Enterasys Matrix-V V2H124-24P, Configuration Manual

Page 1: ...P N 9033925 06 Matrix V Series V2H124 24 V2H124 24FX and V2H124 24P Fast Ethernet Switch Configuration Guide...

Page 2: ......

Page 3: ...E OR THE INFORMATION CONTAINED IN THEM EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover M...

Page 4: ...ON BEHALF OF THE END USER IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE AUTHORIZED TO ACT YOU AND YOUR SHALL BE DEEMED TO REFER TO SUCH ENTITY AND THAT YOU AGREE THAT YOU ARE BOUND BY THE TERM...

Page 5: ...gram is exported from the United States pursuant to the License Exception TSR under the U S Export Administration Regulations in addition to the restriction on transfer set forth in Sections 1 or 2 of...

Page 6: ...showing i license fees due and paid and ii the use copying and deployment of the Program You also grant to Enterasys and its authorized representatives upon reasonable notice the right to audit and ex...

Page 7: ...a breach of this Agreement 12 WAIVER A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent...

Page 8: ...Notice vi...

Page 9: ...ic Configuration 2 4 Console Connection 2 4 Setting Passwords 2 5 Setting an IP Address 2 6 Manual Configuration 2 6 Dynamic Configuration 2 7 Enabling SNMP Management Access 2 8 Community Strings for...

Page 10: ...n 3 33 Setting the Time Zone 3 34 Configuring SNMP 3 35 Enabling SNMP 3 36 Setting Community Access Strings 3 37 Specifying Trap Managers 3 38 Configuring SNMPv3 Management Access 3 39 Setting an Engi...

Page 11: ...s 3 89 Creating Trunk Groups 3 90 Statically Configuring a Trunk 3 91 Enabling LACP on Selected Ports 3 93 Configuring LACP Parameters 3 94 Displaying LACP Port Counters 3 97 Displaying LACP Settings...

Page 12: ...the Default Priority for Interfaces 3 156 Mapping CoS Values to Egress Queues 3 157 Selecting the Queue Mode 3 159 Setting the Service Weight for Traffic Classes 3 159 Layer 3 4 Priority Settings 3 1...

Page 13: ...Negating the Effect of Commands 4 5 Using Command History 4 5 Understanding Command Modes 4 5 Exec Commands 4 6 Configuration Commands 4 6 Command Line Processing 4 7 Command Groups 4 8 Line Commands...

Page 14: ...Commands 4 34 ip ssh server 4 36 ip ssh timeout 4 37 ip ssh authentication retries 4 37 ip ssh server key size 4 38 delete public key 4 38 ip ssh crypto host key generate 4 39 ip ssh crypto zeroize 4...

Page 15: ...4 66 copy 4 66 delete 4 69 dir 4 70 whichboot 4 71 boot system 4 71 Cabletron Discovery Protocol CDP 4 72 cdp authentication key 4 72 cdp holdtime 4 73 cdp timer 4 74 cdp Global Configuration 4 74 cdp...

Page 16: ...ty Commands 4 98 port security 4 98 802 1x Port Authentication 4 99 dot1x system auth control 4 100 dot1x default 4 101 dot1x max req 4 101 dot1x port control 4 102 dot1x operation mode 4 102 dot1x re...

Page 17: ...132 mac access group 4 132 show mac access group 4 133 map access list mac 4 133 show map access list mac 4 134 match access list mac 4 134 ACL Information 4 135 show access list 4 135 show access lis...

Page 18: ...Interface 4 168 lacp admin key Port Channel 4 169 lacp port priority 4 170 show lacp 4 170 Address Table Commands 4 174 mac address table static 4 174 clear mac address table dynamic 4 175 show mac a...

Page 19: ...nterface vlan 4 200 switchport mode 4 201 switchport acceptable frame types 4 202 switchport ingress filtering 4 202 switchport native vlan 4 203 switchport allowed vlan 4 204 switchport forbidden vla...

Page 20: ...ast 4 227 IGMP Query Commands Layer 2 4 228 ip igmp snooping querier 4 228 ip igmp snooping query count 4 229 ip igmp snooping query interval 4 230 ip igmp snooping query max response time 4 230 ip ig...

Page 21: ...eshooting A 1 Problems Accessing the Management Interface A 1 Using System Logs A 2 Appendix B Software Specifications B 1 Software Features B 1 Management Features B 2 Standards B 2 Management Inform...

Page 22: ...Contents xx...

Page 23: ...163 Table 3 17 Egress Queue Priority Mapping 3 168 Table 4 1 Command Modes 4 5 Table 4 2 Configuration Commands 4 7 Table 4 3 Keystroke Commands 4 7 Table 4 4 Command Group Index 4 8 Table 4 5 Line Co...

Page 24: ...4 44 SNMP Engine ID 4 144 Table 4 45 SNMP View 4 145 Table 4 46 Show SNMP Group display description 4 147 Table 4 47 SNMP User 4 149 Table 4 48 Interface Commands 4 150 Table 4 49 Show Interfaces Swit...

Page 25: ...Snooping Commands 4 225 Table 4 71 IGMP Query Commands Layer 2 4 228 Table 4 72 Static Multicast Routing Commands 4 232 Table 4 73 IP Interface Command Syntax 4 233 Table 4 74 DNS Commands 4 238 Table...

Page 26: ...Tables xxiv...

Page 27: ...ch 3 32 Figure 3 20 Configuring SNTP 3 33 Figure 3 21 Setting the Time Zone 3 34 Figure 3 22 Enabling the SNMP Agent 3 36 Figure 3 23 Configuring SNMP Community Strings 3 37 Figure 3 24 Configuring SN...

Page 28: ...rror Port 3 104 Figure 3 64 Configuring Output Port Rate Limiting 3 105 Figure 3 65 Displaying Port Statistics 3 108 Figure 3 66 Displaying Etherlike and RMON Statistics 3 109 Figure 3 67 Globally Con...

Page 29: ...cedence to Class of Service Values 3 162 Figure 3 100 IP DSCP Priority 3 164 Figure 3 101 Globally Enabling the IP Port Priority Status 3 165 Figure 3 102 IP Port Priority 3 165 Figure 3 103 Mapping P...

Page 30: ...Figures xxviii...

Page 31: ...up to 32 IP or MAC ACLs DHCP Client Supported DNS Server Supported Port Configuration Speed duplex mode and flow control Rate Limiting Input and output rate limiting per port Port Mirroring One or mo...

Page 32: ...r can be verified via a remote authentication server i e RADIUS or TACACS Port based and MAC based authentication is also supported via the IEEE 802 1x protocol This protocol uses the Extensible Authe...

Page 33: ...ion and provide redundancy by taking over the load if a port in the trunk should fail The switch supports up to 6 trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from o...

Page 34: ...ides for even faster convergence than RSTP by limiting the size of each region and prevents VLAN members from being segmented from the rest of the group as sometimes occurs with IEEE 802 1D STP Virtua...

Page 35: ...s IGMP Snooping and Query to manage multicast group registration System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defa...

Page 36: ...Cabletron Discovery Protocol Status Auto enabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP Disabled Broadcast Storm Protection Status Enabled all ports Broa...

Page 37: ...nagement VLAN 1 IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Enabed BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Disabled System Log Status Enable...

Page 38: ...Introduction 1 8 1...

Page 39: ...o the network The switch s management agent is based on SNMP Simple Network Management Protocol version 3 This SNMP agent permits the switch to be managed from any system in the network using manageme...

Page 40: ...g to the Console Port on page 3 8 of the Hardware Configuration Guide To connect a terminal to the console port complete the following steps 1 Connect the console cable to the serial port on a termina...

Page 41: ...IP parameters you can access the onboard configuration program from anywhere within the attached network The onboard configuration program can be accessed using Telnet from any computer attached to th...

Page 42: ...All units in the stack must be connected via stacking cables Note A single point of failure in a unit will cause the stack to break apart and units will become independent switches Resilient IP Inter...

Page 43: ...you should define new passwords for both default user names using the username command record them and put them in a safe place Passwords can consist of up to 8 alphanumeric characters and are case s...

Page 44: ...fault gateway that resides between this device and management stations that exist on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything o...

Page 45: ...1 From the Privileged Exec level global configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of...

Page 46: ...community string that provides read write access to the entire MIB tree However you may assign new views to version 1 or 2c community strings that suit your specific security requirements Community St...

Page 47: ...r community string specifies access rights for a version 1 2c host or is the user name of a version 3 host version indicates the SNMP client version and auth noauth priv means that authentication no a...

Page 48: ...itch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the curren...

Page 49: ...iagnostic code files However you can have as many configuration files as available flash memory space allows In the system flash memory one file of each type must be set as the start up file During a...

Page 50: ...Initial Configuration 2 12 2...

Page 51: ...tion Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program See Configuring User Accounts on page 3 46 3 After you enter a user name and passwo...

Page 52: ...t side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 3 1 Home Page Configura...

Page 53: ...the Port Configuration page as described on page 3 89 Figure 3 2 Ports Panel Indicators Main Menu Using the onboard Web agent you can define system parameters manage and control the switch and all it...

Page 54: ...40 Groups Configures SNMP v3 groups 3 42 Views Configures SNMP v3 views 3 44 Security 3 46 User Accounts Configures user names and passwords 3 46 Authentication Settings Configures authentication sequ...

Page 55: ...ion settings 3 89 Trunk Configuration Configures trunk connection settings 3 89 Trunk Membership Specifies ports to group into static trunks 3 91 LACP 3 93 Configuration Allows ports to dynamically jo...

Page 56: ...Sets timeout for dynamically learned entries 3 122 Spanning Tree 3 123 STA Information Displays STA values used for the bridge 3 123 Configuration Configures global bridge settings for STA 3 123 Port...

Page 57: ...3 159 Queue Scheduling Configures Weighted Round Robin queueing 3 159 IPPrecedence DSCPPriority Status Globally selects IP Precedence or DSCP Priority or disables both 3 161 IP Precedence Priority Set...

Page 58: ...secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface Telnet server Shows if management access via Telnet is enabled Telne...

Page 59: ...System Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that access the Command Line Interfac...

Page 60: ...Series 4 25 Console config snmp server location TPS 2nd Floor 4 140 Console config snmp server contact David 4 140 Console show system System description Enterasys Networks Inc V2H124 24 SW version V...

Page 61: ...Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave Expansion Slot Expansion Slot 1 2 Slo...

Page 62: ...ddresses Refer to Setting Static Addresses on page 3 120 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging Thi...

Page 63: ...Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Figure 3 5 Bridge Extension Capabilities CLI Enter the following command Console show...

Page 64: ...ement station can be connected to any port on the switch However if other VLANs are configured and you change the Management VLAN you may lose management access to the switch In this case you should r...

Page 65: ...enter the IP address subnet mask and gateway then click Apply Figure 3 6 VLAN IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interfa...

Page 66: ...he switch will also broadcast a request for IP configuration settings on each power reset Figure 3 7 IP Configuration Note If you lose your management connection use a console connection and enter sho...

Page 67: ...ed The switch also allows a runtime code file to be copied to or from another switch unit in the stack Command Attributes File Transfer Method The firmware copy operation includes these options file t...

Page 68: ...the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the cu...

Page 69: ...stination file names When the file has completed the download set the new file to start up the system and then restart the switch To start the new firmware enter the reload command or reboot the syste...

Page 70: ...e startup configuration to a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP serve...

Page 71: ...config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then click Apply Fig...

Page 72: ...er unit in the stack Console copy tftp startup config 4 66 TFTP server ip address 192 168 1 19 Source configuration file name config 1 Startup configuration file name startup Write to FLASH Programmin...

Page 73: ...3 attempts Silent Time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded Range 0 65535 Default 0 Data Bits Sets the numbe...

Page 74: ...e password 0 secret 4 12 Console config line timeout login response 0 4 13 Console config line exec timeout 0 4 13 Console config line password thresh 5 4 14 Console config line silent time 60 4 15 Co...

Page 75: ...ected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold whi...

Page 76: ...ded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be l...

Page 77: ...Use the show logging command to display the current settings Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice N...

Page 78: ...is type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database R...

Page 79: ...entries in permanent flash memory Web Click System Log Logs Figure 3 17 Displaying Logs Console config logging host 192 168 1 7 4 46 Console config logging facility 23 4 46 Console config logging tra...

Page 80: ...yslog severity threshold level see table on page 3 27 used to trigger alert messages All events at this level or higher will be sent to the configured email recipients For example using Level 7 will r...

Page 81: ...o add an IP address to the SMTP Server List type the new IP address in the SMTP Server text box and then click Add To delete an IP address click the entry in the SMTP Server List and then click Remove...

Page 82: ...CLI Use the reload command to reboot the system Note When restarting the system it always runs the Power On Self Test Console config logging sendmail host 192 168 1 4 4 50 Console config logging sendm...

Page 83: ...d the switch periodically sends a request for a time update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the config...

Page 84: ...ent time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zo...

Page 85: ...ent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as HP OpenView...

Page 86: ...ity string only v1 noAuthNoPriv DefaultRWGroup defaultview defaultview Community string only v1 noAuthNoPriv user defined user defined user defined Community string only v2c noAuthNoPriv DefaultROGrou...

Page 87: ...t acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the access r...

Page 88: ...s string in the Trap Managers table we recommend that you define this string in the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for...

Page 89: ...age replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is autom...

Page 90: ...ed for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the...

Page 91: ...assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a...

Page 92: ...v There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model Auth...

Page 93: ...oup In the New Group page define a name assign a security model and level and then select read and write views Click Add to save the new group and return to the Groups list To delete a group check the...

Page 94: ...e currently configured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows you to configure the object identifiers of branches within the MIB tree Wil...

Page 95: ...o be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the current configuration or click o...

Page 96: ...IP Filter Filters management access to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write...

Page 97: ...sitive Change Password Sets a new password to overwrite an old password for the specified user name Web Click Security User Accounts To configure a new user account specify a user name select the user...

Page 98: ...e packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the auth...

Page 99: ...rk UDP port of authentication server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces...

Page 100: ...ings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if selected and cli...

Page 101: ...in radius 4 84 Console config radius server port 181 4 88 Console config radius server key green 4 88 Console config radius server retransmit 5 4 89 Console config radius server timeout 10 4 89 Consol...

Page 102: ...tings The AAA Group Settings define the configured RADIUS servers to use for accounting Command Attributes Group Name Defines a name for the RADIUS server group 1 7 characters Server Index Spefies the...

Page 103: ...Update Periodic Specifies the intervals at which the accounting service updates information Default Disabled Range 1 2147483647 minutes Web Click Security AAA Accounting Update Enter the required upd...

Page 104: ...od Name Specifies a user defined method name to apply to the port trunk This method must be defined in the AAA Accounting Settings page 3 51 Web Click Security AAA Accounting Update Enter the required...

Page 105: ...counting list to it AAA Accounting Summary This feature displays all accounting information by port and trunk including user statistics Command Attributes AAA Accounting Summary Accounting Type Displa...

Page 106: ...l HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Command Usage Both the HTTP and HTTPS service can be enabled independently on...

Page 107: ...t Secure site Certificate on page 3 58 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP po...

Page 108: ...To reset the switch type Console reload Configuring the Secure Shell The Berkley standard includes remote access tools originally designed for Unix systems Some of these tools have also been implement...

Page 109: ...e 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 595664...

Page 110: ...sions Generating the Host Key Pair A host public private key pair is used to provide secure communications between an SSH client and the switch After generating this key pair you must provide the host...

Page 111: ...5935281260886486920309120838308842685861913351056036315022893 42067641736107446339591392060353248749664209296828112126705467393904568659 910458707018425016204304972482486490908817815271698606574815746...

Page 112: ...Range 1 to 120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart...

Page 113: ...pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table see Setting Static Addresses on page 3 120 When the port has reach...

Page 114: ...les or disables port security on the port Default Disabled Max MAC Count The maximum number of MAC addresses that can be learned on a port Range 0 1024 Trunk Trunk number if port is a member Web Click...

Page 115: ...contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and...

Page 116: ...protocol must be enabled globally for the switch system before port settings are active Command Attributes 802 1x System Authentication Control The global setting for 802 1x Default Disabled Web To di...

Page 117: ...ent to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise...

Page 118: ...econds TX Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is au...

Page 119: ...m auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto n a 1 25 disabled Single Host ForceA...

Page 120: ...The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authent...

Page 121: ...aying 802 1x Statistics CLI This example displays the 802 1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 105 Eth 1 4 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logof...

Page 122: ...rent sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When enteri...

Page 123: ...agement telnet client 192 168 1 19 4 28 Console config management telnet client 192 168 1 25 192 168 1 30 Console config management snmp client 10 1 2 3 255 255 255 255 4 28 Console config end Console...

Page 124: ...n have up to 32 rules The maximum number of ACLs is also 32 However due to resource restrictions the average number of rules bound to the ports should not exceed 20 You must configure a mask for an AC...

Page 125: ...he Ethernet frame type RFC 1060 Web Click Security ACL ACL Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration...

Page 126: ...ssigned Web Specify the action i e Permit or Deny Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address...

Page 127: ...s where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified protocol type Range 0 65535 Source...

Page 128: ...ing packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes throug...

Page 129: ...ge 1 4095 VID Bitmask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can b...

Page 130: ...lect MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 49 Configuring MAC ACLs...

Page 131: ...assigned to an ACL mask Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the...

Page 132: ...tination IP address Use Any to match any address Host to specify a host address not a subnet or IP to specify a range of addresses Options Any Host IP Default Any Source Destination Subnet Mask Subnet...

Page 133: ...is shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny...

Page 134: ...ource Destination Bitmask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bitmask Ethernet type of rule must match this bitmask Packet Format...

Page 135: ...tch does not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs If these rules are included in the ACL and you attempt to bind the ACL to an interface for egress check...

Page 136: ...nnection status including link state speed duplex mode flow control and auto negotiation Command Attributes Web Name Interface label Type Indicates the port type 10BASE T 100BASE TX 100BASE FX S 100BA...

Page 137: ...000BASE LX 1000BASE GBIC 1000BASE SFP MAC address The physical layer address for this port To access this item on the web see Setting the IP Address on page 3 14 Configuration Name Interface label Por...

Page 138: ...shutdown trap trap and shutdown Current status Link Status Indicates if the link is up or down Operation speed duplex Shows the current speed and duplex mode Flow control type Indicates the type of f...

Page 139: ...peration 100half Supports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Gigabit only When specified the port tran...

Page 140: ...rol Protocol LACP Static trunks have to be manually configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can au...

Page 141: ...th up to eight ports per trunk The ports at both ends of a connection must be configured as trunk ports When configuring static trunks on switches of different types they must be compatible with the C...

Page 142: ...nterface port channel 2 4 151 Console config if exit Console config interface ethernet 1 1 4 151 Console config if channel group 2 4 165 Console config if exit Console config interface ethernet 1 2 Co...

Page 143: ...ext available trunk ID If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active li...

Page 144: ...of 0 this key is set to the same value as the port admin key used by the interfaces that joined the group lacp admin key as described in this section and on page 4 168 Console config interface ethern...

Page 145: ...s identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Ra...

Page 146: ...optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link...

Page 147: ...2768 00 30 F1 B0 E7 A0 2 32768 00 30 F1 B0 E7 A0 3 32768 00 30 F1 B0 E7 A0 4 32768 00 30 F1 B0 E7 A0 5 32768 00 30 F1 B0 E7 A0 6 32768 00 30 F1 B0 E7 A0 Console show lacp 1 internal 4 170 Channel grou...

Page 148: ...cal side of an link aggregation Internal Configuration Information Console show 1 lacp counters 4 170 Channel group 1 Eth 1 1 LACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker Received 0 LACPDU...

Page 149: ...ence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to b...

Page 150: ...3 9 LACP Remote Side Settings Field Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partne...

Page 151: ...e side of port channel 1 Console show 1 lacp neighbors 4 170 Channel group 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Ad...

Page 152: ...ny broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 500 packets per second Broadcast contro...

Page 153: ...ions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both...

Page 154: ...rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic coming out of the switch Traffic that falls within the rat...

Page 155: ...l as a detailed breakdown of traffic based on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify pote...

Page 156: ...erface including framing characters Transmit Unicast Packets The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were...

Page 157: ...or which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped due to lack of res...

Page 158: ...had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS oc...

Page 159: ...Port Configuration 3 109 3 Figure 3 66 Displaying Etherlike and RMON Statistics...

Page 160: ...CDP setting Any CDP packets received are flooded to all other ports Console show interfaces counters ethernet 1 13 4 159 Ethernet 1 13 Iftable stats Octets input 868453 Octets output 3492122 Unicast...

Page 161: ...ntication Key A code string that defines the CDP domain to which the switch belongs A CDP domain is a logical grouping of devices that exchange CDP packets If the switch receives a CDP packet with a d...

Page 162: ...ts CDP packets received are discarded unless the CDP global setting is disabled in which case they are flooded to other ports Auto Enabled The port sends and receives CDP packets If the global CDP set...

Page 163: ...rface The port on which the device is connected Hold Time The time the switch waits for an update CDP packet from neighbor devices before aging out the entry If a neighbor device has a longer Hold Tim...

Page 164: ...way Protocol ospf 4 The connected device performs routing using Open Shortest Path First dvmrp 5 The connected device performs routing using Distance Vector Multicast Routing Protocol IEEE 802 1q 6 Th...

Page 165: ...s Count of errors made by the deivce while tryng to send CDP packets Parse Error Packets Count of CDP packets received by the device that could not be parsed Memory Error Packets Count of memory error...

Page 166: ...pplied Ports can be set to one of three power priority levels critical high or low To control power supply within the switch s budget ports set at critical or high priority have power enabled in prefe...

Page 167: ...he power budget setting the switch uses port power priority settings to limit the supplied power Command Attributes Power Allocation The power budget for the switch If devices connected to the switch...

Page 168: ...t The port number Admin Status The administrative status of PoE power on the port Default Enabled Mode The current operating status of PoE power on the port Power Allocation The configured power budge...

Page 169: ...ps power to one or more lower priority ports Note Power is dropped from low priority ports in sequence starting from port number 1 Command Attributes Port The port number on the switch Admin Status En...

Page 170: ...ic port Setting Static Addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static addres...

Page 171: ...ddress for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes...

Page 172: ...example also displays the address table entries for port 11 Changing the Aging Time You can change the aging time for entries in the dynamic address table Command Attributes Aging Status Enables or d...

Page 173: ...Protocol IEEE 802 1w MSTP Multiple Spanning Tree Protocol IEEE 802 1s STA uses a distributed algorithm to select a bridging device STA compliant switch bridge or router that serves as the root of the...

Page 174: ...structure when reconfiguration occurs When using STP or RSTP it may be difficult to maintain a stable path between all VLAN members Frequent changes in the tree structure can easily isolate some of th...

Page 175: ...iority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device Root Port The number of the port on this switch that is closest to the root This switch commu...

Page 176: ...ry device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a disca...

Page 177: ...ocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration de...

Page 178: ...t device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then b...

Page 179: ...o determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that ran...

Page 180: ...Configuring the Switch 3 130 3 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 80 Configuring the Spanning Tree Algorithm...

Page 181: ...s and the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this port has...

Page 182: ...nnecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is the MSTI regional root i e master port or is an alternate or backu...

Page 183: ...MAC address of the device in the Spanning Tree that this switch has accepted as the root device Fast forwarding This field provides the same information as Admin Edge port and is only included for bac...

Page 184: ...ree ethernet 1 5 4 196 Eth 1 5 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 200000 Designated port 128 5...

Page 185: ...Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in th...

Page 186: ...also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Default Disabled Migration If at any time the switch...

Page 187: ...nning Tree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration page 3 123 2 Enter the spanning tree priority for the selected MST instance MSTP VLAN Configuration 3 A...

Page 188: ...MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identi...

Page 189: ...gnated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information A...

Page 190: ...in the selected MST instance Field Attributes MST Instance ID Instance identifier to configure Range 0 57 Default 0 The other attributes are described under Displaying Interface Settings page 3 131 We...

Page 191: ...ay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of...

Page 192: ...57 Default 0 Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value...

Page 193: ...r the priority and path cost for an interface and click Apply Figure 3 86 MSTP Port Configuration CLI This example sets the MSTP attributes for port 4 Console config interface ethernet 1 4 4 151 Conso...

Page 194: ...LANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255...

Page 195: ...ged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs config...

Page 196: ...s VLAN Index on page 3 150 But you can still enable GVRP on these edge switches as well as on the core switches in the network Forwarding Tagged Untagged Frames If you want to create a small port base...

Page 197: ...s Enable or disable GVRP and click Apply Figure 3 87 Displaying Bridge Extension Capabilities Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basi...

Page 198: ...s created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VLAN port membe...

Page 199: ...VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN...

Page 200: ...n also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index page 3 152 However note that this configuration page can only add ports to a VLAN as tagged members...

Page 201: ...that is carry a tag and therefore carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore no...

Page 202: ...for which the selected interface is a tagged member Non Member VLANs for which the selected interface is not a tagged member Web Open VLAN 802 1Q VLAN VLAN Static Membership Select an interface from t...

Page 203: ...of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to u...

Page 204: ...ries to participate in a VLAN group Range 20 1000 centiseconds Default 20 GARP Leave Timer The interval a port waits before leaving a VLAN group This time should be set to more than twice the join tim...

Page 205: ...sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 1 Console config if switchport acceptable frame types tagged 4 202 Console config if switchport ing...

Page 206: ...e priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies fo...

Page 207: ...tion traffic for your own network Console config interface ethernet 1 3 Console config if switchport priority default 5 4 212 Console config if end Console show interfaces switchport ethernet 1 12 4 1...

Page 208: ...owing example shows how to map CoS values 1 and 2 to CoS priority queue 0 value 0 and 3 to CoS priority queue 1 values 4 and 5 to CoS priority queue 2 and values 6 and 7 to CoS priority queue 3 Mappin...

Page 209: ...riority queues Web Click Priority Queue Mode Select Strict or WRR then click Apply Figure 3 96 Setting the Queue Mode CLI The following sets the queue mode to strict priority service mode Setting the...

Page 210: ...ing Class of Service for Each Ingress Queue CLI The following example shows how to assign WRR weights of 1 4 16 and 64 to the CoS priority queues 0 1 2 and 3 Console config queue bandwidth 1 3 5 7 9 1...

Page 211: ...t queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be en...

Page 212: ...Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Note IP Precedence settings apply to all interfaces Web Cl...

Page 213: ...ompliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are de...

Page 214: ...Figure 3 100 IP DSCP Priority CLI The following example globally enables DSCP Priority service on the switch maps DSCP value 1 to CoS value 0 on port 5 and then displays all the DSCP Priority setting...

Page 215: ...number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply to all interfaces Web Click Prio...

Page 216: ...to all ports on the switch Due to a hardware limitation individual port priority settings are not possible Command Attributes Copy IP Precedence Priority Settings Enables or disables copying IP Prece...

Page 217: ...pping Priority Settings to Ports Trunks CLI The following example shows how to map HTTP traffic to CoS value 0 on port 5 maps IP precedence to CoS 0 to port 6 and enables mapping IP DSCP globally Cons...

Page 218: ...rule Command Attributes Port Port identifier Name Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets matching an IP ACL rule Range 0 7 For information on configuring ACLs...

Page 219: ...02 1Q VLAN tag The 802 1p priority may be set for either Layer 2 or IP frames The IP frame header also includes priority bits in the Type of Service ToS octet The Type of Service octet may contain thr...

Page 220: ...Add Figure 3 105 Changing Priorities Based on ACL Rules CLI This example changes the DSCP priority for packets matching an IP ACL rule and the 802 1p priority for packets matching a MAC ACL rule Conso...

Page 221: ...lled multicast filtering The purpose of IP multicast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast group hos...

Page 222: ...pagates the service requests on to any adjacent multicast switch router to ensure that it will continue to receive the multicast service Note Multicast routers use this information along with a multic...

Page 223: ...splays the current status Console config ip igmp snooping 4 225 Console config ip igmp snooping querier 4 228 Console config ip igmp snooping query count 10 4 229 Console config ip igmp snooping query...

Page 224: ...ch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this swi...

Page 225: ...ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router switch Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Static Mult...

Page 226: ...b Click IGMP IP Multicast Registration Table Select the VLAN ID and and the IP address for a multicast service The switch will display all the ports that are propagating this multicast service Figure...

Page 227: ...to specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propaga...

Page 228: ...formatted with dotted notation you can specify a default domain name or a list of domain names to be tried in sequential order If there is no domain list the default domain name is used If there is a...

Page 229: ...the address of one or more domain name servers to use for name to address resolution Range 1 6 IP addresses Do not include the initial dot that separates the host name from the domain name Web Select...

Page 230: ...table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Field Attributes Host Name Name of a host...

Page 231: ...y Figure 3 112 Mapping IP Addresses to a Host Name CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 5...

Page 232: ...ing a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped t...

Page 233: ...51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POI...

Page 234: ...Configuring the Switch 3 184 3...

Page 235: ...mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to compl...

Page 236: ...t command and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty 0 prompt for the administrator to show that you are u...

Page 237: ...mple to set a password for the administrator enter Console config username admin password 0 smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a comma...

Page 238: ...MAC access list mac address table Configuration of the address table management Management IP filter map Maps priority marking Configuration for packet marking port Port characteristics power Show pow...

Page 239: ...or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configurati...

Page 240: ...is rebooted To store the running configuration in nonvolatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configurat...

Page 241: ...You can also use the following editing keystrokes for command line processing Console configure Console config Table 4 2 Configuration Commands Mode Command Prompt Page Line line console vty Console...

Page 242: ...em Management Controls system logs system passwords user name browser management options and a variety of other system information 4 24 Flash File Manages code image or switch configuration files 4 66...

Page 243: ...port membership for VLAN groups 4 198 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for bridge extension MIB 4 207 Priority Sets port...

Page 244: ...the following command Related Commands show line 4 18 show users 4 63 silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds...

Page 245: ...using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When u...

Page 246: ...e system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password...

Page 247: ...ion is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restore...

Page 248: ...word thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuratio...

Page 249: ...ent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 14 datab...

Page 250: ...parity 4 16 parity Use this command to define generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd p...

Page 251: ...ge Set the speed to match the baud rate of the device connected to the serial port or specify auto Some baud rates available on devices connected to the port might not be supported The system indicate...

Page 252: ...Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example show line Use this co...

Page 253: ...bled Login timeout Disabled Silent time 60 Baudrate auto Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec Console Table...

Page 254: ...enable password 4 27 disable Use this command to return to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet...

Page 255: ...Default Setting None Command Mode Privileged Exec Example Related Commands end 4 22 show history Use this command to show the contents of the command history buffer Default Setting None Command Mode N...

Page 256: ...iguration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire sys...

Page 257: ...n mode and then quit the CLI session quit Use this command to exit the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can...

Page 258: ...ords for management access 4 25 IP Filter Configures IP addresses that are allowed management access 4 28 Web Server Enables management access via a web browser 4 30 Telnet Server Enables management a...

Page 259: ...ment access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 9 user authentication via a remote authentication ser...

Page 260: ...s encrypted password password password The authentication password for the user Maximum length 8 characters 32 encrypted case sensitive Default Setting The default access level is Normal Exec The fact...

Page 261: ...ngth 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 This default password is super Command Mode Global Configuration Command Usage You cannot set a null pa...

Page 262: ...dress the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectivel...

Page 263: ...snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Global Configuration Example Console config management all client 192 168 1 19 Consol...

Page 264: ...this command to allow this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configurat...

Page 265: ...https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set...

Page 266: ...ore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Comma...

Page 267: ...Configuration Example Related Commands ip telnet server 4 33 ip telnet server This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax...

Page 268: ...the commands used to configure the SSH server However note that you also need to install a SSH client on the management station when using this protocol to configure the switch Note The switch suppor...

Page 269: ...254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 5194174677298486546861571773939016477935594230357741...

Page 270: ...ed bytes to the original bytes it sent If the two sets match this means that the client s private key corresponds to an authorized public key and the client is authenticated Note To use SSH with only...

Page 271: ...e client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec t...

Page 272: ...ault Setting 768 bits Command Mode Global Configuration Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at...

Page 273: ...e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration proc...

Page 274: ...39 ip ssh save host key 4 40 no ip ssh server 4 36 ip ssh save host key Use this command to save host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key typ...

Page 275: ...er key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console disconnect 0 Console Ta...

Page 276: ...ryption method used by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and...

Page 277: ...57481574636762465 2720825995018769351534686677 DSA ssh dss AAAAB3NzaC1kc3MAAACBAIZERDhRGM9jKjcjVzgGtlZgHT8QF8NtAA P0nXMtRGc meEAgL0rD37v44dma5cHesl 4tuJ0Nu8BcwxjwMjeCiLXIfb5c4ymD 0eJH64AVP5lhzy4OWp Ul...

Page 278: ...ory 4 45 clear logging 4 47 Table 4 15 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 44 logging history Limits syslog messages saved to switch me...

Page 279: ...ational level 6 0 Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table...

Page 280: ...s the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog...

Page 281: ...Level 3 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a...

Page 282: ...the time stamp message level page 4 45 program module function and event number Example The following example shows sample messages stored in RAM Console show log ram 5 00 01 06 2001 01 01 STA root c...

Page 283: ...h Syslog logging Enabled History logging in FLASH level errors Console show logging ram Syslog logging Enabled History logging in RAM level debugging Console Table 4 17 show logging flash ram display...

Page 284: ...as been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The sever...

Page 285: ...eriodic interval A trap will be triggered if the switch cannot successfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger alert messages Syn...

Page 286: ...email alerts for system errors from level 3 through 0 logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no...

Page 287: ...gging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console show logging sendma...

Page 288: ...time servers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 T...

Page 289: ...mand Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in...

Page 290: ...Related Commands sntp client 4 54 show sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated...

Page 291: ...zone before west of UTC after utc Sets the local time zone after east of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the...

Page 292: ...h year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 month january february march april may june july august september october november december day Day of month R...

Page 293: ...uration file stored in non volatile memory that is used to start up the system Default Setting None Command Mode Privileged Exec Table 4 21 System Status Commands Command Function Mode Page light unit...

Page 294: ...ate VLAN configuration settings for each interface IP address configured for VLANs Spanning tree settings Any configured settings for the console port and Telnet Example Console show startup config bu...

Page 295: ...ng memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and...

Page 296: ...e wait snmp server community private rw snmp server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username...

Page 297: ...ow system System description Enterasys Networks Inc V2H124 24 SW version V2 5 2 1 System OID string 1 3 6 1 4 1 5624 2 1 62 System information System Up time 0 days 1 hours 34 minutes and 7 77 seconds...

Page 298: ...min 15 None guest 0 None Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 00 00 1 VTY 0 admin 0 00 20 192 168 1 10 Web online users Line Remote IP addr Username Idle time h...

Page 299: ...ystem mtu size no system mtu size Specifies the MTU size Range 1500 1548 bytes Default Setting 1500 bytes Command Mode Global Configuration Command Usage The current MTU size can be displayed using th...

Page 300: ...cate public key copy unit file controller Allows you to download new PoE controller code files file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to fro...

Page 301: ...must use startup config as the destination For information on specifying an https certificate see Replacing the Default Secure site Certificate on page 3 58 For information on configuring the switch t...

Page 302: ...file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup c...

Page 303: ...Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted Example This example shows how to delete the test2 cfg con...

Page 304: ...own Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system displays all files File information is shown below Example Table 4 23...

Page 305: ...tax boot system boot rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code The colon is required...

Page 306: ...es in the string Maximum length 16 characters Default Setting null string Console config boot system config startup Console config Table 4 24 CDP Commands Command Group Function Mode Page cdp authenti...

Page 307: ...mand to set the time for retaining information from neighbor devices Use the no form to restore the default setting Syntax cdp holdtime seconds no cdp holdtime seconds The time to wait before aging ou...

Page 308: ...ation Use this command to enable CDP globally for the switch Use the no form to restore the default setting Syntax cdp run auto run disable run no cdp run Enables CDP for the switch Ports process CDP...

Page 309: ...ds and receives CDP packets except when the switch global CDP setting is disabled disable The port never sends CDP packets CDP packets received are discarded unless the CDP global setting is disabled...

Page 310: ...t unit This is device 1 port Port number Command Mode Privileged Executive Example show cdp neighbors Use this command to display CDP neighbor information Syntax show cdp neighbors Command Mode Privil...

Page 311: ...Field Capability Code Description igmp 1 Internet Group Management Protocol is enabled on the transmitting port rip 2 The connected device performs routing using Routing Internet Protocol bgp 3 The co...

Page 312: ...id version 0 Transmit error 0 Parse error 0 Memory error 0 Console Table 4 27 Show CDP Traffic Output Field Description Total packets output input Total number of CDP packets received sent by the devi...

Page 313: ...vailable to all switch ports Use the no form to restore the default setting Syntax power mainpower maximum allocation unit unit watts unit The switch unit in the stack watts The power budget for the s...

Page 314: ...the port into a test mode In test mode the port continuously attempts to detect if a device is connected to the port but does not supply power Default Setting auto Command Mode Interface Configuratio...

Page 315: ...ice is connected to a switch port and the switch detects that it requires more than the maximum power allocated to the port no power is supplied to the device the port power remains off Example power...

Page 316: ...le Related Commands power mainpower maximum allocation 4 79 show power inline status Use this command to display the current power status for all ports or for specific ports Syntax show power inline s...

Page 317: ...ion on the switch in watts Software Version The version of software running on the PoE controller subsystem in the switch This software can be updated using the copy file controller command see page 4...

Page 318: ...best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts...

Page 319: ...thentication method and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command see page 4 19 Use the no form to restore the default Syntax authe...

Page 320: ...control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that req...

Page 321: ...f seconds the switch waits for a reply before resending a request Range 0 2147483647 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 0 214748364...

Page 322: ...and Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_...

Page 323: ...ommand Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default S...

Page 324: ...mt identifies the management privilege level Currently only management logins are supported xx takes one of the following values su for administrator access right privilege level 15 rw for administrat...

Page 325: ...attribute with the value of Framed or Authenticate Only it will send a Fail message to the RADIUS client of IEEE 802 1X authenticator Example Table 4 32 RADIUS Filter ID None Administrative NAS Prompt...

Page 326: ...t 5 Service type disabled Server 1 Server IP address 192 168 1 50 Status enable Communication key with RADIUS server Auth port 6000 Acct port 1813 Retransmit times 2 Request timeout 5 Radius server gr...

Page 327: ...server This command adds a RADIUS server to an AAA server group Use the no form to remove the associated server from the group Syntax server server index index ip address address no radius server serv...

Page 328: ...characters periodic Sends a periodic request for an update Default 0 Range 1 2147483647 minutes start stop Automatically records an authentication starting point and stopping point group Specifies th...

Page 329: ...exec Displays exec accounting records statistics Displays accounting records username Displays accounting records for a specifiable username interface Specifies an interface Default Setting None Comma...

Page 330: ...cs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server network p...

Page 331: ...aces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Defau...

Page 332: ...the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number o...

Page 333: ...bled using the no shutdown command Example The following example enables port security for port 5 and sets the response to a security violation to issue a trap message Related Commands shutdown 4 156...

Page 334: ...st be re authenticated IC 4 104 dot1x timeout tx period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet IC 4 105 show dot1x Shows all d...

Page 335: ...of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count n...

Page 336: ...ommand Mode Interface Configuration Example dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restor...

Page 337: ...sends an EAPOL logoff message Example dot1x re authenticate This command forces re authentication on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit po...

Page 338: ...ample dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod se...

Page 339: ...ed settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit This is device 1 por...

Page 340: ...Max request page 4 101 Quiet period page 4 104 Reauth period page 4 104 Tx period page 4 105 and Port control page 4 102 It also displays the following information Status Authorization status authoriz...

Page 341: ...led Auto yes 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout...

Page 342: ...attributes within the Access Accept field For additional information see section 3 31 in RFC 3580 http www faqs org rfcs rfc3580 html Example vlan auth This command applies information in the VLAN Tu...

Page 343: ...VLAN ID untagged The authenticating port will be added to the current untagged egress list for the returned VLAN ID Default untagged Command Mode Interface Configuration Command Usage If the system vl...

Page 344: ...ts An ACL is a sequential list of permit or deny conditions that apply to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions...

Page 345: ...r of rules bound the ports should not exceed 20 You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule The switch does...

Page 346: ...lters packets meeting the specified criteria including source and destination IP address TCP UDP port number protocol type and TCP control code EXT ACL 4 115 show ip access list Displays the rules for...

Page 347: ...L must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you m...

Page 348: ...one Command Mode Standard ACL Command Usage New rules are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a perio...

Page 349: ...mber A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a...

Page 350: ...to catch packets with the following flags set SYN flag valid use control code 2 2 Both SYN and ACK valid use control code 18 18 SYN valid and ACK invalid use control code 2 18 Example This example acc...

Page 351: ...k precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified IP ACLs Command Mode Global Confi...

Page 352: ...ination bitmask Destination address of rule must match this bitmask precedence Check the IP precedence field tos Check the TOS field dscp Check the DSCP field source port Check the protocol source por...

Page 353: ...o deny access to the IP host 171 69 198 102 and permit access to any others Console config access list ip mask precedence in Console config ip mask acl mask host any Console config ip mask acl mask 25...

Page 354: ...how access list IP extended access list A3 deny host 171 69 198 5 any deny 171 69 198 0 255 255 255 0 any source port 23 Console config Console config access list ip mask precedence out Console config...

Page 355: ...h config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any co...

Page 356: ...ation Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You mu...

Page 357: ...e Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage Command Usage You must configure an ACL mask before you can map CoS values to the rule A packet matching a...

Page 358: ...ity of a frame matching the defined ACL rule This feature is commonly referred to as ACL packet marking Use the no form to remove the ACL marker Syntax match access list ip acl_name set priority prior...

Page 359: ...cify the IP precedence priority use the set tos keywords To specify the DSCP priority use the set dscp keywords Note that the IP frame header can include either the IP Precedence or DSCP priority type...

Page 360: ...ied source and destination address packet format and Ethernet type MAC ACL 4 127 show mac access list Displays the rules for configured MAC ACLs PE 4 128 access list mac mask precedence Changes to the...

Page 361: ...itmask Note The default is for Ethernet II packets no permit deny tagged eth2 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype prot...

Page 362: ...d Usage New rules are added to the end of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060...

Page 363: ...obal Configuration Command Usage You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule A mask can only be used by all...

Page 364: ...e address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask vid Check the VLAN ID field vid bitmask VLAN ID of rule must match this bitmask ethert...

Page 365: ...st MAC access list M4 deny tagged eth2 host 00 11 11 11 11 11 any vid 3 permit any any MAC ingress mask ACL mask pktformat host any vid Console Console config access list mac M5 Console config mac acl...

Page 366: ...of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Config...

Page 367: ...the packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Def...

Page 368: ...ist mac 4 133 match access list mac This command changes the IEEE 802 1p priority of a Layer 2 frame matching the defined ACL rule This feature is commonly referred to as ACL packet marking Use the no...

Page 369: ...an IP access list mac Specifies a MAC access list mask precedence Specifies mask precedence for IP ACLs in Specifies ingress ACLs out Specifies egress ACLs Command Mode Privileged Exec Command Usage...

Page 370: ...55 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list...

Page 371: ...nd Function Mode Page snmp server Enables the SNMPv3 server GC 4 143 show snmp Displays the status of SNMP communications NE PE 4 138 snmp server community Sets up the community access string to permi...

Page 372: ...Global Configuration Example show snmp Use this command to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides inf...

Page 373: ...ify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both r...

Page 374: ...aracters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 140 snmp server location Use this command to set the system location string Use the no f...

Page 375: ...ost command Maximum length 32 characters auth noauth priv This group uses SNMPv3 with authentication no authentication or with authentication and privacy See Configuring SNMP on page 3 35 for further...

Page 376: ...oauth option an SNMP user account will be generated and the switch will authorize SNMP access for the host Example Related Commands snmp server enable traps 4 142 snmp server enable traps Use this com...

Page 377: ...ID Range 1 26 hexadecimal characters Default Setting A unique engine ID is automatically generated by the switch based on its MAC address Command Mode Global Configuration Command Usage An SNMP engine...

Page 378: ...ific portion of the OID string Refer to the examples included Defines an included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Command Mode...

Page 379: ...le config snmp server view ifEntry 2 1 3 6 1 2 1 2 2 1 2 included Console config Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config Console show snmp view View Name...

Page 380: ...for read access 1 64 characters writeview Defines the view for write access 1 64 characters Default Setting Default groups public read only private read write map to defaultview readview Every object...

Page 381: ...defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage...

Page 382: ...MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required...

Page 383: ...An address bitmask of decimal numbers that represent the address bits to match Default Setting None Command Mode Global Configuration Console show snmp user EngineId 01000000000000000000000000 User Na...

Page 384: ...tering on the switch and allows SNMP management access to client IP 10 1 2 3 and client IP group 10 1 3 0 to 10 1 3 255 Related Commands show snmp 4 138 Interface Commands These commands are used to d...

Page 385: ...d to add a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this...

Page 386: ...half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 100half for 100BASE TX ports and 1000full for Gigabi...

Page 387: ...h will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol co...

Page 388: ...ed the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 100BASE TX 10half 10full 1...

Page 389: ...or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will b...

Page 390: ...urity reasons Example The following example disables port 5 switchport broadcast packet rate Use this command to configure broadcast storm control Use the no form to disable broadcast storm control Sy...

Page 391: ...ort Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for...

Page 392: ...played For a description of the items displayed by this command see Displaying Connection Status on page 3 86 Example Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic informati...

Page 393: ...ard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 E...

Page 394: ...hreshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 100M bits per second Egress rate limit disable 100M bits per second VLAN membership mode Hybrid Ingress rule Disable...

Page 395: ...destination port Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only See page 4 202 Native VLAN Indicates the default Port VLAN ID See page 4 203 Priority fo...

Page 396: ...essions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to...

Page 397: ...nforming traffic is forwarded without any changes rate limit Use this command to define the rate limit for a specific interface Use this command without specifying a rate to restore the default rate U...

Page 398: ...ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex Console config interface ethernet 1 1 Console config if rate limit input 10 Console config if Table 4 52 Link Aggregat...

Page 399: ...ity Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this k...

Page 400: ...either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on...

Page 401: ...d to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 11 Console config if lacp Console config if exit Console con...

Page 402: ...Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate li...

Page 403: ...l LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority ma...

Page 404: ...the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP sett...

Page 405: ...Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel...

Page 406: ...faulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is...

Page 407: ...r Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin...

Page 408: ...ignment lasts until the switch is reset permanent Assignment is permanent Table 4 56 Show LACP System ID Output Contents Field Description Channel group A link aggregation group configured on this swi...

Page 409: ...to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be...

Page 410: ...contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry t...

Page 411: ...econds 10 1000000 or 0 to disable Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show...

Page 412: ...85 spanning tree backup root Adjusts the bridge priority in an attempt to take over as the root bridge if it loses contact with the original root device GC 4 193 mst vlan Adds VLANs to a spanning tree...

Page 413: ...the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode...

Page 414: ...gration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after...

Page 415: ...rning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for confli...

Page 416: ...wer of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configura...

Page 417: ...root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the...

Page 418: ...th between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 184 takes precedence ove...

Page 419: ...nds mst vlan 4 185 mst priority 4 186 name 4 187 revision 4 187 max hops 4 188 mst vlan This command adds VLANs to a spanning tree instance Use the no form to remove the specified VLANs Using the no f...

Page 420: ...dge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree Example mst priority This command configures the priority...

Page 421: ...T region name and revision number page 4 187 are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges...

Page 422: ...x hops hop number hop number Maximum hop number for multiple spanning tree Range 1 40 Default Setting 20 Command Mode MST Configuration Command Usage A MSTI region is treated as a single node by the S...

Page 423: ...t no spanning tree cost cost The path cost for the port Range 1 200 000 000 The recommended range is Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default S...

Page 424: ...d Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are...

Page 425: ...ations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to in...

Page 426: ...d to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier produc...

Page 427: ...ity in an attempt to take over as the new root bridge if it loses contact with the original root device Use the no form to disable the command Syntax spanning tree backup root no spanning tree backup...

Page 428: ...full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Po...

Page 429: ...an interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active li...

Page 430: ...nstance_id interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 32 instance_id Instance identifier of the multiple spanning tree Range 0 4094 no leading...

Page 431: ...ridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0001F4475BA0 Current root port 0 Current root cost...

Page 432: ...Console show spanning tree mst configuration Mstp Configuration Information Configuration name XSTP REGION 0 Revision level 0 Instance Vlans 1 2 Console Table 4 59 VLAN Commands Command Groups Functio...

Page 433: ...ile and you can display this file by entering the show running config command Example Related Commands show vlan 4 206 vlan Use this command to configure a VLAN Use the no form to restore the default...

Page 434: ...sole config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan Table 4 61 Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface con...

Page 435: ...o the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are transmitted as tagged frames hybrid Specifies a...

Page 436: ...me types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The...

Page 437: ...able ingress filtering switchport native vlan Use this command to configure the PVID i e default VLAN ID for a port Use the no form to restore the default Syntax switchport native vlan vlan id no swit...

Page 438: ...r a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN gr...

Page 439: ...signate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This...

Page 440: ...g example shows how to display information for VLAN 1 Table 4 62 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 206 show interfaces status vlan Display...

Page 441: ...switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which ex...

Page 442: ...command to enable GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console show bridg...

Page 443: ...command to set the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leavea...

Page 444: ...VLANs Timer values must meet the following restrictions leave 2 x join leaveall leave Caution Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP ma...

Page 445: ...Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 4 211 Priority Layer 3 and...

Page 446: ...n a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relativ...

Page 447: ...with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frames...

Page 448: ...queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switc...

Page 449: ...e bandwidth Use this command to display the weighted round robin WRR bandwidth allocation for the priority queues Default Setting None Command Mode Privileged Exec Console config interface ethernet 1...

Page 450: ...face ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Queue ID Weight...

Page 451: ...C 4 218 map ip precedence Enables IP precedence class of service mapping GC 4 218 map ip precedence Maps IP precedence value to a class of service IC 4 219 map ip dscp Enables IP DSCP class of service...

Page 452: ...rt priority This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Global Configuration Use this command...

Page 453: ...Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service...

Page 454: ...switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP...

Page 455: ...he IEEE 802 1p standard and then subsequently mapped to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DS...

Page 456: ...17 map ip port Interface Configuration 4 218 show map ip precedence Use this command to show the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit Th...

Page 457: ...iority map Syntax show map ip dscp interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Con...

Page 458: ...uter to ensure that it will continue to receive the multicast service Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 E...

Page 459: ...ess interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Table 4 70 IG...

Page 460: ...Default Setting IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Ve...

Page 461: ...ow known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Dis...

Page 462: ...c address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 71 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping...

Page 463: ...Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has...

Page 464: ...he default Syntax ip igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The report delay advertised in IGMP queries Range 5 30 Default Setting 10 seconds...

Page 465: ...snooping router port expire time seconds The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to hav...

Page 466: ...ge Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to...

Page 467: ...he ip dhcp restart command or manually enter an address using the ip address command You may also need to a establish a default gateway between this device and the management stations Console show ip...

Page 468: ...eriods Anything outside this format will not be accepted by the configuration program If you select the bootp or dhcp option IP is enabled but will not function until a BOOTP or DHCP reply has been re...

Page 469: ...be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Related Commands show ip redirects 4 236 ip dhcp resta...

Page 470: ...xec Example Related Commands show ip redirects 4 236 show ip redirects Use this command to show the default gateway configured for this device Default Setting None Command Mode Privileged Exec Console...

Page 471: ...ng This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some results...

Page 472: ...ime 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 m...

Page 473: ...ices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until i...

Page 474: ...domain name name no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Globa...

Page 475: ...lete host name is received by the DNS server on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers fo...

Page 476: ...efault Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no...

Page 477: ...e specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Related Commands ip domain...

Page 478: ...the same address es as a previously configured entry show dns This command displays the configuration of the DNS server Command Mode Privileged Exec Example Console show hosts Hostname rd5 Inet addres...

Page 479: ...et 6 4 CNAME 66 218 71 89 298 www yahoo akadns net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7 298 www yahoo com Console Table 4 75 Show DNS Output Description Field Descrip...

Page 480: ...Command Line Interface 4 246 4...

Page 481: ...Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Page 482: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 483: ...TX 10 100 Mbps half full duplex 1000BASE T 10 100 1000 Mbps half full duplex 1000BASE SX LX 1000 Mbps at full duplex SFP 1000BASE LH 1000 Mbps at full duplex SFP 100BASE FX 100 Mbps at full duplex SFP...

Page 484: ...Filtering IGMP Snooping Layer 2 Additional Features BOOTP client CIDR Classless Inter Domain Routing SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring gr...

Page 485: ...SNMP RFC 1157 HTTPS SSH Version 1 5 RADIUS AAA RFC 3127 Management Information Bases Bridge MIB RFC 1493 DNS Resolver MIB RFC 1612 Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridge MIB RFC 2...

Page 486: ...RFC 2571 SNMP MPD MIB RFC 2572 SNMP Target MIB SNMP Notification MIB RFC 2573 SNMP User Based SM MIB RFC 2574 SNMP View Based ACM MIB RFC 2575 SNMP Community MIB RFC 2576 Trap RFC 1215 TACACS Authenti...

Page 487: ...ces Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of for...

Page 488: ...es or end stations comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation...

Page 489: ...rectly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includ...

Page 490: ...t of the network from a station not attached to the network Port Authentication See IEEE 802 1x Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting...

Page 491: ...he shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Cont...

Page 492: ...less of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located...

Page 493: ...4 214 queue mode 3 159 4 212 D default priority ingress port 3 156 4 212 default settings 1 5 DHCP 3 16 4 234 client 4 238 Differentiated Code Point Service See DSCP Displaying Basic VLAN Information...

Page 494: ...3 137 4 178 interface settings 4 178 multicast configuring 3 171 4 224 router 3 174 3 175 4 232 P passwords administrator setting 3 46 3 51 3 52 3 53 3 54 3 55 4 25 path cost 3 125 3 133 4 189 method...

Page 495: ...29 port priority 3 133 priority 4 190 protocol migration 3 136 transmission limit 3 129 standards IEEE B 2 startup files creating 3 21 displaying 3 18 4 66 A 1 setting 3 18 4 66 A 1 statistics port 3...

Page 496: ...Index Index 4...

Page 497: ......

Page 498: ...Part 150200039400A FW 2 5 2 0 E012005 R02 ES3526G E072000 R04...