Alcatel-carrier-internetworking-solutions OmniStack 6300-24 Manuel d'utilisateur

Part No. 060191-10, Rev. BApril 2004OmniStack® 6300-24 Users Guide

Contentsxip ssh timeout 4-35ip ssh authentication-retries 4-36ip ssh server-key size 4-36delete public-key 4-37ip ssh crypto host-key generate 4-

Configuring the Switch3-603Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the stati

Access Control Lists3-613Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 pr

Configuring the Switch3-623Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Na

Access Control Lists3-633• SubMask – A subnet mask containing four integers from 0 to 255, each separated by a period. The mask uses 1 bits to indicat

Configuring the Switch3-643• Service Type – Packet priority settings based on the following criteria:- Precedence – IP precedence level. (Range: 0-7)-

Access Control Lists3-653Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Configuring the Switch3-663Configuring a MAC ACLCommand Attributes• Action – An ACL can contain all permit rules or all deny rules. (Default: Permit r

Access Control Lists3-673Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Configuring the Switch3-683Configuring ACL MasksYou must specify masks that control the order in which ACL rules are checked. The switch includes two

Access Control Lists3-693Configuring an IP ACL MaskThis mask defines the fields to check in the IP header. Command Usage• Masks that include an entry

Contentsxiwhichboot 4-66boot system 4-66Authentication Commands 4-67Authentication Sequence 4-67authentication login 4-68authentication enable 4-

Configuring the Switch3-703Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source

Access Control Lists3-713Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mask

Configuring the Switch3-723CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rul

Filtering IP Addresses for Management Access3-733Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an AC

Configuring the Switch3-743• When entering addresses for the same group (i.e., SNMP, web or Telnet), the switch will not accept overlapping address ra

Port Configuration3-753Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the curren

Configuring the Switch3-763Field Attributes (CLI)Basic information:• Port type – Indicates the port type. (1000BASE-T, 1000BASE-SX, 1000BASE-LX or 100

Port Configuration3-773CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configuration o

Configuring the Switch3-783(The current switch chip only supports symmetric pause frames.)- FC - Supports flow control Flow control can eliminate fram

Port Configuration3-793CLI – Select the interface, and then enter the required settings.Creating Trunk GroupsYou can create multiple links between dev

Contentsxiimatch access-list ip 4-96show marking 4-97MAC ACLs 4-98access-list mac 4-98permit, deny (MAC ACL) 4-99show mac access-list 4-100ac

Configuring the Switch3-803• The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, d

Port Configuration3-813CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to

Configuring the Switch3-823Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After y

Port Configuration3-833Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following

Configuring the Switch3-843Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can

Port Configuration3-853CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; ports 5

Configuring the Switch3-863Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 3-4

Port Configuration3-873Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-48.

Configuring the Switch3-883CLI – The following example displays the LACP configuration settings and operational state for the local side of port chann

Port Configuration3-893Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 3-50.

Contentsxiiishow dns 4-127show dns cache 4-128clear dns cache 4-128Interface Commands 4-129interface 4-130description 4-131speed-duplex 4-131negot

Configuring the Switch3-903Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if applica

Port Configuration3-913CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then

Configuring the Switch3-923Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add.Fi

Port Configuration3-933Web - Click Rate Limit, Input/Output Port/Trunk Configuration. Set the Input Rate Limit Status or Output Rate Limit Status, the

Configuring the Switch3-943Statistical Values Table 3-54. Displaying Port StatisticsParameter DescriptionInterface StatisticsReceived Octets The tota

Port Configuration3-953Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions. This

Configuring the Switch3-963Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

Port Configuration3-973Figure 3-55. Displaying Port Statistics

Configuring the Switch3-983CLI – This example shows statistics for port 13.Alcatel Mapping Adjacency Protocol (AMAP)The AMAP protocol enables a switch

Alcatel Mapping Adjacency Protocol (AMAP)3-993• Common – The port has detected an adjacent switch and periodically sends “Hello” packets to determine

Contentsxivspanning-tree forward-time 4-163spanning-tree hello-time 4-164spanning-tree max-age 4-164spanning-tree priority 4-165spanning-tree path

Configuring the Switch3-1003Web – Click Alcatel, AMAP, Information.Figure 3-57. AMAP InformationCLI – There is no equvilent CLI command to display de

Address Table Settings3-1013Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Configuring the Switch3-1023Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Spanning Tree Algorithm Configuration3-1033Web – Click Address Table, Address Aging. Specify the new aging time, click Apply.Figure 3-60. Address Agi

Configuring the Switch3-1043Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) trans

Spanning Tree Algorithm Configuration3-1053• Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., dis

Configuring the Switch3-1063• Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall

Spanning Tree Algorithm Configuration3-1073Configuring Global SettingsGlobal settings apply to the entire switch.Command Usage• Spanning Tree Protocol

Configuring the Switch3-1083• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the hig

Spanning Tree Algorithm Configuration3-1093Configuration Settings for RSTP The following attributes apply to both RSTP and MSTP:• Path Cost Method – T

ContentsxvGVRP and Bridge Extension Commands 4-192bridge-ext gvrp 4-193show bridge-ext 4-193switchport gvrp 4-194show gvrp configuration 4-194gar

Configuring the Switch3-1103Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-63. STA Configura

Spanning Tree Algorithm Configuration3-1113CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MS

Configuring the Switch3-1123• Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is

Spanning Tree Algorithm Configuration3-1133• Internal path cost – The path cost for the MST. See the proceeding item.• Priority – Defines the priority

Configuring the Switch3-1143CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP and MSTP attr

Spanning Tree Algorithm Configuration3-1153• Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for al

Configuring the Switch3-1163Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Appl

Spanning Tree Algorithm Configuration3-1173To ensure that the MSTI maintains connectivity across the network, you must configure a related set of brid

Configuring the Switch3-1183CLI – This displays STA settings for instance 1, followed by settings for each port. CLI – This example sets the priority

Spanning Tree Algorithm Configuration3-1193Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display th

ContentsxviIGMP Query Commands (Layer 2) 4-222ip igmp snooping querier 4-222ip igmp snooping query-count 4-222ip igmp snooping query-interval 4-2

Configuring the Switch3-1203CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are globa

Spanning Tree Algorithm Configuration3-1213Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usi

Configuring the Switch3-1223Web – Click Spanning Tree, MSTP, Port Configuration or Trunk Configuration. Enter the priority and path cost for an interf

VLAN Configuration3-1233VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a

Configuring the Switch3-1243Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN

VLAN Configuration3-1253Note: If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports co

Configuring the Switch3-1263Web – Click VLAN, 802.1Q VLAN, GVRP Status. Enable or disable GVRP, and click Apply.Figure 3-72. GVRP StatusCLI – This ex

VLAN Configuration3-1273CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN a

Configuring the Switch3-1283Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list.Figure 3-74. VLAN Current TableComm

VLAN Configuration3-1293Creating VLANsUse the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on thi

xviiTablesTable 1-1. Key Features 1-1Table 1-2. System Defaults 1-5Table 3-4. Main Menu 3-3Table 3-2. Configuration Options 3-3Table 3-1. SNMPv3 S

Configuring the Switch3-1303CLI – This example creates a new VLAN.Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure po

VLAN Configuration3-1313• Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: - T

Configuring the Switch3-1323Adding Static Members to VLANs (Port Index)Use the VLAN Static Membership by Port menu to assign VLAN groups to the select

VLAN Configuration3-1333Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN id

Configuring the Switch3-1343• GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice th

VLAN Configuration3-1353CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP

Configuring the Switch3-1363Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports

VLAN Configuration3-1373Configuring Protocol GroupsCreate a protocol group for one or more protocols.Command Attributes• Protocol Group ID – Group ide

Configuring the Switch3-1383• When a frame enters a port that has been assigned to a protocol VLAN, it is processed in the following manner:- If the f

Class of Service Configuration3-1393Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precede

xviiiTablesTable 4-27. Authentication Sequence 4-67Table 4-28. RADIUS Commands 4-70Table 4-29. TACACS+ Commands 4-73Table 4-30. Port Security Comma

Configuring the Switch3-1403Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then

Class of Service Configuration3-1413Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using e

Configuring the Switch3-1423Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to

Class of Service Configuration3-1433Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traf

Configuring the Switch3-1443Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), enter a weig

Class of Service Configuration3-1453Mapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of prioritizing layer 3/4 tr

Configuring the Switch3-1463Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight diff

Class of Service Configuration3-1473CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to Co

Configuring the Switch3-1483Note: IP DSCP settings apply to all interfaces.Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP tabl

Class of Service Configuration3-1493Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port numb

xixTable 4-67. Quality of Service Commands 4-210Table 4-68. Multicast Filtering Commands 4-218Table 4-69. IGMP Snooping Commands 4-218Table 4-70. I

Configuring the Switch3-1503CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS va

Class of Service Configuration3-1513Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then

Configuring the Switch3-1523Command Attributes• Port – Port identifier.•Name1 – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Prece

Quality of Service3-1533Quality of ServiceThe commands described in this section are used to configure Quality of Service (QoS) classification criteri

Configuring the Switch3-1543Use the Policy Map page to specify a policy map. Then use the Class Map page to configure a policy map. And finally, use t

Quality of Service3-1553Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing class.

Configuring the Switch3-1563Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Create a policy map, s

Quality of Service3-1573Policy Table- Policy Name — Name of policy map.- Class Name — Name of class map.- Action — Classification of IP traffic by CoS

Configuring the Switch3-1583Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Polic

Quality of Service3-1593CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps,

An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical support. You’ll also receive regular software updates to m

xxTables

Configuring the Switch3-1603Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A

Multicast Filtering3-1613Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Based

Configuring the Switch3-1623Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default se

Multicast Filtering3-1633Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to displa

Configuring the Switch3-1643Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast rout

Multicast Filtering3-1653Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from

Configuring the Switch3-1663Command Attribute• Interface – Activates the Port or Trunk scroll down list.• VLAN ID – Selects the VLAN to propagate all

Configuring Domain Name Service3-1673Configuring General DNS Server Parameters Command Usage• To enable DNS service on this switch, first configure on

Configuring the Switch3-1683Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name ser

Configuring Domain Name Service3-1693Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are

xxiFiguresFigure 3-1. Home Page 3-2Figure 3-3. Ports Panel 3-3Figure 3-5. System Information 3-9Figure 3-6. Switch Information 3-10Figure 3-7. Bri

Configuring the Switch3-1703Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.Figure 3-

Configuring Domain Name Service3-1713Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name s

Configuring the Switch3-1723CLI - This example displays all the resource records learned from the designated name servers.Console#show dns cache 4-128

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pr

Command Line Interface4-64Exec CommandsWhen you open a new console session on the switch with the user name and password “guest,” the system enters th

Entering Commands4-74To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Co

FiguresxxiiFigure 3-36. ACL Mask Configuration 3-68Figure 3-37. ACL IP Mask Configuration 3-70Figure 3-38. ACL MAC Mask Configuration 3-71Figure 3-

Command Line Interface4-84Ctrl-F Shifts cursor to the right one character.Ctrl-K Deletes all characters from the cursor to the end of the line.Ctrl-L

Command Groups4-94Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4. Command GroupsCommand Group

Command Line Interface4-104The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configur

Line Commands4-114Default Setting There is no default line.Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal con

Command Line Interface4-124Command Usage • There are three authentication modes provided by the switch itself at login:- login selects authentication

Line Commands4-134Command Usage • When a connection is started on a line with password protection, the system prompts for the password. If you enter t

Command Line Interface4-144Example To set the timeout to two minutes, enter this command:exec-timeoutThis command sets the interval that the system wa

Line Commands4-154Command Mode Line Configuration Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for

Command Line Interface4-164databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use

Line Commands4-174Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting.E

FiguresxxiiiFigure 3-84. Port Priority Configuration 3-140Figure 3-87. Traffic Classes 3-142Figure 3-88. Selecting the Queue Mode 3-143Figure 3-89.

Command Line Interface4-184Default Setting 1 stop bitCommand Mode Line Configuration Example To specify 2 stop bits, enter this command:disconnectUse

General Commands4-194Command Mode Normal Exec, Privileged ExecExample To show all lines, enter this command:General CommandsenableThis command activat

Command Line Interface4-204Default SettingLevel 15Command ModeNormal ExecCommand Usage • “super” is the default password required to change the comman

General Commands4-214prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Con

Command Line Interface4-224modes. In this example, the !2 command repeats the second command in the Execution history buffer (config).reloadThis comma

System Management Commands4-234Default Setting NoneCommand Mode AnyExample This example shows how to return to the Privileged Exec mode from the Globa

Command Line Interface4-244Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Synt

System Management Commands4-254hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default host n

Command Line Interface4-264•{0 | 7} - 0 means plain password, 7 means encrypted password. • password password - The authentication password for the us

System Management Commands4-274Command Mode Global ConfigurationCommand Usage • You cannot set a null password. You will have to enter a password to c

Figuresxxiv

Command Line Interface4-284Command Mode Global ConfigurationCommand Usage • If anyone tries to access a management interface on the switch from an inv

System Management Commands4-294ExampleWeb Server Commandsip http portThis command specifies the TCP port number used by the Web browser interface. Use

Command Line Interface4-304ExampleRelated Commandsip http server (4-30)ip http serverThis command allows this device to be monitored or configured fro

System Management Commands4-314• When you start HTTPS, the connection is established in this way:- The client authenticates the server using the serve

Command Line Interface4-324Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port. • If you change the HTTPS port number

System Management Commands4-334The SSH server on this switch supports both password and public key authentication. If password authentication is speci

Command Line Interface4-3440060902539484084827178194372288402533115952134861022902978982721353267131629432532818915045306393916643 [email protected]

System Management Commands4-354Example Related Commandsip ssh crypto host-key generate (4-37)show ssh (4-39)ip ssh timeoutUse this command to configur

Command Line Interface4-364ip ssh authentication-retriesUse this command to configure the number of times the SSH server attempts to reauthenticate a

System Management Commands4-374delete public-keyUse this command to delete the specified user’s public key.Syntax delete public-key username [dsa | rs

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-384Related Commandsip ssh crypto zeroize (4-38)ip ssh save host-key (4-38)ip ssh crypto zeroizeUse this command to clear the h

System Management Commands4-394Example Related Commandsip ssh crypto host-key generate (4-37)show ip sshUse this command to display the connection set

Command Line Interface4-404show public-keyUse this command to show the public key for the specified user or for the host.Syntax show public-key [user

System Management Commands4-414Example Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messag

Command Line Interface4-424Command Usage The logging process controls error messages saved to switch memory. You can use the logging history command t

System Management Commands4-434Command Mode Global ConfigurationCommand Usage The message level specified for flash memory must be a higher priority (

Command Line Interface4-444Command Mode Global ConfigurationCommand Usage The command specifies the facility type tag sent in syslog messages. (See RF

System Management Commands4-454Command Mode Privileged ExecExample Related Commandsshow logging (4-45)show loggingThis command displays the logging co

Command Line Interface4-464The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-49)SMTP Alert Comma

System Management Commands4-474logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Command Line Interface4-484Command Mode Global ConfigurationCommand Usage The specified level indicates an event threshold. All events at this level o

System Management Commands4-494Command Mode Global ConfigurationCommand Usage You can specify up to five recipients for alert messages. However, you m

Command Line Interface4-504Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP).sntp clientTh

System Management Commands4-514Example Related Commandssntp server (4-51)sntp poll (4-52)show sntp (4-52)sntp serverThis command sets the IP address o

Command Line Interface4-524sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the n

System Management Commands4-534clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours min

Command Line Interface4-544Default Setting NoneCommand Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, Februar

System Management Commands4-554Command Usage • Use this command in conjunction with the show running-config command to compare the information in runn

Command Line Interface4-564Example Related Commandsshow running-config (4-57)Console#show startup-configbuilding startup-config, please wait...!snt

System Management Commands4-574show running-configThis command displays the configuration information currently in use.Default Setting NoneCommand Mod

Description of Software Features1-31Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate l

Command Line Interface4-584Example Related Commandsshow startup-config (4-54)Console#show running-configbuilding running-config, please wait...!sntp

System Management Commands4-594show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecComman

Command Line Interface4-604show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.Def

System Management Commands4-614Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Synt

Command Line Interface4-624Example Flash/File CommandsThese commands are used to manage the system code or configuration files.copy This command mo

Flash/File Commands4-634Default Setting NoneCommand Mode Privileged ExecCommand Usage • The system prompts for data required to complete the copy comm

Command Line Interface4-644The following example shows how to download a configuration file: This example shows how to copy a secure-site certificate

Flash/File Commands4-654Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cfg”

Command Line Interface4-664Example The following example shows how to display all file information:whichbootThis command displays which files were boo

Authentication Commands4-674Default Setting NoneCommand Mode Global ConfigurationCommand Usage • A colon (:) is required after the specified file type

Introduction1-41older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the

Command Line Interface4-684authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the def

Authentication Commands4-694authentication enableThis command defines the authentication method and precedence to use when changing from Exec command

Command Line Interface4-704RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software runn

Authentication Commands4-714Command Mode Global ConfigurationExample radius-server keyThis command sets the RADIUS encryption key. Use the no form to

Command Line Interface4-724radius-server timeoutThis command sets the interval between transmitting authentication requests to the RADIUS server. Use

Authentication Commands4-734TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses soft

Command Line Interface4-744Command Mode Global ConfigurationExample tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to

Authentication Commands4-754Port Security CommandsThese commands can be used to disable the learning function or manually specify secure addresses for

Command Line Interface4-764• To use port security, first allow the switch to dynamically learn the <source MAC address, VLAN> pair for frames re

Authentication Commands4-774authentication dot1x defaultThis command sets the default authentication server type. Use the no form to restore the defau

System Defaults1-51Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal n

Command Line Interface4-784dot1x max-reqThis command sets the maximum number of times the switch port will retransmit an EAP request/identity packet t

Authentication Commands4-794dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use th

Command Line Interface4-804dot1x re-authenticationThis command enables periodic re-authentication globally for all ports. Use the no form to disable r

Authentication Commands4-814Command ModeGlobal ConfigurationExampledot1x timeout tx-periodThis command sets the time that the switch waits during an a

Command Line Interface4-824Command UsageThis command displays the following information:• Global 802.1X Parameters – Displays the global port access c

Access Control List Commands4-834ExampleAccess Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on addres

Command Line Interface4-844• MAC ACL mode (MAC-ACL) filters packets based on the source or destination MAC address and the Ethernet frame type (RFC 10

Access Control List Commands4-854IP ACLs access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP

Command Line Interface4-864Command Usage• An egress ACL must contain all deny rules.• When you create a new ACL or enter configuration mode for an exi

Access Control List Commands4-874Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address r

WarningThis equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules. These limit

Introduction1-61SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabledLink-up-down events: enabledIP F

Command Line Interface4-884Default SettingNoneCommand ModeExtended ACLCommand Usage• All new rules are appended to the end of the list.• Address bitma

Access Control List Commands4-894This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Related Comman

Command Line Interface4-904Command ModeGlobal ConfigurationCommand Usage• A mask can only be used by all ingress ACLs or all egress ACLs.• The precede

Access Control List Commands4-914Default SettingNoneCommand ModeIP MaskCommand Usage• Packets crossing a port are checked against all the rules in the

Command Line Interface4-924This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit acces

Access Control List Commands4-934This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other pac

Command Line Interface4-944Related Commandsmask (IP ACL) (4-90)ip access-group This command binds a port to an IP ACL. Use the no form to remove the p

Access Control List Commands4-954Related Commandsip access-group (4-94)map access-list ip This command sets the output queue for packets matching an A

Command Line Interface4-964show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value dete

Access Control List Commands4-974Command Usage• You must configure an ACL mask before you can change frame priorities based on an ACL rule.• Traffic p

System Defaults1-71Virtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledSwitchport Mode (Egress Mode) Hybrid: tagged/un

Command Line Interface4-984MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remo

Access Control List Commands4-994• To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule.•

Command Line Interface4-1004• any – Any MAC source or destination address. • host – A specific MAC address.• source – Source MAC address.• destination

Access Control List Commands4-1014Command ModePrivileged ExecExample Related Commandspermit, deny 4-99mac access-group (4-104)access-list mac mask-pre

Command Line Interface4-1024mask (MAC ACL)This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use th

Access Control List Commands4-1034ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of

Command Line Interface4-1044show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs.Syntaxshow access-li

Access Control List Commands4-1054Related Commandsshow mac access-list (4-100)show mac access-groupThis command shows the ports assigned to MAC ACLs.C

Command Line Interface4-1064Example Related Commandsqueue cos-map (4-200)show map access-list mac (4-106) show map access-list mac This command shows

Access Control List Commands4-1074Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command UsageYou must configure an ACL mask before

Introduction1-81

Command Line Interface4-1084Example show access-groupThis command shows the port assignments of ACLs.Command ModePrivileged ExecutiveExample SNMP Comm

SNMP Commands4-1094snmp-server communityThis command defines the community access string for the Simple Network Management Protocol. Use the no form t

Command Line Interface4-1104Example snmp-server contactThis command sets the system contact string. Use the no form to remove the system contact infor

SNMP Commands4-1114Example Related Commandssnmp-server contact (4-110)snmp-server host This command specifies the recipient of a Simple Network Manage

Command Line Interface4-1124Example Related Commandssnmp-server enable traps (4-112)snmp-server enable trapsThis command enables this device to send S

SNMP Commands4-1134show snmpThis command checks the status of SNMP communications.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand

Command Line Interface4-1144snmp-serverUse this command to enable the SNMP v3 engine. Use the no form to disable the engine.Default Setting EnabledCom

SNMP Commands4-1154show snmp engine-idUse this command to show the SNMP engine ID.Command Mode Privileged ExecExampleThis example shows the default en

Command Line Interface4-1164ExamplesThis view includes MIB-2.This view includes the MIB-2 interfaces table, ifDescr. The wildcard is used to select al

SNMP Commands4-1174snmp-server groupUse this command to add an SNMP group, mapping SNMP users to SNMP views. Use the no form to remove an SNMP group.S

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-1184Example Console#show snmp groupgroupname: r&dsecurity model: v3readview: v2defaultviewwriteview: dailynotifyview: none

SNMP Commands4-1194snmp-server userUse this command to add a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View. Use

Command Line Interface4-1204Example DHCP CommandsThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client. You can confi

DHCP Commands4-1214Command Mode Interface Configuration (VLAN)Command Usage This command is used to include a client identifier in all communications

Command Line Interface4-1224DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries i

DNS Commands4-1234Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP ad

Command Line Interface4-1244Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-124)ip name-server (4-125)i

DNS Commands4-1254ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-name (4-123)ip n

Command Line Interface4-1264ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4

DNS Commands4-1274ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (4-123)ip name-server (4-125)sho

Initial Configuration2-22• Set broadcast storm control on any port• Display system information and statistics Required ConnectionsThe switch provides

Command Line Interface4-1284Exampleshow dns cacheThis command displays entries in the DNS cache.Command Mode Privileged ExecExample clear dns cacheThi

Interface Commands4-1294ExampleInterface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated l

Command Line Interface4-1304interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a tru

4-1314descriptionThis command adds a description to an interface. Use the no form to remove the description.Syntax description stringno descriptionstr

Command Line Interface4-1324Command Usage• To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation

4-1334Example The following example configures port 11 to use autonegotiation.Related Commands capabilities (4-133)speed-duplex (4-131)capabilitiesThi

Command Line Interface4-1344Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Command

4-1354ExampleThe following example enables flow control on port 5.Related Commands negotiation (4-132)capabilities (flowcontrol, symmetric) (4-133)com

Command Line Interface4-1364Default Setting All interfaces are enabled.Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage This

4-1374Example The following shows how to configure broadcast storm control at 600 packets per second: clear countersThis command clears statistics on

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-1384show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface

4-1394show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface • ethernet unit/port- u

Command Line Interface4-1404show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Synt

Mirror Port Commands4-1414Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis comma

Command Line Interface4-1424Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then att

AMAP Configuration4-1434Example The following shows mirroring configured from port 6 to port 11:AMAP ConfigurationThe AMAP protocol discovers adjacent

Command Line Interface4-1444amap enableThis command enables AMAP on the switch. Use the amap disable command to disable the feature.Syntaxamap {enabl

AMAP Configuration4-1454Command Mode Global ConfigurationExampleamap common timerThis command sets the time (in seconds) that switch ports in the Comm

Command Line Interface4-1464Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic transmitted or receive

Link Aggregation Commands4-1474Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-1484Dynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following criteria:• Ports must

Link Aggregation Commands4-1494lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

Command Line Interface4-1504ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end o

Link Aggregation Commands4-1514Command Usage • Port must be configured with the same system priority to join the same LAG.• System priority is combine

Command Line Interface4-1524• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configur

Link Aggregation Commands4-1534lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lac

Command Line Interface4-1544Default Setting Port Channel: allCommand Mode Privileged ExecExample Console#show lacp 1 countersChannel group : 1 -

Link Aggregation Commands4-1554Table 4-49. LACPDUsField DescriptionOper Key Current operational value of the key for the aggregation port.Admin Key

Command Line Interface4-1564Table 4-50. LACP Neighbours InformationField DescriptionPartner Admin System ID LAG partner’s system ID assigned by the u

Address Table Commands4-1574Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1584Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this com

Address Table Commands4-1594Default Setting NoneCommand Mode Privileged ExecCommand Usage • The MAC Address Table contains the MAC addresses associate

Command Line Interface4-1604Example show mac-address-table aging-timeThis command shows the aging time for entries in the address table.Default Settin

Spanning Tree Commands4-1614spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Command Line Interface4-1624Example This example shows how to enable the Spanning Tree Algorithm for the switch:spanning-tree modeThis command selects

Spanning Tree Commands4-1634• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must configure a rela

Command Line Interface4-1644spanning-tree hello-timeThis command configures the spanning tree bridge hello time globally for this switch. Use the no f

Spanning Tree Commands4-1654Command Usage This command sets the maximum time (in seconds) a device can wait without receiving a configuration message

Command Line Interface4-1664spanning-tree pathcost methodThis command configures the path cost method used for Rapid Spanning Tree and Multiple Spanni

Spanning Tree Commands4-1674Example spanning-tree mst-configuration Use this command to change to Multiple Spanning Tree (MST) configuration mode. Def

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1684Command Usage • Use this command to group VLANs into spanning tree instances. MSTP generates a unique spanning tree for ea

Spanning Tree Commands4-1694• You can set this switch to act as the MSTI root device by specifying a priority of 0, or as the MSTI alternate device by

Command Line Interface4-1704Command Mode MST ConfigurationCommand Usage The MST region name (page 4-169) and revision number are used to designate a u

Spanning Tree Commands4-1714spanning-tree spanning-disabledThis command disables the spanning tree algorithm for the specified interface. Use the no f

Command Line Interface4-1724• Path cost takes precedence over port priority.• When the spanning-tree pathcost method (page 4-166) is set to short, the

Spanning Tree Commands4-1734Default Setting DisabledCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • You can enable this o

Command Line Interface4-1744• Since end-nodes cannot cause forwarding loops, they can be passed through the spanning tree state changes more quickly t

Spanning Tree Commands4-1754Example spanning-tree mst costThis command configures the path cost on a spanning instance in the Multiple Spanning Tree.

Command Line Interface4-1764spanning-tree mst port-priorityThis command configures the interface priority on a spanning instance in the Multiple Spann

Spanning Tree Commands4-1774Command Mode Privileged ExecCommand Usage If at any time the switch detects STP BPDUs, including Configuration or Topology

Basic Configuration2-72To configure a community string, complete the following steps:1. From the Privileged Exec level global configuration mode promp

Command Line Interface4-1784• For a description of the items displayed under “Spanning-tree information,” see “Configuring Global Settings” on page 3-

VLAN Commands4-1794Command Mode Privileged ExecExampleVLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communi

Command Line Interface4-1804vlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.Default Settin

VLAN Commands4-1814Command Mode VLAN Database ConfigurationCommand Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN n

Command Line Interface4-1824Default Setting NoneCommand Mode Global ConfigurationExample The following example shows how to set the interface configur

VLAN Commands4-1834Related Commandsswitchport acceptable-frame-types (4-183)switchport acceptable-frame-types This command configures the acceptable f

Command Line Interface4-1844Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Ingress filtering only affects tagged frames.

VLAN Commands4-1854Example The following example shows how to set the PVID for port 1 to VLAN 3:switchport allowed vlanThis command configures VLAN gr

Command Line Interface4-1864Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1:switchpo

VLAN Commands4-1874Displaying VLAN Informationshow vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keywor

Initial Configuration2-822. Enter the name of the start-up file. Press <Enter>.Managing System FilesThe switch’s flash memory supports three typ

Command Line Interface4-1884When a frame is received at a port, its VLAN membership can then be determined based on the protocol type in use by the in

VLAN Commands4-1894Example The following creates protocol group 1, and specifies Ethernet frames with IP and ARP protocol types:protocol-vlan protocol

Command Line Interface4-1904Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group

VLAN Commands4-1914Command Mode Privileged ExecExample This shows that traffic entering Port 1 that matches the specifications for protocol group 1 wi

Command Line Interface4-1924• Entering the pvlan command without any parameters enables the private VLAN. Entering no pvlan disables the private VLAN.

GVRP and Bridge Extension Commands4-1934bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] br

Command Line Interface4-1944switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefault Sett

GVRP and Bridge Extension Commands4-1954garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the

Command Line Interface4-1964show garp timerThis command shows the GARP timers for the selected interface.Syntax show garp timer [interface]interface •

Priority Commands4-1974Priority CommandsThe commands described in this section allow you to specify which data packets have greater precedence when tr

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the

Command Line Interface4-1984Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP Por

Priority Commands4-1994Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priorit

Command Line Interface4-2004queue cos-mapThis command assigns class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 7

Priority Commands4-2014 Related Commands show queue cos-map (4-202)show queue modeThis command shows the current queue mode.Default Setting NoneComman

Command Line Interface4-2024show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interface • et

Priority Commands4-2034map ip port (Global Configuration)Use this command to enable IP port mapping (i.e., class of service mapping for TCP/UDP socket

Command Line Interface4-2044Example The following example shows how to map HTTP traffic to CoS value 0:map ip precedence (Global Configuration)This co

Priority Commands4-2054Default Setting The list below shows the default priority mapping.Command Mode Interface Configuration (Ethernet, Port Channel)

Command Line Interface4-2064Example The following example shows how to enable IP DSCP mapping globally:map ip dscp (Interface Configuration)This comma

Priority Commands4-2074Example The following example shows how to map IP DSCP value 1 to CoS value 0:map access-list ip This command sets the output q

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-2084show map ip portUse this command to show the IP port priority map.Syntax show map ip port [interface]interface • ethernet

Priority Commands4-2094Command ModePrivileged ExecExample Related Commands map ip precedence (Global Configuration) (4-204)map ip precedence (Interfac

Command Line Interface4-2104Example Related Commands map ip dscp (Global Configuration) (4-205)map ip dscp (Interface Configuration) (4-206)Quality of

Quality of Service Commands4-2114To create a service policy for a specific category or ingress traffic, follow these steps:1. Use the class-map comman

Command Line Interface4-2124• The class map is used with a policy map (page 4-213) to create a service policy (page 4-216) for a specific interface th

Quality of Service Commands4-2134Example This example creates a class map called “rd-class,” and sets it to match packets marked for DSCP service valu

Command Line Interface4-2144classThis command defines a traffic classification upon which a policy can act, and enters Policy Map Class configuration

Quality of Service Commands4-2154Default Setting NoneCommand Mode Policy Map Class ConfigurationExample This example sets the DSCP value to 3 for all

Command Line Interface4-2164Example This example creates a policer that sets the maximum burst rate to 20 Kbytes, the average rate to 1522 bps, and th

Quality of Service Commands4-2174Command Mode Privileged ExecExampleshow policy-map This command displays the QoS policy maps which define classificat

Navigating the Web Browser Interface3-33Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer 5.x is configured as follows: Under

Command Line Interface4-2184Command Mode Privileged ExecExampleMulticast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol)

Multicast Filtering Commands4-2194Default Setting EnabledCommand Mode Global ConfigurationExample The following example enables IGMP snooping.ip igmp

Command Line Interface4-2204ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Syntax i

Multicast Filtering Commands4-2214Example The following shows the current IGMP snooping configuration:show mac-address-table multicast This command sh

Command Line Interface4-2224IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form

Multicast Filtering Commands4-2234Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier w

Command Line Interface4-2244ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore the def

Multicast Filtering Commands4-2254Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this comman

Command Line Interface4-2264Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Ther

IP Interface Commands4-2274IP Interface CommandsThere are no IP addresses assigned to this switch by default. You must manually configure a new addres

Configuring the Switch3-43Jumbo Frame Enables jumbo frame support 3-15File 3-16Firmware Manages code image files 3-16Configuration Manages switch con

Command Line Interface4-2284Command Usage • You must assign an IP address to this device to gain management access over the network or to connect the

IP Interface Commands4-2294Example The following example defines a default gateway for this device:Related Commands show ip redirects (4-230)ip dhcp r

Command Line Interface4-2304Command Mode Privileged ExecExample Related Commands show ip redirects (4-230)show ip redirectsThis command shows the defa

IP Interface Commands4-2314Command Usage • Use the ping command to see if another site on the network can be reached. • Following are some results of

Command Line Interface4-2324

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port SecurityAccess Control Lis

Software SpecificationsA-2AVLAN SupportUp to 255 groups; port-based, protocol-based, or tagged (802.1Q),GVRP for automatic VLAN learning, private VLAN

Management Information BasesA-3AIEEE 802.1D Spanning Tree Protocol and traffic prioritiesIEEE 802.1p Priority tagsIEEE 802.1s Multiple Spanning Tree P

Software SpecificationsA-4ASNMP Target MIB, SNMP Notification MIB (RFC 2573)SNMP User-Based SM MIB (RFC 2574)SNMP View Based ACM MIB (RFC 2575)SNMP Co

B-1Appendix B: Troubleshooting Table B-1. Troubleshooting ChartSymptom ActionCannot connect using Telnet, Web browser, or SNMP software• Be sure you

Navigating the Web Browser Interface3-53Port Security Configures per port security, including status, response for security breach, and maximum allowe

TroubleshootingB-2B

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2GARP VLAN Registration Protocol (GVRP)Defines a way for switches to exchange VLAN information in order to register necessary VLAN me

Glossary-3GlossaryIEEE 802.3xDefines Ethernet frame start/stop requests and timers used for flow control on full-duplex links.IGMP SnoopingListening t

GlossaryGlossary-4Management Information Base (MIB)An acronym for Management Information Base. It is a set of database objects that contains informati

Glossary-5GlossaryRemote Monitoring (RMON)RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard

GlossaryGlossary-6Trivial File Transfer Protocol (TFTP)A TCP/IP protocol commonly used for software downloads.User Datagram Protocol (UDP)UDP provides

Index-1Numerics802.1x, port authentication 3-54, 4-76Aacceptable frame type 3-133, 4-183Access Control List See ACLACLExtended IP 3-62, 4-83, 4-85, 4

Index-2IndexHhardware version, displaying 3-10, 4-60HTTPS 3-45, 4-30HTTPS, secure server 3-45, 4-30IIEEE 802.1D 3-103, 4-162IEEE 802.1s 4-162IEEE 802.

Index-3Indexproblems, troubleshooting B-1protocol migration 3-115, 4-176Qqueue weights 3-143, 4-199RRADIUS, logon authentication 3-42, 4-70rate limits

Configuring the Switch3-63Port Statistics Lists Ethernet and RMON port statistics 3-93Alcatel 3-98AMAP Alcatel Mapping Adjacency Protocol (AMAP) 3-98S

Index-4IndexVVLANs 3-122–3-136, 4-179–4-192adding static members 3-130, 3-132, 4-185creating 3-129, 4-180description 3-122displaying basic information

F1.0.0.6 E042004-R02060191-10

Navigating the Web Browser Interface3-73Port Configuration Specifies default PVID and VLAN attributes 3-133Trunk Configuration Specifies default trun

Configuring the Switch3-83Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location a

Basic Configuration3-93Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator

vContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-5Chapter 2: Initial Configuration 2

Configuring the Switch3-103Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers f

Basic Configuration3-113CLI – Use the following command to display version information.Displaying Bridge Extension CapabilitiesThe Bridge MIB includes

Configuring the Switch3-123Web – Click System, Bridge Extension.Figure 3-7. Bridge Exentsion ConfigurationCLI – Enter the following command. Setting

Basic Configuration3-133• IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configuratio

Configuring the Switch3-143Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

Basic Configuration3-153CLI – Enter the following command to restart DHCP service.Enabling Jumbo FramesThe switch provides more efficient throughput f

Configuring the Switch3-163• File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period

Basic Configuration3-173CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination fi

Configuring the Switch3-183If you download to a new file name, then select the new file from the drop-down box for Startup Configuration File, and pre

Basic Configuration3-193• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon

ContentsviTelnet Settings 3-21Configuring Event Logging 3-23System Logs 3-23System Logs Configuration 3-24Remote Logs Configuration 3-25Sending S

Configuring the Switch3-203Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply.Figure 3-1.

Basic Configuration3-213Telnet SettingsYou can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Mana

Configuring the Switch3-223Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.Figure 3-2. Telne

Configuring Event Logging3-233Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events th

Configuring the Switch3-243Web – Click System, Log, Logs.Figure 3-3. Logging InformationCLI – Type "show logging ram" to display log mess

Configuring Event Logging3-253• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. F

Configuring the Switch3-263• Host IP List – Displays the list of remote server IP addresses that receive the syslog messages. The maximum number of ho

Configuring Event Logging3-273Sending Simple Mail Transfer Protocol AlertsTo alert system administrators of problems, the switch can use SMTP (Simple

Configuring the Switch3-283Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add a

Configuring Event Logging3-293to complete the configuration. Use the show logging sendmail command to display the current SMTP configuration.Resetting

ContentsviiPort Configuration 3-75Displaying Connection Status 3-75Configuring Interface Connections 3-77Creating Trunk Groups 3-79Statically Conf

Configuring the Switch3-303This switch acts as an SNTP client in unicast mode: Unicast – The switch periodically sends a request for a time update to

Simple Network Management Protocol3-313Setting the Time ZoneSNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based

Configuring the Switch3-323standard presentation of the information controlled by the agent. SNMP defines both the format of the MIB specifications an

Simple Network Management Protocol3-333Enabling SNMPEnables the SNMP agent on the switch for all versions (1, 2c, and 3). Command Attributes• SNMP Age

Configuring the Switch3-343Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Access Mode drop-

Simple Network Management Protocol3-353Web – Click SNMP, Configuration. Enter the IP address and community string for each managment station that will

Configuring the Switch3-363A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If

Simple Network Management Protocol3-373• Level – The security level used for the user:- noAuthNoPriv – There is no authentication or encryption used i

Configuring the Switch3-383CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3 GroupsAn SN

Simple Network Management Protocol3-393Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, ass

ContentsviiiMapping Protocols to VLANs 3-137Class of Service Configuration 3-139Setting the Default Priority for Interfaces 3-139Mapping CoS Values

Configuring the Switch3-403Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined vie

User Authentication3-413CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the

Configuring the Switch3-423Command Attributes• User Name* – The name of the user. (Maximum length: 8 characters)• Access Level* – Specifies the user l

User Authentication3-433a database of multiple user name/password pairs with associated privilege levels for each user that requires management access

Configuring the Switch3-443• TACACS Settings- Server IP Address – Address of the TACACS+ server. (Default: 10.11.12.13)- Server Port Number – Network

User Authentication3-453CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to enab

Configuring the Switch3-463• To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” on page 3-46. Command Attribute

User Authentication3-473When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line

Configuring the Switch3-483Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An

User Authentication3-4932. The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sess

ContentsixUnderstanding Command Modes 4-5Exec Commands 4-6Configuration Commands 4-6Command Line Processing 4-7Command Groups 4-9Line Commands 4

Configuring the Switch3-503Web – Click Security, SSH Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the

User Authentication3-513Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status – All

Configuring the Switch3-523CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that t

User Authentication3-533Command Attributes•Port – Port number.•Name – Descriptive text (page 4-131). • Action – Indicates the action to be taken when

Configuring the Switch3-543Configuring 802.1x Port Authentication Network switches can provide open and easy access to network resources by simply att

User Authentication3-553• The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native support

Configuring the Switch3-563CLI – This example shows the default protocol settings for 802.1x. For a description of the additional entries displayed in

User Authentication3-573Configuring 802.1x Global SettingsThe dot1x protocol includes global parameters that control the client authentication process

Configuring the Switch3-583CLI – This enables re-authentication and sets all of the global parameters for 802.1x.Configuring Port Authorization ModeWh

User Authentication3-593Web – Click Security, 802.1x, Port Configuration. Select the authentication mode from the drop-down box and click Apply.Figure