Planex SF-2420GX Technické informace

24PORT GIGABIT L2 INTELLIGENT SWITCHSF-2420GX

Contentsxline 4-32login 4-33password 4-34timeout login response 4-34exec-timeout 4-35password-thresh 4-36silent-time 4-36databits 4-37parity 4-38spee

Configuring the Switch3-483To send an inform to a SNMPv2c host, complete these steps:1. Enable the SNMP agent (page 3-46).2. Enable trap informs as de

Simple Network Management Protocol3-493• Enable Link-up and Link-down Traps3 – Issues a notification message whenever a port link is established or br

Configuring the Switch3-503Setting a Local Engine IDAn SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protects aga

Simple Network Management Protocol3-513The engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are speci

Configuring the Switch3-523• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Privacy Passwo

Simple Network Management Protocol3-533CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remote

Configuring the Switch3-543• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Privacy Passwo

Simple Network Management Protocol3-553CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3

Configuring the Switch3-563Table 3-5 Supported Notification MessagesObject Label Object ID DescriptionRFC 1493 TrapsnewRoot 1.3.6.1.2.1.17.0.1 The n

Simple Network Management Protocol3-573Private Traps - swPowerStatus ChangeTrap1.3.6.1.4.1.4537.80.2.1.0.1 This trap is sent when the power state chan

Contentsxisnmp-server engine-id 4-61show snmp engine-id 4-62snmp-server view 4-63show snmp view 4-64snmp-server group 4-64show snmp group 4-65sn

Configuring the Switch3-583Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a securi

Simple Network Management Protocol3-593Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The pr

Configuring the Switch3-603CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and

User Authentication3-613Command Attributes• Account List – Displays the current list of user accounts and associated access levels. (Defaults: admin,

Configuring the Switch3-623Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on s

User Authentication3-633• RADIUS Settings- Global – Provides globally applicable RADIUS settings.- ServerIndex – Specifies one of five RADIUS servers

Configuring the Switch3-643Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authent

User Authentication3-653Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket

Configuring the Switch3-663Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-38 HTTPS Settin

User Authentication3-673Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of t

Contentsxiishow public-key 4-91Port Security Commands 4-92port security 4-92802.1X Port Authentication 4-93dot1x system-auth-control 4-94dot1x de

Configuring the Switch3-683be configured locally on the switch via the User Accounts page as described on page 3-60.) The clients are subsequently aut

User Authentication3-693Authenticating SSH v2 Clientsa. The client first queries the switch to determine if DSA public key authentication using a pref

Configuring the Switch3-703Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save th

User Authentication3-713Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status – All

Configuring the Switch3-723CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that t

User Authentication3-733Command Attributes• Port – Port number.• Name – Descriptive text (page 4-121). • Action – Indicates the action to be taken whe

Configuring the Switch3-743Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply att

User Authentication3-753• The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native support

Configuring the Switch3-763Configuring 802.1X Global SettingsThe 802.1X protocol provides port authentication. The 802.1X protocol must be enabled glo

User Authentication3-773• Max Request – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it

Contentsxiiispeed-duplex 4-121negotiation 4-122capabilities 4-123media-type 4-125shutdown 4-125switchport broadcast packet-rate 4-126clear counters

Configuring the Switch3-783CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this examp

User Authentication3-793Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Table 3-7 802.1X S

Configuring the Switch3-803Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the stati

User Authentication3-813Filtering IP Addresses for Management AccessYou can create a list of up to 16 IP addresses or IP address groups that are allow

Configuring the Switch3-823Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an inte

Access Control Lists3-833Access Control ListsAccess Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4

Configuring the Switch3-843- IPv6 Extended: IPv6 ACL mode that filters packets based on the destination IP address, as well as the type of the next he

Access Control Lists3-853Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a sp

Configuring the Switch3-863• Source/Destination Port Bit Mask – Decimal number representing the port bits to match. (Range: 0-65535)• Control Code – D

Access Control Lists3-873Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Contentsxivspanning-tree cost 4-158spanning-tree port-priority 4-159spanning-tree edge-port 4-160spanning-tree portfast 4-160spanning-tree link-ty

Configuring the Switch3-883Configuring a MAC ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Source/Desti

Access Control Lists3-893Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Configuring the Switch3-903• Source Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address comprise the pr

Access Control Lists3-913• Destination Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address comprise the

Configuring the Switch3-923Web – Specify the action (i.e., Permit or Deny). Select the address type (Any or IPv6-prefix). If you select “IPv6-prefix,”

Access Control Lists3-933Binding a Port to an Access Control ListAfter configuring the Access Control Lists (ACL), you should bind them to the ports t

Configuring the Switch3-943Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the cu

Port Configuration3-953Field Attributes (CLI)Basic information:• Port type – Indicates the port type. (1000BASE-T, SFP, or 10G)• MAC address – The phy

Configuring the Switch3-963CLI – This example shows the connection status for Port 5.Console#show interfaces status ethernet 1/5 4-127Information of E

Port Configuration3-973Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface

Contentsxvshow queue mode 4-188show queue bandwidth 4-189show queue cos-map 4-189Priority Commands (Layer 3 and 4) 4-190This section describes com

Configuring the Switch3-983• Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Creating Trunk Groups”

Port Configuration3-993Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk offer

Configuring the Switch3-1003Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of diffe

Port Configuration3-1013CLI – This example creates trunk 1 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch t

Configuring the Switch3-1023Command Attributes• Member List (Current) – Shows configured trunks (Unit, Port).• New – Includes entry fields for creati

Port Configuration3-1033Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the followin

Configuring the Switch3-1043Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You ca

Port Configuration3-1053CLI – The following example configures LACP parameters for ports 1-10. Ports 1-8 are used as active members of the LAG, ports

Configuring the Switch3-1063Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters

Port Configuration3-1073Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for the

Contentsxviip domain-name 4-215ip domain-list 4-216ip name-server 4-217ip domain-lookup 4-218show hosts 4-219show dns 4-219show dns cache 4-220

Configuring the Switch3-1083Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3

Port Configuration3-1093Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for th

Configuring the Switch3-1103CLI – The following example displays the LACP configuration settings and operational state for the remote side of port cha

Port Configuration3-1113Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the threshol

Configuring the Switch3-1123Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can the

Port Configuration3-1133CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port. Note

Configuring the Switch3-1143Web - Click Port, Rate Limit, Input/Output Port/Trunk Configuration. Set the Input Rate Limit Status or Output Rate Limit

Port Configuration3-1153Table 3-11 Port StatisticsParameter DescriptionInterface StatisticsReceived Octets The total number of octets received on th

Configuring the Switch3-1163Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions.

Port Configuration3-1173Fragments The total number of frames received that were less than 64 octets in length (excluding framing bits, but including F

ContentsxviiUsing System Logs B-2GlossaryIndex

Configuring the Switch3-1183Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at

Address Table Settings3-1193CLI – This example shows statistics for port 12.Address Table SettingsSwitches store the addresses for all known devices.

Configuring the Switch3-1203Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Address Table Settings3-1213Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Configuring the Switch3-1223Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Stat

Spanning Tree Algorithm Configuration3-1233Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Da

Configuring the Switch3-1243An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including th

Spanning Tree Algorithm Configuration3-1253because every device must receive information about topology changes before it starts to forward frames. In

Configuring the Switch3-1263• Transmission limit – The minimum interval between the transmission of consecutive RSTP/MSTP BPDUs.• Path Cost Method – T

Spanning Tree Algorithm Configuration3-1273Note: The current root port and current root cost display as zero when this device is not connected to the

Contentsxviii

Configuring the Switch3-1283• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must configure a rela

Spanning Tree Algorithm Configuration3-1293• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discard

Configuring the Switch3-1303Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-70 STA Global Co

Spanning Tree Algorithm Configuration3-1313CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MS

Configuring the Switch3-1323• Oper Path Cost – The contribution of this port to the path cost of paths towards the spanning tree root which include th

Spanning Tree Algorithm Configuration3-1333• Internal path cost – The path cost for the MST. See the preceding item.• Priority – Defines the priority

Configuring the Switch3-1343CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP and MSTP attr

Spanning Tree Algorithm Configuration3-1353The following interface attributes can be configured:• Spanning Tree – Enables/disables STA on this interfa

Configuring the Switch3-1363• Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs,

Spanning Tree Algorithm Configuration3-1373To use multiple spanning trees:1. Set the spanning tree type to MSTP (STA Configuration, page 3-127).2. Ent

xixTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-5Table 3-1 Web Page Configuration Buttons 3-3Table 3-2 Switch Main Menu 3-4Table 3-

Configuring the Switch3-1383Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priorit

Spanning Tree Algorithm Configuration3-1393CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. -------------------------

Configuring the Switch3-1403Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display the current statu

Spanning Tree Algorithm Configuration3-1413Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usi

Configuring the Switch3-1423• Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower va

VLAN Configuration3-1433VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into separ

Configuring the Switch3-1443Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags sh

VLAN Configuration3-1453these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine secur

Configuring the Switch3-1463Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange

VLAN Configuration3-1473CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN a

xxTablesTable 4-25 User Access Commands 4-69Table 4-26 Default Login Settings 4-70Table 4-27 Authentication Sequence Commands 4-71Table 4-28 RADIUS

Configuring the Switch3-1483Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4093, no leading zeroes).• Type – Shows how this VLAN was added

VLAN Configuration3-1493Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to

Configuring the Switch3-1503Command Attributes • VLAN – ID of configured VLAN (1-4093).• Name – Name of the VLAN (1 to 32 characters).• Status – Enabl

VLAN Configuration3-1513CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VLAN S

Configuring the Switch3-1523Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLA

VLAN Configuration3-1533Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-300

Configuring the Switch3-1543CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the

VLAN Configuration3-1553Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports des

Configuring the Switch3-1563Command UsageTo configure protocol-based VLANs, follow these steps:1. First configure VLAN groups for the protocols you wa

VLAN Configuration3-1573Mapping Protocols to VLANsMap a protocol group to a VLAN for each interface that will participate in the group.Command Usage•

xxiTablesTable 4-70 IGMP Query Commands 4-209Table 4-71 Static Multicast Routing Commands 4-212Table 4-72 DNS Commands 4-214Table 4-73 show dns cac

Configuring the Switch3-1583CLI – The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN

Class of Service Configuration3-1593Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfa

Configuring the Switch3-1603Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using eight pri

Class of Service Configuration3-1613Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click

Configuring the Switch3-1623Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

Class of Service Configuration3-1633Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), ente

Configuring the Switch3-1643Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of priori

Class of Service Configuration3-1653Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining ei

Configuring the Switch3-1663CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value

Class of Service Configuration3-1673Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service

xxiiTables

Configuring the Switch3-1683Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port number (i.e.

Quality of Service3-1693CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS valu

Configuring the Switch3-1703Configuring Quality of Service Parameters To create a service policy for a specific category or ingress traffic, follow th

Quality of Service3-1713Class Configuration• Class Name – Name of the class map. (Range: 1-16 characters)• Type – Only one match command is permitted

Configuring the Switch3-1723Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing cl

Quality of Service3-1733Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Command Usage • To configu

Configuring the Switch3-1743• Back – Returns to previous page with making any changes.Policy Rule Settings- Class Settings -• Class Name – Name of cla

Quality of Service3-1753Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. T

Configuring the Switch3-1763CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522

Multicast Filtering3-1773Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A mu

xxiiiFiguresFigure 3-1 Home Page 3-2Figure 3-2 Front Panel Indicators 3-3Figure 3-3 System Information 3-10Figure 3-4 Switch Information 3-12Figur

Configuring the Switch3-1783Static IGMP Host Interface – For multicast applications that you need to control more carefully, you can manually assign a

Multicast Filtering3-1793Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including

Configuring the Switch3-1803Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informa

Multicast Filtering3-1813Specifying Static Interfaces for a Multicast RouterDepending on your network connections, IGMP snooping may not always be abl

Configuring the Switch3-1823Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multic

Multicast Filtering3-1833Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query me

Configuring the Switch3-1843Configuring Domain Name ServiceThe Domain Naming System (DNS) service on this switch allows host names to be mapped to IP

Configuring Domain Name Service3-1853Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more

Configuring the Switch3-1863Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are used to

Configuring Domain Name Service3-1873Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.

xxivFiguresFigure 3-42 802.1X Global Information 3-75Figure 3-43 802.1X Global Configuration 3-76Figure 3-44 802.1X Port Configuration 3-77Figure 3

Configuring the Switch3-1883Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name servers.Fi

Configuring Domain Name Service3-1893CLI - This example displays all the resource records learned from the designated name servers.Console#show dns ca

Configuring the Switch3-1903

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Note:You can only access the console interface

Command Line Interface4-24For example, the IP address assigned to this switch, 10.1.0.1, consists of a network portion (10.1.0) and a host portion (1)

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pr

Command Line Interface4-64Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display i

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

xxvFiguresFigure 3-87 Default Port Priority 3-159Figure 3-88 Traffic Classes 3-161Figure 3-89 Queue Mode 3-162Figure 3-90 Queue Scheduling 3-163Fi

Command Line Interface4-84To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to ret

Entering Commands4-94Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

Command Line Interface4-104Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command Group Index

General Commands4-114The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration) MST (M

Command Line Interface4-124Command Usage • “super” is the default password required to change the command mode from Normal Exec to Privileged Exec. (T

General Commands4-134Command Mode Privileged ExecExample Related Commands end (4-14)show historyThis command shows the contents of the command history

Command Line Interface4-144reloadThis command restarts the system.Note:When the system is restarted, it will always run the Power-On Self-Test. It wil

General Commands4-154Command Mode Global Configuration, Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spannin

Command Line Interface4-164Example This example shows how to quit a CLI session:System Management CommandsThese commands are used to control system lo

System Management Commands4-174hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default host n

xxviFigures

Command Line Interface4-184System Status CommandsThis section describes commands used to display system information.show startup-configThis command di

System Management Commands4-194Example Related Commandsshow running-config (4-20)Console#show startup-configbuilding startup-config, please wait...

Command Line Interface4-204show running-configThis command displays the configuration information currently in use.Default Setting NoneCommand Mode Pr

System Management Commands4-214Example Related Commandsshow startup-config (4-18)Console#show running-configbuilding running-config, please wait...!

Command Line Interface4-224show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Us

System Management Commands4-234show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client

Command Line Interface4-244Example Frame Size CommandsThis section describes commands used to configure the Ethernet frame size on the switch.jumbo fr

System Management Commands4-254• The current setting for jumbo frames can be displayed with the show system command (page 4-22).Example Related Comman

Command Line Interface4-264copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFT

System Management Commands4-274• Use the copy file unit command to copy a local file to another switch in the stack. Use the copy unit file command to

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-284The following example shows how to download a configuration file: This example shows how to copy a secure-site certificate

System Management Commands4-294Command Mode Privileged ExecCommand Usage • If the file type is used for system startup, then this file cannot be delet

Command Line Interface4-304• File information is shown below:Example The following example shows how to display all file information:whichbootThis com

System Management Commands4-314boot systemThis command specifies the file or image used to start up the system.Syntax boot system [unit:] {boot-rom| c

Command Line Interface4-324lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

System Management Commands4-334Related Commandsshow line (4-40)show users (4-23)loginThis command enables password checking at login. Use the no form

Command Line Interface4-344passwordThis command specifies the password for a line. Use the no form to remove the password.Syntax password {0 | 7} pass

System Management Commands4-354Default Setting • CLI: Disabled (0 seconds)• Telnet: 300 secondsCommand Mode Line ConfigurationCommand Usage • If a log

Command Line Interface4-364Example To set the timeout to two minutes, enter this command:password-threshThis command sets the password intrusion thres

System Management Commands4-374Default Setting The default value is no silent-time.Command Mode Line Configuration (console only)Example To set the si

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Command Line Interface4-384parityThis command defines the generation of a parity bit. Use the no form to restore the default setting.Syntax parity {no

System Management Commands4-394Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates availabl

Command Line Interface4-404Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers fo

System Management Commands4-414Event Logging CommandsThis section describes commands used to configure event logging on the switch.logging onThis comm

Command Line Interface4-424logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the loggin

System Management Commands4-434logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to re

Command Line Interface4-444logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved to

System Management Commands4-454Related Commandsshow log (4-46)show loggingThis command displays the configuration settings for logging messages to loc

Command Line Interface4-464The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-50)show logThis com

System Management Commands4-474ExampleThe following example shows the event message stored in RAM. SMTP Alert CommandsThese commands configure SMTP ev

Description of Software Features1-31enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer t

Command Line Interface4-484• To open a connection, the switch first selects the server that successfully sent mail during the last connection, or the

System Management Commands4-494Command Mode Global ConfigurationCommand Usage You may use an symbolic email address that identifies the switch, or the

Command Line Interface4-504Exampleshow logging sendmailThis command displays the settings for the SMTP event handler.Command Mode Normal Exec, Privile

System Management Commands4-514sntp clientThis command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified w

Command Line Interface4-524Default Setting NoneCommand Mode Global ConfigurationCommand Usage This command specifies time servers from which the switc

System Management Commands4-534show sntpThis command displays the current time and configuration settings for the SNTP client, and indicates whether o

Command Line Interface4-544Related Commandsshow sntp (4-53)calendar setThis command sets the system clock. It may be used if there is no time server o

SNMP Commands4-554SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as

Command Line Interface4-564Exampleshow snmpThis command can be used to check the status of SNMP communications.Default Setting NoneCommand Mode Normal

SNMP Commands4-574snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified commu

Management Guide24PORT GIGABIT L2 INTELLIGENT SWITCHLayer 2 Switchwith 20 10/100/1000BASE-T (RJ-45) Ports, 4 Gigabit Combination Ports (RJ-45/SFP),and

Introduction1-41the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.Rapid Spanning Tree Protoco

Command Line Interface4-584Related Commandssnmp-server location (4-58)snmp-server locationThis command sets the system location string. Use the no for

SNMP Commands4-594to using the snmp-server host command. (Maximum length: 32 characters)• version - Specifies whether to send notifications as SNMP Ve

Command Line Interface4-604To send an inform to a SNMPv3 host, complete these steps:1. Enable the SNMP agent (page 4-55).2. Allow the switch to send S

SNMP Commands4-614SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, both au

Command Line Interface4-624• A remote engine ID is required when using SNMPv3 informs. (See snmp-server host on page 4-58.) The remote engine ID is us

SNMP Commands4-634snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Syntax

Command Line Interface4-644show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis co

SNMP Commands4-654Default Setting • Default groups: public19 (read only), private20 (read/write)• readview - Every object belonging to the Internet OI

Command Line Interface4-664snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify V

SNMP Commands4-674• ip-address - The Internet address of the remote device.• v1 | v2c | v3 - Use SNMP version 1, 2c or 3.• encrypted - Accepts the pas

System Defaults1-51or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different

Command Line Interface4-684show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngine

User Authentication Commands4-694User Authentication Commands You can configure this switch to authenticate users logging into the system for manageme

Command Line Interface4-704• access-level level - Specifies the user level.The device has two predefined privilege levels: 0:NormalExec,15: Privileged

User Authentication Commands4-714Default Setting • The default is level 15. • The default password is “super”Command Mode Global ConfigurationCommand

Command Line Interface4-724Default Setting LocalCommand Mode Global ConfigurationCommand Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offe

User Authentication Commands4-734Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a conn

Command Line Interface4-744radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply to each

User Authentication Commands4-754Command Mode Global ConfigurationExample radius-server keyThis command sets the RADIUS encryption key. Use the no for

Command Line Interface4-764radius-server timeoutThis command sets the interval between transmitting authentication requests to the RADIUS server. Use

User Authentication Commands4-774TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses

Introduction1-61Web Management HTTP Server EnabledHTTP Port Number 80HTTP Secure Server EnabledHTTP Secure Port Number 443SNMP SNMP Agent EnabledCommu

Command Line Interface4-784Command Mode Global ConfigurationExample tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to

User Authentication Commands4-794Web Server CommandsThis section describes commands used to configure web browser management access to the switch.ip h

Command Line Interface4-804Example Related Commandsip http port (4-79)ip http secure-serverThis command enables the secure hypertext transfer protocol

User Authentication Commands4-814Example Related Commandsip http secure-port (4-81)copy tftp https-certificate (4-26)ip http secure-portThis command s

Command Line Interface4-824ip telnet serverThis command allows this device to be monitored or configured from Telnet. It also specifies the TCP port n

User Authentication Commands4-834Configuration GuidelinesThe SSH server on this switch supports both password and public key authentication. If passwo

Command Line Interface4-844696317813662774141689851320491172048303392543241016379975923714490119380060902539484084827178194372288402533115952134861022

User Authentication Commands4-854Note: The SSH server supports up to four client sessions. The maximum number of client sessions includes both current

Command Line Interface4-864Command Mode Global ConfigurationCommand Usage The timeout specifies the interval the switch will wait for a response from

User Authentication Commands4-874ip ssh server-key sizeThis command sets the SSH server key size. Use the no form to restore the default setting.Synta

System Defaults1-71Traffic Prioritization Ingress Port Priority 0Queue Mode WRRWeighted Round Robin Queue: 0 1 2 3 4 5 6 7Weight: 1 2

Command Line Interface4-884ip ssh crypto host-key generateThis command generates the host key pair (i.e., public and private). Syntax ip ssh crypto ho

User Authentication Commands4-894Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command

Command Line Interface4-904Example show sshThis command displays the current SSH server connections.Command Mode Privileged ExecExample Console#show i

User Authentication Commands4-914show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user

Command Line Interface4-924Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch st

User Authentication Commands4-934Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when i

Command Line Interface4-944dot1x system-auth-controlThis command enables IEEE 802.1X port authentication globally on the switch. Use the no form to re

User Authentication Commands4-954dot1x max-reqThis command sets the maximum number of times the switch port will retransmit an EAP request/identity pa

Command Line Interface4-964dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the

User Authentication Commands4-974Command UsageThe re-authentication process verifies the connected client’s user ID and password on the RADIUS server.

Introduction1-81

Command Line Interface4-984Command ModeInterface ConfigurationExampledot1x timeout re-authperiodThis command sets the time period after which a connec

User Authentication Commands4-994show dot1xThis command shows general port authentication related settings on the switch or a specific interface.Synta

Command Line Interface4-1004- Max Count – The maximum number of hosts allowed to access this port (page 4-96).- Port-control – Shows the dot1x mode on

User Authentication Commands4-1014ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status

Command Line Interface4-1024IP Filter CommandsThis section describes commands used to configure IP management access to the switch.managementThis comm

User Authentication Commands4-1034ExampleThis example restricts management access to the indicated addresses.show managementThis command displays the

Command Line Interface4-1044Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protoco

Access Control List Commands4-1054access-list ip This command adds an IP access list and enters configuration mode for standard or extended IPv4 ACLs.

Command Line Interface4-1064Default SettingNoneCommand ModeStandard IPv4 ACLCommand Usage• New rules are appended to the end of the list.• Address bit

Access Control List Commands4-1074• host – Keyword followed by a specific IP address.• precedence – IP precedence level. (Range: 0-7)• tos – Type of S

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-1084ExampleThis example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule

Access Control List Commands4-1094ip access-group This command binds a port to an IPv4 ACL. Use the no form to remove the port.Syntax[no] ip access-gr

Command Line Interface4-1104IPv6 ACLsThe commands in this section configure ACLs based on IPv6 addresses, next header type, and flow label. To configu

Access Control List Commands4-1114Example Related Commandspermit, deny (4-111)ipv6 access-group (4-114)show ipv6 access-list (4-113)permit, deny (Stan

Command Line Interface4-1124permit, deny (Extended IPv6 ACL) This command adds a rule to an Extended IPv6 ACL. The rule sets a filter condition for pa

Access Control List Commands4-1134e.g., in a hop-by-hop option. A flow is uniquely identified by the combination of a source address and a non-zero fl

Command Line Interface4-1144Example Related Commandspermit, deny (4-111)ipv6 access-group (4-114)ipv6 access-group This command binds a port to an IPv

Access Control List Commands4-1154Example Related Commandsipv6 access-group (4-114)MAC ACLsThe commands in this section configure ACLs based on hardwa

Command Line Interface4-1164Example Related Commandspermit, deny (4-116)mac access-group (4-118)show mac access-list (4-117)permit, deny (MAC ACL)This

Access Control List Commands4-1174• address-bitmask22 – Bitmask for MAC address (in hexidecimal format).• vid – VLAN ID. (Range: 1-4093)•vid-bitmask22

Initial Configuration2-22• Configure up to 26 static or LACP trunks• Enable port mirroring• Set broadcast storm control on any port• Display system in

Command Line Interface4-1184Related Commandspermit, deny 4-116mac access-group (4-118)mac access-groupThis command binds a port to a MAC ACL. Use the

Access Control List Commands4-1194ACL InformationThis section describes commands used to display ACL information.show access-listThis command shows al

Command Line Interface4-1204Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link

Interface Commands4-1214Command Mode Global Configuration Example To specify port 4, enter the following command:descriptionThis command adds a descri

Command Line Interface4-1224Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex se

Interface Commands4-1234• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Example Th

Command Line Interface4-1244Example The following example configures Ethernet port 5 capabilities to 100half and 100full.Related Commands negotiation

Interface Commands4-1254Related Commands negotiation (4-122)capabilities (flowcontrol, symmetric) (4-123)media-typeThis command forces the port type s

Command Line Interface4-1264Example The following example disables port 5.switchport broadcast packet-rateThis command configures broadcast storm cont

Interface Commands4-1274Default Setting NoneCommand Mode Privileged ExecCommand Usage Statistics are only initialized for a power reset. This command

Stack Operations2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid

Command Line Interface4-1284Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]int

Interface Commands4-1294Example show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.

Command Line Interface4-1304Example This example shows the configuration setting for port 4. Console#show interfaces switchport ethernet 1/4 Broadcast

Link Aggregation Commands4-1314Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth

Command Line Interface4-1324Dynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following criteria:• Ports must

Link Aggregation Commands4-1334lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

Command Line Interface4-1344lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default set

Link Aggregation Commands4-1354lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to re

Command Line Interface4-1364Default Setting 0Command Mode Interface Configuration (Port Channel)Command Usage • Ports are only allowed to join the sam

Link Aggregation Commands4-1374Example show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbor

Initial Configuration2-42• When the stack is initially powered on, the Master unit is designated as unit 1 for a ring topology. For a line topology, t

Command Line Interface4-1384Console#show lacp 1 internalPort channel: 1-------------------------------------------------------------------------Oper K

Link Aggregation Commands4-1394Console#show lacp 1 neighborsPort channel 1 neighbors------------------------------------------------------------------

Command Line Interface4-1404Console#show lacp sysidPort Channel System Priority System MAC Address---------------------------------------------

Mirror Port Commands4-1414Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis comma

Command Line Interface4-1424Example The following example configures the switch to mirror all packets from port 6 to 11:show port monitorThis command

Rate Limit Commands4-1434Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic transmitted or received o

Command Line Interface4-1444Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands4-1454Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this com

Command Line Interface4-1464show mac-address-tableThis command shows classes of entries in the bridge-forwarding database.Syntax show mac-address-tabl

Address Table Commands4-1474mac-address-table aging-timeThis command sets the aging time for entries in the address table. Use the no form to restore

Stack Operations2-52operations. However, note that the IP address will be the same for any common VLANs (with active port connections) that appear in

Command Line Interface4-1484Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Spanning Tree Commands4-1494spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Command Line Interface4-1504members may be inadvertently disabled to prevent network loops, thus isolating group members. When operating multiple VLAN

Spanning Tree Commands4-1514Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., disc

Command Line Interface4-1524spanning-tree max-ageThis command configures the spanning tree bridge maximum age globally for this switch. Use the no for

Spanning Tree Commands4-1534Default Setting 32768Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device,

Command Line Interface4-1544spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutive RSTP/

Spanning Tree Commands4-1554mst vlanThis command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no f

Command Line Interface4-1564Default Setting 32768Command Mode MST ConfigurationCommand Usage • MST priority is used in selecting the root bridge and a

Spanning Tree Commands4-1574revisionThis command configures the revision number for this multiple spanning tree configuration of this switch. Use the

September, 2006

Initial Configuration2-62• All user-initiated commands to configure the non-functioning units are dropped. The master unit, however, will be able to c

Command Line Interface4-1584specify the maximum number of bridges that will propagate a BPDU. Each bridge decrements the hop count by one before passi

Spanning Tree Commands4-1594• Fast Ethernet – half duplex: 200,000; full duplex: 100,000; trunk: 50,000• Gigabit Ethernet – full duplex: 10,000; trunk

Command Line Interface4-1604Related Commandsspanning-tree cost (4-158)spanning-tree edge-portThis command specifies an interface as an edge port. Use

Spanning Tree Commands4-1614Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, po

Command Line Interface4-1624• RSTP only works on point-to-point links between two bridges. If you designate a port as a shared link, RSTP is forbidden

Spanning Tree Commands4-1634Example Related Commandsspanning-tree mst port-priority (4-163)spanning-tree mst port-priorityThis command configures the

Command Line Interface4-1644spanning-tree protocol-migrationThis command re-checks the appropriate BPDU format to send on the selected interface. Synt

Spanning Tree Commands4-1654Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the s

Command Line Interface4-1664show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privil

VLAN Commands4-1674VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the s

Basic Configuration2-72Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both default

Command Line Interface4-1684bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] bridge-ext gvr

VLAN Commands4-1694switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefault Setting Disab

Command Line Interface4-1704garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ def

VLAN Commands4-1714show garp timerThis command shows the GARP timers for the selected interface.Syntax show garp timer [interface]interface • ethernet

Command Line Interface4-1724Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes

VLAN Commands4-1734Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.Related Commands show v

Command Line Interface4-1744Related Commandsshutdown (4-125)switchport modeThis command configures the VLAN membership mode for a port. Use the no for

VLAN Commands4-1754Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage When set to receive all frame types, any received frames

Command Line Interface4-1764switchport native vlanThis command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the

VLAN Commands4-1774Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • A port, or a trunk with switchport mode set to hybrid,

Initial Configuration2-82Assigning an IPv4 AddressBefore you can assign an IP address to the switch, you must obtain the following information from yo

Command Line Interface4-1784Command Usage • This command prevents a VLAN from being automatically added to the specified interface via GVRP.• If a VLA

VLAN Commands4-1794Example The following example shows how to display information for VLAN 1:Configuring Private VLANsPrivate VLANs provide port-based

Command Line Interface4-1804ExampleThis example enables the private VLAN, and then sets port 12 as the uplink and ports 5-8 as the downlinks.show pvla

VLAN Commands4-1814Configuring Protocol-based VLANsThe network devices required to support multiple protocols cannot be easily grouped into a common V

Command Line Interface4-1824• protocol - Protocol type. The only option for the llc_other frame type is ipx_raw. The options for all other frames type

VLAN Commands4-1834- If the frame is untagged but the protocol type does not match, the frame is forwarded to the default VLAN for this interface.Exam

Command Line Interface4-1844Command Mode Privileged ExecExample This shows that traffic entering Port 1 that matches the specifications for protocol g

Class of Service Commands4-1854queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (C

Command Line Interface4-1864switchport priority defaultThis command sets a priority for incoming untagged frames. Use the no form to restore the defau

Class of Service Commands4-1874queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority qu

Basic Configuration2-92To configure an IPv6 link local address for the switch, complete the following steps:1. From the Global Configuration mode prom

Command Line Interface4-1884Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing fo

Class of Service Commands4-1894show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority qu

Command Line Interface4-1904Priority Commands (Layer 3 and 4)This section describes commands used to configure Layer 3 and Layer 4 traffic prior-ity o

Class of Service Commands4-1914map ip port (Interface Configuration)This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form

Command Line Interface4-1924Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface Configuratio

Class of Service Commands4-1934map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mappin

Command Line Interface4-1944Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not spe

Class of Service Commands4-1954Default SettingNoneCommand Mode Privileged ExecExample The following shows that HTTP traffic has been mapped to CoS val

Command Line Interface4-1964Example Related Commands map ip precedence (Global Configuration) (4-191)map ip precedence (Interface Configuration) (4-19

Quality of Service Commands4-1974Related Commands map ip dscp (Global Configuration) (4-193)map ip dscp (Interface Configuration) (4-193)Quality of Se

Initial Configuration2-102To generate an IPv6 global unicast address for the switch using a general network prefix, complete the following steps:1. Fr

Command Line Interface4-1984any traffic that exceeds the specified rate, or just reduce the DSCP service level for traffic exceeding the specified rat

Quality of Service Commands4-1994matchThis command defines the criteria used to classify traffic. Use the no form to delete the matching criteria.Synt

Command Line Interface4-2004policy-mapThis command creates a policy map that can be attached to multiple interfaces, and enters Policy Map configurati

Quality of Service Commands4-2014Command Mode Policy Map ConfigurationCommand Usage • Use the policy-map command to specify a policy map and enter Pol

Command Line Interface4-2024Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “rd_cla

Quality of Service Commands4-2034Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “r

Command Line Interface4-2044show class-mapThis command displays the QoS class maps which define matching criteria used for classifying traffic.Syntax

Multicast Filtering Commands4-2054Exampleshow policy-map interfaceThis command displays the service policy assigned to the specified interface.Syntax

Command Line Interface4-2064IGMP Snooping CommandsThis section describes commands used to configure IGMP snooping on the switch. ip igmp snoopingThis

Multicast Filtering Commands4-2074Command Mode Global ConfigurationExample The following shows how to statically configure a multicast group on a port

Basic Configuration2-112Dynamic ConfigurationObtaining an IPv4 AddressIf you select the “bootp” or “dhcp” option, IP will be enabled but will not func

Command Line Interface4-2084Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-178 for a description of the displayed items.

Multicast Filtering Commands4-2094IGMP Query CommandsThis section describes commands used to configure Layer 2 IGMP query on the switch. ip igmp snoop

Command Line Interface4-2104Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier waits f

Multicast Filtering Commands4-2114ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore t

Command Line Interface4-2124Command Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this command to take effect.Example The foll

Multicast Filtering Commands4-2134Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier

Command Line Interface4-2144Domain Name Service CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually con

Domain Name Service Commands4-2154Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If mor

Command Line Interface4-2164Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-216)ip name-server (4-217)i

Domain Name Service Commands4-2174ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-

Initial Configuration2-122Obtaining an IPv6 AddressLink Local Address — There are several ways to dynamically configure IPv6 addresses. The simplest m

Command Line Interface4-2184ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4

Domain Name Service Commands4-2194Related Commands ip domain-name (4-215)ip name-server (4-217)show hostsThis command displays the static host name-to

Command Line Interface4-2204show dns cacheThis command displays entries in the DNS cache.Command Mode Privileged ExecExample clear dns cacheThis comma

IP Interface Commands4-2214IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. An IPv4 address for

Command Line Interface4-2224ip address This command sets the IPv4 address for the currently selected VLAN interface. Use the no form to restore the de

IP Interface Commands4-2234periodically by this device in an effort to learn its IP address. (BOOTP and DHCP values can include the IP address, defaul

Command Line Interface4-2244Example The following example defines a default gateway for this device:Related Commands show ip redirects (4-225)ipv6 def

IP Interface Commands4-2254Example Related Commands show ip redirects (4-225)show ipv6 interface (4-234)show ip redirectsThis command shows the IPv4 d

Command Line Interface4-2264Command Usage • Use the ping command to see if another site on the network can be reached. • The following are some result

IP Interface Commands4-2274address to modified EUI-64 format (see page 4-231). This address type makes the switch accessible over IPv6 for all devices

Basic Configuration2-1322. From the interface prompt, type “ipv6 address autoconfig” and press <Enter>.Enabling SNMP Management Access The switc

Command Line Interface4-2284Default Setting No general prefix is definedCommand Mode Global ConfigurationCommand Usage • Prefixes may contain zero-val

IP Interface Commands4-2294ipv6 address This command configures an IPv6 global unicast address and enables IPv6 on an interface. Use the no form witho

Command Line Interface4-2304Example This example uses the general network prefix of 2009:DB9:2229::/48 used in an earlier example, and then specifies

IP Interface Commands4-2314• If a duplicate address is detected, a warning message is sent to the console.• If the router advertisements have the “oth

Command Line Interface4-2324Default Setting No IPv6 addresses are definedCommand Mode Interface Configuration (VLAN)Command Usage • If a link local ad

IP Interface Commands4-2334Example This example uses the general network prefix of 2001:0DB8:0:1::/64 used in an earlier example, and specifies that t

Command Line Interface4-2344• You can configure multiple IPv6 global unicast addresses per interface, but only one link-local address per interface.•

IP Interface Commands4-2354Example This example displays all the IPv6 addresses configured for the switch.Console#show ipv6 interfaceVlan 1 is upIPv6

Command Line Interface4-2364This example displays a brief summary of IPv6 addresses configured on the switch.Related Commands show ip interface (4-224

IP Interface Commands4-2374Related Commands show ipv6 default-gateway (4-237)ip default-gateway (4-223)show ipv6 default-gatewayThis command displays

Initial Configuration2-142The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objec

Command Line Interface4-2384Related Commands show ipv6 mtu (4-238)jumbo frame (4-24)show ipv6 mtuThis command displays the maximum transmission unit (

IP Interface Commands4-2394show ipv6 trafficThis command displays statistics about IPv6 traffic passing through this switch.Command Mode Normal Exec,

Command Line Interface4-2404 router solicit 0 router advert 0 redirects 0 neighbor solici

IP Interface Commands4-2414hop count exceeded Number of packets discarded because its time-to-live (TTL) field was decremented to zero. unknown protoc

Command Line Interface4-2424Ipv6 mcastmcast received The number of multicast packets received by the interface.mcast sent The number of multicast pack

IP Interface Commands4-2434router solicit The number of ICMP Router Solicit messages received by the interface.router advert The number of ICMP Router

Command Line Interface4-2444clear ipv6 traffic This command resets IPv6 traffic counters.Command Mode Privileged ExecCommand Usage This command resets

IP Interface Commands4-2454ping ipv6 This command sends ICMP echo request packets to an IPv6 node on the network.ping ipv6 address {ipv6-address | hos

Command Line Interface4-2464Example Related Commands ping (4-225)ipv6 neighbor This command configures a static entry in the IPv6 neighbor discovery c

IP Interface Commands4-2474converted to a static entry. Static entries in the IPv6 neighbor discovery cache are not modified if subsequently detected

Managing System Files2-152Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a v

Command Line Interface4-2484performed on the interface’s link-local address, the other IPv6 addresses remain in a “tentative” state. If no duplicate l

IP Interface Commands4-2494Default Setting 1000 milliseconds is used for neighbor discovery operationsCommand Mode Interface Configuration (VLAN)Comma

Command Line Interface4-2504show ipv6 neighborsThis command displays information in the IPv6 neighbor discovery cache.Syntax show ipv6 neighbors [vlan

IP Interface Commands4-2514Related Commands show mac-address-table (4-146)clear ipv6 neighborsThis command deletes all dynamic entries in the IPv6 nei

Command Line Interface4-2524

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS+, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Li

Software SpecificationsA-2AQuality of ServiceDiffServ supports class maps, policy maps, and service policiesMulticast Filtering IGMP SnoopingAdditiona

Management Information BasesA-3AIGMP (RFC 1112)IGMPv2 (RFC 2236)IPv4 IGMP (RFC 3228)RADIUS+ (RFC 2618)RMON (RFC 2819 groups 1,2,3,9)SNMP (RFC 1157)SNM

Software SpecificationsA-4ASNMP Community MIB (RFC 3584)TACACS+ Authentication Client MIBTCP MIB (RFC 2012)Trap (RFC 1215)UDP MIB (RFC 2013)

B-1Appendix B: TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

vContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-5Chapter 2: Initial Configuration 2-1

Initial Configuration2-162• Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test).Due to the size limi

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2Extended Universal Identifier (EUI) An address format used by IPv6 to identify the host portion of the network address. The interfac

Glossary-3GlossaryIEEE 802.1QVLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to differ

GlossaryGlossary-4IP Multicast FilteringA process whereby this switch can pass multicast traffic along to participating hosts.IP PrecedenceThe Type of

Glossary-5GlossaryPort AuthenticationSee IEEE 802.1X.Port MirroringA method whereby data on a target port is mirrored to a monitor port for troublesho

GlossaryGlossary-6Secure Shell (SSH)A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographi

Glossary-7GlossaryUser Datagram Protocol (UDP)UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport

GlossaryGlossary-8

Index-1Numerics802.1X, port authentication 3-74, 4-93Aacceptable frame type 3-152, 4-174Access Control List See ACLACLExtended IP (IPv4) 3-83, 3-85,

Managing System Files2-172To save the current configuration settings, enter the following command:1. From the Privileged Exec mode prompt, type “copy

Index-2IndexFfirmwaredisplaying version 3-11, 4-23upgrading 3-28, 4-26GGARP VLAN Registration Protocol See GVRPgateway, IPv4 default 3-14, 4-223gate

Index-3IndexMmain menu 3-4Management Information Bases (MIBs) A-3mirror port, configuring 3-112, 4-141MSTP 4-149global settings 3-136, 4-148interface

Index-4Indexport priority 3-133, 4-159protocol migration 3-136, 4-164transmission limit 3-129, 4-154standards, IEEE A-2startup filescreating 3-31, 4-2

SF-2420GXE092006-CS-R01150xxxxxxxxx

Initial Configuration2-182

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Navigating the Web Browser Interface3-53SNMP 3-44Configuration Configures community strings and related trap functions 3-46Agent Status Enables or dis

Configuring the Switch3-63Trunk Configuration Configures trunk connection settings 3-97Trunk Membership Specifies ports to group into static trunks 3

Navigating the Web Browser Interface3-73Trunk Information Displays trunk settings for a specified MST instance 3-140Port Configuration Configures port

ContentsviDisplaying Switch Hardware/Software Versions 3-11Displaying Bridge Extension Capabilities 3-13Setting the Switch’s IP Address (IP Version

Configuring the Switch3-83IP Port Priority Status Globally enables or disables IP Port Priority 3-168IP Port Priority Sets TCP/UDP port priority, de

Basic Configuration3-93Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location and

Configuring the Switch3-103Web – Click System, System Information. Specify the system name, location, and contact information for the system administr

Basic Configuration3-113CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Infor

Configuring the Switch3-123• Role – Shows that this switch is operating as Master or Slave.These additional parameters are displayed for the CLI.• Uni

Basic Configuration3-133Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filterin

Configuring the Switch3-143CLI – Enter the following command. Setting the Switch’s IP Address (IP Version 4)This section describes how to configure an

Basic Configuration3-153• MAC Address – The physical layer address for this switch.Manual ConfigurationWeb – Click System, IP Configuration. Select th

Configuring the Switch3-163Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the stack to be dynamically configured by

Basic Configuration3-173CLI – Enter the following command to restart DHCP service.Setting the Switch’s IP Address (IP Version 6)This section describes

ContentsviiConfiguring Port Security 3-72Configuring 802.1X Port Authentication 3-74Displaying 802.1X Global Settings 3-75Configuring 802.1X Globa

Configuring the Switch3-183- Or you can include a general prefix for the network portion of the address (as described under “Configuring an IPv6 Gener

Basic Configuration3-193• Manual Configuration – Manually configures an IPv6 address. • IPv6 Address – An IPv6 address can be configured in any of the

Configuring the Switch3-203• EUI-64 (Extended Universal Identifier) – Configures an IPv6 address for an interface using an EUI-64 interface ID in the

Basic Configuration3-213A node is also required to compute and join the associated solicited-node multicast addresses for every unicast and anycast ad

Configuring the Switch3-223CLI – This example configures an IPv6 gateway, specifies the management interface, configures a global unicast address, and

Basic Configuration3-233Web – Click System, IPv6 Configuration, IPv6 General Prefix. Click Add to open the editing fields for a prefix entry. Enter a

Configuring the Switch3-243- Duplicate address detection determines if a new unicast IPv6 address already exists on the network before it is assigned

Basic Configuration3-253- PROBE - A reachability confirmation is actively sought by resending neighbor solicitation messages every RetransTimer interv

Configuring the Switch3-263Web – Click System, IPv6 Configuration, IPv6 ND Neighbor. To configure the Neighbor Detection protocol settings, select a V

Basic Configuration3-273operating at full duplex, all switches in the network between the two end nodes must be able to accept the extended frame size

ContentsviiiDisplaying Basic VLAN Information 3-146Displaying Current VLANs 3-147Creating VLANs 3-148Adding Static Members to VLANs (VLAN Index) 3

Configuring the Switch3-283Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to repla

Basic Configuration3-293To delete a file select System, File Management, Delete. Select the file name from the given list by checking the tick box and

Configuring the Switch3-303Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server, or copy fil

Basic Configuration3-313Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set it

Configuring the Switch3-323CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the swit

Basic Configuration3-333• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match th

Configuring the Switch3-343CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the cur

Basic Configuration3-353• Password2 – Specifies a password for the line connection. When a connection is started on a line with password protection, t

Configuring the Switch3-363Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that

Basic Configuration3-373Web – Click System, Logs, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flas

ContentsixConsole Connection 4-1Telnet Connection 4-1Entering Commands 4-3Keywords and Arguments 4-3Minimum Abbreviation 4-3Command Completion 4

Configuring the Switch3-383Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Add

Basic Configuration3-393Displaying Log MessagesUse the Logs page to scroll through the logged system and event messages. The switch can store up to 20

Configuring the Switch3-403• SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to connect to the other li

Basic Configuration3-413CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify

Configuring the Switch3-423CLI – This example renumbers all units in the stack.Resetting the SystemWeb – Click System, Reset. Click the Reset button t

Basic Configuration3-433Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply.Figure 3-25 SNTP ConfigurationCLI –

Configuring the Switch3-443Web – Select SNTP, Clock Time Zone. Set the offset for your time zone relative to the UTC, and click Apply.Figure 3-26 Cl

Simple Network Management Protocol3-453The SNMPv3 security structure consists of security models, with each model having it’s own security levels. The

Configuring the Switch3-463Enabling the SNMP AgentEnables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command AttributesSNMP

Simple Network Management Protocol3-473Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Acces