Microsoft ES4612 Manual do Utilizador

thereisnoedgelimitthereisnopermanentcorethereisnoedgelimitthereisnopermanentcoreGigabit Ethernet SwitchManagement Guide

ContentsxDisplaying Neighbor Information 3-264Chapter 4: Command Line Interface 4-1Using the Command Line Interface 4-1Accessing the CLI 4-1Consol

Configuring the Switch3-523Notes: 1. To use SSH with only password authentication, the host public key must still be given to the client, either durin

User Authentication3-533Web – Click Security, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host k

Configuring the Switch3-543Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status –

User Authentication3-553CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the

Configuring the Switch3-563• If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configur

User Authentication3-573CLI – This example sets the command mode to Port 5, sets the port security action to send a trap and disable the port, and spe

Configuring the Switch3-583The operation of dot1x on the switch requires the following:• The switch must have an IP address assigned.• RADIUS authenti

User Authentication3-593Web – Click 802.1x, Information.Figure 3-35 802.1X InformationCLI – This example shows the default protocol settings for dot

Configuring the Switch3-603Configuring 802.1x Global SettingsThe dot1x protocol includes global parameters that control the client authentication proc

User Authentication3-613Web – Select Security, 802.1x, Configuration. Enable dot1x globally for the switch, modify any of the parameters required, and

ContentsxiSystem Management Commands 4-25Device Designation Commands 4-25prompt 4-26hostname 4-26User Access Commands 4-27username 4-27enable passw

Configuring the Switch3-623• Supplicant – Indicates the MAC address of a connected client.• Trunk – Indicates if the port is configured as a trunk por

User Authentication3-633Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the statisti

Configuring the Switch3-643CLI – This example displays the dot1x statistics for port 4.Filtering IP Addresses for Management AccessYou can specify the

User Authentication3-653Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interfa

Configuring the Switch3-663Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4

Access Control Lists3-673Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Name

Configuring the Switch3-683and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned.Web – Specify the

Access Control Lists3-693Configuring an Extended IP ACLCommand Attributes• Action – An ACL can contain either all permit rules or all deny rules. (Def

Configuring the Switch3-703Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-713Configuring a MAC ACLCommand Attributes• Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rul

ContentsxiiTime Commands 4-53sntp client 4-53sntp server 4-54sntp poll 4-55show sntp 4-55clock timezone 4-56calendar set 4-57show calendar 4-5

Configuring the Switch3-723Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-733Configuring ACL MasksYou must specify masks that control the order in which ACL rules are checked. The switch includes two sy

Configuring the Switch3-743Configuring an IP ACL MaskThis mask defines the fields to check in the IP header. Command Usage• Masks that include an entr

Access Control Lists3-753Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source o

Configuring the Switch3-763Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mas

Access Control Lists3-773CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules

Configuring the Switch3-783Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egres

Port Configuration3-793• Media Type6 – Shows the forced/preferred port type to use for combination ports 9-12. (Copper-Forced, Copper-Preferred-Auto,

Configuring the Switch3-803• Flow control – Shows if flow control is enabled or disabled.• LACP – Shows if LACP is enabled or disabled.• Port Security

Port Configuration3-813Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface

Contentsxiiidot1x operation-mode 4-82dot1x re-authenticate 4-82dot1x re-authentication 4-83dot1x timeout quiet-period 4-83dot1x timeout re-authper

Configuring the Switch3-823Note: Auto-negotiation must be disabled before you can configure or force the interface to use the Speed/Duplex Mode or Flo

Port Configuration3-833Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk offer

Configuring the Switch3-843Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of differ

Port Configuration3-853CLI – This example creates trunk 2 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to

Configuring the Switch3-863Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After y

Port Configuration3-873Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following

Configuring the Switch3-883Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can

Port Configuration3-893Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Infor

Configuring the Switch3-903Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for

Port Configuration3-913Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-54

Contentsxivsnmp-server engine-id 4-119show snmp engine-id 4-119snmp-server view 4-120show snmp view 4-121snmp-server group 4-121show snmp group

Configuring the Switch3-923Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for

Port Configuration3-933Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if application

Configuring the Switch3-943CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and t

Port Configuration3-953Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then att

Configuring the Switch3-963Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or rece

Port Configuration3-973Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs,

Configuring the Switch3-983Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been

Port Configuration3-993Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of good fr

Configuring the Switch3-1003Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at

Address Table Settings3-1013CLI – This example shows statistics for port 12.Address Table SettingsSwitches store the addresses for all known devices.

ContentsxvInterface Commands 4-149interface 4-149description 4-150speed-duplex 4-150negotiation 4-151capabilities 4-152media-type 4-154shutdown 4-154

Configuring the Switch3-1023Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Address Table Settings3-1033Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Configuring the Switch3-1043Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Stat

Spanning Tree Algorithm Configuration3-1053Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Da

Configuring the Switch3-1063• Hello Time – Interval (in seconds) at which the root device transmits a configuration message. • Forward Delay – The max

Spanning Tree Algorithm Configuration3-1073information that would make it return to a discarding state; otherwise, temporary data loops might result.•

Configuring the Switch3-1083CLI – This command displays global STA settings, followed by settings for each port. Note:The current root port and curren

Spanning Tree Algorithm Configuration3-1093• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must c

Configuring the Switch3-1103• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning

Spanning Tree Algorithm Configuration3-1113Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-64

Contentsxvispanning-tree edge-port 4-181spanning-tree portfast 4-182spanning-tree link-type 4-183spanning-tree mst cost 4-183spanning-tree mst por

Configuring the Switch3-1123CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters.

Spanning Tree Algorithm Configuration3-1133• Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. Thi

Configuring the Switch3-1143• Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for all ports on a s

Spanning Tree Algorithm Configuration3-1153CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RST

Configuring the Switch3-1163Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numer

Spanning Tree Algorithm Configuration3-1173Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes,

Configuring the Switch3-1183To ensure that the MSTI maintains connectivity across the network, you must configure a related set of bridges with the sa

Spanning Tree Algorithm Configuration3-1193CLI – This displays STA settings for instance 1, followed by settings for each port. CLI – This example set

Configuring the Switch3-1203Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display the current statu

Spanning Tree Algorithm Configuration3-1213Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usi

Contentsxviishow queue cos-map 4-212Priority Commands (Layer 3 and 4) 4-213map ip port (Global Configuration) 4-213map ip port (Interface Configur

Configuring the Switch3-1223• MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower values s

VLAN Configuration3-1233VLAN ConfigurationConfiguring IEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subne

Configuring the Switch3-1243Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags sh

VLAN Configuration3-1253these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine secur

Configuring the Switch3-1263Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange

VLAN Configuration3-1273CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN a

Configuring the Switch3-1283Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4094, no leading zeroes).• Type – Shows how this VLAN was added

VLAN Configuration3-1293Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to

Configuring the Switch3-1303Command Attributes• VLAN – ID of configured VLAN (1-4094, no leading zeroes).• Name – Name of the VLAN (1 to 32 characters

VLAN Configuration3-1313CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VLAN S

Contentsxviiiarp 4-241arp-timeout 4-242clear arp-cache 4-242show arp 4-242ip proxy-arp 4-243IP Routing Commands 4-244Global Routing Configuration

Configuring the Switch3-1323Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLA

VLAN Configuration3-1333Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-300

Configuring the Switch3-1343CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the

VLAN Configuration3-1353Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports des

Configuring the Switch3-1363Configuring Protocol GroupsCreate a protocol group for one or more protocols.Command Attributes• Protocol Group ID – Group

VLAN Configuration3-1373- If the frame is untagged and the protocol type matches, the frame is forwarded to the appropriate VLAN.- If the frame is unt

Configuring the Switch3-1383Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedence when

Class of Service Configuration3-1393Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfa

Configuring the Switch3-1403Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using eight pri

Class of Service Configuration3-1413Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS va

Contentsxixip ospf hello-interval 4-276ip ospf priority 4-276ip ospf retransmit-interval 4-277ip ospf transmit-delay 4-278show ip ospf 4-278show

Configuring the Switch3-1423Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

Class of Service Configuration3-1433Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), ente

Configuring the Switch3-1443Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of priori

Class of Service Configuration3-1453Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining ei

Configuring the Switch3-1463CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value

Class of Service Configuration3-1473Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service

Configuring the Switch3-1483Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port number (i.e.

Class of Service Configuration3-1493CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1)

Configuring the Switch3-1503Web – Click Priority, ACL CoS Priority. Select a port, select an ACL rule, specify a CoS priority, then click Add.Figure 3

Class of Service Configuration3-1513Command Attributes• Port – Port identifier.• Name16 – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence

ContentsxxRouter Redundancy Commands 4-311Virtual Router Redundancy Protocol Commands 4-311vrrp ip 4-312vrrp authentication 4-313vrrp priority 4-

Configuring the Switch3-1523Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A

Multicast Filtering3-1533Based on the group membership information learned from IGMP, a router/switch can determine which (if any) multicast traffic n

Configuring the Switch3-1543Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Bas

Multicast Filtering3-1553Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default setti

Configuring the Switch3-1563Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informa

Multicast Filtering3-1573Specifying Static Interfaces for a Multicast RouterDepending on your network connections, IGMP snooping may not always be abl

Configuring the Switch3-1583Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multic

Multicast Filtering3-1593Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query me

Configuring the Switch3-1603Layer 3 IGMP (Query used with Multicast Routing)IGMP Snooping – IGMP Snooping is a Layer 2 function (page 3-154) that can

Multicast Filtering3-1613• Last Member Query Interval – A multicast client sends an IGMP leave message when it leaves a group. The router then checks

xxiTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-6Table 3-1 Web Page Configuration Buttons 3-3Table 3-2 Switch Main Menu 3-4Table 3-

Configuring the Switch3-1623Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parame

Multicast Filtering3-1633Displaying Multicast Group InformationWhen IGMP (Layer 3) is enabled on this switch the current multicast groups learned via

Configuring the Switch3-1643Configuring Domain Name ServiceThe Domain Naming System (DNS) service on this switch allows host names to be mapped to IP

Configuring Domain Name Service3-1653Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more

Configuring the Switch3-1663Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are used to

Configuring Domain Name Service3-1673Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.

Configuring the Switch3-1683Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name servers.Fi

Dynamic Host Configuration Protocol3-1693CLI - This example displays all the resource records learned from the designated name servers.Dynamic Host Co

Configuring the Switch3-1703Command Usage You must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP relay agent will

Dynamic Host Configuration Protocol3-1713Configuring the DHCP ServerThis switch includes a Dynamic Host Configuration Protocol (DHCP) server that can

xxiiTablesTable 4-18 show logging flash - display description 4-48Table 4-19 show logging trap - display description 4-49Table 4-20 SMTP Alert Comma

Configuring the Switch3-1723Web – Click DHCP, Server, General. Enter a single address or an address range, and click Add. Figure 3-103 DHCP Server G

Dynamic Host Configuration Protocol3-1733Configuring Address PoolsYou must configure IP address pools for each IP interface that will provide addresse

Configuring the Switch3-1743• Client-Identifier – A unique designation for the client device, either a text string (1-15 characters) or hexadecimal va

Dynamic Host Configuration Protocol3-1753Configuring a Network Address PoolWeb – Click DHCP, Server, Pool Configuration. Click the Configure button fo

Configuring the Switch3-1763Configuring a Host Address PoolWeb – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Cli

Dynamic Host Configuration Protocol3-1773Displaying Address BindingsYou can display the host devices which have acquired an IP address from this switc

Configuring the Switch3-1783Configuring Router RedundancyRouter redundancy protocols use a virtual IP address to support a primary router and multiple

Configuring Router Redundancy3-1793• Several virtual master routers configured for mutual backup and load sharing. Load sharing can be accomplished by

Configuring the Switch3-1803• VRRP creates a virtual MAC address for the master router based on a standard prefix, with the last octet equal to the gr

Configuring Router Redundancy3-1813Command Attributes (VRRP Group Configuration Detail)• Associated IP Table – IP interfaces associated with this virt

xxiiiTablesTable 4-63 Priority Commands 4-207Table 4-64 Priority Commands (Layer 2) 4-207Table 4-65 Default CoS Priority Levels 4-211Table 4-66 Pri

Configuring the Switch3-1823Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add.Figure 3-108 V

Configuring Router Redundancy3-1833Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real i

Configuring the Switch3-1843CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary interface

Configuring Router Redundancy3-1853CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch.Displayi

Configuring the Switch3-1863Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group.Figure 3-111 VRRP Group StatisticsCLI –

Configuring Router Redundancy3-1873Command UsageAddress Assignment – • The designated virtual IP address must be configured on at least one router in

Configuring the Switch3-1883stops sending hello messages or sends other messages indicating that it is no longer acting as the designated router.• You

Configuring Router Redundancy3-1893• Authentication String – Key used to authenticate HSRP packets received from other routers. (Range: 1-8 alphanumer

Configuring the Switch3-1903Web – Click IP, HSRP, Group Configuration. Select the VLAN ID, enter the HSRP group number, and click Add.Figure 3-112 H

Configuring Router Redundancy3-1913Click the Edit button for a group entry to open the detailed configuration window. Set the values for the advertise

xxivTablesTable 4-108 VRRP Commands 4-311Table 4-110 show vrrp brief - display description 4-317Table 4-109 show vrrp - display description 4-317Ta

Configuring the Switch3-1923CLI – This example creates HSRP group 1, sets the virtual router’s address, adds a secondary IP address to the group, spec

IP Routing3-1933IP RoutingOverviewThis switch supports IP routing and routing path management via static routing definitions (page 3-211) and dynamic

Configuring the Switch3-1943IP SwitchingIP Switching (or packet forwarding) encompasses tasks required to forward packets for both Layer 2 and Layer 3

IP Routing3-1953the high throughput and low latency of switching by enabling the traffic to bypass the routing engine once the path calculation has be

Configuring the Switch3-1963Basic IP Interface ConfigurationTo allow routing between different IP subnets, you must enable IP Routing as described in

IP Routing3-1973Configuring IP Routing InterfacesYou can specify the IP subnets connected to this router by manually assigning an IP address to each V

Configuring the Switch3-1983Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subne

IP Routing3-1993Address Resolution Protocol If IP routing is enabled (page 3-196), the router uses its routing tables to make routing decisions, and u

Configuring the Switch3-2003Basic ARP ConfigurationYou can use the ARP General configuration menu to specify the timeout for ARP cache entries, or to

IP Routing3-2013Configuring Static ARP AddressesFor devices that do not respond to ARP requests, traffic will be dropped because the IP address cannot

xxvFiguresFigure 3-1 Home Page 3-2Figure 3-2 Front Panel Indicators 3-3Figure 3-3 System Information 3-11Figure 3-4 Switch Information 3-13Figure

Configuring the Switch3-2023Displaying Dynamically Learned ARP EntriesThe ARP cache contains entries that map IP addresses to the corresponding physic

IP Routing3-2033CLI - This example shows all entries in the ARP cache.Displaying Local ARP EntriesThe ARP cache also contains entries for local interf

Configuring the Switch3-2043CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache.Displaying ARP Stat

IP Routing3-2053CLI - This example provides detailed statistics on common IP-related protocols.Displaying Statistics for IP ProtocolsIP StatisticsThe

Configuring the Switch3-2063Datagrams Forwarded The number of input datagrams for which this entity was not their final IP destination, as a result of

IP Routing3-2073Web - Click IP, Statistics, IP.Figure 3-121 IP StatisticsCLI - See the example on page 3-204.ICMP StatisticsInternet Control Message

Configuring the Switch3-2083Web - Click IP, Statistics, ICMP.Figure 3-122 ICMP StatisticsCLI - See the example on page 3-204.Timestamps The number o

IP Routing3-2093UDP StatisticsUser Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying tr

Configuring the Switch3-2103TCP StatisticsThe Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched

IP Routing3-2113Configuring Static RoutesThis router can dynamically configure routes to other network segments using dynamic routing protocols (i.e.,

xxviFiguresFigure 3-42 ACL Configuration - Extended IP 3-70Figure 3-43 ACL Configuration - MAC 3-72Figure 3-44 ACL Mask Configuration 3-73Figure 3-

Configuring the Switch3-2123Displaying the Routing TableYou can display all the routes that can be accessed via the local network interfaces, via stat

IP Routing3-2133CLI - This example shows routes obtained from various methods.Configuring the Routing Information ProtocolThe RIP protocol is the most

Configuring the Switch3-2143routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks. Moreover, RIP (ve

IP Routing3-2153Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset interfaces to

Configuring the Switch3-2163Specifying Network Interfaces for RIPYou must specify network interfaces that will be included in the RIP routing process.

IP Routing3-2173Configuring Network Interfaces for RIPFor each interface that participates in the RIP routing process, you must specify the protocol m

Configuring the Switch3-2183Protocol Message AuthenticationRIPv1 is not a secure protocol. Any device sending protocol messages from UDP port 520 will

IP Routing3-2193• Authentication Key – Specifies the key to use for authenticating RIPv2 packets. For authentication to function properly, both the se

Configuring the Switch3-2203Displaying RIP Information and StatisticsYou can display basic information about the current global configuration settings

IP Routing3-2213Web - Click Routing Protocol, RIP, Statistics.Figure 3-130 RIP Statistics

xxviiFiguresFigure 3-87 IP DSCP Priority 3-147Figure 3-88 IP Port Priority Status 3-148Figure 3-89 IP Port Priority 3-148Figure 3-90 ACL CoS Priori

Configuring the Switch3-2223CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the

IP Routing3-2233Configuring the Open Shortest Path First ProtocolOpen Shortest Path First (OSPF) is more suited for large area networks which experien

Configuring the Switch3-2243• OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of

IP Routing3-2253• AS Boundary Router20 – Allows this router to exchange routing information with boundary routers in other autonomous systems to which

Configuring the Switch3-2263Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global

IP Routing3-2273Configuring OSPF AreasAn autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default,

Configuring the Switch3-2283 • Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned via OSPF, the

IP Routing3-2293Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default s

Configuring the Switch3-2303Configuring Area Ranges (Route Summarization for ABRs)An OSPF area can include a large number of nodes. If the Area Border

IP Routing3-2313Web - Click Routing Protocol, OSPF, Area Range Configuration. Specify the area identifier, the base address and network mask, select w

xxviiiFiguresFigure 3-132 OSPF Area Configuration 3-229Figure 3-133 OSPF Range Configuration 3-231Figure 3-134 OSPF Interface Configuration 3-234Fi

Configuring the Switch3-2323Configuring OSPF InterfacesYou should specify a routing interface for any local subnet that needs to communicate with othe

IP Routing3-2333- On slow links, the router may send packets more quickly than devices can receive them. To avoid this problem, you can use the transm

Configuring the Switch3-2343- You can assign a unique password to each network (i.e., autonomous system) to improve the security of the routing databa

IP Routing3-2353Change any of the interface-specific protocol parameters, and then click Apply.Figure 3-135 OSPF Interface Configuration - DetailedC

Configuring the Switch3-2363Configuring Virtual LinksAll OSPF areas must connect to the backbone. If an area does not have a direct physical connectio

IP Routing3-2373Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router

Configuring the Switch3-2383Configuring Network Area AddressesOSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricte

IP Routing3-2393Web - Click Routing Protocol, OSPF, Network Area Address Configuration. Configure a backbone area that is contiguous with all the othe

Configuring the Switch3-2403CLI - This example configures the backbone area and one transit area.Console(config-router)#network 10.0.0.0 255.0.0.0 are

IP Routing3-2413Configuring Summary Addresses (for External AS Routes)An Autonomous System Boundary Router (ASBR) can redistribute routes learned from

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent tha

Configuring the Switch3-2423CLI - This example This example creates a summary address for all routes contained in 192.168.x.x.Redistributing External

IP Routing3-2433Web - Click Routing Protocol, OSPF, Redistribute. Specify the protocol type to import, the metric type and path cost, then click Add.F

Configuring the Switch3-2443Note: This router supports up 16 areas, either normal transit areas, stubs, or NSSAs. Web - Click Routing Protocol, OSPF,

IP Routing3-2453Displaying Link State Database InformationOSPF routers advertise routes using Link State Advertisements (LSAs). The full collection of

Configuring the Switch3-2463Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display,

IP Routing3-2473Displaying Information on Border RoutersYou can display entries in the local routing table for Area Border Routers (ABR) and Autonomou

Configuring the Switch3-2483Displaying Information on Neighbor RoutersYou can display about neighboring routers on each interface within an OSPF area.

Multicast Routing3-2493Multicast RoutingThis router can route multicast traffic to different subnetworks using either Distance Vector Multicast Routin

Configuring the Switch3-2503Displaying the Multicast Routing TableYou can display information on each multicast route this router has learned via DVMR

Multicast Routing3-2513Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry.Figure

Management GuideGigabit Ethernet SwitchLayer 3 Workgroup Switch with 8 SFP Ports,and 4 Gigabit Combination (RJ-45/SFP) Ports

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Configuring the Switch3-2523CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multic

Multicast Routing3-2533Configuring DVMRPThe Distance-Vector Multicast Routing Protocol (DVMRP) behaves somewhat similarly to RIP. A router supporting

Configuring the Switch3-2543Command UsageBroadcasting periodically floods the network with traffic from any active multicast server. If IGMP snooping

Multicast Routing3-2553which this device has received probes, and is used to verify whether or not these neighbors are still active members of the mul

Configuring the Switch3-2563Web – Click Routing Protocol, DVMRP, General Settings. Enable or disable DVMRP. Set the global parameters that control nei

Multicast Routing3-2573DVMRP Interface Settings• VLAN – Selects a VLAN interface on this router. • Metric – Sets the metric for this interface used to

Configuring the Switch3-2583Displaying Neighbor InformationYou can display all the neighboring DVMRP routers.Command Attributes• Neighbor Address – Th

Multicast Routing3-2593Displaying the Routing TableThe router learns source-routed information from neighboring DVMRP routers and also advertises lear

Configuring the Switch3-2603CLI – This example displays known DVMRP routes.Configuring PIM-DMProtocol-Independent Multicasting (PIM) provides two diff

Multicast Routing3-2613Web – Click Routing Protocol, PIM-DM, General Settings. Enable or disable PIM-DM globally for the router, and click Apply.Figur

Description of Software Features1-31DHCP Server and DHCP Relay – A DHCP server is provided to assign IP addresses to host devices. Since DHCP uses a b

Configuring the Switch3-2623• Trigger Hello Interval – Configures the maximum time before transmitting a triggered PIM hello message after the router

Multicast Routing3-2633Web – Click Routing Protocol, PIM-DM, Interface Settings. Select a VLAN, enable or disable PIM-DM for the selected interface, m

Configuring the Switch3-2643Displaying Interface InformationYou can display a summary of the current interface status for PIM-DM, including the number

Multicast Routing3-2653Web – Click Routing Protocol, PIM-DM, Neighbor Information.Figure 3-153 PIM-DM Neighbor InformationCLI – This example display

Configuring the Switch3-2663

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword w

Introduction1-41To avoid dropping frames on congested ports, the switch provides 1 MB for frame buffering. This buffer can queue packets awaiting tran

Command Line Interface4-64Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display i

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

Command Line Interface4-84To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to ret

Entering Commands4-94Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

Command Line Interface4-104Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command Group Index

Line Commands4-114The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) VC (VLAN Database Configuration

Command Line Interface4-124lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

Line Commands4-134Command Usage • There are three authentication modes provided by the switch itself at login:- login selects authentication by a sing

Command Line Interface4-144number of times a user can enter an incorrect password before the system terminates the line connection and returns the ter

Line Commands4-154exec-timeoutThis command sets the interval that the system waits until user input is detected. Use the no form to restore the defaul

Description of Software Features1-51This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirement

Command Line Interface4-164Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of

Line Commands4-174databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use the no f

Command Line Interface4-184Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit

Line Commands4-194Default Setting 1 stop bitCommand Mode Line Configuration Example To specify 2 stop bits, enter this command:disconnectThis command

Command Line Interface4-204Command Mode Normal Exec, Privileged ExecExample To show all lines, enter this command:General CommandsConsole#show line Co

General Commands4-214enableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands di

Command Line Interface4-224Example Related Commands enable (4-21)configureThis command activates Global Configuration mode. You must enter this mode t

General Commands4-234Example In this example, the show history command lists the contents of the command history buffer:The ! command repeats commands

Command Line Interface4-244endThis command returns to Privileged Exec mode.Default Setting NoneCommand Mode Global Configuration, Interface Configurat

System Management Commands4-254Example This example shows how to quit a CLI session:System Management CommandsThese commands are used to control syste

Introduction1-61Multicast Routing – Routing for multicast packets is supported by the Distance Vector Multicast Routing Protocol (DVMRP) and Protocol-

Command Line Interface4-264promptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Syntax prompt stringno promptst

System Management Commands4-274User Access CommandsThe basic commands required for management access are listed in this section. This switch also incl

Command Line Interface4-284Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encry

System Management Commands4-294Related Commandsenable (4-21)IP Filter CommandsmanagementThis command specifies the client IP addresses that are allowe

Command Line Interface4-304• You can delete an address range just by specifying the start address, or by specifying both the start address and end add

System Management Commands4-314Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no

Command Line Interface4-324Example Related Commandsip http port (4-31)ip http secure-serverThis command enables the secure hypertext transfer protocol

System Management Commands4-334Example Related Commandsip http secure-port (4-33)copy tftp https-certificate (4-64)ip http secure-portThis command spe

Command Line Interface4-344Telnet Server Commandsip telnet portThis command specifies the TCP port number used by the Telnet interface. Use the no for

System Management Commands4-354Related Commandsip telnet port (4-34)Secure Shell CommandsThe Berkley-standard includes remote access tools originally

System Defaults1-71Web Management HTTP Server EnabledHTTP Port Number 80HTTP Secure Server EnabledHTTP Secure Port Number 443SNMP Community Strings “p

Command Line Interface4-364The SSH server on this switch supports both password and public key authentication. If password authentication is specified

System Management Commands4-374corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this p

Command Line Interface4-384ip ssh timeoutThis command configures the timeout for the SSH server. Use the no form to restore the default setting.Syntax

System Management Commands4-394Example Related Commandsshow ip ssh (4-41)ip ssh server-key sizeThis command sets the SSH server key size. Use the no f

Command Line Interface4-404Example ip ssh crypto host-key generateThis command generates the host key pair (i.e., public and private). Syntax ip ssh c

System Management Commands4-414Command Mode Privileged ExecCommand Usage • This command clears the host key from volatile memory (RAM). Use the no ip

Command Line Interface4-424Example show sshThis command displays the current SSH server connections.Command Mode Privileged ExecExample Console#show i

System Management Commands4-434show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [u

Command Line Interface4-444Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to switch

System Management Commands4-454logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the lo

Introduction1-81Spanning Tree ProtocolStatus Enabled, MSTP(Defaults: All values based on IEEE 802.1s)Fast Forwarding (Edge Port) DisabledAddress Table

Command Line Interface4-464logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to remove

System Management Commands4-474logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved

Command Line Interface4-484Related Commandsshow logging (4-48)show loggingThis command displays the logging configuration, along with any system and e

System Management Commands4-494The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-52)SMTP Alert C

Command Line Interface4-504logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMT

System Management Commands4-514Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to the

Command Line Interface4-524Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to speci

System Management Commands4-534Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintain

Command Line Interface4-544Example Related Commandssntp server (4-54)sntp poll (4-55)show sntp (4-55)sntp serverThis command sets the IP address of th

System Management Commands4-554Related Commandssntp client (4-53)sntp poll (4-55)show sntp (4-55)sntp pollThis command sets the interval between sendi

System Defaults1-91Router Redundancy HSRP DisabledVRRP DisabledMulticast Filtering IGMP Snooping (Layer 2) Snooping: EnabledQuerier: DisabledIGMP (Lay

Command Line Interface4-564Example clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours

System Management Commands4-574calendar setThis command sets the system clock. It may be used if there is no time server on your network, or if you ha

Command Line Interface4-584System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile memory that is

System Management Commands4-594Example Related Commandsshow running-config (4-59)show running-configThis command displays the configuration informati

Command Line Interface4-604- VLAN database (VLAN ID, name and state)- VLAN configuration settings for each interface- Multiple spanning tree instances

System Management Commands4-614show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecComman

Command Line Interface4-624show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.Def

System Management Commands4-634Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Synt

Command Line Interface4-644• Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second. (See the swi

Flash/File Commands4-654Default Setting NoneCommand Mode Privileged ExecCommand Usage • The system prompts for data required to complete the copy comm

Introduction1-101

Command Line Interface4-664The following example shows how to copy the running configuration to a startup file.The following example shows how to down

Flash/File Commands4-674deleteThis command deletes a file or image.Syntax delete filenamefilename - Name of the configuration file or image name.Defau

Command Line Interface4-684Command Usage • If you enter the command dir without any parameters, the system displays all files. • File information is s

Flash/File Commands4-694boot systemThis command specifies the file or image used to start up the system.Syntax boot system {boot-rom| config | opcode}

Command Line Interface4-704Authentication Commands You can configure this switch to authenticate users logging into the system for management access u

Authentication Commands4-714• RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The use

Command Line Interface4-724authentication is attempted on the TACACS+ server. If the TACACS+ server is not available, the local user name and password

Authentication Commands4-734radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax radius-s

Command Line Interface4-744radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radius-serve

Authentication Commands4-754Example TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that u

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-764tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.Syntax tac

Authentication Commands4-774show tacacs-serverThis command displays the current settings for the TACACS+ server.Default Setting NoneCommand Mode Privi

Command Line Interface4-784port securityThis command enables or configures port security. Use the no form without any keywords to disable port securit

Authentication Commands4-794Example The following example enables port security for port 5, and sets the response to a security violation to issue a t

Command Line Interface4-804authentication dot1x defaultThis command sets the default authentication server type. Use the no form to restore the defaul

Authentication Commands4-814Command ModeGlobal ConfigurationExampledot1x port-controlThis command sets the dot1x mode on a port interface. Use the no

Command Line Interface4-824dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the

Authentication Commands4-834Command ModePrivileged ExecExampledot1x re-authenticationThis command enables periodic re-authentication globally for all

Command Line Interface4-844dot1x timeout re-authperiodThis command sets the time period after which a connected client must be re-authenticated. Synta

Authentication Commands4-854show dot1xThis command shows general port authentication related settings on the switch or a specific interface.Syntaxshow

ES4612F1.0.2.5 E092004-R01150000046400A

Initial Configuration2-22• Configure Spanning Tree parameters• Configure Class of Service (CoS) priority queuing• Configure up to 6 static or LACP tru

Command Line Interface4-864• Backend State Machine - State – Current state (including request, response, success, fail, timeout, idle, initialize).- R

Access Control List Commands4-874Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, prot

Command Line Interface4-884The order in which active ACLs are checked is as follows:1. User-defined rules in the Egress MAC ACL for egress ports.2. Us

Access Control List Commands4-894access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Us

Command Line Interface4-904permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packets ema

Access Control List Commands4-914permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for pack

Command Line Interface4-924Command Usage• All new rules are appended to the end of the list.• Address bitmasks are similar to a subnet mask, containin

Access Control List Commands4-934Related Commandsaccess-list ip (4-89)show ip access-list This command displays the rules for configured IP ACLs.Synta

Command Line Interface4-944Command Usage• A mask can only be used by all ingress ACLs or all egress ACLs.• The precedence of the ACL rules applied to

Access Control List Commands4-954Command ModeIP MaskCommand Usage• Packets crossing a port are checked against all the rules in the ACL until a match

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-964This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit acces

Access Control List Commands4-974This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other pac

Command Line Interface4-984Related Commandsmask (IP ACL) (4-94)ip access-group This command binds a port to an IP ACL. Use the no form to remove the p

Access Control List Commands4-994Related Commandsip access-group (4-98)map access-list ip This command sets the output queue for packets matching an A

Command Line Interface4-1004show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value det

Access Control List Commands4-1014Command Usage• You must configure an ACL mask before you can change frame priorities based on an ACL rule.• Traffic

Command Line Interface4-1024MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to rem

Access Control List Commands4-1034Example Related Commandspermit, deny 4-103mac access-group (4-108)show mac access-list (4-104)permit, deny (MAC ACL)

Command Line Interface4-1044• destination – Destination MAC address range with bitmask.• address-bitmask25 – Bitmask for MAC address (in hexidecimal f

Access Control List Commands4-1054Example Related Commandspermit, deny 4-103mac access-group (4-108)access-list mac mask-precedence This command chang

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-1064mask (MAC ACL)This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use th

Access Control List Commands4-1074ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of

Command Line Interface4-1084show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs.Syntaxshow access-li

Access Control List Commands4-1094Related Commandsshow mac access-list (4-104)show mac access-groupThis command shows the ports assigned to MAC ACLs.C

Command Line Interface4-1104Example Related Commandsqueue cos-map (4-210)show map access-list mac (4-110) show map access-list mac This command shows

Access Control List Commands4-1114match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching the defined ACL rule

Command Line Interface4-1124ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined masks.Com

SNMP Commands4-1134SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well a

Command Line Interface4-1144Command Mode Global ConfigurationExampleshow snmpThis command can be used to check the status of SNMP communications.Defau

SNMP Commands4-1154snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified comm

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1164Related Commandssnmp-server location (4-116)snmp-server locationThis command sets the system location string. Use the no f

SNMP Commands4-1174snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no fo

Command Line Interface4-1184supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notific

SNMP Commands4-1194Related Commandssnmp-server host (4-117)snmp-server engine-idThis command configures an identification string for the SNMPv3 engine

Command Line Interface4-1204snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP vi

SNMP Commands4-1214show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis command ad

Command Line Interface4-1224Default Setting Default groups: public26 (read only), private27 (read/write)readview - Every object belonging to the Inter

SNMP Commands4-1234show snmp groupFour default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access and r

Command Line Interface4-1244snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View.

SNMP Commands4-1254Exampleshow snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample snmp ip filterThis command se

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1264Command Usage • You can create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch

DHCP Commands4-1274ip dhcp client-identifierThis command specifies the DCHP client identifier for the current interface. Use the no form to remove thi

Command Line Interface4-1284Example In the following example, the device is reassigned the same address.Related Commands ip address (4-236)DHCP Relay

DHCP Commands4-1294Example In the following example, the device is reassigned the same address.Related Commandsip dhcp relay server (4-129)ip dhcp rel

Command Line Interface4-1304DHCP Server service dhcpThis command enables the DHCP server on this switch. Use the no form to disable the DHCP server.Sy

DHCP Commands4-1314Example ip dhcp excluded-addressThis command specifies IP addresses that the DHCP server should not assign to DHCP clients. Use the

Command Line Interface4-1324host command must fall within the range of a configured network address pool.Example Related Commandsnetwork (4-132)host (

DHCP Commands4-1334default-routerThis command specifies default routers for a DHCP pool. Use the no form to remove the default routers.Syntax default-

Command Line Interface4-1344dns-serverThis command specifies the Domain Name System (DNS) IP servers available to a DHCP client. Use the no form to re

DHCP Commands4-1354bootfileThis command specifies the name of the default boot image for a DHCP client. This file should placed on the Trivial File Tr

Basic Configuration2-72The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

Command Line Interface4-1364Related Commandsnetbios-node-type (4-136)netbios-node-typeThis command configures the NetBIOS node type for Microsoft DHCP

DHCP Commands4-1374Default SettingOne dayCommand Modes DHCP Pool ConfigurationExample The following example leases an address to clients using this po

Command Line Interface4-1384•The no host command only clears the address from the DHCP server database. It does not cancel the IP address currently in

DHCP Commands4-1394hardware-addressThis command specifies the hardware address of a DHCP client. This command is valid for manual bindings only. Use t

Command Line Interface4-1404Usage Guidelines •An address specifies the client’s IP address. If an asterisk (*) is used as the address parameter, the D

DNS Commands4-1414DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS

Command Line Interface4-1424Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than

DNS Commands4-1434Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-143)ip name-server (4-144)ip domain-l

Command Line Interface4-1444ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-name (

DNS Commands4-1454ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4-142)ip do

Initial Configuration2-82Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a vi

Command Line Interface4-1464ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (4-142)ip name-server

DNS Commands4-1474show dnsThis command displays the configuration of the DNS server.Command Mode Privileged ExecExampleshow dns cacheThis command disp

Command Line Interface4-1484clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleConsole#clear dns cache

Interface Commands4-1494Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

Command Line Interface4-1504Command Mode Global Configuration Example To specify port 4, enter the following command:descriptionThis command adds a de

Interface Commands4-1514Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex settin

Command Line Interface4-1524• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Exampl

Interface Commands4-1534Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Commands ne

Command Line Interface4-1544ExampleThe following example enables flow control on port 5.Related Commands negotiation (4-151)capabilities (flowcontrol,

Interface Commands4-1554Default Setting All interfaces are enabled.Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage This com

Managing System Files2-92Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, w

Command Line Interface4-1564Example The following shows how to configure broadcast storm control at 600 packets per second: clear countersThis command

Interface Commands4-1574show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface • e

Command Line Interface4-1584show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface •

Interface Commands4-1594show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Syntax s

Command Line Interface4-1604Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis com

Mirror Port Commands4-1614Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attac

Command Line Interface4-1624Example The following shows mirroring configured from port 6 to port 11:Rate Limit CommandsThis function allows the networ

Link Aggregation Commands4-1634ExampleLink Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the ba

Command Line Interface4-1644channel-group This command adds a port to a trunk. Use the no form to remove a port from a trunk.Syntax channel-group chan

Link Aggregation Commands4-1654• If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If mo

Initial Configuration2-102

Command Line Interface4-1664Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands4-1674Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this com

Command Line Interface4-1684Default Setting NoneCommand Mode Privileged ExecCommand Usage • The MAC Address Table contains the MAC addresses associate

Spanning Tree Commands4-1694Example show mac-address-table aging-timeThis command shows the aging time for entries in the address table.Default Settin

Command Line Interface4-1704spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Spanning Tree Commands4-1714Example This example shows how to enable the Spanning Tree Algorithm for the switch:spanning-tree modeThis command selects

Command Line Interface4-1724• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must configure a rela

Spanning Tree Commands4-1734spanning-tree hello-timeThis command configures the spanning tree bridge hello time globally for this switch. Use the no f

Command Line Interface4-1744configuration message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected

Spanning Tree Commands4-1754Default Setting Long methodCommand Mode Global ConfigurationCommand Usage The path cost method is used to determine the be

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

Command Line Interface4-1764Command Mode Global ConfigurationExample Related Commands mst vlan (4-176)mst priority (4-177)name (4-177)revision (4-178)

Spanning Tree Commands4-1774Example mst priorityThis command configures the priority of a spanning tree instance. Use the no form to restore the defau

Command Line Interface4-1784Default Setting Switch’s MAC addressCommand Mode MST ConfigurationCommand Usage The MST region name and revision number (p

Spanning Tree Commands4-1794max-hopsThis command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to re

Command Line Interface4-1804spanning-tree costThis command configures the spanning tree path cost for the specified interface. Use the no form to rest

Spanning Tree Commands4-1814Default Setting 128Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the p

Command Line Interface4-1824Example Related Commandsspanning-tree portfast (4-182)spanning-tree portfastThis command sets an interface to fast forward

Spanning Tree Commands4-1834spanning-tree link-typeThis command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree. Use the n

Command Line Interface4-1844Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex:

Spanning Tree Commands4-1854interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. • W

vContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-6Chapter 2: Initial Configuration 2-

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-1864show spanning-treeThis command shows the configuration for the common spanning tree (CST) or for an instance within the mu

Spanning Tree Commands4-1874ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------

Command Line Interface4-1884show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privil

VLAN Commands4-1894Editing VLAN Groupsvlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.Defa

Command Line Interface4-1904vlanThis command configures a VLAN. Use the no form to restore the default settings or delete a VLAN.Syntax vlan vlan-id [

VLAN Commands4-1914Configuring VLAN Interfacesinterface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLA

Command Line Interface4-1924switchport modeThis command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax

VLAN Commands4-1934Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage When set to receive all frame types, any received frames

Command Line Interface4-1944Example The following example shows how to set the interface to port 1 and then enable ingress filtering:switchport native

VLAN Commands4-1954switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Syntax

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

Command Line Interface4-1964switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Sy

VLAN Commands4-1974Displaying VLAN Informationshow vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keywor

Command Line Interface4-1984Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. T

VLAN Commands4-1994show pvlanThis command displays the configured private VLAN.Command Mode Privileged ExecExampleConfiguring Protocol-based VLANsThe

Command Line Interface4-2004protocol-vlan protocol-group (Configuring Groups)This command creates a protocol group, or to add specific protocols to a

VLAN Commands4-2014Command Usage • When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces using any of

Command Line Interface4-2024show interfaces protocol-vlan protocol-groupThis command shows the mapping from protocol groups to VLANs for the selected

GVRP and Bridge Extension Commands4-2034GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN

Command Line Interface4-2044show bridge-extThis command shows the configuration for bridge extension commands.Default Setting NoneCommand Mode Privile

GVRP and Bridge Extension Commands4-2054show gvrp configurationThis command shows if GVRP is enabled.Syntax show gvrp configuration [interface]interfa

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Command Line Interface4-2064Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes f

Priority Commands4-2074Related Commandsgarp timer (4-205)Priority CommandsThe commands described in this section allow you to specify which data packe

Command Line Interface4-2084queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS)

Priority Commands4-2094switchport priority defaultThis command sets a priority for incoming untagged frames. Use the no form to restore the default va

Command Line Interface4-2104queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queue

Priority Commands4-2114Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for eac

Command Line Interface4-2124Example show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the eight priori

Priority Commands4-2134Example Priority Commands (Layer 3 and 4) map ip port (Global Configuration)Use this command to enable IP port mapping (i.e., c

Command Line Interface4-2144Example The following example shows how to enable TCP/UDP port mapping globally:map ip port (Interface Configuration)This

Priority Commands4-2154Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP

Navigating the Web Browser Interface3-53Security 3-36User Accounts Configures user names, passwords, and access levels 3-44Authentication Settings Con

Command Line Interface4-2164map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping).

Priority Commands4-2174Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specifie

Command Line Interface4-2184Default SettingNoneCommand Mode Privileged ExecExample The following shows that HTTP traffic has been mapped to CoS value

Priority Commands4-2194Example Related Commands map ip precedence (Global Configuration) (4-214)map ip precedence (Interface Configuration) (4-215) sh

Command Line Interface4-2204Example Related Commands map ip dscp (Global Configuration) (4-216)map ip dscp (Interface Configuration) (4-216)Multicast

Multicast Filtering Commands4-2214IGMP Snooping Commands ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable

Command Line Interface4-2224Command Mode Global ConfigurationExample The following shows how to statically configure a multicast group on a port:ip ig

Multicast Filtering Commands4-2234Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-154 for a description of the displayed

Command Line Interface4-2244IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form

Multicast Filtering Commands4-2254Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier w

Configuring the Switch3-63Rate Limit 3-96Input Port Configuration Sets the input rate limit for each port 3-96Input Trunk Configuration Sets the in

Command Line Interface4-2264ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore the def

Multicast Filtering Commands4-2274Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this comman

Command Line Interface4-2284Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Ther

Multicast Filtering Commands4-2294IGMP Commands (Layer 3) ip igmpThis command enables IGMP on a VLAN interface. Use the no form of this command to dis

Command Line Interface4-2304Related Commands ip igmp snooping (4-221)show ip igmp snooping (4-222)ip igmp robustval This command specifies the robustn

Multicast Filtering Commands4-2314Command Usage • Multicast routers send host query messages to determine the interfaces that are connected to downstr

Command Line Interface4-2324Related Commands ip igmp version (4-232)ip igmp query-interval (4-230)ip igmp last-memb-query-intervalThis command configu

Multicast Filtering Commands4-2334Command Mode Interface Configuration (VLAN)Command Usage• All routers on the subnet must support the same version. H

Command Line Interface4-2344clear ip igmp groupThis command deletes entries from the IGMP cache.Syntax clear ip igmp group [group-address | interface

Multicast Filtering Commands4-2354• If there are Version 1 hosts present for a particular group, the switch will ignore any Leave Group messages that

Navigating the Web Browser Interface3-73Static Membership Configures membership type for interfaces, including tagged, untagged or forbidden3-131Port

Command Line Interface4-2364IP Interface CommandsThere are no IP addresses assigned to this router by default. You must manually configure a new addre

IP Interface Commands4-2374Default Setting IP address: 0.0.0.0Netmask: 255.0.0.0Command Mode Interface Configuration (VLAN)Command Usage • If this rou

Command Line Interface4-2384ExampleIn the following example, the device is assigned an address in VLAN 1.Related Commandsip dhcp restart client (4-127

IP Interface Commands4-2394show ip interfaceThis command displays the settings of an IP interface.Default Setting All interfacesCommand Mode Privilege

Command Line Interface4-2404Default Setting This command has no default for the host.Command Mode Normal Exec, Privileged ExecCommand Usage • Use the

IP Interface Commands4-2414Address Resolution Protocol (ARP) arpThis command adds a static entry in the Address Resolution Protocol (ARP) cache. Use t

Command Line Interface4-2424arp-timeoutThis command sets the aging time for dynamic entries in the Address Resolution Protocol (ARP) cache. Use the no

IP Interface Commands4-2434Command Usage This command displays information about the ARP cache. The first line shows the cache timeout. It also shows

Command Line Interface4-2444IP Routing CommandsAfter you configure network interfaces for this router, you must set the paths used to send traffic bet

IP Routing Commands4-2454Command Usage • The command affects both static and dynamic unicast routing.• If IP routing is enabled, all IP packets are ro

Configuring the Switch3-83IP Multicast Registration Table Displays all multicast groups active on this switch, including multicast IP addresses and VL

Command Line Interface4-2464clear ip routeThis command removes dynamically learned entries from the IP routing table.Syntax clear ip route {network [n

IP Routing Commands4-2474Example show ip host-routeThis command displays the interface associated with known routes.Command Mode Privileged ExecExamp

Command Line Interface4-2484show ip trafficThis command displays statistics for IP, ICMP, UDP, TCP and ARP protocols.Command Mode Privileged ExecComma

IP Routing Commands4-2494router ripThis command enables Routing Information Protocol (RIP) routing for all IP interfaces on the router. Use the no for

Command Line Interface4-2504Default Setting Update: 30 secondsTimeout: 180 secondsGarbage collection: 120 secondsCommand Usage •The update timer sets

IP Routing Commands4-2514Command Usage • RIP only sends updates to interfaces specified by this command.• Subnet addresses are interpreted as class A,

Command Line Interface4-2524versionThis command specifies a RIP version used globally by the router. Use the no form to restore the default value.Synt

IP Routing Commands4-2534ip rip receive versionThis command specifies a RIP version to receive on an interface. Use the no form to restore the default

Command Line Interface4-2544ip rip send versionThis command specifies a RIP version to send on an interface. Use the no form to restore the default va

IP Routing Commands4-2554ip split-horizonThis command enables split-horizon or poison-reverse (a variation) on an interface. Use the no form to disabl

Navigating the Web Browser Interface3-93UDP Shows statistics for UDP, including the amount of traffic and errors3-209TCP Shows statistics for TCP, in

Command Line Interface4-2564• For authentication to function properly, both the sending and receiving interface must be configured with the same passw

IP Routing Commands4-2574show rip globalsThis command displays global configuration settings for RIP.Command Mode Privileged ExecExample show ip ripTh

Command Line Interface4-2584Example Console#show ip rip configuration Interface SendMode ReceiveMode Poison Authentication----

IP Routing Commands4-2594Open Shortest Path First (OSPF) Table 4-85 Open Shortest Path First CommandsCommand Function Mode PageGeneral Configuration

Command Line Interface4-2604router ospfThis command enables Open Shortest Path First (OSPF) routing for all IP interfaces on the router. Use the no fo

IP Routing Commands4-2614Command Usage • The router ID must be unique for every router in the autonomous system. Using the default setting based on th

Command Line Interface4-2624default-information originateThis command generates a default external route into an autonomous system. Use the no form to

IP Routing Commands4-2634Related Commandsip route (4-245)redistribute (4-266)timers spfThis command configures the hold time between making two consec

Command Line Interface4-2644area rangeThis command summarizes the routes advertised by an Area Border Router (ABR). Use the no form to disable this fu

IP Routing Commands4-2654Default Setting 1Command Usage • If you enter this command for a normal area, it will changed to a stub.• If the default cost

Configuring the Switch3-103Interface Configuration Shows area ID and designated router; also configures OSPF protocol settings and authentication for

Command Line Interface4-2664redistributeThis command imports external routing information from other routing domains (i.e., protocols) into the autono

IP Routing Commands4-2674network areaThis command defines an OSPF area and the interfaces that operate within this area. Use the no form to disable OS

Command Line Interface4-2684area stubThis command defines a stub area. To remove a stub, use the no form without the optional keyword. To remove the s

IP Routing Commands4-2694area nssaThis command defines a not-so-stubby area (NSSA). To remove an NSSA, use the no form without any optional keywords.

Command Line Interface4-2704ExampleThis example creates a stub area 10.3.0.0, and assigns all interfaces with class B addresses 10.3.x.x to the NSSA.

IP Routing Commands4-2714propagation delays. LSAs have their age incremented by this amount before transmission. This value must be the same for all r

Command Line Interface4-2724ExampleThis example creates a virtual link using the defaults for all optional parameters.This example creates a virtual l

IP Routing Commands4-2734Related Commandsip ospf authentication-key (4-273)ip ospf message-digest-key (4-274)ip ospf authentication-keyThis command as

Command Line Interface4-2744ip ospf message-digest-keyThis command enables message-digest (MD5) authentication on the specified interface and to assig

IP Routing Commands4-2754ip ospf costThis command explicitly sets the cost of sending a packet on an interface. Use the no form to restore the default

Basic Configuration3-113Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location and

Command Line Interface4-2764Related Commandsip ospf hello-interval (4-276)ip ospf hello-intervalThis command specifies the interval between sending he

IP Routing Commands4-2774Command Usage • Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to any value other tha

Command Line Interface4-2784ip ospf transmit-delayThis command sets the estimated time to send a link-state update packet over an interface. Use the n

IP Routing Commands4-2794show ip ospf border-routersThis command shows entries in the routing table that lead to an Area Border Router (ABR) or Autono

Command Line Interface4-2804show ip ospf databaseThis command shows information about different OSPF Link State Advertisements (LSAs) stored in this r

IP Routing Commands4-2814Command Mode Privileged ExecExamplesThe following shows output for the show ip ospf database command.Console#show ip ospf dat

Command Line Interface4-2824The following shows output when using the asbr-summary keyword.Console#show ip ospf database asbr-summaryOSPF Router with

IP Routing Commands4-2834The following shows output when using the database-summary keyword.Console#show ip ospf database database-summaryArea ID (10.

Command Line Interface4-2844The following shows output when using the external keyword.Console#show ip ospf database externalOSPF Router with id(192.1

IP Routing Commands4-2854The following shows output when using the network keyword.Console#show ip ospf database networkOSPF Router with id(10.1.1.253

ContentsviConsole Port Settings 3-24Telnet Settings 3-26Configuring Event Logging 3-28System Log Configuration 3-28Remote Log Configuration 3-30D

Configuring the Switch3-123CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch In

Command Line Interface4-2864The following shows output when using the router keyword.Console#show ip ospf database routerOSPF Router with id(10.1.1.25

IP Routing Commands4-2874The following shows output when using the summary keyword.Number of TOS metrics Type of Service metric – This router only sup

Command Line Interface4-2884show ip ospf interfaceThis command displays summary information for OSPF interfaces.Syntax show ip ospf interface [vlan vl

IP Routing Commands4-2894show ip ospf neighborThis command displays information about neighboring routers on each interface within an OSPF area.Syntax

Command Line Interface4-2904show ip ospf summary-addressThis command displays all summary address information.Syntax show ip ospf summary-addressComma

Multicast Routing Commands4-2914Multicast Routing CommandsThis router uses IGMP snooping and query to determine the ports connected to downstream mult

Command Line Interface4-2924Default Setting No static multicast router ports are configured. Command Mode Global ConfigurationCommand Usage Depending

Multicast Routing Commands4-2934General Multicast Routing Commands ip multicast-routingThis command enables IP multicast routing. Use the no form to d

Command Line Interface4-2944Command Mode Privileged ExecCommand Usage This command displays information for multicast routing. If no optional paramete

Multicast Routing Commands4-2954This example lists all entries in the multicast table in summary form:DVMRP Multicast Routing Commands router dvmrpThi

Basic Configuration3-133These additional parameters are displayed for the CLI.• Unit ID – Unit number in stack.• Redundant Power Status – Displays the

Command Line Interface4-2964Command Mode Global ConfigurationCommand Usage This command enables DVMRP globally for the router and enters router config

Multicast Routing Commands4-2974Command Usage Probe messages are sent to neighboring DVMRP routers from which this device has received probes, and is

Command Line Interface4-2984Command Mode Router ConfigurationExampleflash-update-intervalThis command specifies how often to send trigger updates, whi

Multicast Routing Commands4-2994Exampledefault-gatewayThis command specifies the default DVMRP gateway for IP multicast traffic. Use the no form to re

Command Line Interface4-3004Default Setting DisabledCommand Mode Interface Configuration (VLAN)Command Usage To fully enable DVMRP, you need to enable

Multicast Routing Commands4-3014Exampleclear ip dvmrp routeThis command clears all dynamic routes learned by DVMRP.Command Mode Privileged ExecExample

Command Line Interface4-3024ExampleThe default settings are shown in the following example:show ip dvmrp routeThis command displays all entries in the

Multicast Routing Commands4-3034show ip dvmrp neighborThis command displays all of the DVMRP neighbor routers.Command Mode Normal Exec, Privileged Exe

Command Line Interface4-3044PIM-DM Multicast Routing Commands router pimThis command enables Protocol-Independent Multicast - Dense Mode (PIM-DM) glob

Multicast Routing Commands4-3054Exampleip pim dense-modeThis command enables PIM-DM on the specified interface. Use the no form to disable PIM-DM on t

Configuring the Switch3-143Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filte

Command Line Interface4-3064ip pim hello-intervalThis command configures the frequency at which PIM hello messages are transmitted. Use the no form to

Multicast Routing Commands4-3074Exampleip pim trigger-hello-intervalThis command configures the maximum time before transmitting a triggered PIM Hello

Command Line Interface4-3084Default Setting 210 secondsCommand Mode Interface Configuration (VLAN)Command Usage The multicast interface that first rec

Multicast Routing Commands4-3094ip pim max-graft-retriesThis command configures the maximum number of times to resend a Graft message if it has not be

Command Line Interface4-3104Exampleshow ip pim neighborThis command displays information about PIM neighbors.Syntax show ip pim neighbor [ip-address]i

Router Redundancy Commands4-3114Router Redundancy CommandsRouter redundancy protocols use a virtual IP address to support a primary router and multipl

Command Line Interface4-3124vrrp ipThis command enables the Virtual Router Redundancy Protocol (VRRP) on an interface and specify the IP address of th

Router Redundancy Commands4-3134vrrp authenticationThis command specifies the key used to authenticate VRRP packets received from other routers. Use t

Command Line Interface4-3144Command Usage • A router that has a physical interface with the same IP address as that used for the virtual router will b

Router Redundancy Commands4-3154• VRRP advertisements are sent to the multicast address 224.0.0.8. Using a multicast address reduces the amount of tra

Basic Configuration3-153CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an initial IP inter

Command Line Interface4-3164Related Commandsvrrp priority (4-313)show vrrpThis command displays status information for VRRP.Syntax show vrrp [brief |

Router Redundancy Commands4-3174This example displays the brief listing of status information for all groups. Table 4-109 show vrrp - display descri

Command Line Interface4-3184show vrrp interfaceThis command displays status information for the specified VRRP interface.Syntax show vrrp interface vl

Router Redundancy Commands4-3194show vrrp interface counters This command displays counters for VRRP protocol events and errors that have occurred for

Command Line Interface4-3204Defaults NoneCommand Mode Privileged ExecExampleHot Standby Router Protocol CommandsTo configure HSRP, add the interface f

Router Redundancy Commands4-3214standby ipThis command enables the Hot Standby Router Protocol (HSRP) on an interface and specify the IP address of th

Command Line Interface4-3224ExampleThis example creates HSRP group 1 for VLAN 1, and also adds a secondary interface as a member of the group.standby

Router Redundancy Commands4-3234Related Commandsstandby authentication (4-324)standby track (4-326)standby preemptThis command configures the router t

Command Line Interface4-3244standby authenticationThis command specifies the key used to authenticate HSRP packets received from other routers. Use th

Router Redundancy Commands4-3254standby timersThis command sets the time between the master and standby router sending hello packets, and the time bef

Configuring the Switch3-163Command Attributes•VLAN – ID of the configured VLAN (1-4094, no leading zeroes). By default, all ports on the switch are me

Command Line Interface4-3264standby trackThis command configures an interface so that the HSRP priority changes based on the availability of other IP

Router Redundancy Commands4-3274show standbyThis command displays status information for HSRP.Syntax show standby [active | init | listen | standby] [

Command Line Interface4-3284This example displays the brief listing of status information for all groups. priority Priority of this router.may preempt

Router Redundancy Commands4-3294show standby interfaceThis command displays HSRP status information for the specified interface.Syntax show standby in

Command Line Interface4-3304

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port SecurityAccess Control Lis

Software SpecificationsA-2AMulticast Filtering IGMP Snooping (Layer 2)IGMP (Layer 3)Multicast Routing DVMRP, PIM-DMIP Routing ARP, Proxy ARPStatic rou

Management Information BasesA-3AIEEE 802.3x Full-duplex flow control (ISO/IEC 8802-3)IEEE 802.3z Gigabit Ethernet, IEEE 802.3ab 1000BASE-TIEEE 802.3ac

Software SpecificationsA-4APIM MIB (RFC 2934)Port Access Entity MIB (IEEE 802.1x)Port Access Entity Equipment MIBPrivate MIBRADIUS Authentication Clie

B-1Appendix B: TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

Basic Configuration3-173Click IP, Global Setting. If this switch and management stations exist on other network segments, then specify the default gat

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2of automatic allocation of reusable network addresses and additional configuration options.Extensible Authentication Protocol over L

Glossary-3GlossaryIEEE 802.1pAn IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define u

GlossaryGlossary-4IP Multicast FilteringA process whereby this switch can pass multicast traffic along to participating hosts.IP PrecedenceThe Type of

Glossary-5GlossaryNetwork Time Protocol (NTP)NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarc

GlossaryGlossary-6Remote Monitoring (RMON)RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard

Glossary-7GlossaryTerminal Access Controller Access Control System Plus (TACACS+)TACACS+ is a logon authentication protocol that uses software running

GlossaryGlossary-8

Index-1Numerics802.1x, port authentication 3-57, 4-79Aacceptable frame type 3-132, 4-192Access Control List See ACLACLExtended IP 3-67, 4-87, 4-88, 4

Configuring the Switch3-183Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

Index-2IndexFfirmwaredisplaying version 3-12, 4-62upgrading 3-20, 4-64GGARP VLAN Registration Protocol See GVRPgateway, default 3-16, 3-196, 4-238GV

Index-3Indexmirror port, configuring 3-95, 4-160MSTP 4-171global settings 3-117, 4-169interface settings 3-115, 4-170multicast filtering 3-152, 4-220m

Index-4Indexspecifying interfaces 3-216, 4-250statistics 3-220, 4-258router redundancyHSRP 3-186, 4-320protocols 3-178, 4-311VRRP 3-179, 4-311routing

Index-5Indexegress mode 3-133, 4-192interface configuration 3-132, 4-192–4-196private 3-134, 4-198protocol 3-135, 4-199VRRP 3-179, 4-311authentication

Index-6Index

ES4612E092004-R01150000046400A

Basic Configuration3-193Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web inte

Configuring the Switch3-203Downloading System Software from a ServerWhen downloading runtime code, you can specify the destination file name to replac

Basic Configuration3-213To delete a file select System, File, Delete. Select the file name from the given list by checking the tick box and click Appl

ContentsviiPort Configuration 3-78Displaying Connection Status 3-78Configuring Interface Connections 3-81Creating Trunk Groups 3-83Statically Conf

Configuring the Switch3-223Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server. The configu

Basic Configuration3-233Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set it

Configuring the Switch3-243CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the swit

Basic Configuration3-253• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match th

Configuring the Switch3-263CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the cur

Basic Configuration3-273• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon

Configuring the Switch3-283CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display

Basic Configuration3-293• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For exa

Configuring the Switch3-303Remote Log ConfigurationThe Remote Logs page allows you to configure the logging of messages that are sent to syslog server

Basic Configuration3-313Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Addres

ContentsviiiSelecting the Queue Mode 3-142Setting the Service Weight for Traffic Classes 3-142Layer 3/4 Priority Settings 3-144Mapping Layer 3/4 Pr

Configuring the Switch3-323Displaying Log MessagesUse the Logs page to scroll through the logged system and event messages. The switch can store up to

Basic Configuration3-333Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic upda

Configuring the Switch3-343CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings.Setti

Simple Network Management Protocol3-353Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol design

Configuring the Switch3-363Note: The predefined default groups and view can be deleted from the system. You can then define customized groups and view

Simple Network Management Protocol3-373• Access Mode – Specifies the access rights for the community string:- Read-Only – Authorized management statio

Configuring the Switch3-383• Enable Authentication Traps – Issues a trap message to specified IP trap managers whenever authentication of an SNMP requ

Simple Network Management Protocol3-393A local engine ID is automatically generated that is unique to the switch. This is referred to as the default e

Configuring the Switch3-403• Privacy – The encryption algorithm use for data privacy; only 56-bit DES is currently available• Actions – Enables the us

Simple Network Management Protocol3-413CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3

ContentsixConfiguring IP Routing Interfaces 3-197Address Resolution Protocol 3-199Proxy ARP 3-199Basic ARP Configuration 3-200Configuring Static

Configuring the Switch3-423Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a securi

Simple Network Management Protocol3-433Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The pr

Configuring the Switch3-443CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and

User Authentication3-453Command Attributes• Account List – Shows the list of users that are allowed management access. (Defaults: admin, and guest)• N

Configuring the Switch3-463Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on s

User Authentication3-473• RADIUS Settings- Server IP Address – Address of authentication server. (Default: 10.1.0.1)- Server Port Number – Network (UD

Configuring the Switch3-483CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to e

User Authentication3-493• The following web browsers and operating systems currently support HTTPS:• To specify a secure-site certificate, see “Replac

Configuring the Switch3-503When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-li

User Authentication3-513Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An en