.0 or above to access WGSD-Switch.
User’s Manual of WGSD-1022/WGSD-8000 4.1 Main Screen The Switch provides a Web-based browser interface for configuring and managing the Switch. This interface allows you to access the switch using the Web browser of your choice. This chapter describes how to use the switch’s Web browser interface to con-figure and manage the switch.
User’s Manual of WGSD-1022/WGSD-8000 Security QoS Spanning Tree Multicast SNMP Admin 4.2 Setup The Setup menus include the tree sub-menus: Summary Network Settings Time 4.2.1 Summary The summary screen provides Device and System Information about the Switch.
User’s Manual of WGSD-1022/WGSD-8000 • DNS Servers Display the current DNS Servers, no matter by manual setting or assigned by the DHCP server • Default Gateway Display the current default gateway setting • Address Mode Show the IP Address mode of the system – By Static or Dynamic (DHCP) • Base MAC Address The MAC address of the Switch displays here System Information • Serial Number The unique box serial number for this switch • Model Name The product name of this switch • Hardware Version
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-4 Network Setting screen The page includes the following fields: Identification: • System Name Type your system name • System Location Type where the Switch is located • System Contact Enter the administrative contact person • System Object ID Tthe system object identifier is in this field • Base MAC Address The MAC address of the Switch displays here IP Configuration: • Management VLAN Where you can select the Management VLAN.
User’s Manual of WGSD-1022/WGSD-8000 • Subnet Mask Enter the IP subnet mask for the interface. The factory default value is 255.255.255.0 • Deafault Gateway Enter the default gateway for the IP interface. The factory default value is 0.0.0.0 • DNS Server Enter the IP Address of the DNS Server. The Domain Name System (DNS) converts user-defined domain names into IP addresses. 4.2.
User’s Manual of WGSD-1022/WGSD-8000 • Hours / Minuntes / Defines the system time. The field format is HH:MM:SS, for example, 21:15:03. Seconds • Month / Day / Year Defines the system date. The field format is Day:Month:Year, for example, 04 May 2050. • Time Zone The difference between Greenwich Mean Time (GMT) and local time. For example, the Time Zone Offset for Paris is GMT +1, while the local time in Taipei is GTM +8.
User’s Manual of WGSD-1022/WGSD-8000 possible field range is 1-5. • Month -- The month of the year in which DST begins every year. The possible field range is Jan.-Dec. • Time -- The time at which DST begins every year. The field format is Hour:Minute, for example, 02:10. Defines the recurring time that DST ends each year. For example, DST ends locally every fourth Friday in October at 5:00 am. The possible field values are: • To • Day -- The day of the week at which DST ends every year.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-6 Port Settings screen The Port Settings screen contains the following fields: • Port Shows the port number.
User’s Manual of WGSD-1022/WGSD-8000 Mode • Type Shows the port type • LAG Shows whether the port is part of a LAG • PVE It bypasses the Forwarding Database and forwards all unicast, multicast, and broadcast traffic to an uplink when a port is a Private VLAN Edge (PVE) port, Uplinks can be ports or LAGs. • Detail It will open the port configuration detail screen Click the Detail button for more detail port configuration.
User’s Manual of WGSD-1022/WGSD-8000 • Description Where can be entered by clicking on the Detail button • Port Type This is the port type • Admin Status The port can be taken offline by selecting the Down option. When Up is selected, the port can be accessed normally.
User’s Manual of WGSD-1022/WGSD-8000 • Flow Control The Flow Control feature of the selected port can be enabled or disabled • Current Flow Control Displays whether Flow Control is enabled or disabled on the currently selected port • MDI/ MDIX • Auto - the port to automatically detect the cable type. • MDI - if the port is connected to an end station.
User’s Manual of WGSD-1022/WGSD-8000 • Type The port types that comprise the LAG.
User’s Manual of WGSD-1022/WGSD-8000 4.3.3 LACP Aggregated Links can be manually setup or automatically established on the relevant links by enabling Link Aggregation Control Protocol (LACP). Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed, set to full-duplex operation.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-9 LACP configuration screen The page contains the following fields: • LACP System Indicates the global LACP priority value. The possible range is 1- 65535 and the default value is 1. Priority • Port Set the port number which need to timeout and the priority values are assigned • LACP Port Priority Where set the LACP priority value for the port and the field range is 1-65535 • LACP Timeout Administrative LACP timeout.
User’s Manual of WGSD-1022/WGSD-8000 IEEE 802.1Q (tagged) VLAN are implemented on the Switch. 802.1Q VLAN require tagging, which enables them to span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant). VLAN allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN will only be forwarded to the stations (over IEEE 802.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-10 Create VLAN screen The page contains the following fields: Single VLAN • VLAN ID (2-4094) You can configure the ID number of the VLAN by this item. Up to 256 VLANs can be created. This field is used to add VLANs one at a time. If you want to add the defined VLAN ID number, you can press the Add button. • VLAN Name Where shows the user-defined VLAN name • VLAN Range Indicates a range of VLANs configured.
User’s Manual of WGSD-1022/WGSD-8000 • Port Displays the port number included in the VLAN • Mode Indicates the port mode. Possible values are: • General - The port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode). • Access - The port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port (packet type) cannot be designated. It is also not possible to enable/ disable ingress filtering on an access port.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-12 Ports to VLAN screen The page contains the following fields: • VLAN Where means the VLAN number • Access Indicates the port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port cannot be designated. Ingress filtering cannot be enabled/disabled on an access port.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-13 VLA N to Ports The page contains the following fields: • Port Displays the interface number • Mode By which indicates the port to VLAN mode. Possible field values are: • General - By which indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode). • Access - Indicates the port belongs to a single untagged VLAN.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-14 Join VLAN to Port screen 4.4.5 GVRP GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without having to individually configure each bridge and register VLAN membership.
User’s Manual of WGSD-1022/WGSD-8000 The page contains the following fields: • Enable GVRP Enables and disables GVRP on the device • Interface Displays the interface on which GVRP is enabled. Possible field values are: Port - indicates the port number on which GVRP is enabled. LAG - indicates the LAG number on which GVRP is enabled.
User’s Manual of WGSD-1022/WGSD-8000 4.5 Statistics The Statistic of the switch This field includes these parts as below: 4.5.1 RMON Statistic The RMON Statistics screen (refer to figure 4-16) contains fields for viewing information about device utilization and errors that occurred on the device. Figure 4-16 RMON Statistics screen The page contains the following fields: • Interface Indicates the device for which statistics are displayed.
User’s Manual of WGSD-1022/WGSD-8000 • Drop Events which displays the number of dropped events that have occurred on the interface since the device was last refreshed • Received Bytes Displays the number of octets received on the interface since the device was last refreshed.
User’s Manual of WGSD-1022/WGSD-8000 4.5.2 RMON History The RMON History contains information about samples of data taken from ports. For example, the samples may include interface definitions or polling periods. The RMON History Control screen is divided into RMON History and Log Table.
User’s Manual of WGSD-1022/WGSD-8000 • Owner Where displays the RMON station or user that requested the RMON information. The field range is 0-20 characters Use the Add to List button when you add the configured RMON sampling to the Log Table at the bottom of the screen 1. RMON History Table The RMON History screen (see figure 4-18) contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample.
User’s Manual of WGSD-1022/WGSD-8000 • Undersize Packets Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed • Oversize Packets Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed • Fragments Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received on the interface since the device was last
User’s Manual of WGSD-1022/WGSD-8000 • larm Entry Indicates a specific alarm • Source Interface Displays the interface for which RMON statistics are displayed. The possible field values are: • Port, displays the selected port of the RMON statistics. • LAG, displays the RMON statistics for the selected LAG. • Counter Name Displays the selected MIB variable • Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds.
User’s Manual of WGSD-1022/WGSD-8000 • Interval Defines the alarm interval time in seconds • Owner Dhere displays the device or user that defined the alarm Use the Add to List button when you add the RMON Alarms Table entry.
User’s Manual of WGSD-1022/WGSD-8000 4.5.4 RMON Events The RMON Events screen (see figure 4-20) contains fields for defining RMON events. Figure 4-20 RMON Event screen The page contains the following fields: Add Event: • Event Entry Displays the event • Community where displays the community to which the event belongs • Description Displays the user-defined event description • Type Describes the event type. Possible values are: • None, where indicates that no event occurred.
User’s Manual of WGSD-1022/WGSD-8000 • Time Where displays the time that the event occurred Press the RMON Event Log button to display the log store in the flash. Only the Event type is Log or Log and Trap, then the entries appear. The screen in Figure 4-21 appears.
User’s Manual of WGSD-1022/WGSD-8000 4.5.5 Port Utilization The Port Utilization screen (see figure 4-22) indicates the amount of resources each interface is currently consuming. Ports in green are functioning normally, while ports in red are currently transmitting an excessive amount of network traffic. Figure 4-22 Port Utilization screen The page includes the following fields: • Refresh Rate Indicates the amount of time that passes before the port utilization statistics are refreshed.
User’s Manual of WGSD-1022/WGSD-8000 4.5.6 802.1x Statistic The 802.1X Statistic screen (see figure 4-23) contains information about EAP packets received on a specific port. Figure 4-23 802.1x Statistics screen The page includes the following fields: • Port Indicates the port, which is polled for statistics • Refresh Rate Indicates the amount of time that passes before the EAP statistics are refreshed. The possible field values are: • No Refresh, indicates that the EAP statistics are not refreshed.
User’s Manual of WGSD-1022/WGSD-8000 4.5.7 GVRP Statistics The GVRP Statistics screen (see figure 4-24) contains device statistics for GVRP. The GVRP Statistics screen is divided into two areas, GVRP Statistics Table and GVRP Error Statistics Table. Figure 4-24 GVRP Statistics screen The following fields are relevant for both tables: • Interface Specifies the interface type for which the statistics are displayed • Port, indicates port statistics are displayed.
User’s Manual of WGSD-1022/WGSD-8000 • Leave Empty By which displays the device GVRP Leave Empty statistics • Join In By which displays the device GVRP Join In statistics • Leave In By which displays the device GVRP Leave in statistics • Leave All By which displays the device GVRP Leave all statistics The GVRP Error Statistics Table contains the following fields: • Invalid Protocol ID Where displays the device GVRP Invalid Protocol ID statistics • Invalid Attribute Where displays the device GVRP
User’s Manual of WGSD-1022/WGSD-8000 4.6 ACL An ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu the interfaces to which an ACL applies must be specified, as well as whether it applies to inbound or outbound traffic. Rules for the ACL are specified/created using the ACL Rule Configuration menu. 4.6.
User’s Manual of WGSD-1022/WGSD-8000 the network administrator, or a packet assigned rate limiting restrictions for forwarding. The options are as follows: • Permit, by which forwards packets which meet the ACL criteria. • Deny, which drops packets which meet the ACL criteria. • Shutdown, where drops packet that meets the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Port Management screen.
User’s Manual of WGSD-1022/WGSD-8000 • Fin, indicates request to close a session. • Source Port Defines the TCP/UDP source port to which the ACE is matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down menu. The possible field range is 0 - 65535 • Destination Port Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down menu.
User’s Manual of WGSD-1022/WGSD-8000 1. Any packets pass through the switch will be dropped – if the Destination IP Addresses match specific Class C. 2. Any packets pass through the switch will be forwarded – if the Destination IP Addresses not match specific Class C. ¾ Case Design: Action DENY Match IP Source IP Address Any Class C Destination IP Address 172.16.0.0 / 255.255.255.
User’s Manual of WGSD-1022/WGSD-8000 3. [DENY Rule]: Enter “172.16.0.0” in the “Destination IP Address” and “0.0.0.255” in the Wild Card Mask. 4. After click “Add to List" button, the entry would be show at the table. ■ Create Permit ACL and add to list 5. [Permit Rule]: Within the same ACL “Deny-IP Destination A”, choose “Action”—“Permit”. 6. [Permit Rule]: Keep the “Source IP Address” and “Wild Card Mask” be blanked. 7.
User’s Manual of WGSD-1022/WGSD-8000 ■ Binding the IP ACL to specify interface 10. Select “Security” \”ACL Binding” in the Menu bar. 11. Choose Port “g1” at the Interface. 12. Choose “IP Based ACL”, select ACL name with “Deny-Source A” – that we had been created at step-1. Click “Add to List" button, the entry would be show at the table.
User’s Manual of WGSD-1022/WGSD-8000 4.6.3 MAC Based ACL The MAC Based ACL screen (see figure 4-27) allows a MAC based ACL to be defined. ACLs can be added only if the ACL is not bound to an interface.
User’s Manual of WGSD-1022/WGSD-8000 • ACL Name Displays the user-defined MAC based ACLs • New ACL Name Specifies a new user-defined MAC based ACL name. • Delete ACL By which deletes the selected ACL • Action Indicates the ACL forwarding action. Possible field values are: • Permit, by which forwards packets which meet the ACL criteria. • Deny, drops packets which meet the ACL criteria. • Shutdown, where drops packet that meet the ACL criteria, and disables the port to which the packet was addressed.
User’s Manual of WGSD-1022/WGSD-8000 When the workstation with IP address 192.168.99.188 and MAC address 00-11-08-57-E0-1E ping to PC with IP address 192.168.99.57 and MAC address 00-30-4F-1D-9F-DE, use MAC based ACL function from ACL to deny or shutdown and permit the traffic transmit ability of notebook that connect to port 8 of WGSD-Switch.
User’s Manual of WGSD-1022/WGSD-8000 ■ Create Permit MAC ACL and add to list (To allow all other packets be forwarded) 9. [Permit Rule]: Within the same ACL “Deny-MAC A”, choose “Action”—“Permit”. 10. [Permit Rule]: Keep the “Source MAC Address” and “Wild Card Mask” be blanked. 11. [Permit Rule]: Keep the “Destination MAC Address” and “Wild Card Mask” be blanked. 12. After click “Add to List" button, the entry would be show at the table.
User’s Manual of WGSD-1022/WGSD-8000 Please press "Save Config" to save current setting. 13. ■ Binding the MAC ACL to specify interface 14. Select “Security” \”ACL Binding” in the Menu bar. 15. Choose Port “g2” from Interface item. 16. Choose “MAC Based ACL”, select ACL name with “Deny-MAC A” – that we had been created at step-1. Click “Add to List" button, the entry would be show at the table. 17. Please press "Save Config" to save current setting.
User’s Manual of WGSD-1022/WGSD-8000 4.7 Security This section is to control the security access of the switch, includes the user access and management control. The Security function contains links to the following topics: • ACL Binding • RADIUS • TACACS+ • 802.1x Settings • Port Security • Multiple Hosts • Storm Control 4.7.1 ACL Binding When an ACL is bound to an interface, all the ACE (Access Control Event) rules that have been defined are applied to the selected interface.
User’s Manual of WGSD-1022/WGSD-8000 Use the Add to List button to add the ACL Binding configuration to the ACL Binding Table at the bottom of the screen. 4.7.2 Radius Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for web access (see figure 4-28). Figure 4-28 RADIUS screen The Page contains the following fields: • IP Address The Authentication Server IP address.
User’s Manual of WGSD-1022/WGSD-8000 The possible field values are 1 - 30. Three is the default value. • Dead Time This defines the amount of time (minutes) that a RADIUS server is bypassed for service requests. The range is 0-2000. The Dead Time default is 0 minutes. • Key String This defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server. This key must match the RADIUS encryption.
User’s Manual of WGSD-1022/WGSD-8000 4.7.3 TACACS+ The device provides Terminal Access Controller Access Control System (TACACS+) client support. TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between the device and TACACS+ server.
User’s Manual of WGSD-1022/WGSD-8000 possible field values are: • Connected, there is currently a connection between the device and the TACACS+ server. • Not Connected, there is not currently a connection between the device and the TACACS+ server. • Single Connection Maintains a single open connection between the device and the TACACS+ server when selected the Add to List button to add the TACACS+ configuration to the TACACS+ table at the bottom of the screen.
User’s Manual of WGSD-1022/WGSD-8000 4.7.4 802.1x settings Understanding IEEE 802.1X Port-Based Authentication The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN. Until the client is authenticated, 802.
User’s Manual of WGSD-1022/WGSD-8000 The switch includes the RADIUS client, which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with the authentication server. When the switch receives EAPOL frames and relays them to the authentication server, the Ethernet header is stripped and the remaining EAP frame is re-encapsulated in the RADIUS format.
User’s Manual of WGSD-1022/WGSD-8000 Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets. When a client is successfully authenticated, the port transitions to the authorized state, allowing all traffic for the client to flow normally. If a client that does not support 802.
User’s Manual of WGSD-1022/WGSD-8000 state. ■ 802.1X Settings of WGSD-Switch Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Refer to figure 4-30. Figure 4-30 802.1x setting screen The Page contains the following fields: • Enable 802.
User’s Manual of WGSD-1022/WGSD-8000 On this screen, it includes port, re-authentication, resending EAP …. (Refer to figure 4-31) Figure 4-31 Setting Timer parameter screen The Page contains the following fields: • Quiet Period Specifies the number of seconds that the switch remains in the quiet state following a failed authentication exchange (Range: 0-65535).
User’s Manual of WGSD-1022/WGSD-8000 Unauthorized packets arriving at a locked port are either: Forwarded, Discarded with no trap, Discarded with a trap,Cause the port to be shut down. Figure 4-32 Port Security screen Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset. Disabled ports are activated from the Port Security page.
User’s Manual of WGSD-1022/WGSD-8000 • Action on Violation Where indicates the action to be applied to packets arriving on a locked port. The possible field values are: • Discard, which discards packets from any unlearned source. This is the default value. • Forward Normal, forwards packets from an unknown source without learning the MAC address. • Discard Disable, which discards packets from any unlearned source and shuts down the port.
User’s Manual of WGSD-1022/WGSD-8000 4.7.6 Multiple Hosts The Multiple Hosts screen (see figure 4-33) allows network managers to configure advanced port-based authentication settings for specific ports and VLANs. Figure 4-33 Multiple Hosts screen The Page contains the following fields: • Port Displays the port number for which advanced port-based authentication is enabled. • Enable Multiple When checked, indicates that multiple hosts are enabled.
User’s Manual of WGSD-1022/WGSD-8000 • Status Where indicates the host status. 4.7.7 Storm control A BroadcastStorm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses are heaped onto the network, straining network resources or causing the network to time out.
User’s Manual of WGSD-1022/WGSD-8000 4.8 QoS Network traffic is usually unpredictable, and the only basic assurance that can be offered is best effort traffic delivery. To overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is prioritized according to specified criteria, and that specific traffic receives preferential treatment. And Cos Settings, Queue settings, Dscp Settings, Bandwidth, Basic Mode, Advanced mode are provided. 4.8.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-35 CoS Settings screen The Page contains the following fields: • CoS Mode This indicates if QoS is enabled on the interface. The possible values are: • Disable, disables QoS on the interface. • Basic, enables QoS on the interface. • Advanced, enables the Advanced Mode QoS on the interface.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-36 Quere Setting screen The page contains the following fields: • Strict Priority This indicates that traffic scheduling for the selected queue is based strictly on the queue priority. • WRR This indicates that traffic scheduling for the selected queue is based strictly on the WRR. • Queue Shows the queue for which the queue settings are displayed. The possible field range is 1 - 4.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-37 DSCP Settings screen The DSCP Settings screen contains the following fields: • DSCP Indicates the Differentiated Services Code Point value in the incoming packet. • Queue Maps the DSCP value to the selected queue .,. 4.8.4 Bandwidth The Bandwidth screen (refer to figure 4-38) allows network managers to define the bandwidth settings for a specified egress interface. Modifying queue scheduling affects the queue settings globally.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-38 Bandwidth screen Queue shaping can be based per queue and/or per interface. Shaping is determined by the lower specified value. The queue shaping type is selected in the Bandwidth screen, include interface, port, LAG, Rate Limit, Ingress Rate Limit Status, Rate Limit…. The page contains the following fields: • Interface Indicates the interface for which the queue shaping information is displayed.
User’s Manual of WGSD-1022/WGSD-8000 4.8.5 Basic Mode The Basic Mode screen (see figure 4-39) contains the following fields: Figure 4-39 Basic Mode screen The page contains the following fields: • Trust Mode Displays the trust mode. If a packet’s CoS tag and DSCP tag are mapped to different queues, the Trust Mode determines the queue to which the packet is assigned. Possible values are: • CoS, which sets trust mode to CoS on the device and the CoS mapping determined the packet queue.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-40 Advance Mode screen MAC ACLs and IP ACLs can be grouped together in more complex structures, called policies. Policies can be applied to an interface. Policy ACLs are applied in the sequence they appear within the policy. Only a single policy can be attached to a port. In advanced QoS mode, ACLs can be applied directly to an interface in the Security -ACL Binding. However, a policy and ACL cannot be simultaneously applied to an interface.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-41 Out of Profile DSCP Assignments screen The page contains the following fields: • DSCP In This displays the DSCP In value. The value is form 0-63. • DSCP Out This displays the current DSCP out value.
User’s Manual of WGSD-1022/WGSD-8000 The page contains the following fields: • Policy Name defines a new Policy name • Add to List this button will add the policy to the Policy Name table • Select Policy which selects an existing Policy by name • New Policy Name which defines a new Policy name • Class Map where selects an existing Class Map by name - 97 –
User’s Manual of WGSD-1022/WGSD-8000 Class Map setting New Class Map, by which the New Class Map button opens the New Class Map screen (see figure 4-33) Figure 4-43 Class Map Settings screen The page contains the following fields: • Class Map Name defines a new Class Map name • Preferred ACL which indicates if packets are first matched to an IP based ACL or a MAC based ACL, the possible field values are: • IP Based ACLs, matches packets to IP based ACLs first, then matches packets to MAC based ACLs
User’s Manual of WGSD-1022/WGSD-8000 Aggregate Policer, where user-defined aggregate policers. The Aggregate Policer button opens the New Aggregate Policer screen. Aggregate Policer Setting New Aggregate Policer screen (see figure 4-44): Figure 4-44 Aggregate Policer Settings screen The page contains the following fields: • Aggregate Policer Where enter a name in this field. Name • Ingress Committed Information Rate This defines the CIR in bits per second.
User’s Manual of WGSD-1022/WGSD-8000 4.9. Spanning Tree ■ Theory of Spanning Tree Protocol The IEEE 802.1D Spanning Tree Protocol and IEEE 802.1W Rapid Spanning Tree Protocol allow for the blocking of links between switches that form loops within the network. When multiple links between switches are detected, a primary link is established. Duplicated links are blocked from use and become standby links. The protocol allows for the duplicate links to be used in the event of a failure of the primary link.
User’s Manual of WGSD-1022/WGSD-8000 It is to make the root port a fastest link. If all switches have STP enabled with default settings, the switch with the lowest MAC address in the network will become the root switch. By increasing the priority (lowering the priority number) of the best switch, STP can be forced to select the best switch as the root switch. When STP is enabled using the default parameters, the path between source and destination stations in a switched network might not be ideal.
User’s Manual of WGSD-1022/WGSD-8000 Switch Blocking Listening Disable Learning Forwarding STP Port State Transitions You can modify each port state by using management software. When you enable STP, every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up. If properly configured, each port stabilizes to the forwarding or blocking state.
User’s Manual of WGSD-1022/WGSD-8000 chance of a given switch being elected as the root bridge The length of time between broadcasts of Hello Time 2 seconds the hello message by the switch Measures the age of a received BPDU for a Maximum Age Timer 20 seconds port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer.
User’s Manual of WGSD-1022/WGSD-8000 #Note: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. Max. Age – The Max Age can be from 6 to 40 seconds. At the end of the Max Age, if a BPDU has still not been received from the Root Bridge, your Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge. If it turns out that your Switch has the lowest Bridge Identifier, it will become the Root Bridge.
User’s Manual of WGSD-1022/WGSD-8000 LAN 1 Portcast = 19 A Port 3 Bridge ID = 15 Port 1 Port 2 Portcast = 4 Portcast = 4 Portcast = 4 B Portcast = 4 C Port 1 Port 1 Bridge ID = 30 Port 2 Bridge ID = 20 Port 3 Port 2 Portcast = 19 Portcast = 19 Port 3 Portcast = 19 LAN 2 LAN 3 Before Applying the STA Rules In this example, only the default STP values are used.
User’s Manual of WGSD-1022/WGSD-8000 ■ Supported Spanning Tree Protocol of WGSD Series Switch Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
User’s Manual of WGSD-1022/WGSD-8000 • Root Path Cost Where the cost of the path from this bridge to the root. • Root Maximum Age This indicates the device Maximum Age Time. The Maximum Age Time indicates the amount of time in seconds a bridge waits before sending configuration (sec) messages. The default max age is 20 seconds. The range is 6 to 40 seconds. • Root Hello Time (sec) This indicates the device Hello Time.
User’s Manual of WGSD-1022/WGSD-8000 4.9.2 The Global STP The Global STP screen (see figure 4-46) contains parameters for enabling STP on the device. Global Setting Spanning Tree State, which indicates if STP is enabled on the device. Figure 4-46 Global STP screen The page contains the following fields: Global Setting • STP Operation Mode This indicates the STP mode by which STP is enabled on the device. The possible field values are: • Classic STP, where enables Classic STP on the device.
User’s Manual of WGSD-1022/WGSD-8000 Bridge Settings • Priority Specifies the bridge priority value. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the device with the lowest priority value becomes the Root Bridge. The port priority value is provided in increments of 4096. For example, 4096, 8192, 12288, etc. The range is 0 to 65535. The default value is 32768. • Hello Time This specifies the device Hello Time.
User’s Manual of WGSD-1022/WGSD-8000 • Interface Indicates the port or LAG on which STP is enabled • STP which indicates if STP is enabled on the port • Port Fast Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. STP convergence can take 30-60 seconds in large networks. • Port State Displays the current STP state of a port.
User’s Manual of WGSD-1022/WGSD-8000 • Forward Transitions This indicates the number of times the port has changed from the Blocking state to Forwarding state. STP Port status table Figure 4-48 STP Port status screen 4.9.4 RSTP Port settings While the classic spanning tree prevents Layer 2 forwarding loops in a general network topology, convergence can take between 30-60 seconds. This time may delay detecting possible loops, and propagating status topology changes.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-49 RSTP Port Settings screen The page contains the following fields: • Interface Where displays the port or LAG on which Rapid STP is enabled. • Role Where indicates the port role assigned by the STP algorithm in order to provide to STP paths. The possible field values are: • Root, where provides the lowest cost path to forward packets to root switch. • Designated, where indicates that the port or LAG via which the designated switch is attached to the LAN.
User’s Manual of WGSD-1022/WGSD-8000 Admin Status • Auto. Point-to-point links are automatically established by the device. • Enabled, enables the device to establish a point-to-point link. • Disabled, where disables point-to-point link. • Point-to-Point Oper Indicates the Point-to-Point operating state. To run a migration test, press Activate next to the Activate Protocol Migration Test field. The test sends Link Control Status Protocol (LCP) packets to test if a data link is enabled.
User’s Manual of WGSD-1022/WGSD-8000 • Revision Where defines unsigned 16-bit number that identifies the revision of the current MST configuration. The revision number is required as part of the MST configuration. The possible field range 0-65535. • Max Hops Which indicates the total number of hops that occur in a specific region before the BPDU is discarded. Once the BPDU is discarded, the port information is aged out. The possible field range is 1-40.
User’s Manual of WGSD-1022/WGSD-8000 Press the VLAN Instance Configuration button, a new window popup. Assgin selected VLAN to specify MST Instance at the VLAN Instatnce Configuration page. The screen in Figure 4-52 appears. Figure 4-52 MSTP VLAN Instance Configuration screen • Instance ID Included VLANs • Included VLAN Defines the VLAN group to which the interface is assigned. Where maps the selected VLAN to the selected instance. Each VLAN belongs to one instance.
User’s Manual of WGSD-1022/WGSD-8000 4.9.7 MSTP Interface Settings Network Administrators can assign MSTP Interface settings using the MSTP Interface Settings screen (see figure 4-53). Figure 4-53 MSTP Interfance Settings screen The MSTP Interface Settings screen contains the following fields: • Instance ID Lists the MSTP instances configured on the device. Possible field range is 0-15. • Interface Indicates the interface for which the MSTP settings are displayed.
User’s Manual of WGSD-1022/WGSD-8000 interface. • Backup, provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link. Backup ports also occur when a LAN has two or more connections connected to a shared segment. • Disabled, which indicates the port is not participating in the Spanning Tree. • Interface Priority Defines the interface priority for specified instance. The default value is 128.
User’s Manual of WGSD-1022/WGSD-8000 4.10 Multicast On this field, included IGMP Snooping, Bridge Multicast, Forward All… About the Internet Group Management Protocol (IGMP) Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers that they will become members of a multicast group. The Internet Group Management Protocol (IGMP) is used to communicate this information.
User’s Manual of WGSD-1022/WGSD-8000 on the network. The Time-to-Live (TTL) field of query messages is set to 1 so that the queries will not be forwarded to other sub networks. IGMP version 2 introduces some enhancements such as a method to elect a multicast queried for each LAN, an explicit leave message, and query messages that are specific to a given group.
User’s Manual of WGSD-1022/WGSD-8000 A message sent by a host to the querier to indicate that the host wants to be or is a Report Leave Group member of a given group indicated in the report message. A message sent by a host to the querier to indicate that the host has quit to be a member of a specific multicast group. 4.10.1 IGMP Snooping When IGMP Snooping (see figure 4-55) is enabled globally, all IGMP packets are forwarded to the CPU.
User’s Manual of WGSD-1022/WGSD-8000 • VLAN ID Specifies the VLAN ID. • IGMP Status Indicates if IGMP snooping is enabled on the VLAN. • Auto Learn Indicates if Auto Learn is enabled on the device. If Auto Learn is enabled, the device automatically learns where other Multicast groups are located. Enables or disables Auto Learn on the Ethernet device. • Host Timeout Indicates the amount of time host waits to receive a message before timing out. The default time is 260 seconds.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-56 Bridge Multicast screen The Page contains the following fields: Configure Multicast • Enable Bridge Multicast Filtering The check box allows to enable Bridge Multicast Filtering function. • VLAN ID This identifies a VLAN to be configured to a Multicast service. • Bridge Multicast Address Identifies the Multicast group MAC address/IP address. • Interface Displays Interface that can be added to a Multicast service.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-57 Bridge Multicast screen Example: Adding Bridge Multicast Addresses 1. Click the check box to enable the Bridge Multicast Filtering. 2. Define the VLAN ID and New Bridge Multicast Address fields. 3. Check a port to Static to join the port to the selected Multicast group. 4. Click “Add to List” button. 5. Click the “Save Config” to apply the sttings. The bridge Multicast address is assigned to the Multicast group, and the device is updated.
User’s Manual of WGSD-1022/WGSD-8000 Multicast router/switch. Once IGMP Snooping is enabled, Multicast packets are forwarded to the appropriate port or VLAN. Refer to figure 4-58. Figure 4-58 Multicast Bridge Forward All screen The Bridge Multicast Forward All Screen contains the following fields: • VLAN ID For which Multicast parameters are displayed. This identifies a VLAN to be configured to a Multicast service. • Interface Displays Interface that can be added to a Multicast service.
User’s Manual of WGSD-1022/WGSD-8000 4.11 SNMP Simple Network Management Protocol (SNMP) provides a method for managing network devices. Devices supporting SNMP run a local software (agent). The SNMP agents maintain a list of variables, which are used to manage the device. The variables are defined in the Management Information Base (MIB). The MIB contains the variables controlled by the agent.
User’s Manual of WGSD-1022/WGSD-8000 The default Engine ID is based on the device MAC address. Notification • SNMP Notifications which indicates if the device can send SNMP notifications • Authentication which indicates if SNMP Authentication failure notification is enabled on the device Notifications 4.11.2 Views SNMP Views provide access or block access to device features or feature aspects.
User’s Manual of WGSD-1022/WGSD-8000 • Select from List Select the Subtree from the list provided. • Insert Enables a Subtree not included in the Select from List field to be entered. • View Type This indicates if the defined OID branch will be included or excluded in the selected SNMP view. Use the button when you want to add the Views configuration to the Views Table at the bottom of the screen.
User’s Manual of WGSD-1022/WGSD-8000 4.11.3 Group Profile The Group Profile screen (see figure 4-61) provides information for creating SNMP groups and assigning SNMP access control privileges to SNMP groups. Groups allow network managers to assign access rights to specific device features, or features aspects. Figure 4-61 Group Profile screen The page contains the following fields: • Group Name • Security Model Displays the user-defined group to which access control rules are applied.
User’s Manual of WGSD-1022/WGSD-8000 • Write. The management access is read-write and changes can be made to the assigned SNMP view. • Notify. Sends traps for the assigned SNMP view. 4.11.4 Group Membership The Group Membership screen (see figure 4-62) provides information for assigning SNMP access control privileges to SNMP groups.
User’s Manual of WGSD-1022/WGSD-8000 • None, that no authentication method is used to authenticate the port. Method • MD5 Password, that port authentication is performed via HMAC-MD5-96 password authentication. • SHA Password, that port authentication is performed via HMAC-SHA-96 password authentication. • MD5 Key, that port authentication is performed via the HMAC-MD5 algorithm. • SHA Key, that port authentication is performed via HMAC-SHA-96 authentication. • Password Define the local user password.
User’s Manual of WGSD-1022/WGSD-8000 4.11.5 Communities The Communities screen contains three areas: • Communities • Basic Table • Advanced Table The screens in Figure 4-63 and 4-64 sppears Communities Figure 4-63 Communities configuration screen The page contains the following fields: • SNMP Management Defines the management station IP address for which the advanced SNMP community is defined. There are two definition options: Station • IP Address - Define the management station IP address.
User’s Manual of WGSD-1022/WGSD-8000 • Advanced Enables SNMP Advanced Mode for a selected community and contains the following fields: Group Name - defines advanced SNMP communities group names. Use the button when you want to add the Communities configuration to the respective Table at the bottom of the screen.
User’s Manual of WGSD-1022/WGSD-8000 management station to the device. • Group Name Displays advanced SNMP communities group name 4.11.6 Notification Filter The Notification Filter screen (see figure 4-65) permits filtering traps based on OIDs. Each OID is linked to a device feature or a feature aspect. The Notification Filter screen also allows network managers to filter notifications.
User’s Manual of WGSD-1022/WGSD-8000 • Filter Type Indicates if informs or traps are sent regarding the OID to the trap recipients. • Excluded Restricts sending OID traps or informs • Included Sends OID traps or informs. Use the button when you want to add the Notification Filter configuration to the Notification Filter Table at the bottom of the screen. 4.11.
User’s Manual of WGSD-1022/WGSD-8000 • SNMP V3 SNMP V1, which indicates SNMP Version 1 traps are sent. SNMP V2, which indicates SNMP Version 2 traps are sent. This enables SNMPv3 as the Notification Recipient. Either SNMPv1.2 or SNMP V3, enabled at any one time, but not both at the same time. If SNMP V3, which is enabled, the User Name and Security Level fields are enabled for configuration: • User Name - defines the user to whom SNMP notifications are sent.
User’s Manual of WGSD-1022/WGSD-8000 - 136 –
User’s Manual of WGSD-1022/WGSD-8000 4.12 Admin The Admin section provides information for devining system parameters including User account and file management, device software. Under Admin the folling topics are provided to devine and view the system informatin: User Authentication Static Address Dynamic Address Logging Port Mirroting Cable Test Storm Control Save Configuration Firmware Uograde Server Logs Memory Logs Flash Logs 4.12.
User’s Manual of WGSD-1022/WGSD-8000 • Local, authenticates the user at the device level. The device checks the user name and password for authentication. • RADIUS, where authenticates the user at the RADIUS server. • TACACS+, which authenticates the user at the TACACS+ server. • None, assigns none authentication method to the authentication profile. • User Name Displays the user name. • Password Specifies the new password. The password is not displayed.
User’s Manual of WGSD-1022/WGSD-8000 parameters refer. • LAG, to which the specific LAG number the forwarding database parameters refer. MAC Address, which displays the MAC address to which the entry refers. • VLAN ID Displays the VLAN ID number to which the entry refers. • VLAN Name Which displays the VLAN name to which the entry refers • Status Displays how the entry was created. The possible field values are: • Permanent, the MAC address is permanent.
User’s Manual of WGSD-1022/WGSD-8000 the Dynamic MAC Address table. The Dynamic MAC Address table contains address parameters by which packets are directly forwarded to the ports. The Dynamic Address Table can be sorted by interface, VLAN, and MAC Address.
User’s Manual of WGSD-1022/WGSD-8000 4.12.4 Logging The System Logs enable viewing device events in real time, and recording the events for later usage. System Logs record and manage events and report errors or informational messages (see figure 4-71). Figure 4-71 Loggin screen Event messages have a unique format, as per the SYSLOG protocols recommended message format for all error reporting.
User’s Manual of WGSD-1022/WGSD-8000 • Informational Provides device information. • Debug Provides detailed information about the log. If a Debug error occurs, contact Customer Tech Support.
User’s Manual of WGSD-1022/WGSD-8000 4.12.5 Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port. Port mirroring can be used as diagnostic tool and/or a debugging feature. Port mirroring also enables switch performance monitoring (refer to figure 4-72). Network administrators configure port mirroring by selecting a specific port to copy all packets, and different ports from which the packets are copied.
User’s Manual of WGSD-1022/WGSD-8000 Cable Length test. Figure 4-73 Cable Test screen The page contains the following fields: • Port This is the port to which the cable is connected. • Test Result • OK - indicates that the cable passed the test. • No Cable - means no cable connected to the port. • Open Cable -means the cable is connected on only one side. • Short Cable - indicates that a short has occurred in the cable.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-74 Save Configuration via TFTP The page contains the following fields: Via TFTP • Via TFTP Upgrade Select this option to upgrade the switch from a file located on a TFTP Server. • TFTP Server The TFTP Server IP Address that contains the source file to upgrade from. • Source File Specifies the name of the upgrade file on the TFTP Server. • Destination File Where specifies the name of the configuration file. The default is StartupCfg.
User’s Manual of WGSD-1022/WGSD-8000 • Backup This is used to backup the configuration to the local hard drive. • Source File Type in the name and path of the file or Browse to locate the upgrade file. Use the Proceed button to save configuration via TFTP or HHTP that be selected. 4.12.
User’s Manual of WGSD-1022/WGSD-8000 Via HTTP See figure 4-77 Figure 4-77 Firmware Upgrade via HTTP • Via HTTP Allows you to upgrade the firmware using your Web browser. • Source File Name Specifies the file to be downloaded Use the Proceed button to upgrade the firmware via TFTP or HHTP that be selected. 4.12.9 Reboot The Reboot screen (see figure 4-78) resets the device whose configuration is automatically saved before the device is rebooted.
User’s Manual of WGSD-1022/WGSD-8000 4.12.10 Factory Defaults The Factory Reset screen (see figure 4-79) allows network managers to reset the device to the factory defaults settings, but if you restore factory defaults results in erasing the configuration file. Although restoring the factory defaults will erase your configuration, you can save a backup of your current configuration settings from the Admin - Save Configuration screen.
User’s Manual of WGSD-1022/WGSD-8000 4.12.11 Server Logs The Global Log Parameters page contains fields for enabling logs globally, and fields for defining log parameters. The Severity log messages are listed from the highest severity to the lowest. Event messages have a unique format, as per the SYSLOG RFC recommended message format for all error reporting. For example, Syslog+ local device reporting.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-80 Server Logs screen There are five items, as below: • Server Specifies the server to which logs can be sent. • UDP Port (1-65535) Defines the UDP port to which the server logs are sent. The possible range is 1 to 65535. The default value is 514. Defines a user-defined application from which system logs are sent to the remote server. Only one facility can be assigned to a single server.
User’s Manual of WGSD-1022/WGSD-8000 Index which shows the log number, Log Time at which the log was generated, Severity which shows the log severity, and the description that shows log message text. Figure 4-81 Memory Logs screen The page contains the following fields: • Log Index The log number in the Log File Table. • Log Time Specifies the time at which the log was entered in the Log File Table. • Severity Specifies the log severity. • Description The log message text. 4.12.
User’s Manual of WGSD-1022/WGSD-8000 Figure 4-82 Flash Logs screen - 152 –
User’s Manual of WGSD-1022/WGSD-8000 5. COMMAND STRUCTURE The WGSD-Switch is a managed Ethernet Switch that can be controlled by the RS-232 console interface, telnet interface, and Web interface. This chapter describer how to configure the Switch through these interfaces. When you are ready to configure the smart functions of the Switch, make sure you had connected the supplied RS-232 serial cable to the RS-232 port at the front panel of your WGSW-24010 Switch and your PC. 5.
User’s Manual of WGSD-1022/WGSD-8000 The Command Line Interface (CLI) syntax, conventions and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. Introduction To assist in configuring devices, the CLI command-line interface is divided into different command modes. Each command mode has its own set of specific commands.
User’s Manual of WGSD-1022/WGSD-8000 To return from Privileged mode to User EXEC mode, use the following disable commands.
User’s Manual of WGSD-1022/WGSD-8000 Interface Configuration Mode and Specific Configuration Modes Interface Configuration commands are to modify specific interface operations. The following are the Interface Configuration modes: Line Interface—Contains commands to configure the management connections. These include commands such as line speed, timeout settings, etc. The Global Configuration mode command line is used to enter the line configuration command mode.
User’s Manual of WGSD-1022/WGSD-8000 Note: The following steps are for use on the console line only. To begin running CLI, perform the following: 1. Start the device and wait until the startup procedure is complete. 2. The User Exec mode is entered into, and the prompt "console>" is displayed. 3. Configure the device and enter the necessary commands to complete the required tasks. 4. When finished, exit the session with the quit or exit command.
User’s Manual of WGSD-1022/WGSD-8000 To assist in using the CLI, there is an assortment of editing features. The following features are described: Terminal Command Buffer Command Completion Keyboard Shortcuts Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands are stored in the buffer which is maintained on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued.
User’s Manual of WGSD-1022/WGSD-8000 (config) # interface ethernet %missing mandatory parameter (config) # interface ethernet e5 Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts. Keyboard Key Description Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.
User’s Manual of WGSD-1022/WGSD-8000 Italic font Indicates a parameter. Any individual key on the keyboard. For example click . Ctrl+F4 Any combination keys pressed simultaneously on the keyboard. Screen Indicates system messages and prompts appearing on the console. Display all When a parameter is required to define a range of ports or parameters and all is an option, the default for the command is all when no parameters are defined.
User’s Manual of WGSD-1022/WGSD-8000 none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. Uses username tacacs Uses the list of all TACACS servers for authentication. Uses username Default Configuration The local user database is checked. This has the same effect as the command aaa authentication login listname local. Note: On the console, login succeeds without any authentication check if the authentication method is not defined.
User’s Manual of WGSD-1022/WGSD-8000 method1 [method2...]—Specify at least one from the following table: Keyword Source or destination Enable Uses the enable password for authentication. Line Uses the line password for authentication None Uses no authentication Radius Uses the list of all radius servers for authentication. Uses username “$enabx$.” Where x is the privilege level Tacacs Uses the list of all TACACS+ servers for authentication. Uses username “$enabx$.
User’s Manual of WGSD-1022/WGSD-8000 5.3.3 login authentication The login authentication line configuration command specifies the login authentication method list for a remote telnet or console. To return to the default specified by the authentication login command, use the no form of this command. Syntax login authentication {default | list-name} no login authentication default — Uses the default list created with the authentication login command.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command. Example The following example specifies the default authentication method when accessing a higher privilege level from a remote Telnet or console. console (config) # line cnsole console (config-line) # enable authentication default 5.3.5 ip http authentication The ip http authentication global configuration mode command specifies authentication methods for http.
User’s Manual of WGSD-1022/WGSD-8000 Example The following example configures the http authentication. console (config) # ip http authentication radius local 5.3.6 ip https authentication The ip https authentication global configuration command specifies authentication methods for https servers. To return to the default, use the no form of this command. Syntax ip https authentication method1 [method2...] no ip https authentication method1 [method2...
User’s Manual of WGSD-1022/WGSD-8000 5.3.7 show authentication methods The authentication methods privilege EXEC command displays information about the authentication methods. Syntax show authentication methods Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the authentication configuration.
User’s Manual of WGSD-1022/WGSD-8000 password — Password for this level, from 1 to 159 characters in length. encrypted — Encrypted password to be entered, copied from another device configuration. Default Configuration This command has no default configuration. Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command. Example The following example specifies a password "abc" on a line. console (config-line) # password abc 5.3.
User’s Manual of WGSD-1022/WGSD-8000 5.3.10 username The username global configuration command establishes a username-based authentication system. To remove a user name use the no form of this command. Syntax username name [password password] [privilege level] [encrypted] no username name — The name of the user. password — The authentication password for the user, from 1 to 159 characters in length. level — The user level (Range: 1 -15).
User’s Manual of WGSD-1022/WGSD-8000 Example The following example displays the local users configured with access to the system. console (config)# show users accounts Username Privilege --------------- ------------- Bob 15 Robert 15 5.4 Address Table Commands 5.4.1 bridge address The bridge address VLAN interface configuration command adds a static MAC-layer station source address to the bridge table.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines There are no user guidelines for this command. Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port e8 to the bridge table. console (config)# interface vlan 2 console (config-vlan)# bridge address 3aa2.64b3.a245 ethernet e8 permanent 5.4.2 bridge multicast filtering The bridge multicast filtering global configuration command enables filtering of multicast addresses.
User’s Manual of WGSD-1022/WGSD-8000 bridge multicast address {mac-multicast-address | ip-multicast-address} [add | remove] {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast address {mac-multicast-address | ip-multicast-address} add — Adds ports to the group. If no option is specified, this is the default option. remove — Removes ports from the group. mac-multicast-address — MAC multicast address. ip- multicast-address — IP multicast address.
User’s Manual of WGSD-1022/WGSD-8000 no bridge multicast forbidden address {mac-multicast-address | ip-multicast-address} add — Adds ports to the group. remove — Removes ports from the group. mac-multicast-address — MAC multicast address. ip- multicast-address — IP multicast address. interface-list — Separate non consecutive valid Ethernet ports with a comma and no spaces; hyphen is used to designate a range of ports.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration Forward Command Modes Interface configuration (VLAN) mode User Guidelines If routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the routers ports. Examples This example enables forwarding unregistered multicast addresses within VLAN 8. console (config)# interface vlan 8 console (config-if)# bridge multicast forward-unregistered add ethernet 1- 9 5.4.
User’s Manual of WGSD-1022/WGSD-8000 Examples This example forbids port 1 to be a Forwarding-unregistered-multicast-addresses port within VLAN 8. console (config)# interface vlan 8 console (config-if)# bridge multicast forward-unregistered add ethernet 1 5.4.7 bridge multicast forward-all The bridge multicast forward-all interface configuration command enables forwarding of all multicast packets on a port. To restore the default, use the no form of the bridge multicast forward-all command.
User’s Manual of WGSD-1022/WGSD-8000 Syntax bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast forward-all add — Forbids forwarding all multicast packets. remove — Does not forbid forwarding all multicast packets. interface-list — Separates non consecutive valid Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. console (config)# bridge aging-time 250 5.4.10 clear bridge The clear bridge privileged EXEC command removes any learned entries from the forwarding database. Syntax clear bridge This command has no keywords or arguments. Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 forward — Forwards frames with unlearned source addresses, but does not learn the address. discard — Discards frames with unlearned source addresses. This is the default if no option is indicated. discard-shutdown — Discards frames with unlearned source addresses. The port is also shut down. trap Seconds — Sends SNMP traps and defines the minimal amount of time in seconds between two consecutive traps.
User’s Manual of WGSD-1022/WGSD-8000 Example In this example, the MAC-layer address 66:66:66:66:66:66 is added to port g1. console (config)# interface ethernet g1 console (config-if)# port security routed secure-address 66:66:66:66:66:66 5.4.13 show bridge address-table The show bridge address-table privileged EXEC command displays all entries in the bridge-forwarding database.
User’s Manual of WGSD-1022/WGSD-8000 5.4.14 show bridge address-table static The show bridge address-table static privileged EXEC command displays statically created entries in the bridge-forwarding database. Syntax show bridge address-table static [vlan vlan] [ethernet interface | port-channel port-channel-number] vlan — Specific valid VLAN, such as VLAN 1. interface — A valid Ethernet port. port-channel-number — A valid port-channel number.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example In this example, the number of addresses present in the VLANs are displayed.
User’s Manual of WGSD-1022/WGSD-8000 console # show bridge multicast address-table Vlan -----1 19 19 MAC Address -------------------0100.5e02.0203 0100.5e02.0208 0100.5e02.0208 Type -------static static dynamic Ports ---------e1, g2 e1-8 e9-11 Forbidden ports for multicast addresses: Vlan ------1 19 MAC Address -------------------0100.5e02.0203 0100.5e02.0208 Ports ---------e8 e8 console # show bridge multicast address-table format ip Vlan -------1 19 19 IP Address -----------------224-239.130|2.2.
User’s Manual of WGSD-1022/WGSD-8000 console # show bridge multicast filtering 1 Filtering: Enabled VLAN: 1 Forward-All Port Static Status --------- ------------ ----------- e1 Forbidden e2 Forward Forward(s) e3 - Forward(d) Filter 5.4.18 show ports security The show ports security privileged EXEC command displays the port-lock status. Syntax show ports security [ethernet interface | port-channel port-channel-number] interface — A valid Ethernet port.
User’s Manual of WGSD-1022/WGSD-8000 e5 Disabled Lock - 1 - - e6 Disabled Lock - 1 - - e7 Disabled Lock - 1 - - e8 Disabled Lock - 1 - - 5.5 Clock Commands 5.5.1 clock set The clock set privileged EXEC command manually sets the system clock. Syntax clock set hh:mm:ss day month year or clock set hh:mm:ss month day year hh:mm:ss — Current time in hours (military format), minutes, and seconds (0 - 23, mm: 0 - 59, ss: 0 - 59). day — Current day (by date) in the month (1 - 31).
User’s Manual of WGSD-1022/WGSD-8000 Syntax clock source {sntp} no clock source sntp — SNTP servers Default Configuration No external clock source Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example configures an external time source for the system clock. console# clock source sntp 5.5.3 clock timezone The clock timezone global configuration command sets the time zone for display purposes.
User’s Manual of WGSD-1022/WGSD-8000 console# (config)# clock timezone -6 zone CST 5.5.4 clock summer-time The clock summer-time global configuration command configures the system to automatically switch to summer time (daylight saving time),. To configure the software to not automatically switch to summer time, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 The end time is relative to summer time. If the starting month is chronologically after the ending month, the system assumes that you are in the southern hemisphere. USA rule for daylight saving time: Start: First Sunday in April End: Last Sunday in October Time: 2 am local time EU rule for daylight saving time: Start: Last Sunday in March End: Last Sunday in October Time: 1.
User’s Manual of WGSD-1022/WGSD-8000 cnsole(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate 5.5.6 sntp authenticate The sntp authenticate global configuration command grants authentication for received Network Time Protocol (NTP) traffic from servers,. To disable the feature, use the no form of this command. Syntax sntp authenticate no sntp authenticate This command has no arguments or keywords.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration Not trusted. Command Mode Global configuration mode User Guidelines The command is relevant for both unicast and broadcast. Examples The following example authenticates key 8. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 Console(config)# sntp authenticate 5.5.
User’s Manual of WGSD-1022/WGSD-8000 5.5.9 sntp broadcast client enable The sntp broadcast client enable global configuration command enables the Simple Network Time Protocol (SNTP) broadcast clients. To disable the SNTP broadcast clients, use the no form of this command. Syntax sntp broadcast client enable no sntp broadcast client enble This command has no arguments or keywords.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines Polling time is determined by the sntp client poll timer global configuration command. Use the sntp client enable interface configuration command to enable sntp client on specific interface. Examples The following example enables anycast clients. Console (config-if)# sntp anycast client enable 5.5.
User’s Manual of WGSD-1022/WGSD-8000 Syntax sntp unicast client enable no sntp unicast client enable This command has no arguments or keywords. Default Configuration Disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from servers. console (config)# sntp unicast client enable 5.5.
User’s Manual of WGSD-1022/WGSD-8000 Examples The following example enables polling for the Simple Network Time Protocol (SNTP) predefined unicast clients. console (config)# sntp unicast client poll 5.5.14 sntp server The sntp server global configuration command configures the device to use the Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from a server. To remove a server from the list of NTP servers, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 5.5.15 show clock The show clock user EXEC command displays the time and date from the system clock. Syntax show clock Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the time and date from the system clock. Console# show clock 15:29:03 Jun 17 2005 5.5.
User’s Manual of WGSD-1022/WGSD-8000 Examples Console# show sntp configuration Polling interval: 7200 seconds. MD5 Authentication keys: 8, 9 Authentication is required for synchronization. Trusted Keys: 8,9 Unicast Clients Polling: Enabled. Server Polling Encryption Key ----------- ----------- ---------------------- 176.1.1.8 Enabled 9 176.1.8.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines There are no user guidelines for this command. Examples The following example shows the status of the SNTP. Console# show sntp status Clock is synchronized, stratum 4, reference is 176.1.1.8 Reference time is AFE2525E.70597B34 (00:10:22.438 PDT Jul 5 1993) Unicast servers: Server ----------- Preference ----------------- Status Last response Offset Delay [mSec] [mSec] ----------- ------------ ----------- ---------------------AFE252C1.
User’s Manual of WGSD-1022/WGSD-8000 Keyword Source or destination running-config Represents the current running configuration file. startup-config Represents the startup configuration file. backup-config Represents the backup configuration file. Image The image is executable code which is decompressed during system startup, into the switching and routing software that manages the device. There are always two images stored in the device flash known as "image-1" and "image-2".
User’s Manual of WGSD-1022/WGSD-8000 File download from a TFTP server may take a long time, and therefore fail, if there are many Quality of Service elements (ACLs, policers, etc.) present. In this case, it is recommended to copy the TFTP file to the backup configuration file, and then copy the backup file to the running / startup configuration file. When using tftp to copy files, it is recommended to set the tftp server timeout to 10-20 second.
User’s Manual of WGSD-1022/WGSD-8000 "configuration file", with the loaded "configuration file" having precedence. Copying a Configuration File from a Server to the Startup Configuration Use the copy source-url startup-config command to copy a "configuration file" from a network server to the device "startup configuration". These commands replace the startup configuration file with the copied configuration file.
User’s Manual of WGSD-1022/WGSD-8000 !!!!! [OK] Copy took 0:0:23 [hh:mm:ss] 5.6.4 show startup-config The show startup-config privileged EXEC command displays the startup configuration file contents. Syntax show startup-config Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the contents of the startup-config file.
User’s Manual of WGSD-1022/WGSD-8000 - 200 –
User’s Manual of WGSD-1022/WGSD-8000 5.7 Ethernet Configuration Commands 5.7.1 interface ethernet The interface ethernet global configuration command enters the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface interface — Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces. Example The following example shows how ports e1 to e4 and ports g1 to g2 are grouped to receive the same command. Console(config)# interface range ethernet e1 – e4, g1 - g2 Console(config-if)# 5.7.
User’s Manual of WGSD-1022/WGSD-8000 5.7.4 description The description interface configuration command adds a description to an interface. To remove the description use the no form of this command. Syntax description string no description string—Comment or a description of the port up to 64 characters. Default Configuration By default, the interface does not have a description.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines The command "no speed" in port-channel context returns each port in the port-channel to its maximum capability. Before attempting to force a particular duplex mode the port operating at 10/100 Mbps, disable the auto-negotiation on that port. Example The following example configures the speed operation of Ethernet e5 to force 100-Mbps operation. Console(config)# interface ethernet e5 Console(config-if)# speed 100 5.7.
User’s Manual of WGSD-1022/WGSD-8000 5.7.7 negotiation The negotiation interface configuration command enables auto-negotiation operation for the speed and duplex parameters of a given interface. To disable negotiation, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration Flow Control is off. Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines Flow Control will operate only if duplex mode is set to FULL. Back Pressure will operate only if duplex mode is set to HALF. When Flow Control is ON, the head-of-line-blocking mechanism of this port is disabled. If a link is set to NOT use auto-negotiation, the other side of the link must also be configured to not use auto-negotiation.
User’s Manual of WGSD-1022/WGSD-8000 Example In the following example, automatic crossover is enabled on g2. Console(config)# interface ethernet g2 Console(config-if)# mdix auto 5.7.10 back-pressure The back-pressure interface configuration command enables Back Pressure on a given interface. To disable Back Pressure, use the no form of this command. Syntax back-pressure no back-pressure Default Configuration Back Pressure is disabled.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration Jumbo Frames are not enabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example In the following example, Jumbo Frames are enabled on the device. Console# port jumbo-frame 5.7.12 clear counters The clear counters user EXEC mode command clears statistics on an interface. Syntax clear counters [ethernet interface | port-channel port-channel-number] Interface — Valid Ethernet port.
User’s Manual of WGSD-1022/WGSD-8000 Syntax set interface active {ethernet interface | port-channel port-channel-number} interface — Valid Ethernet port. port-channel-number — Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Privilege EXEC mode User Guidelines There are no user guidelines for this command. Example The following example activates interface e5, which is disabled. console# set interface active ethernet e5 5.7.
User’s Manual of WGSD-1022/WGSD-8000 Port -------e1 e2 e3 e4 e5 e6 e7 e8 g1 g2 Type Duplex Speed Neg ---------------------------100M-Copper Full 100 Enabled 100M-Copper Full 100 Enabled 100M-Copper Full 100 Enabled 100M-Copper Full 100 Enabled 100M-Copper Full 100 Enabled 100M-Copper Full 100 Enabled 100M-Copper Full 100 Enabled 100M-Copper Full 100 Enabled 1G-Combo-C Full 1000 Enabled 1G-Combo-C Full 1000 Enabled Ch -------ch1 ch2 ch3 ch4 ch5 ch6 ch7 ch8 Type --------------- Speed Neg ----- --------En
User’s Manual of WGSD-1022/WGSD-8000 port-channel-number — A valid port-channel trunk index. oob-interface — Out of band Ethernet port number. Default Configuration This command has no default configuration. Command Mode Privilege EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the status for all configured interfaces.
User’s Manual of WGSD-1022/WGSD-8000 5.7.16 show interfaces description The show interfaces description user EXEC command displays the description for all configured interfaces. Syntax show interfaces description [ethernet interface | port-channel port-channel-number| out-of-band--eth oobinterface] Interface — Valid Ethernet port. port-channel-number — A valid port-channel trunk index. oob-interface — Out-of-band Ethernet port number.
User’s Manual of WGSD-1022/WGSD-8000 Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] interface — A valid Ethernet port. port-channel-number — A valid port-channel index. Default Configuration This command has no default configuration. Command Modes Privilege EXEC mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 The following example displays counters for port g1.
User’s Manual of WGSD-1022/WGSD-8000 OutBcastPkts Counted transmitted broadcast packets. FCS Errors Counted frames received that are an integral number of octets in length but do not pass the FCS check. Single Collision Frames Counted frames that are involved in a single collision, and are subsequently transmitted successfully. Late Collisions Counted times that a collision is detected later than one slotTime into the transmission of a packet.
User’s Manual of WGSD-1022/WGSD-8000 Jumbo frames will be enabled after reset 5.7.20 port storm-control broadcast enable The port storm-control broadcast enable interface configuration command enables broadcast storm control. To disable broadcast storm control, use the no form of this command. Syntax port storm-control broadcast enable no port storm-control broadcast enable Default Configuration Broadcast storm control is disabled.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration The default storm control broadcast rate is 12000. Command Mode Interface Configuration (Ethernet) User Guidelines Use the port storm-control broadcast enable interface configuration command to enable broadcast storm control. The rate is rounded to the nearest 64 kbytes/sec (except 1 - 63 kbytes/sec, which is rounded to 64 bytes/sec). Note that if the rate is 0, broadcast packets are not forwarded.
User’s Manual of WGSD-1022/WGSD-8000 e1 8000 e2 Disabled e3 Disabled 5.8 GVRP Commands 5.8.1 gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP, a single switch is manually configured with all desired VLANs for the network, and all other switches on the network learn these VLANs dynamically. The gvrp enable global configuration command enables GVRP globally.
User’s Manual of WGSD-1022/WGSD-8000 no gvrp enable Default Configuration GVRP is disabled on all interfaces by default. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines An access port would not dynamically join a VLAN because it is always a member in only one VLAN. Example The following example enables GVRP on ethernet g8. Console (config)# interface ethernet e8 Console (config-if)# gvrp enable 5.8.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines The following relationship for the various timer values must be maintained: Leave time must be greater than or equal to three times the join time. Leaveall time must be greater than the leave time. Set the same GARP timer values on all Layer 2-connected devices. If the GARP timers are set differently on Layer 2-connected devices, GARP application will not operate successfully.
User’s Manual of WGSD-1022/WGSD-8000 5.8.5 gvrp registration-forbid The gvrp registration-forbid interface configuration command de-registers all dynamic VLANs, and prevents dynamic VLAN registration on the port. To allow dynamic registering for VLANs on a port, use the no form of this command. Syntax gvrp registration-forbid no gvrp registration-forbid Default Configuration Dynamic registering and deregistering for each VLAN on the port is allowed.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines There are no user guidelines for this command. Example The following example clears all the GVRP statistics information on port e8. Console# clear gvrp statistics ethernet e8 5.8.8 show gvrp configuration The show gvrp configuration User EXEC command displays GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and which ports are running GVRP.
User’s Manual of WGSD-1022/WGSD-8000 5.8.9 show gvrp statistics The show gvrp statistics User EXEC command displays GVRP statistics. Syntax show gvrp statistics [ethernet interface | port-channel port-channel-number] interface — A valid Ethernet interface. port-channel-number — A valid trunk index. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 e7 0 0 0 0 0 0 0 0 0 0 0 0 e8 0 0 0 0 0 0 0 0 0 0 0 0 5.8.10 show gvrp error-statistics The show gvrp error-statistics user EXEC command displays GVRP error statistics. Syntax show gvrp error-statistics [ethernet interface | port-channel port-channel-number] interface — Valid Ethernet interface. port-channel-number — A valid port-channel trunk index. Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 e8 0 0 0 0 0 5.9 IGMP Snooping Commands 5.9.1 ip igmp snooping (Global) The ip igmp snooping global configuration command enables Internet Group Management Protocol (IGMP) snooping. To disable IGMP snooping use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Interface configuration (VLAN) mode User Guidelines IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping 5.9.3 ip igmp snooping mrouter The ip igmp snooping mrouter interface configuration command enables automatic learning of multicast router ports in the context of a specific VLAN.
User’s Manual of WGSD-1022/WGSD-8000 Syntax ip igmp snooping host-time-out time-out no ip igmp snooping host-time-out Default Configuration The default host-time-out is 260 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines The timeout should be at least greater than 2*query_interval+max_response_time of the IGMP router. Example The following example configures the host timeout to 300 seconds.
User’s Manual of WGSD-1022/WGSD-8000 Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping mrouter-time-out 200 5.9.6 ip igmp snooping leave-time-out The ip igmp snooping leave-time-out command configures the leave-time-out. If an IGMP report for a multicast group is not received within the leave-time-out period after an IGMP leave was received from a specific port, the current port is deleted from the member list of that multicast group.
User’s Manual of WGSD-1022/WGSD-8000 vlan_id — VLAN ID value. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows IGMP snooping mrouter information. Console # show ip igmp snooping mrouter VLAN Ports --------- ----------- 2 e1 5.9.8 show ip igmp snooping interface The show ip igmp snooping interface User EXEC command displays IGMP snooping configuration.
User’s Manual of WGSD-1022/WGSD-8000 IGMP Snooping is disabled on VLAN 1 IGMP host timeout is 260 sec IGMP Immediate leave is disabled. IGMP leave timeout is 60 sec IGMP mrouter timeout is 300 sec Automatic learning of multicast router ports is enabled 5.9.9 show ip igmp snooping groups The show ip igmp snooping groups user EXEC command displays the multicast groups learned by IGMP snooping. Syntax show ip igmp snooping groups [vlan vlan-id] [address ip-multicast-address] vlan_id — VLAN ID value.
User’s Manual of WGSD-1022/WGSD-8000 5.10 IP Addressing Commands 5.10.1 ip address The ip address interface configuration command sets an IP address. To remove an IP address, use the no form of this command. Syntax ip address ip-address {mask | prefix-length} no ip address [ip-address] ip-address — IP address mask — The IP address network mask. The IP address network mask 255.0.0.0 (prefix length 8) to 255.255.255.
User’s Manual of WGSD-1022/WGSD-8000 mode. Default Configuration This command has no default configuration. Command Mode Interface configuration (Ethernet, VLAN, port-channel, out-of-band Ethernet) User Guidelines The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. Some DHCP Servers require that the DHCPDISCOVER message have a specific host name.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration No default gateway is defined. Command Mode Interface configuration User Guidelines The setting of the default gateway on the out-of-band port must not precede the assignment of the IP address. Always assign the IP address to the out-of-band port first, and then set the default gateway. Example The following example defines an ip default gateway. Console(config)# ip default-gateway 192.168.1.1 5.10.
User’s Manual of WGSD-1022/WGSD-8000 5.10.5 arp The arp global configuration command adds a permanent entry in the Address Resolution Protocol (ARP) cache. To remove an entry from the ARP cache, use the no form of this command. Syntax arp ip_addr hw_addr {ethernet interface-number | vlan vlan-id | port-channel number | } no arp ip_addr hw_addr {ethernet interface-number | vlan vlan-id | port-channel number | } ip_addr — IP address or IP alias to map to the specified MAC address.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Global Configuration mode User Guidelines It Is recommended not to set the timeout value to less than 3600. Note: The ARP entry is deleted between the period of the "timeout value" and twice the "timeout value". For example, if the timeout value is 20 seconds, the ARP value is deleted during the period of 20 to 40 seconds. Example The following example configures ARP timeout to 12000 seconds. Console (config)# arp timeout 12000 5.10.
User’s Manual of WGSD-1022/WGSD-8000 Syntax show arp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays entries in the ARP table. Console# show arp ARP timeout: 60000 Seconds Interface IP address HW address ------------ ------------------------ ------------------ status -------- e1 10.7.1.102 00:10:B5:04:DB:4B Dynamic g2 10.7.1.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the system priority to 120. Console (config)# lacp system-priority 120 5.11.2 lacp port-priority The lacp port-priority interface configuration command configures the priority value for physical ports. To reset to default priority value, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 Syntax lacp timeout {long | short} no lacp timeout long — Specifies a long timeout value. Short — Specifies a short timeout value. Default Configuration The default port timeout value is long. Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example assigns an administrative LACP timeout for port e8 to a long timeout value.
User’s Manual of WGSD-1022/WGSD-8000 Port e1 LACP Statistics: LACP PDUs sent:2 LACP PDUs received:2 5.11.5 show lacp port-channel The show lacp port-channel privileged EXEC command displays LACP information for a port-channel. Syntax show lacp port-channel [port_channel_number] port_channel_number — The port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 5.12 Line Commands 5.12.1 line The line global configuration command identifies a specific line for configuration and enters the line configuration command mode. Syntax line {console | telnet | ssh} console — Console terminal line. telnet — Virtual terminal for remote console access (Telnet). ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines There are no user guidelines for this command, which is available only on the console line. Examples The following example the baud rate is set to 19200. Console (config)# line console Console(config-line)# speed 19200 5.12.3 exec-timeout The exec-timeout line configuration command sets the interval that the system waits until user input is detected. To restore the default setting, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 console — Console terminal line. telnet — Virtual terminal for remote console access (Telnet). ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the line configuration.
User’s Manual of WGSD-1022/WGSD-8000 configuration. Once in the access-list configuration mode, the denied or permitted access conditions are configured with the deny and permit commands. To remove an access list, use the no form of this command. Syntax management access-list name no management access-list name name — The access list name using up to 32 characters. Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 5.13.2 permit (management) The permit management access-list configuration command defines a permit rule. Syntax permit [ethernet interface-number | vlan vlan-id | port-channel number | out-of-band-eth oob-interface] [service service] permit ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number | out-of-band-eth oob-interface] [service service] ethernet interface-number — A valid Ethernet port number.
User’s Manual of WGSD-1022/WGSD-8000 deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number | out-of-band-eth oob-interface] ] [service service] ethernet interface-number — A valid Ethernet port number. vlan vlan-id — A valid VLAN number. port-channel number — A valid port-channel number. ip-address — Source IP address. (Range: Valid IP Address) mask mask — Specifies the network mask of the source IP address.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures an access-list called "mlist" as the management access-list. Console (config)# management access-class mlist 5.13.5 show management access-list The show management access-list privileged EXEC command displays management access-lists. Syntax show management access-list [name] name — Name of the access list.
User’s Manual of WGSD-1022/WGSD-8000 5.13.6 show management access-class The show management access-class privileged EXEC command displays the active management access-list. Syntax show management access-class Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the management access-list information.
User’s Manual of WGSD-1022/WGSD-8000 The maximum disatance VCT can function is 120 meters. Examples The following example results in a report on the cable attached to port e3. Console# test copper-port tdr e3 Cable is open at 100 meters The following example results in a failure to report on the cable attached to port e4. Console# test copper-port tdr e4 Can’t perform the test on fiber ports 5.14.
User’s Manual of WGSD-1022/WGSD-8000 5.14.3 show copper-ports cable-length The show copper-ports cable-length privileged EXEC command displays the estimated copper cable length attached to a port. Syntax show copper-ports cable-length [interface] interface — A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This feature works only on 1-Gbps ports.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines To test optical transceivers ensure a fiber link is present. Examples The following example displays the optical transceiver diagnostics.
User’s Manual of WGSD-1022/WGSD-8000 ------ -------- ------------ ------------ ----------- ---------- --------- e1 48 5.15 50 1.789 No e2 43 5.15 10 1.789 No e3 Copper Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current – Measured TX bias current. Output Power – Measured TX output power. Input Power – Measured RX received power.
User’s Manual of WGSD-1022/WGSD-8000 Example The following example enters the context of port-channel number 1. Console (config)# interface port-channel 1 5.15.2 interface range port-channel The interface range port-channel global configuration command enters the interface configuration mode to configure multiple port-channels. Syntax interface range port-channel {port-channel-range | all} port-channel-range — List of port-channels to configure.
User’s Manual of WGSD-1022/WGSD-8000 on — Forces the port to join a channel. auto — Allows the port to join a channel as a result of an LACP operation. Default Configuration The port is not assigned to any port-channel. Command Mode Interface Configuration (Ethernet) mode User Guidelines Turning off auto-negotiation on an aggregate link may, under some circumstances make it non operational.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines There are no user guidelines for this command. Example The following example shows how all port-channel information is displayed. Console (config)# show interfaces port-channel Channel Ports ------------ ----------------- ch1 Active: g2 ch2 Active: e3, e7 Inactive: g1 ch3 Active: e4, e8 5.16 Port Monitor Commands 5.16.1 port monitor The port monitor interface configuration command starts a port monitoring session.
User’s Manual of WGSD-1022/WGSD-8000 The port cannot be a member in a port-channel. An IP interface is not configured on the port. GVRP is not enabled on the port. The port is not a member in any VLAN, except for the default VLAN (will automatically be removed from the default VLAN). The following restrictions apply to ports configured to be source ports: Port monitoring Source Ports must be simple ports, and not port-channels. The port cannot be already configured as a destination port.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines There are no user guidelines for this command. Example The following example shows how the port copy status is displayed. Console#show ports monitor Source Port Destination Port ---------------- ----------------------- Type Status VLAN Tagging ------------ ----------- ------------------- 1/1 1/8 RX, TX Active No 1/2 1/8 RX, TX Active No 1/18 1/8 Rx Active No 5.17 QoS Commands 5.17.
User’s Manual of WGSD-1022/WGSD-8000 Use the no form of this command to disable the QoS features on the device. Syntax qos [advanced] no qos advanced — QoS advanced mode, which enables the full range of QoS configuration. Default Configuration By default QoS is enabled in basic mode. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. However, switching to Basic qos mode sets the trust mode to cos.
User’s Manual of WGSD-1022/WGSD-8000 5.17.3 wrr-queue cos-map The wrr-queue cos-map global configuration command maps assigned CoS values to select one of the egress queues. To return to the default values, use the no form of this command. Syntax wrr-queue cos-map queue-id cos1...cosn no wrr-queue cos-map [queue-id] queue-id — The queue number to which the following CoS values are mapped. cos1...cosn — Map to specific queues up to eight CoS values from 0 to 7.
User’s Manual of WGSD-1022/WGSD-8000 5.17.4 wrr-queue bandwidth The wrr-queue bandwidth interface configuration command assigns Weighted Round Robin (WRR) weights to egress queues. The weights ratio determines the frequency in which the packet scheduler dequeues packets from each queue. To return to the default values, use the no form of this command. Syntax wrr-queue bandwidth weight1 weight2 ... weight_n no wrr-queue bandwidth weight1...
User’s Manual of WGSD-1022/WGSD-8000 Queue 5—6/36 Queue 6—6/36 Queue 7—6/36 Queue 8—6/36 Console (config-if)# wrr-queue bandwidth 6 6 6 6 6 6 6 6 5.17.5 priority-queue out num-of-queues The priority-queue out num-of-queues global configuration command enables the egress queues to be expedite queues. Use the no form of this command to return to the default values.
User’s Manual of WGSD-1022/WGSD-8000 vlan vlan-id — VLAN number. port-channel number — Port-channel. buffers — Displays buffer setting for the interface queues. For gigabit Ethernet interfaces, the queue depth for each of the 8 queues and the thresholds for the WRED/Tail Drop are displayed. For 10/100 interfaces the minimum reserved settings are displayed. queuing — Displays the queue strategy (WRR or EF), the weight for WRR queues, the CoS to queue map and the EF priority.
User’s Manual of WGSD-1022/WGSD-8000 qid MinDP0 MaxDP0 ProbDP0 MinDP1 MaxDP1 ProbDP1 MinDP2 MaxDP2 ProbDP2 Weight 1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A 2 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A 3 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A 4 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A 5 50 60 13 65 80 6 85 95 4 2 6 50 60 13 65 80 6 85 95 4 2 7 50 60 13 65 80 6 85 95 4 2 8 50 60 13 65 80 6 85 95 4 2 The following
User’s Manual of WGSD-1022/WGSD-8000 The following example displays output from the show qos interface g1 policers command Console# show qos interface ethernet g1 policers Ethernet g1 Class map: A Policer type: aggregate Committed rate: 192000 bps Committed burst: 9600 bytes Exceed-action: policed-dscp-transmit Class map: B Policer type: single Committed rate: 192000 bps Committed burst: 9600 bytes Exceed-action: drop Class map: C Policer type: none Committed rate: N/A Committed burst: N/A Exceed-action: N
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Global Configuration mode User Guidelines Queue settings for 3, 11, 19, ... cannot be modified. Example The following example maps DSCP values 33, 40 and 41 to queue 1. Console (config)# qos map dscp-queue 33 40 41 to 1 5.17.8 qos trust (Global) The qos trust global configuration command can be used in basic mode to configure the system to "trust" state. To return to the default state, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 To return to the untrusted state, use the no qos command to apply best effort service. Example The following example configures the system in basic mode to DSCP trust state. Console (config)# qos trust dscp 5.17.9 qos trust (Interface) The qos trust interface configuration command enables each port trust state while the system is in basic mode. To disable the trust state on each port, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 Syntax qos cos default-cos no qos cos qos cos override default-cos — Specifies the default CoS value being assigned to the port. If the port is trusted and the packet is untagged then the default CoS value becomes the CoS value. (Range: 0 - 7) Default Configuration Port CoS is 0. Command Mode Interface Configuration (Ethernet, port-channel) command User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 Example The following example overrides the CoS of incoming packets. Console(config)# qos cos override 5.17.12 show qos map The show qos map user EXEC command displays all the QoS maps. Syntax show qos map [dscp-queue | policed-dscp | dscp-mutation] dscp-queue — Displays the DSCP to queue map. policed-dscp — Displays the DSCP to DSCP remark table. dscp-mutation — Displays the DSCP-DSCP mutation table.
User’s Manual of WGSD-1022/WGSD-8000 Policed-dscp map: d1 : d2 0 1 2 ---- 3 --- ---- 4 ---- 5 6 ---- ---- ---- 7 8 9 ---- ------- ---- ---- 0: 00 01 02 03 04 05 06 07 08 09 1: 10 11 12 13 14 15 16 17 18 19 2: 20 21 22 23 24 25 26 27 28 29 3: 30 31 32 33 34 35 36 37 38 39 4: 40 41 42 43 44 45 46 47 48 49 5: 50 51 52 53 54 55 56 57 58 59 6: 60 61 62 63 The following example displays the DSCP-dscp mutation map.
User’s Manual of WGSD-1022/WGSD-8000 ip-address — IP address of the RADIUS server host. An out-of-band IP address can be specified as described in the usage guidelines. timeout — Specifies the timeout value in seconds. If no timeout value is specified, the global value is used. (Range: 1 30) retransmit — Specifies the re-transmit value. If no re-transmit value is specified, the global value is used.
User’s Manual of WGSD-1022/WGSD-8000 5.18.2 radius-server key The radius-server key global configuration command sets the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon. To reset to the default, use the no form of this command. Syntax radius-server key [key-string] no radius-server key key-string — Specifies the authentication and encryption key for all RADIUS communications between the router and the RADIUS server.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines There are no user guidelines for this command. Example The following example configures the number of times the software searches the list of RADIUS server hosts to 5 attempts. Console (config)# radius-server retransmit 5 5.18.4 radius-server source-ip The radius-server source-ip global configuration command specifies the source IP address used for communication with RADIUS servers. To return to the default, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 timeout — Specifies the timeout value in seconds. (Range: 1 - 30) Default Configuration The default value is 3 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets the interval for which a router waits for a server host to reply to 5 seconds. Console (config)# radius-server timeout 5 5.18.
User’s Manual of WGSD-1022/WGSD-8000 Console (config)# radius-server deadtime 10 5.18.7 show radius-servers The show radius-servers user EXEC command displays the RADIUS server settings. Syntax show radius-servers Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the RADIUS server settings.
User’s Manual of WGSD-1022/WGSD-8000 5.19 RMON Commands 5.19.1 show rmon statistics The show rmon statistics user EXEC command displays RMON Ethernet Statistics. Syntax show rmon statistics {ethernet interface number | port-channel port-channel-number} interface number — Valid Ethernet port. port-channel-number — Valid port-channel trunk index. Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 times this condition has been detected. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The total number of packets (including bad packets, broadcast packets, and multicast packets) received. Broadcast The total number of good packets received and directed to the broadcast address. This does not include multicast packets.
User’s Manual of WGSD-1022/WGSD-8000 5.19.2 rmon collection history The rmon collection history interface configuration command enables a Remote Monitoring (RMON) MIB history statistics group on an interface. To remove a specified RMON history statistics group, use the no form of this command. Syntax rmon collection history index [owner ownername] [buckets bucket-number] [interval seconds] no rmon collection history index Index — The requested statistics index group.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays all RMON group statistics.
User’s Manual of WGSD-1022/WGSD-8000 period seconds — Specifies the requested period time to display. (Range: 1 - 4294967295) Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays RMON Ethernet Statistics history for "throughput" on index number 5.
User’s Manual of WGSD-1022/WGSD-8000 The following example displays RMON Ethernet Statistics history for "other" on index number 5.
User’s Manual of WGSD-1022/WGSD-8000 Fragments The total number of packets received during this sampling interval that were less than 64 octets in length (excluding framing bits but including FCS octets) had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error), or a bad FCS with a non-integral number of octets (AlignmentError).
User’s Manual of WGSD-1022/WGSD-8000 startup direction — The alarm that may be sent when this entry is first set to valid. If the first sample (after this entry becomes valid) is greater than or equal to the rthreshold, and direction is equal to rising or rising-falling, then a single rising alarm is generated. If the first sample (after this entry becomes valid) is less than or equal to the fthreshold, and direction is equal to falling or rising-falling, then a single falling alarm is generated.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the alarms summary table. Console# show rmon alarm-table Index OID Owner ------- --------------------------------------- ----------- 1 1.3.6.1.2.1.2.2.1.10.1 CLI 2 1.3.6.1.2.1.2.2.1.10.1 Manager 3 1.3.6.1.2.1.2.2.1.10.
User’s Manual of WGSD-1022/WGSD-8000 Example The following example displays RMON 1 alarms. Console# show rmon alarm 1 Alarm 1 ----------OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field Description OID Monitored variable OID.
User’s Manual of WGSD-1022/WGSD-8000 is generated. Rising Threshold A sampled statistic threshold. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval is less than this threshold, a single event is generated. Falling Threshold A sampled statistic threshold. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval is greater than this threshold, a single event is generated.
User’s Manual of WGSD-1022/WGSD-8000 Example The following example configures an event with the trap index of 10 Console (config)# rmon event 10 log . 5.19.9 show rmon events The show rmon events user EXEC command displays the RMON event table. Syntax show rmon events Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the RMON event table.
User’s Manual of WGSD-1022/WGSD-8000 values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event. In the case of trap, an SNMP trap is sent to one or more management stations. Community If an SNMP trap is to be sent, it is sent to the SNMP community specified by this octet string. Owner The entity that configured this event. Last time sent The time this entry last generated an event. If this entry has not generated any events, this value is zero. 5.19.
User’s Manual of WGSD-1022/WGSD-8000 1 1 2 Errors Errors High Broadcast Jan 18 2002 23:48:19 Jan 18 2002 23:58:17 Jan 18 2002 23:59:48 The following table describes the significant fields shown in the display: Field Description Event An index that uniquely identifies the event. Description A comment describing this event. Time The time this entry created. 5.19.11 rmon table-size The rmon table-size global configuration command configures the maximum RMON tables sizes.
User’s Manual of WGSD-1022/WGSD-8000 5.20 SNMP Commands 5.20.1 snmp-server community The snmp-server community global configuration command sets up the community access string to permit access to the SNMP protocol. To remove the specified community string, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration No community is defined. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example sets up the community access string "public" to permit administrative access to SNMP protocol, at an administrative station with the IP address 192.168.1.20. Console (config)# snmp-server community public su 192.168.1.
User’s Manual of WGSD-1022/WGSD-8000 Console (config)# snmp-server contact abc_Tecnical_Support 5.20.3 snmp-server location The snmp-server location global configuration command sets up information on where the device is located. To remove the location string use, the no form of this command. Syntax snmp-server location text no snmp-server location text — Character string, up to 160 characters, describing the system location. Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 Examples The following example displays the command to enable SNMP traps. Console (config)# snmp-server enable traps 5.20.5 snmp-server trap authentication The snmp-server trap authentication global configuration command enables the switch to send Simple Network Management Protocol traps when authentication fails. To disable SNMP authentication failed traps, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 community-string — Password-like community string sent with the notification operation. (R ange: 1 - 20 characters) 1 — SNMPv1 traps is used. 2 — SNMPv2 traps is used (Default). Default Configuration The default is SNMPv2. UDP Port - 162 timeout - 15 seconds retries - 3. Command Mode Global Configuration mode User Guidelines If a trap and inform are defined on the same target, and an inform was sent, the trap is not sent.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Global Configuration mode User Guidelines Although the CLI can set any required configuration, there might be a situation where a SNMP user sets a MIB variable that does not have an equivalent command. In order to generate configuration files that support those situations, the snmp-server set command is used. This command is context sensitive. Examples The following example sets the scalar MIB "sysName" to have the value "abc".
User’s Manual of WGSD-1022/WGSD-8000 Community-String ------------------------public private private Community-Access ---------------------------read only read write read write OOB management stations Community-String Community-Access ---------------------------------------------------private read write IP address -----------------All 172.16.1.1 172.17.1.1 IP address -----------------176.16.8.9 Traps are enabled. Authentication trap is enabled. Trap-Rec-Address 192.122.173.
User’s Manual of WGSD-1022/WGSD-8000 5.21 Spanning-Tree Commands 5.21.1 spanning-tree The spanning-tree global configuration command enables spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines There are no user guidelines for this command. Example The following example configures the spanning-tree protocol to RSTP. Console(config)# spanning-tree mode rstp 5.21.3 spanning-tree forward-time The spanning-tree forward-time global configuration command configures the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state.
User’s Manual of WGSD-1022/WGSD-8000 Syntax spanning-tree hello-time seconds no spanning-tree hello-time seconds — Time in seconds. (Range: 1 - 10) Default Configuration The default hello time for IEEE Spanning-Tree Protocol (STP) is 2 seconds. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree bridge hello time to 5 seconds. Console(config)# spanning-tree hello-time 5 5.21.
User’s Manual of WGSD-1022/WGSD-8000 Console(config)# spanning-tree max-age 10 5.21.6 spanning-tree priority The spanning-tree priority global configuration command configures the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command. Syntax spanning-tree priority priority no spanning-tree priority priority — Priority of the bridge.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration By default, all ports are enabled for spanning-tree. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example disables spanning-tree on e5. Console (config)# interface ethernet e5 Console (config-if)# spanning-tree disable 5.21.
User’s Manual of WGSD-1022/WGSD-8000 Console(config)# interface ethernet e5 Console(config-if)# spanning-tree cost 35000 5.21.9 spanning-tree port-priority The spanning-tree port-priority interface configuration command configures port priority. To reset the default port priority, use the no form of this command. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority — The port priority.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration PortFast mode is disabled. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines This feature should be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations. Example The following example enables PortFast on e5. Console(config)# interface ethernet e5 Console(config-if)# spanning-tree portfast 5.21.
User’s Manual of WGSD-1022/WGSD-8000 5.21.12 spanning-tree pathcost method The spanning-tree pathcost method command sets the default path cost method. To revert to the default setting, use the no form of this command. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method long — Specifies 1 through 200,000,000 range for port path costs. short — Specifies 1 through 200,000,000 range for port path costs.
User’s Manual of WGSD-1022/WGSD-8000 Command Modes Global Configuration mode User Guidelines The command is relevant when spanning-tree is disabled globally or on a single interface.. Example The following example defines BPDU packet flooding when spanning-tree is disabled on an interface. Console(config)# spanning-tree bpdu flooding 5.21.
User’s Manual of WGSD-1022/WGSD-8000 Syntax show spanning-tree [ ethernet interface | port-channel port-channel-number ] show spanning-tree [detail] [active | blockedports] interface — The full syntax is: unit/port. (Range: Valid Ethernet port) port-channel-number — Port channel index. (Range:Valid port channel) instance-id — ID associated with a spanning-tree instance.(Range: 1 - 15) detail — Display detailed information. active — Display active ports only.
User’s Manual of WGSD-1022/WGSD-8000 hello 2, max age 20, forward delay 15 Interface Port ID Name Prio. Nbr ------------- Cost -------------- Set --------- ------ Designated Port ID Cost Bridge ID Prio. Nbr ----------------------- --------------- g1 128.1 19 FWD 38 32768 0030.9441.62c1 128.25 g2 128.2 19 FWD 57 32769 0002.4b29.7a00 128.25 ch1 128.65 19 FWD 57 32769 0002.4b29.7a00 128.65 The following example displays spanning-tree information for port g1.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration The default value is 22. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example specifies the port to be used by the SSH server as 8080. Console (config)# ip ssh port 8080 5.22.2 ip ssh server The ip ssh server global configuration command enables the device to be configured from a SSH server. To disable this function, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 5.22.3 crypto key generate dsa The ip ssh server global configuration command generates DSA key pairs. Syntax crypto key generate dsa Default Configuration DSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. If the device already has DSA keys, a warning and prompt to replace the existing keys with new keys is displayed.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys is displayed. The maximum supported size for the RSA key is 2048 bits. This command is not saved in the startup configuration; however, the keys generated by this command are saved in the running configuration, which is never displayed to the user or backed up to another device.
User’s Manual of WGSD-1022/WGSD-8000 Syntax crypto key pubkey-chain ssh Default Configuration By default, there are no keys. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enters the SSH Public Key-chain configuration mode. Console(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# 5.22.
User’s Manual of WGSD-1022/WGSD-8000 Console(config-pubkey-chain)# user-key bob Console(config-pubkey-key)# key-string rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl 5.22.8 key-string The key-string SSH public key-string configuration command manually specifies a SSH public key. Syntax key-string text text — Authentication string that must be sentand received in the packets, using the routing protocol being authenticated.
User’s Manual of WGSD-1022/WGSD-8000 Rmt5nhhqdAtN/4oJfce166DqVX1gWmN zNR4DYDvSzg0lDnwCAC8Qh Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9 5.22.9 show ip ssh The show ip ssh privileged EXEC command displays the SSH server configuration. Syntax show ip ssh Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the SSH server configuration.
User’s Manual of WGSD-1022/WGSD-8000 Auth Code Authentication Code (HMAC-MD5, HMAC-SHA1) 5.22.10 show crypto key mypubkey The show crypto key mypubkey privileged EXEC command displays the SSH public keys on the device. Syntax show crypto key mypubkey [rsa | dsa] rsa—RSA key. dsa—DSA key. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 username — Specifies the remote SSH client username. bubble-babble — Fingerprints in Bubble Babble format. hex — Fingerprint in Hex format. If fingerprint is unspecified, it defaults to Hex format. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays all SSH public keys stored on the device.
User’s Manual of WGSD-1022/WGSD-8000 packet_size — Number of bytes in a packet. The actual packet size is eight bytes larger than the size specified because the switch adds header information.(Range: 57 - 1472 bytes) packet_count — Number of packets to send. If 0 is entered it pings until stopped. (Range: 1 - 65535 packets) time_out — Timeout in milliseconds to wait for each reply. (Range: 1 - 65535 milliseconds Default Configuration The default packet size is 56 bytes.
User’s Manual of WGSD-1022/WGSD-8000 Syntax traceroute ip-address |hostnme [size packet_size] [ttl max-ttl] [count packet_count] [timeout time_out] [source ip-address] [tos tos] ip-address — IP address of the destination host. An out-of-band IP address can be specified as described in the usage guidelines. (Range: 1 - 160 characters) hostname — Hostname of the destination host (Range: Valid IP Address) size packet_size — Number of bytes in a packet.
User’s Manual of WGSD-1022/WGSD-8000 Examples console> traceroute umaxp1.physics.lsa.umich.edu Type Esc to abort. Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64) 1 i2-gateway.stanford.edu (192.68.191.83) 0 msec 0 msec 0 msec 2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec 3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec 4 Abilene--QSV.POS.calren2.net (198.32.249.162) 1 msec 1 msec 1 msec 5 kscyng-snvang.abilene.ucaid.edu (198.32.8.
User’s Manual of WGSD-1022/WGSD-8000 5.23.3 telnet The telnet User EXEC command is used to log in to a host that supports Telnet. Syntax telnet ip-address | hostname [port] [keyword1......] ip-address — IP address of the destination host. An out-of-band IP address can be specified as described in the usage guidelines.
User’s Manual of WGSD-1022/WGSD-8000 Console> ‘Ctrl-shift-6’ ? [Special telnet escape help] Esc B sends telnet BREAK Esc C sends telnet IP Esc H sends telnet EC Esc O sends telnet AO Esc T sends telnet AYT Esc U sends telnet EL Several concurrent Telnet sessions can be opened and switched between them. To open a subsequent session, the current connection needs to be suspended, by pressing the escape sequence ‘Ctrl-Shift-6’ and ‘x’ to return to the system command prompt.
User’s Manual of WGSD-1022/WGSD-8000 ftp File Transfer Protocol 21 ftp-data FTP data connections 20 gopher Gopher 70 hostname NIC hostname server 101 ident Ident Protocol 113 irc Internet Relay Chat 194 klogin Kerberos login 543 kshell Kerberos shell 544 login Login 513 lpd Printer service 515 nntp Network News Transport Protocol 119 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 pim-auto-rp PIM Auto-RP 496 smtp Simple Mail Transport Protocol 2
User’s Manual of WGSD-1022/WGSD-8000 Syntax resume [connection] connection — The connection number. The default is the most recent connection Default Configuration There is no default configuration for this command. Command Mode EXEC mode User Guidelines There are no user guidelines for this command. Examples The following command switches to another open Telnet session. Console> resume 176.213.10.50 5.23.5 reload The reload privileged EXEC command reloads the operating system.
User’s Manual of WGSD-1022/WGSD-8000 5.23.6 hostname The hostname global configuration command specifies or modifies the device host name. To remove the existing host name, use the no form of the command. Syntax hostname name no hostname name — The device host name. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example specifies the device host name.
User’s Manual of WGSD-1022/WGSD-8000 Example The following example displays information about the active users. Console# show users Username Protocol Location ---------------- ------------ ------------ Bob Serial John SSH 172.16.0.1 Robert HTTP 172.16.0.8 5.23.8 show sessions The show sessions command in EXEC mode lists the open Telnet sessions. Syntax show sessions This command has no arguments or keywords. Default Configuration There is no default configuration for this command.
User’s Manual of WGSD-1022/WGSD-8000 Address IP address of the remote host. Port Telnet TCP port number Byte Number of unread bytes for the user to see on the connection. 5.23.9 show system The show system user EXEC command displays system information. Syntax show system Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the system information.
User’s Manual of WGSD-1022/WGSD-8000 15 59 20 68 25 77 30 86 35 95 40 104 5.23.10 show version The show version user EXEC command displays the system version information. Syntax show version Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes).
User’s Manual of WGSD-1022/WGSD-8000 Syntax logging on no logging on Default Configuration Logging is enabled. Command Mode Global Configuration mode User Guidelines The logging process controls the distribution of logging messages to the various destinations, such as the logging buffer, logging file, or syslog server. Logging on and off for these destinations can be individually configured using the logging buffered, logging file, and logging global configuration commands.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration As described in the field descriptions. Command Mode Global Configuration mode User Guidelines Multiple syslog servers can be used. If no specific severity level is specified, the global values apply to each server. To define a logging server on the out-of-band port, use the out-of-band IP address format —oob/ip-address.
User’s Manual of WGSD-1022/WGSD-8000 5.24.4 logging buffered The logging buffered global configuration command limits syslog messages displayed from an internal buffer based on severity. To cancel the buffer use, use the no form of this command. Syntax logging buffered level no logging buffered level — Limits the message logging to a specified level buffer: emergencies, alerts, critical, errors, warnings, notifications, informational, debugging.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example changes the number of syslog messages stored in the internal buffer to 300. Console (config)# logging buffered size 300 5.24.6 clear logging The clear logging privileged EXEC command clears messages from the internal logging buffer. Syntax clear logging Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 logging file level no logging file level — Limits the logging of messages to the buffer to a specified level: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging. Default Configuration The default severity level is errors. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 5.24.9 show logging The show logging privileged EXEC command displays the state of logging and the syslog messages stored in the internal buffer. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the state of logging and the syslog messages stored in the internal buffer.
User’s Manual of WGSD-1022/WGSD-8000 state to down 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet g2, changed state to down 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet e3, changed state to down 5.24.10 show logging file The show logging file privileged EXEC command displays the state of logging and the syslog messages stored in the logging file. Syntax show logging file Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 11-Aug-2002 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet g0, changed state to up 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet g0, changed state to down 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet g1, changed state to down 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet g2, c
User’s Manual of WGSD-1022/WGSD-8000 5.25 TACACS Commands 5.25.1 tacacs-server host The tacacs-server host command in global configuration mode specifies a TACACS+ host. To delete the specified name or address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key keystring] [source source] [priority priority] no tacacs-server host ip-address ip-address — Name or IP address of the host.
User’s Manual of WGSD-1022/WGSD-8000 Example The following example specifies a TACACS+ host. Console (config)# tacacs-server host 172.16.1.1 5.25.2 tacacs-server key The tacacs-server key command in global configuration mode sets the authentication encryption key used for all TACACS+ communications between the device and the TACACS+ daemon. To disable the key, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 timeout — Specifies the timeout value in seconds. (Range: 1 - 1000) Default Configuration 5 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example sets the timeout value as 300. Console (config)# tacacs-server timeout 300 5.25.
User’s Manual of WGSD-1022/WGSD-8000 5.25.5 show tacacs The show tacacs command in Privileged EXEC mode displays configuration and statistics for a TACACS+ server. Syntax show tacacs [ip-address] ip-address — Name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays configuration and statistic for a TACACS+server.
User’s Manual of WGSD-1022/WGSD-8000 --------------- ------------ 172.16.1.1 Connected Global 49 No 1 Global values -------------TimeOut: 3 Source IP: 172.16.8.1 OOB Source IP: 176.16.8.1 5.26 User Interface Commands 5.26.1 enable The enable user EXEC command enters the privileged EXEC mode. Syntax enable [privilege-level] privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15.
User’s Manual of WGSD-1022/WGSD-8000 5.26.2 disable The disable privileged EXEC command returns to User EXEC mode. Syntax disable [privilege-level] privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 1. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how to return to normal mode. Console# disable Console> 5.26.
User’s Manual of WGSD-1022/WGSD-8000 confirming the command entry method is displayed. Console# configure Console (config)# 5.26.4 login The login user EXEC command changes a login username. Syntax login Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how to enter privileged EXEC mode and login. Console> login User Name:admin Password:* * * * * Console# 5.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode All command modes User Guidelines There are no user guidelines for this command. Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode. Console(config-if)# exit Console(config)# exit Console# 5.26.6 exit(EXEC) The exit user EXEC command closes an active terminal session by logging off the device. Syntax exit Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode All Command modes User Guidelines There are no user guidelines for this command. Example The following example ends the current configuration session and returns to the previous command mode. Console (config)# end Console # 5.26.8 help The help command displays a brief description of the help system. Syntax help Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables the command history function for telnet. Console (config)# line telnet Console (config-line)# history 5.26.10 history size The history size line configuration command changes the command history buffer size for a particular line. To reset the command history buffer size to the default, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 Syntax show history Default Configuration This command has no default configuration. Command Mode User EXEC command mode User Guidelines The commands are listed from the first to the latest command. The buffer is kept unchanged when entering to configuration mode and returning back. Example The following example displays all the commands entered while in the current privileged EXEC mode. Console# show history show version show clock show history 5.26.
User’s Manual of WGSD-1022/WGSD-8000 Current privilege level is 15 5.27 VLAN Commands 5.27.1 vlan database The vlan database global configuration command enters the VLAN configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enters the VLAN database mode. Console (config)# vlan database Console (config-vlan)# 5.27.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration This command has no default configuration. Command Mode VLAN Database mode User Guidelines There are no user guidelines for this command. Example The following example VLAN number 1972 is created. Console (config)# vlan database Console (config-vlan)# vlan 1972 5.27.3 default-vlan disable The default-vlan disable VLAN configuration command disables the default VLAN functionality.
User’s Manual of WGSD-1022/WGSD-8000 5.27.4 interface vlan The interface vlan global configuration command enters the interface configuration (VLAN) mode. Syntax interface vlan vlan-id vlan-id — The ID of an existing VLAN (excluding GVRP dynamic VLANs). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the VLAN 1 IP address of 131.108.1.
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines Commands under the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces. Example The following example groups VLAN 221 until 228 and VLAN 889 to receive the same command. Console (config)# interface range vlan 221-228,889 Console (config-if)# 5.27.
User’s Manual of WGSD-1022/WGSD-8000 Syntax switchport mode {access | trunk | general} no switchport mode access — Port belongs to a single, untagged VLAN. trunk — Port belongs to 1..4063 VLANs, all tagged (except, optionally, for a single native VLAN). general — Port belongs to 1..4063 VLANs, and each VLAN is explicitly set by the user as tagged or untagged (full 802.1Q mode). Default Configuration All ports are in access mode, and belong to the default VLAN (whose VID=1).
User’s Manual of WGSD-1022/WGSD-8000 User Guidelines The command automatically removes the port from the previous VLAN, and adds it to the new VLAN. Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN interface number e8. Console (config)# interface ethernet e8 Console (config-if)# switchport access vlan 23 5.27.9 switchport trunk allowed vlan The switchport trunk allowed vlan interface configuration command adds or removes VLANs from a trunk port.
User’s Manual of WGSD-1022/WGSD-8000 5.27.10 switchport trunk native vlan The switchport trunk native vlan interface configuration command defines the port as a member of the specified VLAN, and the VLAN ID as the "port default VLAN ID (PVID)". To configure the default VLAN ID, use the no form of this command. Syntax switchport trunk native vlan vlan-id no switchport trunk native vlan vlan-id — Valid VLAN ID of the active VLAN.
User’s Manual of WGSD-1022/WGSD-8000 tagged — Sets the port to transmit tagged packets for the VLANs. If the port is added to a VLAN without specifying tagged or untagged the default is tagged. untagged — Sets the port to transmit untagged packets for the VLANs. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 Console (config)# interface ethernet e8 Console (config-if)# switchport general pvid 234 5.27.13 switchport general ingress-filtering disable The switchport general ingress-filtering disable interface configuration command disables port ingress filtering. To enable ingress filtering on a port, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration All frame types are accepted at ingress. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures e8 to discard untagged frames at ingress. Console (config)# interface ethernet e8 Console (config-if)# switchport general acceptable-frame-type tagged-only 5.27.
User’s Manual of WGSD-1022/WGSD-8000 Console (config)# interface ethernet e8 Console (config-if)# switchport forbidden vlan add 234-256 5.27.16 map protocol protocols-group The map protocol protocols-group VLAN database command adds a special protocol to a named group of protocols, which may be used for protocol-based VLAN assignment. To delete a protocol from a group, use the no form of this command.
User’s Manual of WGSD-1022/WGSD-8000 5.27.17 switchport general map protocols-group vlan The switchport general map protocols-group vlan interface configuration command sets a protocol-based classification rule. To delete a classification, use the no form of this command. Syntax switchport general map protocols-group group vlan vlan-id no switchport general map protocols-group group group — Group number as defined in the map protocol protocols-group command.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Interface configuration (Ethernet, port-channel) User Guidelines An internal usage VLAN is required when an IP interface is defined on Ethernet port or Port-channel. Using this command the user can define the internal usage VLAN of a port. If an internal-usage is not defined for a Port, and the user wants to define an IP interface, the software chooses one of the unused VLANs.
User’s Manual of WGSD-1022/WGSD-8000 Vlan ---- Name Ports ----------------- --------------------------e(1,4-8),g(1-2),ch(1-8) Type Authorization ----------- ------------------- other Required 1 1 2 VLAN_2 e2 permanent Required 3 VLAN_3 e3 permanent Required 5.27.20 show vlan internal usage The show vlan internal usage privileged EXEC command displays a list of VLANs being used internally by the switch.
User’s Manual of WGSD-1022/WGSD-8000 Syntax show interfaces switchport {ethernet interface | port-channel port-channel-number} interface — Specific interface, such as ethernet e8. port-channel-number — Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays switchport configuration individually for e1.
User’s Manual of WGSD-1022/WGSD-8000 219 372 5.28 Web Server Commands 5.28.1 ip http server The ip http server global configuration command enables the device to be configured from a browser. To disable this function use the no form of this command. Syntax ip http server no ip http server Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration This default port number is 80. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. However, specifying 0 as the port number will effectively disable HTTP access to the device. Example The following example shows how the http port number is configured to 100. Console (config)# ip http port 100 5.28.
User’s Manual of WGSD-1022/WGSD-8000 5.28.4 ip https port The ip https port global configuration command configures a TCP port for use by a secure web browser to configure the device. To use the default port, use the no form of this command. Syntax ip https port port-number no ip https port port-number — Port number for use by the HTTP server. (Range: 0 - 65535) Default Configuration This default port number is 443.
User’s Manual of WGSD-1022/WGSD-8000 in the private configuration, which is never displayed to the user or backed up to another device. Example The following example regenerates a HTTPS certificate. Console (enable)# crypto certificate generate key-generate 5.28.6 show ip http The show ip http privileged EXEC command displays the HTTP server configuration. Syntax show ip http Default Configuration This command has no default configuration.
User’s Manual of WGSD-1022/WGSD-8000 Command Mode Privileged EXEC command User Guidelines There are no user guidelines for this command. Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate was generated. 5.29 802.1x Commands 5.29.
User’s Manual of WGSD-1022/WGSD-8000 Examples The following example uses the aaa authentication dot1x default command with no authentication. Console (config)# aaa authentication dot1x default none 5.29.2 dot1x system-auth-control The dot1x system-auto-control command enables 802.1x globally. Use the no form of this command to disable 802.1x globally. dot1x system-auto-control no dot1x system-auto-control Syntax This command has no arguments or keywords.
User’s Manual of WGSD-1022/WGSD-8000 force-authorized — Disable 802.1X authentication on the interface and cause the port to transition to the authorized state without any authentication exchange required. The port resends and receives normal traffic without 802.1X-based authentication of the client. force-unauthorized — Deny all access through this interface by forcing the port to transition to the unauthorized state, ignoring all attempts by the client to authenticate.
User’s Manual of WGSD-1022/WGSD-8000 Examples The following example enables periodic re-authentication of the client. Console (config)# interface ethernet e8 Console (config-if)# dot1x re-authentication 5.29.5 dot1x timeout re-authperiod The dot1x timeout re-authperiod interface configuration command sets the number of seconds between reauthentication attempts. Use the no form of this command to return to the default setting.
User’s Manual of WGSD-1022/WGSD-8000 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following command manually initiates a re-authentication of the 802.1X-enabled port. Console (config)# dot1x re-authenticate ethernet e8 5.29.
User’s Manual of WGSD-1022/WGSD-8000 exchange, to 3600. Console (config)# interface ethernet e8 Console (config-if)# dot1x timeout quiet-period 3600 5.29.8 dot1x timeout tx-period The dot1x timeout tx-period interface configuration command sets the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP) - request/identity frame, from the client, before resending the request. Use the no form of this command to return to the default setting.
User’s Manual of WGSD-1022/WGSD-8000 Syntax dot1x max-req count no dot1x max-req count — Number of times that the switch sends an EAP - request/identity frame before restarting the authentication process. (Range: 1 - 10) Default Configuartion 2 Command Mode Interface configuration (Ethernet) mode User Guidelines There are no user guidelines for this command.
User’s Manual of WGSD-1022/WGSD-8000 specific behavioral problems with certain clients and authentication servers. Examples The following example sets the time for the retransmission of an EAP-request frame to the client, to 3600 seconds. Console (config)# dot1x timeout server-timeout 3600 5.29.11 dot1x timeout server-timeout The dot1x timeout server-timeout interface configuration command sets the time for the retransmission of packets to the authentication server.
User’s Manual of WGSD-1022/WGSD-8000 interface —The full syntax is: unit/port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays 802.1X status for the switch. console# show dot1x 802.
User’s Manual of WGSD-1022/WGSD-8000 State: held Quiet period: 60 Tx period: 30 Max req: 2 Login Time: n/a Last Authentication: n/a MAC Address: 0008.7832.9878 Authentication Method: Remote Termination Cause: Supplicant logoff The following table describes the significant fields shown in the display: Field Description Interface The interface number. Admin mode The admin mode of the port. Possible values are: Force-auth, Force-unauth, Auto Oper mode The oper mode of the port.
User’s Manual of WGSD-1022/WGSD-8000 Syntax show dot1x users [username username] username — Supplicant username Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays 802.1X users.
User’s Manual of WGSD-1022/WGSD-8000 5.29.14 show dot1x statistics The show dot1x statistics privileged EXEC command displays 802.1X statistics for the specified interface. Syntax show dot1x statistics ethernet interface interface — The full syntax is: unit/port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays 802.
User’s Manual of WGSD-1022/WGSD-8000 Authenticator. EapolStartFramesRx The number of EAPOL Start frames that have been received by this Authenticator. EapolLogoffFramesRx The number of EAPOL Logoff frames that have been received by this Authenticator. EapolRespIdFramesRx The number of EAP Resp/Id frames that have been received by this Authenticator. EapolRespFramesRx The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator.
User’s Manual of WGSD-1022/WGSD-8000 console config-if(Config-VLAN)# dot1x auth-not-req 5.29.17 dot1x multiple-hosts The dot1x multiple-hosts interface configuration command allows multiple hosts (clients) on an 802.1X-authorized port, that has the dot1x port-control interface configuration command set to auto. Use the no form of this command to return to the default setting. dot1x multiple-hosts no dot1x multiple-hosts This command has no arguments or keywords.
User’s Manual of WGSD-1022/WGSD-8000 discard — Discard frames with source addresses not the supplicant address. discard-shutdown — Discard frames with source addresses not the supplicant address. The port is also shutdown. trap seconds — Send SNMP traps, and specifies the minimum time between consecutive traps.(Range: 1- 1000000) Default Configuration Discard frames with source addresses not the supplicant address. No traps.
User’s Manual of WGSD-1022/WGSD-8000 Unauthenticated VLANs: 91, 92 Use user attributes from Authentication Server: Enabled User VLAN not created: Create Interface Multiple Hosts 1/1 Disabled 1/2 Enabled console# show dot1x advanced ethernet 1/1 Guest VLAN: 3978 Unauthenticated VLANs: 91, 92 Use user attributes from Authentication Server: Enabled User VLAN not created: Create Interface Multiple Hosts 1/1 Disabled 1/2 Enabled Single Host Violation: Discard Trap: Enabled Frequency: 100 Status: Au
User’s Manual of WGSD-1022/WGSD-8000 TROUBLE SHOOTING This chapter contains information to help you solve problems. If the Switch is not functioning properly, make sure the Ethernet Switch was set up according to instructions in this manual. The Link LED is not lit Solution: Check the cable connection and remove duplex mode of the Switch. Some stations cannot talk to other stations located on the other port Solution: Please check the VLAN, port trunking function that may introduce this kind of problem.
User’s Manual of WGSD-1022/WGSD-8000 APPENDEX A A.1 Switch's RJ-45 Pin Assignments When connecting your 10/100Mbps Ethernet Switch to another switch, a bridge or a hub, a straight or crossover cable is necessary. Each port of the Switch supports auto-MDI/MDI-X detection. That means you can directly connect the Switch to any Ethernet devices without making a crossover cable.
User’s Manual of WGSD-1022/WGSD-8000 The standard RJ-45 receptacle/connector There are 8 wires on a standard UTP/STP cable and each wire is color-coded.
User’s Manual of WGSD-1022/WGSD-8000 A.
