Microsens MS453490M Management Guide Manuel d'utilisateur

MICROSENS GmbH & Co. KG - Kueferstraße 16 - 59067 Hamm / Germany - Tel. +49 23 81/94 52-0 - FAX -100 - www.microsens.comMS453490M10 Port Fast Ethe

CONTENTS– 10 –ARP Inspection 313Configuring Global Settings for ARP Inspection 314Configuring VLAN Settings for ARP Inspection 316Configuring Int

CHAPTER 4 | Basic Management TasksManaging System Files– 100 –requested). However, keep in mind that the file systems of many operating systems su

CHAPTER 4 | Basic Management TasksManaging System Files– 101 –The following syntax must be observed:tftp://host[/filedir]/ tftp:// – Defines TFTP

CHAPTER 4 | Basic Management TasksManaging System Files– 102 – tftp://192.168.0.1/switches/opcode/The image file is in the “opcode” directory, whi

CHAPTER 4 | Basic Management TasksSetting the System Clock– 103 –If a new image is found at the specified location, the following type of messages

CHAPTER 4 | Basic Management TasksSetting the System Clock– 104 –◆ Day – Sets the day of the month. (Range: 1-31; Default: 1)◆ Year – Sets the yea

CHAPTER 4 | Basic Management TasksSetting the System Clock– 105 –WEB INTERFACETo set the polling interval for SNTP:1. Click System, then Time. 2.

CHAPTER 4 | Basic Management TasksSetting the System Clock– 106 –Figure 14: Specifying SNTP Time ServersSETTING THE TIMEZONEUse the System > T

CHAPTER 4 | Basic Management TasksConsole Port Settings– 107 –Figure 15: Setting the Time ZoneCONSOLE PORT SETTINGSUse the System > Console me

CHAPTER 4 | Basic Management TasksConsole Port Settings– 108 –◆ Data Bits – Sets the number of data bits per character that are interpreted and ge

CHAPTER 4 | Basic Management TasksTelnet Settings– 109 –TELNET SETTINGSUse the System > Telnet menu to configure parameters for accessing the C

CONTENTS– 11 –Specifying a Remote Engine ID 374Setting SNMPv3 Views 375Configuring SNMPv3 Groups 378Setting Community Access Strings 382Confi

CHAPTER 4 | Basic Management TasksDisplaying CPU Utilization– 110 –WEB INTERFACETo configure parameters for the console port:1. Click System, then

CHAPTER 4 | Basic Management TasksDisplaying Memory Utilization– 111 –Figure 18: Displaying CPU UtilizationDISPLAYING MEMORY UTILIZATIONUse the S

CHAPTER 4 | Basic Management TasksResetting the System– 112 –RESETTING THE SYSTEMUse the System > Reset menu to restart the switch immediately,

CHAPTER 4 | Basic Management TasksResetting the System– 113 – Regularly – Specifies a periodic interval at which to reload the switch.Time HH - Th

CHAPTER 4 | Basic Management TasksResetting the System– 114 –Figure 21: Restarting the Switch (In)Figure 22: Restarting the Switch (At)

CHAPTER 4 | Basic Management TasksResetting the System– 115 –Figure 23: Restarting the Switch (Regularly)

CHAPTER 4 | Basic Management TasksResetting the System– 116 –

– 117 –5 INTERFACE CONFIGURATIONThis chapter describes the following topics:◆ Port Configuration – Configures connection settings, including auto-ne

CHAPTER 5 | Interface ConfigurationPort Configuration– 118 –◆ When using auto-negotiation, the optimal settings will be negotiated between the lin

CHAPTER 5 | Interface ConfigurationPort Configuration– 119 – Sym (Gigabit only) - Check this item to transmit and receive pause frames. FC - Flow

CONTENTS– 12 –Configuring IGMP Snooping and Query Parameters 444Specifying Static Interfaces for a Multicast Router 447Assigning Interfaces to Mul

CHAPTER 5 | Interface ConfigurationPort Configuration– 120 –CONFIGURING BYPORT RANGEUse the Interface > Port > General (Configure by Port Ra

CHAPTER 5 | Interface ConfigurationPort Configuration– 121 –PARAMETERSThese parameters are displayed:◆ Port – Port identifier.◆ Type – Indicates t

CHAPTER 5 | Interface ConfigurationPort Configuration– 122 –CONFIGURING LOCALPORT MIRRORINGUse the Interface > Port > Mirror page to mirror

CHAPTER 5 | Interface ConfigurationPort Configuration– 123 –WEB INTERFACETo configure a local mirror session:1. Click Interface, Port, Mirror.2. S

CHAPTER 5 | Interface ConfigurationPort Configuration– 124 –CONFIGURING REMOTEPORT MIRRORINGUse the Interface > Port > RSPAN page to mirror

CHAPTER 5 | Interface ConfigurationPort Configuration– 125 –3. Set up all intermediate switches on the RSPAN configuration page, entering the mirr

CHAPTER 5 | Interface ConfigurationPort Configuration– 126 –◆ Operation Status – Indicates whether or not RSPAN is currently functioning.◆ Switch

CHAPTER 5 | Interface ConfigurationPort Configuration– 127 –WEB INTERFACETo configure a remote mirror session:1. Click Interface, RSPAN.2. Set the

CHAPTER 5 | Interface ConfigurationPort Configuration– 128 –Figure 33: Configuring Remote Port Mirroring (Destination)SHOWING PORT ORTRUNK STATIS

CHAPTER 5 | Interface ConfigurationPort Configuration– 129 –Transmitted Errors The number of outbound packets that could not be transmitted becaus

CONTENTS– 13 –enable 487quit 488show history 488configure 489disable 490reload (Privileged Exec) 490show reload 491end 491exit 49121 SYSTEM MANAG

CHAPTER 5 | Interface ConfigurationPort Configuration– 130 –WEB INTERFACETo show a list of port statistics:1. Click Interface, Port, Statistics.2.

CHAPTER 5 | Interface ConfigurationPort Configuration– 131 –Figure 34: Showing Port Statistics (Table)To show a chart of port statistics:1. Click

CHAPTER 5 | Interface ConfigurationPort Configuration– 132 –PERFORMING CABLEDIAGNOSTICSUse the Interface > Port > Cable Test page to test th

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 133 –WEB INTERFACETo show a list of port statistics:1. Click Interface, Port, Cable Test.2

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 134 –COMMAND USAGEBesides balancing the load across each port in the trunk, the other port

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 135 –COMMAND USAGE◆ When configuring static trunks, you may not be able to link switches o

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 136 –To add member ports to a static trunk:1. Click Interface, Trunk, Static.2. Select Con

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 137 –To display trunk connection parameters:1. Click Interface, Trunk, Static.2. Select Co

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 138 –◆ All ports on both ends of an LACP trunk must be configured for full duplex, and aut

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 139 –NOTE: Configuring LACP settings for a port only applies to its administrative state,

CONTENTS– 14 –File Management 510boot system 511copy 512delete 515dir 515whichboot 516upgrade opcode auto 517upgrade opcode path 518Line 520lin

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 140 –To enable LACP for a port:1. Click Interface, Trunk, Dynamic.2. Select Configure Aggr

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 141 –To configure LACP parameters for group members:1. Click Interface, Trunk, Dynamic.2.

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 142 –To configure connection parameters for a dynamic trunk:1. Click Interface, Trunk, Dyn

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 143 –DISPLAYING LACPPORT COUNTERSUse the Interface > Trunk > Dynamic (Configure Aggr

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 144 –Figure 49: Displaying LACP Port CountersDISPLAYING LACPSETTINGS AND STATUSFOR THE LO

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 145 –LACPDUs Interval Number of seconds before invalidating received LACPDU information.Ad

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 146 –WEB INTERFACETo display LACP settings and status for the local side:1. Click Interfac

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 147 –WEB INTERFACETo display LACP settings and status for the remote side:1. Click Interfa

CHAPTER 5 | Interface ConfigurationSaving Power– 148 –SAVING POWERUse the Interface > Green Ethernet page to enable power savings mode on the s

CHAPTER 5 | Interface ConfigurationSaving Power– 149 –PARAMETERSThese parameters are displayed:◆ Port – Power saving mode only applies to the Giga

CONTENTS– 15 –logging sendmail source-email 539show logging sendmail 539Time 540sntp client 540sntp poll 541sntp server 542show sntp 542clock

CHAPTER 5 | Interface ConfigurationTraffic Segmentation– 150 –TRAFFIC SEGMENTATIONIf tighter security is required for passing traffic from differe

CHAPTER 5 | Interface ConfigurationTraffic Segmentation– 151 –CONFIGURING UPLINKAND DOWNLINK PORTSUse the Interface > Traffic Segmentation (Con

CHAPTER 5 | Interface ConfigurationVLAN Trunking– 152 –VLAN TRUNKINGUse the Interface > VLAN Trunking page to allow unknown VLAN groups to pass

CHAPTER 5 | Interface ConfigurationVLAN Trunking– 153 –PARAMETERSThese parameters are displayed:◆ Interface – Displays a list of ports or trunks.◆

CHAPTER 5 | Interface ConfigurationVLAN Trunking– 154 –

– 155 –6 VLAN CONFIGURATIONThis chapter includes the following topics:◆ IEEE 802.1Q VLANs – Configures static and dynamic VLANs.◆ IEEE 802.1Q Tunnel

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 156 –since traffic must pass through a configured Layer 3 link to reach a different VLAN.This swi

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 157 –VLAN Classification – When the switch receives a frame, it classifies the frame in one of tw

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 158 –Figure 58: Using GVRPForwarding Tagged/Untagged FramesIf you want to create a small port-ba

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 159 –Modify◆ VLAN ID – ID of configured VLAN (1-4093).◆ VLAN Name – Name of the VLAN (1 to 32 cha

CONTENTS– 16 –show snmp engine-id 567show snmp group 568show snmp user 569show snmp view 570nlm 570snmp-server notify-filter 571show nlm oper-s

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 160 –To modify the configuration settings for VLAN groups:1. Click VLAN, Static.2. Select Modify

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 161 –a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVR

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 162 –◆ Ingress Filtering – Determines how to process frames tagged for VLANs for which the ingres

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 163 –NOTE: The PVID, acceptable frame type, and ingress filtering parameters for each interface w

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 164 –To configure static members by interface:1. Click VLAN, Static.2. Select Edit Member by Inte

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 165 –Figure 64: Configuring Static VLAN Members by Interface RangeCONFIGURINGDYNAMIC VLANREGISTR

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 166 – Join – The interval between transmitting requests/queries to participate in a VLAN group. (

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 167 –To configure GVRP status and timers on a port or trunk:1. Click VLAN, Dynamic.2. Select Conf

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 168 –Figure 68: Showing the Members of a Dynamic VLANIEEE 802.1Q TUNNELINGIEEE 802.1Q Tunnel

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 169 –for packet processing. When the packet exits another trunk port on the same core switch,

CONTENTS– 17 –tacacs-server port 594show tacacs-server 594AAA 595aaa accounting commands 595aaa accounting dot1x 596aaa accounting exec 597aaa

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 170 –3. After packet classification through the switching process, the packet is written to m

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 171 –7. The switch sends the packet to the proper egress port.8. If the egress port is an unt

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 172 –6. Configure the QinQ tunnel uplink port to Tunnel Uplink mode (see "Adding an Inte

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 173 –Figure 70: Enabling QinQ TunnelingADDING AN INTERFACETO A QINQ TUNNELFollow the guideli

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 174 –WEB INTERFACETo add an interface to a QinQ tunnel:1. Click VLAN, Tunnel.2. Select Configure Int

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 175 –3. Then map the protocol for each interface to the appropriate VLAN using the Configure Interfa

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 176 –WEB INTERFACETo configure a protocol group:1. Click VLAN, Protocol.2. Select Configure Protocol

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 177 –MAPPING PROTOCOLGROUPS TOINTERFACESUse the VLAN > Protocol (Configure Interface - Add) page

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 178 –WEB INTERFACETo map a protocol group to a VLAN for a port or trunk:1. Click VLAN, Protocol.2. S

CHAPTER 6 | VLAN ConfigurationConfiguring IP Subnet VLANs– 179 –CONFIGURING IP SUBNET VLANSUse the VLAN > IP Subnet page to configure IP subnet

CONTENTS– 18 –802.1X Port Authentication 619dot1x default 620dot1x eapol-pass-through 620dot1x system-auth-control 621dot1x intrusion-action 62

CHAPTER 6 | VLAN ConfigurationConfiguring IP Subnet VLANs– 180 –WEB INTERFACETo map an IP subnet to a VLAN:1. Click VLAN, IP Subnet.2. Select Add

CHAPTER 6 | VLAN ConfigurationConfiguring MAC-based VLANs– 181 –CONFIGURING MAC-BASED VLANSUse the VLAN > MAC-Based page to configure VLAN base

CHAPTER 6 | VLAN ConfigurationConfiguring MAC-based VLANs– 182 –WEB INTERFACETo map a MAC address to a VLAN:1. Click VLAN, MAC-Based.2. Select Add

CHAPTER 6 | VLAN ConfigurationConfiguring VLAN Mirroring– 183 –CONFIGURING VLAN MIRRORINGUse the VLAN > Mirror (Add) page to mirror traffic fro

CHAPTER 6 | VLAN ConfigurationConfiguring VLAN Mirroring– 184 –WEB INTERFACETo configure VLAN mirroring:1. Click VLAN, Mirror.2. Select Add from t

– 185 –7 ADDRESS TABLE SETTINGSSwitches store the addresses for all known devices. This information is used to pass traffic directly between the inb

CHAPTER 7 | Address Table SettingsConfiguring MAC Address Learning– 186 –◆ Also note that MAC address learning cannot be disabled if any of the fo

CHAPTER 7 | Address Table SettingsSetting Static Addresses– 187 –SETTING STATIC ADDRESSESUse the MAC Address > Static page to configure static

CHAPTER 7 | Address Table SettingsChanging the Aging Time– 188 –4. Click Apply.Figure 83: Configuring Static MAC AddressesTo show the static addr

CHAPTER 7 | Address Table SettingsDisplaying the Dynamic Address Table– 189 –WEB INTERFACETo set the aging time for entries in the dynamic address

CONTENTS– 19 –network-access link-detection link-down 647network-access link-detection link-up 647network-access link-detection link-up-down 648n

CHAPTER 7 | Address Table SettingsClearing the Dynamic Address Table– 190 –WEB INTERFACETo show the dynamic address table:1. Click MAC Address, Dy

CHAPTER 7 | Address Table SettingsConfiguring MAC Address Mirroring– 191 –2. Select Clear Dynamic MAC from the Action list.3. Select the method by

CHAPTER 7 | Address Table SettingsConfiguring MAC Address Mirroring– 192 –matching packets will not be sent to target port specified for port mirr

– 193 –8 SPANNING TREE ALGORITHM This chapter describes the following basic topics:◆ Loopback Detection – Configures detection and response to loopb

CHAPTER 8 | Spanning Tree AlgorithmOverview– 194 –lowest cost spanning tree, it enables all root ports and designated ports, and disables all othe

CHAPTER 8 | Spanning Tree AlgorithmOverview– 195 –Figure 91: MSTP Region, Internal Spanning Tree, Multiple Spanning TreeAn MST Region consists of

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Loopback Detection– 196 –CONFIGURING LOOPBACK DETECTIONUse the Spanning Tree > Loopback Detectio

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 197 –WEB INTERFACETo configure loopback detection:1. Click Spanning Tree,

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 198 –connected to an 802.1D bridge and starts using only 802.1D BPDUs. RS

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 199 – Default: 32768 Range: 0-61440, in steps of 4096 Options: 0, 4096, 81

MANAGEMENT GUIDEMS453490M 10 PORT FAST ETHERNET SWITCHLayer 2 Switchwith 8 10/100BASE-TX (RJ-45) Ports,and 2 Gigabit Combination Ports (RJ-45/SFP)MS45

CONTENTS– 20 –show ip source-guard 672show ip source-guard binding 672ARP Inspection 673ip arp inspection 674ip arp inspection filter 675ip arp

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 200 –Configuration Settings for MSTP ◆ Max Instance Numbers – The maximum

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 201 –Figure 95: Configuring Global Settings for STA (RSTP)Figure 96: Con

CHAPTER 8 | Spanning Tree AlgorithmDisplaying Global Settings for STA– 202 –DISPLAYING GLOBAL SETTINGS FOR STAUse the Spanning Tree > STA (Conf

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 203 –Figure 97: Displaying Global Settings for STACONFIGURING INTERFAC

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 204 –port priority. (Range: 0 for auto-configuration, 1-65535 for the s

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 205 –◆ Root Guard – STA allows a bridge with a lower bridge identifier

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 206 –◆ BPDU Guard – This feature protects edge ports from receiving BPD

CHAPTER 8 | Spanning Tree AlgorithmDisplaying Interface Settings for STA– 207 –DISPLAYING INTERFACE SETTINGS FOR STAUse the Spanning Tree > STA

CHAPTER 8 | Spanning Tree AlgorithmDisplaying Interface Settings for STA– 208 –◆ Oper Path Cost – The contribution of this port to the path cost o

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 209 –WEB INTERFACETo display interface settings for STA:1. Click Spanning

CONTENTS– 21 –27 INTERFACE COMMANDS 699interface 700alias 700capabilities 701description 702flowcontrol 703media-type 704negotiation 704shutdown 705

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 210 –To use multiple spanning trees:1. Set the spanning tree type to MSTP

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 211 –Figure 101: Creating an MST InstanceTo show the MSTP instances:1. Cl

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 212 –To add additional VLAN groups to an MSTP instance:1. Click Spanning T

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 213 –CONFIGURING INTERFACE SETTINGS FOR MSTPUse the Spanning Tree >

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 214 –The recommended range is listed in Table 9 on page 204.The recomm

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 215 –Figure 106: Displaying MSTP Interface Settings

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 216 –

– 217 –9 RATE LIMIT CONFIGURATIONUse the Traffic > Rate Limit page to apply rate limiting to ingress or egress ports. This function allows the ne

CHAPTER 9 | Rate Limit Configuration– 218 –WEB INTERFACETo configure rate limits:1. Click Traffic, Rate Limit.2. Enable the Rate Limit Status for

– 219 –10 STORM CONTROL CONFIGURATIONUse the Traffic > Storm Control page to configure broadcast storm control thresholds. Broadcast storms may o

CONTENTS– 22 –no rspan session 734show rspan 73530 RATE LIMIT COMMANDS 737rate-limit 73731 AUTOMATIC TRAFFIC CONTROL COMMANDS 739auto-traffic-cont

CHAPTER 10 | Storm Control Configuration– 220 –WEB INTERFACETo configure broadcast storm control:1. Click Traffic, Storm Control.2. Set the Status

– 221 –11 CLASS OF SERVICEClass of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the sw

CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 222 –◆ If the output port is an untagged member of the associated VLAN, these frames are stri

CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 223 –◆ The WRR algorithm used by this switch is known as Shaped Deficit Weighted Round Robin

CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 224 –◆ Queue ID – The ID of the priority queue. (Range: 0-7)◆ Strict Mode – If “Strict and WR

CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 225 –Figure 112: Setting the Queue Mode (Strict and WRR)MAPPING COS VALUESTO EGRESS QUEUESUs

CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 226 –CLI REFERENCES◆ "qos map phb-queue" on page 825COMMAND USAGE ◆ Egress packets

CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 227 –Figure 113: Mapping CoS Values to Egress Queues To show the internal PHB to hardware qu

CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 228 –LAYER 3/4 PRIORITY SETTINGSMapping Layer 3/4 Priorities to CoS ValuesThe switch sup

CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 229 –PARAMETERSThese parameters are displayed:◆ Interface – Specifies a port or trunk.◆

CONTENTS– 23 –spanning-tree priority 763spanning-tree mst configuration 763spanning-tree transmission-limit 764max-hops 764mst priority 765mst v

CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 230 –COMMAND USAGE ◆ Enter per-hop behavior and drop precedence for any of the DSCP valu

CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 231 –WEB INTERFACETo map DSCP values to internal PHB/drop precedence:1. Click Traffic, P

CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 232 –MAPPING COSPRIORITIES TOINTERNAL DSCPVALUESUse the Traffic > Priority > CoS t

CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 233 – WEB INTERFACETo map CoS/CFI values to internal PHB/drop precedence:1. Click Traffi

CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 234 –To show the CoS/CFI to internal PHB/drop precedence map:1. Click Traffic, Priority,

– 235 –12 QUALITY OF SERVICE This chapter describes the following tasks required to apply QoS policies:Class Map – Creates a map which identifies a

CHAPTER 12 | Quality of ServiceConfiguring a Class Map– 236 –COMMAND USAGETo create a service policy for a specific category or ingress traffic, f

CHAPTER 12 | Quality of ServiceConfiguring a Class Map– 237 –◆ Description – A brief description of a class map. (Range: 1-64 characters)Add Rule◆

CHAPTER 12 | Quality of ServiceConfiguring a Class Map– 238 –To show the configured class maps: 1. Click Traffic, DiffServ.2. Select Configure Cla

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 239 –To show the rules for a class map: 1. Click Traffic, DiffServ.2. Select Configure Class

CONTENTS– 24 –vlan 787Configuring VLAN Interfaces 788interface vlan 789switchport acceptable-frame-types 789switchport allowed vlan 790switchpo

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 240 –Policing is based on a token bucket, where bucket depth (that is, the maximum burst bef

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 241 – if Te(t)-B ≥ 0, the packets is yellow and Te is decremented by B down to the minimum v

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 242 –respectively. The maximum size of the token bucket P is BP and the maximum size of the

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 243 –PARAMETERSThese parameters are displayed:Add◆ Policy Name – Name of policy map. (Range:

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 244 – Committed Burst Size (BC) – Burst in bytes. (Range: 4000-16000000 at a granularity of

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 245 – Conform – Specifies that traffic conforming to the maximum rate (CIR) will be transmit

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 246 – Committed Burst Size (BC) – Burst in bytes. (Range: 4000-16000000 at a granularity of

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 247 –WEB INTERFACETo configure a policy map: 1. Click Traffic, DiffServ.2. Select Configure

CHAPTER 12 | Quality of ServiceCreating QoS Policies– 248 –To edit the rules for a policy map: 1. Click Traffic, DiffServ.2. Select Configure Poli

CHAPTER 12 | Quality of ServiceAttaching a Policy Map to a Port– 249 –To show the rules for a policy map: 1. Click Traffic, DiffServ.2. Select Con

CONTENTS– 25 –switchport voice vlan rule 813switchport voice vlan security 814show voice vlan 81535 CLASS OF SERVICE COMMANDS 817Priority Command

CHAPTER 12 | Quality of ServiceAttaching a Policy Map to a Port– 250 –WEB INTERFACETo bind a policy map to a port: 1. Click Traffic, DiffServ.2. S

– 251 –13 VOIP TRAFFIC CONFIGURATIONThis chapter covers the following topics:◆ Global Settings – Enables VOIP globally, sets the Voice VLAN, and the

CHAPTER 13 | VoIP Traffic ConfigurationConfiguring VoIP Traffic– 252 –CLI REFERENCES◆ "Configuring Voice VLANs" on page 809PARAMETERSThe

CHAPTER 13 | VoIP Traffic ConfigurationConfiguring Telephony OUI– 253 –CONFIGURING TELEPHONY OUIVoIP devices attached to the switch can be identif

CHAPTER 13 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 254 –Figure 130: Configuring an OUI Telephony ListTo show the MAC OUI numb

CHAPTER 13 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 255 – Auto – The port will be added as a tagged member to the Voice VLAN wh

CHAPTER 13 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 256 –Figure 132: Configuring Port Settings for a Voice VLAN

– 257 –14 SECURITY MEASURESYou can configure this switch to authenticate users logging into the system for management access using local or remote a

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 258 –◆ DHCP Snooping – Filter IP traffic on insecure ports for which the source ad

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 259 –3. Define a method name for each service to which you want to apply accountin

CONTENTS– 26 –IGMP Snooping 849ip igmp snooping 850ip igmp snooping proxy-reporting 851ip igmp snooping querier 852ip igmp snooping router-alert

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 260 – [authentication sequence] – User authentication is performed by up to three

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 261 –CLI REFERENCES◆ "RADIUS Client" on page 588◆ "TACACS+ Client&q

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 262 – Set Key – Mark this box to set or modify the encryption key. Authentication

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 263 –3. Select RADIUS or TACACS+ server type.4. Select Global to specify the param

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 264 –To configure the RADIUS or TACACS+ server groups to use for accounting and au

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 265 –Figure 138: Showing AAA Server GroupsCONFIGURING AAAACCOUNTINGUse the Securi

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 266 –◆ Accounting Notice – Records user activity from log-in to log-off point.◆ Se

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 267 –WEB INTERFACETo configure global settings for AAA accounting: 1. Click Securi

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 268 –To show the accounting method applied to various service types and the assign

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 269 –Figure 143: Configuring AAA Accounting Service for Exec ServiceTo display a

CONTENTS– 27 –show ip igmp throttle interface 874Multicast VLAN Registration 875mvr 876mvr immediate-leave 877mvr type 878mvr vlan group 879s

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 270 –CONFIGURING AAAAUTHORIZATIONUse the Security > AAA > Authorization page

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 271 –◆ Interface - Displays the console or Telnet interface to which these rules a

CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 272 –To configure the authorization method applied to local console, Telnet, or SS

CHAPTER 14 | Security MeasuresConfiguring User Accounts– 273 –CONFIGURING USER ACCOUNTSUse the Security > User Accounts page to control managem

CHAPTER 14 | Security MeasuresWeb Authentication– 274 –Figure 150: Configuring User AccountsTo show user accounts: 1. Click Security, User Accoun

CHAPTER 14 | Security MeasuresWeb Authentication– 275 –NOTE: RADIUS authentication must be activated and configured properly for the web authentic

CHAPTER 14 | Security MeasuresWeb Authentication– 276 –Figure 152: Configuring Global Settings for Web AuthenticationCONFIGURINGINTERFACE SETTING

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 277 –Figure 153: Configuring Interface Settings for Web Authentication

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 278 –◆ Authenticated MAC addresses are stored as dynamic entries in the

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 279 –◆ Any unsupported profiles in the Filter-ID attribute are ignored.

CONTENTS– 28 –ip host 904ip name-server 905ipv6 host 906clear dns cache 906clear host 907show dns 907show dns cache 908show hosts 90840 DHCP

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 280 –Authenticated MAC addresses are stored as dynamic entries in the s

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 281 – Intrusion – Sets the port response to a host MAC authentication f

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 282 –4. Make any configuration changes required to enable address authe

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 283 –WEB INTERFACETo configure link detection on switch ports: 1. Click

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 284 –◆ MAC Address Mask – The filter rule will check for the range of M

CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 285 –DISPLAYING SECUREMAC ADDRESSINFORMATIONUse the Security > Netwo

CHAPTER 14 | Security MeasuresConfiguring HTTPS– 286 –Figure 159: Showing Addresses Authenticated for Network AccessCONFIGURING HTTPSYou can conf

CHAPTER 14 | Security MeasuresConfiguring HTTPS– 287 –◆ The client and server establish a secure encrypted connection.A padlock icon should appear

CHAPTER 14 | Security MeasuresConfiguring HTTPS– 288 –REPLACING THEDEFAULT SECURE-SITECERTIFICATEUse the Security > HTTPS (Copy Certificate) pa

CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 289 –WEB INTERFACETo replace the default secure-site certificate: 1. Click Security, H

CONTENTS– 29 –show ipv6 default-gateway 934show ipv6 interface 935show ipv6 mtu 936show ipv6 traffic 937clear ipv6 traffic 941ping6 942ipv6 nd

CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 290 –COMMAND USAGEThe SSH server on this switch supports both password and public key

CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 291 –5. Enable SSH Service – On the SSH Settings page, enable the SSH server on the sw

CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 292 –checks whether the signature is correct. If both checks succeed, the client is au

CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 293 –WEB INTERFACETo configure the SSH server: 1. Click Security, SSH.2. Select Config

CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 294 –client to select either DES (56-bit) or 3DES (168-bit) for data encryption.NOTE:

CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 295 –To display or clear the SSH host key pair: 1. Click Security, SSH.2. Select Confi

CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 296 –The SSH server uses RSA or DSA for key exchange when the client first establishes

CHAPTER 14 | Security MeasuresAccess Control Lists– 297 –To display or clear the SSH user’s public key: 1. Click Security, SSH.2. Select Configure

CHAPTER 14 | Security MeasuresAccess Control Lists– 298 –◆ An ACL can have up to 32 rules. However, due to resource restrictions, the average numb

CHAPTER 14 | Security MeasuresAccess Control Lists– 299 –WEB INTERFACETo configure a time range: 1. Click Security, ACL.2. Select Configure Time R

– 3 –ABOUT THIS GUIDEPURPOSE This guide gives specific information on how to operate and use the management functions of the switch.AUDIENCE The gui

CONTENTS– 30 –

CHAPTER 14 | Security MeasuresAccess Control Lists– 300 –6. Fill in the required parameters for the selected mode.7. Click Apply.Figure 169: Add

CHAPTER 14 | Security MeasuresAccess Control Lists– 301 –SHOWING TCAMUTILIZAITONUse the Security > ACL (Configure ACL - Show TCAM) page to show

CHAPTER 14 | Security MeasuresAccess Control Lists– 302 –Figure 171: Showing TCAM UtilizationSETTING THE ACLNAME AND TYPEUse the Security > AC

CHAPTER 14 | Security MeasuresAccess Control Lists– 303 –WEB INTERFACETo configure the name and type of an ACL: 1. Click Security, ACL.2. Select C

CHAPTER 14 | Security MeasuresAccess Control Lists– 304 –CONFIGURING ASTANDARD IPV4 ACLUse the Security > ACL (Configure ACL - Add Rule - IP St

CHAPTER 14 | Security MeasuresAccess Control Lists– 305 –9. Click Apply. Figure 174: Configuring a Standard IPv4 ACLCONFIGURING ANEXTENDED IPV4 A

CHAPTER 14 | Security MeasuresAccess Control Lists– 306 –◆ Source/Destination Port Bit Mask – Decimal number representing the port bits to match.

CHAPTER 14 | Security MeasuresAccess Control Lists– 307 –WEB INTERFACETo add rules to an Extended IP ACL: 1. Click Security, ACL.2. Select Configu

CHAPTER 14 | Security MeasuresAccess Control Lists– 308 –CONFIGURING A MACACLUse the Security > ACL (Configure ACL - Add Rule - MAC) page to co

CHAPTER 14 | Security MeasuresAccess Control Lists– 309 –WEB INTERFACETo add rules to a MAC ACL: 1. Click Security, ACL.2. Select Configure ACL fr

– 31 –FIGURESFigure 1: Home Page 74Figure 2: Front Panel Indicators 75Figure 3: System Information 90Figure 4: General Switch Information 91Figure 5

CHAPTER 14 | Security MeasuresAccess Control Lists– 310 –CONFIGURING AN ARPACLUse the Security > ACL (Configure ACL - Add Rule - ARP) page to c

CHAPTER 14 | Security MeasuresAccess Control Lists– 311 –WEB INTERFACETo add rules to an ARP ACL: 1. Click Security, ACL.2. Select Configure ACL f

CHAPTER 14 | Security MeasuresAccess Control Lists– 312 –BINDING A PORT TO ANACCESS CONTROLLISTAfter configuring ACLs, use the Security > ACL (

CHAPTER 14 | Security MeasuresARP Inspection– 313 –WEB INTERFACETo bind an ACL to a port: 1. Click Security, ACL.2. Select Configure Interface fro

CHAPTER 14 | Security MeasuresARP Inspection– 314 –COMMAND USAGEEnabling & Disabling ARP Inspection◆ ARP Inspection is controlled on a global

CHAPTER 14 | Security MeasuresARP Inspection– 315 –with different MAC addresses are classified as invalid and are dropped. IP – Checks the ARP bod

CHAPTER 14 | Security MeasuresARP Inspection– 316 – Src-MAC – Validates the source MAC address in the Ethernet header against the sender MAC addre

CHAPTER 14 | Security MeasuresARP Inspection– 317 –◆ ARP Inspection ACLs can be applied to any configured VLAN.◆ ARP Inspection uses the DHCP snoo

CHAPTER 14 | Security MeasuresARP Inspection– 318 –Figure 180: Configuring VLAN Settings for ARP InspectionCONFIGURINGINTERFACE SETTINGSFOR ARP I

CHAPTER 14 | Security MeasuresARP Inspection– 319 –WEB INTERFACETo configure interface settings for ARP Inspection: 1. Click Security, ARP Inspect

FIGURES– 32 –Figure 32: Configuring Remote Port Mirroring (Intermediate) 127Figure 33: Configuring Remote Port Mirroring (Destination) 128Figure 34:

CHAPTER 14 | Security MeasuresARP Inspection– 320 –WEB INTERFACETo display statistics for ARP Inspection: 1. Click Security, ARP Inspection.2. Sel

CHAPTER 14 | Security MeasuresFiltering IP Addresses for Management Access– 321 –WEB INTERFACETo display the ARP Inspection log: 1. Click Security

CHAPTER 14 | Security MeasuresFiltering IP Addresses for Management Access– 322 –◆ When entering addresses for the same group (i.e., SNMP, web or

CHAPTER 14 | Security MeasuresConfiguring Port Security– 323 –To show a list of IP addresses authorized for management access: 1. Click Security,

CHAPTER 14 | Security MeasuresConfiguring Port Security– 324 –COMMAND USAGE◆ A secure port has the following restrictions: It cannot be used as a

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 325 –Figure 186: Configuring Port SecurityCONFIGURING 802.1X PORT AUTHENTIC

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 326 –hosts if one attached host fails re-authentication or sends an EAPOL lo

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 327 –PARAMETERSThese parameters are displayed:◆ Port Authentication Status –

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 328 –Figure 188: Configuring Global Settings for 802.1X Port Authentication

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 329 –PARAMETERSThese parameters are displayed:◆ Port – Port number.◆ Status

FIGURES– 33 –Figure 68: Showing the Members of a Dynamic VLAN 168Figure 69: QinQ Operational Concept 169Figure 70: Enabling QinQ Tunneling 173Figure

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 330 –◆ Max-Request – Sets the maximum number of times the switch port will r

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 331 –◆ Current Identifier – Identifier sent in each EAP Success, Failure or

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 332 –Figure 189: Configuring Interface Settings for 802.1X Port Authenticat

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 333 –COMMAND USAGE◆ When devices attached to a port must submit requests to

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 334 –WEB INTERFACETo configure port authenticator settings for 802.1X: 1. Cl

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 335 –Rx EAPOL Total The number of valid EAPOL frames of any type that have b

CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 336 –WEB INTERFACETo display port authenticator statistics for 802.1X: 1. Cl

CHAPTER 14 | Security MeasuresIP Source Guard– 337 –To display port supplicant statistics for 802.1X: 1. Click Security, Port Authentication.2. Se

CHAPTER 14 | Security MeasuresIP Source Guard– 338 –COMMAND USAGE◆ Setting source guard mode to SIP (Source IP) or SIP-MAC (Source IP and MAC) ena

CHAPTER 14 | Security MeasuresIP Source Guard– 339 – SIP-MAC – Enables traffic filtering based on IP addresses and corresponding MAC addresses sto

FIGURES– 34 –Figure 104: Displaying Members of an MST Instance 212Figure 105: Configuring MSTP Interface Settings 214Figure 106: Displaying MSTP Int

CHAPTER 14 | Security MeasuresIP Source Guard– 340 –new entry will replace the old one and the entry type will be changed to static IP source guar

CHAPTER 14 | Security MeasuresIP Source Guard– 341 –To display static bindings for IP Source Guard: 1. Click Security, IP Source Guard, Static Con

CHAPTER 14 | Security MeasuresDHCP Snooping– 342 –WEB INTERFACETo display the binding table for IP Source Guard: 1. Click Security, IP Source Guar

CHAPTER 14 | Security MeasuresDHCP Snooping– 343 –◆ The rate limit for the number of DHCP messages that can be processed by the switch is 100 pack

CHAPTER 14 | Security MeasuresDHCP Snooping– 344 –DHCP server, any packets received from untrusted ports are dropped.DHCP Snooping Option 82◆ DHCP

CHAPTER 14 | Security MeasuresDHCP Snooping– 345 –DHCP SNOOPINGCONFIGURATIONUse the IP Service > DHCP > Snooping (Configure Global) page to

CHAPTER 14 | Security MeasuresDHCP Snooping– 346 –Figure 197: Configuring Global Settings for DHCP SnoopingDHCP SNOOPINGVLANCONFIGURATIONUse the

CHAPTER 14 | Security MeasuresDHCP Snooping– 347 –WEB INTERFACETo configure global settings for DHCP Snooping: 1. Click Security, IP Source Guard,

CHAPTER 14 | Security MeasuresDHCP Snooping– 348 –WEB INTERFACETo configure global settings for DHCP Snooping: 1. Click Security, IP Source Guard,

CHAPTER 14 | Security MeasuresDHCP Snooping– 349 –◆ Store – Writes all dynamically learned snooping entries to flash memory. This function can be

FIGURES– 35 –Figure 140: Configuring AAA Accounting Methods 267Figure 141: Showing AAA Accounting Methods 268Figure 142: Configuring AAA Accounting

CHAPTER 14 | Security MeasuresDHCP Snooping– 350 –

– 351 –15 BASIC ADMINISTRATION PROTOCOLSThis chapter describes basic administration tasks including:◆ Event Logging – Sets conditions for logging e

CHAPTER 15 | Basic Administration ProtocolsConfiguring Event Logging– 352 –PARAMETERSThese parameters are displayed:◆ System Log Status – Enables/

CHAPTER 15 | Basic Administration ProtocolsConfiguring Event Logging– 353 –Figure 201: Configuring Settings for System Memory LogsTo show the err

CHAPTER 15 | Basic Administration ProtocolsConfiguring Event Logging– 354 –◆ Logging Facility – Sets the facility type for remote logging of syslo

CHAPTER 15 | Basic Administration ProtocolsConfiguring Event Logging– 355 –SENDING SIMPLE MAILTRANSFER PROTOCOLALERTSUse the Administration > L

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 356 –Figure 204: Configuring SMTP Alert MessagesLINK LAYER DISCOVERY PR

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 357 –This attribute must comply with the following rule:(Transmission In

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 358 –3. Enable LLDP, and modify any of the timing parameters as required

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 359 –lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange n

FIGURES– 36 –Figure 176: Configuring a MAC ACL 309Figure 177: Configuring a ARP ACL 311Figure 178: Binding a Port to an ACL 313Figure 179: Configuri

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 360 – VLAN ID – The port’s default VLAN identifier (PVID) indicates the

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 361 –Figure 206: Configuring LLDP Interface AttributesDISPLAYING LLDPLO

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 362 –◆ Chassis ID – An octet string indicating the specific identifier f

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 363 –Figure 207: Displaying Local Device Information for LLDP (General)

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 364 –◆ System Name – A string that indicates the system’s administrative

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 365 –◆ Management Address List – The management addresses for this devic

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 366 –◆ Remote Port Auto-Neg Status – Shows whether port auto-negotiation

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 367 –◆ Remote Link Aggregation Port ID – This object contains the IEEE 8

CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 368 –DISPLAYING DEVICESTATISTICSUse the Administration > LLDP (Show D

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 369 –WEB INTERFACETo display statistics for LLDP-capable devices at

FIGURES– 37 –Figure 212: Displaying LLDP Device Statistics (Port) 369Figure 213: Configuring Global Settings for SNMP 372Figure 214: Configuring the

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 370 –Managed devices supporting SNMP contain software, which runs l

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 371 –NOTE: The predefined default groups and view can be deleted fr

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 372 –CONFIGURING GLOBALSETTINGS FOR SNMPUse the Administration >

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 373 –SETTING THE LOCALENGINE IDUse the Administration > SNMP (Co

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 374 –SPECIFYING A REMOTEENGINE IDUse the Administration > SNMP (

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 375 –WEB INTERFACETo configure a remote SNMP engine ID:1. Click Adm

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 376 –PARAMETERSThese parameters are displayed:Add View◆ View Name –

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 377 –To show the SNMP views of the switch’s MIB database:1. Click A

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 378 –To show the OID branches configured for the SNMP views of the

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 379 –◆ Read View – The configured view for read access. (Range: 1-6

FIGURES– 38 –Figure 248: Pnging a Network Device 412Figure 249: Configuring a Static IPv4 Address 414Figure 250: Configuring a Dynamic IPv4 Address

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 380 –RMON Events (V2)risingAlarm 1.3.6.1.2.1.16.0.1 The SNMP trap t

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 381 –WEB INTERFACETo configure an SNMP group:1. Click Administratio

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 382 –Figure 222: Showing SNMP GroupsSETTING COMMUNITYACCESS STRING

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 383 –WEB INTERFACETo set a community access string:1. Click Adminis

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 384 –CONFIGURING LOCALSNMPV3 USERSUse the Administration > SNMP

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 385 –WEB INTERFACETo configure a local SNMPv3 user:1. Click Adminis

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 386 –Figure 226: Showing Local SNMPv3 UsersCONFIGURING REMOTESNMPV

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 387 – AuthPriv – SNMP communications use both authentication and en

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 388 –Figure 227: Configuring Remote SNMPv3 UsersTo show remote SNM

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 389 –SPECIFYING TRAPMANAGERSUse the Administration > SNMP (Confi

FIGURES– 39 –Figure 284: Configuring IGMP Filtering and Throttling Interface Settings 463Figure 285: MVR Concept 464Figure 286: Configuring Globa

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 390 –PARAMETERSThese parameters are displayed:SNMP Version 1◆ IP Ad

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 391 –SNMP Version 3◆ IP Address – IP address of a new management st

CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 392 –WEB INTERFACETo configure trap managers:1. Click Administratio

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 393 –Figure 231: Configuring Trap Managers (SNMPv3)To show configured trap managers

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 394 –The switch supports mini-RMON, which consists of the Statistics, History, Event

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 395 –generated, another such event will not be generated until the sampled value has

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 396 –Figure 233: Configuring an RMON AlarmTo show configured RMON alarms:1. Click A

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 397 –CONFIGURING RMONEVENTSUse the Administration > RMON (Configure Global - Add

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 398 –WEB INTERFACETo configure an RMON event:1. Click Administration, RMON.2. Select

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 399 –To show configured RMON events:1. Click Administration, RMON.2. Select Configur

ABOUT THIS GUIDE– 4 –

FIGURES– 40 –

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 400 –PARAMETERSThese parameters are displayed:◆ Port – The port number on the switch

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 401 –To show configured RMON history samples:1. Click Administration, RMON.2. Select

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 402 –CONFIGURING RMONSTATISTICAL SAMPLESUse the Administration > RMON (Configure

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 403 –WEB INTERFACETo enable regular sampling of statistics on a port:1. Click Admini

CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 404 –Figure 241: Showing Configured RMON Statistical SamplesTo show collected RMON

CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 405 –SWITCH CLUSTERINGSwitch clustering is a method of grouping switches together to

CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 406 –PARAMETERSThese parameters are displayed:◆ Cluster Status – Enables or disables

CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 407 –CLUSTER MEMBERCONFIGURATIONUse the Administration > Cluster (Configure Membe

CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 408 –Figure 245: Showing Cluster MembersTo show cluster candidates:1. Click Adminis

CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 409 –◆ Operate – Remotely manage a cluster member.WEB INTERFACETo manage a cluster m

– 41 –TABLESTable 1: Key Features 49Table 2: System Defaults 54Table 3: Web Page Configuration Buttons 75Table 4: Switch Main Menu 76Table 5: Po

CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 410 –

– 411 –16 IP CONFIGURATIONThis chapter describes how to configure an IP interface for management access to the switch over the network. This switch

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 412 – Destination does not respond - If the host does not respond, a

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 413 –CLI REFERENCES◆ "DHCP Client" on page 911◆ "Basic

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 414 –WEB INTERFACETo set a static address for the switch:1. Click Sys

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 415 –NOTE: The switch will also broadcast a request for IP configurat

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 416 – An IPv6 default gateway must be defined if the management stati

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 417 –reachability information about the paths to active neighbors. Th

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 418 – Duplicate address detection determines if a new unicast IPv6 ad

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 419 –3. Specify the VLAN to configure, enable address auto-configurat

TABLES– 42 –Table 32: General Command Modes 478Table 33: Configuration Command Modes 480Table 34: Keystroke Commands 481Table 35: Command Group I

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 420 –◆ To connect to a larger network with multiple subnets, you must

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 421 –of the address comprise the prefix (i.e., the network portion of

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 422 –Figure 253: Configuring an IPv6 AddressSHOWING IPV6ADDRESSESUse

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 423 –Note that the solicited-node multicast address (link-local scope

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 424 –WEB INTERFACETo show neighboring IPv6 devices:1. Click IP, IPv6

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 425 –SHOWING IPV6STATISTICSUse the IP > IPv6 Configuration (Show S

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 426 –Address Errors The number of input datagrams discarded because t

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 427 –Generated Fragments The number of output datagram fragments that

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 428 –Destination Unreachable MessagesThe number of ICMP Destination U

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 429 –WEB INTERFACETo show the IPv6 statistics:1. Click IP, IPv6 Confi

TABLES– 43 –Table 68: Telnet Server Commands 607Table 69: Secure Shell Commands 609Table 70: show ssh - display description 618Table 71: 802.1X P

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 430 –Figure 258: Showing IPv6 Statistics (UDP)SHOWING THE MTUFOR RES

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 431 –WEB INTERFACETo show the MTU reported from other devices:1. Clic

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 432 –

– 433 –17 IP SERVICESThis chapter describes how to configure Domain Name Service (DNS) on this switch. For information on DHCP snooping which is inc

CHAPTER 17 | IP ServicesConfiguring a List of Domain Names– 434 –WEB INTERFACETo configure general settings for DNS:1. Click IP Service, DNS.2. Se

CHAPTER 17 | IP ServicesConfiguring a List of Domain Names– 435 –PARAMETERSThese parameters are displayed:Domain Name – Name of the host. Do not i

CHAPTER 17 | IP ServicesConfiguring a List of Name Servers– 436 –CONFIGURING A LIST OF NAME SERVERSUse the IP Service > DNS - General (Add Name

CHAPTER 17 | IP ServicesConfiguring Static DNS Host to Address Entries– 437 –To show the list name servers:1. Click IP Service, DNS.2. Select Show

CHAPTER 17 | IP ServicesConfiguring Static DNS Host to Address Entries– 438 –WEB INTERFACETo configure static entries in the DNS table:1. Click IP

CHAPTER 17 | IP ServicesDisplaying the DNS Cache– 439 –DISPLAYING THE DNS CACHEUse the IP Service > DNS - Cache page to display entries in the

TABLES– 44 –Table 104: GVRP and Bridge Extension Commands 782Table 105: Commands for Editing VLAN Groups 786Table 106: Commands for Configuring VL

CHAPTER 17 | IP ServicesDisplaying the DNS Cache– 440 –

– 441 –18 MULTICAST FILTERING This chapter describes how to configure the following multicast servcies:◆ IGMP – Configuring snooping and query param

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 442 –device, most commonly a multicast router. In this way, the switch can disc

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 443 –NOTE: When the switch is configured to use IGMPv3 snooping, the snooping v

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 444 –CONFIGURING IGMPSNOOPING AND QUERYPARAMETERSUse the Multicast > IGMP Sn

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 445 –◆ Proxy Reporting Status – Enables IGMP Snooping with Proxy Reporting. (De

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 446 –When the root bridge in a spanning tree receives a TCN for a VLAN where IG

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 447 –◆ IGMP Snooping Version – Sets the protocol version for compatibility with

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 448 –attached router. This can ensure that multicast traffic is passed to all t

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 449 –Figure 271: Showing Static Interfaces Attached a Multicast RouterTo show

TABLES– 45 –Table 140: show ipv6 interface - display description 935Table 141: show ipv6 mtu - display description 937Table 142: show ipv6 traffic

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 450 –COMMAND USAGE◆ Static multicast addresses are never aged out.◆ When a mult

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 451 –Figure 274: Showing Static Interfaces Assigned to a Multicast ServiceTo s

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 452 –COMMAND USAGEMulticast Router DiscoveryThere have been many mechanisms use

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 453 –Advertisement and Termination messages are sent to the All-Snoopers multic

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 454 –enabled on an interface if it is connected to only one IGMP-enabled device

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 455 –◆ Query Response Interval – The maximum time the system waits for a respon

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 456 –WEB INTERFACETo configure IGMP snooping on a VLAN:1. Click Multicast, IGMP

CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 457 –Figure 277: Showing Interface Settings for IGMP Snooping DISPLAYINGMULTIC

CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 458 –WEB INTERFACETo show multicast groups learned through IGMP snooping:1.

CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 459 –ENABLING IGMPFILTERING ANDTHROTTLINGUse the Multicast > IGMP Snoopin

TABLES– 46 –

CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 460 –PARAMETERSThese parameters are displayed:Add◆ Profile ID – Creates an I

CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 461 –3. Select Show from the Action list.Figure 281: Showing the IGMP Filte

CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 462 –To show the multicast groups configured for an IGMP filter profile:1. C

CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 463 –◆ Current Multicast Groups – Displays the current multicast groups the interface

CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 464 –MVR maintains the user isolation and data security provided by VLAN segregation

CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 465 –CONFIGURING GLOBALMVR SETTINGSUse the Multicast > MVR (Configure General) pag

CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 466 –WEB INTERFACETo configure global settings for MVR:1. Click Multicast, MVR.2. Sel

CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 467 –◆ One or more interfaces may be configured as MVR source ports. A source port is

CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 468 –multicast traffic from one of the MVR groups, or a multicast group has been stat

CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 469 –WEB INTERFACETo assign a static MVR group to a port:1. Click Multicast, MVR.2. S

– 47 –SECTION IGETTING STARTEDThis section provides an overview of the switch, and introduces some basic concepts about network switches. It also de

CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 470 –DISPLAYING MVRRECEIVER GROUPSUse the Multicast > MVR (Show Member) page to di

– 471 –SECTION IIICOMMAND LINE INTERFACEThis section provides a detailed description of the Command Line Interface, along with examples for all of t

SECTION III | Command Line Interface– 472 –◆ "Multicast Filtering Commands" on page 849◆ "LLDP Commands" on page 883◆ "Do

– 473 –19 USING THE COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).ACCESSING THE CLIWhen accessing the man

CHAPTER 19 | Using the Command Line InterfaceAccessing the CLI– 474 –TELNET CONNECTION Telnet operates over the IP transport protocol. In this env

CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 475 –NOTE: You can open up to four sessions to the device via Telnet.ENTERING COMM

CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 476 –GETTING HELP ONCOMMANDSYou can display a brief description of the help system

CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 477 – sntp Simple Network Time Protocol configuration spanning-

CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 478 –UNDERSTANDINGCOMMAND MODESThe command set is divided into Exec and Configurat

CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 479 –Username: guestPassword: [guest login password] CLI session with the MS45349

SECTION I | Getting Started– 48 –

CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 480 –To enter the Global Configuration mode, enter the command configure in Privil

CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 481 –COMMAND LINEPROCESSINGCommands are not case sensitive. You can abbreviate com

CHAPTER 19 | Using the Command Line InterfaceCLI Command Groups– 482 –CLI COMMAND GROUPSThe system commands can be broken down into the functional

CHAPTER 19 | Using the Command Line InterfaceCLI Command Groups– 483 –The access mode shown in the following tables is indicated by these abbrevia

CHAPTER 19 | Using the Command Line InterfaceCLI Command Groups– 484 –

– 485 –20 GENERAL COMMANDSThese commands are used to control the command access mode, configuration mode, and other basic functions.prompt This comm

CHAPTER 20 | General Commands– 486 –EXAMPLE Console(config)#prompt RD2RD2(config)#reload (GlobalConfiguration)This command restarts the system at

CHAPTER 20 | General Commands– 487 –COMMAND USAGE ◆ This command resets the entire system. ◆ Any combination of reload options may be specified. I

CHAPTER 20 | General Commands– 488 –EXAMPLE Console>enablePassword: [privileged level password]Console#RELATED COMMANDS disable (490)enable pas

CHAPTER 20 | General Commands– 489 –EXAMPLE In this example, the show history command lists the contents of the command history buffer:Console#sho

– 49 –1 INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configur

CHAPTER 20 | General Commands– 490 –disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only dis

CHAPTER 20 | General Commands– 491 –show reload This command displays the current reload settings, and the time at which next scheduled reload wil

CHAPTER 20 | General Commands– 492 –EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and t

– 493 –21 SYSTEM MANAGEMENT COMMANDSThese commands are used to control system logs, passwords, user names, management options, and display or config

CHAPTER 21 | System Management CommandsBanner Information– 494 –hostname This command specifies or modifies the host name for this device. Use the

CHAPTER 21 | System Management CommandsBanner Information– 495 –banner configure This command is used to interactively specify administrative info

CHAPTER 21 | System Management CommandsBanner Information– 496 –Row: 7Rack: 29Shelf in this rack: 8Information about DC power supply.Floor: 2Row:

CHAPTER 21 | System Management CommandsBanner Information– 497 –banner configuredc-power-infoThis command is use to configure DC power information

CHAPTER 21 | System Management CommandsBanner Information– 498 –COMMAND MODEGlobal ConfigurationCOMMAND USAGE Input strings cannot contain spaces.

CHAPTER 21 | System Management CommandsBanner Information– 499 –EXAMPLE Console(config)#banner configure equipment-info manufacturer-id MS453490M

– 5 –CONTENTSABOUT THIS GUIDE 3CONTENTS 5FIGURES 31TABLES 41SECTION I GETTING STARTED 471INTRODUCTION 49Key Features 49Description of Software Feat

CHAPTER 1 | IntroductionDescription of Software Features– 50 –DESCRIPTION OF SOFTWARE FEATURESThe switch provides a wide range of advanced perform

CHAPTER 21 | System Management CommandsBanner Information– 500 –COMMAND MODEGlobal ConfigurationCOMMAND USAGE Input strings cannot contain spaces.

CHAPTER 21 | System Management CommandsBanner Information– 501 –banner configuremanager-infoThis command is used to configure the manager contact

CHAPTER 21 | System Management CommandsBanner Information– 502 –DEFAULT SETTING NoneCOMMAND MODEGlobal ConfigurationCOMMAND USAGE Input strings ca

CHAPTER 21 | System Management CommandsSystem Status– 503 –show banner This command displays all banner information.COMMAND MODENormal Exec, Privi

CHAPTER 21 | System Management CommandsSystem Status– 504 –show access-listtcam-utilizationThis command shows utilization parameters for TCAM (Ter

CHAPTER 21 | System Management CommandsSystem Status– 505 –EXAMPLE Console#show process cpu CPU Utilization in the past 5 seconds : 3.98%Console#s

CHAPTER 21 | System Management CommandsSystem Status– 506 –spanning-tree mst configuration!interface ethernet 1/1 switchport allowed vlan add 1 un

CHAPTER 21 | System Management CommandsSystem Status– 507 –RELATED COMMANDSshow running-config (505)show system This command displays system infor

CHAPTER 21 | System Management CommandsSystem Status– 508 –EXAMPLE Console#show users User Name Accounts: User Name Privilege Public-Key -------

CHAPTER 21 | System Management CommandsFrame Size– 509 –FRAME SIZEThis section describes commands used to configure the Ethernet frame size on the

CHAPTER 1 | IntroductionDescription of Software Features– 51 –ACCESS CONTROLLISTSACLs provide packet filtering for IP frames (based on address, pr

CHAPTER 21 | System Management CommandsFile Management– 510 –FILE MANAGEMENTManaging FirmwareFirmware can be uploaded and downloaded to or from an

CHAPTER 21 | System Management CommandsFile Management– 511 –boot system This command specifies the file or image used to start up the system.SYNT

CHAPTER 21 | System Management CommandsFile Management– 512 –copy This command moves (upload/download) a code image or configuration file between

CHAPTER 21 | System Management CommandsFile Management– 513 –◆ The Boot ROM and Loader cannot be uploaded or downloaded from the FTP/TFTP server.

CHAPTER 21 | System Management CommandsFile Management– 514 –The following example shows how to download a configuration file: Console#copy tftp s

CHAPTER 21 | System Management CommandsFile Management– 515 –delete This command deletes a file or image.SYNTAX delete filenamefilename - Name of

CHAPTER 21 | System Management CommandsFile Management– 516 –COMMAND USAGE ◆ If you enter the command dir without any parameters, the system displ

CHAPTER 21 | System Management CommandsFile Management– 517 –EXAMPLEThis example shows the information displayed by the whichboot command. See the

CHAPTER 21 | System Management CommandsFile Management– 518 –◆ Any changes made to the default setting can be displayed with the show running-conf

CHAPTER 21 | System Management CommandsFile Management– 519 –◆ When specifying a TFTP server, the following syntax must be used, where filedir ind

CHAPTER 1 | IntroductionDescription of Software Features– 52 –IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address

CHAPTER 21 | System Management CommandsLine– 520 –LINEYou can access the onboard configuration program by attaching a VT100 compatible device to t

CHAPTER 21 | System Management CommandsLine– 521 –COMMAND MODE Global Configuration COMMAND USAGE Telnet is considered a virtual terminal connecti

CHAPTER 21 | System Management CommandsLine– 522 –RELATED COMMANDS parity (523)exec-timeout This command sets the interval that the system waits u

CHAPTER 21 | System Management CommandsLine– 523 –DEFAULT SETTING login localCOMMAND MODE Line Configuration COMMAND USAGE ◆ There are three authe

CHAPTER 21 | System Management CommandsLine– 524 –DEFAULT SETTING No parityCOMMAND MODE Line Configuration COMMAND USAGE Communication protocols p

CHAPTER 21 | System Management CommandsLine– 525 –EXAMPLE Console(config-line)#password 0 secretConsole(config-line)#RELATED COMMANDSlogin (522)pa

CHAPTER 21 | System Management CommandsLine– 526 –silent-time This command sets the amount of time the management console is inaccessible after th

CHAPTER 21 | System Management CommandsLine– 527 –supported. If you select the “auto” option, the switch will automatically detect the baud rate c

CHAPTER 21 | System Management CommandsLine– 528 –COMMAND MODE Line ConfigurationCOMMAND USAGE ◆ If a login attempt is not detected within the tim

CHAPTER 21 | System Management CommandsEvent Logging– 529 –show line This command displays the terminal line’s parameters.SYNTAX show line [consol

CHAPTER 1 | IntroductionDescription of Software Features– 53 –VIRTUAL LANS The switch supports up to 255 VLANs. A Virtual LAN is a collection of n

CHAPTER 21 | System Management CommandsEvent Logging– 530 –logging facility This command sets the facility type for remote logging of syslog messa

CHAPTER 21 | System Management CommandsEvent Logging– 531 –logging history This command limits syslog messages saved to switch memory based on sev

CHAPTER 21 | System Management CommandsEvent Logging– 532 –logging host This command adds a syslog server host IP address that will receive loggin

CHAPTER 21 | System Management CommandsEvent Logging– 533 –RELATED COMMANDSlogging history (531)logging trap (533)clear log (533)logging trap This

CHAPTER 21 | System Management CommandsEvent Logging– 534 –COMMAND MODE Privileged ExecEXAMPLE Console#clear logConsole#RELATED COMMANDSshow log (

CHAPTER 21 | System Management CommandsEvent Logging– 535 –show logging This command displays the configuration settings for logging messages to l

CHAPTER 21 | System Management CommandsSMTP Alerts– 536 –REMOTELOG Level Type: Debugging messagesREMOTELOG server IP Address: 1.2.3.4REMOTE

CHAPTER 21 | System Management CommandsSMTP Alerts– 537 –logging sendmail This command enables SMTP event handling. Use the no form to disable thi

CHAPTER 21 | System Management CommandsSMTP Alerts– 538 –EXAMPLEConsole(config)#logging sendmail host 192.168.1.19Console(config)#logging sendmail

CHAPTER 21 | System Management CommandsSMTP Alerts– 539 –COMMAND MODE Global ConfigurationCOMMAND USAGE You can specify up to five recipients for

CHAPTER 1 | IntroductionSystem Defaults– 54 –QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management mechanisms use

CHAPTER 21 | System Management CommandsTime– 540 –SMTP Minimum Severity Level: 7SMTP destination email addresses----------------------------------

CHAPTER 21 | System Management CommandsTime– 541 –COMMAND USAGE ◆ The time acquired from time servers is used to record accurate dates and times f

CHAPTER 21 | System Management CommandsTime– 542 –RELATED COMMANDSsntp client (540)sntp server This command sets the IP address of the servers to

CHAPTER 21 | System Management CommandsTime– 543 –EXAMPLE Console#show sntpCurrent Time : Nov 5 18:51:22 2006Poll Interval : 16 secondsCurrent

CHAPTER 21 | System Management CommandsTime– 544 –calendar set This command sets the system clock. It may be used if there is no time server on yo

CHAPTER 21 | System Management CommandsTime Range– 545 –TIME RANGEThis section describes the commands used to sets a time range for use by other f

CHAPTER 21 | System Management CommandsTime Range– 546 –absolute This command sets the time range for the execution of a command. Use the no form

CHAPTER 21 | System Management CommandsTime Range– 547 –monday - Mondaysaturday - Saturdaysunday - Sundaythursday - Thursdaytuesday - Tuesdaywedne

CHAPTER 21 | System Management CommandsSwitch Clustering– 548 –SWITCH CLUSTERINGSwitch Clustering is a method of grouping switches together to ena

CHAPTER 21 | System Management CommandsSwitch Clustering– 549 –cluster This command enables clustering on the switch. Use the no form to disable c

CHAPTER 1 | IntroductionSystem Defaults– 55 –Web Management HTTP Server EnabledHTTP Port Number 80HTTP Secure Server EnabledHTTP Secure Server Por

CHAPTER 21 | System Management CommandsSwitch Clustering– 550 –COMMAND USAGE ◆ Once a switch has been configured to be a cluster Commander, it aut

CHAPTER 21 | System Management CommandsSwitch Clustering– 551 –cluster member This command configures a Candidate switch as a cluster Member. Use

CHAPTER 21 | System Management CommandsSwitch Clustering– 552 –EXAMPLEConsole#rcommand id 1 CLI session with the MS453490M is opened. To

CHAPTER 21 | System Management CommandsSwitch Clustering– 553 –show clustercandidatesThis command shows the discovered Candidate switches in the n

CHAPTER 21 | System Management CommandsSwitch Clustering– 554 –

– 555 –22 SNMP COMMANDSControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the e

CHAPTER 22 | SNMP Commands– 556 –snmp-server This command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c,

CHAPTER 22 | SNMP Commands– 557 –snmp-servercommunityThis command defines community access strings used to authorize management access by clients

CHAPTER 22 | SNMP Commands– 558 –EXAMPLE Console(config)#snmp-server contact PaulConsole(config)#RELATED COMMANDSsnmp-server location (558)snmp-se

CHAPTER 22 | SNMP Commands– 559 –Console#show snmpSNMP Agent : EnabledSNMP Traps : Authentication : Enabled Link-up-down : EnabledSNMP Communiti

CHAPTER 1 | IntroductionSystem Defaults– 56 –Traffic Prioritization Ingress Port Priority 0Queue Mode WRRQueue Weight Queue: 0 1 2 3 Weight: 1

CHAPTER 22 | SNMP Commands– 560 –no keywords, both authentication and link-up-down notifications are enabled. If you enter the command with a keyw

CHAPTER 22 | SNMP Commands– 561 –prior to using the snmp-server host command. (Maximum length: 32 characters)version - Specifies whether to send n

CHAPTER 22 | SNMP Commands– 562 –To send an inform to a SNMPv2c host, complete these steps:1. Enable the SNMP agent (page 556).2. Create a view wi

CHAPTER 22 | SNMP Commands– 563 –snmp-serverengine-idThis command configures an identification string for the SNMPv3 engine. Use the no form to re

CHAPTER 22 | SNMP Commands– 564 –RELATED COMMANDSsnmp-server host (560)snmp-server group This command adds an SNMP group, mapping SNMP users to SN

CHAPTER 22 | SNMP Commands– 565 –EXAMPLEConsole(config)#snmp-server group r&d v3 auth write dailyConsole(config)#snmp-server user This command

CHAPTER 22 | SNMP Commands– 566 –◆ Remote users (i.e., the command specifies a remote engine identifier) must be configured to identify the source

CHAPTER 22 | SNMP Commands– 567 –COMMAND USAGE ◆ Views are used in the snmp-server group command to restrict user access to specified portions of

CHAPTER 22 | SNMP Commands– 568 –show snmp group Four default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c rea

CHAPTER 22 | SNMP Commands– 569 –show snmp user This command shows information on SNMP users.COMMAND MODE Privileged ExecEXAMPLEConsole#show snmp

– 57 –2 INITIAL SWITCH CONFIGURATIONThis chapter includes information on connecting to the switch and basic configuration procedures.CONNECTING TO T

CHAPTER 22 | SNMP Commands– 570 –show snmp view This command shows information on the SNMP views.COMMAND MODE Privileged ExecEXAMPLEConsole#show s

CHAPTER 22 | SNMP Commands– 571 –◆ Disabling logging with this command does not delete the entries stored in the notification log.EXAMPLEThis exam

CHAPTER 22 | SNMP Commands– 572 –◆ To avoid this problem, notification logging should be configured and enabled using the snmp-server notify-filte

CHAPTER 22 | SNMP Commands– 573 –show snmp notify-filterThis command displays the configured notification logs.COMMAND MODE Privileged ExecEXAMPLE

CHAPTER 22 | SNMP Commands– 574 –

– 575 –23 REMOTE MONITORING COMMANDSRemote Monitoring allows a remote device to collect information or respond to specified events on an independent

CHAPTER 23 | Remote Monitoring Commands– 576 –rmon alarm This command sets threshold bounds for a monitored variable. Use the no form to remove an

CHAPTER 23 | Remote Monitoring Commands– 577 –such event will not be generated until the sampled value has risen above the falling threshold, reac

CHAPTER 23 | Remote Monitoring Commands– 578 –COMMAND USAGE ◆ If an event is already defined for an index, the entry must be deleted before any ch

CHAPTER 23 | Remote Monitoring Commands– 579 –EXAMPLEConsole(config)#interface ethenet 1/1Console(config-if)#rmon collection history 21 buckets 2

CHAPTER 2 | Initial Switch ConfigurationConnecting to the Switch– 58 –◆ Control port access through IEEE 802.1X security or static address filteri

CHAPTER 23 | Remote Monitoring Commands– 580 –show rmon alarm This command shows the settings for all configured alarms.COMMAND MODE Privileged Ex

CHAPTER 23 | Remote Monitoring Commands– 581 – buckets requested = 8 buckets granted = 8 Interval = 30 Owner RMON_S

CHAPTER 23 | Remote Monitoring Commands– 582 –

– 583 –24 AUTHENTICATION COMMANDS You can configure this switch to authenticate users logging into the system for management access using local or r

CHAPTER 24 | Authentication CommandsUser Accounts– 584 –enable password After initially logging onto the system, you should set the Privileged Exe

CHAPTER 24 | Authentication CommandsUser Accounts– 585 –username This command adds named users, requires authentication at login, specifies or cha

CHAPTER 24 | Authentication CommandsAuthentication Sequence– 586 –AUTHENTICATION SEQUENCEThree authentication methods can be specified to authenti

CHAPTER 24 | Authentication CommandsAuthentication Sequence– 587 –EXAMPLE Console(config)#authentication enable radiusConsole(config)#RELATED COMM

CHAPTER 24 | Authentication CommandsRADIUS Client– 588 –RELATED COMMANDSusername - for setting the local user names and passwords (585)RADIUS CLIE

CHAPTER 24 | Authentication CommandsRADIUS Client– 589 –radius-server auth-portThis command sets the RADIUS server network port. Use the no form t

CHAPTER 2 | Initial Switch ConfigurationConnecting to the Switch– 59 – Set flow control to none. Set the emulation mode to VT100. When using Hyp

CHAPTER 24 | Authentication CommandsRADIUS Client– 590 –DEFAULT SETTING auth-port - 1812acct-port - 1813timeout - 5 secondsretransmit - 2COMMAND M

CHAPTER 24 | Authentication CommandsRADIUS Client– 591 –DEFAULT SETTING 2COMMAND MODE Global ConfigurationEXAMPLE Console(config)#radius-server re

CHAPTER 24 | Authentication CommandsTACACS+ Client– 592 – Retransmit Times : 2 Request Timeout : 5Server 1: Server IP Address : 192.168.1

CHAPTER 24 | Authentication CommandsTACACS+ Client– 593 –DEFAULT SETTING 10.11.12.13COMMAND MODE Global ConfigurationEXAMPLE Console(config)#tacac

CHAPTER 24 | Authentication CommandsTACACS+ Client– 594 –EXAMPLE Console(config)#tacacs-server key greenConsole(config)#tacacs-server port This co

CHAPTER 24 | Authentication CommandsAAA– 595 –AAAThe Authentication, Authorization, and Accounting (AAA) feature provides the main framework for c

CHAPTER 24 | Authentication CommandsAAA– 596 –group - Specifies the server group to use.tacacs+ - Specifies all TACACS+ hosts configure with the t

CHAPTER 24 | Authentication CommandsAAA– 597 –group - Specifies the server group to use.radius - Specifies all RADIUS hosts configure with the rad

CHAPTER 24 | Authentication CommandsAAA– 598 –group - Specifies the server group to use.radius - Specifies all RADIUS hosts configure with the rad

CHAPTER 24 | Authentication CommandsAAA– 599 –◆ Using the command without specifying an interim interval enables updates, but does not change the

CONTENTS– 6 –Configuration Options 57Required Connections 58Remote Connections 59Basic Configuration 60Console Connection 60Setting Passwords

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 60 –BASIC CONFIGURATIONCONSOLECONNECTIONThe CLI program provides two different comman

CHAPTER 24 | Authentication CommandsAAA– 600 –aaa group server Use this command to name a group of security server hosts. To remove a server group

CHAPTER 24 | Authentication CommandsAAA– 601 –EXAMPLE Console(config)#aaa group server radius tpsConsole(config-sg-radius)#server 10.2.68.120Conso

CHAPTER 24 | Authentication CommandsAAA– 602 –EXAMPLE Console(config)#line consoleConsole(config-line)#accounting exec tpsConsole(config-line)#exi

CHAPTER 24 | Authentication CommandsWeb Server– 603 –statistics - Displays accounting records.user-name - Displays accounting records for a specif

CHAPTER 24 | Authentication CommandsWeb Server– 604 –ip http port This command specifies the TCP port number used by the web browser interface. Us

CHAPTER 24 | Authentication CommandsWeb Server– 605 –ip http secure-serverThis command enables the secure hypertext transfer protocol (HTTPS) over

CHAPTER 24 | Authentication CommandsWeb Server– 606 –◆ To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” o

CHAPTER 24 | Authentication CommandsTelnet Server– 607 –TELNET SERVERThis section describes commands used to configure Telnet management access to

CHAPTER 24 | Authentication CommandsTelnet Server– 608 –ip telnet port This command specifies the TCP port number used by the Telnet interface. Us

CHAPTER 24 | Authentication CommandsSecure Shell– 609 –show ip telnet This command displays the configuration settings for the Telnet server. COMM

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 61 –Console#configureConsole(config)#username guest password 0 [password]Console(conf

CHAPTER 24 | Authentication CommandsSecure Shell– 610 –Configuration GuidelinesThe SSH server on this switch supports both password and public key

CHAPTER 24 | Authentication CommandsSecure Shell– 611 –4. Set the Optional Parameters – Set other optional parameters, including the authenticatio

CHAPTER 24 | Authentication CommandsSecure Shell– 612 –c. The client sends a signature generated using the private key to the switch.d. When the s

CHAPTER 24 | Authentication CommandsSecure Shell– 613 –COMMAND USAGE ◆ The SSH server supports up to four client sessions. The maximum number of c

CHAPTER 24 | Authentication CommandsSecure Shell– 614 –ip ssh timeout This command configures the timeout for the SSH server. Use the no form to r

CHAPTER 24 | Authentication CommandsSecure Shell– 615 –EXAMPLE Console#delete public-key admin dsaConsole#ip ssh crypto host-key generateThis comm

CHAPTER 24 | Authentication CommandsSecure Shell– 616 –ip ssh cryptozeroizeThis command clears the host key from memory (i.e. RAM). SYNTAX ip ssh

CHAPTER 24 | Authentication CommandsSecure Shell– 617 –RELATED COMMANDSip ssh crypto host-key generate (615)show ip ssh This command displays the

CHAPTER 24 | Authentication CommandsSecure Shell– 618 –1854900028313416250083487184495220874292122556916656552963281635169640408315547660664151657

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 619 –802.1X PORT AUTHENTICATIONThe switch supports IEEE 802.1X (dot1x) port-based

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 62 –4. To set the IP address of the default gateway for the network to which the swit

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 620 –dot1x default This command sets all configurable dot1x global and port settin

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 621 –EXAMPLEThis example instructs the switch to pass all EAPOL frame through to a

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 622 –EXAMPLEConsole(config)#interface eth 1/2Console(config-if)#dot1x intrusion-ac

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 623 –DEFAULTSingle-hostCOMMAND MODEInterface ConfigurationCOMMAND USAGE ◆ The “max

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 624 –EXAMPLEConsole(config)#interface eth 1/2Console(config-if)#dot1x port-control

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 625 –COMMAND MODEInterface ConfigurationEXAMPLEConsole(config)#interface eth 1/2Co

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 626 –COMMAND USAGEThis command sets the timeout for EAP-request frames other than

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 627 –COMMAND MODEPrivileged ExecCOMMAND USAGEThe re-authentication process verifie

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 628 –dot1x max-start This command sets the maximum number of times that a port sup

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 629 –◆ A port cannot be configured as a dot1x supplicant if it is a member of a tr

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 63 –ND retransmit interval is 1000 millisecondsConsole#Address for Multi-segment Netw

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 630 –COMMAND MODEInterface ConfigurationEXAMPLEConsole(config)#interface eth 1/2Co

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 631 –COMMAND USAGEThis command displays the following information:◆ Global 802.1X

CHAPTER 24 | Authentication Commands802.1X Port Authentication– 632 – Current Identifier– The integer (0-255) used by the Authenticator to identif

CHAPTER 24 | Authentication CommandsManagement IP Filter– 633 –Authenticator State MachineState : AuthenticatedReauth Count :

CHAPTER 24 | Authentication CommandsManagement IP Filter– 634 –COMMAND USAGE ◆ If anyone tries to access a management interface on the switch from

CHAPTER 24 | Authentication CommandsManagement IP Filter– 635 –EXAMPLEConsole#show management all-clientManagement Ip Filter HTTP-Client: Start

CHAPTER 24 | Authentication CommandsManagement IP Filter– 636 –

– 637 –25 GENERAL SECURITY MEASURES This switch supports many methods of segregating traffic for clients attached to each of the data ports, and for

CHAPTER 25 | General Security MeasuresPort Security– 638 –PORT SECURITY These commands can be used to enable port security on a port. When MAC add

CHAPTER 25 | General Security MeasuresPort Security– 639 –◆ The mac-learning commands cannot be used if 802.1X Port Authentication has been global

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 64 – 2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64Joined group address(

CHAPTER 25 | General Security MeasuresPort Security– 640 –addresses when it reaches a configured maximum number. Only incoming traffic with source

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 641 –NETWORK ACCESS (MAC ADDRESS AUTHENTICATION)Network Access

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 642 –network-accessagingUse this command to enable aging for au

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 643 –COMMAND MODE Global Configuration COMMAND USAGE◆ Specified

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 644 –network-accessdynamic-qosUse this command to enable the dy

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 645 –network-accessdynamic-vlanUse this command to enable dynam

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 646 –COMMAND MODEInterface ConfigurationCOMMAND USAGE◆ The VLAN

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 647 –network-accesslink-detection link-downUse this command to

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 648 –EXAMPLEConsole(config)#interface ethernet 1/1Console(confi

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 649 –COMMAND MODE Interface Configuration COMMAND USAGE The max

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 65 –5. Then save your configuration changes by typing “copy running-config startup-co

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 650 –◆ When port status changes to down, all MAC addresses are

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 651 –mac-authenticationintrusion-actionUse this command to conf

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 652 –show network-accessUse this command to display the MAC aut

CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 653 –show network-access mac-address-tableUse this command to d

CHAPTER 25 | General Security MeasuresWeb Authentication– 654 –show network-access mac-filterUse this command to display information for entries i

CHAPTER 25 | General Security MeasuresWeb Authentication– 655 –web-auth login-attemptsThis command defines the limit for failed web authentication

CHAPTER 25 | General Security MeasuresWeb Authentication– 656 –web-auth quiet-periodThis command defines the amount of time a host must wait after

CHAPTER 25 | General Security MeasuresWeb Authentication– 657 –web-auth system-auth-controlThis command globally enables web authentication for th

CHAPTER 25 | General Security MeasuresWeb Authentication– 658 –web-auth re-authenticate (Port)This command ends all web authentication sessions co

CHAPTER 25 | General Security MeasuresWeb Authentication– 659 –show web-auth This command displays global web authentication parameters.COMMAND MO

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 66 –To dynamically generate an IPv6 host address for the switch, complete the followi

CHAPTER 25 | General Security MeasuresDHCP Snooping– 660 –show web-authsummaryThis command displays a summary of web authentication port parameter

CHAPTER 25 | General Security MeasuresDHCP Snooping– 661 –ip dhcp snooping This command enables DHCP snooping globally. Use the no form to restore

CHAPTER 25 | General Security MeasuresDHCP Snooping– 662 – If the DHCP packet is from a client, such as a DECLINE or RELEASE message, the switch f

CHAPTER 25 | General Security MeasuresDHCP Snooping– 663 –ip dhcp snoopingdatabase flashThis command writes all dynamically learned snooping entri

CHAPTER 25 | General Security MeasuresDHCP Snooping– 664 –◆ Use the ip dhcp snooping information option command to specify how to handle DHCP clie

CHAPTER 25 | General Security MeasuresDHCP Snooping– 665 –ip dhcp snoopingverify mac-addressThis command verifies the client’s hardware address st

CHAPTER 25 | General Security MeasuresDHCP Snooping– 666 –◆ When the DHCP snooping is globally disabled, DHCP snooping can still be configured for

CHAPTER 25 | General Security MeasuresDHCP Snooping– 667 –◆ When an untrusted port is changed to a trusted port, all the dynamic DHCP snooping bin

CHAPTER 25 | General Security MeasuresDHCP Snooping– 668 –show ip dhcpsnoopingThis command shows the DHCP snooping configuration settings.COMMAND

CHAPTER 25 | General Security MeasuresIP Source Guard– 669 –IP SOURCE GUARDIP Source Guard is a security feature that filters IP traffic on networ

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 67 –COMMUNITY STRINGS (FOR SNMP VERSION 1 AND 2C CLIENTS)Community strings are used t

CHAPTER 25 | General Security MeasuresIP Source Guard– 670 –◆ All static entries are configured with an infinite lease time, which is indicated wi

CHAPTER 25 | General Security MeasuresIP Source Guard– 671 –COMMAND MODEInterface Configuration (Ethernet)COMMAND USAGE ◆ Source guard is used to

CHAPTER 25 | General Security MeasuresIP Source Guard– 672 –EXAMPLEThis example enables IP source guard on port 5.Console(config)#interface ethern

CHAPTER 25 | General Security MeasuresARP Inspection– 673 –EXAMPLEConsole#show ip source-guard bindingMacAddress IpAddress Lease(sec)

CHAPTER 25 | General Security MeasuresARP Inspection– 674 –ip arp inspection This command enables ARP Inspection globally on the switch. Use the n

CHAPTER 25 | General Security MeasuresARP Inspection– 675 –ip arp inspectionfilterThis command specifies an ARP ACL to apply to one or more VLANs.

CHAPTER 25 | General Security MeasuresARP Inspection– 676 –ip arp inspectionlog-buffer logsThis command sets the maximum number of entries saved i

CHAPTER 25 | General Security MeasuresARP Inspection– 677 –ip arp inspectionvalidateThis command specifies additional validation of address compon

CHAPTER 25 | General Security MeasuresARP Inspection– 678 –DEFAULT SETTING Disabled on all VLANsCOMMAND MODEGlobal ConfigurationCOMMAND USAGE◆ Whe

CHAPTER 25 | General Security MeasuresARP Inspection– 679 –COMMAND MODEInterface Configuration (Port)COMMAND USAGE◆ This command only applies to u

CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 68 –authentication and privacy is used for v3 clients. Then press <Enter>. Fo

CHAPTER 25 | General Security MeasuresARP Inspection– 680 –show ip arpinspectionconfigurationThis command displays the global configuration settin

CHAPTER 25 | General Security MeasuresARP Inspection– 681 –show ip arpinspection logThis command shows information about entries stored in the log

CHAPTER 25 | General Security MeasuresARP Inspection– 682 –COMMAND MODEPrivileged ExecEXAMPLEConsole#show ip arp inspection vlan 1VLAN ID DAI

– 683 –26 ACCESS CONTROL LISTSAccess Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port

CHAPTER 26 | Access Control ListsIPv4 ACLs– 684 –access-list ip This command adds an IP access list and enters configuration mode for standard or

CHAPTER 26 | Access Control ListsIPv4 ACLs– 685 –permit, deny(Standard IP ACL)This command adds a rule to a Standard IPv4 ACL. The rule sets a fil

CHAPTER 26 | Access Control ListsIPv4 ACLs– 686 –permit, deny(Extended IPv4 ACL)This command adds a rule to an Extended IPv4 ACL. The rule sets a

CHAPTER 26 | Access Control ListsIPv4 ACLs– 687 –port-bitmask – Decimal number representing the port bits to match. (Range: 0-65535)control-flags

CHAPTER 26 | Access Control ListsIPv4 ACLs– 688 –EXAMPLEThis example accepts any incoming packets if the source address is within subnet 10.7.1.x.

CHAPTER 26 | Access Control ListsIPv4 ACLs– 689 –COMMAND USAGE◆ Only one ACL can be bound to a port.◆ If an ACL is already bound to a port and you

CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 69 –“startup1.cfg” that contains system settings for switch initialization, includi

CHAPTER 26 | Access Control ListsMAC ACLs– 690 –EXAMPLE Console#show ip access-list standardIP standard access-list david: permit host 10.1.1.21

CHAPTER 26 | Access Control ListsMAC ACLs– 691 –◆ To remove a rule, use the no permit or no deny command followed by the exact text of a previousl

CHAPTER 26 | Access Control ListsMAC ACLs– 692 –no {permit | deny} untagged-eth2{any | host source | source address-bitmask} {any | host destinati

CHAPTER 26 | Access Control ListsMAC ACLs– 693 –COMMAND USAGE◆ New rules are added to the end of the list.◆ The ethertype option can only be used

CHAPTER 26 | Access Control ListsMAC ACLs– 694 –EXAMPLE Console(config)#interface ethernet 1/2Console(config-if)#mac access-group jerry inConsole(

CHAPTER 26 | Access Control ListsARP ACLs– 695 –ARP ACLSThe commands in this section configure ACLs based on the IP or MAC address contained in AR

CHAPTER 26 | Access Control ListsARP ACLs– 696 –permit, deny (ARPACL)This command adds a rule to an ARP ACL. The rule filters packets matching a s

CHAPTER 26 | Access Control ListsARP ACLs– 697 –EXAMPLE This rule permits packets from any source IP and MAC address to the destination subnet add

CHAPTER 26 | Access Control ListsACL Information– 698 –ACL INFORMATIONThis section describes commands used to display ACL information.show access-

– 699 –27 INTERFACE COMMANDSThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN; or pe

CONTENTS– 7 –Console Port Settings 107Telnet Settings 109Displaying CPU Utilization 110Displaying Memory Utilization 111Resetting the System 11

CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 70 –To save the current configuration settings, enter the following command:1. From

CHAPTER 27 | Interface Commands– 700 –interface This command configures an interface type and enter interface configuration mode. Use the no form

CHAPTER 27 | Interface Commands– 701 –COMMAND USAGEThe alias is displayed in the running-configuration file. An example of the value which a netwo

CHAPTER 27 | Interface Commands– 702 –manually specify the link attributes with the speed-duplex and flowcontrol commands.EXAMPLE The following ex

CHAPTER 27 | Interface Commands– 703 –flowcontrol This command enables flow control. Use the no form to disable flow control.SYNTAX [no] flowcontr

CHAPTER 27 | Interface Commands– 704 –media-type This command forces the port type selected for combination ports 9-10. Use the no form to restore

CHAPTER 27 | Interface Commands– 705 –negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol

CHAPTER 27 | Interface Commands– 706 –speed-duplex This command configures the speed and duplex mode of a given interface when auto-negotiation is

CHAPTER 27 | Interface Commands– 707 –switchport packet-rateThis command configures broadcast, multicast and unknown unicast storm control. Use th

CHAPTER 27 | Interface Commands– 708 –clear counters This command clears statistics on an interface.SYNTAX clear counters interfaceinterface ether

CHAPTER 27 | Interface Commands– 709 –show interfacescountersThis command displays interface statistics. SYNTAX show interfaces counters [interfac

– 71 –SECTION IIWEB CONFIGURATIONThis section describes the basic switch features, along with a detailed description of how to configure each featur

CHAPTER 27 | Interface Commands– 710 – ===== RMON Stats ===== 0 Drop Events 16900558 Octets

CHAPTER 27 | Interface Commands– 711 – Speed-duplex : Auto Capabilities : 10half, 10full, 100half, 100full Broadcast Storm

CHAPTER 27 | Interface Commands– 712 – Egress Rate Limit : Disabled, 1000M bits per second VLAN Membership Mode : Hybrid Ingr

CHAPTER 27 | Interface Commands– 713 –test cable-diagnosticsThis command performs cable diagnostics on the specified port to diagnose any cable fa

CHAPTER 27 | Interface Commands– 714 –show cable-diagnosticsThis command shows the results of a cable diagnostics test.SYNTAX show cable-diagnosti

CHAPTER 27 | Interface Commands– 715 –partner. If none is detected, the switch automatically turns off the transmitter, and most of the receive ci

CHAPTER 27 | Interface Commands– 716 –EXAMPLE Console#show power-save interface ethernet 1/10 Power Saving Status : EnabledConsole#

– 717 –28 LINK AGGREGATION COMMANDSPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network conne

CHAPTER 28 | Link Aggregation Commands– 718 –◆ Any of the Gigabit ports on the front panel can be trunked together, including ports of different m

CHAPTER 28 | Link Aggregation Commands– 719 –EXAMPLE The following example creates trunk 1 and then adds port 10:Console(config)#interface port-ch

SECTION II | Web Configuration– 72 –

CHAPTER 28 | Link Aggregation Commands– 720 –Console#show interfaces status port-channel 1 Information of Trunk 1 Basic Information: Port Type

CHAPTER 28 | Link Aggregation Commands– 721 –the partner only applies to its administrative state, not its operational state.EXAMPLEConsole(config

CHAPTER 28 | Link Aggregation Commands– 722 –lacp system-priority This command configures a port's LACP system priority. Use the no form to r

CHAPTER 28 | Link Aggregation Commands– 723 –DEFAULT SETTING 0COMMAND MODE Interface Configuration (Port Channel)COMMAND USAGE ◆ Ports are only al

CHAPTER 28 | Link Aggregation Commands– 724 –EXAMPLEConsole#show lacp 1 countersPort Channel: 1---------------------------------------------------

CHAPTER 28 | Link Aggregation Commands– 725 –Console#show lacp 1 neighborsPort Channel 1 neighbors------------------------------------------------

CHAPTER 28 | Link Aggregation Commands– 726 – Console#show lacp sysidPort Channel System Priority System MAC Address-----------------------

– 727 –29 PORT MIRRORING COMMANDSData can be mirrored from a local port on the same switch or from a remote port on another switch for analysis at t

CHAPTER 29 | Port Mirroring CommandsLocal Port Mirroring Commands– 728 –mac-address - MAC address in the form of xx-xx-xx-xx-xx-xx or xxxxxxxxxxxx

CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 729 –show port monitor This command displays mirror information.SYNTAX show port mon

– 73 –3 USING THE WEB INTERFACEThis switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics

CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 730 –Configuration GuidelinesTake the following steps to configure an RSPAN session:

CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 731 –be configured. When RSPAN uplink ports are enabled on the switch, 802.1X cannot

CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 732 –◆ The source port and destination port cannot be configured on the same switch.

CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 733 –◆ A destination port can still send and receive switched traffic, and participa

CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 734 –COMMAND USAGE ◆ Only 802.1Q trunk or hybrid (i.e., general use) ports can be co

CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 735 –show rspan Use this command to displays the configuration settings for an RSPAN

CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 736 –

– 737 –30 RATE LIMIT COMMANDSThis function allows the network manager to control the maximum rate for traffic transmitted or received on an interfac

CHAPTER 30 | Rate Limit Commands– 738 –by the storm control command. It is therefore not advisable to use both of these commands on the same inter

– 739 –31 AUTOMATIC TRAFFIC CONTROL COMMANDSAutomatic Traffic Control (ATC) configures bounding thresholds for broadcast and multicast storms which

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 74 –forwarding (i.e., enable Admin Edge Port) to improve the switch’s res

CHAPTER 31 | Automatic Traffic Control Commands– 740 –USAGE GUIDELINESATC includes storm control for broadcast or multicast traffic. The control r

CHAPTER 31 | Automatic Traffic Control Commands– 741 –expires. When ingress traffic falls below this threshold, ATC sends a Storm Alarm Clear Trap

CHAPTER 31 | Automatic Traffic Control Commands– 742 –DEFAULT SETTING 300 seconds COMMAND MODE Global ConfigurationCOMMAND USAGE After the apply t

CHAPTER 31 | Automatic Traffic Control Commands– 743 –EXAMPLE This example sets the release timer to 800 seconds for all ports.Console(config)#aut

CHAPTER 31 | Automatic Traffic Control Commands– 744 –auto-traffic-controlactionThis command sets the control action to limit ingress traffic or s

CHAPTER 31 | Automatic Traffic Control Commands– 745 –auto-traffic-controlalarm-clear-thresholdThis command sets the lower threshold for ingress t

CHAPTER 31 | Automatic Traffic Control Commands– 746 –auto-traffic-controlalarm-fire-thresholdThis command sets the upper threshold for ingress tr

CHAPTER 31 | Automatic Traffic Control Commands– 747 –COMMAND MODE Privileged ExecCOMMAND USAGE This command can be used to manually stop a contro

CHAPTER 31 | Automatic Traffic Control Commands– 748 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#snmp-server enable port-trap

CHAPTER 31 | Automatic Traffic Control Commands– 749 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#snmp-server enable port-trap

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 75 –CONFIGURATIONOPTIONSConfigurable parameters have a dialog box or a dr

CHAPTER 31 | Automatic Traffic Control Commands– 750 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#snmp-server enable port-trap

CHAPTER 31 | Automatic Traffic Control Commands– 751 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#snmp-server enable port-trap

CHAPTER 31 | Automatic Traffic Control Commands– 752 –Storm-control: Multicast Apply-timer(sec) : 300 release-timer(sec) : 900Console#show aut

– 753 –32 ADDRESS TABLE COMMANDSThese commands are used to configure the address table for filtering specified addresses, displaying current entries

CHAPTER 32 | Address Table Commands– 754 –mac-address-tablestaticThis command maps a static address to a destination port in a VLAN. Use the no fo

CHAPTER 32 | Address Table Commands– 755 –clear mac-address-table dynamicThis command removes any learned entries from the forwarding database.DEF

CHAPTER 32 | Address Table Commands– 756 –example, a mask of 00-00-00-00-00-00 means an exact match, and a mask of FF-FF-FF-FF-FF-FF means “any.”◆

– 757 –33 SPANNING TREE COMMANDSThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and command

CHAPTER 33 | Spanning Tree Commands– 758 –spanning-tree This command enables the Spanning Tree Algorithm globally for the switch. Use the no form

CHAPTER 33 | Spanning Tree Commands– 759 –spanning-treeforward-timeThis command configures the spanning tree bridge forward time globally for this

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 76 –MAIN MENU Using the onboard web agent, you can define system paramete

CHAPTER 33 | Spanning Tree Commands– 760 –EXAMPLE Console(config)#spanning-tree hello-time 5Console(config)#RELATED COMMANDSspanning-tree forward-

CHAPTER 33 | Spanning Tree Commands– 761 –spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to resto

CHAPTER 33 | Spanning Tree Commands– 762 –restarts the system in the new mode, temporarily disrupting user traffic.EXAMPLE The following example c

CHAPTER 33 | Spanning Tree Commands– 763 –spanning-treepriorityThis command configures the spanning tree priority globally for this switch. Use th

CHAPTER 33 | Spanning Tree Commands– 764 –revision (767)max-hops (764)spanning-treetransmission-limitThis command configures the minimum interval

CHAPTER 33 | Spanning Tree Commands– 765 –Each bridge decrements the hop count by one before passing on the BPDU. When the hop count reaches zero,

CHAPTER 33 | Spanning Tree Commands– 766 –mst vlan This command adds VLANs to a spanning tree instance. Use the no form to remove the specified VL

CHAPTER 33 | Spanning Tree Commands– 767 –COMMAND MODE MST ConfigurationCOMMAND USAGE The MST region name and revision number (page 767) are used

CHAPTER 33 | Spanning Tree Commands– 768 –spanning-tree bpdu-filterThis command filters all BPDUs received on an edge port. Use the no form to dis

CHAPTER 33 | Spanning Tree Commands– 769 –COMMAND USAGE ◆ An edge port should only be connected to end nodes which do not generate BPDUs. If a BPD

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 77 –Chart Shows Interface, Etherlike, and RMON port statistics 128Cable T

CHAPTER 33 | Spanning Tree Commands– 770 –DEFAULT SETTING By default, the system automatically detects the speed and duplex mode used on each port

CHAPTER 33 | Spanning Tree Commands– 771 –COMMAND USAGE ◆ You can enable this option if an interface is attached to a LAN segment that is at the e

CHAPTER 33 | Spanning Tree Commands– 772 –EXAMPLE Console(config)#interface ethernet 1/5Console(config-if)#spanning-tree link-type point-to-points

CHAPTER 33 | Spanning Tree Commands– 773 –COMMAND MODEInterface Configuration (Ethernet, Port Channel)COMMAND USAGE◆ If the port is configured for

CHAPTER 33 | Spanning Tree Commands– 774 –spanning-tree mstcostThis command configures the path cost on a spanning instance in the Multiple Spanni

CHAPTER 33 | Spanning Tree Commands– 775 –spanning-tree mstport-priorityThis command configures the interface priority on a spanning instance in t

CHAPTER 33 | Spanning Tree Commands– 776 –COMMAND USAGE ◆ This command defines the priority for the use of a port in the Spanning Tree Algorithm.

CHAPTER 33 | Spanning Tree Commands– 777 –EXAMPLE Console(config)#interface ethernet ethernet 1/5Console(config-if)#spanning-tree edge-portConsole

CHAPTER 33 | Spanning Tree Commands– 778 –EXAMPLE Console#spanning-tree loopback-detection release ethernet 1/1Console#spanning-treeprotocol-migra

CHAPTER 33 | Spanning Tree Commands– 779 –show spanning-tree This command shows the configuration for the common spanning tree (CST) or for an ins

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 78 –Configure Session Configures the uplink and down-link ports for a seg

CHAPTER 33 | Spanning Tree Commands– 780 – Root Forward Delay (sec.) : 15 Max. Hops : 20 Remaining Hops

– 781 –34 VLAN COMMANDSA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same phy

CHAPTER 34 | VLAN CommandsGVRP and Bridge Extension Commands– 782 –GVRP AND BRIDGE EXTENSION COMMANDSGARP VLAN Registration Protocol defines a way

CHAPTER 34 | VLAN CommandsGVRP and Bridge Extension Commands– 783 –garp timer This command sets the values for the join, leave and leaveall timers

CHAPTER 34 | VLAN CommandsGVRP and Bridge Extension Commands– 784 –switchportforbidden vlanThis command configures forbidden VLANs. Use the no for

CHAPTER 34 | VLAN CommandsGVRP and Bridge Extension Commands– 785 –EXAMPLE Console(config)#interface ethernet 1/1Console(config-if)#switchport gvr

CHAPTER 34 | VLAN CommandsEditing VLAN Groups– 786 –EXAMPLE Console#show garp timer ethernet 1/1Eth 1/ 1 GARP timer status: Join Timer: 20 cen

CHAPTER 34 | VLAN CommandsEditing VLAN Groups– 787 –vlan database This command enters VLAN database mode. All commands in this mode will take effe

CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 788 –VLAN 1 (the switch’s default VLAN), nor VLAN 4093 (the VLAN used for switch clustering

CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 789 –interface vlan This command enters interface configuration mode for VLANs, which is us

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 79 –MAC Address 185Learning Status Enables MAC address learning on select

CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 790 –tagged - The port only receives tagged frames. DEFAULT SETTING All frame typesCOMMAND

CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 791 –◆ If a trunk has switchport mode set to trunk (i.e., 1Q Trunk), then you can only assi

CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 792 –EXAMPLE The following example shows how to set the interface to port 1 and then enable

CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 793 –switchport nativevlanThis command configures the PVID (i.e., default VLAN ID) for a po

CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 794 –COMMAND USAGE ◆ Use this command to configure a tunnel across one or more intermediate

CHAPTER 34 | VLAN CommandsDisplaying VLAN Information– 795 –Console(config)#interface ethernet 1/9Console(config-if)#vlan-trunkingConsole(config-i

CHAPTER 34 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 796 – Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S)Cons

CHAPTER 34 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 797 –7. Configure the QinQ tunnel uplink port to dot1Q-tunnel uplink mode (switchport

CHAPTER 34 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 798 –switchport dot1q-tunnel modeThis command configures an interface as a QinQ tunne

CHAPTER 34 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 799 –switchport dot1q-tunnel tpidThis command sets the Tag Protocol Identifier (TPID)

CONTENTS– 8 –Configuring IP Subnet VLANs 179Configuring MAC-based VLANs 181Configuring VLAN Mirroring 1837ADDRESS TABLE SETTINGS 185Configuring M

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 80 –PriorityDefault Priority Sets the default priority for each port or t

CHAPTER 34 | VLAN CommandsConfiguring Port-based Traffic Segmentation– 800 –Console(config-if)#interface ethernet 1/2Console(config-if)#switchport

CHAPTER 34 | VLAN CommandsConfiguring Port-based Traffic Segmentation– 801 –only be forwarded to, and from, the designated uplink port(s). Data ca

CHAPTER 34 | VLAN CommandsConfiguring Protocol-based VLANs– 802 –CONFIGURING PROTOCOL-BASED VLANSThe network devices required to support multiple

CHAPTER 34 | VLAN CommandsConfiguring Protocol-based VLANs– 803 –protocol-vlanprotocol-group(Configuring Groups)This command creates a protocol gr

CHAPTER 34 | VLAN CommandsConfiguring Protocol-based VLANs– 804 –COMMAND MODE Interface Configuration (Ethernet, Port Channel)COMMAND USAGE ◆ When

CHAPTER 34 | VLAN CommandsConfiguring Protocol-based VLANs– 805 –EXAMPLE This shows protocol group 1 configured for IP over Ethernet:Console#show

CHAPTER 34 | VLAN CommandsConfiguring IP Subnet VLANs– 806 –CONFIGURING IP SUBNET VLANSWhen using IEEE 802.1Q port-based VLAN classification, all

CHAPTER 34 | VLAN CommandsConfiguring IP Subnet VLANs– 807 –mapping is found, the PVID of the receiving port is assigned to the frame.◆ The IP sub

CHAPTER 34 | VLAN CommandsConfiguring MAC Based VLANs– 808 –CONFIGURING MAC BASED VLANSWhen using IEEE 802.1Q port-based VLAN classification, all

CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 809 –◆ When MAC-based, IP subnet-based, and protocol-based VLANs are supported concurrently, pr

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 81 –Configure Interface Configures VoIP traffic settings for ports, inclu

CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 810 –voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID. Use

CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 811 –voice vlan aging This command sets the Voice VLAN ID time out. Use the no form to restore

CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 812 –COMMAND USAGE◆ VoIP devices attached to the switch can be identified by the manufacturer’s

CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 813 –EXAMPLE The following example sets port 1 to Voice VLAN auto mode.Console(config)#interfac

CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 814 –DEFAULT SETTINGOUI: EnabledLLDP: DisabledCOMMAND MODEInterface ConfigurationCOMMAND USAGE◆

CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 815 –EXAMPLE The following example enables security filtering on port 1.Console(config)#interfa

CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 816 –

– 817 –35 CLASS OF SERVICE COMMANDSThe commands described in this section allow you to specify which data packets have greater precedence when traff

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 2)– 818 –queue mode This command sets the scheduling mode used for processing each

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 2)– 819 –preserving the overall weight ratios between the queues. This produces les

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 82 –Network Access MAC address-based network access authentication 277Con

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 2)– 820 –COMMAND USAGE ◆ This command shares bandwidth at the egress port by defini

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 2)– 821 –frames that do not have VLAN tags are tagged with the input port's de

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 822 –PRIORITY COMMANDS (LAYER 3 AND 4)This section describes commands use

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 823 –DEFAULT SETTING. COMMAND MODE Interface Configuration (Port, Static

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 824 –qos map dscp-mutationThis command maps DSCP values in incoming packe

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 825 –map should be applied at the receiving port (ingress mutation) at th

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 826 –EXAMPLE Console(config)#interface ethernet 1/5Console(config-if)#qos

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 827 –show qos mapdscp-mutationThis command shows the ingress DSCP to inte

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 828 –COMMAND MODE Privileged ExecEXAMPLE Console#show qos map phb-queue i

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 829 –show qos map trust-modeThis command shows the QoS mapping mode.SYNTA

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 83 –Show Rule Shows the rules specified for an ACL 302Configure Interface

CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 830 –

– 831 –36 QUALITY OF SERVICE COMMANDSThe commands described in this section are used to configure Differentiated Services (DiffServ) classification

CHAPTER 36 | Quality of Service Commands– 832 –To create a service policy for a specific category of ingress traffic, follow these steps:1. Use th

CHAPTER 36 | Quality of Service Commands– 833 –◆ One or more class maps can be assigned to a policy map (page 835). The policy map is then bound b

CHAPTER 36 | Quality of Service Commands– 834 –match This command defines the criteria used to classify traffic. Use the no form to delete the mat

CHAPTER 36 | Quality of Service Commands– 835 –This example creates a class map call “rd-class#2,” and sets it to match packets marked for IP Prec

CHAPTER 36 | Quality of Service Commands– 836 –COMMAND USAGE ◆ Use the policy-map command to specify the name of the policy map, and then use the

CHAPTER 36 | Quality of Service Commands– 837 – police commands define parameters such as the maximum throughput, burst rate, and response to non-

CHAPTER 36 | Quality of Service Commands– 838 –COMMAND MODE Policy Map Class ConfigurationCOMMAND USAGE ◆ You can configure up to 16 policers (i.e

CHAPTER 36 | Quality of Service Commands– 839 –police srtcm-color This command defines an enforcer for classified traffic based on a single rate t

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 84 –Show Local Device Information 361General Displays general information

CHAPTER 36 | Quality of Service Commands– 840 –◆ The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets according to t

CHAPTER 36 | Quality of Service Commands– 841 –EXAMPLE This example creates a policy called “rd-policy,” uses the class command to specify the pre

CHAPTER 36 | Quality of Service Commands– 842 –violate-action - Action to take when rate exceeds the PIR. (There are not enough tokens in bucket B

CHAPTER 36 | Quality of Service Commands– 843 –When a packet of size B bytes arrives at time t, the following happens if trTCM is configured to op

CHAPTER 36 | Quality of Service Commands– 844 –COMMAND USAGE ◆ The set cos command is used to set the CoS value in the VLAN tag for matching packe

CHAPTER 36 | Quality of Service Commands– 845 –EXAMPLE This example creates a policy called “rd-policy,” uses the class command to specify the pre

CHAPTER 36 | Quality of Service Commands– 846 –show class-map This command displays the QoS class maps which define matching criteria used for cla

CHAPTER 36 | Quality of Service Commands– 847 –Description: class rd-class set phb 3 Console#show policy-map rd-policy class rd-classPolicy Map r

CHAPTER 36 | Quality of Service Commands– 848 –

– 849 –37 MULTICAST FILTERING COMMANDSThis switch uses IGMP (Internet Group Management Protocol) to check for any attached hosts that want to receiv

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 85 –RMON Remote Monitoring 393Configure GlobalAddAlarm Sets threshold bou

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 850 –ip igmp snooping This command enables IGMP snooping globally on the switch or on a se

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 851 –DEFAULT SETTING DisabledCOMMAND MODE Global ConfigurationCOMMAND USAGE ◆ When IGMP sn

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 852 –◆ If the IGMP proxy reporting is configured on a VLAN, this setting takes precedence

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 853 –COMMAND USAGE As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 854 –ip igmp snoopingtcn-floodThis command enables flooding of multicast traffic if a span

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 855 –EXAMPLE The following example enables TCN flooding.Console(config)#ip igmp snooping t

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 856 –COMMAND MODE Global ConfigurationCOMMAND USAGE Once the table used to store multicast

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 857 –ip igmp snoopingversionThis command configures the IGMP snooping version. Use the no

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 858 –DEFAULT SETTING Global: DisabledVLAN: Disabled COMMAND MODE Global ConfigurationCOMMA

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 859 –ip igmp snoopingvlan immediate-leaveThis command immediately deletes a member port of

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 86 –Show MTU Shows the maximum transmission unit (MTU) cache for destina

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 860 –ip igmp snoopingvlan last-memb-query-countThis command configures the number of IGMP

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 861 –COMMAND USAGE ◆ When a multicast host leaves a group, it sends an IGMP leave message.

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 862 –messages is not required and may be disabled using the no ip igmp snooping vlan mrd c

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 863 –EXAMPLE The following example sets the source address for proxied IGMP query messages

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 864 –ip igmp snoopingvlan proxy-query-resp-intvlThis command configures the maximum time t

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 865 –COMMAND USAGE ◆ Static multicast entries are never aged out.◆ When a multicast entry

CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 866 –..show ip igmpsnooping groupThis command shows known multicast group, source, and hos

CHAPTER 37 | Multicast Filtering CommandsStatic Multicast Routing– 867 –STATIC MULTICAST ROUTINGThis section describes commands used to configure

CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 868 –show ip igmpsnooping mrouterThis command displays information on stat

CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 869 –ip igmp filter (GlobalConfiguration)This command globally enables IGM

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 87 – Interface 451Configure Configures IGMP snooping per VLAN interface 4

CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 870 –ip igmp profile This command creates an IGMP filter profile number an

CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 871 –EXAMPLE Console(config)#ip igmp profile 19Console(config-igmp-profile

CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 872 –COMMAND USAGE ◆ The IGMP filtering profile must first be created with

CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 873 –ip igmp max-groupsactionThis command sets the IGMP throttling action

CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 874 –EXAMPLE Console#show ip igmp filterIGMP filter enabledConsole#show ip

CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 875 –DEFAULT SETTING NoneCOMMAND MODE Privileged ExecCOMMAND USAGE Using thi

CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 876 –mvr This command enables Multicast VLAN Registration (MVR) globally on

CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 877 –◆ IGMP snooping and MVR share a maximum number of 255 groups. Any multi

CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 878 –mvr type This command configures an interface as an MVR receiver or sou

CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 879 –mvr vlan group This command statically binds a multicast group to a por

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 88 –

CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 880 –show mvr This command shows information about the global MVR configurat

CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 881 –The following displays information about the interfaces attached to the

CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 882 –Source Address Indicates the source address of the multicast service, o

– 883 –38 LLDP COMMANDSLink Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast d

CHAPTER 38 | LLDP Commands– 884 –lldp This command enables LLDP globally on the switch. Use the no form to disable LLDP.SYNTAX[no] lldpDEFAULT SET

CHAPTER 38 | LLDP Commands– 885 –DEFAULT SETTINGHoldtime multiplier: 4 TTL: 4*30 = 120 secondsCOMMAND MODEGlobal ConfigurationCOMMAND USAGEThe tim

CHAPTER 38 | LLDP Commands– 886 –lldp refresh-interval This command configures the periodic transmit interval for LLDP advertisements. Use the no

CHAPTER 38 | LLDP Commands– 887 –EXAMPLEConsole(config)#lldp reinit-delay 10Console(config)#lldp tx-delay This command configures a delay between

CHAPTER 38 | LLDP Commands– 888 –DEFAULT SETTINGtx-rxCOMMAND MODEInterface Configuration (Ethernet, Port Channel)EXAMPLEConsole(config)#interface

CHAPTER 38 | LLDP Commands– 889 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#lldp basic-tlv management-ip-addressConsole(confi

– 89 –4 BASIC MANAGEMENT TASKSThis chapter describes the following topics:◆ Displaying System Information – Provides basic system description, inclu

CHAPTER 38 | LLDP Commands– 890 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#lldp basic-tlv system-capabilitiesConsole(config-

CHAPTER 38 | LLDP Commands– 891 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#lldp basic-tlv system-nameConsole(config-if)#lldp

CHAPTER 38 | LLDP Commands– 892 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#no lldp dot1-tlv proto-vidConsole(config-if)#lldp

CHAPTER 38 | LLDP Commands– 893 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#no lldp dot1-tlv vlan-nameConsole(config-if)#lldp

CHAPTER 38 | LLDP Commands– 894 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#no lldp dot3-tlv mac-phyConsole(config-if)#lldp d

CHAPTER 38 | LLDP Commands– 895 –◆ SNMP trap destinations are defined using the snmp-server host command.◆ Information about additional changes in

CHAPTER 38 | LLDP Commands– 896 – Eth 1/5 | Tx-Rx True...Console#show lldp config detail ethernet 1/1LLDP Port Configuration Detail Port

CHAPTER 38 | LLDP Commands– 897 – Management Address : 192.168.0.101 (IPv4) LLDP Port Information Interface |PortID Type PortID P

CHAPTER 38 | LLDP Commands– 898 – PortID Type : MAC Address PortID : 00-01-02-03-04-06 SysName : SysDescr

CHAPTER 38 | LLDP Commands– 899 –EXAMPLEswitch#show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated : 2450279 seco

CONTENTS– 9 –Overview 251Configuring VoIP Traffic 251Configuring Telephony OUI 253Configuring VoIP Traffic Ports 25414 SECURITY MEASURES 257AAA A

CHAPTER 4 | Basic Management TasksDisplaying Hardware/Software Versions– 90 –PARAMETERSThese parameters are displayed:◆ System Description – Brief

CHAPTER 38 | LLDP Commands– 900 –

– 901 –39 DOMAIN NAME SERVICE COMMANDSThese commands are used to configure Domain Naming System (DNS) services. Entries can be manually configured i

CHAPTER 39 | Domain Name Service Commands– 902 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ Domain names are added to the end of the list one

CHAPTER 39 | Domain Name Service Commands– 903 –◆ If all name servers are deleted, DNS will automatically be disabled.EXAMPLEThis example enables

CHAPTER 39 | Domain Name Service Commands– 904 –Name Server List:Console#RELATED COMMANDS ip domain-list (901)ip name-server (905)ip domain-lookup

CHAPTER 39 | Domain Name Service Commands– 905 –ip name-server This command specifies the address of one or more domain name servers to use for na

CHAPTER 39 | Domain Name Service Commands– 906 –ipv6 host This command creates a static entry in the DNS table that maps a host name to an IPv6 ad

CHAPTER 39 | Domain Name Service Commands– 907 –clear host This command deletes dynamic entries from the DNS table.SYNTAX clear host {name | *}nam

CHAPTER 39 | Domain Name Service Commands– 908 –show dns cache This command displays entries in the DNS cache.COMMAND MODE Privileged ExecEXAMPLE

CHAPTER 39 | Domain Name Service Commands– 909 –Table 132: show hosts - display description Field DescriptionNo. The entry number for each resour

CHAPTER 4 | Basic Management TasksDisplaying Hardware/Software Versions– 91 –PARAMETERSThe following parameters are displayed: Main Board Informat

CHAPTER 39 | Domain Name Service Commands– 910 –

– 911 –40 DHCP COMMANDSThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client functions. DHCP CLIENTUse the commands

CHAPTER 40 | DHCP CommandsDHCP Client– 912 –ip dhcp clientclass-idThis command specifies the DCHP client vendor class identifier for the current i

CHAPTER 40 | DHCP CommandsDHCP Client– 913 –COMMAND USAGE ◆ This command issues a BOOTP or DHCP client request for any IP interface that has been

CHAPTER 40 | DHCP CommandsDHCP Client– 914 –◆ When the DHCP client process is enabled and a prefix is successfully acquired, the prefix is stored

CHAPTER 40 | DHCP CommandsDHCP Client– 915 –show ipv6 dhcp vlan This command shows DHCPv6 information for the specified interface(s).SYNTAX show i

CHAPTER 40 | DHCP CommandsDHCP Client– 916 –

– 917 –41 IP INTERFACE COMMANDS An IP Version 4 and Version 6 address may be used for management access to the switch over the network. Both IPv4 or

CHAPTER 41 | IP Interface CommandsIPv4 Interface– 918 –BASIC IPV4CONFIGURATIONThis section describes commands used to configure IP addresses for V

CHAPTER 41 | IP Interface CommandsIPv4 Interface– 919 –broadcast periodically by the router in an effort to learn its IP address. (BOOTP and DHCP

CHAPTER 4 | Basic Management TasksConfiguring Support for Jumbo Frames– 92 –CONFIGURING SUPPORT FOR JUMBO FRAMESUse the System > Capability pag

CHAPTER 41 | IP Interface CommandsIPv4 Interface– 920 –show ip default-gatewayThis command shows the IPv4 default gateway configured for this devi

CHAPTER 41 | IP Interface CommandsIPv4 Interface– 921 –COMMAND MODE Privileged ExecCOMMAND USAGE ◆ Use the traceroute command to determine the pat

CHAPTER 41 | IP Interface CommandsIPv4 Interface– 922 –COMMAND MODE Normal Exec, Privileged ExecCOMMAND USAGE ◆ Use the ping command to see if ano

CHAPTER 41 | IP Interface CommandsIPv4 Interface– 923 –ARP CONFIGURATION This section describes commands used to configure the Address Resolution

CHAPTER 41 | IP Interface CommandsIPv4 Interface– 924 –clear arp-cache This command deletes all dynamic entries from the Address Resolution Protoc

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 925 –IPV6 INTERFACEThis switch supports the following IPv6 interface commands. Table 139: IPv6 C

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 926 –ipv6 default-gatewayThis command sets an IPv6 default gateway to use when the destination i

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 927 –ipv6 address This command configures an IPv6 global unicast address and enables IPv6 on an

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 928 –Joined group address(es):FF02::1:FF00:72FF02::1:FF00:FDFF02::1IPv6 link MTU is 1500 bytesND

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 929 –EXAMPLE This example assigns a dynamic global unicast address of 2001:DB8:2222:7272:2E0:CFF

CHAPTER 4 | Basic Management TasksDisplaying Bridge Extension Capabilities– 93 –DISPLAYING BRIDGE EXTENSION CAPABILITIESUse the System > Capabi

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 930 –COMMAND USAGE ◆ The prefix must be formatted according to RFC 2373 “IPv6 Addressing Archite

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 931 –Global unicast address(es): 2001:DB8::1:2E0:CFF:FE00:FD/64, subnet is 2001:DB8::1:0:0:0:0/

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 932 –EXAMPLE This example assigns a link-local address of FE80::269:3EF9:FE19:6779 to VLAN 1. No

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 933 –◆ If a duplicate address is detected on the local segment, this interface will be disabled

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 934 –COMMAND USAGE ◆ IPv6 routers do not fragment IPv6 packets forwarded from other routers. How

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 935 –show ipv6 interface This command displays the usability and configured settings for IPv6 in

CHAPTER 41 | IP Interface CommandsIPv6 Interface– 936 –This example displays a brief summary of IPv6 addresses configured on the switch.Console#sh