b_mgmt.
b_mgmt.
b_mgmt.book Page iii Tuesday, July 8, 2003 5:24 PM TigerSwitch 10/100/1000 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 July 2003 Pub.
b_mgmt.book Page iv Tuesday, July 8, 2003 5:24 PM Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright © 2003 by SMC Networks, Inc.
b_mgmt.book Page v Tuesday, July 8, 2003 5:24 PM LIMITED WARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller.
b_mgmt.book Page vi Tuesday, July 8, 2003 5:24 PM LIMITED WARRANTY FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
b_mgmt.book Page vii Tuesday, July 8, 2003 5:24 PM CONTENTS 1 Switch Management 1-1 Connecting to the Switch . . . . . . . . . . . . . Configuration Options . . . . . . . . . . Required Connections . . . . . . . . . . Remote Connections . . . . . . . . . . . . Basic Configuration . . . . . . . . . . . . . . . . . Console Connection . . . . . . . . . . . . Setting Passwords . . . . . . . . . . . . . . Setting an IP Address . . . . . . . . . . . Enabling SNMP Management Access Saving Configuration Settings .
b_mgmt.book Page viii Tuesday, July 8, 2003 5:24 PM CONTENTS Copying the Running Configuration to a File . . Displaying Bridge Extension Capabilities . . . . . Displaying Switch Hardware/Software Versions Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying Connection Status . . . . . . . . . . . . . . Configuring Interface Connections . . . . . . . . . . Setting Broadcast Storm Thresholds . . . . . . . . . Configuring Port Mirroring . . . . . . . . . . . . . . . .
b_mgmt.book Page ix Tuesday, July 8, 2003 5:24 PM CONTENTS Statically Configuring a Trunk . . . . . . . . . . . . Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . Setting Community Access Strings . . . . . . . . Specifying Trap Managers . . . . . . . . . . . . . . SNMP IP Filtering . . . . . . . . . . . . . . . . . . . . . Multicast Configuration . . . . . . . . . . . . . . . . . . . . . Configuring IGMP Parameters . . . . . . . . . . . . Interfaces Attached to a Multicast Router . . . .
b_mgmt.book Page x Tuesday, July 8, 2003 5:24 PM CONTENTS disable . . . . . . . . . . . . . . . . . configure . . . . . . . . . . . . . . . show history . . . . . . . . . . . . . reload . . . . . . . . . . . . . . . . . . end . . . . . . . . . . . . . . . . . . . . exit . . . . . . . . . . . . . . . . . . . . quit . . . . . . . . . . . . . . . . . . . . Flash/File Commands . . . . . . . . . . . copy . . . . . . . . . . . . . . . . . . . delete . . . . . . . . . . . . . . . . . . dir . . . . . . . . . . . .
b_mgmt.book Page xi Tuesday, July 8, 2003 5:24 PM CONTENTS show users . . . . . . . . . . . . . show version . . . . . . . . . . . Authentication Commands . . . . . . authentication login . . . . . . radius-server host . . . . . . . . radius-server port . . . . . . . . radius-server key . . . . . . . . radius-server retransmit . . . radius-server timeout . . . . . show radius-server . . . . . . . tacacs-server host . . . . . . . . tacacs-server port . . . . . . . . tacacs-server key . . . . . . . .
b_mgmt.book Page xii Tuesday, July 8, 2003 5:24 PM CONTENTS parity . . . . . . . . . . . . . . . . . . . . . . speed . . . . . . . . . . . . . . . . . . . . . . stopbits . . . . . . . . . . . . . . . . . . . . . show line . . . . . . . . . . . . . . . . . . . Interface Commands . . . . . . . . . . . . . . . . interface . . . . . . . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . . . speed-duplex . . . . . . . . . . . . . . . . negotiation . . . . . . . . . . . . . . . . . .
b_mgmt.book Page xiii Tuesday, July 8, 2003 5:24 PM CONTENTS spanning-tree protocol-migration . . . . . . . . . spanning-tree link-type . . . . . . . . . . . . . . . . . show spanning-tree . . . . . . . . . . . . . . . . . . . VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . vlan database . . . . . . . . . . . . . . . . . . . . . . . . vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . interface vlan . . . . . . . . . . . . . . . . . . . . . . . . switchport mode . . . . . .
b_mgmt.book Page xiv Tuesday, July 8, 2003 5:24 PM CONTENTS queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . show queue bandwidth . . . . . . . . . . . . . . . . . . show queue cos-map . . . . . . . . . . . . . . . . . . . map ip precedence (Global Configuration) . . . . map ip precedence (Interface Configuration) . . map ip dscp (Global Configuration) . . . . . . . . . map ip dscp (Interface Configuration) . . . . . . . show map ip precedence . . . . . . . . . . . . . . . . .
b_mgmt.book Page 1 Tuesday, July 8, 2003 5:24 PM CHAPTER 1 SWITCH MANAGEMENT Connecting to the Switch Configuration Options The TigerSwitch 10/100/1000 includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI). Note: The IP address for this switch is assigned via DHCP by default.
b_mgmt.book Page 2 Tuesday, July 8, 2003 5:24 PM SWITCH MANAGEMENT The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions: 1-2 • Set user names and passwords for up to 16 users • Set an IP interface for a management VLAN • Configure SNMP parameters • Enable/disable any port • Set the speed/duplex mode for any port • Configure up to 255 IEEE 802.
b_mgmt.book Page 3 Tuesday, July 8, 2003 5:24 PM CONNECTING TO THE SWITCH Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch.
b_mgmt.book Page 4 Tuesday, July 8, 2003 5:24 PM SWITCH MANAGEMENT Note: When using HyperTerminal with Microsoft® Windows® 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs. 4. Once you have set up the terminal correctly, the console login screen will be displayed.
b_mgmt.book Page 5 Tuesday, July 8, 2003 5:24 PM BASIC CONFIGURATION browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using network management software. Note: The onboard program only provides access to basic configuration functions. To access the full range of SNMP management functions, you must use SNMP-based network management software.
b_mgmt.book Page 6 Tuesday, July 8, 2003 5:24 PM SWITCH MANAGEMENT Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names using the “username” command, record them and put them in a safe place. Passwords can consist of up to eight alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows: 1.
b_mgmt.book Page 7 Tuesday, July 8, 2003 5:24 PM BASIC CONFIGURATION Setting an IP Address You must establish IP address information for the switch to obtain management access through the network. This can be done in either of the following ways: Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.
b_mgmt.book Page 8 Tuesday, July 8, 2003 5:24 PM SWITCH MANAGEMENT Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this network To assign an IP address to the switch, complete the following steps: 1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode.
b_mgmt.book Page 9 Tuesday, July 8, 2003 5:24 PM BASIC CONFIGURATION broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information. (BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.) If the “bootp” or “dhcp” option is saved to the startup-config file, then the switch will start broadcasting service requests as soon as it is powered on.
b_mgmt.book Page 10 Tuesday, July 8, 2003 5:24 PM SWITCH MANAGEMENT 6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press . Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart Console#show ip interface IP interface vlan IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1, and address mode: User specified.
b_mgmt.book Page 11 Tuesday, July 8, 2003 5:24 PM BASIC CONFIGURATION The default strings are: • public - with read-only access. Authorized management stations are only able to retrieve MIB objects. • private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects. Note: If you do not intend to utilize SNMP, it is recommended that you delete both of the default community strings.
b_mgmt.book Page 12 Tuesday, July 8, 2003 5:24 PM SWITCH MANAGEMENT Trap Receivers You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, complete the following steps: 1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host. Press . 2.
b_mgmt.book Page 13 Tuesday, July 8, 2003 5:24 PM MANAGING SYSTEM FILES 2. Enter the name of the start-up file. Press . Console#copy running-config startup-config Startup configuration file name []: startup Console# Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
b_mgmt.book Page 14 Tuesday, July 8, 2003 5:24 PM SWITCH MANAGEMENT Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows. In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded.
b_mgmt.
b_mgmt.
b_mgmt.
b_mgmt.
b_mgmt.book Page 1 Tuesday, July 8, 2003 5:24 PM CONFIGURING CHAPTER 2 THE SWITCH Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).
b_mgmt.book Page 2 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated. 2. If you log into the Web interface as guest (Normal Exec level), you can view page information but only change the guest password. If you log in as “admin” (Privileged Exec level), you can apply changes on all pages. 3.
b_mgmt.book Page 3 Tuesday, July 8, 2003 5:24 PM NAVIGATING THE WEB BROWSER INTERFACE Home Page When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics. Configuration Options Configurable parameters have a dialog box or a drop-down list.
b_mgmt.book Page 4 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH new setting. The following table summarizes the Web page configuration buttons. Button Action Revert Cancels specified values and restores current values prior to pressing “Apply” or “Apply Changes.” Refresh Immediately updates values for the current page. Apply Sets specified values to the system. Apply Changes Sets specified values to the system. Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer 5.
b_mgmt.book Page 5 Tuesday, July 8, 2003 5:24 PM MAIN MENU Main Menu Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.
b_mgmt.
b_mgmt.
b_mgmt.book Page 8 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Menu Description Page SNMP SNMP Configuration Configures community strings and related trap functions. 2-106 SNMP IP Filtering 2-110 Configures IP filtering for SNMP access.
b_mgmt.book Page 9 Tuesday, July 8, 2003 5:24 PM BASIC CONFIGURATION Command Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Administrator responsible for the system. • System Up Time – Length of time the management agent has been up. • MAC Address* – The physical layer address for the switch.
b_mgmt.book Page 10 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows you to access the Command Line Interface via Telnet.
b_mgmt.book Page 11 Tuesday, July 8, 2003 5:24 PM BASIC CONFIGURATION CLI – Specify the hostname, location and contact information. Console(config)#hostname Test Switch Console(config)#snmp-server location TPS - 3rd Floor Console(config)#snmp-server contact Chris Console#show system System description: SMC Networks SMC8612T System OID string: 1.3.6.1.4.1.1991.1.5.1.1.4.1.1 System information System Up time: 0 days, 2 hours, 4 minutes, and 7.
b_mgmt.book Page 12 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program. 2-12 • Management VLAN – This is the only VLAN through which you can gain management access to the switch.
b_mgmt.book Page 13 Tuesday, July 8, 2003 5:24 PM BASIC CONFIGURATION Manual Configuration Web – Click System, IP. Specify the management interface, IP address and default gateway, then click Apply. CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 Console(config-if)#ip address 10.2.13.30 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.
b_mgmt.book Page 14 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH If you lose your management connection, use a console connection and enter show ip interface to determine the new switch address. CLI – Specify the management interface, and set the IP Address Mode to DHCP or BOOTP. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#ip dhcp restart Console#show ip interface IP address and netmask: 10.1.0.54 255.255.255.
b_mgmt.book Page 15 Tuesday, July 8, 2003 5:24 PM SECURITY administrator password as soon as possible, and store it in a safe place. (If for some reason your password is lost, you can reload the factory deafults file to restore the default passwords as described in “Troubleshooting Chart” on page A-1.) The default guest name is “guest” with the password “guest.” The default administrator name is “admin” with the password “admin.” Note that user names can only be assigned via the CLI.
b_mgmt.book Page 16 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password. Console(config)#username bob access-level 15 Console(config)#username bob password 0 smith Console(config)# 3-30 Configuring RADIUS/TACACS+ Logon Authentication You can configure this switch to authenticate users logging into the system for management access using local, RADIUS, or TACACS+ authentication methods.
b_mgmt.book Page 17 Tuesday, July 8, 2003 5:24 PM SECURITY • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. • RADIUS and TACACS+ logon authentication control management access via the console port, Web browser, or Telnet.
b_mgmt.book Page 18 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Command Attributes • Authentication – Select the authentication, or authentication sequence required: - RADIUS – User authentication is performed using a RADIUS server only. - TACACS – User authentication is performed using a TACACS+ server only. - Local – User authentication is performed only locally by the switch.
b_mgmt.book Page 19 Tuesday, July 8, 2003 5:24 PM SECURITY TACACS+ Settings • Server IP Address – Address of the TACACS+ server. (Default: 10.1.0.1) • Server Port Number – Network (TCP) port of TACACS+ server used for authentication messages. (Range: 1-65535; Default: 1812) • Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
b_mgmt.book Page 20 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click System, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply.
b_mgmt.book Page 21 Tuesday, July 8, 2003 5:24 PM SECURITY CLI Commands CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius Console(config)#radius-server host 192.168.1.25 Console(config)#radius-server port 181 Console(config)#radius-server key green Console(config)#radius-server retransmit 5 Console(config)#radius-server timeout 10 Console#show radius-server Server IP address: 192.168.1.
b_mgmt.book Page 22 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH The following Web browsers and operating systems currently support HTTPS: Web Browser Operating System Internet Explorer 5.0 or later Windows 98, Windows NT (with service pack 6a), Windows 2000, Windows XP Netscape Navigator 4.76 or later Windows 98, Windows NT (with service pack 6a), Windows 2000, Windows XP, Solaris 2.
b_mgmt.book Page 23 Tuesday, July 8, 2003 5:24 PM SECURITY CLI Commands CLI – Enter the following commands to specify the secure port number and to enable HTTPS. Console(config)#ip http secure-server Console(config)#ip http secure-port 441 Console(config)# 3-35 3-36 Replacing the Default Secure-site Certificate When you log onto the Web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL) certificate appears for the switch.
b_mgmt.book Page 24 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Note: The switch must be reset for the new certificate to be activated. To reset the switch, type: Console#reload Configuring SSH The Secure Shell (SSH) server feature provides remote management access via encrypted paths between the switch and SSH-enabled management station clients. Note: There are two versions of the SSH protocol currently available, SSH v1.x and SSH v2.x. The switch supports only SSH v1.5.
b_mgmt.book Page 25 Tuesday, July 8, 2003 5:24 PM SECURITY Web – Click System, SSH Settings. Select Enabled for the SSH Server Status, specify the authentication timeout and number of retries, then click Apply. CLI Commands CLI – Enter the following commands to configure the SSH service.
b_mgmt.book Page 26 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Managing Firmware You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version. Command Attributes • TFTP Server IP Address – The IP address of a TFTP server. • Destination File Name — File names are case-sensitive.
b_mgmt.book Page 27 Tuesday, July 8, 2003 5:24 PM MANAGING FIRMWARE Web – Click System, Firmware. Enter the IP address of the TFTP server, enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click Transfer from Server. When you download a file using a different name from the current runtime code file, you need to select the new file name from the drop-down box for the operation code used at startup, and then click Apply Changes.
b_mgmt.book Page 28 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – Enter the IP address of the TFTP server, select config or opcode file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file TFTP server ip address: 10.1.0.99 Choose file type: 1. config: 2. opcode: <1-2>: 2 Source file name: v10.
b_mgmt.book Page 29 Tuesday, July 8, 2003 5:24 PM MANAGING FIRMWARE You can save the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg” can be copied to the TFTP server, but cannot be used as a destination file name on the switch. Web – Click System, Configuration.
b_mgmt.book Page 30 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – Enter the IP address of the TFTP server, specify the source file on the server, and set the startup file name on the switch. If you download the startup configuration file under a new file name, you can set this file as the startup file at a later time, and then restart the switch. Console#copy tftp startup-config TFTP server ip address: 192.168.1.19 Source configuration file name: startup2.
b_mgmt.book Page 31 Tuesday, July 8, 2003 5:24 PM MANAGING FIRMWARE CLI – If you copy the running configuration to a file, you can set this file as the startup file at a later time, and then restart the switch. Console#copy running-config file destination file name : 051902.cfg / Console# Console#config Console(config)#boot system config: 051902.
b_mgmt.book Page 32 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH 2-32 • Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration” on page 2-70.) • Local VLAN Capable – This switch does not support multiple local bridges (i.e., multiple Spanning Trees).
b_mgmt.book Page 33 Tuesday, July 8, 2003 5:24 PM MANAGING FIRMWARE Web – Click System, Bridge Extension. CLI – Enter the following command.
b_mgmt.book Page 34 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Displaying Switch Hardware/Software Versions Command Attributes Main Board • Serial Number – The serial number of the switch. • Service Tag* – Not implemented. • Number of Ports – Number of built-in RJ-45 ports • Hardware Version – Hardware version of the main board. • Internal Power Status – Displays the status of the internal power supply. • Redundant Power Status* – Displays the status of the redundant power supply.
b_mgmt.book Page 35 Tuesday, July 8, 2003 5:24 PM MANAGING FIRMWARE Web – Click System, Switch Information. CLI – Use the following command to display version information. Console#show version Unit1 Serial number Service tag Hardware version Number of ports Main power status Redundant power status Agent(master) Unit id Loader version Boot rom version Operation code version Console# 3-54 :A217056372 :[NONE] :R0C :12 :up :not present :1 :1.0.0.0 :1.0.0.0 :2.0.0.
b_mgmt.book Page 36 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/ duplex mode, flow control, and auto-negotiation. Command Attributes 2-36 • Name – Interface label. • Type – Indicates the of port type (1000Base-TX or 1000Base-SFP). • Admin Status – Shows if the interface is enabled or disabled.
b_mgmt.book Page 37 Tuesday, July 8, 2003 5:24 PM PORT CONFIGURATION Web – Click Port, Port Information or Trunk Information. Modify the required interface settings, and click Apply. CLI – This example shows the connection status for Port 13.
b_mgmt.book Page 38 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Configuring Interface Connections You can use the Trunk Configuration or Port Configuration page to enable/disable an interface, manually fix the speed and duplex mode, set flow control, set auto-negotiation, and set the interface capabilities to advertise. Command Attributes • Name – Allows you to label an interface. (Range: 1-64 characters) • Admin – Allows you to manually disable an interface.
b_mgmt.book Page 39 Tuesday, July 8, 2003 5:24 PM PORT CONFIGURATION - Sym (Gigabit only) – Check this item to transmit and receive pause frames, or clear it to auto-negotiate the sender and receiver for asymmetric pause frames.(The current switch chip only supports symmetric pause frames.) - FC - Supports flow control. Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill.
b_mgmt.book Page 40 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 Console(config-if)#shutdown . Console(config-if)#no shutdown Console(config-if)#no negotiation Console(config-if)#speed-duplex 100half Console(config-if)#flowcontrol .
b_mgmt.book Page 41 Tuesday, July 8, 2003 5:24 PM PORT CONFIGURATION Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt. You can protect your network from broadcast storms by setting a threshold for broadcast traffic for each port.
b_mgmt.book Page 42 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click Port, Port Broadcast Control. Set the threshold for all ports, and then click Apply. CLI – Specify the required interface, and then enter the threshold. The following sets broadcast suppression at 128 packets per second on port 1.
b_mgmt.book Page 43 Tuesday, July 8, 2003 5:24 PM PORT CONFIGURATION Command Usage • The mirror port and monitor port speeds must match, otherwise traffic may be dropped from the monitor port. • The switch supports only one port mirror session. Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the target port, then click Add.
b_mgmt.book Page 44 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – Use the interface command to select the target port, then use the port monitor command to specify the source port. Note that default mirroring under the CLI is for both received and transmitted packets.
b_mgmt.book Page 45 Tuesday, July 8, 2003 5:24 PM PORT CONFIGURATION • It can be configured as an LACP trunk port, but the switch does not allow the LACP trunk to be enabled. Note: A port that is already configured as an LACP or static trunk port cannot be enabled as a secure port. Port Security Action The switch allows you to set the security action to be taken when a port intrusion is detected. This setting applies to all ports on the switch.
b_mgmt.book Page 46 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Port Security Configuration On the Port/Port Security Status page, you can enable/disable security for any switch port. For each port number listed in the “Port” column, you can configure the following parameter: • Security Status — Enables or disables port security on the port. (Default: disabled) Note: If a port is disabled due to a security violation, it must be manually re-enabled from the Port/Port Configuration page.
b_mgmt.book Page 47 Tuesday, July 8, 2003 5:24 PM ADDRESS TABLE SETTINGS Address Table Settings Switches store the addresses for all known devices. This information is used to route traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port. Setting Static Addresses A static address can be assigned to a specific interface on this switch.
b_mgmt.book Page 48 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click Address able, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.
b_mgmt.book Page 49 Tuesday, July 8, 2003 5:24 PM ADDRESS TABLE SETTINGS Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address is forwarded directly to the associated port. Otherwise, the traffic is flooded to all ports.
b_mgmt.book Page 50 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., Interface, MAC Address, or VLAN), the method of sorting the displayed addresses, then click Query. For example, the following screen shows the dynamic addresses for port 5. CLI – This example displays the address table entries for port 11.
b_mgmt.book Page 51 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Usage The range for the aging time is 17 - 2184 seconds. (The default is 300 seconds.) Web – Click Address Table, Address Aging. Specify the new aging time, then click Apply. CLI – This example sets the aging time to 400 seconds.
b_mgmt.book Page 52 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH The Spanning Tree Protocols supported by the switch include the following standards: • STP – Spanning Tree Protocol (IEEE 802.1D). • RSTP – Rapid Spanning Tree Protocol (IEEE 802.1w). STP uses a distributed algorithm to select a bridging device (STP-compliant switch, bridge or router) that serves as the root of the spanning tree network.
b_mgmt.book Page 53 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION STP Information The Spanning Tree, STP Information page contains information on the current status of the Spanning Tree. Command Attributes • Spanning Tree State — Indicates if the Spanning Tree Protocol is currently enabled on the switch. • Bridge ID — Identifies a unique identifier for the switch in the Spanning Tree. The ID is calculated using the defined Spanning Tree priority of the switch and its MAC address.
b_mgmt.book Page 54 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • Designated Root — Identifies the priority and MAC address of the device in the Spanning Tree that the switch has accepted as the root device. - Root Port — Specifies the port number on the switch that is closest to the root. The switch communicates with the root device through this port. If there is no root port, the switch has been accepted as the root device of the Spanning Tree network.
b_mgmt.book Page 55 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION • Root Hold Time* – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. • Configuration Changes — Specifies the number of times the Spanning Tree has been reconfigured. • Last Topology Change — Identifies the time since the Spanning Tree was last reconfigured. * CLI only.
b_mgmt.book Page 56 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – This example shows the current Spanning Tree settings. Console#show spanning-tree 3-128 Spanning-tree information --------------------------------------------------------------Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.) :20 Root Forward Delay (sec.
b_mgmt.book Page 57 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION STP Configuration Global settings apply to the entire switch. Command Usage RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: • STP Mode – If the switch receives an 802.1D BPDU (i.e.
b_mgmt.book Page 58 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • Priority — Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STP root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
b_mgmt.book Page 59 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION • Forward Delay — The maximum time (in seconds) the switch will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
b_mgmt.book Page 60 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click Spanning Tree, STP Configuration. Modify the required attributes, then click Apply. CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes.
b_mgmt.book Page 61 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION STP Port and Trunk Information The Spanning Tree, STP Port Information and Spanning Tree, STP Trunk Information display the current status of ports and trunks in the Spanning Tree. Command Attributes • STP Status — Displays current state of this port within the Spanning Tree: - Discarding — Port receives STP configuration messages, but does not forward packets.
b_mgmt.book Page 62 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • Designated Bridge — The priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree. • Designated Port — The priority and number of the port on the designated bridging device through which this switch must communicate with the root of the Spanning Tree. • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface.
b_mgmt.book Page 63 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION These additional parameters are only displayed for the CLI: • Admin status – Shows if STA has been enabled on this interface. • Path Cost – This parameter is used by the STA to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.
b_mgmt.book Page 64 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
b_mgmt.book Page 65 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION CLI – This example displys the current Spanning Tree status of a port. Console#show spanning-tree ethernet 1/5 3-128 Eth 1/ 5 information -------------------------------------------------------------Admin status : enable Role : designate State : forwarding Path cost : 100000 Priority : 128 Designated cost : 0 Designated port : 128.5 Designated root : 32768.000011112222 Designated bridge : 32768.
b_mgmt.book Page 66 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Command Attributes • STP State — Displays current state of this port within the Spanning Tree: - Discarding — Port receives STP configuration messages, but does not forward packets. - Learning — Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information. Port address table is cleared, and the port begins learning addresses.
b_mgmt.book Page 67 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION • Path Cost — This parameter is used by the STP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.
b_mgmt.book Page 68 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH 2-68 • Admin Edge Port — You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the Spanning Tree forwarding state.
b_mgmt.book Page 69 Tuesday, July 8, 2003 5:24 PM SPANNING TREE PROTOCOL CONFIGURATION Web – Click Spanning Tree, STP Port Configuration or STP Trunk Configuration. Modify the required attributes, then click Apply. CLI – This example sets STP attributes for port 5.
b_mgmt.book Page 70 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH VLAN Configuration In conventional networks with routers, broadcast traffic is split up into separate domains. Switches do not inherently support broadcast domains. This can lead to broadcast storms in large networks that handle traffic such as IPX or NetBEUI. By using IEEE 802.1Q-compliant VLANs, you can organize any group of network nodes into separate broadcast domains, thus confining broadcast traffic to the originating group.
b_mgmt.book Page 71 Tuesday, July 8, 2003 5:24 PM VLAN CONFIGURATION • End stations can belong to multiple VLANs • Passing traffic between VLAN-aware and VLAN-unaware devices • Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports.
b_mgmt.book Page 72 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups, such as file servers or printers. Note that if you implement VLANs which do not overlap, but still need to communicate, you can connect them by using a Layer-3 router or switch. Untagged VLANs – Untagged (or static) VLANs are typically used to reduce broadcast traffic and to increase security.
b_mgmt.book Page 73 Tuesday, July 8, 2003 5:24 PM VLAN CONFIGURATION hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine security boundaries in the network and disable GVRP on ports to prevent advertisements being propagated, or forbid ports from joining restricted VLANs. Note: If you have host devices that do not support GVRP, you must configure static VLANs for the switch ports connected to these devices.
b_mgmt.book Page 74 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Displaying Basic VLAN Information Command Attributes • VLAN Version Number – The VLAN version used by this switch as specified in the IEEE 802.1Q standard. (Web interface only.) • Maximum VLAN ID – Maximum VLAN ID recognized by this switch. • Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch. Web – Click VLAN, VLAN Basic Information. CLI – Enter the following command.
b_mgmt.book Page 75 Tuesday, July 8, 2003 5:24 PM VLAN CONFIGURATION Displaying Current VLANs The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging. However, if you just want to create a small port-based VLAN for one or two switches, you can disable tagging.
b_mgmt.book Page 76 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click VLAN, VLAN Current Table. Select any ID from the scroll-down list. Command Attributes for CLI Interface • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. • 2-76 Name – Name of the VLAN (1 to 32 characters).
b_mgmt.book Page 77 Tuesday, July 8, 2003 5:24 PM VLAN CONFIGURATION • Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is operational. - Suspend: VLAN is suspended; i.e., does not pass packets. • Ports / Channel groups – Shows the VLAN interface members. CLI – Current VLAN information can be displayed with the following command.
b_mgmt.book Page 78 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • Status – Shows if this VLAN is enabled or disabled (Web). - Enable: VLAN is operational. - Disable: VLAN is suspended; i.e., does not pass packets. • State – Shows if this VLAN is enabled or disabled (CLI). - Active: VLAN is operational. - Suspend: VLAN is suspended; i.e., does not pass packets. • Add – Adds a new VLAN group to the current list. • Remove – Removes a VLAN group from the current list.
b_mgmt.book Page 79 Tuesday, July 8, 2003 5:24 PM VLAN CONFIGURATION Adding Interfaces Based on Membership Type Use the VLAN Static Table to modify the settings for an existing VLAN. You can add or delete port members for a VLAN, disable or enable VLAN tagging for any port, or prevent a port from being automatically added to a VLAN via the GVRP protocol. (Note that VLAN 1 is the default untagged VLAN containing all ports on the switch, and cannot be modified via this page.
b_mgmt.book Page 80 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: - Tagged: Interface is a member of the VLAN. All packets transmitted by the port will be tagged, that is, carry a tag and therefore carry VLAN or CoS information. - Untagged: Interface is a member of the VLAN.
b_mgmt.book Page 81 Tuesday, July 8, 2003 5:24 PM VLAN CONFIGURATION Web – Click VLAN, VLAN Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks. Click Apply. CLI – The following example shows how to add tagged and untagged ports to VLAN 2.
b_mgmt.book Page 82 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Adding Interfaces Based on Static Membership Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface add an interface to the selected VLAN as a tagged member. Command Attributes • Interface – Port or trunk identifier. • Member – VLANs for which the selected interface is a tagged member. • Non-Member – VLANs for which the selected interface is not a tagged member.
b_mgmt.book Page 83 Tuesday, July 8, 2003 5:24 PM VLAN CONFIGURATION CLI – This example adds Port 3 to VLAN 1 as a tagged port, and removes Port 3 from VLAN 2.
b_mgmt.book Page 84 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • Acceptable Frame Type – Sets the interface to accept all frame types, including tagged or untagged frames, or only tagged frames. When set to receive all frame types, any received frames that are untagged are assigned to the default VLAN.
b_mgmt.book Page 85 Tuesday, July 8, 2003 5:24 PM VLAN CONFIGURATION • GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the join time. This ensures that after a Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group.
b_mgmt.book Page 86 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click VLAN, VLAN Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click Apply. CLI – This example sets port 1 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
b_mgmt.book Page 87 Tuesday, July 8, 2003 5:24 PM CLASS OF SERVICE CONFIGURATION Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
b_mgmt.book Page 88 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Command Attributes • Default Priority – The priority that is assigned to untagged frames received on the specified port. (Range: 0 - 7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffers provided for each port. Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply.
b_mgmt.book Page 89 Tuesday, July 8, 2003 5:24 PM CLASS OF SERVICE CONFIGURATION Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using four priority queues for each port, with service schedules based on Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table.
b_mgmt.book Page 90 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH 2-90 Priority Level Traffic Type 1 Background 2 (Spare) 0 (default) Best Effort 3 Excellent Effort 4 Controlled Load 5 Video, less than 100 milliseconds latency and jitter 6 Voice, less than 10 milliseconds latency and jitter 7 Network Control • Priority – CoS value. (Range: 0 to 7, where 7 is the highest priority) • Traffic Class – Output queue buffer.
b_mgmt.book Page 91 Tuesday, July 8, 2003 5:24 PM CLASS OF SERVICE CONFIGURATION Web – Click Priority, Traffic Classes. Assign priorities to the output queues, then click Apply. CLI – The following example shows how to map CoS values 0, 1 and 2 to CoS priority queue 0, value 3 to CoS priority queue 1, values 4 and 5 to CoS priority queue 2, and values 6 and 7 to CoS priority queue 3.
b_mgmt.book Page 92 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping CoS Values to Egress Queues” on page 2-89, the traffic classes are mapped to one of the four egress queues provided for each port. You can assign a weight to each of these queues (and thereby to the corresponding traffic priorities).
b_mgmt.book Page 93 Tuesday, July 8, 2003 5:24 PM CLASS OF SERVICE CONFIGURATION CLI – The following example shows how to assign WRR weights of 1, 4, 16 and 64 to the CoS priority queues 0, 1, 2 and 3.
b_mgmt.book Page 94 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Selecting IP Precedence/DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority. Select one of the methods or disable this feature. Command Attributes • IP Precedence/DSCP Priority Status – Selects IP Precedence, DSCP, or disables both priority services. Web – Click Priority, IP Precedence Priority. Select IP Precedence or IP DSCP from the IP Precedence, DSCP Priority Status menu.
b_mgmt.book Page 95 Tuesday, July 8, 2003 5:24 PM CLASS OF SERVICE CONFIGURATION network control, and the other bits for various application types. ToS bits are defined in the following table. Priority Level Traffic Type 7 Network Control 6 Internetwork Control 5 Critical 4 Flash Override 3 Flash 2 Immediate 1 Priority 0 Routine Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map.
b_mgmt.book Page 96 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click Priority, IP Precedence Priority. Select an IP Precedence value from the IP Precedence Priority Table by clicking on it with your cursor, enter a value in the Class of Service Value field, and then click Apply. Be sure to also select IP Precedence from the IP Precedence/DSCP Priority Status menu.
b_mgmt.book Page 97 Tuesday, July 8, 2003 5:24 PM CLASS OF SERVICE CONFIGURATION CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 on port 5, and then displays all the IP Precedence settings for that port. (Note that the setting is global and applies to all ports on the switch.
b_mgmt.book Page 98 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH that all the DSCP values that are not specified are mapped to CoS value 0. IP DSCP Value CoS Value 0 0 8 1 10, 12, 14, 16 2 18, 20, 22, 24 3 26, 28, 30, 32, 34, 36 4 38, 40, 42 5 48 6 46, 56 7 Command Attributes 2-98 • DSCP Priority Table – Shows the DSCP Priority to CoS map. • Class of Service Value – Maps a CoS value to the selected DSCP Priority value.
b_mgmt.book Page 99 Tuesday, July 8, 2003 5:24 PM CLASS OF SERVICE CONFIGURATION Web – Click Priority, IP DSCP Priority. Select a DSCP priority value from the DSCP Priority Table by clicking on it with your cursor, enter a value in the Class of Service Value field, and then click Apply. Be sure to also select IP DSCP from the IP Precedence/ DSCP Priority Status menu.
b_mgmt.book Page 100 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 1 to CoS value 0 on port 5, and then displays all the DSCP Priority settings for that port. (Note that the setting is global and applies to all ports on the switch.
b_mgmt.book Page 101 Tuesday, July 8, 2003 5:24 PM PORT TRUNK CONFIGURATION another device are also configured as LACP, the switch and the other device will negotiate a trunk link between them. If an LACP trunk consists of more than four ports, all other ports will be placed in a standby mode. Should one link in the trunk fail, one of the standby ports will automatically be activated to replace it.
b_mgmt.book Page 102 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN. • STP, VLAN, and IGMP settings can only be made for the entire trunk. Dynamically Configuring a Trunk with LACP Command Usage • To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports before disabling LACP.
b_mgmt.book Page 103 Tuesday, July 8, 2003 5:24 PM PORT TRUNK CONFIGURATION Web – Click Trunk, LACP Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply.
b_mgmt.book Page 104 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – The following example enables LACP for ports 10 and 11. Just connect these ports to two LACP-enabled trunk ports on another switch to form a trunk.
b_mgmt.book Page 105 Tuesday, July 8, 2003 5:24 PM PORT TRUNK CONFIGURATION Web – Click Trunk, Trunk Configuration. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply.
b_mgmt.book Page 106 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – This example creates trunk 1 with ports 11 and 12. Just connect these ports to two static trunk ports on another switch to form a trunk.
b_mgmt.book Page 107 Tuesday, July 8, 2003 5:24 PM CONFIGURING SNMP submit a valid community string for authentication. The options for configuring community strings and related trap functions are described in the following sections. Setting Community Access Strings You may configure up to five community strings authorized for management access. For security reasons, you should consider removing the default strings.
b_mgmt.book Page 108 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click SNMP, SNMP Configuration. Enter a new string in the Community String box and select the access rights from the Access Mode drop-down list, then click Add. CLI – The following example adds the string “spiderman” with read/write access.
b_mgmt.book Page 109 Tuesday, July 8, 2003 5:24 PM CONFIGURING SNMP Specifying Trap Managers You can specify up to five management stations that will receive authentication failure messages and other trap messages from the switch. Command Usage • If you do not enter a trap manager host IP address, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one host IP address.
b_mgmt.book Page 110 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click SNMP, SNMP Configuration. Fill in the Trap Manager IP Address box and the Trap Manager Community String box, mark Enable Authentication Traps if required, and then click Add. CLI – This example adds a trap manager and enables authentication traps. Console(config)#snmp-server host 10.1.19.
b_mgmt.book Page 111 Tuesday, July 8, 2003 5:24 PM CONFIGURING SNMP IP address 192.168.1.1 and mask 255.255.255.255 — Specifies a valid IP address of 192.168.1.1 only. Note: IP filtering does not affect management access to the switch using the Web interface or Telnet. Command Attributes • IP Filter List — Displays a list of the IP address/subnet mask entries currently configured for SNMP access. • IP address — Specifies a new IP address to add to the IP Filter List.
b_mgmt.book Page 112 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click SNMP, SNMP IP Filtering. To add an IP address, type the new IP address in the IP Address box, type the appropriate subnet mask in the Subnet Mask box, and then click “Add IP Filtering Entry.” To delete an IP address, click the entry in the IP Filter List, and then click “Remove IP Filtering Entry.” CLI – The following is an example of configuring an SNMP IP filter. Console(config)#snmp ip filter 10.1.2.3 255.255.255.
b_mgmt.book Page 113 Tuesday, July 8, 2003 5:24 PM MULTICAST CONFIGURATION Multicast Configuration Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/ router.
b_mgmt.book Page 114 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Command Usage • IGMP Snooping – This switch can passively snoop on IGMP Query and Report packets transferred between IP multicast routers/switches and IP multicast host groups to identify the IP multicast group members. It simply monitors the IGMP packets passing through it, picks out the group registration information, and configures multicast filters accordingly.
b_mgmt.book Page 115 Tuesday, July 8, 2003 5:24 PM MULTICAST CONFIGURATION • IGMP Query Count — Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group. (Default: 2, Range: 2 - 10) • IGMP Query Interval — Sets the frequency (in seconds) at which the switch sends IGMP host-query messages.
b_mgmt.book Page 116 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click IGMP, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) CLI – This example modifies the settings for multicast filtering, and then displays the current status.
b_mgmt.book Page 117 Tuesday, July 8, 2003 5:24 PM MULTICAST CONFIGURATION Interfaces Attached to a Multicast Router Multicast routers use the information obtained from IGMP Query, along with a multicast routing protocol such as DVMRP, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.
b_mgmt.book Page 118 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router. Console#show ip igmp snooping mrouter vlan 1 VLAN M'cast Router Port Type ---- ------------------ ------1 Eth 1/11 Static 3-159 Specifying Interfaces Attached to a Multicast Router Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier.
b_mgmt.book Page 119 Tuesday, July 8, 2003 5:24 PM MULTICAST CONFIGURATION Web – Click IGMP, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add. After you have completed adding interfaces to the list, click Apply. CLI – This example configures port 11 as a multicast router port within VLAN 1.
b_mgmt.book Page 120 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH • Multicast Group Port List – Ports propagating a multicast service; i.e., ports that belong to the indicated VLAN group. Web – Click IGMP, IP Multicast Registration Table. Select the VLAN ID and multicast IP address. The switch will display all the ports that are propagating this multicast service.
b_mgmt.book Page 121 Tuesday, July 8, 2003 5:24 PM MULTICAST CONFIGURATION Adding Multicast Addresses to VLANs Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in “Configuring IGMP Parameters” on page 2-113. For certain application that require tighter control, you may need to statically configure a multicast service on the switch.
b_mgmt.book Page 122 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click IGMP, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast service, specify the multicast IP address, and then click Add. After you have completed adding ports to the member list, click Apply.
b_mgmt.book Page 123 Tuesday, July 8, 2003 5:24 PM SHOWING DEVICE STATISTICS each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of different frame types and sizes passing through each port. All values displayed have been accumulated since the last system reboot, and are shown as counts per second.
b_mgmt.book Page 124 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Parameter Description Received Errors The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. Transmit Octets The total number of octets transmitted out of the interface, including framing characters.
b_mgmt.book Page 125 Tuesday, July 8, 2003 5:24 PM SHOWING DEVICE STATISTICS Parameter Description FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check. This count does not include frames received with frame-too-long or frame-too-short error. Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions.
b_mgmt.book Page 126 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Parameter Description RMON Statistics 2-126 Drop Events The total number of events in which packets were dropped due to lack of resources. Jabbers The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either an FCS or alignment error. Received Bytes Total number of bytes of data received on the network.
b_mgmt.book Page 127 Tuesday, July 8, 2003 5:24 PM SHOWING DEVICE STATISTICS Parameter Description 64 Bytes Frames The total number of frames (including bad packets) received and transmitted that were 64 octets in length (excluding framing bits but including FCS octets).
b_mgmt.book Page 128 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH Web – Click Statistics, Port Statistics. Select the required interface, and then click Query. You can also use the Refresh button at the bottom of the page to update the screen.
b_mgmt.book Page 129 Tuesday, July 8, 2003 5:24 PM 801.1X PORT AUTHENTICATION CLI – This example shows statistics for port 13.
b_mgmt.book Page 130 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH The IEEE 802.1x (dot1x) standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first enter a user ID and password for authentication. Access to all switch ports in a network can be centrally controlled from a server, which means that authorized users can use a single user ID and password for authentication from any point within the network.
b_mgmt.book Page 131 Tuesday, July 8, 2003 5:24 PM 801.1X PORT AUTHENTICATION and the password, as well as selecting MD5 as the authentication method. • An accessible and functioning RADIUS server. 802.1x Port Configuration The 802.1x protocol includes parameters that control the client authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server. The Switch/802.1x/802.
b_mgmt.book Page 132 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH plugged into a switch port. (Default: Disabled) • Max Req — Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session. (Range: 1-10; Default 2) • Quiet/Period — Sets the time that a switch port waits after the Max Req count has been exceeded before attempting to acquire a new client.
b_mgmt.book Page 133 Tuesday, July 8, 2003 5:24 PM 801.1X PORT AUTHENTICATION • Trunk — Indicates if the port is configured as a trunk port. To save any changes you make in this page, click Apply Changes. If you don’t want to save the changes, click Refresh . CLI – This example shows configurable features for port 13.
b_mgmt.book Page 134 Tuesday, July 8, 2003 5:24 PM CONFIGURING THE SWITCH 802.1x Statistics The 802.1x protocol includes statistics for 802.1x protocol exchanges for any port. Statistical Values Parameter Description Rx EXPOL Start The number of EAPOL Start frames that have been received by this Authenticator. Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator.
b_mgmt.book Page 135 Tuesday, July 8, 2003 5:24 PM 801.
b_mgmt.
b_mgmt.book Page 1 Tuesday, July 8, 2003 5:24 PM CHAPTER 3 COMMAND LINE INTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.
b_mgmt.book Page 2 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE 3. When finished, exit the session with the “quit” or “exit” command. After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the SMC8612T is opened. To end the CLI session, enter [Exit]. Console# Telnet Connection Telnet operates over the IP transport protocol.
b_mgmt.book Page 3 Tuesday, July 8, 2003 5:24 PM USING THE COMMAND LINE INTERFACE After you configure the switch with an IP address, you can open a Telnet session by performing these steps. 1. From the remote host, enter the Telnet command and the IP address of the device you want to access. 2. At the prompt, enter the user name and system password. The CLI will display the “Vty-0#” prompt for the administrator to show that you are using privileged access mode (i.e.
b_mgmt.book Page 4 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
b_mgmt.book Page 5 Tuesday, July 8, 2003 5:24 PM ENTERING COMMANDS Command Completion If you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the “configure” example, typing con followed by a tab will result in printing the command up to “configure.” Getting Help on Commands You can display a brief description of the help system by entering the help command.
b_mgmt.book Page 6 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE keywords for a specific command.
b_mgmt.book Page 7 Tuesday, July 8, 2003 5:24 PM ENTERING COMMANDS not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.” Console#show s? snmp spanning-tree Console#show s ssh startup-config system Negating the Effect of Commands For many configuration commands you can enter the prefix keyword “no” to cancel the effect of a command or reset the configuration to the default value.
b_mgmt.book Page 8 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE the commands available for the current mode. The command classes and associated modes are displayed in the following table: Class Mode Exec Normal Privileged Configuration* Global Interface Line VLAN * You must be in Privileged Exec mode to access any of the configuration modes. Exec Commands When you open a new console session on switch with the user name “guest,” the system enters Normal Exec command mode (or guest mode).
b_mgmt.book Page 9 Tuesday, July 8, 2003 5:24 PM ENTERING COMMANDS Username: guest Password: [system login password] CLI session with the SMC8612T is opened. To end the CLI session, enter [Exit]. Console#enable Password: [privileged level password if so configured] Console# Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted.
b_mgmt.book Page 10 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands. Console#configure Console(config)# To enter Interface, Line Configuration, or VLAN mode, you must enter the “interface ...,” “line...” or “vlan database” command while in Global Configuration mode.
b_mgmt.book Page 11 Tuesday, July 8, 2003 5:24 PM ENTERING COMMANDS character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing: Keystroke Function Ctrl-A Shifts cursor to start of command line. Ctrl-B Shifts cursor to the left one character. Ctrl-E Shifts cursor to end of command line. Ctrl-F Shifts cursor to the right one character. Ctrl-P Shows the last command. Ctrl-U Deletes the entire line.
b_mgmt.book Page 12 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Groups The system commands can be broken down into the functional groups shown below.
b_mgmt.
b_mgmt.
b_mgmt.book Page 15 Tuesday, July 8, 2003 5:24 PM GENERAL COMMANDS Command Mode Normal Exec Command Usage • “super” is the default password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on page 3-31.) • The “#” character is appended to the end of the prompt to indicate that the system is in privileged access mode. • You only need to use Level 15. Setting the password for Level 0 has no effect.
b_mgmt.book Page 16 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Privileged Exec Command Usage The “>” character is appended to the end of the prompt to indicate that the system is in normal access mode. Example Console#disable Console> Related Commands enable (3-14) configure Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch.
b_mgmt.book Page 17 Tuesday, July 8, 2003 5:24 PM GENERAL COMMANDS show history Use this command to show the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 20 commands.
b_mgmt.book Page 18 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE reload Use this command to restart the system. Note: When the system is restarted, it will always run the Power-On Self-Test. It will also retain all configuration information stored in nonvolatile memory by the copy running-config startup-config command. Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system.
b_mgmt.book Page 19 Tuesday, July 8, 2003 5:24 PM GENERAL COMMANDS Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console# exit Use this command to return to the previous configuration mode or exit the configuration program.
b_mgmt.book Page 20 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program. Example This example shows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username: Flash/File Commands These commands are used to manage system code and configuration files.
b_mgmt.book Page 21 Tuesday, July 8, 2003 5:24 PM FLASH/FILE COMMANDS copy Use this command to move (upload/download) a code image or configuration file between the switch’s Flash memory and a TFTP server. When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore system operation. The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection.
b_mgmt.book Page 22 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Usage • The system prompts for data required to complete the copy command. • The file names are case sensitive. The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.
b_mgmt.book Page 23 Tuesday, July 8, 2003 5:24 PM FLASH/FILE COMMANDS The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name : startup / Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.
b_mgmt.book Page 24 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cfg” cannot be deleted. Example This example shows how to delete the test2.cfg configuration file from Flash memory. Console#delete test2.cfg Console# Related Commands dir (3-24) dir Use this command to display a list of files in Flash memory.
b_mgmt.book Page 25 Tuesday, July 8, 2003 5:24 PM FLASH/FILE COMMANDS Command Mode Privileged Exec Command Usage • If you enter the command dir without any parameters, the system displays all files. • File information is shown below: Column Heading Description file name The name of the file. file type File types: Boot-Rom, Operation Code, and Config file. startup Shows if this file is used when the system is started. size The length of the file in bytes.
b_mgmt.book Page 26 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command. See the table on the previous page for a description of the file information displayed by this command.
b_mgmt.book Page 27 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS Command Usage • A colon (:) is required after the specified file type. • If the file contains an error, it cannot be set as the default file.
b_mgmt.
b_mgmt.
b_mgmt.book Page 30 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE username Use this command to require user name authentication at login. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} password} no username name • name - The name of the user. Up to 8 characters, case sensitive. Maximum number of users: 16 • access-level level - Specifies the user level.
b_mgmt.book Page 31 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS Command Usage The encrypted password is required for compatiblity with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example This example shows how the set the access level and password for a user.
b_mgmt.book Page 32 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Default Setting This default password is “super” Command Mode Global Configuration Command Usage The encrypted password is required for compatiblity with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.
b_mgmt.book Page 33 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS Command Usage • This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9000 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
b_mgmt.book Page 34 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Global Configuration Example Console(config)#ip http port 769 Console(config)# Related Commands ip http server (3-34) ip http server Use this command to allow this device to be monitored or configured from a browser. Use the no form to disable this function.
b_mgmt.book Page 35 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS ip http secure-server Use this command to enable the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface. Use the no form to disable this function.
b_mgmt.book Page 36 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • The following Web browsers and operating systems currently support HTTPS: Web Browser Operating System Internet Explorer 5.0 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP Netscape Navigator 4.76 or Windows 98,Windows NT (with service later pack 6a), Windows 2000, Windows XP, Solaris 2.6 * To specify a secure-site certificate, see“Replacing the Default Secure-site Certificate” on page -23.
b_mgmt.book Page 37 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port.
b_mgmt.book Page 38 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase. Once an SSH session has been established, the timeout for user input is controlled by the exec-timeout command for vty sessions.
b_mgmt.book Page 39 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS • The SSH server uses RSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption. Example Console(config)#ip ssh server Console(config)# Related Commands show ssh (3-40) disconnect ssh Use this command to terminate a Secure Shell (SSH) client connection.
b_mgmt.book Page 40 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE show ssh Use this command to display the current Secure Shell (SSH) server connections. Command Mode Privileged Exec Command Usage This command shows the following information: • Session – The session number. (Range: 0-3) • Username – The user name of the client. • Version – The Secure Shell version number. • Encrypt method – The encryption method.
b_mgmt.book Page 41 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS Example Console#show ip ssh Information of secure shell SSH status: enable SSH authentication timeout: 120 SSH authentication retries: 3 Console# Related Commands ip ssh (3-37) logging on Use this command to control logging of error messages. This command sends debug or error messages to a logging process. The no form disables the logging process.
b_mgmt.book Page 42 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example Console(config)#logging on Console(config)# Related Commands logging history (3-42) logging trap (3-45) clear logging (3-47) logging history Use this command to limit syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} • flash - Event history stored in Flash memory (i.e.
b_mgmt.book Page 43 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS Level Argument Level Description Syslog Definition errors 3 Error conditions (e.g., invalid input, default used) LOG_ERR warnings 4 Warning conditions LOG_WARNING (e.g.
b_mgmt.book Page 44 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE logging host Use this command to add a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax logging host host_ip_address no logging host host_ip_address host_ip_address - The IP address of a syslog server. Default Setting None Command Mode Global Configuration Command Usage • By using this command more than once you can build up a list of host IP addresses.
b_mgmt.book Page 45 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS logging facility Use this command to set the facility type for remote logging of syslog messages. Use the no form to return the type to the default. Syntax logging facility type no logging facility type type - A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service.
b_mgmt.book Page 46 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Messages sent include the selected level up through level 0. Level Argument Level Description Syslog Definition emergencies 0 System unusable LOG_EMERG alerts 1 Immediate action needed LOG_ALERT critical 2 Critical conditions (e.g., memory allocation, or free memory error resource exhausted) LOG_CRIT errors 3 Error conditions (e.g., invalid input, default used) LOG_ERR warnings 4 Warning conditions (e.g.
b_mgmt.book Page 47 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] • flash - Event history stored in Flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
b_mgmt.book Page 48 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Default Setting None Command Mode Privileged Exec Example Console#show logging flash Syslog logging: Disable History logging in FLASH: level errors Console#show logging trap Syslog logging: Enable REMOTELOG status: enable REMOTELOG facility type: local use 3 REMOTELOG level type: Warning conditions REMOTELOG server ip address: 10.1.0.3 REMOTELOG server ip address: 10.1.0.4 REMOTELOG server ip address: 0.0.0.
b_mgmt.book Page 49 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!” symbols, and includes the configuration mode command, and corresponding commands.
b_mgmt.book Page 50 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example Console#show startup-config building startup-config, please wait.....
b_mgmt.book Page 51 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes.
b_mgmt.book Page 52 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example Console#show running-config building running-config, please wait..... ! ! snmp-server community private rw snmp-server community public ro . . . . . ip http port interface vlan 1 ip address 10.1.0.1 255.255.255.0 ! no bridge 1 spanning-tree ! line console ! line vty ! end Console# Related Commands show startup-config (3-48) show system Use this command to display system information.
b_mgmt.book Page 53 Tuesday, July 8, 2003 5:24 PM SYSTEM MANAGEMENT COMMANDS Command Usage • For a description of the items shown by this command, refer to “Displaying System Information” on page 2-8 • The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: SMC8612T System OID string: 1.3.6.1.4.1.202.20.25 System information System Up time: 0 days, 1 hours, 23 minutes, and 44.
b_mgmt.book Page 54 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number. Example Console#show users Username accounts: Username Privilege -------- --------guest 0 admin 15 Online users: Line Username Idle time (h:m:s) Remote IP addr. ----------- -------- ----------------- --------------* 0 console admin 0:00:00 1 vty 0 admin 0:04:37 10.1.0.
b_mgmt.book Page 55 Tuesday, July 8, 2003 5:24 PM AUTHENTICATION COMMANDS Example Console#show version Unit1 Serial number Service tag Hardware version Number of ports Main power status Redundant power status Agent(master) Unit id Loader version Boot rom version Operation code version Console# :A217056372 :[NONE] :R0C :12 :up :not present :1 :1.0.0.0 :1.0.0.2 :1.0.1.
b_mgmt.
b_mgmt.book Page 57 Tuesday, July 8, 2003 5:24 PM AUTHENTICATION COMMANDS Command Mode Global Configuration Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server. • RADIUS and TACACS+ logon authentication can control management access via the console port, a Web browser, or Telnet.
b_mgmt.book Page 58 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE radius-server host Use this command to specify the RADIUS server. Use the no form to restore the default. Syntax radius-server host host_ip_address no radius-server host host_ip_address - IP address of a RADIUS server. Default Setting 10.1.0.1 Command Mode Global Configuration Example Console(config)#radius-server host 192.168.1.25 Console(config)# radius-server port Use this command to set the RADIUS server network port.
b_mgmt.book Page 59 Tuesday, July 8, 2003 5:24 PM AUTHENTICATION COMMANDS Example Console(config)#radius-server port 181 Console(config)# radius-server key Use this command to set the RADIUS encryption key. Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
b_mgmt.book Page 60 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE radius-server retransmit Use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server.
b_mgmt.book Page 61 Tuesday, July 8, 2003 5:24 PM AUTHENTICATION COMMANDS Command Mode Global Configuration Example Console(config)#radius-server timeout 10 Console(config)# show radius-server Use this command to display the current settings for the RADIUS server. Default Setting None Command Mode Privileged Exec Example Console#show radius-server Server IP address: 10.1.0.
b_mgmt.book Page 62 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Default Setting 10.11.12.13 Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25 Console(config)# tacacs-server port Use this command to specify the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages.
b_mgmt.book Page 63 Tuesday, July 8, 2003 5:24 PM AUTHENTICATION COMMANDS tacacs-server key Use this command to set the TACACS+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string.
b_mgmt.book Page 64 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with radius server: Server port number: 49 Console# SNMP Commands Controls access to this switch from SNMP management stations, as well as the error types sent to trap managers.
b_mgmt.book Page 65 Tuesday, July 8, 2003 5:24 PM SNMP COMMANDS snmp-server community Use this command to define the community access string for the Simple Network Management Protocol. Use the no form to remove the specified community string. Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol.
b_mgmt.book Page 66 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE snmp-server contact Use this command to set the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information.
b_mgmt.book Page 67 Tuesday, July 8, 2003 5:24 PM SNMP COMMANDS Default Setting None Command Mode Global Configuration Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (3-66) snmp-server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host.
b_mgmt.book Page 68 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Default Setting Host Address: None SNMP Version: 1 Command Mode Global Configuration Command Usage • If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. In order to enable multiple hosts, you must issue a separate snmp-server host command for each host.
b_mgmt.book Page 69 Tuesday, July 8, 2003 5:24 PM SNMP COMMANDS snmp-server enable traps Use this command to enable this device to send Simple Network Management Protocol traps (SNMP notifications). Use the no form to disable SNMP notifications. Syntax snmp-server enable traps [authentication | link-up-down] no snmp-server enable traps [authentication | link-up-down] • authentication - Keyword to issue authentication failure traps. • link-up-down - Keyword to issue link-up or link-down traps.
b_mgmt.book Page 70 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example Console(config)#snmp-server enable traps link-up-down Console(config)# Related Commands snmp-server host (3-67) snmp ip filter Sets the IP addresses of clients that are allowed management access to the switch via SNMP. Use the no form of this command to remove an IP address.
b_mgmt.book Page 71 Tuesday, July 8, 2003 5:24 PM SNMP COMMANDS • If the IP is the address of a single management station, the bitmask should be set to 255.255.255.255. Otherwise, the IP address group is specified by the bitmask. • The default setting is null, which allows all IP groups SNMP access to the switch. If one IP address is configured, the IP filtering is enabled and only addresses in the IP group will have SNMP access.
b_mgmt.book Page 72 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
b_mgmt.book Page 73 Tuesday, July 8, 2003 5:24 PM IP COMMANDS IP Commands An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s user-specified defaults (IP address 0.0.0.0 and netmask 255.0.0.0) to values that are compatible with your network.
b_mgmt.book Page 74 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE ip address Use this command to set the IP address for this device. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} no ip address • ip-address - IP address • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • bootp - Obtains IP address from BOOTP. • dhcp - Obtains IP address from DHCP.
b_mgmt.book Page 75 Tuesday, July 8, 2003 5:24 PM IP COMMANDS • You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart command, or by rebooting the switch. Note: Only one VLAN interface can be assigned an IP address (the default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch.
b_mgmt.book Page 76 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will be based on this new domain. Example In the following example, the device is reassigned the same address. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart Console#show ip interface IP interface vlan IP address and netmask: 10.1.0.54 255.
b_mgmt.book Page 77 Tuesday, July 8, 2003 5:24 PM IP COMMANDS Command Usage A gateway must be defined if the management station is located in a different IP segment. Example The following example defines a default gateway for this device: Console(config)#ip default-gateway 10.1.0.254 Console(config)# Related Commands show ip redirects (3-78) show ip interface Use this command to display the settings of an IP interface.
b_mgmt.book Page 78 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE show ip redirects Use this command to show the default gateway configured for this device. Default Setting None Command Mode Privileged Exec Example Console#show ip redirects ip default gateway 10.1.0.254 Console# Related Commands ip default-gateway (3-76) ping Use this command to send ICMP echo request packets to another node on the network. Syntax ping host [count count][size size] • host - IP address or IP alias of the host.
b_mgmt.book Page 79 Tuesday, July 8, 2003 5:24 PM IP COMMANDS Command Mode Normal Exec, Privileged Exec Command Usage • Use the ping command to see if another site on the network can be reached. • Following are some results of the ping command: - Normal response -The normal response occurs in one to ten seconds, depending on network traffic. - Destination does not respond - If the host does not respond, a “timeout” appears in ten seconds.
b_mgmt.book Page 80 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or a virtual terminal. Note that Telnet is considered a virtual terminal connection, and the only commands that apply to Telnet include exec-timeout and password-thresh.
b_mgmt.book Page 81 Tuesday, July 8, 2003 5:24 PM LINE COMMANDS line Use this command to identify a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access. Default Setting There is no default line. Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty” in screen displays such as show users.
b_mgmt.book Page 82 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE login Use this command to enable password checking at login. Use the no form to disable password checking and allow connections without a password. Syntax login [local] no login local - Selects local password checking. Authentication is based on the user name specified with the username command. Default Setting local - Selects local password checking. Authentication is based on the user name specified with the username command.
b_mgmt.book Page 83 Tuesday, July 8, 2003 5:24 PM LINE COMMANDS • This command controls login authentication via the switch itself. To configure user names and passwords for remote authentication servers, you must use the RADIUS software installed on those servers. Example Console(config-line)#login local Console(config-line)# Related Commands username (3-30) password (3-83) password Use this command to specify the password for a line. Use the no form to remove the password.
b_mgmt.book Page 84 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Usage • When a connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. You can use the password-thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state.
b_mgmt.book Page 85 Tuesday, July 8, 2003 5:24 PM LINE COMMANDS Default Setting CLI: No timeout Telnet: 10 minutes Command Mode Line Configuration Command Usage • If input is detected, the system resumes the current connection; or if no connections exist, it returns the terminal to the idle state and disconnects the incoming session. • This command applies to both the local console and Telnet connections. • The timeout for Telnet cannot be disabled.
b_mgmt.book Page 86 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Line Configuration Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down. • This command applies to both the local console and Telnet connections.
b_mgmt.book Page 87 Tuesday, July 8, 2003 5:24 PM LINE COMMANDS Default Setting The default value is no silent-time. Command Mode Line Configuration Command Usage If the password threshold was not set with the password-thresh command, silent-time begins after the default value of three failed logon attempts.
b_mgmt.book Page 88 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character.
b_mgmt.book Page 89 Tuesday, July 8, 2003 5:24 PM LINE COMMANDS Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. Example To specify no parity, enter this command: Console(config-line)#parity none Console(config-line)# speed Use this command to set the terminal line's baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting.
b_mgmt.book Page 90 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example To specify 57600 bps, enter this command: Console(config-line)#speed 57600 Console(config-line)# stopbits Use this command to set the number of the stop bits transmitted per byte. Use the no form to restore the default setting.
b_mgmt.
b_mgmt.book Page 92 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Function Mode Page capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 3-96 flowcontrol Enables flow control on a given interface IC 3-97 shutdown Disables an interface IC 3-99 switchport broadcast Configures broadcast storm control IC 3-100 port security Enables port security on an interface.
b_mgmt.book Page 93 Tuesday, July 8, 2003 5:24 PM INTERFACE COMMANDS Default Setting None Command Mode Global Configuration Example To specify the Ethernet port, enter the following command: Console(config)#interface ethernet 1/25 Console(config-if)# description Use this command to add a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface.
b_mgmt.book Page 94 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE speed-duplex Use this command to configure the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default.
b_mgmt.book Page 95 Tuesday, July 8, 2003 5:24 PM INTERFACE COMMANDS Example The following example configures port 5 to 100 Mbps, half-duplex operation. Console(config)#interface ethernet 1/5 Console(config-if)#speed-duplex 100half Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (3-95) capabilities (3-96) negotiation Use this command to enable autonegotiation for a given interface. Use the no form to disable autonegotiation.
b_mgmt.book Page 96 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example The following example configures port 11 to use autonegotiation. Console(config)#interface ethernet 1/11 Console(config-if)#negotiation Console(config-if)# Related Commands capabilities (3-96) speed-duplex (3-94) capabilities Use this command to advertise the port capabilities of a given interface during autonegotiation.
b_mgmt.book Page 97 Tuesday, July 8, 2003 5:24 PM INTERFACE COMMANDS Default Setting • 100BASE-TX: 10half, 10full, 100half, 100full • 1000BASE-T: 10half, 10full, 100half, 100full, 1000full • 1000BASE-SX/LX/LH: 1000full Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command.
b_mgmt.book Page 98 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.
b_mgmt.book Page 99 Tuesday, July 8, 2003 5:24 PM INTERFACE COMMANDS shutdown Use this command to disable an interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved.
b_mgmt.book Page 100 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE switchport broadcast Use this command to configure broadcast storm control. Use the no form to disable broadcast storm control. Syntax switchport broadcast packet-rate rate no switchport broadcast rate - Threshold level as a rate; i.e., packets per second.
b_mgmt.book Page 101 Tuesday, July 8, 2003 5:24 PM INTERFACE COMMANDS port security Use this command to enable and configure port security on a port. Use the no form to disable port security or reset the intrusion action to the default. Syntax port security [action trap-and-shutdown] no port security [action] action - Indicates the security action to be taken when a port security violation is detected (applies globally to all ports). trap-and-shutdown - Issue an SNMP trap message and disable the port.
b_mgmt.book Page 102 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • A secure port has the following restrictions: - Cannot be connected to a network interconnection device. - Cannot be a member of a static trunk. - It can be configured as an LACP trunk port, but the switch does not allow the LACP trunk to be enabled. • A port that is already configured as an LACP or static trunk port cannot be enabled as a secure port.
b_mgmt.book Page 103 Tuesday, July 8, 2003 5:24 PM INTERFACE COMMANDS Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session. However, if you log out and back into the management interface, the statistics displayed will show the absolute value accumulated since the last power reset. Example The following example clears statistics on port 5.
b_mgmt.book Page 104 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Usage • If no interface is specified, information on all interfaces is displayed. • For a description of the items displayed by this command, see “Displaying Connection Status” on page 2-36.
b_mgmt.book Page 105 Tuesday, July 8, 2003 5:24 PM INTERFACE COMMANDS Default Setting Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage • If no interface is specified, information on all interfaces is displayed. • For a description of the items displayed by this command, see “Showing Device Statistics” on page 2-122.
b_mgmt.book Page 106 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE show interfaces switchport Use this command to display the administrative and operational status of the specified interfaces.. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows all interfaces.
b_mgmt.book Page 107 Tuesday, July 8, 2003 5:24 PM ADDRESS TABLE COMMANDS • Priority for untagged traffic – Indicates the default priority for untagged frames (page 3-160). • Gvrp status – Shows if GARP VLAN Registration Protocol is enabled or disabled (page 3-142). • Allowed Vlan – Shows the VLANs this interface has joined, where “(u)” indicates untagged and “(t)” indicates tagged (page 3-138). • Forbidden Vlan – Shows the VLANs this interface can not dynamically join via GVRP (page 3-139).
b_mgmt.book Page 108 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Function Mode Page clear Removes any learned entries from the PE mac-address-table forwarding database dynamic 3-111 mac-address-table Sets the aging time of the address table GC aging-time 3-111 show Showsthe aging time for the address mac-address-table table aging-time 3-112 PE mac-address-table static Use this command to map a static address to a port in a VLAN. Use the no form to remove an address.
b_mgmt.book Page 109 Tuesday, July 8, 2003 5:24 PM ADDRESS TABLE COMMANDS Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table. Static addresses have the following characteristics: • Static addresses will not be removed from the address table when a given interface link is down.
b_mgmt.book Page 110 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-4) • vlan-id - VLAN ID (Range: 1-4094) • sort - Sort by address, vlan or interface. Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contains the MAC addresses associated with each interface.
b_mgmt.book Page 111 Tuesday, July 8, 2003 5:24 PM ADDRESS TABLE COMMANDS Example Console#show mac-address-table Interface Mac Address Vlan Type --------- ----------------- ---- ----------------Eth 1/ 1 00-e0-29-94-34-de 1 Delete-on-reset Console# clear mac-address-table dynamic Use this command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any static or system configured entries.
b_mgmt.book Page 112 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 100 Console(config)# show mac-address-table aging-time Use this command to show the aging time for entries in the address table. Default Setting None Command Mode Privileged Exec Example Console#show mac-address-table aging-time Aging time: 300 sec.
b_mgmt.book Page 113 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS Spanning Tree Commands This section includes commands that configure the Spanning Tree Protocol (STP) for the overall switch, and commands that configure STP for the selected interface.
b_mgmt.book Page 114 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Function Mode Page spanning-tree link-type Configures the link type for RSTP IC 3-127 show spanning-tree Shows the Spanning Tree configuration PE 3-128 spanning-tree Use this command to enable the Spanning Tree Protocol globally for this switch. Use the no form to disable it. Syntax spanning-tree no spanning-tree Default Setting Spanning Tree is enabled.
b_mgmt.book Page 115 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS spanning-tree mode Use this command to select the Spanning Tree mode for this switch. Use the no form to disable it. Syntax spanning-tree mode {stp | rstp} no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.1D) • rstp - Rapid Spanning Tree Protocol (IEEE 802.1w) Default Setting rstp Command Mode Global Configuration Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.
b_mgmt.book Page 116 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example The following example configures the switch to use Rapid Spanning Tree: Console(config)#spanning-tree mode rstp Console(config)# spanning-tree forward-time Use this command to configure the SpanningTree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds.
b_mgmt.book Page 117 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS Example Console(config)#spanning-tree forward-time 20 Console(config)# spanning-tree hello-time Use this command to configure the Spanning Tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds) The maximum value is the lower of 10 or [(max-age / 2) -1].
b_mgmt.book Page 118 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE spanning-tree max-age Use this command to configure the Spanning Tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax spanning-tree max-age seconds no spanning-tree max-age seconds - Time in seconds. (Range: 6-40 seconds) The minimum value is the higher of 6 or [2 x (hello-time + 1)]. The maximum value is the lower of 40 or [2 x (forward-time - 1)].
b_mgmt.book Page 119 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS spanning-tree priority Use this command to configure the Spanning Tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge.
b_mgmt.book Page 120 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE spanning-tree pathcost method Use this command to configure the path cost method used for the Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 1-200,000,000. • short - Specifies 16-bit based values that range from 1-65535.
b_mgmt.book Page 121 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS spanning-tree transmission-limit Use this command to configure the minimum interval between the transmission of consecutive RSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds.
b_mgmt.book Page 122 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE spanning-tree cost Use this command to configure the Spanning Tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the interface.
b_mgmt.book Page 123 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree cost 50 Console(config-if)# Related Commands spanning-tree port-priority (3-123) spanning-tree port-priority Use this command to configure the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for an interface.
b_mgmt.book Page 124 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree port-priority 0 Console(config-if)# Related Commands spanning-tree cost (3-122) spanning-tree portfast Use this command to set an interface to fast forwarding. Use the no form to disable fast forwarding.
b_mgmt.book Page 125 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS • This command is the same as spanning-tree edge-port, and is only included for backward compatibility with earlier products. Note that this command may be removed for future software versions. Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree portfast Console(config-if)# Related Commands spanning-tree edge-port (3-125) spanning-tree edge-port Use this command to specify an interface as an edge port.
b_mgmt.book Page 126 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE cause the Spanning Tree to initiate reconfiguration when the interface changes state, and also overcomes other STP-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device. • This command has the same effect as the spanning-tree portfast command.
b_mgmt.book Page 127 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS STP-compatible mode. However, you can also use the spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible). Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree protocol-migration Console(config-if)# spanning-tree link-type Use this command to configure the link type for the Rapid Spanning Tree.
b_mgmt.book Page 128 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • RSTP only works on point-to-point links between two bridges. If you designate a port as a shared link, RSTP is forbidden. Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree link-type point-to-point Console(config-if)# show spanning-tree Use this command to show the configuration for the Spanning Tree.
b_mgmt.book Page 129 Tuesday, July 8, 2003 5:24 PM SPANNING TREE COMMANDS • For a description of the items displayed under “Spanning-tree information,” see “STP Configuration” on page 2-57. For a description of the items displayed for specific interfaces, see “STP Port and Trunk Information” on page 2-61.
b_mgmt.book Page 130 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
b_mgmt.book Page 131 Tuesday, July 8, 2003 5:24 PM VLAN COMMANDS Command Function Mode Page Display VLAN Information show vlan Shows VLAN information NE, PE 3-140 show interfaces status vlan Displays status for the specified VLAN interface NE, PE 3-103 show interfaces switchport Displays the administrative and operational status of an interface NE, PE 3-106 vlan database Use this command to enter VLAN database mode. All commands in this mode will take effect immediately.
b_mgmt.book Page 132 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Related Commands show vlan (3-140) vlan Use this command to configure a VLAN. Use the no form to restore the default settings or delete a VLAN. Syntax vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] • vlan-id - ID of configured VLAN. (Range: 1-4094, no leading zeroes) • name - Keyword to be followed by the VLAN name. • vlan-name - ASCII string from 1 to 32 characters.
b_mgmt.book Page 133 Tuesday, July 8, 2003 5:24 PM VLAN COMMANDS • VLAN 1 cannot be suspended, but any other VLAN can be suspended. • You can configure up to 255 VLANs on the switch. Example The following example adds a VLAN, using vlan-id 105 and name RD5. The VLAN is activated by default.
b_mgmt.book Page 134 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands show vlan (3-140) switchport mode Use this command to configure the VLAN membership mode for a port. Use the no form to restore the default.
b_mgmt.book Page 135 Tuesday, July 8, 2003 5:24 PM VLAN COMMANDS Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid: Console(config)#interface ethernet 1/1 Console(config-if)#switchport mode hybrid Console(config-if)# Related Commands switchport acceptable-frame-types switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port. Use the no form to restore the default.
b_mgmt.book Page 136 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example The following example shows how to restrict the traffic passed on port 1 to tagged frames: Console(config)#interface ethernet 1/1 Console(config-if)#switchport acceptable-frame-types tagged Console(config-if)# Related Commands switchport mode (3-134) switchport ingress-filtering Use this command to enable ingress filtering for an interface. Use the no form to restore the default.
b_mgmt.book Page 137 Tuesday, July 8, 2003 5:24 PM VLAN COMMANDS • Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP or STP. However, they do affect VLAN dependent BPDU frames, such as GMRP. Example The following example shows how to set the interface to port 1 and then enable ingress filtering: Console(config)#interface ethernet 1/1 Console(config-if)#switchport ingress-filtering Console(config-if)# switchport native vlan Use this command to configure the PVID (i.e.
b_mgmt.book Page 138 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • If acceptable frame types is set to all or switchport mode is set to hybrid, the PVID will be inserted into all untagged frames entering the ingress port. Example The following example shows how to set the PVID for port 1 to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport native vlan 3 Console(config-if)# switchport allowed vlan Use this command to configure VLAN groups on the selected interface.
b_mgmt.book Page 139 Tuesday, July 8, 2003 5:24 PM VLAN COMMANDS Command Usage • If switchport mode is set to trunk, then you can only assign an interface to VLAN groups as a tagged member. • Frames are always tagged within the switch. The tagged/ untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress.
b_mgmt.book Page 140 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • vlan-list - Separate nonconsecutive VLAN identifiers with a comma and no spaces; use a hyphen to designate a range of IDs. Do not enter leading zeros. (Range: 1-4094) Default Setting No VLANs are included in the forbidden list. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command prevents a VLAN from being automatically added to the specified interface via GVRP.
b_mgmt.book Page 141 Tuesday, July 8, 2003 5:24 PM GVRP AND BRIDGE EXTENSION COMMANDS Default Setting Shows all VLANs.
b_mgmt.book Page 142 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Function Mode Page show garp timer Shows the GARP timer for the selected function NE, PE 3-145 bridge-ext gvrp Enables GVRP globally for the switch GC 3-146 show bridge-ext Shows bridge extension configuration PE 3-147 Global Commands switchport gvrp Use this command to enable GVRP for a port. Use the no form to disable it.
b_mgmt.book Page 143 Tuesday, July 8, 2003 5:24 PM GVRP AND BRIDGE EXTENSION COMMANDS show gvrp configuration Use this command to show if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows both global and interface-specific configuration.
b_mgmt.book Page 144 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE garp timer Use this command to set the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} • {join | leave | leaveall} - Which timer to set. • timer_value - Value of timer.
b_mgmt.book Page 145 Tuesday, July 8, 2003 5:24 PM GVRP AND BRIDGE EXTENSION COMMANDS Note: Set GVRP timers on all Layer 2 devices connected in the same network to the same values. Otherwise, GVRP will not operate successfully. Example Console(config)#interface ethernet 1/1 Console(config-if)#garp timer join 100 Console(config-if)# Related Commands show garp timer (3-145) show garp timer Use this command to show the GARP timers for the selected interface.
b_mgmt.book Page 146 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example Console#show garp timer ethernet 1/1 Eth 1/ 1 GARP timer status: Join timer: 20 centiseconds Leave timer: 60 centiseconds Leaveall timer: 1000 centiseconds Console# Related Commands garp timer (3-144) bridge-ext gvrp Use this command to enable GVRP. Use the no form to disable it.
b_mgmt.book Page 147 Tuesday, July 8, 2003 5:24 PM GVRP AND BRIDGE EXTENSION COMMANDS show bridge-ext Use this command to show the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 2-74 and “Displaying Bridge Extension Capabilities” on page 2-31 for a description of the displayed items.
b_mgmt.book Page 148 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE IGMP Snooping Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
b_mgmt.book Page 149 Tuesday, July 8, 2003 5:24 PM IGMP SNOOPING COMMANDS Command Function Mode Page Mulitcast Router Commands ip igmp snooping vlan mrouter Adds a multicast router port GC 3-158 show ip igmp snooping mrouter Shows multicast router ports PE 3-159 ip igmp snooping Use this command to enable IGMP snooping on this switch. Use the no form to disable it.
b_mgmt.book Page 150 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE ip igmp snooping vlan static Use this command to add a port to a multicast group. Use the no form to remove the port. Syntax ip igmp snooping vlan vlan-id static ip-address interface no ip igmp snooping vlan vlan-id static ip-address interface • vlan-id - VLAN ID (Range: 1-4094) • ip-address - IP address for multicast group • interface • ethernet unit/port - unit - This is device 1. - port - Port number.
b_mgmt.book Page 151 Tuesday, July 8, 2003 5:24 PM IGMP SNOOPING COMMANDS ip igmp snooping version Use this command to configure the IGMP snooping version. Use the no form to restore the default. Syntax ip igmp snooping version {1 | 2} no ip igmp snooping version • 1 - IGMP Version 1 • 2 - IGMP Version 2 Default Setting IGMP Version 2 Command Mode Global Configuration Command Usage • All systems on the subnet must support the same version.
b_mgmt.book Page 152 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE show ip igmp snooping Use this command to show the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Parameters” on page 2-113 for a description of the displayed items.
b_mgmt.book Page 153 Tuesday, July 8, 2003 5:24 PM IGMP SNOOPING COMMANDS Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER, depending on selected options. Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: Console#show mac-address-table multicast vlan 1 igmp-snooping VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------1 224.1.2.
b_mgmt.book Page 154 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic. Example Console(config)#ip igmp snooping querier Console(config)# ip igmp snooping query-count Use this command to configure the query count. Use the no form to restore the default.
b_mgmt.book Page 155 Tuesday, July 8, 2003 5:24 PM IGMP SNOOPING COMMANDS Example The following shows how to configure the query count to 10: Console(config)#ip igmp snooping query-count 10 Console(config)# ip igmp snooping query-interval Use this command to configure the snooping query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages.
b_mgmt.book Page 156 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE ip igmp snooping query-max-response-time Use this command to configure the snooping report delay. Use the no form of this command to restore the default. Syntax ip igmp snooping query-max-response-time seconds no ip igmp snooping query-max-response-time seconds - The report delay advertised in IGMP queries.
b_mgmt.book Page 157 Tuesday, July 8, 2003 5:24 PM IGMP SNOOPING COMMANDS Related Commands ip igmp snooping version (3-151) ip igmp snooping router-port-expire-time Use this command to configure the snooping query timeout. Use the no form of this command to restore the default. Syntax ip igmp snooping router-port-expire-time seconds no ip igmp snooping router-port-expire-time seconds - The time the switch waits after the previous querier stops before it considers the router port (i.e.
b_mgmt.book Page 158 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE ip igmp snooping vlan mrouter Use this command to statically configure a multicast router port. Use the no form to remove the configuration. Syntax ip igmp snooping vlan vlan-id mrouter interface no ip igmp snooping vlan vlan-id mrouter interface • vlan-id - VLAN ID (Range: 1-4094) • interface • ethernet unit/port - unit - This is device 1. - port - Port number.
b_mgmt.book Page 159 Tuesday, July 8, 2003 5:24 PM IGMP SNOOPING COMMANDS show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic.
b_mgmt.book Page 160 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
b_mgmt.book Page 161 Tuesday, July 8, 2003 5:24 PM PRIORITY COMMANDS Command Function Mode Page show map ip precedence Shows the IP precedence map PE 3-171 show map ip dscp Shows the IP DSCP map PE 3-172 switchport priority default Use this command to set a priority for incoming untagged frames, or the priority of frames received by the device connected to the specified interface. Use the no form to restore the default value.
b_mgmt.book Page 162 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • This switch provides four priority queues for each port. It is configured to use Weighted Round Robin, which can be viewed with the queue bandwidth command. Inbound frames that do not have VLAN tags are tagged with the input port’s default ingress user priority, and then placed in the appropriate priority queue at the output port. The default priority for all ingress ports is zero.
b_mgmt.book Page 163 Tuesday, July 8, 2003 5:24 PM PRIORITY COMMANDS Command Mode Global Configuration Command Usage WRR allows bandwidth sharing at the egress port by defining scheduling weights.
b_mgmt.book Page 164 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Default Setting This switch supports Class of Service by using four priority queues, with Weighted Round Robin for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table.
b_mgmt.
b_mgmt.book Page 166 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE show queue cos-map Use this command to show the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
b_mgmt.book Page 167 Tuesday, July 8, 2003 5:24 PM PRIORITY COMMANDS Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type.
b_mgmt.book Page 168 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Default Setting The list below shows the default priority mapping. IP Precedence Value CoS Value 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Precedence or IP DSCP, and default switchport priority.
b_mgmt.book Page 169 Tuesday, July 8, 2003 5:24 PM PRIORITY COMMANDS map ip dscp (Global Configuration) Use this command to enable IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax map ip dscp no map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled.
b_mgmt.book Page 170 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE map ip dscp (Interface Configuration) Use this command to set IP DSCP priority (i.e., Differentiated Services Code Point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp • dscp-value - 8-bit DSCP value. (Range: 0-255) • cos-value - Class-of-Service value (Range: 0-7) Default Setting The list below shows the default priority mapping.
b_mgmt.book Page 171 Tuesday, July 8, 2003 5:24 PM PRIORITY COMMANDS Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p standard, and then mapped to the queue defaults. • This command sets the DSCP Priority for all interfaces.
b_mgmt.book Page 172 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Example Console#show map ip precedence ethernet 1/5 Precedence mapping status: disabled Port Precedence COS --------- ---------- --Eth 1/ 5 0 0 Eth 1/ 5 1 1 Eth 1/ 5 2 2 Eth 1/ 5 3 3 Eth 1/ 5 4 4 Eth 1/ 5 5 5 Eth 1/ 5 6 6 Eth 1/ 5 7 7 Console# Related Commands map ip precedence (Global Configuration) (3-166) map ip precedence (Interface Configuration) (3-167) show map ip dscp Use this command to show the IP DSCP priority map.
b_mgmt.book Page 173 Tuesday, July 8, 2003 5:24 PM PRIORITY COMMANDS Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 . . .
b_mgmt.book Page 174 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Mirror Port Commands This section describes how to configure port mirror sessions. Command Function Mode Page port monitor Configures a mirror session IC 3-174 show port monitor Shows the configuration for a mirror port PE 3-175 port monitor Use this command to configure a mirror session. Use the no form to clear a mirror session.
b_mgmt.book Page 175 Tuesday, July 8, 2003 5:24 PM MIRROR PORT COMMANDS Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner. • The destination port is set by specifying an Ethernet interface.
b_mgmt.book Page 176 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE Default Setting Shows all sessions. Command Mode Privileged Exec Command Usage This command displays the currently configured source port, destination port, and mirror mode (i.e., RX, TX, RX/TX).
b_mgmt.book Page 177 Tuesday, July 8, 2003 5:24 PM PORT TRUNKING COMMANDS Port Trunking Commands Ports can be statically grouped into an aggregate link to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP), also known as 802.1ad, to automatically negotiate a trunk link between this switch and another network device. For static trunks, the switches have to be compatible with the Cisco EtherChannel standard.
b_mgmt.book Page 178 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • All ports in a trunk must consist of the same media type (i.e., twisted-pair or fiber). • All ports in a trunk must be configured in an identical manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings. • All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specified port-channel.
b_mgmt.book Page 179 Tuesday, July 8, 2003 5:24 PM PORT TRUNKING COMMANDS • The maximum number of ports that can be combined as a static trunk is four 10/100 Mbps ports, and two 1000 Mbps ports. • All links in a trunk must operate at the same data rate and duplex mode.
b_mgmt.book Page 180 Tuesday, July 8, 2003 5:24 PM COMMAND LINE INTERFACE • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. Example The following shows LACP enabled on ports 10-11.
b_mgmt.book Page 1 Tuesday, July 8, 2003 5:24 PM APPENDIX A TROUBLESHOOTING Troubleshooting Chart Troubleshooting Chart Symptom Action Cannot connect using Telnet, Web browser, or SNMP software • Be sure to have configured the agent with a valid IP address, subnet mask and default gateway. • Be sure that your management station has management VLAN access to the switch (default is VLAN 1).
b_mgmt.book Page 2 Tuesday, July 8, 2003 5:24 PM TROUBLESHOOTING Troubleshooting Chart Symptom Action Cannot access the on-board configuration program via a serial port connection • Be sure to have set the terminal emulator program to VT100 compatible, 8 data bits, 1 stop bit, no parity and 9600 bps. Forgot or lost the password • Set the switch to its default configuration. Make a direct connection to the switch’s console port and power cycle the switch.
b_mgmt.book Page 1 Tuesday, July 8, 2003 5:24 PM APPENDIX B UPGRADING FIRMWARE VIA THE SERIAL PORT The switch contains three firmware components that can be upgraded; the diagnostics (or Boot-ROM) code, runtime operation code, and the loader code. The runtime code can be upgraded via the switch’s RS-232 serial console port, via a network connection to a TFTP server, or using SNMP management software. The diagnostics and loader code can be upgraded only via the switch’s RS-232 serial console port.
b_mgmt.book Page 2 Tuesday, July 8, 2003 5:24 PM UPGRADING FIRMWARE VIA THE SERIAL PORT 4. When the switch initialization screen appears, enter firmware-download mode by pressing immediately after power on. Screen text similar to that shown below displays: File Name --------------------------------$certificate $logfile_1 Factory_Default_Config.cfg diag_1000 r_20019 set-ip.
b_mgmt.book Page 3 Tuesday, July 8, 2003 5:24 PM You can store a maximum of only two runtime and two diagnostic code files in the switch’s flash memory. Use the [D]elete File command to remove a runtime or diagnostic file. 9. Press to start to download the new code file. If using Windows HyperTerminal, click the “Transfer” button, and then click “Send File....” Select the XModem Protocol and then use the “Browse” button to select the required firmware code file from your PC system.
b_mgmt.book Page 4 Tuesday, July 8, 2003 5:24 PM UPGRADING FIRMWARE VIA THE SERIAL PORT For example, the following screen text shows the download procedure for a runtime code file: Select> Xmodem Receiving Start :: Image downloaded to buffer. [R]untime [D]iagnostic [L]oader (Warning: you sure what you are doing?) Update Image File:r Diagnostic Image Filename : r_20019 Updating file system. File system updated. [Press any key to continue] 12.
b_mgmt.book Page 1 Tuesday, July 8, 2003 5:24 PM GLOSSARY 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3, 4, or 5 UTP cable. 100BASE-TX IEEE 802.3u specification for 100 Mbps Fast Ethernet over two pairs of Category 5 UTP cable. 1000BASE-T IEEE 802.3ab specification for Gigabit Ethernet over two pairs of Category 5, 5e, or 6 100-ohm UTP cable. 1000BASE-X IEEE 802.3 shorthand term for any 1000 Mbps Gigabit Ethernet based on 8B/10B signaling.
b_mgmt.book Page 2 Tuesday, July 8, 2003 5:24 PM GLOSSARY Collision Domain Single CSMA/CD LAN segment. CSMA/CD Carrier Sense Multiple Access/Collision Detect is the communication method employed by Ethernet and Fast Ethernet. Dynamic Host Control Protocol (DHCP) Provides a framework for passing configuration information to hosts on a TCP/IP network.
b_mgmt.book Page 3 Tuesday, July 8, 2003 5:24 PM GLOSSARY GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network.
b_mgmt.book Page 4 Tuesday, July 8, 2003 5:24 PM GLOSSARY IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value. IEEE 802.3 Defines carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications. IEEE 802.
b_mgmt.book Page 5 Tuesday, July 8, 2003 5:24 PM GLOSSARY Internet Control Message Protocol (ICMP) Commonly used to send echo messages (i.e., Ping) for monitoring purposes. Internet Group Management Protocol (IGMP) A protocol through which hosts can register with their local router for multicast services. If there is more than one multicast router on a given subnetwork, one of the routers is made the “querier” and assumes responsibility for keeping track of group membership.
b_mgmt.book Page 6 Tuesday, July 8, 2003 5:24 PM GLOSSARY Media Access Control (MAC) A portion of the networking protocol that governs access to the transmission medium, facilitating the exchange of data between network nodes. Management Information Base (MIB) An acronym for Management Information Base. It is a set of database objects that contains information about a specific device.
b_mgmt.book Page 7 Tuesday, July 8, 2003 5:24 PM GLOSSARY Spanning Tree Protocol (STP) A technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network. Telnet Defines a remote communication facility for interfacing to a terminal device over TCP/IP.
b_mgmt.
b_mgmt.book Page 1 Tuesday, July 8, 2003 5:24 PM INDEX Numerics firmware, upgrading 2-26 802.
b_mgmt.
b_mgmt.
b_mgmt.book Page 2 Tuesday, July 8, 2003 5:24 PM FOR TECHNICAL SUPPORT, CALL: From U.S.A. and Canada (24 hours a day, 7 days a week) (800) SMC-4-YOU; (949) 679-8000; Fax: (949) 679-1481 From Europe (8:00 AM - 5:30 PM UK Time) 44 (0) 118 974 8700; Fax: 44 (0) 118 974 8701 INTERNET E-mail addresses: techsupport@smc.com european.techsupport@smc-europe.com support@smc-asia.com Driver updates: http://www.smc.com/index.cfm?action=tech_support_drivers_downloads World Wide Web: http://www.smc.com http://www.