Edge-Core ES3528M-SFP Guia de Instalação

Powered by Acctonwww.edge-core.comManagement GuideES3528M-SFPFast Ethernet Switch

ContentsivSetting Static Addresses 3-133Displaying the Address Table 3-134Changing the Aging Time 3-136Spanning Tree Algorithm Configuration 3-1

Configuring the Switch3-503• Type – Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view.Web

User Authentication3-513User AuthenticationYou can configure this switch to authenticate users logging into the system for management access using loc

Configuring the Switch3-523Web – Click Security, User Accounts. To configure a new user account, specify a user name, select the user’s access level,

User Authentication3-533Configuring Local/Remote Logon AuthenticationUse the Authentication Settings menu to restrict management access based on speci

Configuring the Switch3-543Command Attributes• Authentication – Select the authentication, or authentication sequence required:- Local – User authenti

User Authentication3-553Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentica

Configuring the Switch3-563CLI – Specify all the required parameters to enable logon authentication.Console(config)#authentication login radius 4-91Co

User Authentication3-573Configuring Encryption KeysThe Encryption Key feature provides a central location for the management of all RADIUS and TACACS+

Configuring the Switch3-583AAA Authorization and AccountingThe Authentication, authorization, and accounting (AAA) feature provides the main framework

User Authentication3-593Configuring AAA RADIUS Group SettingsThe AAA RADIUS Group Settings screen defines the configured RADIUS servers to use for acc

ContentsvSelecting the Queue Mode 3-195Setting the Service Weight for Traffic Classes 3-195Layer 3/4 Priority Settings 3-196Mapping Layer 3/4 Prior

Configuring the Switch3-603Web – Click Security, AAA, TACACS+ Group Settings. Enter the TACACS+ group name, followed by the number of the server, then

User Authentication3-613Web – Click Security, AAA, Accounting, Settings. To configure a new accounting method, specify a method name and a group name,

Configuring the Switch3-623AAA Accounting UpdateThis feature sets the interval at which accounting updates are sent to accounting servers.Command Attr

User Authentication3-633Web – Click Security, AAA, Accounting, 802.1X Port Settings. Enter the required accounting method and click Apply. Figure 3-40

Configuring the Switch3-643Web – Click Security, AAA, Accounting, Command Privileges. Enter a defined method name for console and Telnet privilege lev

User Authentication3-653AAA Accounting Exec SettingsThis feature specifies a method name to apply to console and Telnet connections.Command Attributes

Configuring the Switch3-663Web – Click Security, AAA, Summary. Figure 3-43 AAA Accounting SummaryCLI – Use the following command to display the curre

User Authentication3-673Authorization SettingsAAA authorization is a feature that verifies a user has access to specific services.Command Attributes•

Configuring the Switch3-683Authorization EXEC SettingsThis feature specifies an authorization method name to apply to console and Telnet connections.C

User Authentication3-693Web – Click Security, AAA, Authorization, Summary. Figure 3-46 AAA Authorization SummaryConfiguring HTTPSYou can configure th

ContentsviCluster Member Configuration 3-242Cluster Member Information 3-243Cluster Candidate Information 3-243UPnP 3-245UPnP Configuration 3-245C

Configuring the Switch3-703•Change HTTPS Port Number – Specifies the UDP port number used for HTTPS connection to the switch’s web interface. (Default

User Authentication3-713• Source Certificate File Name – Specifies the name of certificate file as stored on the TFTP server.• Source Private File Nam

Configuring the Switch3-723SSH-enabled management station clients, and ensures that data traveling over the network arrives unaltered.Note: You need t

User Authentication3-7334. Set the Optional Parameters – On the SSH Settings page, configure the optional parameters, including the authentication tim

Configuring the Switch3-743Configuring the SSH ServerThe SSH server includes basic settings for authentication.Field Attributes• SSH Server Status – A

User Authentication3-753CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the

Configuring the Switch3-763Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save th

User Authentication3-773not exist on the switch, SSH will revert to the interactive password authentication mechanism to complete authentication.Field

Configuring the Switch3-783Web – Click Security, SSH, SSH User Public-Key Settings. Select the user name and the public-key type from the respective d

User Authentication3-793CLI – This example imports an SSHv2 DSA public key for the user admin and then displays admin’s imported public keys.Console#c

Contentsviireload 4-23reload cancel 4-23show reload 4-24end 4-24exit 4-25quit 4-25System Management Commands 4-26Device Designation Commands 4-26p

Configuring the Switch3-803Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC

User Authentication3-813Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox i

Configuring the Switch3-823This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with

User Authentication3-833Displaying 802.1X Global SettingsThe 802.1X protocol provides client authentication.Command Attributes• 802.1X System Authenti

Configuring the Switch3-843Web – Select Security, 802.1X, Configuration. Enable 802.1X globally for the switch, and click Apply. Figure 3-54 802.1X G

User Authentication3-853• Re-authentication Period – Sets the time period after which a connected client must be re-authenticated. (Range: 1-65535 sec

Configuring the Switch3-863CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this examp

User Authentication3-873Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Table 3-7 802.1X St

Configuring the Switch3-883Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the stati

User Authentication3-893Notes: 1. MAC authentication, web authentication, 802.1X, and port security cannot be configured together on the same port. On

Contentsviiiip ssh save host-key 4-51show ip ssh 4-51show ssh 4-52show public-key 4-53Event Logging Commands 4-54logging on 4-54logging history

Configuring the Switch3-903CLI – This example globally enables the system authentication control, configures the session timeout, quiet period and log

User Authentication3-913CLI – This example enables web authentication for ethernet port 1/5 and displays a summary of web authentication parameters. D

Configuring the Switch3-923Web – Click Security, Web Authentication, Port Information.Figure 3-59 Web Authentication Port InformationCLI – This examp

User Authentication3-933CLI – This example forces the re-authentication of all hosts connected to port 1/5. Network Access – MAC Address Authenticatio

Configuring the Switch3-943Configuring the MAC Authentication Reauthentication TimeMAC address authentication is configured on a per-port basis, howev

User Authentication3-953• Maximum MAC Count – Sets the maximum number of MAC addresses that can be authenticated on a port. The maximum number of MAC

Configuring the Switch3-963CLI – This example configures MAC authentication for port 1.Configuring Port Link DetectionThe Port Link Detection feature

User Authentication3-973Web – Click Security, Network Access, Port Link Detection Configuration. Modify the Status, Condition and Action. Click Apply.

Configuring the Switch3-983• Attribute – Indicates a static or dynamic address.• Remove – Click the Remove button to remove selected MAC addresses fro

Access Control Lists3-993• Status – Indicates whether MAC Authentication is enabled or disabled for the port. See “Configuring MAC Authentication for

Contentsixjumbo frame 4-83Flash/File Commands 4-84copy 4-84delete 4-87dir 4-88whichboot 4-89boot system 4-89Authentication Commands 4-90Authentica

Configuring the Switch3-1003Configuring Access Control ListsAn ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC a

Access Control Lists3-1013 Figure 3-66 Selecting ACL TypeCLI – This example creates a standard IP ACL named david.Configuring a Standard IP ACLComman

Configuring the Switch3-1023 Figure 3-67 Configuring Standard IP ACLsCLI – This example configures one permit rule for the specific address 10.1.1.21

Access Control Lists3-1033• Control Code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0

Configuring the Switch3-1043Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type

Access Control Lists3-1053Configuring a MAC ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Source/Destin

Configuring the Switch3-1063Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type

Access Control Lists3-1073Command Attributes• Port – Fixed port or SFP module. (Range: 1-28)• IP – Specifies the IP ACL to bind to a port.• MAC – Spec

Configuring the Switch3-1083an entry to a filter list, access to that interface is restricted to the specified addresses.• If anyone tries to access a

Access Control Lists3-1093Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an inter

Contentsxdot1x port-control 4-113dot1x operation-mode 4-114dot1x re-authenticate 4-114dot1x re-authentication 4-115dot1x timeout quiet-period 4-1

Configuring the Switch3-1103Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the c

Port Configuration3-1113Field Attributes (CLI)Basic Information:• Port type – Indicates the port type. (100BASE-FX, 1000BASE-T, or SFP)• MAC address –

Configuring the Switch3-1123CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configurat

Port Configuration3-1133(Default: Autonegotiation enabled; Advertised capabilities for 100BASE-FX – 100full; 1000BASE-T – 10half, 10full, 100half, 1

Configuring the Switch3-1143Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk

Port Configuration3-1153Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of different

Configuring the Switch3-1163CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switc

Port Configuration3-1173Command Attributes • Member List (Current) – Shows configured trunks (Port).• New – Includes entry fields for creating new tru

Configuring the Switch3-1183CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another

Port Configuration3-1193- System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a

Contentsxiip access-group 4-142show ip access-group 4-143MAC ACLs 4-143access-list mac 4-144permit, deny (MAC ACL) 4-145show mac access-list 4

Configuring the Switch3-1203CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG.Disp

Port Configuration3-1213Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 3-77

Configuring the Switch3-1223Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for

Port Configuration3-1233Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-78

Configuring the Switch3-1243Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state fo

Port Configuration3-1253CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel

Configuring the Switch3-1263Web – Click Port, Port/Trunk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and cl

Port Configuration3-1273Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then at

Configuring the Switch3-1283Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic received on a port

Port Configuration3-1293Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs

ContentsxiiLink Aggregation Commands 4-180channel-group 4-181lacp 4-182lacp system-priority 4-183lacp admin-key (Ethernet Interface) 4-184lacp ad

Configuring the Switch3-1303Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been

Port Configuration3-1313Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of good f

Configuring the Switch3-1323Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at

Address Table Settings3-1333CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices.

Configuring the Switch3-1343Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Address Table Settings3-1353Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Configuring the Switch3-1363Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Stat

Spanning Tree Algorithm Configuration3-1373ports, and disables all other ports. Network packets are therefore only forwarded between root ports and de

Configuring the Switch3-1383MSTP then builds a Internal Spanning Tree (IST) for the Region containing all commonly configured MSTP bridges.An MST Regi

Spanning Tree Algorithm Configuration3-1393• Bridge ID – A unique identifier for this bridge, consisting of the bridge priority and MAC address (where

Contentsxiiishow lldp info remote-device 4-213show lldp info statistics 4-213UPnP Commands 4-215upnp device 4-215upnp device ttl 4-216upnp devi

Configuring the Switch3-1403configuration message), a new root port is selected from among the device ports attached to the network. (References to “p

Spanning Tree Algorithm Configuration3-1413Note: The current root port and current root cost display as zero when this device is not connected to the

Configuring the Switch3-1423• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the hig

Spanning Tree Algorithm Configuration3-1433• Transmission Limit – The maximum transmission rate for BPDUs is specified by setting the minimum interval

Configuring the Switch3-1443CLI – This example enables Spanning Tree Protocol, sets the mode to RSTP, and then configures the STA and RSTP parameters.

Spanning Tree Algorithm Configuration3-1453by auto-detection, as described for Admin Link Type in STA Port Configuration on page 3-147.• Oper Edge Por

Configuring the Switch3-1463Algorithm is detecting network loops. Where more than one port is assigned the highest priority, the port with the lowest

Spanning Tree Algorithm Configuration3-1473CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RST

Configuring the Switch3-1483Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numer

Spanning Tree Algorithm Configuration3-1493Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes,

Contentsxivvlan database 4-242vlan 4-243Configuring VLAN Interfaces 4-244interface vlan 4-244switchport mode 4-245switchport acceptable-frame-type

Configuring the Switch3-1503Command Attributes• MST Instance – Instance identifier of this spanning tree. (Default: 0)• Priority – The priority of a s

Spanning Tree Algorithm Configuration3-1513CLI – This example sets STA attributes for port 1, followed by settings for each port.Displaying Interface

Configuring the Switch3-1523Web – Click Spanning Tree, MSTP, Port or Trunk Information. Select the required MST instance to display the current spanni

Spanning Tree Algorithm Configuration3-1533CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for insta

Configuring the Switch3-1543- Discarding – Port receives STA configuration messages, but does not forward packets.- Learning – Port has transmitted co

VLAN Configuration3-1553Web – Click Spanning Tree, MSTP, Port Configuration or Trunk Configuration. Enter the priority and path cost for an interface,

Configuring the Switch3-1563This switch supports the following VLAN features:• Up to 255 VLANs based on the IEEE 802.1Q standard• Distributed VLAN lea

VLAN Configuration3-1573Untagged VLANs – Untagged (or static) VLANs are typically used to reduce broadcast traffic and to increase security. A group o

Configuring the Switch3-1583Forwarding Tagged/Untagged FramesIf you want to create a small port-based VLAN for devices attached directly to a single s

VLAN Configuration3-1593Displaying Basic VLAN InformationThe VLAN Basic Information page displays basic information on the VLAN type supported by the

Contentsxvmatch 4-274policy-map 4-275class 4-276set 4-277police 4-277service-policy 4-278show class-map 4-279show policy-map 4-279show policy-map in

Configuring the Switch3-1603• Status – Shows how this VLAN was added to the switch.- Dynamic GVRP: Automatically learned via GVRP.- Permanent: Added a

VLAN Configuration3-1613CLI – Current VLAN information can be displayed with the following command.Creating VLANsUse the VLAN Static List to create or

Configuring the Switch3-1623Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbo

VLAN Configuration3-1633Command Attributes• VLAN – ID of configured VLAN (1-4093).• Name – Name of the VLAN (1 to 32 characters).• Status – Enables or

Configuring the Switch3-1643Figure 3-98 Configuring a VLAN Static TableCLI – The following example adds tagged and untagged ports to VLAN 2.Adding St

VLAN Configuration3-1653Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN id

Configuring the Switch3-1663or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-3000

VLAN Configuration3-1673CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP

Configuring the Switch3-1683processing. When the packet exits another trunk port on the same core switch, the same SPVLAN tag is again added to the pa

VLAN Configuration3-16935. If the egress port is an untagged member of the SPVLAN, the outer tag will be stripped. If it is a tagged member, the outgo

Contentsxvishow ip igmp profile 4-302show ip igmp throttle interface 4-303Multicast VLAN Registration Commands 4-304mvr (Global Configuration) 4-3

Configuring the Switch3-1703Configuration Limitations for QinQ• The native VLAN of uplink ports should not be used as the SPVLAN. If the SPVLAN is the

VLAN Configuration3-1713Identifier (TPID) value of the tunnel port if the attached client is using a nonstandard 2-byte ethertype to identify 802.1Q t

Configuring the Switch3-1723CLI – This example sets the switch to operate in QinQ mode.Adding an Interface to a QinQ TunnelFollow the guidelines in th

VLAN Configuration3-1733Web – Click VLAN, 802.1Q VLAN, 802.1Q Tunnel Configuration or Tunnel Trunk Configuration. Set the mode for a tunnel access por

Configuring the Switch3-1743contains promiscuous ports that can communicate with all other ports in the private VLAN group, while a secondary (or com

VLAN Configuration3-1753Web – Click VLAN, Private VLAN, Information. Select the desired port from the VLAN ID drop-down menu.Figure 3-103 Private VLA

Configuring the Switch3-1763Web – Click VLAN, Private VLAN, Configuration. Enter the VLAN ID number, select Primary, Isolated or Community type, then

VLAN Configuration3-1773CLI – This example associates community VLANs 6 and 7 with primary VLAN 5.Displaying Private VLAN Interface InformationUse the

Configuring the Switch3-1783CLI – This example shows the switch configured with primary VLAN 5 and community VLAN 6. Port 3 has been configured as a p

VLAN Configuration3-1793Web – Click VLAN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Type for each port that will joi

ContentsxviiAppendix B: Troubleshooting B-1Problems Accessing the Management Interface B-1Using System Logs B-2GlossaryIndex

Configuring the Switch3-1803• Frame Type – Choose either Ethernet, RFC 1042, or LLC Other as the frame type used by this protocol. • Protocol Type – S

Link Layer Discovery Protocol3-1813Web – Click VLAN, Protocol VLAN, System Configuration.Figure 3-109 Protocol VLAN System ConfigurationCLI – This ex

Configuring the Switch3-1823Command Attributes• LLDP – Enables LLDP globally on the switch. (Default: Enabled)• Transmission Interval – Configures the

Link Layer Discovery Protocol3-1833critical to the timely startup of LLDP, and therefore integral to the rapid availability of Emergency Call Service.

Configuring the Switch3-1843Command Attributes• Admin Status – Enables LLDP message transmit and receive modes for LLDP Protocol Data Units. (Options:

Link Layer Discovery Protocol3-1853configure the system name, see “Displaying System Information” on page 3-12.- System Capabilities – The system capa

Configuring the Switch3-1863CLI – This example sets the interface to both transmit and receive LLDP messages, enables SNMP trap messages, enables MED

Link Layer Discovery Protocol3-1873CLI – This example displays LLDP information for the local switch.This example displays detailed information for a

Configuring the Switch3-1883CLI – This example displays LLDP information for remote devices attached to this switch which are advertising information

Link Layer Discovery Protocol3-1893CLI – This example displays LLDP information for an LLDP-enabled remote device attached to a specific port on this

Contentsxviii

Configuring the Switch3-1903CLI – This example displays LLDP statistics received from all LLDP-enabled remote devices connected directly to this switc

Class of Service Configuration3-1913CLI – This example displays detailed LLDP statistics for an LLDP-enabled remote device attached to a specific port

Configuring the Switch3-1923Command Attributes• Default Priority12 – The priority that is assigned to untagged frames received on the specified interf

Class of Service Configuration3-1933Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p. The default priority levels

Configuring the Switch3-1943Web – Click Priority, Traffic Classes. The current mapping of CoS values to output queues is displayed. Assign priorities

Class of Service Configuration3-1953Web – Click Priority, Traffic Classes Status.Figure 3-119 Enable Traffic ClassesSelecting the Queue ModeYou can s

Configuring the Switch3-1963Values to Egress Queues” on page 3-192, the traffic classes are mapped to one of the eight egress queues provided for each

Class of Service Configuration3-1973a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.Because differ

Configuring the Switch3-1983Mapping DSCP PriorityThe DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP reta

Quality of Service3-1993CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1)

xixTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-6Table 3-1 Configuration Options 3-3Table 3-2 Main Menu 3-4Table 3-3 Logging Levels

Configuring the Switch3-20032. You should create a Class Map before creating a Policy Map. Otherwise, you will not be able to select a Class Map from

Quality of Service3-2013• Add Class – Opens the “Class Configuration” page. Enter a class name and description on this page, and click Add to open the

Configuring the Switch3-2023Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing cl

Quality of Service3-2033Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Command Usage • To configu

Configuring the Switch3-2043Policy Rule Settings- Class Settings -• Class Name – Name of class map.• Action – Shows the service provided to ingress tr

Quality of Service3-2053Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. T

Configuring the Switch3-2063CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522

VoIP Traffic Configuration3-2073VoIP Traffic ConfigurationWhen IP telephony is deployed in an enterprise network, it is recommended to isolate the Voi

Configuring the Switch3-2083Web – Click QoS, VoIP Traffic Setting, Configuration. Enable Auto Detection, specify the Voice VLAN ID, the set the Voice

VoIP Traffic Configuration3-2093address OUI numbers must be configured in the Telephony OUI list so that the switch recognizes the traffic as being fr

TablesxxTable 4-28 File Directory Information 4-88Table 4-29 Authentication Commands 4-90Table 4-30 Authentication Sequence 4-90Table 4-31 RADIUS C

Configuring the Switch3-2103CLI – This example configures VoIP traffic settings for port 2 and displays the current Voice VLAN status.Console(config)#

VoIP Traffic Configuration3-2113Configuring Telephony OUIVoIP devices attached to the switch can be identified by the manufacturer’s Organizational Un

Configuring the Switch3-2123Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A

Multicast Filtering3-2133these sources are all placed in the Include list, and traffic is forwarded to the hosts from each of these sources. IGMPv3 ho

Configuring the Switch3-2143the multicast filtering table is already full, the switch will continue flooding the traffic into the VLAN.• IGMP Querier

Multicast Filtering3-2153Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default setti

Configuring the Switch3-2163is determined by the IGMP Query Report Delay (see “Configuring IGMP Snooping and Query Parameters” on page 3-213).• If imm

Multicast Filtering3-2173support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned

Configuring the Switch3-2183• Port or Trunk – Specifies the interface attached to a multicast router.Web – Click IGMP Snooping, Static Multicast Route

Multicast Filtering3-2193Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from

TablesxxiTable 4-74 Multicast Filtering Commands 4-287Table 4-75 IGMP Snooping Commands 4-287Table 4-76 IGMP Query Commands (Layer 2) 4-292Table 4-

Configuring the Switch3-2203• Multicast IP – The IP address for a specific multicast service• Port or Trunk – Specifies the interface attached to a mu

Multicast Filtering3-2213IGMP throttling sets a maximum number of multicast groups that a port can join at the same time. When the maximum number of g

Configuring the Switch3-2223CLI – This example enables IGMP filtering and creates a profile number. It then displays the current status and the existi

Multicast Filtering3-2233Web – Click IGMP Snooping, IGMP Filter Profile Configuration. Select the profile number you want to configure; then click Que

Configuring the Switch3-2243• An IGMP profile or throttling setting can also be applied to a trunk interface. When ports are configured as trunk membe

Multicast VLAN Registration3-2253CLI – This example assigns IGMP profile number 19 to port 1, and then sets the throttling number and action. The curr

Configuring the Switch3-2263General Configuration Guidelines for MVR1. Enable MVR globally on the switch, select the MVR VLAN, and add the multicast g

Multicast VLAN Registration3-2273• MVR Running Status – Indicates whether or not all necessary conditions in the MVR environment are satisfied.• MVR V

Configuring the Switch3-2283• MVR Status – Shows the MVR status. MVR status for source ports is “ACTIVE” if MVR is globally enabled on the switch. MVR

Multicast VLAN Registration3-2293Web – Click MVR, Group IP Information.Figure 3-141 MVR Group IP InformationCLI – This example following shows inform

Tablesxxii

Configuring the Switch3-2303• Immediate leave applies only to receiver ports. When enabled, the receiver port is immediately removed from the multicas

Multicast VLAN Registration3-2313CLI – This example configures an MVR source port and receiver port, and then enables immediate leave on the receiver

Configuring the Switch3-2323CLI – This example statically assigns a multicast group to a receiver port.DHCP SnoopingDHCP snooping allows a switch to p

DHCP Snooping3-2333If the DHCP snooping is globally disabled, all dynamic bindings are removed from the binding table.Additional considerations when t

Configuring the Switch3-2343Web – Click DHCP Snooping, VLAN Configuration. Figure 3-145 DHCP Snooping VLAN ConfigurationCLI – This example first enab

DHCP Snooping3-2353Web – Click DHCP Snooping, Information Option Configuration. Figure 3-146 DHCP Snooping Information Option ConfigurationCLI – This

Configuring the Switch3-2363CLI – This example shows how to enable the DHCP Snooping Trust Status for ports.DHCP Snooping Binding InformationDisplays

IP Source Guard3-2373IP Source GuardIP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured e

Configuring the Switch3-2383CLI – This example shows how to enable IP source guard on port 5.Static IP Source Guard Binding ConfigurationAdds a static

IP Source Guard3-2393Web – Click IP Source Guard, Static Configuration. Figure 3-150 Static IP Source Guard Binding ConfigurationCLI – This example s

xxiiiFiguresFigure 3-1 Home Page 3-2Figure 3-2 Panel Display 3-3Figure 3-3 System Information 3-12Figure 3-4 Switch Information 3-14Figure 3-5 Bri

Configuring the Switch3-2403Web – Click IP Source Guard, Dynamic Information. Figure 3-151 Dynamic IP Source Guard Binding InformationCLI – This exam

IP Clustering3-2413switches only become cluster Members when manually selected by the administrator through the management station.After the Commander

Configuring the Switch3-2423Web – Click Cluster, Configuration. Figure 3-153 Cluster ConfigurationCLI – This example first enables clustering on the

IP Clustering3-2433CLI – This example creates a new cluster Member by specifying the Candidate switch MAC address and setting a Member ID.Cluster Memb

Configuring the Switch3-2443Web – Click Cluster, Candidate Information. Figure 3-156 Cluster Candidate InformationCLI – This example shows informatio

UPnP3-2453UPnPUniversal Plug and Play (UPnP) is a set of protocols that allows devices to connect seamlessly and simplifies the deployment of home and

Configuring the Switch3-2463CLI – This example enables UPnP, sets the device advertise duration to 200 seconds, the device TTL to 6, and displays info

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24Telnet ConnectionTelnet operates over the IP transport protocol. In this environment, your management station and any networ

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Management GuideFast Ethernet SwitchLayer 2 Workgroup Switchwith 24 100BASE-BX (SFP) Ports, 2 1000BASE-T (RJ-45)and 2 Combination Gigabit (RJ-45/SFP)

FiguresxxivFigure 3-43 AAA Accounting Summary 3-66Figure 3-44 AAA Authorization Settings 3-67Figure 3-45 AAA Authorization Exec Settings 3-68Figure

Command Line Interface4-44display a list of valid keywords for a specific command. For example, the command “show ?” displays a list of possible show

Entering Commands4-54The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword w

Command Line Interface4-64current mode. The command classes and associated modes are displayed in the following table:Exec CommandsWhen you open a new

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

Command Line Interface4-84For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mo

Entering Commands4-94Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

Command Line Interface4-104Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command GroupsComman

Line Commands4-114The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration) MST (Mult

Command Line Interface4-124lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

Line Commands4-134- login selects authentication by a single global password as specified by the password line configuration command. When using this

FiguresxxvFigure 3-88 Configuring Spanning Tree 3-143Figure 3-89 Displaying Spanning Tree Port Information 3-146Figure 3-90 Configuring Spanning Tre

Command Line Interface4-144during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually co

Line Commands4-154Syntax exec-timeout [seconds]no exec-timeout seconds - Integer that specifies the number of seconds. (Range: 0-65535 seconds; 0: no

Command Line Interface4-164Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of

Line Commands4-174Syntax databits {7 | 8}no databits• 7 - Seven data bits per character. • 8 - Eight data bits per character. Default Setting 8 data b

Command Line Interface4-184Example To specify no parity, enter this command:speedThis command sets the terminal line’s baud rate. This command sets bo

Line Commands4-194Example To specify 2 stop bits, enter this command:disconnectThis command terminates an SSH, Telnet, or console connection.Syntax di

Command Line Interface4-204Example To show all lines, enter this command:General CommandsenableThis command activates Privileged Exec mode. In privile

General Commands4-214The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. Enter level 15 to access Privileged Exec mod

Command Line Interface4-224configureThis command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. Y

General Commands4-234The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and

FiguresxxviFigure 3-133 Static Multicast Router Port Configuration 3-218Figure 3-134 IP Multicast Registration Table 3-219Figure 3-135 IGMP Member P

Command Line Interface4-244Default Setting NoneCommand Mode Privileged ExecExample This example shows how to cancel a configured delayed reset of the

General Commands4-254exitThis command returns to the previous configuration mode or exit the configuration program.Default Setting NoneCommand Mode An

Command Line Interface4-264System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration opti

System Management Commands4-274Command Mode Global ConfigurationExample hostnameThis command specifies or modifies the host name for this device. Use

Command Line Interface4-284banner configureThis command allows the administrator to interactively specify administrative information for this device.S

System Management Commands4-294Example banner configure companyThis command allows the administrator to configure the company information displayed in

Command Line Interface4-304Command Usage The user-entered data cannot contain spaces. The banner configure company command interprets spaces as data i

System Management Commands4-314Syntaxbanner configure department dept-nameno banner configure companydept-name - The name of the department. (Maximum

Command Line Interface4-324Command Usage The user-entered data cannot contain spaces. The banner configure equipment-info command interprets spaces as

System Management Commands4-334ip-mask - The IP address and subnet mask of the device. (Maximum length: 32 characters)Default Setting NoneCommand Mode

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-344banner configure manager-infoThis command allows the administrator to configure the manager contact information displayed i

System Management Commands4-354no banner configure muxmuxinfo - The circuit and PVC to which the switch is connected. (Maximum length: 32 characters)D

Command Line Interface4-364Example show bannerThis command displays all banner information.Syntaxshow bannerDefault Setting NoneCommand ModeNormal Exe

System Management Commands4-374User Access CommandsThe basic commands required for management access are listed in this section. This switch also incl

Command Line Interface4-384Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encry

System Management Commands4-394Related Commandsenable (4-20)authentication enable (4-92)IP Filter CommandsmanagementThis command specifies the client

Command Line Interface4-404• You can delete an address range just by specifying the start address, or by specifying both the start address and end add

System Management Commands4-414Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no

Command Line Interface4-424Example Related Commandsip http port (4-41)ip http secure-serverThis command enables the secure hypertext transfer protocol

System Management Commands4-434Example Related Commandsip http secure-port (4-43)copy tftp https-certificate (4-84)ip http secure-portThis command spe

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Command Line Interface4-444Telnet Server Commandsip telnet portThis command specifies the TCP port number used by the Telnet interface. Use the no for

System Management Commands4-454Related Commandsip telnet port (4-44)Secure Shell CommandsThe Berkley-standard includes remote access tools originally

Command Line Interface4-464The SSH server on this switch supports both password and public key authentication. If password authentication is specified

System Management Commands4-474corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this p

Command Line Interface4-484ip ssh timeoutThis command configures the timeout for the SSH server. Use the no form to restore the default setting.Syntax

System Management Commands4-494Example Related Commandsshow ip ssh (4-51)ip ssh server-key sizeThis command sets the SSH server key size. Use the no f

Command Line Interface4-504Example ip ssh crypto host-key generateThis command generates the host key pair (i.e., public and private). Syntax ip ssh c

System Management Commands4-514Command Mode Privileged ExecCommand Usage • This command clears the host key from volatile memory (RAM). Use the no ip

Command Line Interface4-524Example show sshThis command displays the current SSH server connections.Command Mode Privileged ExecExample Console#show i

System Management Commands4-534show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [u

Description of Software Features1-31Rate Limiting – This feature controls the maximum rate for traffic received on an interface. Rate limiting is conf

Command Line Interface4-544Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to switch

System Management Commands4-554logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the lo

Command Line Interface4-564logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to remove

System Management Commands4-574logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved

Command Line Interface4-584Related Commandsshow logging (4-58)show loggingThis command displays the configuration settings for logging messages to loc

System Management Commands4-594The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-63)show logThis

Command Line Interface4-604ExampleThe following example shows sample messages stored in RAM.SMTP Alert CommandsThese commands configure SMTP event han

System Management Commands4-614Command Mode Global ConfigurationCommand Usage • You can specify up to three SMTP servers for event handing. However, y

Command Line Interface4-624logging sendmail source-emailThis command sets the email address used for the “From” field in alert messages. Use the no fo

System Management Commands4-634logging sendmailThis command enables SMTP event handling. Use the no form to disable this function.Syntax[no] logging s

Introduction1-41seconds or more for the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate w

Command Line Interface4-644Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining

System Management Commands4-654Command Usage • The time acquired from time servers is used to record accurate dates and times for log events. Without

Command Line Interface4-664Example Related Commandssntp client (4-64)sntp poll (4-66)show sntp (4-66)sntp pollThis command sets the interval between s

System Management Commands4-674Example ntp clientThis command enables NTP client requests for time synchronization from NTP time servers specified wit

Command Line Interface4-684ntp serverThis command sets the IP addresses of the servers to which NTP time requests are issued. Use the no form of the c

System Management Commands4-694ntp pollThis command sets the interval between sending time requests when the switch is set to NTP client mode. Use the

Command Line Interface4-704Example Related Commandsntp authentication-key (4-70)ntp authentication-keyThis command configures authentication keys and

System Management Commands4-714show ntpThis command displays the current time and configuration settings for the NTP client, and indicates whether or

Command Line Interface4-724Command Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mea

System Management Commands4-734clock summer-time (date)This command allows the user to manually configure the start, end, and offset times of summer-t

Description of Software Features1-51Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interf

Command Line Interface4-744Example Related Commandsshow sntp (4-66)clock summer-time (predefined)This command configures the summer time (daylight sav

System Management Commands4-754Related Commandsshow sntp (4-66)clock summer-time (recurring)This command allows the user to manually configure the sta

Command Line Interface4-764Example Related Commandsshow sntp (4-66)calendar setThis command sets the system clock. It may be used if there is no time

System Management Commands4-774System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile memory tha

Command Line Interface4-784Example Related Commandsshow running-config (4-78)show running-configThis command displays the configuration information c

System Management Commands4-794is separated by “!” symbols, and includes the configuration mode command, and corresponding commands. This command disp

Command Line Interface4-804Example Related Commandsshow startup-config (4-77)Console#show running-configbuilding startup-config, please wait...!phym

System Management Commands4-814show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecComman

Command Line Interface4-824Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index

System Management Commands4-834Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Synt

Introduction1-61System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch d

Command Line Interface4-844• Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second. (See the swi

Flash/File Commands4-854• https-certificate - Copies an HTTPS certificate from an TFTP server to the switch.• public-key - Keyword that allows you to

Command Line Interface4-864Example The following example shows how to upload the configuration settings to a file on the TFTP server:The following exa

Flash/File Commands4-874This example shows how to copy a public-key used by SSH from a TFTP server. Note that public key authentication via SSH is onl

Command Line Interface4-884dirThis command displays a list of files in flash memory.Syntax dir [unit:] {{boot-rom: | config: | opcode:} [:filename]}Th

Flash/File Commands4-894whichbootThis command displays which files were booted when the system powered up.Syntax whichboot [unit]unit - Stack unit. (R

Command Line Interface4-904ExampleRelated Commandsdir (4-88)whichboot (4-89) Authentication Commands You can configure this switch to authenticate use

Authentication Commands4-914authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the de

Command Line Interface4-924authentication enableThis command defines the authentication method and precedence to use when changing from Exec command m

Authentication Commands4-934RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software run

System Defaults1-71Port Configuration Admin Status EnabledAuto-negotiation EnabledFlow Control DisabledRate Limiting Input limits DisabledPort Trunkin

Command Line Interface4-944radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply to each

Authentication Commands4-954Default Setting 1813Command Mode Global ConfigurationExample radius-server auth-portThis command sets the RADIUS server ne

Command Line Interface4-964Example radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radi

Authentication Commands4-974show radius-server This command displays the current settings for the RADIUS server.Default Setting NoneCommand Mode Privi

Command Line Interface4-984Syntax [no] tacacs-server index host {host_ip_address} [port port_number] [timeout timeout] [retransmit retransmit] [key ke

Authentication Commands4-994Example tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to restore the default.Syntax tacac

Command Line Interface4-1004tacacs-server timeoutThis command sets the interval between transmitting authentication requests to the TACACS+ server. Us

Authentication Commands4-1014AAA CommandsThe Authentication, authorization, and accounting (AAA) feature provides the main framework for configuring a

Command Line Interface4-1024Example serverThis command adds a security server to an AAA server group. Use the no form to remove the associated server

Authentication Commands4-1034- radius - Specifies all RADIUS hosts configure with the radius-server host command described on page 4-94.- tacacs+ - Sp

ES3528M-SFPE012008-DG-R01149100035500A

Introduction1-81System Log Status EnabledMessages Logged Levels 0-6 (all)Messages Logged to Flash Levels 0-3SMTP Email Alerts Event Handler Enabled (b

Command Line Interface4-1044- radius - Specifies all RADIUS hosts configure with the radius-server host command described on page 4-94.- tacacs+ - Spe

Authentication Commands4-1054- tacacs+ - Specifies all TACACS+ hosts configure with the tacacs-server host command described on page 4-97.- server-gro

Command Line Interface4-1064Example accounting dot1xThis command applies an accounting method for 802.1X service requests on an interface. Use the no

Authentication Commands4-1074Example accounting commandsThis command applies an accounting method to entered CLI commands. Use the no form to disable

Command Line Interface4-1084- tacacs+ - Specifies all TACACS+ hosts configure with the tacacs-server host command described on page 4-97.- server-grou

Authentication Commands4-1094Example show accountingThis command displays the current accounting settings per function and per port.Syntax show accoun

Command Line Interface4-1104Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch s

Authentication Commands4-1114Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it ha

Command Line Interface4-1124dot1x system-auth-controlThis command enables 802.1X port authentication globally on the switch. Use the no form to restor

Authentication Commands4-1134dot1x max-reqThis command sets the maximum number of times the switch port will retransmit an EAP request/identity packet

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-1144dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use th

Authentication Commands4-1154Command ModePrivileged ExecExampledot1x re-authenticationThis command enables periodic re-authentication globally for all

Command Line Interface4-1164dot1x timeout re-authperiodThis command sets the time period after which a connected client must be re-authenticated. Synt

Authentication Commands4-1174dot1x intrusion-actionThis command sets the port’s response to a failed authentication, either to block all traffic, or t

Command Line Interface4-1184- Status – Administrative state for port access control.- Operation Mode – Dot1x port control operation mode (page 4-114).

Authentication Commands4-1194- Identifier(Server) – Identifier carried in the most recent EAP Success, Failure or Request packet received from the Aut

Command Line Interface4-1204Network Access – MAC Address AuthenticationThe Network Access feature controls host access to the network by authenticatin

Authentication Commands4-1214Default Setting DisabledCommand Mode Interface Configuration Command Usage• When enabled on a port interface, the authent

Command Line Interface4-1224count - The maximum number of authenticated MAC addresses allowed. (Range: 1 to 2048; 0 for unlimited)Default Setting 2048

Authentication Commands4-1234Default Setting1024Command ModeInterface ConfigExamplenetwork-access dynamic-qosUse this command to enable the dynamic Qo

Initial Configuration2-22• Configure up to 8 static or LACP trunks• Enable port mirroring• Set broadcast storm control on any port• Display system inf

Command Line Interface4-1244• The VLAN settings specified by the first authenticated MAC address are implemented for a port. Other authenticated MAC a

Authentication Commands4-1254Default SettingDisabledCommand ModeInterface ConfigurationExamplenetwork-access link-detection link-downUse this command

Command Line Interface4-1264Command ModeInterface ConfigurationExamplenetwork-access link-detection link-up-downUse this command to configure the link

Authentication Commands4-1274Command Usage • The reauthentication time is a global setting and applies to all ports.• When the reauthentication time e

Command Line Interface4-1284Default Setting Displays the settings for all interfaces.Command Mode Privileged ExecExample show network-access mac-addre

Authentication Commands4-1294Command Usage When using a bit mask to filter displayed MAC addresses, a 1 means "care" and a 0 means "don

Command Line Interface4-1304web-auth login-attemptsThis command defines the limit for failed web authentication login attempts. After the limit is rea

Authentication Commands4-1314fail-url - The URL to which a host is directed after a failed web authentication attempt.Default SettingNoneCommand ModeG

Command Line Interface4-1324success-url - The URL to which a host is directed after a successful web authentication login.Default SettingNoneCommand M

Authentication Commands4-1334timeout - The amount of time that an authenticated session remains valid. (Range: 300-3600 seconds)Default Setting3600 se

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-1344Command UsageBoth web-auth system-auth-control for the switch and web-auth for an interface must be enabled for the web au

Authentication Commands4-1354Command ModePrivileged ExecExample web-auth re-authenticate (Port)This command ends all web authentication sessions conne

Command Line Interface4-1364Default SettingNoneCommand ModePrivileged ExecExample show web-auth summaryThis command displays a summary of web authenti

Authentication Commands4-1374Example Console#show web-auth summaryGlobal Web-Auth Parameters System Auth Control : EnabledPort Status

Command Line Interface4-1384Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol,

Access Control List Commands4-1394IP ACLs access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP

Command Line Interface4-1404Related Commandspermit, deny 4-140ip access-group (4-142)show ip access-list (4-142)permit, deny (Standard ACL) This comma

Access Control List Commands4-1414Syntax[no] {permit | deny} [protocol-number | udp] {any | source address-bitmask | host source} {any | destination a

Command Line Interface4-1424This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set for destination TCP port 80

Access Control List Commands4-1434Command ModeInterface Configuration (Ethernet)Command Usage• A port can only be bound to one ACL.• If a port is alre

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-1444access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the s

Access Control List Commands4-1454permit, deny (MAC ACL)This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC sourc

Command Line Interface4-1464Default SettingNoneCommand ModeMAC ACLCommand Usage• New rules are added to the end of the list.•The ethertype option can

Access Control List Commands4-1474mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the port.Syntaxmac access-group ac

Command Line Interface4-1484ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined masks.Com

SNMP Commands4-1494SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well a

Command Line Interface4-1504snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use t

SNMP Commands4-1514Examplesnmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specifi

Command Line Interface4-1524• private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects.Command Mod

SNMP Commands4-1534Command Mode Global ConfigurationExample Related Commandssnmp-server contact (4-152)snmp-server host This command specifies the rec

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1544• SNMP Version: 1• UDP Port: 162Command Mode Global ConfigurationCommand Usage • If you do not enter an snmp-server host c

SNMP Commands4-1554supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notifications.•

Command Line Interface4-1564conjunction with the corresponding entries in the Notify View assigned by the snmp-server group command (page 4-159).Examp

SNMP Commands4-1574• A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the l

Command Line Interface4-1584snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP vi

SNMP Commands4-1594show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis command ad

Command Line Interface4-1604Default Setting • Default groups: public19 (read only), private20 (read/write)• readview - Every object belonging to the I

SNMP Commands4-1614Group Name: publicSecurity Model: v2cRead View: defaultviewWrite View: noneNotify View: noneStorage Type: volatileRow Status: activ

Command Line Interface4-1624snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify

SNMP Commands4-1634Default Setting None Command Mode Global ConfigurationCommand Usage • The SNMP engine ID is used to compute the authentication/priv

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1644show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngin

SNMP Commands4-1654

Command Line Interface4-1664Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link

Interface Commands4-1674Example To specify port 24, enter the following command:descriptionThis command adds a description to an interface. Use the no

Command Line Interface4-1684• When auto-negotiation is disabled, the default speed-duplex setting for both 100BASE-FX and Gigabit Ethernet ports is 10

Interface Commands4-1694Example The following example configures port 11 to use autonegotiation.Related Commands capabilities (4-169)speed-duplex (4-1

Command Line Interface4-1704Example The following example configures Ethernet port 25 capabilities to 100half, 100full and flow control.Related Comman

Interface Commands4-1714ExampleThe following example enables flow control on port 5.Related Commands negotiation (4-168)capabilities (flowcontrol, sym

Command Line Interface4-1724switchport packet-rateThis command configures broadcast and multicast and unknown unicast storm control. Use the no form t

Interface Commands4-1734Command Mode Privileged ExecCommand Usage Statistics are only initialized for a power reset. This command sets the base value

Basic Configuration2-72The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

Command Line Interface4-1744Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]int

Interface Commands4-1754Example show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.

Command Line Interface4-1764Example This example shows the configuration setting for port 24. Console#show interfaces switchport ethernet 1/24 Broadca

Mirror Port Commands4-1774Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis comma

Command Line Interface4-1784Example The following example configures the switch to mirror received packets from port 6 to 11:show port monitorThis com

Rate Limit Commands4-1794Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic received on an interface.

Command Line Interface4-1804Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of

Link Aggregation Commands4-1814Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding

Command Line Interface4-1824Example The following example creates trunk 1 and then adds port 11:lacpThis command enables 802.3ad Link Aggregation Cont

Link Aggregation Commands4-1834ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other en

Initial Configuration2-82Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a vi

Command Line Interface4-1844Command Mode Interface Configuration (Ethernet)Command Usage • Port must be configured with the same system priority to jo

Link Aggregation Commands4-1854• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Confi

Command Line Interface4-1864lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lacp {

Link Aggregation Commands4-1874Default Setting Port Channel: allCommand Mode Privileged ExecExampleConsole#show lacp 1 countersPort channel : 1 ------

Command Line Interface4-1884Table 4-53 show lacp internal - display descriptionField DescriptionOper Key Current operational value of the key for

Link Aggregation Commands4-1894Table 4-54 show lacp neighbors - display descriptionField DescriptionPartner Admin System ID LAG partner’s system I

Command Line Interface4-1904Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands4-1914Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this com

Command Line Interface4-1924• sort - Sort by address, vlan or interface. Default Setting NoneCommand Mode Privileged ExecCommand Usage • The MAC Addre

LLDP Commands4-1934Example show mac-address-table aging-timeThis command shows the aging time for entries in the address table.Default Setting NoneCom

Managing System Files2-92Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, w

Command Line Interface4-1944lldp reinit-delay Configures the delay before attempting to re-initialize after LLDP ports are disabled or the link goes d

LLDP Commands4-1954lldpThis command enables LLDP globally on the switch. Use the no form to disable LLDP.Syntax[no] lldpDefault SettingEnabledCommand

Command Line Interface4-1964Command ModeGlobal ConfigurationCommand UsageThe time-to-live tells the receiving LLDP agent how long to retain all inform

LLDP Commands4-1974Default Setting5 secondsCommand ModeGlobal ConfigurationCommand Usage• This parameter only applies to SNMP applications which use d

Command Line Interface4-1984lldp reinit-delayThis command configures the delay before attempting to re-initialize after LLDP ports are disabled or the

LLDP Commands4-1994• This attribute must comply with the following rule:(4 * tx-delay) ≤ refresh-intervalExamplelldp admin-statusThis command enables

Command Line Interface4-2004the LLDP MIB (IEEE 802.1AB), or organization-specific LLDP-EXT-DOT1 and LLDP-EXT-DOT3 MIBs.• SNMP trap destinations are de

LLDP Commands4-2014Examplelldp basic-tlv management-ip-addressThis command configures an LLDP-enabled port to advertise the management address for thi

Command Line Interface4-2024Syntax[no] lldp basic-tlv port-descriptionDefault SettingEnabledCommand ModeInterface Configuration (Ethernet, Port Channe

LLDP Commands4-2034Syntax[no] lldp basic-tlv system-descriptionDefault SettingEnabledCommand ModeInterface Configuration (Ethernet, Port Channel)Comma

vAbout This GuidePurposeThis guide gives specific information on how to operate and use the management functions of the switch.AudienceThe guide is in

Initial Configuration2-102

Command Line Interface4-2044Syntax[no] lldp dot1-tlv proto-identDefault SettingEnabledCommand ModeInterface Configuration (Ethernet, Port Channel)Comm

LLDP Commands4-2054Default SettingEnabledCommand ModeInterface Configuration (Ethernet, Port Channel)Command UsageThe port’s default VLAN identifier (

Command Line Interface4-2064Default SettingEnabledCommand ModeInterface Configuration (Ethernet, Port Channel)Command UsageThis option advertises link

LLDP Commands4-2074Default SettingEnabledCommand ModeInterface Configuration (Ethernet, Port Channel)Command UsageRefer to “Frame Size Commands” on pa

Command Line Interface4-2084Default SettingEnabledCommand ModeInterface Configuration (Ethernet, Port Channel)Command UsageThis option advertises exte

LLDP Commands4-2094Default SettingEnabledCommand ModeInterface Configuration (Ethernet, Port Channel)Command UsageThis option advertises location iden

Command Line Interface4-2104Command ModeInterface Configuration (Ethernet, Port Channel)Command UsageThis option advertises network policy configurati

LLDP Commands4-2114ExampleConsole#show lldp configLLDP Global Configuation LLDP Enable : Yes LLDP Transmit interval : 30 LLDP Hold

Command Line Interface4-2124show lldp info local-deviceThis command shows LLDP global and interface-specific configuration settings for this device.Sy

LLDP Commands4-2134show lldp info remote-deviceThis command shows LLDP global and interface-specific configuration settings for remote devices attache

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

Command Line Interface4-2144• detail - Shows detailed information.• interface• ethernet unit/port- unit - Stack unit. (Range: 1)- port - Port number.

UPnP Commands4-2154UPnP CommandsUniversal Plug and Play (UPnP) is a set of protocols that allows devices to connect seamlessly and simplifies the depl

Command Line Interface4-2164upnp device ttl This command sets the time-to-live (TTL) value for sending of UPnP messages from the device.Syntax upnp de

Spanning Tree Commands4-2174Related Commandsupnp device ttl (4-216)show upnpThis command displays the UPnP management status and time out settings.Com

Command Line Interface4-2184spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Spanning Tree Commands4-2194an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations o

Command Line Interface4-2204• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must configure a rela

Spanning Tree Commands4-2214spanning-tree hello-timeThis command configures the spanning tree bridge hello time globally for this switch. Use the no f

Command Line Interface4-2224ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA

Spanning Tree Commands4-2234no spanning-tree pathcost method• long - Specifies 32-bit based values that range from 1-200,000,000. This method is based

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-2244• No VLANs are mapped to any MST instance.• The region name is set the switch’s MAC address.Command Mode Global Configurat

Spanning Tree Commands4-2254Example mst priorityThis command configures the priority of a spanning tree instance. Use the no form to restore the defau

Command Line Interface4-2264MST ConfigurationCommand Usage The MST region name and revision number (page 4-226) are used to designate a unique MST reg

Spanning Tree Commands4-2274hop-number - Maximum hop number for multiple spanning tree. (Range: 1-40)Default Setting 20Command Mode MST ConfigurationC

Command Line Interface4-2284cost - The path cost for the port. (Range: 0 for auto-configuration, or 1-200,000,000)The recommended range is:• Ethernet:

Spanning Tree Commands4-2294Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the priority for the use of a port in

Command Line Interface4-2304Related Commandsspanning-tree portfast (4-230)spanning-tree portfastThis command sets an interface to fast forwarding. Use

Spanning Tree Commands4-2314spanning-tree link-typeThis command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree. Use the n

Command Line Interface4-23249.3.4 (Note 1).• Port Loopback Detection will not be active if Spanning Tree is disabled on the switch.Example spanning-tr

Spanning Tree Commands4-2334spanning-tree loopback-detection trapThis command enables SNMP trap notification for Spanning Tree loopback BPDU detection

Panel Display3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a pa

Command Line Interface4-2344• Each spanning-tree instance is associated with a unique set of VLAN IDs. • This command is used by the multiple spanning

Spanning Tree Commands4-2354spanning-tree mst cost (4-233)spanning-tree protocol-migrationThis command re-checks the appropriate BPDU format to send o

Command Line Interface4-2364Command Mode Privileged ExecCommand Usage •Use the show spanning-tree command with no parameters to display the spanning t

Spanning Tree Commands4-2374show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privil

Command Line Interface4-2384VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong

VLAN Commands4-2394bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] bridge-ext gvrpDefault

Command Line Interface4-2404switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefault Sett

VLAN Commands4-2414garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default valu

Command Line Interface4-2424Syntax show garp timer [interface]interface • ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number. (Ra

VLAN Commands4-2434Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Command Line Interface4-2444Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.Related Comman

VLAN Commands4-2454Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLA

Command Line Interface4-2464switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restor

VLAN Commands4-2474Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Ingress filtering only affects tagged frames.• With in

Command Line Interface4-2484switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the defau

VLAN Commands4-2494Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1:switchport forbid

Command Line Interface4-2504Displaying VLAN Informationshow vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name | pr

VLAN Commands4-2514Configuring IEEE 802.1Q TunnelingIEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers

Command Line Interface4-2524Default Setting DisabledCommand Mode Global ConfigurationCommand Usage QinQ tunnel mode must be enabled on the switch for

VLAN Commands4-2534switchport dot1q-tunnel tpidThis command sets the Tag Protocol Identifier (TPID) value of a tunnel port. Use the no form to restore

Main Menu3-53Remote Engine ID Sets the SNMP v3 engine ID for a remote device 3-43Users Configures SNMP v3 users on this switch 3-43Remote Users Config

Command Line Interface4-2544ExampleRelated Commandsswitchport dot1q-tunnel mode (4-252)Configuring Private VLANsPrivate VLANs provide port-based secur

VLAN Commands4-2554To configure primary/secondary associated groups, follow these steps:1. Use the private-vlan command to designate one or more commu

Command Line Interface4-2564private-vlanUse this command to create a primary, community, or isolated private VLAN. Use the no form to remove the speci

VLAN Commands4-2574no private-vlan primary-vlan-id association• primary-vlan-id - ID of primary VLAN.(Range: 1-4092, no leading zeroes).• secondary-vl

Command Line Interface4-2584• To assign a promiscuous port or host port to an isolated VLAN, use the switchport private-vlan isolated command. Exampl

VLAN Commands4-2594Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel) Command UsageHost ports assigned to a isolated VL

Command Line Interface4-2604Syntaxshow vlan private-vlan [community | isolated | primary]• community – Displays all community VLANs, along with their

VLAN Commands4-2614Configuring Protocol-based VLANsThe network devices required to support multiple protocols cannot be easily grouped into a common V

Command Line Interface4-2624• group-id - Group identifier of this protocol group. (Range: 1-2147483647)• frame1 - Frame type used by this protocol. (O

VLAN Commands4-2634applied to tagged frames. - If the frame is untagged and the protocol type matches, the frame is forwarded to the appropriate VLAN.

Configuring the Switch3-63Information Displays global configuration settings for 802.1X Port authentication3-83Configuration Configures the global c

Command Line Interface4-2644This shows that traffic matching the specifications for protocol group 2 will be mapped to VLAN 2:Priority CommandsThe com

Priority Commands4-2654queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) prio

Command Line Interface4-2664Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero.Comma

Priority Commands4-2674Command Mode Global ConfigurationCommand Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights

Command Line Interface4-2684Command Usage • CoS values assigned at the ingress port are also used at the egress port.• This command sets the CoS prior

Priority Commands4-2694Example show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interface •

Command Line Interface4-2704Syntax [no] map ip dscpDefault Setting DisabledCommand Mode Global ConfigurationCommand Usage • The precedence for priorit

Priority Commands4-2714Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP DSCP, an

Command Line Interface4-2724Example Related Commands map ip dscp (Global Configuration) (4-269)map ip dscp (Interface Configuration) (4-270)Quality of

Quality of Service Commands4-2734To create a service policy for a specific category of ingress traffic, follow these steps:1. Use the class-map comman

Main Menu3-73Port Neighbors Information Displays settings and operational state for the remote side 3-124Port Broadcast Control Sets the broadcast sto

Command Line Interface4-2744• The class map is used with a policy map (page 4-275) to create a service policy (page 4-278) for a specific interface th

Quality of Service Commands4-2754This example creates a class map call “rd_class#2,” and sets it to match packets marked for IP Precedence service val

Command Line Interface4-2764classThis command defines a traffic classification upon which a policy can act, and enters Policy Map Class configuration

Quality of Service Commands4-2774setThis command services IP traffic by setting a CoS, DSCP, or IP Precedence value in a matching packet (as specified

Command Line Interface4-2784Policy Map Class ConfigurationCommand Usage • You can configure up to 64 policers (i.e., meters or class maps) for each of

Quality of Service Commands4-2794Example This example applies a service policy to an ingress interface.show class-mapThis command displays the QoS cla

Command Line Interface4-2804Exampleshow policy-map interfaceThis command displays the service policy assigned to the specified interface.Syntax show p

Voice VLAN Commands4-2814voice vlanThis command enables VoIP traffic detection and defines the Voice VLAN ID. Use the no form to disable the Voice VLA

Command Line Interface4-2824voice vlan agingThis command sets the Voice VLAN ID time out. Use the no form to restore the default.Syntaxvoice vlan agin

Voice VLAN Commands4-2834Command Usage• VoIP devices attached to the switch can be identified by the manufacturer’s Organizational Unique Identifier (

Configuring the Switch3-83GVRP Status Enables GVRP on the switch 3-158802.1Q Tunnel ConfigurationEnables 802.1Q (QinQ) Tunneling 3-170Basic Informatio

Command Line Interface4-2844switchport voice vlan ruleThis command selects a method for detecting VoIP traffic on a port. Use the no form to disable t

Voice VLAN Commands4-2854Command Usage• Security filtering discards any non-VoIP packets received on the port that are tagged with voice VLAN ID. VoIP

Command Line Interface4-2864show voice vlanThis command displays the Voice VLAN settings on the switch and the OUI Telephony list.Syntaxshow voice vla

Multicast Filtering Commands4-2874Multicast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol) to query for any attached hos

Command Line Interface4-2884ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp snoop

Multicast Filtering Commands4-2894ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Sy

Command Line Interface4-2904Command Usage • The IGMP snooping leave-proxy feature suppresses all unnecessary IGMP leave messages so that the non-queri

Multicast Filtering Commands4-2914show ip igmp snoopingThis command shows the IGMP snooping configuration.Default Setting NoneCommand Mode Privileged

Command Line Interface4-2924Example The following shows the multicast entries learned through IGMP snooping for VLAN 1:IGMP Query Commands (Layer 2)Th

Multicast Filtering Commands4-2934Exampleip igmp snooping query-countThis command configures the query count. Use the no form to restore the default.S

Main Menu3-93Remote Port Information Displays LLDP information about a remote device connected to a port on this switch3-187Remote Trunk Information D

Command Line Interface4-2944Default Setting 125 secondsCommand Mode Global ConfigurationExample The following shows how to configure the query interva

Multicast Filtering Commands4-2954ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the de

Command Line Interface4-2964ip igmp snooping vlan mrouterThis command statically configures a multicast router port. Use the no form to remove the con

Multicast Filtering Commands4-2974Command Usage Multicast router port types displayed include Static.Example The following shows that port 11 in VLAN

Command Line Interface4-2984ip igmp filter (Global Configuration)This command globally enables IGMP filtering and throttling on the switch. Use the no

Multicast Filtering Commands4-2994Command Usage A profile defines the multicast groups that a subscriber is permitted or denied to join. The same prof

Command Line Interface4-3004Command Mode IGMP Profile ConfigurationCommand Usage Enter this command multiple times to specify more than one multicast

Multicast Filtering Commands4-3014number - The maximum number of multicast groups an interface can join at the same time. (Range: 0-64)Default Setting

Command Line Interface4-3024Example show ip igmp filterThis command displays the global and interface settings for IGMP filtering. Syntax show ip igmp

Multicast Filtering Commands4-3034Example show ip igmp throttle interfaceThis command displays the interface settings for IGMP throttling.Syntax show

vi

Configuring the Switch3-103Static Multicast Router Port ConfigurationAssigns ports that are attached to a neighboring multicast router 3-217IP Multica

Command Line Interface4-3044Multicast VLAN Registration CommandsThis section describes commands used to configure Multicast VLAN Registration (MVR). A

Multicast VLAN Registration Commands4-3054Command Usage •Use the mvr group command to statically configure all multicast group addresses that will joi

Command Line Interface4-3064Command Usage • A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave mu

Multicast VLAN Registration Commands4-3074show mvr This command shows information about the global MVR configuration settings when entered without any

Command Line Interface4-3084The following displays information about the interfaces attached to the MVR VLAN:The following shows information about the

IP Interface Commands4-3094IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for

Command Line Interface4-3104• If you select the bootp or dhcp option, IP is enabled but will not function until a BOOTP or DHCP reply has been receive

IP Interface Commands4-3114ip dhcp restart This command submits a BOOTP or DHCP client request.Default Setting NoneCommand Mode Privileged ExecCommand

Command Line Interface4-3124show ip redirectsThis command shows the default gateway configured for this device.Default Setting NoneCommand Mode Privil

IP Source Guard Commands4-3134Example Related Commands interface (4-166)IP Source Guard CommandsIP Source Guard is a security feature that filters IP

Main Menu3-113Member Configuration Adds switch Members to the cluster 3-242Member Information Displays cluster Member switch information 3-243Candidat

Command Line Interface4-3144• sip-mac - Filters traffic based on IP addresses and corresponding MAC addresses stored in the binding table.Default Sett

IP Source Guard Commands4-3154yet configured, the switch will drop all IP traffic on that port, except for DHCP packets.ExampleThis example enables IP

Command Line Interface4-3164- If there is no entry with same VLAN ID and MAC address, a new entry is added to binding table using the type of static I

DHCP Snooping Commands4-3174ExampleDHCP Snooping CommandsDHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices w

Command Line Interface4-3184messages received on an unsecure interface from outside the network or firewall. When DHCP snooping is enabled globally by

DHCP Snooping Commands4-3194switch will not add a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server. Al

Command Line Interface4-3204Related Commands ip dhcp snooping (4-317)ip dhcp snooping trust (4-320)ip dhcp snooping trustThis command configures the s

DHCP Snooping Commands4-3214ip dhcp snooping verify mac-addressThis command verifies the client’s hardware address stored in the DHCP packet against t

Command Line Interface4-3224• When the DHCP Snooping Information Option is enabled, clients can be identified by the switch port to which they are con

DHCP Snooping Commands4-3234ip dhcp snooping database flashThis command writes all dynamically learned snooping entries to flash memory.Command ModeGl

Configuring the Switch3-123Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location

Command Line Interface4-3244show ip dhcp snooping bindingThis command shows the DHCP snooping binding table entries.Command Mode Privileged ExecExampl

IP Cluster Commands4-3254Command Usage • To create a switch cluster, first be sure that clustering is enabled on the switch (the default is enabled),

Command Line Interface4-3264cluster ip-poolThis command sets the cluster IP address pool. Use the no form to reset to the default address.Syntax clust

IP Cluster Commands4-3274Command Usage • The maximum number of cluster Members is 36.• The maximum number of switch Candidates is 100.ExamplercommandT

Command Line Interface4-3284show cluster membersThis command shows the current switch cluster members.Command Mode Privileged ExecExampleshow cluster

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X, MAC Authentication, Web Authentication), HTT

Software SpecificationsA-2AMulticast VLAN RegistrationQuality of ServiceDiffServ supports class maps, policy maps, and service policiesAdditional Feat

Management Information BasesA-3ARADIUS+ (RFC 2618)RMON (RFC 1757 groups 1,2,3,9)SNMP (RFC 1157)SNMPv2 (RFC 2571)SNMPv3 (RFC DRAFT 3414, 3410, 2273, 34

Software SpecificationsA-4A

B-1Appendix B: Troubleshooting Problems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

Basic Configuration3-133CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Infor

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2GARP VLAN Registration Protocol (GVRP)Defines a way for switches to exchange VLAN information in order to register necessary VLAN me

Glossary-3GlossaryIGMP SnoopingListening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups t

GlossaryGlossary-4Multicast SwitchingA process whereby the switch filters incoming multicast frames for services for which no attached host has regist

Glossary-5GlossarySecure Shell (SSH)A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographi

GlossaryGlossary-6Virtual LAN (VLAN)A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical l

Index-1Numerics802.1Q tunnel 3-167, 4-251configuration, guidelines 3-170configuration, limitations 3-170description 3-167ethernet type 3-171interface

Index-2Indexdefault settings, system 1-6DHCP 3-18, 4-215, 4-216, 4-309client 3-16dynamic configuration 2-5DHCP snoopingglobal configuration 4-317, 4-3

Index-3Indexparameters 3-213snooping, configuring 3-213, 4-287importing user public keys 3-76ingress filtering 3-165, 4-246IP addressBOOTP/DHCP 3-18,

Configuring the Switch3-143Web – Click System, Switch Information.Figure 3-4 Switch InformationCLI – Use the following command to display version inf

Index-4IndexMSTP 4-219configuring 3-149global settings 4-217global settings, configuring 3-141global settings, displaying 3-138interface settings 4-21

Index-5IndexRRADIUS, logon authentication 4-93RADIUS, settings 3-54rate limits, setting 3-128, 4-179remote logging 4-57restarting the system 3-33, 4-2

Index-6IndexType Length Value See also LLDP-MEDTLVUupgrading software 3-20UPnP 3-245configuration 3-245user password 3-51, 3-59, 3-60, 3-62, 3-65, 4-

ES3528M-SFPE012008-DG-R01149100035500A

Basic Configuration3-153Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filterin

Configuring the Switch3-163CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface

Basic Configuration3-173Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, se

Configuring the Switch3-183Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

Basic Configuration3-193Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web inte

iContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-6Chapter 2: Initial Configuration 2-

Configuring the Switch3-203• File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period

Basic Configuration3-213To delete a file, select System, File, Delete. Select the file name from the given list by checking the tick box and click App

Configuring the Switch3-223- tftp to file – Copies a file from a TFTP server to the switch.- tftp to running-config – Copies a file from a TFTP server

Basic Configuration3-233Note: You can also select any configuration file as the start-up configuration by using the System/File/Set Start-Up page.Figu

Configuring the Switch3-243system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next

Basic Configuration3-253CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curren

Configuring the Switch3-263• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the lo

Basic Configuration3-273CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the

Configuring the Switch3-283Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that

Basic Configuration3-293The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory. The default is

ContentsiiSaving or Restoring Configuration Settings 3-21Downloading Configuration Settings from a Server 3-22Console Port Settings 3-23Telnet Sett

Configuring the Switch3-303CLI – Enable system logging and then specify the level of messages to be logged to RAM and flash memory. Use the show loggi

Basic Configuration3-313Web – Click System, Log, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address

Configuring the Switch3-323• Debugging – Sends a debugging notification. (Level 7)• Information – Sends informatative notification only. (Level 6)• No

Basic Configuration3-333CLI – Enter the host ip address, followed by the mail severity level, source and destination email addresses and enter the sen

Configuring the Switch3-343CLI – Use the reload command to restart the switch. When prompted, confirm that you want to reset the switch.Note:When rest

Basic Configuration3-353Figure 3-21 SNTP ConfigurationCLI – This example configures the switch to operate as an SNTP unicast client and then displays

Configuring the Switch3-363• Authenticate Key – Specifies the number of the key in the NTP Authentication Key List to use for authentication with the

Basic Configuration3-373CLI – This example configures the switch to operate as an NTP client and then displays the current settings.Setting the Time Z

Configuring the Switch3-383Web – Select SNTP, Clock Time Zone. Set the offset for your time zone relative to the UTC using either a predefined or cust

Simple Network Management Protocol3-393Access to the switch using from clients using SNMPv3 provides additional security features that cover message i

ContentsiiiConfiguring the SSH Server 3-74Generating the Host Key Pair 3-75Importing User Public Keys 3-76Configuring Port Security 3-80Configurin

Configuring the Switch3-403• Community String – A community string that acts like a password and permits access to the SNMP protocol. Default strings:

Simple Network Management Protocol3-413• Trap Version – Specifies whether to send notifications as SNMP v1, v2c, or v3 traps. (The default is version

Configuring the Switch3-423Web – Click SNMP, Agent Status.Figure 3-26 Enabling SNMP Agent StatusConfiguring SNMPv3 Management AccessTo configure SNMP

Simple Network Management Protocol3-433Web – Click SNMP, SNMPv3, Engine ID.Figure 3-27 Setting an Engine IDSpecifying a Remote Engine IDTo send infor

Configuring the Switch3-443• Group Name – The name of the SNMP group to which the user is assigned. (Range: 1-32 characters)• Model – The user securit

Simple Network Management Protocol3-453Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and as

Configuring the Switch3-463user resides. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to

Simple Network Management Protocol3-473Command Attributes• Group Name – The name of the SNMP group to which the user is assigned. (Range: 1-32 charact

Configuring the Switch3-483linkUp 1.3.6.1.6.3.1.1.5.4 A linkUp trap signifies that the SNMP entity, acting in an agent role, has detected that the ifO

Simple Network Management Protocol3-493Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, ass