SMC Networks SMC8724M Manual do Utilizador

TigerStack 10GGigabit Ethernet Switch◆ 24/48 auto-MDI/MDI-X 10/100/1000BASE-T ports◆ 4 ports shared with 4 SFP transceiver slots◆ Non-blocking switchi

CONTENTSivConfiguration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4Panel Display . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-44• Minutes (0-59) – The number of minutes before/after UTC.• Direction – Configures the time zone to be before (east) or afte

SIMPLE NETWORK MANAGEMENT PROTOCOL3-45Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designe

CONFIGURING THE SWITCH3-46Each group also has a defined security access to set of MIB objects for reading and writing, which are known as “views.” The

SIMPLE NETWORK MANAGEMENT PROTOCOL3-47Enabling the SNMP AgentEnables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attr

CONFIGURING THE SWITCH3-48• Access Mode –Specifies the access rights for the community string:- Read-Only – Authorized management stations are only ab

SIMPLE NETWORK MANAGEMENT PROTOCOL3-49Command Attributes• Trap Manager Capability – This switch supports up to five trap managers.• Current – Displays

CONFIGURING THE SWITCH3-50Web – Click SNMP, Configuration. Enter the IP address and community string for each management station that will receive tra

SIMPLE NETWORK MANAGEMENT PROTOCOL3-51Setting an Engine IDAn SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protec

CONFIGURING THE SWITCH3-52Configuring SNMPv3 UsersEach SNMPv3 user is defined by a unique name. Users must be configured with a specific security leve

SIMPLE NETWORK MANAGEMENT PROTOCOL3-53Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and ass

CONTENTSvConfiguring Local/Remote Logon Authentication . . . . . . . . . 3-60Configuring HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-54CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3 GroupsAn SNM

SIMPLE NETWORK MANAGEMENT PROTOCOL3-55Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assi

CONFIGURING THE SWITCH3-56CLI – Use the snmp-server group command to configure a new group, specifying the security model and level, and restricting M

SIMPLE NETWORK MANAGEMENT PROTOCOL3-57Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and spec

CONFIGURING THE SWITCH3-58CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and t

USER AUTHENTICATION3-59Configuring User AccountsThe guest only has read access for most configuration parameters. However, the administrator has write

CONFIGURING THE SWITCH3-60Web – Click Security, User Accounts. To configure a new user account, enter the user name, access level, and password, then

USER AUTHENTICATION3-61Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are log

CONFIGURING THE SWITCH3-62• You can specify up to three authentication methods for any user to indicate the authentication sequence. For example, if y

USER AUTHENTICATION3-63- Number of Server Transmits – Number of times the switch tries to authenticate logon access via the authentication server. (Ra

CONTENTSviConfiguring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126Showing Port Statistics . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-64Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authenti

USER AUTHENTICATION3-65Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket L

CONFIGURING THE SWITCH3-66Command Attributes• HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled)•C

USER AUTHENTICATION3-67Note: For maximum security, we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity. This

CONFIGURING THE SWITCH3-68Note: The switch supports both SSH Version 1.5 and 2.0.Command UsageThe SSH server on this switch supports both password and

USER AUTHENTICATION3-69authenticated using these keys. The current firmware only accepts public key files based on standard UNIX format as shown in th

CONFIGURING THE SWITCH3-702. The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet se

USER AUTHENTICATION3-71Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the ho

CONFIGURING THE SWITCH3-72CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and the

USER AUTHENTICATION3-73• SSH Authentication Retries – Specifies the number of authentication attempts that a client is allowed before authentication f

CONTENTSviiSelecting IP Precedence/DSCP Priority . . . . . . . . . . . . . 3-193Mapping IP Precedence . . . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-74CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that th

USER AUTHENTICATION3-75already in the address table will be retained and will not age out. Any other device that attempts to use the port will be prev

CONFIGURING THE SWITCH3-76Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox

USER AUTHENTICATION3-77ports in a network can be centrally controlled from a server, which means that authorized users can use the same credentials fo

CONFIGURING THE SWITCH3-78The operation of 802.1X on the switch requires the following:• The switch must have an IP address assigned.• RADIUS authenti

USER AUTHENTICATION3-79CLI – This example shows the default global settings for 802.1X. Configuring 802.1X Global SettingsThe 802.1X protocol includes

CONFIGURING THE SWITCH3-80CLI – This example enables 802.1X globally for the switch.Configuring Port Settings for 802.1XWhen 802.1X is enabled, you ne

USER AUTHENTICATION3-81• Max Request – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it

CONFIGURING THE SWITCH3-82CLI – This example sets the authentication mode to enable 802.1X on port 2, and allows up to ten clients to connect to this

USER AUTHENTICATION3-83Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port.Table 3-6 802.1X Stat

CONTENTSviiiline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14login . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-84Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statis

USER AUTHENTICATION3-85Filtering IP Addresses for Management AccessYou can create a list of up to 16 IP addresses or IP address groups that are allow

CONFIGURING THE SWITCH3-86• Start IP Address – A single IP address, or the starting address of a range.• End IP Address – The end address of a range.W

ACCESS CONTROL LISTS3-87Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 pro

CONFIGURING THE SWITCH3-88• When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind o

ACCESS CONTROL LISTS3-89Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended,

CONFIGURING THE SWITCH3-90Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a s

ACCESS CONTROL LISTS3-91• Source/Destination Subnet Mask – Subnet mask for source or destination address. (See the description for SubMask on page 3-8

CONFIGURING THE SWITCH3-92Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (A

ACCESS CONTROL LISTS3-933. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Configuring a MAC ACLComma

CONTENTSixip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42Telnet Server Commands . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-94• Packet Format – This attribute includes the following packet types:- Any – Any Ethernet packet type.- Untagged-eth2 – Unta

ACCESS CONTROL LISTS3-95CLI – This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where the Ethernet ty

CONFIGURING THE SWITCH3-96Web – Click Security, ACL, Mask Configuration. Click Edit for one of the basic mask types to open the configuration page.Fig

ACCESS CONTROL LISTS3-97specify a host address (not a subnet), or “IP” to specify a range of addresses. (Options: Any, Host, IP; Default: Any)• Source

CONFIGURING THE SWITCH3-98CLI – This shows that the entries in the mask override the precedence in which the rules are entered into the ACL. In the fo

ACCESS CONTROL LISTS3-99Web – Configure the mask to match the required rules in the MAC ingress or egress ACLs. Set the mask to check for any source o

CONFIGURING THE SWITCH3-100CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rul

ACCESS CONTROL LISTS3-101• When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind op

CONFIGURING THE SWITCH3-102CLI – This examples assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2.Port ConfigurationDisplayi

PORT CONFIGURATION3-103Web – Click Port, Port Information or Trunk Information.Figure 3-49 Port Status InformationField Attributes (CLI)Basic informa

CONTENTSxclock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-73calendar set . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-104- 100full - Supports 100 Mbps full-duplex operation - 1000full - Supports 1000 Mbps full-duplex operation •Broadcast storm

PORT CONFIGURATION3-105CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configuration o

CONFIGURING THE SWITCH3-106• Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotiation is enabled, y

PORT CONFIGURATION3-107Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure 3-5

CONFIGURING THE SWITCH3-108The switch supports both static trunking and dynamic Link Aggregation Control Protocol (LACP). Static trunks have to be man

PORT CONFIGURATION3-109• All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN.• STA, VLAN, and IGMP

CONFIGURING THE SWITCH3-110Web – Click Port, Trunk Membership. Enter a trunk ID of 1-32 in the Trunk field, select any of the switch ports from the sc

PORT CONFIGURATION3-111CLI – This example creates trunk 2 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to

CONFIGURING THE SWITCH3-112• A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than

PORT CONFIGURATION3-113CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another swit

CONTENTSxidot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105dot1x max-req . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-114Note: If the port channel admin key (lacp admin key, page 4-199) is not set (through the CLI) when a channel group is forme

PORT CONFIGURATION3-115Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

CONFIGURING THE SWITCH3-116CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; port

PORT CONFIGURATION3-117Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 3-54 L

CONFIGURING THE SWITCH3-118CLI – The following example displays LACP counters for port channel 1.Displaying LACP Settings and Status for the Local Sid

PORT CONFIGURATION3-119Admin State,Oper StateAdministrative or operational values of the actor’s state parameters:• Expired – The actor’s receive mach

CONFIGURING THE SWITCH3-120Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-

PORT CONFIGURATION3-121Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for the

CONFIGURING THE SWITCH3-122Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 3

PORT CONFIGURATION3-123Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if application

CONTENTSxiiACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-144show access-list . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-124Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the thres

PORT CONFIGURATION3-125Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then att

CONFIGURING THE SWITCH3-126Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port

PORT CONFIGURATION3-127Command AttributeRate Limit – Sets the output rate limit for an interface. Default Status – DisabledDefault Rate – 1000 Mbps Ra

CONFIGURING THE SWITCH3-128unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of differe

PORT CONFIGURATION3-129Transmit Unicast Packets The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unica

CONFIGURING THE SWITCH3-130Single Collision Frames The number of successfully transmitted frames for which transmission is inhibited by exactly one co

PORT CONFIGURATION3-131Collisions The best estimate of the total number of collisions on this Ethernet segment.Received Frames The total number of fra

CONFIGURING THE SWITCH3-132Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

PORT CONFIGURATION3-133Figure 3-61 Port Statistics (continued)

CONTENTSxiiimedia-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-179shutdown . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-134CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices. T

ADDRESS TABLE SETTINGS3-135Command Attributes• Static Address Counts5 – The number of manually configured addresses.• Current Static Address Table – L

CONFIGURING THE SWITCH3-136Displaying the Address TableThe Dynamic Address Table contains the MAC addresses learned by monitoring the source address f

ADDRESS TABLE SETTINGS3-137Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN check

CONFIGURING THE SWITCH3-138• Aging Time – The time after which a learned entry is discarded.(Range: 10-1000000 seconds; Default: 300 seconds)Web – Cli

SPANNING TREE ALGORITHM CONFIGURATION3-139STA uses a distributed algorithm to select a bridging device (STA-compliant switch, bridge or router) that s

CONFIGURING THE SWITCH3-140When using STA or RSTP, it may be difficult to maintain a stable path between all VLAN members. Frequent changes in the tre

SPANNING TREE ALGORITHM CONFIGURATION3-141• Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., disc

CONFIGURING THE SWITCH3-142• Root Hello Time – Interval (in seconds) at which this device transmits a configuration message. • Root Maximum Age – The

SPANNING TREE ALGORITHM CONFIGURATION3-143Web – Click Spanning Tree, STA, Information.Figure 3-65 STA InformationCLI – This command displays global S

CONTENTSxivmst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221name . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-144Configuring Global SettingsGlobal settings apply to the entire switch.Command Usage• Spanning Tree Algorithm6Uses RSTP for

SPANNING TREE ALGORITHM CONFIGURATION3-145- Be careful when switching between spanning tree modes. Changing modes stops all spanning-tree instances f

CONFIGURING THE SWITCH3-146• Maximum Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting

SPANNING TREE ALGORITHM CONFIGURATION3-147• Transmission Limit – The maximum transmission rate for BPDUs is specified by setting the minimum interval

CONFIGURING THE SWITCH3-148Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-66 STA Configurati

SPANNING TREE ALGORITHM CONFIGURATION3-149Displaying Interface SettingsThe STA Port Information and STA Trunk Information pages display the current st

CONFIGURING THE SWITCH3-150• Designated Port – The port priority and number of the port on the designated bridging device through which this switch mu

SPANNING TREE ALGORITHM CONFIGURATION3-151Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only)These additional param

CONFIGURING THE SWITCH3-152• Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged

SPANNING TREE ALGORITHM CONFIGURATION3-153CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP

CONTENTSxvGVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . . . . . . 4-254bridge-ext gvrp . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-154- Learning - Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receivi

SPANNING TREE ALGORITHM CONFIGURATION3-155•Default –- Ethernet – Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000- Fast Ethernet – Ha

CONFIGURING THE SWITCH3-156Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Apply

SPANNING TREE ALGORITHM CONFIGURATION3-157(on each bridge) with the same set of VLANs. Also, note that RSTP treats each MSTI region as a single node,

CONFIGURING THE SWITCH3-158Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priority

SPANNING TREE ALGORITHM CONFIGURATION3-159CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-t

CONFIGURING THE SWITCH3-160CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI.Displaying Interface Settings for MSTPThe

SPANNING TREE ALGORITHM CONFIGURATION3-161CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instan

CONFIGURING THE SWITCH3-162Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance using the MSTP Port

SPANNING TREE ALGORITHM CONFIGURATION3-163• Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. There

CONTENTSxviip igmp snooping query-max-response-time . . . . . . . . . . 4-283ip igmp snooping router-port-expire-time . . . . . . . . . . . . 4-284St

CONFIGURING THE SWITCH3-164VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into se

VLAN CONFIGURATION3-165• Passing traffic between VLAN-aware and VLAN-unaware devices • Priority tagging Assigning Ports to VLANsBefore enabling VLANs

CONFIGURING THE SWITCH3-166Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN g

VLAN CONFIGURATION3-167should also determine security boundaries in the network and disable GVRP on the boundary ports to prevent advertisements from

CONFIGURING THE SWITCH3-168receives a tagged frame, it will pass this frame onto the VLAN(s) indicated by the frame tag. However, when this switch rec

VLAN CONFIGURATION3-169Field Attributes• VLAN Version Number8 – The VLAN version used by this switch as specified in the IEEE 802.1Q standard.• Maximu

CONFIGURING THE SWITCH3-170Command Attributes (Web)• VLAN ID – ID of configured VLAN (1-4093).• Up Time at Creation – Time this VLAN was created (i.e.

VLAN CONFIGURATION3-171• Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is operational.- Suspend: VLAN is suspended; i.e., does no

CONFIGURING THE SWITCH3-172• Status (Web) – Enables or disables the specified VLAN. - Enable: VLAN is operational- Disable: VLAN is suspended; i.e., d

VLAN CONFIGURATION3-173CLI – This example creates a new VLAN.Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port me

xviiTABLESTable 1-1 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Table 1-2 System Defaults . . . . . . . .

CONFIGURING THE SWITCH3-174Command Attributes• VLAN – ID of configured VLAN (1-4093, no leading zeroes).• Name – Name of the VLAN (1 to 32 characters)

VLAN CONFIGURATION3-175Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if req

CONFIGURING THE SWITCH3-176• Member – VLANs for which the selected interface is a tagged member.• Non-Member – VLANs for which the selected interface

VLAN CONFIGURATION3-177Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN ide

CONFIGURING THE SWITCH3-178- If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames

VLAN CONFIGURATION3-179• Mode – Indicates VLAN membership mode for an interface. (Default: Hybrid)- 1Q Trunk – Specifies a port as an end-point for a

CONFIGURING THE SWITCH3-180CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the G

VLAN CONFIGURATION3-181Enabling Private VLANsUse the Private VLAN Status page to enable/disable the Private VLAN function.Web – Click VLAN, Private VL

CONFIGURING THE SWITCH3-182Web – Click VLAN, Private VLAN, Link Status. Mark the ports that will serve as uplinks and downlinks for the private VLAN,

VLAN CONFIGURATION3-183To avoid these problems, you can configure this switch with protocol-based VLANs that divide the physical network into logical

TABLESxviiiTable 4-17 Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . 4-56Table 4-18 Logging Levels . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-184Web – Click VLAN, Protocol VLAN, Configuration. Enter a protocol group ID, frame type and protocol type, then click Apply.

VLAN CONFIGURATION3-185- If the frame is untagged but the protocol type does not match, the frame is forwarded to the default VLAN for this interface

CONFIGURING THE SWITCH3-186Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedence when

CLASS OF SERVICE CONFIGURATION3-187• Number of Egress Traffic Classes – The number of queue buffers provided for each port.Web – Click Priority, Defau

CONFIGURING THE SWITCH3-188Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using eight prio

CLASS OF SERVICE CONFIGURATION3-189Command Attributes• Priority – CoS value. (Range: 0-7, where 7 is the highest priority)• Traffic Class11 – Output q

CONFIGURING THE SWITCH3-190Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

CLASS OF SERVICE CONFIGURATION3-191Setting the Service Weight for Traffic ClassesThis switch uses the Weighted Round Robin (WRR) algorithm to determin

CONFIGURING THE SWITCH3-192CLI – The following example shows how to assign WRR weights to each of the priority queues.Layer 3/4 Priority SettingsMappi

CLASS OF SERVICE CONFIGURATION3-193Selecting IP Precedence/DSCP PriorityThe switch allows you to choose between using IP Precedence or DSCP priority.

TABLESxixTable 4-54 Address Table Commands . . . . . . . . . . . . . . . . . . . . . . 4-206Table 4-55 Spanning Tree Commands . . . . . . . . . .

CONFIGURING THE SWITCH3-194Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth). Bits 6 and 7 are used for network control, and

CLASS OF SERVICE CONFIGURATION3-195CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS

CONFIGURING THE SWITCH3-196Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS value to

CLASS OF SERVICE CONFIGURATION3-197Note: Mapping specific values for IP DSCP is implemented as an interface configuration command, but any changes wil

CONFIGURING THE SWITCH3-198Figure 3-90 IP Port Priority StatusClick Priority, IP Port Priority. Enter the port number for a network application in th

CLASS OF SERVICE CONFIGURATION3-199Note: Mapping specific values for IP Port Priority is implemented as an interface configuration command, but any ch

CONFIGURING THE SWITCH3-200Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then click Ap

MULTICAST FILTERING3-201Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A mul

CONFIGURING THE SWITCH3-202Layer 2 IGMP (Snooping and Query)IGMP Snooping and Query — If multicast routing is not supported on other switches in your

MULTICAST FILTERING3-203• IGMP Querier — A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast tra

xxFIGURESFigure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Figure 3-2 Panel Display . . . . . . . . .

CONFIGURING THE SWITCH3-204• IGMP Version — Sets the protocol version for compatibility with other devices on the network. (Range: 1-2; Default: 2)Not

MULTICAST FILTERING3-205Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use information

CONFIGURING THE SWITCH3-206CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying St

MULTICAST FILTERING3-207Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router,

CONFIGURING THE SWITCH3-208Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service fro

MULTICAST FILTERING3-209Command Usage• Static multicast addresses are never aged out.• When a multicast address is assigned to an interface in a speci

CONFIGURING THE SWITCH3-210CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on V

CONFIGURING DOMAIN NAME SERVICE3-211• When an incomplete host name is received by the DNS server on this switch and a domain name list has been specif

CONFIGURING THE SWITCH3-212Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name serv

CONFIGURING DOMAIN NAME SERVICE3-213CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specif

FIGURESxxiFigure 3-34 SSH Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73Figure 3-35 Port Security . . . . . . . . .

CONFIGURING THE SWITCH3-214Field Attributes• Host Name – Name of a host device that is mapped to one or more IP addresses. (Range: 1-64 characters) •

CONFIGURING DOMAIN NAME SERVICE3-215CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses.

CONFIGURING THE SWITCH3-216Web – Select DNS, Cache.Figure 3-100 DNS CacheCLI - This example displays all the resource records learned from the design

4-1CHAPTER 4COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the CLI

COMMAND LINE INTERFACE4-2After connecting to the system through the console port, the login screen displays:Telnet ConnectionTelnet operates over the

ENTERING COMMANDS4-32. At the prompt, enter the user name and system password. The CLI will display the “Vty-n#” prompt for the administrator to show

COMMAND LINE INTERFACE4-4• To enter multiple commands, enter each command in the required order. For example, to enable Privileged Exec command mode,

ENTERING COMMANDS4-5Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current comm

COMMAND LINE INTERFACE4-6The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keywo

ENTERING COMMANDS4-7Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display informa

FIGURESxxiiFigure 3-71 MSTP Port Configuration . . . . . . . . . . . . . . . . . . . . . . 3-163Figure 3-72 Enabling GVRP Status . . . . . . . . .

COMMAND LINE INTERFACE4-8Privileged Exec mode from within Normal Exec mode, by entering the enable command, followed by the privileged level password

ENTERING COMMANDS4-9• Line Configuration - These commands modify the console port and Telnet configuration, and include command such as parity and dat

COMMAND LINE INTERFACE4-10For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mo

COMMAND GROUPS4-11Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command Group IndexCommand Gr

COMMAND LINE INTERFACE4-12The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration)GC

LINE COMMANDS4-13Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. The

COMMAND LINE INTERFACE4-14lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

LINE COMMANDS4-15loginThis command enables password checking at login. Use the no form to disable password checking and allow connections without a pa

COMMAND LINE INTERFACE4-16ExampleRelated Commandsusername (4-34)password (4-16)passwordThis command specifies the password for a line. Use the no form

LINE COMMANDS4-17ExampleRelated Commandslogin (4-15)password-thresh (4-19)timeout login responseThis command sets the interval that the system waits f

1-1CHAPTER 1INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to config

COMMAND LINE INTERFACE4-18exec-timeoutThis command sets the interval that the system waits until user input is detected. Use the no form to restore th

LINE COMMANDS4-19password-threshThis command sets the password intrusion threshold which limits the number of failed logon attempts. Use the no form t

COMMAND LINE INTERFACE4-20silent-timeThis command sets the amount of time the management console is inaccessible after the number of unsuccessful logo

LINE COMMANDS4-21Default Setting 8 data bits per characterCommand Mode Line Configuration Command Usage The databits command can be used to mask the h

COMMAND LINE INTERFACE4-22Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit s

LINE COMMANDS4-23Example To specify 57600 bps, enter this command:stopbitsThis command sets the number of the stop bits transmitted per byte. Use the

COMMAND LINE INTERFACE4-24Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for

GENERAL COMMANDS4-25Example To show all lines, enter this command:General CommandsConsole#show line Console configuration: Password threshold: 3 tim

COMMAND LINE INTERFACE4-26enableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain comman

GENERAL COMMANDS4-27disableThis command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic informatio

INTRODUCTION1-2Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates th

COMMAND LINE INTERFACE4-28ExampleRelated Commands end (4-29)show historyThis command shows the contents of the command history buffer.Default Setting

GENERAL COMMANDS4-29The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and

COMMAND LINE INTERFACE4-30Command Mode Global Configuration, Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Sp

SYSTEM MANAGEMENT COMMANDS4-31Command Mode Normal Exec, Privileged ExecCommand Usage The quit and exit commands can both exit the configuration progra

COMMAND LINE INTERFACE4-32Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Synta

SYSTEM MANAGEMENT COMMANDS4-33ExamplehostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default

COMMAND LINE INTERFACE4-34ExampleThis example shows how to renumber all units.User Access CommandsThe basic commands required for management access ar

SYSTEM MANAGEMENT COMMANDS4-35• password password - The authentication password for the user. (Maximum length: 8 characters plain text, 32 encrypted,

COMMAND LINE INTERFACE4-36enable passwordAfter initially logging onto the system, you should set the Privileged Exec password. Remember to record it i

SYSTEM MANAGEMENT COMMANDS4-37Related Commandsenable (4-26)authentication enable (4-93)IP Filter CommandsmanagementThis command specifies the client I

DESCRIPTION OF SOFTWARE FEATURES1-3network applications. Some of the management features are briefly described below.Configuration Backup and Restore

COMMAND LINE INTERFACE4-38Command Usage • If anyone tries to access a management interface on the switch from an invalid address, the switch will reje

SYSTEM MANAGEMENT COMMANDS4-39Command Mode Privileged ExecExampleWeb Server CommandsConsole#show management all-clientManagement IP Filter HTTP-Client

COMMAND LINE INTERFACE4-40ip http portThis command specifies the TCP port number used by the web browser interface. Use the no form to use the default

SYSTEM MANAGEMENT COMMANDS4-41ExampleRelated Commandsip http port (4-40)ip http secure-serverThis command enables the secure hypertext transfer protoc

COMMAND LINE INTERFACE4-42• The client and server establish a secure encrypted connection.A padlock icon should appear in the status bar for Internet

SYSTEM MANAGEMENT COMMANDS4-43Default Setting 443Command Mode Global ConfigurationCommand Usage • You cannot configure the HTTP and HTTPS servers to u

COMMAND LINE INTERFACE4-44Default Setting EnabledCommand Mode Global ConfigurationExampleip telnet server portThis command specifies the TCP port numb

SYSTEM MANAGEMENT COMMANDS4-45The Secure Shell (SSH) includes server/client applications intended as a secure replacement for the older Berkley remote

COMMAND LINE INTERFACE4-46The SSH server on this switch supports both password and public key authentication. If password authentication is specified

SYSTEM MANAGEMENT COMMANDS4-4710.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254 150202455931998685443583616519999233297817660

INTRODUCTION1-4packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard. Rate Limiting – T

COMMAND LINE INTERFACE4-48d. The client uses its private key to decrypt the bytes, and sends the decrypted bytes back to the switch. e. The switch com

SYSTEM MANAGEMENT COMMANDS4-49Example Related Commandsip ssh crypto host-key generate (4-51)show ssh (4-54)ip ssh timeoutThis command configures the t

COMMAND LINE INTERFACE4-50ip ssh authentication-retriesThis command configures the number of times the SSH server attempts to reauthenticate a user. U

SYSTEM MANAGEMENT COMMANDS4-51Command Usage • The server key is a private key that is never shared outside the switch. • The host key is shared with t

COMMAND LINE INTERFACE4-52Command Mode Privileged ExecCommand Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save

SYSTEM MANAGEMENT COMMANDS4-53Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to

COMMAND LINE INTERFACE4-54show ip sshThis command displays the connection settings used when authenticating client access to the SSH server.Command Mo

SYSTEM MANAGEMENT COMMANDS4-55show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [us

COMMAND LINE INTERFACE4-56Command Mode Privileged ExecCommand Usage • If no parameters are entered, all keys are displayed. If the user keyword is ent

SYSTEM MANAGEMENT COMMANDS4-57logging onThis command controls logging of error messages, sending debug or error messages to switch memory. The no form

DESCRIPTION OF SOFTWARE FEATURES1-5IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switc

COMMAND LINE INTERFACE4-58logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the logging

SYSTEM MANAGEMENT COMMANDS4-59Command Mode Global ConfigurationCommand Usage The message level specified for flash memory must be a higher priority (i

COMMAND LINE INTERFACE4-60logging facilityThis command sets the facility type for remote logging of syslog messages. Use the no form to return the typ

SYSTEM MANAGEMENT COMMANDS4-61logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved

COMMAND LINE INTERFACE4-62clear logThis command clears messages from the log buffer.Syntax clear log [flash | ram]• flash - Event history stored in fl

SYSTEM MANAGEMENT COMMANDS4-63Default Setting NoneCommand Mode Privileged ExecExampleThe following example shows that system logging is enabled, the m

COMMAND LINE INTERFACE4-64Related Commandsshow logging sendmail (4-69)show logThis command displays the log messages stored in local memory.Syntax sho

SYSTEM MANAGEMENT COMMANDS4-65ExampleThe following example shows the event message stored in RAM. SMTP Alert CommandsThese commands configure SMTP eve

COMMAND LINE INTERFACE4-66logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMTP

SYSTEM MANAGEMENT COMMANDS4-67logging sendmail levelThis command sets the severity threshold used to trigger alert messages.Syntaxlogging sendmail lev

INTRODUCTION1-6prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STA). Virtual LANs – The sw

COMMAND LINE INTERFACE4-68Command Mode Global ConfigurationCommand Usage You may use an symbolic email address that identifies the switch, or the addr

SYSTEM MANAGEMENT COMMANDS4-69logging sendmailThis command enables SMTP event handling. Use the no form to disable this function.Syntax[no] logging se

COMMAND LINE INTERFACE4-70Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining a

SYSTEM MANAGEMENT COMMANDS4-71Command Usage • The time acquired from time servers is used to record accurate dates and times for log events. Without S

COMMAND LINE INTERFACE4-72Command Mode Global ConfigurationCommand Usage This command specifies time servers from which the switch will poll for time

SYSTEM MANAGEMENT COMMANDS4-73Related CommandsRelated Commands (4-71)show sntpThis command displays the current time and configuration settings for th

COMMAND LINE INTERFACE4-74Default Setting NoneCommand Mode Global ConfigurationCommand Usage This command sets the local time zone relative to the Coo

SYSTEM MANAGEMENT COMMANDS4-75Default Setting NoneCommand Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, Febr

COMMAND LINE INTERFACE4-76System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile memory that is

SYSTEM MANAGEMENT COMMANDS4-77- Users (names and access levels)- VLAN database (VLAN ID, name and state)- VLAN configuration settings for each interfa

SYSTEM DEFAULTS1-7priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue. Multic

COMMAND LINE INTERFACE4-78Command Mode Privileged ExecCommand Usage• Use this command in conjunction with the show startup-config command to compare t

SYSTEM MANAGEMENT COMMANDS4-79Example Related Commandsshow startup-config (4-76)Console#show running-configbuilding running-config, please wait...!&

COMMAND LINE INTERFACE4-80show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Usa

SYSTEM MANAGEMENT COMMANDS4-81show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.

COMMAND LINE INTERFACE4-82Command Mode Normal Exec, Privileged ExecCommand Usage See “Displaying Switch Hardware/Software Versions” on page 3-14 for d

SYSTEM MANAGEMENT COMMANDS4-83Command Mode Global ConfigurationCommand Usage • This switch provides more efficient throughput for large sequential dat

COMMAND LINE INTERFACE4-84Flash/File CommandsThese commands are used to manage the system code or configuration files.copy This command moves (uplo

FLASH/FILE COMMANDS4-85• https-certificate - Keyword that allows you to copy the HTTPS secure site certificate.• public-key - Keyword that allows you

COMMAND LINE INTERFACE4-86Example The following example shows how to upload the configuration settings to a file on the TFTP server:The following exam

FLASH/FILE COMMANDS4-87This example shows how to copy a public-key used by SSH from an TFTP server. Note that public key authentication via SSH is onl

INTRODUCTION1-8Authentication Privileged Exec Level Username “admin”Password “admin”Normal Exec Level Username “guest”Password “guest”Enable Privilege

COMMAND LINE INTERFACE4-88Example This example shows how to delete the test2.cfg configuration file from flash memory.Related Commandsdir (4-88)delete

FLASH/FILE COMMANDS4-89Command Usage • If you enter the command dir without any parameters, the system displays all files. • A colon (:) is required a

COMMAND LINE INTERFACE4-90Command Mode Privileged ExecExampleThis example shows the information displayed by the whichboot command. See the table unde

AUTHENTICATION COMMANDS4-91ExampleRelated Commandsdir (4-88)whichboot (4-89) Authentication Commands You can configure this switch to authenticate use

COMMAND LINE INTERFACE4-92authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the defa

AUTHENTICATION COMMANDS4-93Example Related Commandsusername - for setting the local user names and passwords (4-34)authentication enableThis command d

COMMAND LINE INTERFACE4-94• You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if

AUTHENTICATION COMMANDS4-95radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply to each

COMMAND LINE INTERFACE4-96radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax radius-ser

AUTHENTICATION COMMANDS4-97Example radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radi

SYSTEM DEFAULTS1-9Port ConfigurationAdmin Status EnabledAuto-negotiation EnabledFlow Control DisabledRate Limiting Input and output limits DisabledPor

COMMAND LINE INTERFACE4-98Command Mode Global ConfigurationExample show radius-serverThis command displays the current settings for the RADIUS server.

AUTHENTICATION COMMANDS4-99tacacs-server hostThis command specifies the TACACS+ server. Use the no form to restore the default.Syntax tacacs-server ho

COMMAND LINE INTERFACE4-100tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.Syntax tac

AUTHENTICATION COMMANDS4-101Example show tacacs-serverThis command displays the current settings for the TACACS+ server.Default Setting NoneCommand Mo

COMMAND LINE INTERFACE4-102port securityThis command enables or configures port security. Use the no form without any keywords to disable port securit

AUTHENTICATION COMMANDS4-103Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

COMMAND LINE INTERFACE4-104802.1X Port AuthenticationThe switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized acce

AUTHENTICATION COMMANDS4-105dot1x system-auth-controlThis command enables IEEE 802.1X port authentication globally on the switch. Use the no form to r

COMMAND LINE INTERFACE4-106dot1x max-reqThis command sets the maximum number of times the switch port will retransmit an EAP request/identity packet t

AUTHENTICATION COMMANDS4-107Defaultforce-authorizedCommand ModeInterface ConfigurationExampledot1x operation-modeThis command allows single or multipl

INTRODUCTION1-10IP Settings Management VLAN Any VLAN configured with an IP addressIP Address 0.0.0.0Subnet Mask 255.0.0.0Default Gateway 0.0.0.0DHCP C

COMMAND LINE INTERFACE4-108• In “multi-host” mode, only one host connected to a port needs to pass authentication for all other hosts to be granted ne

AUTHENTICATION COMMANDS4-109Exampledot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been

COMMAND LINE INTERFACE4-110Command ModeInterface ConfigurationExampledot1x timeout tx-periodThis command sets the time that the switch waits during an

AUTHENTICATION COMMANDS4-111•interface• ethernet unit/port- unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-24/48)Command ModePrivileg

COMMAND LINE INTERFACE4-112- Port-control –Shows the dot1x mode on a port as auto, force-authorized, or force-unauthorized (page 4-106).- Supplicant –

AUTHENTICATION COMMANDS4-113ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status

COMMAND LINE INTERFACE4-114Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol,

ACCESS CONTROL LIST COMMANDS4-115The following restrictions apply to ACLs:• This switch supports ACLs for both ingress and egress filtering. However,

COMMAND LINE INTERFACE4-116Masks for Access Control ListsYou must specify optional masks that control the order in which ACL rules are checked. The sw

ACCESS CONTROL LIST COMMANDS4-117access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Us

2-1CHAPTER 2INITIAL CONFIGURATIONConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent offer

COMMAND LINE INTERFACE4-118Default SettingNoneCommand ModeGlobal ConfigurationCommand Usage• An egress ACL must contain all deny rules.• When you crea

ACCESS CONTROL LIST COMMANDS4-119Default SettingNoneCommand ModeStandard ACLCommand Usage• New rules are appended to the end of the list.• Address bit

COMMAND LINE INTERFACE4-120permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets wi

ACCESS CONTROL LIST COMMANDS4-121Command ModeExtended ACLCommand Usage• All new rules are appended to the end of the list.• Address bitmasks are simil

COMMAND LINE INTERFACE4-122ExampleThis example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule

ACCESS CONTROL LIST COMMANDS4-123Example Related Commandspermit, deny 4-118ip access-group (4-128)access-list ip mask-precedence This command accesses

COMMAND LINE INTERFACE4-124Related Commandsmask (IP ACL) (4-124)ip access-group (4-128)mask (IP ACL)This command defines a mask for IP ACLs. This mask

ACCESS CONTROL LIST COMMANDS4-125Command Usage• Packets crossing a port are checked against all the rules in the ACL until a match is found. The order

COMMAND LINE INTERFACE4-126This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit acces

ACCESS CONTROL LIST COMMANDS4-127This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other pac

38 TeslaIrvine, CA 92618Phone: (949) 679-8000TigerStack 10GManagement GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsOctober 2004Pu

INITIAL CONFIGURATION2-2The switch’s Web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

COMMAND LINE INTERFACE4-128Command ModePrivileged ExecExample Related Commandsmask (IP ACL) (4-124)ip access-group This command binds a port to an IP

ACCESS CONTROL LIST COMMANDS4-129Example Related Commandsshow ip access-list (4-122)show ip access-groupThis command shows the ports assigned to IP AC

COMMAND LINE INTERFACE4-130Command ModeInterface Configuration (Ethernet)Command Usage• You must configure an ACL mask before you can map CoS values t

ACCESS CONTROL LIST COMMANDS4-131Command ModePrivileged ExecExample Related Commandsmap access-list ip (4-129)match access-list ip This command change

COMMAND LINE INTERFACE4-132• Traffic priorities may be included in the IEEE 802.1p priority tag. This tag is also incorporated as part of the overall

ACCESS CONTROL LIST COMMANDS4-133MAC ACLs Table 4-36 MAC ACL CommandsCommand Function Mode Pageaccess-list mac Creates a MAC ACL and enters configura

COMMAND LINE INTERFACE4-134access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the sp

ACCESS CONTROL LIST COMMANDS4-135permit, deny (MAC ACL)This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source

COMMAND LINE INTERFACE4-136• address-bitmask14 – Bitmask for MAC address (in hexidecimal format).• vid – VLAN ID. (Range: 1-4095)•vid-bitmask14 – VLAN

ACCESS CONTROL LIST COMMANDS4-137show mac access-list This command displays the rules for configured MAC ACLs.Syntaxshow mac access-list [acl_name]acl

CONNECTING TO THE SWITCH2-3Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cab

COMMAND LINE INTERFACE4-138Command Usage• You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorit

ACCESS CONTROL LIST COMMANDS4-139• ethertype – Check the Ethernet type field.• ethertype-bitmask – Ethernet type of rule must match this bitmask.Defau

COMMAND LINE INTERFACE4-140This example creates an Egress MAC ACL.show access-list mac mask-precedence This command shows the ingress or egress rule m

ACCESS CONTROL LIST COMMANDS4-141mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the port.Syntaxmac access-group acl

COMMAND LINE INTERFACE4-142Example Related Commandsmac access-group (4-141)map access-list mac This command sets the output queue for packets matching

ACCESS CONTROL LIST COMMANDS4-143Example Related Commandsqueue cos-map (4-263)show map access-list mac (4-143) show map access-list mac This command s

COMMAND LINE INTERFACE4-144match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching the defined ACL rule. (This

ACCESS CONTROL LIST COMMANDS4-145show access-listThis command shows all ACLs and associated rules, as well as all the user-defined masks.Command ModeP

COMMAND LINE INTERFACE4-146SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), a

SNMP COMMANDS4-147snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no form

INITIAL CONFIGURATION2-4For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI command

COMMAND LINE INTERFACE4-148show snmpThis command can be used to check the status of SNMP communications.Default Setting NoneCommand Mode Normal Exec,

SNMP COMMANDS4-149snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified commu

COMMAND LINE INTERFACE4-150snmp-server contactThis command sets the system contact string. Use the no form to remove the system contact information.Sy

SNMP COMMANDS4-151Command Mode Global ConfigurationExample Related Commandssnmp-server contact (4-150)snmp-server host This command specifies the reci

COMMAND LINE INTERFACE4-152Default Setting • Host Address: None• SNMP Version: 1• UDP Port: 162Command Mode Global ConfigurationCommand Usage • If you

SNMP COMMANDS4-153Example Related Commandssnmp-server enable traps (4-153)snmp-server enable trapsThis command enables this device to send Simple Netw

COMMAND LINE INTERFACE4-154Example Related Commandssnmp-server host (4-151)snmp-server engine-idThis command configures an identification string for t

SNMP COMMANDS4-155• A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the lo

COMMAND LINE INTERFACE4-156snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP vie

SNMP COMMANDS4-157This view includes the MIB-2 interfaces table, and the mask selects all index entries.show snmp viewThis command shows information o

STACK OPERATIONS2-5Stack OperationsUp to eight 24-port or 48-port Gigabit switches can be stacked together as described in the Installation Guide. One

COMMAND LINE INTERFACE4-158snmp-server groupThis command adds an SNMP group, mapping SNMP users to SNMP views. Use the no form to remove an SNMP group

SNMP COMMANDS4-159Exampleshow snmp groupFour default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access

COMMAND LINE INTERFACE4-160Example Console#show snmp groupGroup Name: r&dSecurity Model: v3Read View: mib-2Write View: 802.1dNotify View:

SNMP COMMANDS4-161snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View. Use the no

COMMAND LINE INTERFACE4-162Command Mode Global ConfigurationCommand Usage • The SNMP engine ID is used to compute the authentication/privacy digests f

DNS COMMANDS4-163DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS d

COMMAND LINE INTERFACE4-164ip hostThis command creates a static entry in the DNS table that maps a host name to an IP address. Use the no form to remo

DNS COMMANDS4-165Example This example maps two address to a host name.clear hostThis command deletes entries from the DNS table.Syntaxclear host {name

COMMAND LINE INTERFACE4-166ip domain-nameThis command defines the default domain name appended to incomplete host names (i.e., host names passed from

DNS COMMANDS4-167ip domain-listThis command defines a list of domain names that can be appended to incomplete host names (i.e., host names passed from

INITIAL CONFIGURATION2-6• If a unit is removed from the stack, and powered up as a stand-alone unit, it will also retain the original unit number obta

COMMAND LINE INTERFACE4-168ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-name (4

DNS COMMANDS4-169ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4-166)ip dom

COMMAND LINE INTERFACE4-170ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (4-166)ip name-server (

DNS COMMANDS4-171show dnsThis command displays the configuration of the DNS server.Command Mode Privileged ExecExampleshow dns cacheThis command displ

COMMAND LINE INTERFACE4-172clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleField DescriptionNO The

INTERFACE COMMANDS4-173Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

COMMAND LINE INTERFACE4-174interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a trun

INTERFACE COMMANDS4-175Command Mode Interface Configuration (Ethernet, Port Channel)Example The following example adds a description to port 24.speed-

COMMAND LINE INTERFACE4-176• When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilitie

INTERFACE COMMANDS4-177Example The following example configures port 11 to use autonegotiation.Related Commands capabilities (4 -177)speed-duplex (4 -

STACK OPERATIONS2-7fails, the stack will be broken in two. The Stack Link LED on the unit that is no longer receiving traffic from the next unit up in

COMMAND LINE INTERFACE4-178Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings fo

INTERFACE COMMANDS4-179• To force flow control on or off (with the flowcontrol or no flowcontrol command), use the no negotiation command to disable a

COMMAND LINE INTERFACE4-180Default Setting sfp-preferred-autoCommand Mode Interface Configuration (Ethernet)ExampleThis forces the switch to use the b

INTERFACE COMMANDS4-181switchport broadcast packet-rateThis command configures broadcast storm control. Use the no form to disable broadcast storm con

COMMAND LINE INTERFACE4-182clear countersThis command clears statistics on an interface.Syntax clear counters interfaceinterface • ethernet unit/port-

INTERFACE COMMANDS4-183show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface • et

COMMAND LINE INTERFACE4-184Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]inte

INTERFACE COMMANDS4-185Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displaye

COMMAND LINE INTERFACE4-186show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Synta

INTERFACE COMMANDS4-187Table 4-46 show interfaces switchport - display descriptionField DescriptionBroadcast threshold Shows if broadcast storm suppre

INITIAL CONFIGURATION2-8Resilient ConfigurationIf a unit in the stack fails, the unit numbers will not change. This means that when you replace a unit

COMMAND LINE INTERFACE4-188Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port.port monitorThis comma

MIRROR PORT COMMANDS4-189Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach

COMMAND LINE INTERFACE4-190Example The following shows mirroring configured from port 6 to port 11.Rate Limit CommandsThis function allows the network

RATE LIMIT COMMANDS4-191rate-limitThis command defines the rate limit for a specific interface. Use this command without specifying a rate to restore

COMMAND LINE INTERFACE4-192Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of

LINK AGGREGATION COMMANDS4-193Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding

COMMAND LINE INTERFACE4-194channel-group This command adds a port to a trunk. Use the no form to remove a port from a trunk.Syntax channel-group chann

LINK AGGREGATION COMMANDS4-195Command Mode Interface Configuration (Ethernet)Command Usage • The ports on both ends of an LACP trunk must be configure

COMMAND LINE INTERFACE4-196ExampleThe following shows LACP enabled on ports 10-12. Because LACP has also been enabled on the ports at the other end of

LINK AGGREGATION COMMANDS4-197lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default s

BASIC CONFIGURATION2-93. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)4. The session

COMMAND LINE INTERFACE4-198lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to restor

LINK AGGREGATION COMMANDS4-199lacp admin-key (Port Channel)This command configures a port channel's LACP administration key string. Use the no fo

COMMAND LINE INTERFACE4-200lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lacp {a

LINK AGGREGATION COMMANDS4-201show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbors | sys-i

COMMAND LINE INTERFACE4-202Table 4-50 show lacp counters - display descriptionField DescriptionLACPDUs Sent Number of valid LACPDUs transmitted from t

LINK AGGREGATION COMMANDS4-203LACPDUs InternalNumber of seconds before invalidating received LACPDU information.LACP System PriorityLACP system priori

COMMAND LINE INTERFACE4-204Console#show lacp 1 neighborsChannel group 1 neighbors-------------------------------------------------------------------Et

LINK AGGREGATION COMMANDS4-205Console#show lacp 1 sysidChannel group System Priority System MAC Address-----------------------------------------

COMMAND LINE INTERFACE4-206Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

ADDRESS TABLE COMMANDS4-207• action - delete-on-reset - Assignment lasts until the switch is reset. - permanent - Assignment is permanent. Default Set

INITIAL CONFIGURATION2-10Setting an IP AddressYou must establish IP address information for the switch to obtain management access through the network

COMMAND LINE INTERFACE4-208Example show mac-address-tableThis command shows classes of entries in the bridge-forwarding database.Syntax show mac-addre

ADDRESS TABLE COMMANDS4-209example, a mask of 00-00-00-00-00-00 means an exact match, and a mask of FF-FF-FF-FF-FF-FF means “any.”• The maximum number

COMMAND LINE INTERFACE4-210show mac-address-table aging-timeThis command shows the aging time for entries in the address table.Default Setting NoneCom

SPANNING TREE COMMANDS4-211spanning-tree mst configuration Accesses MSTP configuration mode GC 4-219mst vlan Adds VLANs to a spanning tree instanceMST

COMMAND LINE INTERFACE4-212spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Syntax

SPANNING TREE COMMANDS4-213spanning-tree modeThis command selects the spanning tree mode for this switch. Use the no form to restore the default.Synta

COMMAND LINE INTERFACE4-214- RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires, RSTP res

SPANNING TREE COMMANDS4-215Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., disca

COMMAND LINE INTERFACE4-216spanning-tree max-ageThis command configures the spanning tree bridge maximum age globally for this switch. Use the no form

SPANNING TREE COMMANDS4-217spanning-tree priorityThis command configures the spanning tree priority globally for this switch. Use the no form to resto

BASIC CONFIGURATION2-113. Type “exit” to return to the global configuration mode prompt. Press <Enter>. 4. To set the IP address of the default

COMMAND LINE INTERFACE4-218Default Setting Long methodCommand Mode Global ConfigurationCommand Usage The path cost method is used to determine the bes

SPANNING TREE COMMANDS4-219spanning-tree mst configuration Use this command to change to Multiple Spanning Tree (MST) configuration mode. Default Sett

COMMAND LINE INTERFACE4-220Command Mode MST ConfigurationCommand Usage • Use this command to group VLANs into spanning tree instances. MSTP generates

SPANNING TREE COMMANDS4-221mst priorityThis command configures the priority of a spanning tree instance. Use the no form to restore the default.Syntax

COMMAND LINE INTERFACE4-222nameThis command configures the name for the multiple spanning tree region in which this switch is located. Use the no form

SPANNING TREE COMMANDS4-223Default Setting 0Command Mode MST ConfigurationCommand Usage The MST region name (page 4-222) and revision number are used

COMMAND LINE INTERFACE4-224Command Usage A MSTI region is treated as a single node by the STP and RSTP protocols. Therefore, the message age for BPDUs

SPANNING TREE COMMANDS4-225spanning-tree costThis command configures the spanning tree path cost for the specified interface. Use the no form to resto

COMMAND LINE INTERFACE4-226spanning-tree port-priorityThis command configures the priority for the specified interface. Use the no form to restore the

SPANNING TREE COMMANDS4-227Default Setting DisabledCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • You can enable this op

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

INITIAL CONFIGURATION2-12• To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.3. Type “end” to return to the Privileged

COMMAND LINE INTERFACE4-228Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command is used to enable/disable the fas

SPANNING TREE COMMANDS4-229Default Setting autoCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Specify a point-to-point l

COMMAND LINE INTERFACE4-230Default Setting By default, the system automatically detects the speed and duplex mode used on each port, and configures th

SPANNING TREE COMMANDS4-231spanning-tree mst port-priorityThis command configures the interface priority on a spanning instance in the Multiple Spanni

COMMAND LINE INTERFACE4-232spanning-tree protocol-migrationThis command re-checks the appropriate BPDU format to send on the selected interface. Synta

SPANNING TREE COMMANDS4-233show spanning-treeThis command shows the configuration for the common spanning tree (CST) or for an instance within the mul

COMMAND LINE INTERFACE4-234ExampleConsole#show spanning-treeSpanning-tree information--------------------------------------------------------------- S

VLAN COMMANDS4-235show spanning-tree mst configurationThis command shows the multiple spanning tree configuration.Command Mode Privileged ExecExampleV

COMMAND LINE INTERFACE4-236Editing VLAN Groupsvlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediat

VLAN COMMANDS4-237Example Related Commands show vlan (4 -246)vlanThis command configures a VLAN. Use the no form to restore the default settings or de

BASIC CONFIGURATION2-13The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients. To provide management access for version 1 o

COMMAND LINE INTERFACE4-238Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.Related Command

VLAN COMMANDS4-239interface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLAN parameters for a physical

COMMAND LINE INTERFACE4-240switchport modeThis command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax s

VLAN COMMANDS4-241switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore the defa

COMMAND LINE INTERFACE4-242switchport ingress-filtering This command enables ingress filtering for an interface. Use the no form to restore the defaul

VLAN COMMANDS4-243switchport native vlanThis command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default.Sy

COMMAND LINE INTERFACE4-244switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the defaul

VLAN COMMANDS4-245• If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the f

COMMAND LINE INTERFACE4-246Example The following example shows how to prevent port 1 from being added to VLAN 3.Displaying VLAN Informationshow vlanTh

VLAN COMMANDS4-247Example The following example shows how to display information for VLAN 1.Configuring Private VLANsPrivate VLANs provide port-based

INITIAL CONFIGURATION2-14Note: If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you delete both of the defau

COMMAND LINE INTERFACE4-248Command Mode Global ConfigurationCommand Usage• A private VLAN provides port-based security and isolation between ports wit

VLAN COMMANDS4-249Configuring Protocol-based VLANsThe network devices required to support multiple protocols cannot be easily grouped into a common VL

COMMAND LINE INTERFACE4-2503. Then map the protocol for each interface to the appropriate VLAN using the protocol-vlan protocol-group command (Interfa

VLAN COMMANDS4-251protocol-vlan protocol-group (Configuring Interfaces)This command maps a protocol group to a VLAN for the current interface. Use the

COMMAND LINE INTERFACE4-252Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group

VLAN COMMANDS4-253show interfaces protocol-vlan protocol-groupThis command shows the mapping from protocol groups to VLANs for the selected interfaces

COMMAND LINE INTERFACE4-254GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN information i

GVRP AND BRIDGE EXTENSION COMMANDS4-255Command Mode Global ConfigurationCommand Usage GVRP defines a way for switches to exchange VLAN information in

COMMAND LINE INTERFACE4-256switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefault Setti

GVRP AND BRIDGE EXTENSION COMMANDS4-257garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the

BASIC CONFIGURATION2-15MIB-2 tree branch, and then another view that includes the IEEE 802.1D bridge MIB. It assigns these respective read and read/wr

COMMAND LINE INTERFACE4-258Example Related Commandsshow garp timer (4 -258)show garp timerThis command shows the GARP timers for the selected interfac

PRIORITY COMMANDS4-259Priority CommandsThe commands described in this section allow you to specify which data packets have greater precedence when tra

COMMAND LINE INTERFACE4-260Priority Commands (Layer 2)queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for

PRIORITY COMMANDS4-261Default Setting Weighted Round RobinCommand Mode Global ConfigurationCommand Usage You can set the switch to service the queues

COMMAND LINE INTERFACE4-262Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.

PRIORITY COMMANDS4-263Default Setting Weights 1, 2, 4, 6, 8, 10, 12, 14 are assigned to queues 0 - 7 respectively.Command Mode Interface Configuration

COMMAND LINE INTERFACE4-264Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for

PRIORITY COMMANDS4-265show queue modeThis command shows the current queue mode.Default Setting NoneCommand Mode Privileged ExecExample show queue band

COMMAND LINE INTERFACE4-266show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interface • eth

PRIORITY COMMANDS4-267Priority Commands (Layer 3 and 4)Table 4-66 Priority Commands (Layer 3 and 4)Command Function Mode Pagemap ip port Enables TCP/

INITIAL CONFIGURATION2-16Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, W

COMMAND LINE INTERFACE4-268map ip port (Global Configuration)This command enables IP port mapping (i.e., class of service mapping for TCP/UDP sockets)

PRIORITY COMMANDS4-269Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP Port, IP

COMMAND LINE INTERFACE4-270Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface Configuration

PRIORITY COMMANDS4-271Example The following example shows how to map IP precedence value 1 to CoS value 0:map ip dscp (Global Configuration)This comma

COMMAND LINE INTERFACE4-272map ip dscp (Interface Configuration)This command sets IP DSCP priority (i.e., Differentiated Services Code Point priority)

PRIORITY COMMANDS4-273Example The following example shows how to map IP DSCP value 1 to CoS value 0.show map ip portUse this command to show the IP po

COMMAND LINE INTERFACE4-274show map ip precedenceThis command shows the IP precedence priority map.Syntax show map ip precedence [interface]interface

PRIORITY COMMANDS4-275show map ip dscpThis command shows the IP DSCP priority map.Syntax show map ip dscp [interface]interface • ethernet unit/port -

COMMAND LINE INTERFACE4-276Multicast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that

MULTICAST FILTERING COMMANDS4-277ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp

MANAGING SYSTEM FILES2-17Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings

COMMAND LINE INTERFACE4-278Command Mode Global ConfigurationExample The following shows how to statically configure a multicast group on a port.ip igm

MULTICAST FILTERING COMMANDS4-279show ip igmp snoopingThis command shows the IGMP snooping configuration.Default Setting NoneCommand Mode Privileged E

COMMAND LINE INTERFACE4-280Command Mode Privileged ExecCommand Usage Member types displayed include IGMP or USER, depending on selected options.Exampl

MULTICAST FILTERING COMMANDS4-281ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form to disable it.Syntax [no]

COMMAND LINE INTERFACE4-282Command Usage The query count defines how long the querier waits for a response from a multicast client before taking actio

MULTICAST FILTERING COMMANDS4-283ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore th

COMMAND LINE INTERFACE4-284ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the default.S

MULTICAST FILTERING COMMANDS4-285Static Multicast Routing Commandsip igmp snooping vlan mrouterThis command statically configures a multicast router p

COMMAND LINE INTERFACE4-286Example The following shows how to configure port 11 as a multicast router port within VLAN 1:show ip igmp snooping mrouter

IP INTERFACE COMMANDS4-287IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for t

INITIAL CONFIGURATION2-18

COMMAND LINE INTERFACE4-288ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the defau

IP INTERFACE COMMANDS4-289access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address an

COMMAND LINE INTERFACE4-290Example In the following example, the device is reassigned the same address.Related Commands ip address (4 -288)ip default-

IP INTERFACE COMMANDS4-291Related Commands show ip redirects (4 -291)show ip interfaceThis command displays the settings of an IP interface.Default Se

COMMAND LINE INTERFACE4-292pingThis command sends ICMP echo request packets to another node on the network.Syntax ping host [size size] [count count]•

IP INTERFACE COMMANDS4-293ExampleRelated Commands interface (4 -174)Console#ping 10.1.0.9Type ESC to abort.PING to 10.1.0.9, by 5 32-byte payload ICMP

COMMAND LINE INTERFACE4-294

A-1APPENDIX ASOFTWARE SPECIFICATIONSSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Lists

SOFTWARE SPECIFICATIONSA-2Port TrunkingStatic trunks (Cisco EtherChannel compliant)Dynamic trunks (Link Aggregation Control Protocol)Spanning Tree Pro

SOFTWARE SPECIFICATIONSA-3Software LoadingTFTP in-band or XModem out-of-bandSNMPManagement access via MIB databaseTrap management to specified hostsRM

3-1CHAPTER 3CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the sw

SOFTWARE SPECIFICATIONSA-4SNMPv2 (RFC 2571)SNMPv3 (RFC 3414, RFC 2570, RFC 2273, RFC 3411 & RFC 3415)SNTP (RFC 2030)SSH (Version 2.0)TFTP (RFC 135

SOFTWARE SPECIFICATIONSA-5Trap (RFC 1215)UDP MIB (RFC 2012)

SOFTWARE SPECIFICATIONSA-6

B-1APPENDIX BTROUBLESHOOTINGProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet, w

TROUBLESHOOTINGB-2Cannot connect using Secure Shell• If you cannot connect using SSH, you may have exceeded the maximum number of concurrent Telnet/SS

USING SYSTEM LOGSB-3Using System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually cau

TROUBLESHOOTINGB-4

Glossary-1GLOSSARYAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GLOSSARYGlossary-2Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authentication protocol used by this switch to verify the netw

GLOSSARYGlossary-3IEEE 802.1QVLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to differ

CONFIGURING THE SWITCH3-2Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is

GLOSSARYGlossary-4IGMP QueryOn each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on

GLOSSARYGlossary-5Link AggregationSee Port Trunk. Link Aggregation Control Protocol (LACP)Allows ports to automatically negotiate a trunked link with

GLOSSARYGlossary-6Port TrunkDefines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that

GLOSSARYGlossary-7Simple Network Management Protocol (SNMP)The application protocol in the Internet suite of protocols which offers network management

GLOSSARYGlossary-8User Datagram Protocol (UDP)UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport

Index-1Numerics802.1X, port authentication 4-104Aacceptable frame type 3-177, 4-241Access Control List See ACLACLExtended IP 3-88, 4-114, 4-116, 4-12

INDEXIndex-2Eedge port, STA 3-152, 3-155, 4-226event logging 4-56Ffirmwaredisplaying version 3-14, 4-81upgrading 3-23, 4-84GGARP VLAN Registration Pro

INDEXIndex-3multicast groups 3-207, 4-279displaying 4-279static 3-207, 4-277, 4-279multicast servicesconfiguring 3-208, 4-277displaying 3-207, 4-279mu

INDEXIndex-4interface settings 3-149, 3-160, 3-162, 4-225–4-232, 4-233link type 3-152, 3-155, 4-228path cost 3-141, 3-151, 4-225path cost method 3-146

NAVIGATING THE WEB BROWSER INTERFACE3-3Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and pa

38 TeslaIrvine, CA 92618Phone: (949) 679-8000FOR TECHNICAL SUPPORT, CALL:From U.S.A. and Canada (24 hours a day, 7 days a week)(800) SMC-4-YOU; Phn: (

38 TeslaIrvine, CA 92618Phone: (949) 679-8000

-8

iiLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, u

CONFIGURING THE SWITCH3-4Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made

NAVIGATING THE WEB BROWSER INTERFACE3-5Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all

CONFIGURING THE SWITCH3-6Reset Restarts the switch 3-41SNTP 3-42Configuration Configures SNTP client settings, including broadcast mode or a specifie

NAVIGATING THE WEB BROWSER INTERFACE3-7Configuration Configures protocol parameters 3-79Port Configuration Sets the authentication mode for individua

CONFIGURING THE SWITCH3-8Port Broadcast Control Sets the broadcast storm threshold for each port3-123Trunk Broadcast ControlSets the broadcast storm t

NAVIGATING THE WEB BROWSER INTERFACE3-9Trunk Configuration Configures individual trunk settings for STA3-153MSTPVLAN Configuration Configures priorit

CONFIGURING THE SWITCH3-10Private VLANStatus Enables or disables the private VLAN 3-181Link Status Configures the private VLAN 3-181Protocol VLANCon

NAVIGATING THE WEB BROWSER INTERFACE3-11ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule3-199ACL M

CONFIGURING THE SWITCH3-12Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location a

BASIC CONFIGURATION3-13Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator

LIMITED WARRANTYiiiWARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT

CONFIGURING THE SWITCH3-14CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Inf

BASIC CONFIGURATION3-15• Internal Power Status – Displays the status of the internal power supply.Management Software• EPLD Version – Version number o

CONFIGURING THE SWITCH3-16CLI – Use the following command to display version information.Displaying Bridge Extension CapabilitiesThe Bridge MIB includ

BASIC CONFIGURATION3-17• Local VLAN Capable – This switch does not support multiple local bridges outside of the scope of 802.1Q defined VLANs.• GMRP

CONFIGURING THE SWITCH3-18Setting the Switch’s IP Address This section describes how to configure an IP interface for management access over the netwo

BASIC CONFIGURATION3-19• Default Gateway – IP address of the gateway router between this device and management stations that exist on other network se

CONFIGURING THE SWITCH3-20Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

BASIC CONFIGURATION3-21CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart” comm

CONFIGURING THE SWITCH3-22Managing FirmwareYou can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stac

BASIC CONFIGURATION3-23Downloading System Software from a ServerWhen downloading runtime code, you can specify the destination file name to replace th

LIMITED WARRANTYiv

CONFIGURING THE SWITCH3-24If you download to a new destination file, go to the File Management, Set Start-Up menu, mark the operation code file used a

BASIC CONFIGURATION3-25CLI – To download new firmware from a TFTP server, enter the IP address of the TFTP server, select “config” as the file type, t

CONFIGURING THE SWITCH3-26- running-config to startup-config – Copies the running config to the startup config.- running-config to tftp – Copies the

BASIC CONFIGURATION3-27Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set it a

CONFIGURING THE SWITCH3-28CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switc

BASIC CONFIGURATION3-29• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon

CONFIGURING THE SWITCH3-30Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply.Figure 3-13

BASIC CONFIGURATION3-31Telnet SettingsYou can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Manag

CONFIGURING THE SWITCH3-32Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.Figure 3-14 Configu

BASIC CONFIGURATION3-33Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that are

iiiCONTENTS1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Key Features . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-34• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For e

BASIC CONFIGURATION3-35CLI – Enable system logging and then specify the level of messages to be logged to RAM and flash memory. Use the show logging c

CONFIGURING THE SWITCH3-36• Host IP Address – Specifies a new server IP address to add to the Host IP List.Web – Click System, Log, Remote Logs. To ad

BASIC CONFIGURATION3-37Displaying Log MessagesUse the Logs page to scroll through the logged system and event messages. The switch can store up to 204

CONFIGURING THE SWITCH3-38Command Attributes• Admin Status – Enables/disables the SMTP function. (Default: Enabled)• Email Source Address – Sets the e

BASIC CONFIGURATION3-39Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an IP

CONFIGURING THE SWITCH3-40CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and speci

BASIC CONFIGURATION3-41therefore remember to save the current configuration after renumbering the stack.• For a line topology, the stack is numbered f

CONFIGURING THE SWITCH3-42Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic up

BASIC CONFIGURATION3-43Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply.Figure 3-21 SNTP ConfigurationCLI – T