Part No. 060191-10, Rev. BApril 2004OmniStack® 6300-24 Users Guide
Contentsxip ssh timeout 4-35ip ssh authentication-retries 4-36ip ssh server-key size 4-36delete public-key 4-37ip ssh crypto host-key generate 4-
Configuring the Switch3-603Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the stati
Access Control Lists3-613Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 pr
Configuring the Switch3-623Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Na
Access Control Lists3-633• SubMask – A subnet mask containing four integers from 0 to 255, each separated by a period. The mask uses 1 bits to indicat
Configuring the Switch3-643• Service Type – Packet priority settings based on the following criteria:- Precedence – IP precedence level. (Range: 0-7)-
Access Control Lists3-653Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An
Configuring the Switch3-663Configuring a MAC ACLCommand Attributes• Action – An ACL can contain all permit rules or all deny rules. (Default: Permit r
Access Control Lists3-673Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An
Configuring the Switch3-683Configuring ACL MasksYou must specify masks that control the order in which ACL rules are checked. The switch includes two
Access Control Lists3-693Configuring an IP ACL MaskThis mask defines the fields to check in the IP header. Command Usage• Masks that include an entry
Contentsxiwhichboot 4-66boot system 4-66Authentication Commands 4-67Authentication Sequence 4-67authentication login 4-68authentication enable 4-
Configuring the Switch3-703Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source
Access Control Lists3-713Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mask
Configuring the Switch3-723CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rul
Filtering IP Addresses for Management Access3-733Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an AC
Configuring the Switch3-743• When entering addresses for the same group (i.e., SNMP, web or Telnet), the switch will not accept overlapping address ra
Port Configuration3-753Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the curren
Configuring the Switch3-763Field Attributes (CLI)Basic information:• Port type – Indicates the port type. (1000BASE-T, 1000BASE-SX, 1000BASE-LX or 100
Port Configuration3-773CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configuration o
Configuring the Switch3-783(The current switch chip only supports symmetric pause frames.)- FC - Supports flow control Flow control can eliminate fram
Port Configuration3-793CLI – Select the interface, and then enter the required settings.Creating Trunk GroupsYou can create multiple links between dev
Contentsxiimatch access-list ip 4-96show marking 4-97MAC ACLs 4-98access-list mac 4-98permit, deny (MAC ACL) 4-99show mac access-list 4-100ac
Configuring the Switch3-803• The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, d
Port Configuration3-813CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to
Configuring the Switch3-823Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After y
Port Configuration3-833Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following
Configuring the Switch3-843Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can
Port Configuration3-853CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; ports 5
Configuring the Switch3-863Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 3-4
Port Configuration3-873Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-48.
Configuring the Switch3-883CLI – The following example displays the LACP configuration settings and operational state for the local side of port chann
Port Configuration3-893Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 3-50.
Contentsxiiishow dns 4-127show dns cache 4-128clear dns cache 4-128Interface Commands 4-129interface 4-130description 4-131speed-duplex 4-131negot
Configuring the Switch3-903Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if applica
Port Configuration3-913CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then
Configuring the Switch3-923Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add.Fi
Port Configuration3-933Web - Click Rate Limit, Input/Output Port/Trunk Configuration. Set the Input Rate Limit Status or Output Rate Limit Status, the
Configuring the Switch3-943Statistical Values Table 3-54. Displaying Port StatisticsParameter DescriptionInterface StatisticsReceived Octets The tota
Port Configuration3-953Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions. This
Configuring the Switch3-963Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t
Port Configuration3-973Figure 3-55. Displaying Port Statistics
Configuring the Switch3-983CLI – This example shows statistics for port 13.Alcatel Mapping Adjacency Protocol (AMAP)The AMAP protocol enables a switch
Alcatel Mapping Adjacency Protocol (AMAP)3-993• Common – The port has detected an adjacent switch and periodically sends “Hello” packets to determine
Contentsxivspanning-tree forward-time 4-163spanning-tree hello-time 4-164spanning-tree max-age 4-164spanning-tree priority 4-165spanning-tree path
Configuring the Switch3-1003Web – Click Alcatel, AMAP, Information.Figure 3-57. AMAP InformationCLI – There is no equvilent CLI command to display de
Address Table Settings3-1013Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres
Configuring the Switch3-1023Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec
Spanning Tree Algorithm Configuration3-1033Web – Click Address Table, Address Aging. Specify the new aging time, click Apply.Figure 3-60. Address Agi
Configuring the Switch3-1043Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) trans
Spanning Tree Algorithm Configuration3-1053• Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., dis
Configuring the Switch3-1063• Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall
Spanning Tree Algorithm Configuration3-1073Configuring Global SettingsGlobal settings apply to the entire switch.Command Usage• Spanning Tree Protocol
Configuring the Switch3-1083• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the hig
Spanning Tree Algorithm Configuration3-1093Configuration Settings for RSTP The following attributes apply to both RSTP and MSTP:• Path Cost Method – T
ContentsxvGVRP and Bridge Extension Commands 4-192bridge-ext gvrp 4-193show bridge-ext 4-193switchport gvrp 4-194show gvrp configuration 4-194gar
Configuring the Switch3-1103Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-63. STA Configura
Spanning Tree Algorithm Configuration3-1113CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MS
Configuring the Switch3-1123• Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is
Spanning Tree Algorithm Configuration3-1133• Internal path cost – The path cost for the MST. See the proceeding item.• Priority – Defines the priority
Configuring the Switch3-1143CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP and MSTP attr
Spanning Tree Algorithm Configuration3-1153• Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for al
Configuring the Switch3-1163Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Appl
Spanning Tree Algorithm Configuration3-1173To ensure that the MSTI maintains connectivity across the network, you must configure a related set of brid
Configuring the Switch3-1183CLI – This displays STA settings for instance 1, followed by settings for each port. CLI – This example sets the priority
Spanning Tree Algorithm Configuration3-1193Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display th
ContentsxviIGMP Query Commands (Layer 2) 4-222ip igmp snooping querier 4-222ip igmp snooping query-count 4-222ip igmp snooping query-interval 4-2
Configuring the Switch3-1203CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are globa
Spanning Tree Algorithm Configuration3-1213Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usi
Configuring the Switch3-1223Web – Click Spanning Tree, MSTP, Port Configuration or Trunk Configuration. Enter the priority and path cost for an interf
VLAN Configuration3-1233VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a
Configuring the Switch3-1243Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN
VLAN Configuration3-1253Note: If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports co
Configuring the Switch3-1263Web – Click VLAN, 802.1Q VLAN, GVRP Status. Enable or disable GVRP, and click Apply.Figure 3-72. GVRP StatusCLI – This ex
VLAN Configuration3-1273CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN a
Configuring the Switch3-1283Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list.Figure 3-74. VLAN Current TableComm
VLAN Configuration3-1293Creating VLANsUse the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on thi
xviiTablesTable 1-1. Key Features 1-1Table 1-2. System Defaults 1-5Table 3-4. Main Menu 3-3Table 3-2. Configuration Options 3-3Table 3-1. SNMPv3 S
Configuring the Switch3-1303CLI – This example creates a new VLAN.Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure po
VLAN Configuration3-1313• Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: - T
Configuring the Switch3-1323Adding Static Members to VLANs (Port Index)Use the VLAN Static Membership by Port menu to assign VLAN groups to the select
VLAN Configuration3-1333Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN id
Configuring the Switch3-1343• GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice th
VLAN Configuration3-1353CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP
Configuring the Switch3-1363Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports
VLAN Configuration3-1373Configuring Protocol GroupsCreate a protocol group for one or more protocols.Command Attributes• Protocol Group ID – Group ide
Configuring the Switch3-1383• When a frame enters a port that has been assigned to a protocol VLAN, it is processed in the following manner:- If the f
Class of Service Configuration3-1393Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precede
xviiiTablesTable 4-27. Authentication Sequence 4-67Table 4-28. RADIUS Commands 4-70Table 4-29. TACACS+ Commands 4-73Table 4-30. Port Security Comma
Configuring the Switch3-1403Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then
Class of Service Configuration3-1413Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using e
Configuring the Switch3-1423Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to
Class of Service Configuration3-1433Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traf
Configuring the Switch3-1443Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), enter a weig
Class of Service Configuration3-1453Mapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of prioritizing layer 3/4 tr
Configuring the Switch3-1463Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight diff
Class of Service Configuration3-1473CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to Co
Configuring the Switch3-1483Note: IP DSCP settings apply to all interfaces.Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP tabl
Class of Service Configuration3-1493Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port numb
xixTable 4-67. Quality of Service Commands 4-210Table 4-68. Multicast Filtering Commands 4-218Table 4-69. IGMP Snooping Commands 4-218Table 4-70. I
Configuring the Switch3-1503CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS va
Class of Service Configuration3-1513Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then
Configuring the Switch3-1523Command Attributes• Port – Port identifier.•Name1 – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Prece
Quality of Service3-1533Quality of ServiceThe commands described in this section are used to configure Quality of Service (QoS) classification criteri
Configuring the Switch3-1543Use the Policy Map page to specify a policy map. Then use the Class Map page to configure a policy map. And finally, use t
Quality of Service3-1553Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing class.
Configuring the Switch3-1563Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Create a policy map, s
Quality of Service3-1573Policy Table- Policy Name — Name of policy map.- Class Name — Name of class map.- Action — Classification of IP traffic by CoS
Configuring the Switch3-1583Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Polic
Quality of Service3-1593CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps,
An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical support. You’ll also receive regular software updates to m
xxTables
Configuring the Switch3-1603Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A
Multicast Filtering3-1613Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Based
Configuring the Switch3-1623Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default se
Multicast Filtering3-1633Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to displa
Configuring the Switch3-1643Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast rout
Multicast Filtering3-1653Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from
Configuring the Switch3-1663Command Attribute• Interface – Activates the Port or Trunk scroll down list.• VLAN ID – Selects the VLAN to propagate all
Configuring Domain Name Service3-1673Configuring General DNS Server Parameters Command Usage• To enable DNS service on this switch, first configure on
Configuring the Switch3-1683Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name ser
Configuring Domain Name Service3-1693Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are
xxiFiguresFigure 3-1. Home Page 3-2Figure 3-3. Ports Panel 3-3Figure 3-5. System Information 3-9Figure 3-6. Switch Information 3-10Figure 3-7. Bri
Configuring the Switch3-1703Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.Figure 3-
Configuring Domain Name Service3-1713Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name s
Configuring the Switch3-1723CLI - This example displays all the resource records learned from the designated name servers.Console#show dns cache 4-128
4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C
Command Line Interface4-24To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway
Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and
Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren
Entering Commands4-54Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pr
Command Line Interface4-64Exec CommandsWhen you open a new console session on the switch with the user name and password “guest,” the system enters th
Entering Commands4-74To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Co
FiguresxxiiFigure 3-36. ACL Mask Configuration 3-68Figure 3-37. ACL IP Mask Configuration 3-70Figure 3-38. ACL MAC Mask Configuration 3-71Figure 3-
Command Line Interface4-84Ctrl-F Shifts cursor to the right one character.Ctrl-K Deletes all characters from the cursor to the end of the line.Ctrl-L
Command Groups4-94Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4. Command GroupsCommand Group
Command Line Interface4-104The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configur
Line Commands4-114Default Setting There is no default line.Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal con
Command Line Interface4-124Command Usage • There are three authentication modes provided by the switch itself at login:- login selects authentication
Line Commands4-134Command Usage • When a connection is started on a line with password protection, the system prompts for the password. If you enter t
Command Line Interface4-144Example To set the timeout to two minutes, enter this command:exec-timeoutThis command sets the interval that the system wa
Line Commands4-154Command Mode Line Configuration Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for
Command Line Interface4-164databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use
Line Commands4-174Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting.E
FiguresxxiiiFigure 3-84. Port Priority Configuration 3-140Figure 3-87. Traffic Classes 3-142Figure 3-88. Selecting the Queue Mode 3-143Figure 3-89.
Command Line Interface4-184Default Setting 1 stop bitCommand Mode Line Configuration Example To specify 2 stop bits, enter this command:disconnectUse
General Commands4-194Command Mode Normal Exec, Privileged ExecExample To show all lines, enter this command:General CommandsenableThis command activat
Command Line Interface4-204Default SettingLevel 15Command ModeNormal ExecCommand Usage • “super” is the default password required to change the comman
General Commands4-214prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Con
Command Line Interface4-224modes. In this example, the !2 command repeats the second command in the Execution history buffer (config).reloadThis comma
System Management Commands4-234Default Setting NoneCommand Mode AnyExample This example shows how to return to the Privileged Exec mode from the Globa
Command Line Interface4-244Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Synt
System Management Commands4-254hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default host n
Command Line Interface4-264•{0 | 7} - 0 means plain password, 7 means encrypted password. • password password - The authentication password for the us
System Management Commands4-274Command Mode Global ConfigurationCommand Usage • You cannot set a null password. You will have to enter a password to c
Figuresxxiv
Command Line Interface4-284Command Mode Global ConfigurationCommand Usage • If anyone tries to access a management interface on the switch from an inv
System Management Commands4-294ExampleWeb Server Commandsip http portThis command specifies the TCP port number used by the Web browser interface. Use
Command Line Interface4-304ExampleRelated Commandsip http server (4-30)ip http serverThis command allows this device to be monitored or configured fro
System Management Commands4-314• When you start HTTPS, the connection is established in this way:- The client authenticates the server using the serve
Command Line Interface4-324Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port. • If you change the HTTPS port number
System Management Commands4-334The SSH server on this switch supports both password and public key authentication. If password authentication is speci
Command Line Interface4-3440060902539484084827178194372288402533115952134861022902978982721353267131629432532818915045306393916643 [email protected]
System Management Commands4-354Example Related Commandsip ssh crypto host-key generate (4-37)show ssh (4-39)ip ssh timeoutUse this command to configur
Command Line Interface4-364ip ssh authentication-retriesUse this command to configure the number of times the SSH server attempts to reauthenticate a
System Management Commands4-374delete public-keyUse this command to delete the specified user’s public key.Syntax delete public-key username [dsa | rs
1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf
Command Line Interface4-384Related Commandsip ssh crypto zeroize (4-38)ip ssh save host-key (4-38)ip ssh crypto zeroizeUse this command to clear the h
System Management Commands4-394Example Related Commandsip ssh crypto host-key generate (4-37)show ip sshUse this command to display the connection set
Command Line Interface4-404show public-keyUse this command to show the public key for the specified user or for the host.Syntax show public-key [user
System Management Commands4-414Example Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messag
Command Line Interface4-424Command Usage The logging process controls error messages saved to switch memory. You can use the logging history command t
System Management Commands4-434Command Mode Global ConfigurationCommand Usage The message level specified for flash memory must be a higher priority (
Command Line Interface4-444Command Mode Global ConfigurationCommand Usage The command specifies the facility type tag sent in syslog messages. (See RF
System Management Commands4-454Command Mode Privileged ExecExample Related Commandsshow logging (4-45)show loggingThis command displays the logging co
Command Line Interface4-464The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-49)SMTP Alert Comma
System Management Commands4-474logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an
Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t
Command Line Interface4-484Command Mode Global ConfigurationCommand Usage The specified level indicates an event threshold. All events at this level o
System Management Commands4-494Command Mode Global ConfigurationCommand Usage You can specify up to five recipients for alert messages. However, you m
Command Line Interface4-504Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP).sntp clientTh
System Management Commands4-514Example Related Commandssntp server (4-51)sntp poll (4-52)show sntp (4-52)sntp serverThis command sets the IP address o
Command Line Interface4-524sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the n
System Management Commands4-534clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours min
Command Line Interface4-544Default Setting NoneCommand Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, Februar
System Management Commands4-554Command Usage • Use this command in conjunction with the show running-config command to compare the information in runn
Command Line Interface4-564Example Related Commandsshow running-config (4-57)Console#show startup-configbuilding startup-config, please wait...!snt
System Management Commands4-574show running-configThis command displays the configuration information currently in use.Default Setting NoneCommand Mod
Description of Software Features1-31Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate l
Command Line Interface4-584Example Related Commandsshow startup-config (4-54)Console#show running-configbuilding running-config, please wait...!sntp
System Management Commands4-594show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecComman
Command Line Interface4-604show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.Def
System Management Commands4-614Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Synt
Command Line Interface4-624Example Flash/File CommandsThese commands are used to manage the system code or configuration files.copy This command mo
Flash/File Commands4-634Default Setting NoneCommand Mode Privileged ExecCommand Usage • The system prompts for data required to complete the copy comm
Command Line Interface4-644The following example shows how to download a configuration file: This example shows how to copy a secure-site certificate
Flash/File Commands4-654Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cfg”
Command Line Interface4-664Example The following example shows how to display all file information:whichbootThis command displays which files were boo
Authentication Commands4-674Default Setting NoneCommand Mode Global ConfigurationCommand Usage • A colon (:) is required after the specified file type
Introduction1-41older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the
Command Line Interface4-684authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the def
Authentication Commands4-694authentication enableThis command defines the authentication method and precedence to use when changing from Exec command
Command Line Interface4-704RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software runn
Authentication Commands4-714Command Mode Global ConfigurationExample radius-server keyThis command sets the RADIUS encryption key. Use the no form to
Command Line Interface4-724radius-server timeoutThis command sets the interval between transmitting authentication requests to the RADIUS server. Use
Authentication Commands4-734TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses soft
Command Line Interface4-744Command Mode Global ConfigurationExample tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to
Authentication Commands4-754Port Security CommandsThese commands can be used to disable the learning function or manually specify secure addresses for
Command Line Interface4-764• To use port security, first allow the switch to dynamically learn the <source MAC address, VLAN> pair for frames re
Authentication Commands4-774authentication dot1x defaultThis command sets the default authentication server type. Use the no form to restore the defau
System Defaults1-51Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal n
Command Line Interface4-784dot1x max-reqThis command sets the maximum number of times the switch port will retransmit an EAP request/identity packet t
Authentication Commands4-794dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use th
Command Line Interface4-804dot1x re-authenticationThis command enables periodic re-authentication globally for all ports. Use the no form to disable r
Authentication Commands4-814Command ModeGlobal ConfigurationExampledot1x timeout tx-periodThis command sets the time that the switch waits during an a
Command Line Interface4-824Command UsageThis command displays the following information:• Global 802.1X Parameters – Displays the global port access c
Access Control List Commands4-834ExampleAccess Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on addres
Command Line Interface4-844• MAC ACL mode (MAC-ACL) filters packets based on the source or destination MAC address and the Ethernet frame type (RFC 10
Access Control List Commands4-854IP ACLs access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP
Command Line Interface4-864Command Usage• An egress ACL must contain all deny rules.• When you create a new ACL or enter configuration mode for an exi
Access Control List Commands4-874Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address r
WarningThis equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules. These limit
Introduction1-61SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabledLink-up-down events: enabledIP F
Command Line Interface4-884Default SettingNoneCommand ModeExtended ACLCommand Usage• All new rules are appended to the end of the list.• Address bitma
Access Control List Commands4-894This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Related Comman
Command Line Interface4-904Command ModeGlobal ConfigurationCommand Usage• A mask can only be used by all ingress ACLs or all egress ACLs.• The precede
Access Control List Commands4-914Default SettingNoneCommand ModeIP MaskCommand Usage• Packets crossing a port are checked against all the rules in the
Command Line Interface4-924This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit acces
Access Control List Commands4-934This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other pac
Command Line Interface4-944Related Commandsmask (IP ACL) (4-90)ip access-group This command binds a port to an IP ACL. Use the no form to remove the p
Access Control List Commands4-954Related Commandsip access-group (4-94)map access-list ip This command sets the output queue for packets matching an A
Command Line Interface4-964show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value dete
Access Control List Commands4-974Command Usage• You must configure an ACL mask before you can change frame priorities based on an ACL rule.• Traffic p
System Defaults1-71Virtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledSwitchport Mode (Egress Mode) Hybrid: tagged/un
Command Line Interface4-984MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remo
Access Control List Commands4-994• To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule.•
Command Line Interface4-1004• any – Any MAC source or destination address. • host – A specific MAC address.• source – Source MAC address.• destination
Access Control List Commands4-1014Command ModePrivileged ExecExample Related Commandspermit, deny 4-99mac access-group (4-104)access-list mac mask-pre
Command Line Interface4-1024mask (MAC ACL)This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use th
Access Control List Commands4-1034ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of
Command Line Interface4-1044show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs.Syntaxshow access-li
Access Control List Commands4-1054Related Commandsshow mac access-list (4-100)show mac access-groupThis command shows the ports assigned to MAC ACLs.C
Command Line Interface4-1064Example Related Commandsqueue cos-map (4-200)show map access-list mac (4-106) show map access-list mac This command shows
Access Control List Commands4-1074Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command UsageYou must configure an ACL mask before
Introduction1-81
Command Line Interface4-1084Example show access-groupThis command shows the port assignments of ACLs.Command ModePrivileged ExecutiveExample SNMP Comm
SNMP Commands4-1094snmp-server communityThis command defines the community access string for the Simple Network Management Protocol. Use the no form t
Command Line Interface4-1104Example snmp-server contactThis command sets the system contact string. Use the no form to remove the system contact infor
SNMP Commands4-1114Example Related Commandssnmp-server contact (4-110)snmp-server host This command specifies the recipient of a Simple Network Manage
Command Line Interface4-1124Example Related Commandssnmp-server enable traps (4-112)snmp-server enable trapsThis command enables this device to send S
SNMP Commands4-1134show snmpThis command checks the status of SNMP communications.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand
Command Line Interface4-1144snmp-serverUse this command to enable the SNMP v3 engine. Use the no form to disable the engine.Default Setting EnabledCom
SNMP Commands4-1154show snmp engine-idUse this command to show the SNMP engine ID.Command Mode Privileged ExecExampleThis example shows the default en
Command Line Interface4-1164ExamplesThis view includes MIB-2.This view includes the MIB-2 interfaces table, ifDescr. The wildcard is used to select al
SNMP Commands4-1174snmp-server groupUse this command to add an SNMP group, mapping SNMP users to SNMP views. Use the no form to remove an SNMP group.S
2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off
Command Line Interface4-1184Example Console#show snmp groupgroupname: r&dsecurity model: v3readview: v2defaultviewwriteview: dailynotifyview: none
SNMP Commands4-1194snmp-server userUse this command to add a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View. Use
Command Line Interface4-1204Example DHCP CommandsThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client. You can confi
DHCP Commands4-1214Command Mode Interface Configuration (VLAN)Command Usage This command is used to include a client identifier in all communications
Command Line Interface4-1224DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries i
DNS Commands4-1234Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP ad
Command Line Interface4-1244Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-124)ip name-server (4-125)i
DNS Commands4-1254ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-name (4-123)ip n
Command Line Interface4-1264ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4
DNS Commands4-1274ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (4-123)ip name-server (4-125)sho
Initial Configuration2-22• Set broadcast storm control on any port• Display system information and statistics Required ConnectionsThe switch provides
Command Line Interface4-1284Exampleshow dns cacheThis command displays entries in the DNS cache.Command Mode Privileged ExecExample clear dns cacheThi
Interface Commands4-1294ExampleInterface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated l
Command Line Interface4-1304interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a tru
4-1314descriptionThis command adds a description to an interface. Use the no form to remove the description.Syntax description stringno descriptionstr
Command Line Interface4-1324Command Usage• To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation
4-1334Example The following example configures port 11 to use autonegotiation.Related Commands capabilities (4-133)speed-duplex (4-131)capabilitiesThi
Command Line Interface4-1344Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Command
4-1354ExampleThe following example enables flow control on port 5.Related Commands negotiation (4-132)capabilities (flowcontrol, symmetric) (4-133)com
Command Line Interface4-1364Default Setting All interfaces are enabled.Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage This
4-1374Example The following shows how to configure broadcast storm control at 600 packets per second: clear countersThis command clears statistics on
Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va
Command Line Interface4-1384show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface
4-1394show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface • ethernet unit/port- u
Command Line Interface4-1404show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Synt
Mirror Port Commands4-1414Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis comma
Command Line Interface4-1424Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then att
AMAP Configuration4-1434Example The following shows mirroring configured from port 6 to port 11:AMAP ConfigurationThe AMAP protocol discovers adjacent
Command Line Interface4-1444amap enableThis command enables AMAP on the switch. Use the amap disable command to disable the feature.Syntaxamap {enabl
AMAP Configuration4-1454Command Mode Global ConfigurationExampleamap common timerThis command sets the time (in seconds) that switch ports in the Comm
Command Line Interface4-1464Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic transmitted or receive
Link Aggregation Commands4-1474Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth
Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau
Command Line Interface4-1484Dynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following criteria:• Ports must
Link Aggregation Commands4-1494lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to
Command Line Interface4-1504ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end o
Link Aggregation Commands4-1514Command Usage • Port must be configured with the same system priority to join the same LAG.• System priority is combine
Command Line Interface4-1524• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configur
Link Aggregation Commands4-1534lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lac
Command Line Interface4-1544Default Setting Port Channel: allCommand Mode Privileged ExecExample Console#show lacp 1 countersChannel group : 1 -
Link Aggregation Commands4-1554Table 4-49. LACPDUsField DescriptionOper Key Current operational value of the key for the aggregation port.Admin Key
Command Line Interface4-1564Table 4-50. LACP Neighbours InformationField DescriptionPartner Admin System ID LAG partner’s system ID assigned by the u
Address Table Commands4-1574Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying
Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•
Command Line Interface4-1584Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this com
Address Table Commands4-1594Default Setting NoneCommand Mode Privileged ExecCommand Usage • The MAC Address Table contains the MAC addresses associate
Command Line Interface4-1604Example show mac-address-table aging-timeThis command shows the aging time for entries in the address table.Default Settin
Spanning Tree Commands4-1614spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta
Command Line Interface4-1624Example This example shows how to enable the Spanning Tree Algorithm for the switch:spanning-tree modeThis command selects
Spanning Tree Commands4-1634• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must configure a rela
Command Line Interface4-1644spanning-tree hello-timeThis command configures the spanning tree bridge hello time globally for this switch. Use the no f
Spanning Tree Commands4-1654Command Usage This command sets the maximum time (in seconds) a device can wait without receiving a configuration message
Command Line Interface4-1664spanning-tree pathcost methodThis command configures the path cost method used for Rapid Spanning Tree and Multiple Spanni
Spanning Tree Commands4-1674Example spanning-tree mst-configuration Use this command to change to Multiple Spanning Tree (MST) configuration mode. Def
Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente
Command Line Interface4-1684Command Usage • Use this command to group VLANs into spanning tree instances. MSTP generates a unique spanning tree for ea
Spanning Tree Commands4-1694• You can set this switch to act as the MSTI root device by specifying a priority of 0, or as the MSTI alternate device by
Command Line Interface4-1704Command Mode MST ConfigurationCommand Usage The MST region name (page 4-169) and revision number are used to designate a u
Spanning Tree Commands4-1714spanning-tree spanning-disabledThis command disables the spanning tree algorithm for the specified interface. Use the no f
Command Line Interface4-1724• Path cost takes precedence over port priority.• When the spanning-tree pathcost method (page 4-166) is set to short, the
Spanning Tree Commands4-1734Default Setting DisabledCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • You can enable this o
Command Line Interface4-1744• Since end-nodes cannot cause forwarding loops, they can be passed through the spanning tree state changes more quickly t
Spanning Tree Commands4-1754Example spanning-tree mst costThis command configures the path cost on a spanning instance in the Multiple Spanning Tree.
Command Line Interface4-1764spanning-tree mst port-priorityThis command configures the interface priority on a spanning instance in the Multiple Spann
Spanning Tree Commands4-1774Command Mode Privileged ExecCommand Usage If at any time the switch detects STP BPDUs, including Configuration or Topology
Basic Configuration2-72To configure a community string, complete the following steps:1. From the Privileged Exec level global configuration mode promp
Command Line Interface4-1784• For a description of the items displayed under “Spanning-tree information,” see “Configuring Global Settings” on page 3-
VLAN Commands4-1794Command Mode Privileged ExecExampleVLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communi
Command Line Interface4-1804vlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.Default Settin
VLAN Commands4-1814Command Mode VLAN Database ConfigurationCommand Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN n
Command Line Interface4-1824Default Setting NoneCommand Mode Global ConfigurationExample The following example shows how to set the interface configur
VLAN Commands4-1834Related Commandsswitchport acceptable-frame-types (4-183)switchport acceptable-frame-types This command configures the acceptable f
Command Line Interface4-1844Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Ingress filtering only affects tagged frames.
VLAN Commands4-1854Example The following example shows how to set the PVID for port 1 to VLAN 3:switchport allowed vlanThis command configures VLAN gr
Command Line Interface4-1864Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1:switchpo
VLAN Commands4-1874Displaying VLAN Informationshow vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keywor
Initial Configuration2-822. Enter the name of the start-up file. Press <Enter>.Managing System FilesThe switch’s flash memory supports three typ
Command Line Interface4-1884When a frame is received at a port, its VLAN membership can then be determined based on the protocol type in use by the in
VLAN Commands4-1894Example The following creates protocol group 1, and specifies Ethernet frames with IP and ARP protocol types:protocol-vlan protocol
Command Line Interface4-1904Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group
VLAN Commands4-1914Command Mode Privileged ExecExample This shows that traffic entering Port 1 that matches the specifications for protocol group 1 wi
Command Line Interface4-1924• Entering the pvlan command without any parameters enables the private VLAN. Entering no pvlan disables the private VLAN.
GVRP and Bridge Extension Commands4-1934bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] br
Command Line Interface4-1944switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefault Sett
GVRP and Bridge Extension Commands4-1954garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the
Command Line Interface4-1964show garp timerThis command shows the GARP timers for the selected interface.Syntax show garp timer [interface]interface •
Priority Commands4-1974Priority CommandsThe commands described in this section allow you to specify which data packets have greater precedence when tr
3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the
Command Line Interface4-1984Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP Por
Priority Commands4-1994Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priorit
Command Line Interface4-2004queue cos-mapThis command assigns class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 7
Priority Commands4-2014 Related Commands show queue cos-map (4-202)show queue modeThis command shows the current queue mode.Default Setting NoneComman
Command Line Interface4-2024show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interface • et
Priority Commands4-2034map ip port (Global Configuration)Use this command to enable IP port mapping (i.e., class of service mapping for TCP/UDP socket
Command Line Interface4-2044Example The following example shows how to map HTTP traffic to CoS value 0:map ip precedence (Global Configuration)This co
Priority Commands4-2054Default Setting The list below shows the default priority mapping.Command Mode Interface Configuration (Ethernet, Port Channel)
Command Line Interface4-2064Example The following example shows how to enable IP DSCP mapping globally:map ip dscp (Interface Configuration)This comma
Priority Commands4-2074Example The following example shows how to map IP DSCP value 1 to CoS value 0:map access-list ip This command sets the output q
Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a
Command Line Interface4-2084show map ip portUse this command to show the IP port priority map.Syntax show map ip port [interface]interface • ethernet
Priority Commands4-2094Command ModePrivileged ExecExample Related Commands map ip precedence (Global Configuration) (4-204)map ip precedence (Interfac
Command Line Interface4-2104Example Related Commands map ip dscp (Global Configuration) (4-205)map ip dscp (Interface Configuration) (4-206)Quality of
Quality of Service Commands4-2114To create a service policy for a specific category or ingress traffic, follow these steps:1. Use the class-map comman
Command Line Interface4-2124• The class map is used with a policy map (page 4-213) to create a service policy (page 4-216) for a specific interface th
Quality of Service Commands4-2134Example This example creates a class map called “rd-class,” and sets it to match packets marked for DSCP service valu
Command Line Interface4-2144classThis command defines a traffic classification upon which a policy can act, and enters Policy Map Class configuration
Quality of Service Commands4-2154Default Setting NoneCommand Mode Policy Map Class ConfigurationExample This example sets the DSCP value to 3 for all
Command Line Interface4-2164Example This example creates a policer that sets the maximum burst rate to 20 Kbytes, the average rate to 1522 bps, and th
Quality of Service Commands4-2174Command Mode Privileged ExecExampleshow policy-map This command displays the QoS policy maps which define classificat
Navigating the Web Browser Interface3-33Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer 5.x is configured as follows: Under
Command Line Interface4-2184Command Mode Privileged ExecExampleMulticast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol)
Multicast Filtering Commands4-2194Default Setting EnabledCommand Mode Global ConfigurationExample The following example enables IGMP snooping.ip igmp
Command Line Interface4-2204ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Syntax i
Multicast Filtering Commands4-2214Example The following shows the current IGMP snooping configuration:show mac-address-table multicast This command sh
Command Line Interface4-2224IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form
Multicast Filtering Commands4-2234Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier w
Command Line Interface4-2244ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore the def
Multicast Filtering Commands4-2254Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this comman
Command Line Interface4-2264Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Ther
IP Interface Commands4-2274IP Interface CommandsThere are no IP addresses assigned to this switch by default. You must manually configure a new addres
Configuring the Switch3-43Jumbo Frame Enables jumbo frame support 3-15File 3-16Firmware Manages code image files 3-16Configuration Manages switch con
Command Line Interface4-2284Command Usage • You must assign an IP address to this device to gain management access over the network or to connect the
IP Interface Commands4-2294Example The following example defines a default gateway for this device:Related Commands show ip redirects (4-230)ip dhcp r
Command Line Interface4-2304Command Mode Privileged ExecExample Related Commands show ip redirects (4-230)show ip redirectsThis command shows the defa
IP Interface Commands4-2314Command Usage • Use the ping command to see if another site on the network can be reached. • Following are some results of
Command Line Interface4-2324
A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port SecurityAccess Control Lis
Software SpecificationsA-2AVLAN SupportUp to 255 groups; port-based, protocol-based, or tagged (802.1Q),GVRP for automatic VLAN learning, private VLAN
Management Information BasesA-3AIEEE 802.1D Spanning Tree Protocol and traffic prioritiesIEEE 802.1p Priority tagsIEEE 802.1s Multiple Spanning Tree P
Software SpecificationsA-4ASNMP Target MIB, SNMP Notification MIB (RFC 2573)SNMP User-Based SM MIB (RFC 2574)SNMP View Based ACM MIB (RFC 2575)SNMP Co
B-1Appendix B: Troubleshooting Table B-1. Troubleshooting ChartSymptom ActionCannot connect using Telnet, Web browser, or SNMP software• Be sure you
Navigating the Web Browser Interface3-53Port Security Configures per port security, including status, response for security breach, and maximum allowe
TroubleshootingB-2B
Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for
GlossaryGlossary-2GARP VLAN Registration Protocol (GVRP)Defines a way for switches to exchange VLAN information in order to register necessary VLAN me
Glossary-3GlossaryIEEE 802.3xDefines Ethernet frame start/stop requests and timers used for flow control on full-duplex links.IGMP SnoopingListening t
GlossaryGlossary-4Management Information Base (MIB)An acronym for Management Information Base. It is a set of database objects that contains informati
Glossary-5GlossaryRemote Monitoring (RMON)RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard
GlossaryGlossary-6Trivial File Transfer Protocol (TFTP)A TCP/IP protocol commonly used for software downloads.User Datagram Protocol (UDP)UDP provides
Index-1Numerics802.1x, port authentication 3-54, 4-76Aacceptable frame type 3-133, 4-183Access Control List See ACLACLExtended IP 3-62, 4-83, 4-85, 4
Index-2IndexHhardware version, displaying 3-10, 4-60HTTPS 3-45, 4-30HTTPS, secure server 3-45, 4-30IIEEE 802.1D 3-103, 4-162IEEE 802.1s 4-162IEEE 802.
Index-3Indexproblems, troubleshooting B-1protocol migration 3-115, 4-176Qqueue weights 3-143, 4-199RRADIUS, logon authentication 3-42, 4-70rate limits
Configuring the Switch3-63Port Statistics Lists Ethernet and RMON port statistics 3-93Alcatel 3-98AMAP Alcatel Mapping Adjacency Protocol (AMAP) 3-98S
Index-4IndexVVLANs 3-122–3-136, 4-179–4-192adding static members 3-130, 3-132, 4-185creating 3-129, 4-180description 3-122displaying basic information
F1.0.0.6 E042004-R02060191-10
Navigating the Web Browser Interface3-73Port Configuration Specifies default PVID and VLAN attributes 3-133Trunk Configuration Specifies default trun
Configuring the Switch3-83Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location a
Basic Configuration3-93Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator
vContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-5Chapter 2: Initial Configuration 2
Configuring the Switch3-103Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers f
Basic Configuration3-113CLI – Use the following command to display version information.Displaying Bridge Extension CapabilitiesThe Bridge MIB includes
Configuring the Switch3-123Web – Click System, Bridge Extension.Figure 3-7. Bridge Exentsion ConfigurationCLI – Enter the following command. Setting
Basic Configuration3-133• IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configuratio
Configuring the Switch3-143Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by
Basic Configuration3-153CLI – Enter the following command to restart DHCP service.Enabling Jumbo FramesThe switch provides more efficient throughput f
Configuring the Switch3-163• File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period
Basic Configuration3-173CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination fi
Configuring the Switch3-183If you download to a new file name, then select the new file from the drop-down box for Startup Configuration File, and pre
Basic Configuration3-193• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon
ContentsviTelnet Settings 3-21Configuring Event Logging 3-23System Logs 3-23System Logs Configuration 3-24Remote Logs Configuration 3-25Sending S
Configuring the Switch3-203Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply.Figure 3-1.
Basic Configuration3-213Telnet SettingsYou can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Mana
Configuring the Switch3-223Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.Figure 3-2. Telne
Configuring Event Logging3-233Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events th
Configuring the Switch3-243Web – Click System, Log, Logs.Figure 3-3. Logging InformationCLI – Type "show logging ram" to display log mess
Configuring Event Logging3-253• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. F
Configuring the Switch3-263• Host IP List – Displays the list of remote server IP addresses that receive the syslog messages. The maximum number of ho
Configuring Event Logging3-273Sending Simple Mail Transfer Protocol AlertsTo alert system administrators of problems, the switch can use SMTP (Simple
Configuring the Switch3-283Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add a
Configuring Event Logging3-293to complete the configuration. Use the show logging sendmail command to display the current SMTP configuration.Resetting
ContentsviiPort Configuration 3-75Displaying Connection Status 3-75Configuring Interface Connections 3-77Creating Trunk Groups 3-79Statically Conf
Configuring the Switch3-303This switch acts as an SNTP client in unicast mode: Unicast – The switch periodically sends a request for a time update to
Simple Network Management Protocol3-313Setting the Time ZoneSNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based
Configuring the Switch3-323standard presentation of the information controlled by the agent. SNMP defines both the format of the MIB specifications an
Simple Network Management Protocol3-333Enabling SNMPEnables the SNMP agent on the switch for all versions (1, 2c, and 3). Command Attributes• SNMP Age
Configuring the Switch3-343Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Access Mode drop-
Simple Network Management Protocol3-353Web – Click SNMP, Configuration. Enter the IP address and community string for each managment station that will
Configuring the Switch3-363A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If
Simple Network Management Protocol3-373• Level – The security level used for the user:- noAuthNoPriv – There is no authentication or encryption used i
Configuring the Switch3-383CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3 GroupsAn SN
Simple Network Management Protocol3-393Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, ass
ContentsviiiMapping Protocols to VLANs 3-137Class of Service Configuration 3-139Setting the Default Priority for Interfaces 3-139Mapping CoS Values
Configuring the Switch3-403Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined vie
User Authentication3-413CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the
Configuring the Switch3-423Command Attributes• User Name* – The name of the user. (Maximum length: 8 characters)• Access Level* – Specifies the user l
User Authentication3-433a database of multiple user name/password pairs with associated privilege levels for each user that requires management access
Configuring the Switch3-443• TACACS Settings- Server IP Address – Address of the TACACS+ server. (Default: 10.11.12.13)- Server Port Number – Network
User Authentication3-453CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to enab
Configuring the Switch3-463• To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” on page 3-46. Command Attribute
User Authentication3-473When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line
Configuring the Switch3-483Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An
User Authentication3-4932. The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sess
ContentsixUnderstanding Command Modes 4-5Exec Commands 4-6Configuration Commands 4-6Command Line Processing 4-7Command Groups 4-9Line Commands 4
Configuring the Switch3-503Web – Click Security, SSH Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the
User Authentication3-513Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status – All
Configuring the Switch3-523CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that t
User Authentication3-533Command Attributes•Port – Port number.•Name – Descriptive text (page 4-131). • Action – Indicates the action to be taken when
Configuring the Switch3-543Configuring 802.1x Port Authentication Network switches can provide open and easy access to network resources by simply att
User Authentication3-553• The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native support
Configuring the Switch3-563CLI – This example shows the default protocol settings for 802.1x. For a description of the additional entries displayed in
User Authentication3-573Configuring 802.1x Global SettingsThe dot1x protocol includes global parameters that control the client authentication process
Configuring the Switch3-583CLI – This enables re-authentication and sets all of the global parameters for 802.1x.Configuring Port Authorization ModeWh
User Authentication3-593Web – Click Security, 802.1x, Port Configuration. Select the authentication mode from the drop-down box and click Apply.Figure
Commentaires sur ces manuels