MICROSENS GmbH & Co. KG - Kueferstraße 16 - 59067 Hamm / Germany - Tel. +49 23 81/94 52-0 - FAX -100 - www.microsens.comMS453490M10 Port Fast Ethe
CONTENTS– 10 –ARP Inspection 313Configuring Global Settings for ARP Inspection 314Configuring VLAN Settings for ARP Inspection 316Configuring Int
CHAPTER 4 | Basic Management TasksManaging System Files– 100 –requested). However, keep in mind that the file systems of many operating systems su
CHAPTER 4 | Basic Management TasksManaging System Files– 101 –The following syntax must be observed:tftp://host[/filedir]/ tftp:// – Defines TFTP
CHAPTER 4 | Basic Management TasksManaging System Files– 102 – tftp://192.168.0.1/switches/opcode/The image file is in the “opcode” directory, whi
CHAPTER 4 | Basic Management TasksSetting the System Clock– 103 –If a new image is found at the specified location, the following type of messages
CHAPTER 4 | Basic Management TasksSetting the System Clock– 104 –◆ Day – Sets the day of the month. (Range: 1-31; Default: 1)◆ Year – Sets the yea
CHAPTER 4 | Basic Management TasksSetting the System Clock– 105 –WEB INTERFACETo set the polling interval for SNTP:1. Click System, then Time. 2.
CHAPTER 4 | Basic Management TasksSetting the System Clock– 106 –Figure 14: Specifying SNTP Time ServersSETTING THE TIMEZONEUse the System > T
CHAPTER 4 | Basic Management TasksConsole Port Settings– 107 –Figure 15: Setting the Time ZoneCONSOLE PORT SETTINGSUse the System > Console me
CHAPTER 4 | Basic Management TasksConsole Port Settings– 108 –◆ Data Bits – Sets the number of data bits per character that are interpreted and ge
CHAPTER 4 | Basic Management TasksTelnet Settings– 109 –TELNET SETTINGSUse the System > Telnet menu to configure parameters for accessing the C
CONTENTS– 11 –Specifying a Remote Engine ID 374Setting SNMPv3 Views 375Configuring SNMPv3 Groups 378Setting Community Access Strings 382Confi
CHAPTER 4 | Basic Management TasksDisplaying CPU Utilization– 110 –WEB INTERFACETo configure parameters for the console port:1. Click System, then
CHAPTER 4 | Basic Management TasksDisplaying Memory Utilization– 111 –Figure 18: Displaying CPU UtilizationDISPLAYING MEMORY UTILIZATIONUse the S
CHAPTER 4 | Basic Management TasksResetting the System– 112 –RESETTING THE SYSTEMUse the System > Reset menu to restart the switch immediately,
CHAPTER 4 | Basic Management TasksResetting the System– 113 – Regularly – Specifies a periodic interval at which to reload the switch.Time HH - Th
CHAPTER 4 | Basic Management TasksResetting the System– 114 –Figure 21: Restarting the Switch (In)Figure 22: Restarting the Switch (At)
CHAPTER 4 | Basic Management TasksResetting the System– 115 –Figure 23: Restarting the Switch (Regularly)
CHAPTER 4 | Basic Management TasksResetting the System– 116 –
– 117 –5 INTERFACE CONFIGURATIONThis chapter describes the following topics:◆ Port Configuration – Configures connection settings, including auto-ne
CHAPTER 5 | Interface ConfigurationPort Configuration– 118 –◆ When using auto-negotiation, the optimal settings will be negotiated between the lin
CHAPTER 5 | Interface ConfigurationPort Configuration– 119 – Sym (Gigabit only) - Check this item to transmit and receive pause frames. FC - Flow
CONTENTS– 12 –Configuring IGMP Snooping and Query Parameters 444Specifying Static Interfaces for a Multicast Router 447Assigning Interfaces to Mul
CHAPTER 5 | Interface ConfigurationPort Configuration– 120 –CONFIGURING BYPORT RANGEUse the Interface > Port > General (Configure by Port Ra
CHAPTER 5 | Interface ConfigurationPort Configuration– 121 –PARAMETERSThese parameters are displayed:◆ Port – Port identifier.◆ Type – Indicates t
CHAPTER 5 | Interface ConfigurationPort Configuration– 122 –CONFIGURING LOCALPORT MIRRORINGUse the Interface > Port > Mirror page to mirror
CHAPTER 5 | Interface ConfigurationPort Configuration– 123 –WEB INTERFACETo configure a local mirror session:1. Click Interface, Port, Mirror.2. S
CHAPTER 5 | Interface ConfigurationPort Configuration– 124 –CONFIGURING REMOTEPORT MIRRORINGUse the Interface > Port > RSPAN page to mirror
CHAPTER 5 | Interface ConfigurationPort Configuration– 125 –3. Set up all intermediate switches on the RSPAN configuration page, entering the mirr
CHAPTER 5 | Interface ConfigurationPort Configuration– 126 –◆ Operation Status – Indicates whether or not RSPAN is currently functioning.◆ Switch
CHAPTER 5 | Interface ConfigurationPort Configuration– 127 –WEB INTERFACETo configure a remote mirror session:1. Click Interface, RSPAN.2. Set the
CHAPTER 5 | Interface ConfigurationPort Configuration– 128 –Figure 33: Configuring Remote Port Mirroring (Destination)SHOWING PORT ORTRUNK STATIS
CHAPTER 5 | Interface ConfigurationPort Configuration– 129 –Transmitted Errors The number of outbound packets that could not be transmitted becaus
CONTENTS– 13 –enable 487quit 488show history 488configure 489disable 490reload (Privileged Exec) 490show reload 491end 491exit 49121 SYSTEM MANAG
CHAPTER 5 | Interface ConfigurationPort Configuration– 130 –WEB INTERFACETo show a list of port statistics:1. Click Interface, Port, Statistics.2.
CHAPTER 5 | Interface ConfigurationPort Configuration– 131 –Figure 34: Showing Port Statistics (Table)To show a chart of port statistics:1. Click
CHAPTER 5 | Interface ConfigurationPort Configuration– 132 –PERFORMING CABLEDIAGNOSTICSUse the Interface > Port > Cable Test page to test th
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 133 –WEB INTERFACETo show a list of port statistics:1. Click Interface, Port, Cable Test.2
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 134 –COMMAND USAGEBesides balancing the load across each port in the trunk, the other port
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 135 –COMMAND USAGE◆ When configuring static trunks, you may not be able to link switches o
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 136 –To add member ports to a static trunk:1. Click Interface, Trunk, Static.2. Select Con
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 137 –To display trunk connection parameters:1. Click Interface, Trunk, Static.2. Select Co
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 138 –◆ All ports on both ends of an LACP trunk must be configured for full duplex, and aut
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 139 –NOTE: Configuring LACP settings for a port only applies to its administrative state,
CONTENTS– 14 –File Management 510boot system 511copy 512delete 515dir 515whichboot 516upgrade opcode auto 517upgrade opcode path 518Line 520lin
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 140 –To enable LACP for a port:1. Click Interface, Trunk, Dynamic.2. Select Configure Aggr
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 141 –To configure LACP parameters for group members:1. Click Interface, Trunk, Dynamic.2.
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 142 –To configure connection parameters for a dynamic trunk:1. Click Interface, Trunk, Dyn
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 143 –DISPLAYING LACPPORT COUNTERSUse the Interface > Trunk > Dynamic (Configure Aggr
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 144 –Figure 49: Displaying LACP Port CountersDISPLAYING LACPSETTINGS AND STATUSFOR THE LO
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 145 –LACPDUs Interval Number of seconds before invalidating received LACPDU information.Ad
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 146 –WEB INTERFACETo display LACP settings and status for the local side:1. Click Interfac
CHAPTER 5 | Interface ConfigurationTrunk Configuration– 147 –WEB INTERFACETo display LACP settings and status for the remote side:1. Click Interfa
CHAPTER 5 | Interface ConfigurationSaving Power– 148 –SAVING POWERUse the Interface > Green Ethernet page to enable power savings mode on the s
CHAPTER 5 | Interface ConfigurationSaving Power– 149 –PARAMETERSThese parameters are displayed:◆ Port – Power saving mode only applies to the Giga
CONTENTS– 15 –logging sendmail source-email 539show logging sendmail 539Time 540sntp client 540sntp poll 541sntp server 542show sntp 542clock
CHAPTER 5 | Interface ConfigurationTraffic Segmentation– 150 –TRAFFIC SEGMENTATIONIf tighter security is required for passing traffic from differe
CHAPTER 5 | Interface ConfigurationTraffic Segmentation– 151 –CONFIGURING UPLINKAND DOWNLINK PORTSUse the Interface > Traffic Segmentation (Con
CHAPTER 5 | Interface ConfigurationVLAN Trunking– 152 –VLAN TRUNKINGUse the Interface > VLAN Trunking page to allow unknown VLAN groups to pass
CHAPTER 5 | Interface ConfigurationVLAN Trunking– 153 –PARAMETERSThese parameters are displayed:◆ Interface – Displays a list of ports or trunks.◆
CHAPTER 5 | Interface ConfigurationVLAN Trunking– 154 –
– 155 –6 VLAN CONFIGURATIONThis chapter includes the following topics:◆ IEEE 802.1Q VLANs – Configures static and dynamic VLANs.◆ IEEE 802.1Q Tunnel
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 156 –since traffic must pass through a configured Layer 3 link to reach a different VLAN.This swi
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 157 –VLAN Classification – When the switch receives a frame, it classifies the frame in one of tw
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 158 –Figure 58: Using GVRPForwarding Tagged/Untagged FramesIf you want to create a small port-ba
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 159 –Modify◆ VLAN ID – ID of configured VLAN (1-4093).◆ VLAN Name – Name of the VLAN (1 to 32 cha
CONTENTS– 16 –show snmp engine-id 567show snmp group 568show snmp user 569show snmp view 570nlm 570snmp-server notify-filter 571show nlm oper-s
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 160 –To modify the configuration settings for VLAN groups:1. Click VLAN, Static.2. Select Modify
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 161 –a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVR
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 162 –◆ Ingress Filtering – Determines how to process frames tagged for VLANs for which the ingres
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 163 –NOTE: The PVID, acceptable frame type, and ingress filtering parameters for each interface w
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 164 –To configure static members by interface:1. Click VLAN, Static.2. Select Edit Member by Inte
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 165 –Figure 64: Configuring Static VLAN Members by Interface RangeCONFIGURINGDYNAMIC VLANREGISTR
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 166 – Join – The interval between transmitting requests/queries to participate in a VLAN group. (
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 167 –To configure GVRP status and timers on a port or trunk:1. Click VLAN, Dynamic.2. Select Conf
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 168 –Figure 68: Showing the Members of a Dynamic VLANIEEE 802.1Q TUNNELINGIEEE 802.1Q Tunnel
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 169 –for packet processing. When the packet exits another trunk port on the same core switch,
CONTENTS– 17 –tacacs-server port 594show tacacs-server 594AAA 595aaa accounting commands 595aaa accounting dot1x 596aaa accounting exec 597aaa
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 170 –3. After packet classification through the switching process, the packet is written to m
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 171 –7. The switch sends the packet to the proper egress port.8. If the egress port is an unt
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 172 –6. Configure the QinQ tunnel uplink port to Tunnel Uplink mode (see "Adding an Inte
CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 173 –Figure 70: Enabling QinQ TunnelingADDING AN INTERFACETO A QINQ TUNNELFollow the guideli
CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 174 –WEB INTERFACETo add an interface to a QinQ tunnel:1. Click VLAN, Tunnel.2. Select Configure Int
CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 175 –3. Then map the protocol for each interface to the appropriate VLAN using the Configure Interfa
CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 176 –WEB INTERFACETo configure a protocol group:1. Click VLAN, Protocol.2. Select Configure Protocol
CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 177 –MAPPING PROTOCOLGROUPS TOINTERFACESUse the VLAN > Protocol (Configure Interface - Add) page
CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 178 –WEB INTERFACETo map a protocol group to a VLAN for a port or trunk:1. Click VLAN, Protocol.2. S
CHAPTER 6 | VLAN ConfigurationConfiguring IP Subnet VLANs– 179 –CONFIGURING IP SUBNET VLANSUse the VLAN > IP Subnet page to configure IP subnet
CONTENTS– 18 –802.1X Port Authentication 619dot1x default 620dot1x eapol-pass-through 620dot1x system-auth-control 621dot1x intrusion-action 62
CHAPTER 6 | VLAN ConfigurationConfiguring IP Subnet VLANs– 180 –WEB INTERFACETo map an IP subnet to a VLAN:1. Click VLAN, IP Subnet.2. Select Add
CHAPTER 6 | VLAN ConfigurationConfiguring MAC-based VLANs– 181 –CONFIGURING MAC-BASED VLANSUse the VLAN > MAC-Based page to configure VLAN base
CHAPTER 6 | VLAN ConfigurationConfiguring MAC-based VLANs– 182 –WEB INTERFACETo map a MAC address to a VLAN:1. Click VLAN, MAC-Based.2. Select Add
CHAPTER 6 | VLAN ConfigurationConfiguring VLAN Mirroring– 183 –CONFIGURING VLAN MIRRORINGUse the VLAN > Mirror (Add) page to mirror traffic fro
CHAPTER 6 | VLAN ConfigurationConfiguring VLAN Mirroring– 184 –WEB INTERFACETo configure VLAN mirroring:1. Click VLAN, Mirror.2. Select Add from t
– 185 –7 ADDRESS TABLE SETTINGSSwitches store the addresses for all known devices. This information is used to pass traffic directly between the inb
CHAPTER 7 | Address Table SettingsConfiguring MAC Address Learning– 186 –◆ Also note that MAC address learning cannot be disabled if any of the fo
CHAPTER 7 | Address Table SettingsSetting Static Addresses– 187 –SETTING STATIC ADDRESSESUse the MAC Address > Static page to configure static
CHAPTER 7 | Address Table SettingsChanging the Aging Time– 188 –4. Click Apply.Figure 83: Configuring Static MAC AddressesTo show the static addr
CHAPTER 7 | Address Table SettingsDisplaying the Dynamic Address Table– 189 –WEB INTERFACETo set the aging time for entries in the dynamic address
CONTENTS– 19 –network-access link-detection link-down 647network-access link-detection link-up 647network-access link-detection link-up-down 648n
CHAPTER 7 | Address Table SettingsClearing the Dynamic Address Table– 190 –WEB INTERFACETo show the dynamic address table:1. Click MAC Address, Dy
CHAPTER 7 | Address Table SettingsConfiguring MAC Address Mirroring– 191 –2. Select Clear Dynamic MAC from the Action list.3. Select the method by
CHAPTER 7 | Address Table SettingsConfiguring MAC Address Mirroring– 192 –matching packets will not be sent to target port specified for port mirr
– 193 –8 SPANNING TREE ALGORITHM This chapter describes the following basic topics:◆ Loopback Detection – Configures detection and response to loopb
CHAPTER 8 | Spanning Tree AlgorithmOverview– 194 –lowest cost spanning tree, it enables all root ports and designated ports, and disables all othe
CHAPTER 8 | Spanning Tree AlgorithmOverview– 195 –Figure 91: MSTP Region, Internal Spanning Tree, Multiple Spanning TreeAn MST Region consists of
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Loopback Detection– 196 –CONFIGURING LOOPBACK DETECTIONUse the Spanning Tree > Loopback Detectio
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 197 –WEB INTERFACETo configure loopback detection:1. Click Spanning Tree,
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 198 –connected to an 802.1D bridge and starts using only 802.1D BPDUs. RS
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 199 – Default: 32768 Range: 0-61440, in steps of 4096 Options: 0, 4096, 81
MANAGEMENT GUIDEMS453490M 10 PORT FAST ETHERNET SWITCHLayer 2 Switchwith 8 10/100BASE-TX (RJ-45) Ports,and 2 Gigabit Combination Ports (RJ-45/SFP)MS45
CONTENTS– 20 –show ip source-guard 672show ip source-guard binding 672ARP Inspection 673ip arp inspection 674ip arp inspection filter 675ip arp
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 200 –Configuration Settings for MSTP ◆ Max Instance Numbers – The maximum
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 201 –Figure 95: Configuring Global Settings for STA (RSTP)Figure 96: Con
CHAPTER 8 | Spanning Tree AlgorithmDisplaying Global Settings for STA– 202 –DISPLAYING GLOBAL SETTINGS FOR STAUse the Spanning Tree > STA (Conf
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 203 –Figure 97: Displaying Global Settings for STACONFIGURING INTERFAC
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 204 –port priority. (Range: 0 for auto-configuration, 1-65535 for the s
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 205 –◆ Root Guard – STA allows a bridge with a lower bridge identifier
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 206 –◆ BPDU Guard – This feature protects edge ports from receiving BPD
CHAPTER 8 | Spanning Tree AlgorithmDisplaying Interface Settings for STA– 207 –DISPLAYING INTERFACE SETTINGS FOR STAUse the Spanning Tree > STA
CHAPTER 8 | Spanning Tree AlgorithmDisplaying Interface Settings for STA– 208 –◆ Oper Path Cost – The contribution of this port to the path cost o
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 209 –WEB INTERFACETo display interface settings for STA:1. Click Spanning
CONTENTS– 21 –27 INTERFACE COMMANDS 699interface 700alias 700capabilities 701description 702flowcontrol 703media-type 704negotiation 704shutdown 705
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 210 –To use multiple spanning trees:1. Set the spanning tree type to MSTP
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 211 –Figure 101: Creating an MST InstanceTo show the MSTP instances:1. Cl
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 212 –To add additional VLAN groups to an MSTP instance:1. Click Spanning T
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 213 –CONFIGURING INTERFACE SETTINGS FOR MSTPUse the Spanning Tree >
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 214 –The recommended range is listed in Table 9 on page 204.The recomm
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 215 –Figure 106: Displaying MSTP Interface Settings
CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 216 –
– 217 –9 RATE LIMIT CONFIGURATIONUse the Traffic > Rate Limit page to apply rate limiting to ingress or egress ports. This function allows the ne
CHAPTER 9 | Rate Limit Configuration– 218 –WEB INTERFACETo configure rate limits:1. Click Traffic, Rate Limit.2. Enable the Rate Limit Status for
– 219 –10 STORM CONTROL CONFIGURATIONUse the Traffic > Storm Control page to configure broadcast storm control thresholds. Broadcast storms may o
CONTENTS– 22 –no rspan session 734show rspan 73530 RATE LIMIT COMMANDS 737rate-limit 73731 AUTOMATIC TRAFFIC CONTROL COMMANDS 739auto-traffic-cont
CHAPTER 10 | Storm Control Configuration– 220 –WEB INTERFACETo configure broadcast storm control:1. Click Traffic, Storm Control.2. Set the Status
– 221 –11 CLASS OF SERVICEClass of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the sw
CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 222 –◆ If the output port is an untagged member of the associated VLAN, these frames are stri
CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 223 –◆ The WRR algorithm used by this switch is known as Shaped Deficit Weighted Round Robin
CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 224 –◆ Queue ID – The ID of the priority queue. (Range: 0-7)◆ Strict Mode – If “Strict and WR
CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 225 –Figure 112: Setting the Queue Mode (Strict and WRR)MAPPING COS VALUESTO EGRESS QUEUESUs
CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 226 –CLI REFERENCES◆ "qos map phb-queue" on page 825COMMAND USAGE ◆ Egress packets
CHAPTER 11 | Class of ServiceLayer 2 Queue Settings– 227 –Figure 113: Mapping CoS Values to Egress Queues To show the internal PHB to hardware qu
CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 228 –LAYER 3/4 PRIORITY SETTINGSMapping Layer 3/4 Priorities to CoS ValuesThe switch sup
CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 229 –PARAMETERSThese parameters are displayed:◆ Interface – Specifies a port or trunk.◆
CONTENTS– 23 –spanning-tree priority 763spanning-tree mst configuration 763spanning-tree transmission-limit 764max-hops 764mst priority 765mst v
CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 230 –COMMAND USAGE ◆ Enter per-hop behavior and drop precedence for any of the DSCP valu
CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 231 –WEB INTERFACETo map DSCP values to internal PHB/drop precedence:1. Click Traffic, P
CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 232 –MAPPING COSPRIORITIES TOINTERNAL DSCPVALUESUse the Traffic > Priority > CoS t
CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 233 – WEB INTERFACETo map CoS/CFI values to internal PHB/drop precedence:1. Click Traffi
CHAPTER 11 | Class of ServiceLayer 3/4 Priority Settings– 234 –To show the CoS/CFI to internal PHB/drop precedence map:1. Click Traffic, Priority,
– 235 –12 QUALITY OF SERVICE This chapter describes the following tasks required to apply QoS policies:Class Map – Creates a map which identifies a
CHAPTER 12 | Quality of ServiceConfiguring a Class Map– 236 –COMMAND USAGETo create a service policy for a specific category or ingress traffic, f
CHAPTER 12 | Quality of ServiceConfiguring a Class Map– 237 –◆ Description – A brief description of a class map. (Range: 1-64 characters)Add Rule◆
CHAPTER 12 | Quality of ServiceConfiguring a Class Map– 238 –To show the configured class maps: 1. Click Traffic, DiffServ.2. Select Configure Cla
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 239 –To show the rules for a class map: 1. Click Traffic, DiffServ.2. Select Configure Class
CONTENTS– 24 –vlan 787Configuring VLAN Interfaces 788interface vlan 789switchport acceptable-frame-types 789switchport allowed vlan 790switchpo
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 240 –Policing is based on a token bucket, where bucket depth (that is, the maximum burst bef
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 241 – if Te(t)-B ≥ 0, the packets is yellow and Te is decremented by B down to the minimum v
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 242 –respectively. The maximum size of the token bucket P is BP and the maximum size of the
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 243 –PARAMETERSThese parameters are displayed:Add◆ Policy Name – Name of policy map. (Range:
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 244 – Committed Burst Size (BC) – Burst in bytes. (Range: 4000-16000000 at a granularity of
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 245 – Conform – Specifies that traffic conforming to the maximum rate (CIR) will be transmit
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 246 – Committed Burst Size (BC) – Burst in bytes. (Range: 4000-16000000 at a granularity of
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 247 –WEB INTERFACETo configure a policy map: 1. Click Traffic, DiffServ.2. Select Configure
CHAPTER 12 | Quality of ServiceCreating QoS Policies– 248 –To edit the rules for a policy map: 1. Click Traffic, DiffServ.2. Select Configure Poli
CHAPTER 12 | Quality of ServiceAttaching a Policy Map to a Port– 249 –To show the rules for a policy map: 1. Click Traffic, DiffServ.2. Select Con
CONTENTS– 25 –switchport voice vlan rule 813switchport voice vlan security 814show voice vlan 81535 CLASS OF SERVICE COMMANDS 817Priority Command
CHAPTER 12 | Quality of ServiceAttaching a Policy Map to a Port– 250 –WEB INTERFACETo bind a policy map to a port: 1. Click Traffic, DiffServ.2. S
– 251 –13 VOIP TRAFFIC CONFIGURATIONThis chapter covers the following topics:◆ Global Settings – Enables VOIP globally, sets the Voice VLAN, and the
CHAPTER 13 | VoIP Traffic ConfigurationConfiguring VoIP Traffic– 252 –CLI REFERENCES◆ "Configuring Voice VLANs" on page 809PARAMETERSThe
CHAPTER 13 | VoIP Traffic ConfigurationConfiguring Telephony OUI– 253 –CONFIGURING TELEPHONY OUIVoIP devices attached to the switch can be identif
CHAPTER 13 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 254 –Figure 130: Configuring an OUI Telephony ListTo show the MAC OUI numb
CHAPTER 13 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 255 – Auto – The port will be added as a tagged member to the Voice VLAN wh
CHAPTER 13 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 256 –Figure 132: Configuring Port Settings for a Voice VLAN
– 257 –14 SECURITY MEASURESYou can configure this switch to authenticate users logging into the system for management access using local or remote a
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 258 –◆ DHCP Snooping – Filter IP traffic on insecure ports for which the source ad
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 259 –3. Define a method name for each service to which you want to apply accountin
CONTENTS– 26 –IGMP Snooping 849ip igmp snooping 850ip igmp snooping proxy-reporting 851ip igmp snooping querier 852ip igmp snooping router-alert
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 260 – [authentication sequence] – User authentication is performed by up to three
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 261 –CLI REFERENCES◆ "RADIUS Client" on page 588◆ "TACACS+ Client&q
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 262 – Set Key – Mark this box to set or modify the encryption key. Authentication
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 263 –3. Select RADIUS or TACACS+ server type.4. Select Global to specify the param
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 264 –To configure the RADIUS or TACACS+ server groups to use for accounting and au
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 265 –Figure 138: Showing AAA Server GroupsCONFIGURING AAAACCOUNTINGUse the Securi
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 266 –◆ Accounting Notice – Records user activity from log-in to log-off point.◆ Se
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 267 –WEB INTERFACETo configure global settings for AAA accounting: 1. Click Securi
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 268 –To show the accounting method applied to various service types and the assign
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 269 –Figure 143: Configuring AAA Accounting Service for Exec ServiceTo display a
CONTENTS– 27 –show ip igmp throttle interface 874Multicast VLAN Registration 875mvr 876mvr immediate-leave 877mvr type 878mvr vlan group 879s
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 270 –CONFIGURING AAAAUTHORIZATIONUse the Security > AAA > Authorization page
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 271 –◆ Interface - Displays the console or Telnet interface to which these rules a
CHAPTER 14 | Security MeasuresAAA Authorization and Accounting– 272 –To configure the authorization method applied to local console, Telnet, or SS
CHAPTER 14 | Security MeasuresConfiguring User Accounts– 273 –CONFIGURING USER ACCOUNTSUse the Security > User Accounts page to control managem
CHAPTER 14 | Security MeasuresWeb Authentication– 274 –Figure 150: Configuring User AccountsTo show user accounts: 1. Click Security, User Accoun
CHAPTER 14 | Security MeasuresWeb Authentication– 275 –NOTE: RADIUS authentication must be activated and configured properly for the web authentic
CHAPTER 14 | Security MeasuresWeb Authentication– 276 –Figure 152: Configuring Global Settings for Web AuthenticationCONFIGURINGINTERFACE SETTING
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 277 –Figure 153: Configuring Interface Settings for Web Authentication
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 278 –◆ Authenticated MAC addresses are stored as dynamic entries in the
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 279 –◆ Any unsupported profiles in the Filter-ID attribute are ignored.
CONTENTS– 28 –ip host 904ip name-server 905ipv6 host 906clear dns cache 906clear host 907show dns 907show dns cache 908show hosts 90840 DHCP
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 280 –Authenticated MAC addresses are stored as dynamic entries in the s
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 281 – Intrusion – Sets the port response to a host MAC authentication f
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 282 –4. Make any configuration changes required to enable address authe
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 283 –WEB INTERFACETo configure link detection on switch ports: 1. Click
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 284 –◆ MAC Address Mask – The filter rule will check for the range of M
CHAPTER 14 | Security MeasuresNetwork Access (MAC Address Authentication)– 285 –DISPLAYING SECUREMAC ADDRESSINFORMATIONUse the Security > Netwo
CHAPTER 14 | Security MeasuresConfiguring HTTPS– 286 –Figure 159: Showing Addresses Authenticated for Network AccessCONFIGURING HTTPSYou can conf
CHAPTER 14 | Security MeasuresConfiguring HTTPS– 287 –◆ The client and server establish a secure encrypted connection.A padlock icon should appear
CHAPTER 14 | Security MeasuresConfiguring HTTPS– 288 –REPLACING THEDEFAULT SECURE-SITECERTIFICATEUse the Security > HTTPS (Copy Certificate) pa
CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 289 –WEB INTERFACETo replace the default secure-site certificate: 1. Click Security, H
CONTENTS– 29 –show ipv6 default-gateway 934show ipv6 interface 935show ipv6 mtu 936show ipv6 traffic 937clear ipv6 traffic 941ping6 942ipv6 nd
CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 290 –COMMAND USAGEThe SSH server on this switch supports both password and public key
CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 291 –5. Enable SSH Service – On the SSH Settings page, enable the SSH server on the sw
CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 292 –checks whether the signature is correct. If both checks succeed, the client is au
CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 293 –WEB INTERFACETo configure the SSH server: 1. Click Security, SSH.2. Select Config
CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 294 –client to select either DES (56-bit) or 3DES (168-bit) for data encryption.NOTE:
CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 295 –To display or clear the SSH host key pair: 1. Click Security, SSH.2. Select Confi
CHAPTER 14 | Security MeasuresConfiguring the Secure Shell– 296 –The SSH server uses RSA or DSA for key exchange when the client first establishes
CHAPTER 14 | Security MeasuresAccess Control Lists– 297 –To display or clear the SSH user’s public key: 1. Click Security, SSH.2. Select Configure
CHAPTER 14 | Security MeasuresAccess Control Lists– 298 –◆ An ACL can have up to 32 rules. However, due to resource restrictions, the average numb
CHAPTER 14 | Security MeasuresAccess Control Lists– 299 –WEB INTERFACETo configure a time range: 1. Click Security, ACL.2. Select Configure Time R
– 3 –ABOUT THIS GUIDEPURPOSE This guide gives specific information on how to operate and use the management functions of the switch.AUDIENCE The gui
CONTENTS– 30 –
CHAPTER 14 | Security MeasuresAccess Control Lists– 300 –6. Fill in the required parameters for the selected mode.7. Click Apply.Figure 169: Add
CHAPTER 14 | Security MeasuresAccess Control Lists– 301 –SHOWING TCAMUTILIZAITONUse the Security > ACL (Configure ACL - Show TCAM) page to show
CHAPTER 14 | Security MeasuresAccess Control Lists– 302 –Figure 171: Showing TCAM UtilizationSETTING THE ACLNAME AND TYPEUse the Security > AC
CHAPTER 14 | Security MeasuresAccess Control Lists– 303 –WEB INTERFACETo configure the name and type of an ACL: 1. Click Security, ACL.2. Select C
CHAPTER 14 | Security MeasuresAccess Control Lists– 304 –CONFIGURING ASTANDARD IPV4 ACLUse the Security > ACL (Configure ACL - Add Rule - IP St
CHAPTER 14 | Security MeasuresAccess Control Lists– 305 –9. Click Apply. Figure 174: Configuring a Standard IPv4 ACLCONFIGURING ANEXTENDED IPV4 A
CHAPTER 14 | Security MeasuresAccess Control Lists– 306 –◆ Source/Destination Port Bit Mask – Decimal number representing the port bits to match.
CHAPTER 14 | Security MeasuresAccess Control Lists– 307 –WEB INTERFACETo add rules to an Extended IP ACL: 1. Click Security, ACL.2. Select Configu
CHAPTER 14 | Security MeasuresAccess Control Lists– 308 –CONFIGURING A MACACLUse the Security > ACL (Configure ACL - Add Rule - MAC) page to co
CHAPTER 14 | Security MeasuresAccess Control Lists– 309 –WEB INTERFACETo add rules to a MAC ACL: 1. Click Security, ACL.2. Select Configure ACL fr
– 31 –FIGURESFigure 1: Home Page 74Figure 2: Front Panel Indicators 75Figure 3: System Information 90Figure 4: General Switch Information 91Figure 5
CHAPTER 14 | Security MeasuresAccess Control Lists– 310 –CONFIGURING AN ARPACLUse the Security > ACL (Configure ACL - Add Rule - ARP) page to c
CHAPTER 14 | Security MeasuresAccess Control Lists– 311 –WEB INTERFACETo add rules to an ARP ACL: 1. Click Security, ACL.2. Select Configure ACL f
CHAPTER 14 | Security MeasuresAccess Control Lists– 312 –BINDING A PORT TO ANACCESS CONTROLLISTAfter configuring ACLs, use the Security > ACL (
CHAPTER 14 | Security MeasuresARP Inspection– 313 –WEB INTERFACETo bind an ACL to a port: 1. Click Security, ACL.2. Select Configure Interface fro
CHAPTER 14 | Security MeasuresARP Inspection– 314 –COMMAND USAGEEnabling & Disabling ARP Inspection◆ ARP Inspection is controlled on a global
CHAPTER 14 | Security MeasuresARP Inspection– 315 –with different MAC addresses are classified as invalid and are dropped. IP – Checks the ARP bod
CHAPTER 14 | Security MeasuresARP Inspection– 316 – Src-MAC – Validates the source MAC address in the Ethernet header against the sender MAC addre
CHAPTER 14 | Security MeasuresARP Inspection– 317 –◆ ARP Inspection ACLs can be applied to any configured VLAN.◆ ARP Inspection uses the DHCP snoo
CHAPTER 14 | Security MeasuresARP Inspection– 318 –Figure 180: Configuring VLAN Settings for ARP InspectionCONFIGURINGINTERFACE SETTINGSFOR ARP I
CHAPTER 14 | Security MeasuresARP Inspection– 319 –WEB INTERFACETo configure interface settings for ARP Inspection: 1. Click Security, ARP Inspect
FIGURES– 32 –Figure 32: Configuring Remote Port Mirroring (Intermediate) 127Figure 33: Configuring Remote Port Mirroring (Destination) 128Figure 34:
CHAPTER 14 | Security MeasuresARP Inspection– 320 –WEB INTERFACETo display statistics for ARP Inspection: 1. Click Security, ARP Inspection.2. Sel
CHAPTER 14 | Security MeasuresFiltering IP Addresses for Management Access– 321 –WEB INTERFACETo display the ARP Inspection log: 1. Click Security
CHAPTER 14 | Security MeasuresFiltering IP Addresses for Management Access– 322 –◆ When entering addresses for the same group (i.e., SNMP, web or
CHAPTER 14 | Security MeasuresConfiguring Port Security– 323 –To show a list of IP addresses authorized for management access: 1. Click Security,
CHAPTER 14 | Security MeasuresConfiguring Port Security– 324 –COMMAND USAGE◆ A secure port has the following restrictions: It cannot be used as a
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 325 –Figure 186: Configuring Port SecurityCONFIGURING 802.1X PORT AUTHENTIC
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 326 –hosts if one attached host fails re-authentication or sends an EAPOL lo
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 327 –PARAMETERSThese parameters are displayed:◆ Port Authentication Status –
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 328 –Figure 188: Configuring Global Settings for 802.1X Port Authentication
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 329 –PARAMETERSThese parameters are displayed:◆ Port – Port number.◆ Status
FIGURES– 33 –Figure 68: Showing the Members of a Dynamic VLAN 168Figure 69: QinQ Operational Concept 169Figure 70: Enabling QinQ Tunneling 173Figure
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 330 –◆ Max-Request – Sets the maximum number of times the switch port will r
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 331 –◆ Current Identifier – Identifier sent in each EAP Success, Failure or
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 332 –Figure 189: Configuring Interface Settings for 802.1X Port Authenticat
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 333 –COMMAND USAGE◆ When devices attached to a port must submit requests to
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 334 –WEB INTERFACETo configure port authenticator settings for 802.1X: 1. Cl
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 335 –Rx EAPOL Total The number of valid EAPOL frames of any type that have b
CHAPTER 14 | Security MeasuresConfiguring 802.1X Port Authentication– 336 –WEB INTERFACETo display port authenticator statistics for 802.1X: 1. Cl
CHAPTER 14 | Security MeasuresIP Source Guard– 337 –To display port supplicant statistics for 802.1X: 1. Click Security, Port Authentication.2. Se
CHAPTER 14 | Security MeasuresIP Source Guard– 338 –COMMAND USAGE◆ Setting source guard mode to SIP (Source IP) or SIP-MAC (Source IP and MAC) ena
CHAPTER 14 | Security MeasuresIP Source Guard– 339 – SIP-MAC – Enables traffic filtering based on IP addresses and corresponding MAC addresses sto
FIGURES– 34 –Figure 104: Displaying Members of an MST Instance 212Figure 105: Configuring MSTP Interface Settings 214Figure 106: Displaying MSTP Int
CHAPTER 14 | Security MeasuresIP Source Guard– 340 –new entry will replace the old one and the entry type will be changed to static IP source guar
CHAPTER 14 | Security MeasuresIP Source Guard– 341 –To display static bindings for IP Source Guard: 1. Click Security, IP Source Guard, Static Con
CHAPTER 14 | Security MeasuresDHCP Snooping– 342 –WEB INTERFACETo display the binding table for IP Source Guard: 1. Click Security, IP Source Guar
CHAPTER 14 | Security MeasuresDHCP Snooping– 343 –◆ The rate limit for the number of DHCP messages that can be processed by the switch is 100 pack
CHAPTER 14 | Security MeasuresDHCP Snooping– 344 –DHCP server, any packets received from untrusted ports are dropped.DHCP Snooping Option 82◆ DHCP
CHAPTER 14 | Security MeasuresDHCP Snooping– 345 –DHCP SNOOPINGCONFIGURATIONUse the IP Service > DHCP > Snooping (Configure Global) page to
CHAPTER 14 | Security MeasuresDHCP Snooping– 346 –Figure 197: Configuring Global Settings for DHCP SnoopingDHCP SNOOPINGVLANCONFIGURATIONUse the
CHAPTER 14 | Security MeasuresDHCP Snooping– 347 –WEB INTERFACETo configure global settings for DHCP Snooping: 1. Click Security, IP Source Guard,
CHAPTER 14 | Security MeasuresDHCP Snooping– 348 –WEB INTERFACETo configure global settings for DHCP Snooping: 1. Click Security, IP Source Guard,
CHAPTER 14 | Security MeasuresDHCP Snooping– 349 –◆ Store – Writes all dynamically learned snooping entries to flash memory. This function can be
FIGURES– 35 –Figure 140: Configuring AAA Accounting Methods 267Figure 141: Showing AAA Accounting Methods 268Figure 142: Configuring AAA Accounting
CHAPTER 14 | Security MeasuresDHCP Snooping– 350 –
– 351 –15 BASIC ADMINISTRATION PROTOCOLSThis chapter describes basic administration tasks including:◆ Event Logging – Sets conditions for logging e
CHAPTER 15 | Basic Administration ProtocolsConfiguring Event Logging– 352 –PARAMETERSThese parameters are displayed:◆ System Log Status – Enables/
CHAPTER 15 | Basic Administration ProtocolsConfiguring Event Logging– 353 –Figure 201: Configuring Settings for System Memory LogsTo show the err
CHAPTER 15 | Basic Administration ProtocolsConfiguring Event Logging– 354 –◆ Logging Facility – Sets the facility type for remote logging of syslo
CHAPTER 15 | Basic Administration ProtocolsConfiguring Event Logging– 355 –SENDING SIMPLE MAILTRANSFER PROTOCOLALERTSUse the Administration > L
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 356 –Figure 204: Configuring SMTP Alert MessagesLINK LAYER DISCOVERY PR
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 357 –This attribute must comply with the following rule:(Transmission In
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 358 –3. Enable LLDP, and modify any of the timing parameters as required
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 359 –lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange n
FIGURES– 36 –Figure 176: Configuring a MAC ACL 309Figure 177: Configuring a ARP ACL 311Figure 178: Binding a Port to an ACL 313Figure 179: Configuri
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 360 – VLAN ID – The port’s default VLAN identifier (PVID) indicates the
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 361 –Figure 206: Configuring LLDP Interface AttributesDISPLAYING LLDPLO
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 362 –◆ Chassis ID – An octet string indicating the specific identifier f
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 363 –Figure 207: Displaying Local Device Information for LLDP (General)
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 364 –◆ System Name – A string that indicates the system’s administrative
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 365 –◆ Management Address List – The management addresses for this devic
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 366 –◆ Remote Port Auto-Neg Status – Shows whether port auto-negotiation
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 367 –◆ Remote Link Aggregation Port ID – This object contains the IEEE 8
CHAPTER 15 | Basic Administration ProtocolsLink Layer Discovery Protocol– 368 –DISPLAYING DEVICESTATISTICSUse the Administration > LLDP (Show D
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 369 –WEB INTERFACETo display statistics for LLDP-capable devices at
FIGURES– 37 –Figure 212: Displaying LLDP Device Statistics (Port) 369Figure 213: Configuring Global Settings for SNMP 372Figure 214: Configuring the
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 370 –Managed devices supporting SNMP contain software, which runs l
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 371 –NOTE: The predefined default groups and view can be deleted fr
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 372 –CONFIGURING GLOBALSETTINGS FOR SNMPUse the Administration >
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 373 –SETTING THE LOCALENGINE IDUse the Administration > SNMP (Co
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 374 –SPECIFYING A REMOTEENGINE IDUse the Administration > SNMP (
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 375 –WEB INTERFACETo configure a remote SNMP engine ID:1. Click Adm
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 376 –PARAMETERSThese parameters are displayed:Add View◆ View Name –
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 377 –To show the SNMP views of the switch’s MIB database:1. Click A
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 378 –To show the OID branches configured for the SNMP views of the
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 379 –◆ Read View – The configured view for read access. (Range: 1-6
FIGURES– 38 –Figure 248: Pnging a Network Device 412Figure 249: Configuring a Static IPv4 Address 414Figure 250: Configuring a Dynamic IPv4 Address
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 380 –RMON Events (V2)risingAlarm 1.3.6.1.2.1.16.0.1 The SNMP trap t
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 381 –WEB INTERFACETo configure an SNMP group:1. Click Administratio
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 382 –Figure 222: Showing SNMP GroupsSETTING COMMUNITYACCESS STRING
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 383 –WEB INTERFACETo set a community access string:1. Click Adminis
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 384 –CONFIGURING LOCALSNMPV3 USERSUse the Administration > SNMP
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 385 –WEB INTERFACETo configure a local SNMPv3 user:1. Click Adminis
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 386 –Figure 226: Showing Local SNMPv3 UsersCONFIGURING REMOTESNMPV
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 387 – AuthPriv – SNMP communications use both authentication and en
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 388 –Figure 227: Configuring Remote SNMPv3 UsersTo show remote SNM
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 389 –SPECIFYING TRAPMANAGERSUse the Administration > SNMP (Confi
FIGURES– 39 –Figure 284: Configuring IGMP Filtering and Throttling Interface Settings 463Figure 285: MVR Concept 464Figure 286: Configuring Globa
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 390 –PARAMETERSThese parameters are displayed:SNMP Version 1◆ IP Ad
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 391 –SNMP Version 3◆ IP Address – IP address of a new management st
CHAPTER 15 | Basic Administration ProtocolsSimple Network Management Protocol– 392 –WEB INTERFACETo configure trap managers:1. Click Administratio
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 393 –Figure 231: Configuring Trap Managers (SNMPv3)To show configured trap managers
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 394 –The switch supports mini-RMON, which consists of the Statistics, History, Event
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 395 –generated, another such event will not be generated until the sampled value has
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 396 –Figure 233: Configuring an RMON AlarmTo show configured RMON alarms:1. Click A
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 397 –CONFIGURING RMONEVENTSUse the Administration > RMON (Configure Global - Add
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 398 –WEB INTERFACETo configure an RMON event:1. Click Administration, RMON.2. Select
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 399 –To show configured RMON events:1. Click Administration, RMON.2. Select Configur
ABOUT THIS GUIDE– 4 –
FIGURES– 40 –
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 400 –PARAMETERSThese parameters are displayed:◆ Port – The port number on the switch
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 401 –To show configured RMON history samples:1. Click Administration, RMON.2. Select
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 402 –CONFIGURING RMONSTATISTICAL SAMPLESUse the Administration > RMON (Configure
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 403 –WEB INTERFACETo enable regular sampling of statistics on a port:1. Click Admini
CHAPTER 15 | Basic Administration ProtocolsRemote Monitoring– 404 –Figure 241: Showing Configured RMON Statistical SamplesTo show collected RMON
CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 405 –SWITCH CLUSTERINGSwitch clustering is a method of grouping switches together to
CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 406 –PARAMETERSThese parameters are displayed:◆ Cluster Status – Enables or disables
CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 407 –CLUSTER MEMBERCONFIGURATIONUse the Administration > Cluster (Configure Membe
CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 408 –Figure 245: Showing Cluster MembersTo show cluster candidates:1. Click Adminis
CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 409 –◆ Operate – Remotely manage a cluster member.WEB INTERFACETo manage a cluster m
– 41 –TABLESTable 1: Key Features 49Table 2: System Defaults 54Table 3: Web Page Configuration Buttons 75Table 4: Switch Main Menu 76Table 5: Po
CHAPTER 15 | Basic Administration ProtocolsSwitch Clustering– 410 –
– 411 –16 IP CONFIGURATIONThis chapter describes how to configure an IP interface for management access to the switch over the network. This switch
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 412 – Destination does not respond - If the host does not respond, a
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 413 –CLI REFERENCES◆ "DHCP Client" on page 911◆ "Basic
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 414 –WEB INTERFACETo set a static address for the switch:1. Click Sys
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 415 –NOTE: The switch will also broadcast a request for IP configurat
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 416 – An IPv6 default gateway must be defined if the management stati
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 417 –reachability information about the paths to active neighbors. Th
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 418 – Duplicate address detection determines if a new unicast IPv6 ad
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 419 –3. Specify the VLAN to configure, enable address auto-configurat
TABLES– 42 –Table 32: General Command Modes 478Table 33: Configuration Command Modes 480Table 34: Keystroke Commands 481Table 35: Command Group I
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 420 –◆ To connect to a larger network with multiple subnets, you must
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 421 –of the address comprise the prefix (i.e., the network portion of
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 422 –Figure 253: Configuring an IPv6 AddressSHOWING IPV6ADDRESSESUse
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 423 –Note that the solicited-node multicast address (link-local scope
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 424 –WEB INTERFACETo show neighboring IPv6 devices:1. Click IP, IPv6
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 425 –SHOWING IPV6STATISTICSUse the IP > IPv6 Configuration (Show S
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 426 –Address Errors The number of input datagrams discarded because t
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 427 –Generated Fragments The number of output datagram fragments that
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 428 –Destination Unreachable MessagesThe number of ICMP Destination U
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 429 –WEB INTERFACETo show the IPv6 statistics:1. Click IP, IPv6 Confi
TABLES– 43 –Table 68: Telnet Server Commands 607Table 69: Secure Shell Commands 609Table 70: show ssh - display description 618Table 71: 802.1X P
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 430 –Figure 258: Showing IPv6 Statistics (UDP)SHOWING THE MTUFOR RES
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 431 –WEB INTERFACETo show the MTU reported from other devices:1. Clic
CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 432 –
– 433 –17 IP SERVICESThis chapter describes how to configure Domain Name Service (DNS) on this switch. For information on DHCP snooping which is inc
CHAPTER 17 | IP ServicesConfiguring a List of Domain Names– 434 –WEB INTERFACETo configure general settings for DNS:1. Click IP Service, DNS.2. Se
CHAPTER 17 | IP ServicesConfiguring a List of Domain Names– 435 –PARAMETERSThese parameters are displayed:Domain Name – Name of the host. Do not i
CHAPTER 17 | IP ServicesConfiguring a List of Name Servers– 436 –CONFIGURING A LIST OF NAME SERVERSUse the IP Service > DNS - General (Add Name
CHAPTER 17 | IP ServicesConfiguring Static DNS Host to Address Entries– 437 –To show the list name servers:1. Click IP Service, DNS.2. Select Show
CHAPTER 17 | IP ServicesConfiguring Static DNS Host to Address Entries– 438 –WEB INTERFACETo configure static entries in the DNS table:1. Click IP
CHAPTER 17 | IP ServicesDisplaying the DNS Cache– 439 –DISPLAYING THE DNS CACHEUse the IP Service > DNS - Cache page to display entries in the
TABLES– 44 –Table 104: GVRP and Bridge Extension Commands 782Table 105: Commands for Editing VLAN Groups 786Table 106: Commands for Configuring VL
CHAPTER 17 | IP ServicesDisplaying the DNS Cache– 440 –
– 441 –18 MULTICAST FILTERING This chapter describes how to configure the following multicast servcies:◆ IGMP – Configuring snooping and query param
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 442 –device, most commonly a multicast router. In this way, the switch can disc
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 443 –NOTE: When the switch is configured to use IGMPv3 snooping, the snooping v
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 444 –CONFIGURING IGMPSNOOPING AND QUERYPARAMETERSUse the Multicast > IGMP Sn
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 445 –◆ Proxy Reporting Status – Enables IGMP Snooping with Proxy Reporting. (De
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 446 –When the root bridge in a spanning tree receives a TCN for a VLAN where IG
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 447 –◆ IGMP Snooping Version – Sets the protocol version for compatibility with
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 448 –attached router. This can ensure that multicast traffic is passed to all t
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 449 –Figure 271: Showing Static Interfaces Attached a Multicast RouterTo show
TABLES– 45 –Table 140: show ipv6 interface - display description 935Table 141: show ipv6 mtu - display description 937Table 142: show ipv6 traffic
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 450 –COMMAND USAGE◆ Static multicast addresses are never aged out.◆ When a mult
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 451 –Figure 274: Showing Static Interfaces Assigned to a Multicast ServiceTo s
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 452 –COMMAND USAGEMulticast Router DiscoveryThere have been many mechanisms use
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 453 –Advertisement and Termination messages are sent to the All-Snoopers multic
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 454 –enabled on an interface if it is connected to only one IGMP-enabled device
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 455 –◆ Query Response Interval – The maximum time the system waits for a respon
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 456 –WEB INTERFACETo configure IGMP snooping on a VLAN:1. Click Multicast, IGMP
CHAPTER 18 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 457 –Figure 277: Showing Interface Settings for IGMP Snooping DISPLAYINGMULTIC
CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 458 –WEB INTERFACETo show multicast groups learned through IGMP snooping:1.
CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 459 –ENABLING IGMPFILTERING ANDTHROTTLINGUse the Multicast > IGMP Snoopin
TABLES– 46 –
CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 460 –PARAMETERSThese parameters are displayed:Add◆ Profile ID – Creates an I
CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 461 –3. Select Show from the Action list.Figure 281: Showing the IGMP Filte
CHAPTER 18 | Multicast FilteringFiltering and Throttling IGMP Groups– 462 –To show the multicast groups configured for an IGMP filter profile:1. C
CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 463 –◆ Current Multicast Groups – Displays the current multicast groups the interface
CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 464 –MVR maintains the user isolation and data security provided by VLAN segregation
CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 465 –CONFIGURING GLOBALMVR SETTINGSUse the Multicast > MVR (Configure General) pag
CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 466 –WEB INTERFACETo configure global settings for MVR:1. Click Multicast, MVR.2. Sel
CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 467 –◆ One or more interfaces may be configured as MVR source ports. A source port is
CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 468 –multicast traffic from one of the MVR groups, or a multicast group has been stat
CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 469 –WEB INTERFACETo assign a static MVR group to a port:1. Click Multicast, MVR.2. S
– 47 –SECTION IGETTING STARTEDThis section provides an overview of the switch, and introduces some basic concepts about network switches. It also de
CHAPTER 18 | Multicast FilteringMulticast VLAN Registration– 470 –DISPLAYING MVRRECEIVER GROUPSUse the Multicast > MVR (Show Member) page to di
– 471 –SECTION IIICOMMAND LINE INTERFACEThis section provides a detailed description of the Command Line Interface, along with examples for all of t
SECTION III | Command Line Interface– 472 –◆ "Multicast Filtering Commands" on page 849◆ "LLDP Commands" on page 883◆ "Do
– 473 –19 USING THE COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).ACCESSING THE CLIWhen accessing the man
CHAPTER 19 | Using the Command Line InterfaceAccessing the CLI– 474 –TELNET CONNECTION Telnet operates over the IP transport protocol. In this env
CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 475 –NOTE: You can open up to four sessions to the device via Telnet.ENTERING COMM
CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 476 –GETTING HELP ONCOMMANDSYou can display a brief description of the help system
CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 477 – sntp Simple Network Time Protocol configuration spanning-
CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 478 –UNDERSTANDINGCOMMAND MODESThe command set is divided into Exec and Configurat
CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 479 –Username: guestPassword: [guest login password] CLI session with the MS45349
SECTION I | Getting Started– 48 –
CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 480 –To enter the Global Configuration mode, enter the command configure in Privil
CHAPTER 19 | Using the Command Line InterfaceEntering Commands– 481 –COMMAND LINEPROCESSINGCommands are not case sensitive. You can abbreviate com
CHAPTER 19 | Using the Command Line InterfaceCLI Command Groups– 482 –CLI COMMAND GROUPSThe system commands can be broken down into the functional
CHAPTER 19 | Using the Command Line InterfaceCLI Command Groups– 483 –The access mode shown in the following tables is indicated by these abbrevia
CHAPTER 19 | Using the Command Line InterfaceCLI Command Groups– 484 –
– 485 –20 GENERAL COMMANDSThese commands are used to control the command access mode, configuration mode, and other basic functions.prompt This comm
CHAPTER 20 | General Commands– 486 –EXAMPLE Console(config)#prompt RD2RD2(config)#reload (GlobalConfiguration)This command restarts the system at
CHAPTER 20 | General Commands– 487 –COMMAND USAGE ◆ This command resets the entire system. ◆ Any combination of reload options may be specified. I
CHAPTER 20 | General Commands– 488 –EXAMPLE Console>enablePassword: [privileged level password]Console#RELATED COMMANDS disable (490)enable pas
CHAPTER 20 | General Commands– 489 –EXAMPLE In this example, the show history command lists the contents of the command history buffer:Console#sho
– 49 –1 INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configur
CHAPTER 20 | General Commands– 490 –disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only dis
CHAPTER 20 | General Commands– 491 –show reload This command displays the current reload settings, and the time at which next scheduled reload wil
CHAPTER 20 | General Commands– 492 –EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and t
– 493 –21 SYSTEM MANAGEMENT COMMANDSThese commands are used to control system logs, passwords, user names, management options, and display or config
CHAPTER 21 | System Management CommandsBanner Information– 494 –hostname This command specifies or modifies the host name for this device. Use the
CHAPTER 21 | System Management CommandsBanner Information– 495 –banner configure This command is used to interactively specify administrative info
CHAPTER 21 | System Management CommandsBanner Information– 496 –Row: 7Rack: 29Shelf in this rack: 8Information about DC power supply.Floor: 2Row:
CHAPTER 21 | System Management CommandsBanner Information– 497 –banner configuredc-power-infoThis command is use to configure DC power information
CHAPTER 21 | System Management CommandsBanner Information– 498 –COMMAND MODEGlobal ConfigurationCOMMAND USAGE Input strings cannot contain spaces.
CHAPTER 21 | System Management CommandsBanner Information– 499 –EXAMPLE Console(config)#banner configure equipment-info manufacturer-id MS453490M
– 5 –CONTENTSABOUT THIS GUIDE 3CONTENTS 5FIGURES 31TABLES 41SECTION I GETTING STARTED 471INTRODUCTION 49Key Features 49Description of Software Feat
CHAPTER 1 | IntroductionDescription of Software Features– 50 –DESCRIPTION OF SOFTWARE FEATURESThe switch provides a wide range of advanced perform
CHAPTER 21 | System Management CommandsBanner Information– 500 –COMMAND MODEGlobal ConfigurationCOMMAND USAGE Input strings cannot contain spaces.
CHAPTER 21 | System Management CommandsBanner Information– 501 –banner configuremanager-infoThis command is used to configure the manager contact
CHAPTER 21 | System Management CommandsBanner Information– 502 –DEFAULT SETTING NoneCOMMAND MODEGlobal ConfigurationCOMMAND USAGE Input strings ca
CHAPTER 21 | System Management CommandsSystem Status– 503 –show banner This command displays all banner information.COMMAND MODENormal Exec, Privi
CHAPTER 21 | System Management CommandsSystem Status– 504 –show access-listtcam-utilizationThis command shows utilization parameters for TCAM (Ter
CHAPTER 21 | System Management CommandsSystem Status– 505 –EXAMPLE Console#show process cpu CPU Utilization in the past 5 seconds : 3.98%Console#s
CHAPTER 21 | System Management CommandsSystem Status– 506 –spanning-tree mst configuration!interface ethernet 1/1 switchport allowed vlan add 1 un
CHAPTER 21 | System Management CommandsSystem Status– 507 –RELATED COMMANDSshow running-config (505)show system This command displays system infor
CHAPTER 21 | System Management CommandsSystem Status– 508 –EXAMPLE Console#show users User Name Accounts: User Name Privilege Public-Key -------
CHAPTER 21 | System Management CommandsFrame Size– 509 –FRAME SIZEThis section describes commands used to configure the Ethernet frame size on the
CHAPTER 1 | IntroductionDescription of Software Features– 51 –ACCESS CONTROLLISTSACLs provide packet filtering for IP frames (based on address, pr
CHAPTER 21 | System Management CommandsFile Management– 510 –FILE MANAGEMENTManaging FirmwareFirmware can be uploaded and downloaded to or from an
CHAPTER 21 | System Management CommandsFile Management– 511 –boot system This command specifies the file or image used to start up the system.SYNT
CHAPTER 21 | System Management CommandsFile Management– 512 –copy This command moves (upload/download) a code image or configuration file between
CHAPTER 21 | System Management CommandsFile Management– 513 –◆ The Boot ROM and Loader cannot be uploaded or downloaded from the FTP/TFTP server.
CHAPTER 21 | System Management CommandsFile Management– 514 –The following example shows how to download a configuration file: Console#copy tftp s
CHAPTER 21 | System Management CommandsFile Management– 515 –delete This command deletes a file or image.SYNTAX delete filenamefilename - Name of
CHAPTER 21 | System Management CommandsFile Management– 516 –COMMAND USAGE ◆ If you enter the command dir without any parameters, the system displ
CHAPTER 21 | System Management CommandsFile Management– 517 –EXAMPLEThis example shows the information displayed by the whichboot command. See the
CHAPTER 21 | System Management CommandsFile Management– 518 –◆ Any changes made to the default setting can be displayed with the show running-conf
CHAPTER 21 | System Management CommandsFile Management– 519 –◆ When specifying a TFTP server, the following syntax must be used, where filedir ind
CHAPTER 1 | IntroductionDescription of Software Features– 52 –IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address
CHAPTER 21 | System Management CommandsLine– 520 –LINEYou can access the onboard configuration program by attaching a VT100 compatible device to t
CHAPTER 21 | System Management CommandsLine– 521 –COMMAND MODE Global Configuration COMMAND USAGE Telnet is considered a virtual terminal connecti
CHAPTER 21 | System Management CommandsLine– 522 –RELATED COMMANDS parity (523)exec-timeout This command sets the interval that the system waits u
CHAPTER 21 | System Management CommandsLine– 523 –DEFAULT SETTING login localCOMMAND MODE Line Configuration COMMAND USAGE ◆ There are three authe
CHAPTER 21 | System Management CommandsLine– 524 –DEFAULT SETTING No parityCOMMAND MODE Line Configuration COMMAND USAGE Communication protocols p
CHAPTER 21 | System Management CommandsLine– 525 –EXAMPLE Console(config-line)#password 0 secretConsole(config-line)#RELATED COMMANDSlogin (522)pa
CHAPTER 21 | System Management CommandsLine– 526 –silent-time This command sets the amount of time the management console is inaccessible after th
CHAPTER 21 | System Management CommandsLine– 527 –supported. If you select the “auto” option, the switch will automatically detect the baud rate c
CHAPTER 21 | System Management CommandsLine– 528 –COMMAND MODE Line ConfigurationCOMMAND USAGE ◆ If a login attempt is not detected within the tim
CHAPTER 21 | System Management CommandsEvent Logging– 529 –show line This command displays the terminal line’s parameters.SYNTAX show line [consol
CHAPTER 1 | IntroductionDescription of Software Features– 53 –VIRTUAL LANS The switch supports up to 255 VLANs. A Virtual LAN is a collection of n
CHAPTER 21 | System Management CommandsEvent Logging– 530 –logging facility This command sets the facility type for remote logging of syslog messa
CHAPTER 21 | System Management CommandsEvent Logging– 531 –logging history This command limits syslog messages saved to switch memory based on sev
CHAPTER 21 | System Management CommandsEvent Logging– 532 –logging host This command adds a syslog server host IP address that will receive loggin
CHAPTER 21 | System Management CommandsEvent Logging– 533 –RELATED COMMANDSlogging history (531)logging trap (533)clear log (533)logging trap This
CHAPTER 21 | System Management CommandsEvent Logging– 534 –COMMAND MODE Privileged ExecEXAMPLE Console#clear logConsole#RELATED COMMANDSshow log (
CHAPTER 21 | System Management CommandsEvent Logging– 535 –show logging This command displays the configuration settings for logging messages to l
CHAPTER 21 | System Management CommandsSMTP Alerts– 536 –REMOTELOG Level Type: Debugging messagesREMOTELOG server IP Address: 1.2.3.4REMOTE
CHAPTER 21 | System Management CommandsSMTP Alerts– 537 –logging sendmail This command enables SMTP event handling. Use the no form to disable thi
CHAPTER 21 | System Management CommandsSMTP Alerts– 538 –EXAMPLEConsole(config)#logging sendmail host 192.168.1.19Console(config)#logging sendmail
CHAPTER 21 | System Management CommandsSMTP Alerts– 539 –COMMAND MODE Global ConfigurationCOMMAND USAGE You can specify up to five recipients for
CHAPTER 1 | IntroductionSystem Defaults– 54 –QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management mechanisms use
CHAPTER 21 | System Management CommandsTime– 540 –SMTP Minimum Severity Level: 7SMTP destination email addresses----------------------------------
CHAPTER 21 | System Management CommandsTime– 541 –COMMAND USAGE ◆ The time acquired from time servers is used to record accurate dates and times f
CHAPTER 21 | System Management CommandsTime– 542 –RELATED COMMANDSsntp client (540)sntp server This command sets the IP address of the servers to
CHAPTER 21 | System Management CommandsTime– 543 –EXAMPLE Console#show sntpCurrent Time : Nov 5 18:51:22 2006Poll Interval : 16 secondsCurrent
CHAPTER 21 | System Management CommandsTime– 544 –calendar set This command sets the system clock. It may be used if there is no time server on yo
CHAPTER 21 | System Management CommandsTime Range– 545 –TIME RANGEThis section describes the commands used to sets a time range for use by other f
CHAPTER 21 | System Management CommandsTime Range– 546 –absolute This command sets the time range for the execution of a command. Use the no form
CHAPTER 21 | System Management CommandsTime Range– 547 –monday - Mondaysaturday - Saturdaysunday - Sundaythursday - Thursdaytuesday - Tuesdaywedne
CHAPTER 21 | System Management CommandsSwitch Clustering– 548 –SWITCH CLUSTERINGSwitch Clustering is a method of grouping switches together to ena
CHAPTER 21 | System Management CommandsSwitch Clustering– 549 –cluster This command enables clustering on the switch. Use the no form to disable c
CHAPTER 1 | IntroductionSystem Defaults– 55 –Web Management HTTP Server EnabledHTTP Port Number 80HTTP Secure Server EnabledHTTP Secure Server Por
CHAPTER 21 | System Management CommandsSwitch Clustering– 550 –COMMAND USAGE ◆ Once a switch has been configured to be a cluster Commander, it aut
CHAPTER 21 | System Management CommandsSwitch Clustering– 551 –cluster member This command configures a Candidate switch as a cluster Member. Use
CHAPTER 21 | System Management CommandsSwitch Clustering– 552 –EXAMPLEConsole#rcommand id 1 CLI session with the MS453490M is opened. To
CHAPTER 21 | System Management CommandsSwitch Clustering– 553 –show clustercandidatesThis command shows the discovered Candidate switches in the n
CHAPTER 21 | System Management CommandsSwitch Clustering– 554 –
– 555 –22 SNMP COMMANDSControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the e
CHAPTER 22 | SNMP Commands– 556 –snmp-server This command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c,
CHAPTER 22 | SNMP Commands– 557 –snmp-servercommunityThis command defines community access strings used to authorize management access by clients
CHAPTER 22 | SNMP Commands– 558 –EXAMPLE Console(config)#snmp-server contact PaulConsole(config)#RELATED COMMANDSsnmp-server location (558)snmp-se
CHAPTER 22 | SNMP Commands– 559 –Console#show snmpSNMP Agent : EnabledSNMP Traps : Authentication : Enabled Link-up-down : EnabledSNMP Communiti
CHAPTER 1 | IntroductionSystem Defaults– 56 –Traffic Prioritization Ingress Port Priority 0Queue Mode WRRQueue Weight Queue: 0 1 2 3 Weight: 1
CHAPTER 22 | SNMP Commands– 560 –no keywords, both authentication and link-up-down notifications are enabled. If you enter the command with a keyw
CHAPTER 22 | SNMP Commands– 561 –prior to using the snmp-server host command. (Maximum length: 32 characters)version - Specifies whether to send n
CHAPTER 22 | SNMP Commands– 562 –To send an inform to a SNMPv2c host, complete these steps:1. Enable the SNMP agent (page 556).2. Create a view wi
CHAPTER 22 | SNMP Commands– 563 –snmp-serverengine-idThis command configures an identification string for the SNMPv3 engine. Use the no form to re
CHAPTER 22 | SNMP Commands– 564 –RELATED COMMANDSsnmp-server host (560)snmp-server group This command adds an SNMP group, mapping SNMP users to SN
CHAPTER 22 | SNMP Commands– 565 –EXAMPLEConsole(config)#snmp-server group r&d v3 auth write dailyConsole(config)#snmp-server user This command
CHAPTER 22 | SNMP Commands– 566 –◆ Remote users (i.e., the command specifies a remote engine identifier) must be configured to identify the source
CHAPTER 22 | SNMP Commands– 567 –COMMAND USAGE ◆ Views are used in the snmp-server group command to restrict user access to specified portions of
CHAPTER 22 | SNMP Commands– 568 –show snmp group Four default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c rea
CHAPTER 22 | SNMP Commands– 569 –show snmp user This command shows information on SNMP users.COMMAND MODE Privileged ExecEXAMPLEConsole#show snmp
– 57 –2 INITIAL SWITCH CONFIGURATIONThis chapter includes information on connecting to the switch and basic configuration procedures.CONNECTING TO T
CHAPTER 22 | SNMP Commands– 570 –show snmp view This command shows information on the SNMP views.COMMAND MODE Privileged ExecEXAMPLEConsole#show s
CHAPTER 22 | SNMP Commands– 571 –◆ Disabling logging with this command does not delete the entries stored in the notification log.EXAMPLEThis exam
CHAPTER 22 | SNMP Commands– 572 –◆ To avoid this problem, notification logging should be configured and enabled using the snmp-server notify-filte
CHAPTER 22 | SNMP Commands– 573 –show snmp notify-filterThis command displays the configured notification logs.COMMAND MODE Privileged ExecEXAMPLE
CHAPTER 22 | SNMP Commands– 574 –
– 575 –23 REMOTE MONITORING COMMANDSRemote Monitoring allows a remote device to collect information or respond to specified events on an independent
CHAPTER 23 | Remote Monitoring Commands– 576 –rmon alarm This command sets threshold bounds for a monitored variable. Use the no form to remove an
CHAPTER 23 | Remote Monitoring Commands– 577 –such event will not be generated until the sampled value has risen above the falling threshold, reac
CHAPTER 23 | Remote Monitoring Commands– 578 –COMMAND USAGE ◆ If an event is already defined for an index, the entry must be deleted before any ch
CHAPTER 23 | Remote Monitoring Commands– 579 –EXAMPLEConsole(config)#interface ethenet 1/1Console(config-if)#rmon collection history 21 buckets 2
CHAPTER 2 | Initial Switch ConfigurationConnecting to the Switch– 58 –◆ Control port access through IEEE 802.1X security or static address filteri
CHAPTER 23 | Remote Monitoring Commands– 580 –show rmon alarm This command shows the settings for all configured alarms.COMMAND MODE Privileged Ex
CHAPTER 23 | Remote Monitoring Commands– 581 – buckets requested = 8 buckets granted = 8 Interval = 30 Owner RMON_S
CHAPTER 23 | Remote Monitoring Commands– 582 –
– 583 –24 AUTHENTICATION COMMANDS You can configure this switch to authenticate users logging into the system for management access using local or r
CHAPTER 24 | Authentication CommandsUser Accounts– 584 –enable password After initially logging onto the system, you should set the Privileged Exe
CHAPTER 24 | Authentication CommandsUser Accounts– 585 –username This command adds named users, requires authentication at login, specifies or cha
CHAPTER 24 | Authentication CommandsAuthentication Sequence– 586 –AUTHENTICATION SEQUENCEThree authentication methods can be specified to authenti
CHAPTER 24 | Authentication CommandsAuthentication Sequence– 587 –EXAMPLE Console(config)#authentication enable radiusConsole(config)#RELATED COMM
CHAPTER 24 | Authentication CommandsRADIUS Client– 588 –RELATED COMMANDSusername - for setting the local user names and passwords (585)RADIUS CLIE
CHAPTER 24 | Authentication CommandsRADIUS Client– 589 –radius-server auth-portThis command sets the RADIUS server network port. Use the no form t
CHAPTER 2 | Initial Switch ConfigurationConnecting to the Switch– 59 – Set flow control to none. Set the emulation mode to VT100. When using Hyp
CHAPTER 24 | Authentication CommandsRADIUS Client– 590 –DEFAULT SETTING auth-port - 1812acct-port - 1813timeout - 5 secondsretransmit - 2COMMAND M
CHAPTER 24 | Authentication CommandsRADIUS Client– 591 –DEFAULT SETTING 2COMMAND MODE Global ConfigurationEXAMPLE Console(config)#radius-server re
CHAPTER 24 | Authentication CommandsTACACS+ Client– 592 – Retransmit Times : 2 Request Timeout : 5Server 1: Server IP Address : 192.168.1
CHAPTER 24 | Authentication CommandsTACACS+ Client– 593 –DEFAULT SETTING 10.11.12.13COMMAND MODE Global ConfigurationEXAMPLE Console(config)#tacac
CHAPTER 24 | Authentication CommandsTACACS+ Client– 594 –EXAMPLE Console(config)#tacacs-server key greenConsole(config)#tacacs-server port This co
CHAPTER 24 | Authentication CommandsAAA– 595 –AAAThe Authentication, Authorization, and Accounting (AAA) feature provides the main framework for c
CHAPTER 24 | Authentication CommandsAAA– 596 –group - Specifies the server group to use.tacacs+ - Specifies all TACACS+ hosts configure with the t
CHAPTER 24 | Authentication CommandsAAA– 597 –group - Specifies the server group to use.radius - Specifies all RADIUS hosts configure with the rad
CHAPTER 24 | Authentication CommandsAAA– 598 –group - Specifies the server group to use.radius - Specifies all RADIUS hosts configure with the rad
CHAPTER 24 | Authentication CommandsAAA– 599 –◆ Using the command without specifying an interim interval enables updates, but does not change the
CONTENTS– 6 –Configuration Options 57Required Connections 58Remote Connections 59Basic Configuration 60Console Connection 60Setting Passwords
CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 60 –BASIC CONFIGURATIONCONSOLECONNECTIONThe CLI program provides two different comman
CHAPTER 24 | Authentication CommandsAAA– 600 –aaa group server Use this command to name a group of security server hosts. To remove a server group
CHAPTER 24 | Authentication CommandsAAA– 601 –EXAMPLE Console(config)#aaa group server radius tpsConsole(config-sg-radius)#server 10.2.68.120Conso
CHAPTER 24 | Authentication CommandsAAA– 602 –EXAMPLE Console(config)#line consoleConsole(config-line)#accounting exec tpsConsole(config-line)#exi
CHAPTER 24 | Authentication CommandsWeb Server– 603 –statistics - Displays accounting records.user-name - Displays accounting records for a specif
CHAPTER 24 | Authentication CommandsWeb Server– 604 –ip http port This command specifies the TCP port number used by the web browser interface. Us
CHAPTER 24 | Authentication CommandsWeb Server– 605 –ip http secure-serverThis command enables the secure hypertext transfer protocol (HTTPS) over
CHAPTER 24 | Authentication CommandsWeb Server– 606 –◆ To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” o
CHAPTER 24 | Authentication CommandsTelnet Server– 607 –TELNET SERVERThis section describes commands used to configure Telnet management access to
CHAPTER 24 | Authentication CommandsTelnet Server– 608 –ip telnet port This command specifies the TCP port number used by the Telnet interface. Us
CHAPTER 24 | Authentication CommandsSecure Shell– 609 –show ip telnet This command displays the configuration settings for the Telnet server. COMM
CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 61 –Console#configureConsole(config)#username guest password 0 [password]Console(conf
CHAPTER 24 | Authentication CommandsSecure Shell– 610 –Configuration GuidelinesThe SSH server on this switch supports both password and public key
CHAPTER 24 | Authentication CommandsSecure Shell– 611 –4. Set the Optional Parameters – Set other optional parameters, including the authenticatio
CHAPTER 24 | Authentication CommandsSecure Shell– 612 –c. The client sends a signature generated using the private key to the switch.d. When the s
CHAPTER 24 | Authentication CommandsSecure Shell– 613 –COMMAND USAGE ◆ The SSH server supports up to four client sessions. The maximum number of c
CHAPTER 24 | Authentication CommandsSecure Shell– 614 –ip ssh timeout This command configures the timeout for the SSH server. Use the no form to r
CHAPTER 24 | Authentication CommandsSecure Shell– 615 –EXAMPLE Console#delete public-key admin dsaConsole#ip ssh crypto host-key generateThis comm
CHAPTER 24 | Authentication CommandsSecure Shell– 616 –ip ssh cryptozeroizeThis command clears the host key from memory (i.e. RAM). SYNTAX ip ssh
CHAPTER 24 | Authentication CommandsSecure Shell– 617 –RELATED COMMANDSip ssh crypto host-key generate (615)show ip ssh This command displays the
CHAPTER 24 | Authentication CommandsSecure Shell– 618 –1854900028313416250083487184495220874292122556916656552963281635169640408315547660664151657
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 619 –802.1X PORT AUTHENTICATIONThe switch supports IEEE 802.1X (dot1x) port-based
CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 62 –4. To set the IP address of the default gateway for the network to which the swit
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 620 –dot1x default This command sets all configurable dot1x global and port settin
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 621 –EXAMPLEThis example instructs the switch to pass all EAPOL frame through to a
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 622 –EXAMPLEConsole(config)#interface eth 1/2Console(config-if)#dot1x intrusion-ac
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 623 –DEFAULTSingle-hostCOMMAND MODEInterface ConfigurationCOMMAND USAGE ◆ The “max
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 624 –EXAMPLEConsole(config)#interface eth 1/2Console(config-if)#dot1x port-control
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 625 –COMMAND MODEInterface ConfigurationEXAMPLEConsole(config)#interface eth 1/2Co
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 626 –COMMAND USAGEThis command sets the timeout for EAP-request frames other than
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 627 –COMMAND MODEPrivileged ExecCOMMAND USAGEThe re-authentication process verifie
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 628 –dot1x max-start This command sets the maximum number of times that a port sup
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 629 –◆ A port cannot be configured as a dot1x supplicant if it is a member of a tr
CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 63 –ND retransmit interval is 1000 millisecondsConsole#Address for Multi-segment Netw
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 630 –COMMAND MODEInterface ConfigurationEXAMPLEConsole(config)#interface eth 1/2Co
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 631 –COMMAND USAGEThis command displays the following information:◆ Global 802.1X
CHAPTER 24 | Authentication Commands802.1X Port Authentication– 632 – Current Identifier– The integer (0-255) used by the Authenticator to identif
CHAPTER 24 | Authentication CommandsManagement IP Filter– 633 –Authenticator State MachineState : AuthenticatedReauth Count :
CHAPTER 24 | Authentication CommandsManagement IP Filter– 634 –COMMAND USAGE ◆ If anyone tries to access a management interface on the switch from
CHAPTER 24 | Authentication CommandsManagement IP Filter– 635 –EXAMPLEConsole#show management all-clientManagement Ip Filter HTTP-Client: Start
CHAPTER 24 | Authentication CommandsManagement IP Filter– 636 –
– 637 –25 GENERAL SECURITY MEASURES This switch supports many methods of segregating traffic for clients attached to each of the data ports, and for
CHAPTER 25 | General Security MeasuresPort Security– 638 –PORT SECURITY These commands can be used to enable port security on a port. When MAC add
CHAPTER 25 | General Security MeasuresPort Security– 639 –◆ The mac-learning commands cannot be used if 802.1X Port Authentication has been global
CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 64 – 2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64Joined group address(
CHAPTER 25 | General Security MeasuresPort Security– 640 –addresses when it reaches a configured maximum number. Only incoming traffic with source
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 641 –NETWORK ACCESS (MAC ADDRESS AUTHENTICATION)Network Access
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 642 –network-accessagingUse this command to enable aging for au
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 643 –COMMAND MODE Global Configuration COMMAND USAGE◆ Specified
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 644 –network-accessdynamic-qosUse this command to enable the dy
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 645 –network-accessdynamic-vlanUse this command to enable dynam
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 646 –COMMAND MODEInterface ConfigurationCOMMAND USAGE◆ The VLAN
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 647 –network-accesslink-detection link-downUse this command to
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 648 –EXAMPLEConsole(config)#interface ethernet 1/1Console(confi
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 649 –COMMAND MODE Interface Configuration COMMAND USAGE The max
CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 65 –5. Then save your configuration changes by typing “copy running-config startup-co
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 650 –◆ When port status changes to down, all MAC addresses are
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 651 –mac-authenticationintrusion-actionUse this command to conf
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 652 –show network-accessUse this command to display the MAC aut
CHAPTER 25 | General Security MeasuresNetwork Access (MAC Address Authentication)– 653 –show network-access mac-address-tableUse this command to d
CHAPTER 25 | General Security MeasuresWeb Authentication– 654 –show network-access mac-filterUse this command to display information for entries i
CHAPTER 25 | General Security MeasuresWeb Authentication– 655 –web-auth login-attemptsThis command defines the limit for failed web authentication
CHAPTER 25 | General Security MeasuresWeb Authentication– 656 –web-auth quiet-periodThis command defines the amount of time a host must wait after
CHAPTER 25 | General Security MeasuresWeb Authentication– 657 –web-auth system-auth-controlThis command globally enables web authentication for th
CHAPTER 25 | General Security MeasuresWeb Authentication– 658 –web-auth re-authenticate (Port)This command ends all web authentication sessions co
CHAPTER 25 | General Security MeasuresWeb Authentication– 659 –show web-auth This command displays global web authentication parameters.COMMAND MO
CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 66 –To dynamically generate an IPv6 host address for the switch, complete the followi
CHAPTER 25 | General Security MeasuresDHCP Snooping– 660 –show web-authsummaryThis command displays a summary of web authentication port parameter
CHAPTER 25 | General Security MeasuresDHCP Snooping– 661 –ip dhcp snooping This command enables DHCP snooping globally. Use the no form to restore
CHAPTER 25 | General Security MeasuresDHCP Snooping– 662 – If the DHCP packet is from a client, such as a DECLINE or RELEASE message, the switch f
CHAPTER 25 | General Security MeasuresDHCP Snooping– 663 –ip dhcp snoopingdatabase flashThis command writes all dynamically learned snooping entri
CHAPTER 25 | General Security MeasuresDHCP Snooping– 664 –◆ Use the ip dhcp snooping information option command to specify how to handle DHCP clie
CHAPTER 25 | General Security MeasuresDHCP Snooping– 665 –ip dhcp snoopingverify mac-addressThis command verifies the client’s hardware address st
CHAPTER 25 | General Security MeasuresDHCP Snooping– 666 –◆ When the DHCP snooping is globally disabled, DHCP snooping can still be configured for
CHAPTER 25 | General Security MeasuresDHCP Snooping– 667 –◆ When an untrusted port is changed to a trusted port, all the dynamic DHCP snooping bin
CHAPTER 25 | General Security MeasuresDHCP Snooping– 668 –show ip dhcpsnoopingThis command shows the DHCP snooping configuration settings.COMMAND
CHAPTER 25 | General Security MeasuresIP Source Guard– 669 –IP SOURCE GUARDIP Source Guard is a security feature that filters IP traffic on networ
CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 67 –COMMUNITY STRINGS (FOR SNMP VERSION 1 AND 2C CLIENTS)Community strings are used t
CHAPTER 25 | General Security MeasuresIP Source Guard– 670 –◆ All static entries are configured with an infinite lease time, which is indicated wi
CHAPTER 25 | General Security MeasuresIP Source Guard– 671 –COMMAND MODEInterface Configuration (Ethernet)COMMAND USAGE ◆ Source guard is used to
CHAPTER 25 | General Security MeasuresIP Source Guard– 672 –EXAMPLEThis example enables IP source guard on port 5.Console(config)#interface ethern
CHAPTER 25 | General Security MeasuresARP Inspection– 673 –EXAMPLEConsole#show ip source-guard bindingMacAddress IpAddress Lease(sec)
CHAPTER 25 | General Security MeasuresARP Inspection– 674 –ip arp inspection This command enables ARP Inspection globally on the switch. Use the n
CHAPTER 25 | General Security MeasuresARP Inspection– 675 –ip arp inspectionfilterThis command specifies an ARP ACL to apply to one or more VLANs.
CHAPTER 25 | General Security MeasuresARP Inspection– 676 –ip arp inspectionlog-buffer logsThis command sets the maximum number of entries saved i
CHAPTER 25 | General Security MeasuresARP Inspection– 677 –ip arp inspectionvalidateThis command specifies additional validation of address compon
CHAPTER 25 | General Security MeasuresARP Inspection– 678 –DEFAULT SETTING Disabled on all VLANsCOMMAND MODEGlobal ConfigurationCOMMAND USAGE◆ Whe
CHAPTER 25 | General Security MeasuresARP Inspection– 679 –COMMAND MODEInterface Configuration (Port)COMMAND USAGE◆ This command only applies to u
CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 68 –authentication and privacy is used for v3 clients. Then press <Enter>. Fo
CHAPTER 25 | General Security MeasuresARP Inspection– 680 –show ip arpinspectionconfigurationThis command displays the global configuration settin
CHAPTER 25 | General Security MeasuresARP Inspection– 681 –show ip arpinspection logThis command shows information about entries stored in the log
CHAPTER 25 | General Security MeasuresARP Inspection– 682 –COMMAND MODEPrivileged ExecEXAMPLEConsole#show ip arp inspection vlan 1VLAN ID DAI
– 683 –26 ACCESS CONTROL LISTSAccess Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port
CHAPTER 26 | Access Control ListsIPv4 ACLs– 684 –access-list ip This command adds an IP access list and enters configuration mode for standard or
CHAPTER 26 | Access Control ListsIPv4 ACLs– 685 –permit, deny(Standard IP ACL)This command adds a rule to a Standard IPv4 ACL. The rule sets a fil
CHAPTER 26 | Access Control ListsIPv4 ACLs– 686 –permit, deny(Extended IPv4 ACL)This command adds a rule to an Extended IPv4 ACL. The rule sets a
CHAPTER 26 | Access Control ListsIPv4 ACLs– 687 –port-bitmask – Decimal number representing the port bits to match. (Range: 0-65535)control-flags
CHAPTER 26 | Access Control ListsIPv4 ACLs– 688 –EXAMPLEThis example accepts any incoming packets if the source address is within subnet 10.7.1.x.
CHAPTER 26 | Access Control ListsIPv4 ACLs– 689 –COMMAND USAGE◆ Only one ACL can be bound to a port.◆ If an ACL is already bound to a port and you
CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 69 –“startup1.cfg” that contains system settings for switch initialization, includi
CHAPTER 26 | Access Control ListsMAC ACLs– 690 –EXAMPLE Console#show ip access-list standardIP standard access-list david: permit host 10.1.1.21
CHAPTER 26 | Access Control ListsMAC ACLs– 691 –◆ To remove a rule, use the no permit or no deny command followed by the exact text of a previousl
CHAPTER 26 | Access Control ListsMAC ACLs– 692 –no {permit | deny} untagged-eth2{any | host source | source address-bitmask} {any | host destinati
CHAPTER 26 | Access Control ListsMAC ACLs– 693 –COMMAND USAGE◆ New rules are added to the end of the list.◆ The ethertype option can only be used
CHAPTER 26 | Access Control ListsMAC ACLs– 694 –EXAMPLE Console(config)#interface ethernet 1/2Console(config-if)#mac access-group jerry inConsole(
CHAPTER 26 | Access Control ListsARP ACLs– 695 –ARP ACLSThe commands in this section configure ACLs based on the IP or MAC address contained in AR
CHAPTER 26 | Access Control ListsARP ACLs– 696 –permit, deny (ARPACL)This command adds a rule to an ARP ACL. The rule filters packets matching a s
CHAPTER 26 | Access Control ListsARP ACLs– 697 –EXAMPLE This rule permits packets from any source IP and MAC address to the destination subnet add
CHAPTER 26 | Access Control ListsACL Information– 698 –ACL INFORMATIONThis section describes commands used to display ACL information.show access-
– 699 –27 INTERFACE COMMANDSThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN; or pe
CONTENTS– 7 –Console Port Settings 107Telnet Settings 109Displaying CPU Utilization 110Displaying Memory Utilization 111Resetting the System 11
CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 70 –To save the current configuration settings, enter the following command:1. From
CHAPTER 27 | Interface Commands– 700 –interface This command configures an interface type and enter interface configuration mode. Use the no form
CHAPTER 27 | Interface Commands– 701 –COMMAND USAGEThe alias is displayed in the running-configuration file. An example of the value which a netwo
CHAPTER 27 | Interface Commands– 702 –manually specify the link attributes with the speed-duplex and flowcontrol commands.EXAMPLE The following ex
CHAPTER 27 | Interface Commands– 703 –flowcontrol This command enables flow control. Use the no form to disable flow control.SYNTAX [no] flowcontr
CHAPTER 27 | Interface Commands– 704 –media-type This command forces the port type selected for combination ports 9-10. Use the no form to restore
CHAPTER 27 | Interface Commands– 705 –negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol
CHAPTER 27 | Interface Commands– 706 –speed-duplex This command configures the speed and duplex mode of a given interface when auto-negotiation is
CHAPTER 27 | Interface Commands– 707 –switchport packet-rateThis command configures broadcast, multicast and unknown unicast storm control. Use th
CHAPTER 27 | Interface Commands– 708 –clear counters This command clears statistics on an interface.SYNTAX clear counters interfaceinterface ether
CHAPTER 27 | Interface Commands– 709 –show interfacescountersThis command displays interface statistics. SYNTAX show interfaces counters [interfac
– 71 –SECTION IIWEB CONFIGURATIONThis section describes the basic switch features, along with a detailed description of how to configure each featur
CHAPTER 27 | Interface Commands– 710 – ===== RMON Stats ===== 0 Drop Events 16900558 Octets
CHAPTER 27 | Interface Commands– 711 – Speed-duplex : Auto Capabilities : 10half, 10full, 100half, 100full Broadcast Storm
CHAPTER 27 | Interface Commands– 712 – Egress Rate Limit : Disabled, 1000M bits per second VLAN Membership Mode : Hybrid Ingr
CHAPTER 27 | Interface Commands– 713 –test cable-diagnosticsThis command performs cable diagnostics on the specified port to diagnose any cable fa
CHAPTER 27 | Interface Commands– 714 –show cable-diagnosticsThis command shows the results of a cable diagnostics test.SYNTAX show cable-diagnosti
CHAPTER 27 | Interface Commands– 715 –partner. If none is detected, the switch automatically turns off the transmitter, and most of the receive ci
CHAPTER 27 | Interface Commands– 716 –EXAMPLE Console#show power-save interface ethernet 1/10 Power Saving Status : EnabledConsole#
– 717 –28 LINK AGGREGATION COMMANDSPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network conne
CHAPTER 28 | Link Aggregation Commands– 718 –◆ Any of the Gigabit ports on the front panel can be trunked together, including ports of different m
CHAPTER 28 | Link Aggregation Commands– 719 –EXAMPLE The following example creates trunk 1 and then adds port 10:Console(config)#interface port-ch
SECTION II | Web Configuration– 72 –
CHAPTER 28 | Link Aggregation Commands– 720 –Console#show interfaces status port-channel 1 Information of Trunk 1 Basic Information: Port Type
CHAPTER 28 | Link Aggregation Commands– 721 –the partner only applies to its administrative state, not its operational state.EXAMPLEConsole(config
CHAPTER 28 | Link Aggregation Commands– 722 –lacp system-priority This command configures a port's LACP system priority. Use the no form to r
CHAPTER 28 | Link Aggregation Commands– 723 –DEFAULT SETTING 0COMMAND MODE Interface Configuration (Port Channel)COMMAND USAGE ◆ Ports are only al
CHAPTER 28 | Link Aggregation Commands– 724 –EXAMPLEConsole#show lacp 1 countersPort Channel: 1---------------------------------------------------
CHAPTER 28 | Link Aggregation Commands– 725 –Console#show lacp 1 neighborsPort Channel 1 neighbors------------------------------------------------
CHAPTER 28 | Link Aggregation Commands– 726 – Console#show lacp sysidPort Channel System Priority System MAC Address-----------------------
– 727 –29 PORT MIRRORING COMMANDSData can be mirrored from a local port on the same switch or from a remote port on another switch for analysis at t
CHAPTER 29 | Port Mirroring CommandsLocal Port Mirroring Commands– 728 –mac-address - MAC address in the form of xx-xx-xx-xx-xx-xx or xxxxxxxxxxxx
CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 729 –show port monitor This command displays mirror information.SYNTAX show port mon
– 73 –3 USING THE WEB INTERFACEThis switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics
CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 730 –Configuration GuidelinesTake the following steps to configure an RSPAN session:
CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 731 –be configured. When RSPAN uplink ports are enabled on the switch, 802.1X cannot
CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 732 –◆ The source port and destination port cannot be configured on the same switch.
CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 733 –◆ A destination port can still send and receive switched traffic, and participa
CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 734 –COMMAND USAGE ◆ Only 802.1Q trunk or hybrid (i.e., general use) ports can be co
CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 735 –show rspan Use this command to displays the configuration settings for an RSPAN
CHAPTER 29 | Port Mirroring CommandsRSPAN Mirroring Commands– 736 –
– 737 –30 RATE LIMIT COMMANDSThis function allows the network manager to control the maximum rate for traffic transmitted or received on an interfac
CHAPTER 30 | Rate Limit Commands– 738 –by the storm control command. It is therefore not advisable to use both of these commands on the same inter
– 739 –31 AUTOMATIC TRAFFIC CONTROL COMMANDSAutomatic Traffic Control (ATC) configures bounding thresholds for broadcast and multicast storms which
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 74 –forwarding (i.e., enable Admin Edge Port) to improve the switch’s res
CHAPTER 31 | Automatic Traffic Control Commands– 740 –USAGE GUIDELINESATC includes storm control for broadcast or multicast traffic. The control r
CHAPTER 31 | Automatic Traffic Control Commands– 741 –expires. When ingress traffic falls below this threshold, ATC sends a Storm Alarm Clear Trap
CHAPTER 31 | Automatic Traffic Control Commands– 742 –DEFAULT SETTING 300 seconds COMMAND MODE Global ConfigurationCOMMAND USAGE After the apply t
CHAPTER 31 | Automatic Traffic Control Commands– 743 –EXAMPLE This example sets the release timer to 800 seconds for all ports.Console(config)#aut
CHAPTER 31 | Automatic Traffic Control Commands– 744 –auto-traffic-controlactionThis command sets the control action to limit ingress traffic or s
CHAPTER 31 | Automatic Traffic Control Commands– 745 –auto-traffic-controlalarm-clear-thresholdThis command sets the lower threshold for ingress t
CHAPTER 31 | Automatic Traffic Control Commands– 746 –auto-traffic-controlalarm-fire-thresholdThis command sets the upper threshold for ingress tr
CHAPTER 31 | Automatic Traffic Control Commands– 747 –COMMAND MODE Privileged ExecCOMMAND USAGE This command can be used to manually stop a contro
CHAPTER 31 | Automatic Traffic Control Commands– 748 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#snmp-server enable port-trap
CHAPTER 31 | Automatic Traffic Control Commands– 749 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#snmp-server enable port-trap
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 75 –CONFIGURATIONOPTIONSConfigurable parameters have a dialog box or a dr
CHAPTER 31 | Automatic Traffic Control Commands– 750 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#snmp-server enable port-trap
CHAPTER 31 | Automatic Traffic Control Commands– 751 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#snmp-server enable port-trap
CHAPTER 31 | Automatic Traffic Control Commands– 752 –Storm-control: Multicast Apply-timer(sec) : 300 release-timer(sec) : 900Console#show aut
– 753 –32 ADDRESS TABLE COMMANDSThese commands are used to configure the address table for filtering specified addresses, displaying current entries
CHAPTER 32 | Address Table Commands– 754 –mac-address-tablestaticThis command maps a static address to a destination port in a VLAN. Use the no fo
CHAPTER 32 | Address Table Commands– 755 –clear mac-address-table dynamicThis command removes any learned entries from the forwarding database.DEF
CHAPTER 32 | Address Table Commands– 756 –example, a mask of 00-00-00-00-00-00 means an exact match, and a mask of FF-FF-FF-FF-FF-FF means “any.”◆
– 757 –33 SPANNING TREE COMMANDSThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and command
CHAPTER 33 | Spanning Tree Commands– 758 –spanning-tree This command enables the Spanning Tree Algorithm globally for the switch. Use the no form
CHAPTER 33 | Spanning Tree Commands– 759 –spanning-treeforward-timeThis command configures the spanning tree bridge forward time globally for this
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 76 –MAIN MENU Using the onboard web agent, you can define system paramete
CHAPTER 33 | Spanning Tree Commands– 760 –EXAMPLE Console(config)#spanning-tree hello-time 5Console(config)#RELATED COMMANDSspanning-tree forward-
CHAPTER 33 | Spanning Tree Commands– 761 –spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to resto
CHAPTER 33 | Spanning Tree Commands– 762 –restarts the system in the new mode, temporarily disrupting user traffic.EXAMPLE The following example c
CHAPTER 33 | Spanning Tree Commands– 763 –spanning-treepriorityThis command configures the spanning tree priority globally for this switch. Use th
CHAPTER 33 | Spanning Tree Commands– 764 –revision (767)max-hops (764)spanning-treetransmission-limitThis command configures the minimum interval
CHAPTER 33 | Spanning Tree Commands– 765 –Each bridge decrements the hop count by one before passing on the BPDU. When the hop count reaches zero,
CHAPTER 33 | Spanning Tree Commands– 766 –mst vlan This command adds VLANs to a spanning tree instance. Use the no form to remove the specified VL
CHAPTER 33 | Spanning Tree Commands– 767 –COMMAND MODE MST ConfigurationCOMMAND USAGE The MST region name and revision number (page 767) are used
CHAPTER 33 | Spanning Tree Commands– 768 –spanning-tree bpdu-filterThis command filters all BPDUs received on an edge port. Use the no form to dis
CHAPTER 33 | Spanning Tree Commands– 769 –COMMAND USAGE ◆ An edge port should only be connected to end nodes which do not generate BPDUs. If a BPD
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 77 –Chart Shows Interface, Etherlike, and RMON port statistics 128Cable T
CHAPTER 33 | Spanning Tree Commands– 770 –DEFAULT SETTING By default, the system automatically detects the speed and duplex mode used on each port
CHAPTER 33 | Spanning Tree Commands– 771 –COMMAND USAGE ◆ You can enable this option if an interface is attached to a LAN segment that is at the e
CHAPTER 33 | Spanning Tree Commands– 772 –EXAMPLE Console(config)#interface ethernet 1/5Console(config-if)#spanning-tree link-type point-to-points
CHAPTER 33 | Spanning Tree Commands– 773 –COMMAND MODEInterface Configuration (Ethernet, Port Channel)COMMAND USAGE◆ If the port is configured for
CHAPTER 33 | Spanning Tree Commands– 774 –spanning-tree mstcostThis command configures the path cost on a spanning instance in the Multiple Spanni
CHAPTER 33 | Spanning Tree Commands– 775 –spanning-tree mstport-priorityThis command configures the interface priority on a spanning instance in t
CHAPTER 33 | Spanning Tree Commands– 776 –COMMAND USAGE ◆ This command defines the priority for the use of a port in the Spanning Tree Algorithm.
CHAPTER 33 | Spanning Tree Commands– 777 –EXAMPLE Console(config)#interface ethernet ethernet 1/5Console(config-if)#spanning-tree edge-portConsole
CHAPTER 33 | Spanning Tree Commands– 778 –EXAMPLE Console#spanning-tree loopback-detection release ethernet 1/1Console#spanning-treeprotocol-migra
CHAPTER 33 | Spanning Tree Commands– 779 –show spanning-tree This command shows the configuration for the common spanning tree (CST) or for an ins
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 78 –Configure Session Configures the uplink and down-link ports for a seg
CHAPTER 33 | Spanning Tree Commands– 780 – Root Forward Delay (sec.) : 15 Max. Hops : 20 Remaining Hops
– 781 –34 VLAN COMMANDSA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same phy
CHAPTER 34 | VLAN CommandsGVRP and Bridge Extension Commands– 782 –GVRP AND BRIDGE EXTENSION COMMANDSGARP VLAN Registration Protocol defines a way
CHAPTER 34 | VLAN CommandsGVRP and Bridge Extension Commands– 783 –garp timer This command sets the values for the join, leave and leaveall timers
CHAPTER 34 | VLAN CommandsGVRP and Bridge Extension Commands– 784 –switchportforbidden vlanThis command configures forbidden VLANs. Use the no for
CHAPTER 34 | VLAN CommandsGVRP and Bridge Extension Commands– 785 –EXAMPLE Console(config)#interface ethernet 1/1Console(config-if)#switchport gvr
CHAPTER 34 | VLAN CommandsEditing VLAN Groups– 786 –EXAMPLE Console#show garp timer ethernet 1/1Eth 1/ 1 GARP timer status: Join Timer: 20 cen
CHAPTER 34 | VLAN CommandsEditing VLAN Groups– 787 –vlan database This command enters VLAN database mode. All commands in this mode will take effe
CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 788 –VLAN 1 (the switch’s default VLAN), nor VLAN 4093 (the VLAN used for switch clustering
CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 789 –interface vlan This command enters interface configuration mode for VLANs, which is us
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 79 –MAC Address 185Learning Status Enables MAC address learning on select
CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 790 –tagged - The port only receives tagged frames. DEFAULT SETTING All frame typesCOMMAND
CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 791 –◆ If a trunk has switchport mode set to trunk (i.e., 1Q Trunk), then you can only assi
CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 792 –EXAMPLE The following example shows how to set the interface to port 1 and then enable
CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 793 –switchport nativevlanThis command configures the PVID (i.e., default VLAN ID) for a po
CHAPTER 34 | VLAN CommandsConfiguring VLAN Interfaces– 794 –COMMAND USAGE ◆ Use this command to configure a tunnel across one or more intermediate
CHAPTER 34 | VLAN CommandsDisplaying VLAN Information– 795 –Console(config)#interface ethernet 1/9Console(config-if)#vlan-trunkingConsole(config-i
CHAPTER 34 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 796 – Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S)Cons
CHAPTER 34 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 797 –7. Configure the QinQ tunnel uplink port to dot1Q-tunnel uplink mode (switchport
CHAPTER 34 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 798 –switchport dot1q-tunnel modeThis command configures an interface as a QinQ tunne
CHAPTER 34 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 799 –switchport dot1q-tunnel tpidThis command sets the Tag Protocol Identifier (TPID)
CONTENTS– 8 –Configuring IP Subnet VLANs 179Configuring MAC-based VLANs 181Configuring VLAN Mirroring 1837ADDRESS TABLE SETTINGS 185Configuring M
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 80 –PriorityDefault Priority Sets the default priority for each port or t
CHAPTER 34 | VLAN CommandsConfiguring Port-based Traffic Segmentation– 800 –Console(config-if)#interface ethernet 1/2Console(config-if)#switchport
CHAPTER 34 | VLAN CommandsConfiguring Port-based Traffic Segmentation– 801 –only be forwarded to, and from, the designated uplink port(s). Data ca
CHAPTER 34 | VLAN CommandsConfiguring Protocol-based VLANs– 802 –CONFIGURING PROTOCOL-BASED VLANSThe network devices required to support multiple
CHAPTER 34 | VLAN CommandsConfiguring Protocol-based VLANs– 803 –protocol-vlanprotocol-group(Configuring Groups)This command creates a protocol gr
CHAPTER 34 | VLAN CommandsConfiguring Protocol-based VLANs– 804 –COMMAND MODE Interface Configuration (Ethernet, Port Channel)COMMAND USAGE ◆ When
CHAPTER 34 | VLAN CommandsConfiguring Protocol-based VLANs– 805 –EXAMPLE This shows protocol group 1 configured for IP over Ethernet:Console#show
CHAPTER 34 | VLAN CommandsConfiguring IP Subnet VLANs– 806 –CONFIGURING IP SUBNET VLANSWhen using IEEE 802.1Q port-based VLAN classification, all
CHAPTER 34 | VLAN CommandsConfiguring IP Subnet VLANs– 807 –mapping is found, the PVID of the receiving port is assigned to the frame.◆ The IP sub
CHAPTER 34 | VLAN CommandsConfiguring MAC Based VLANs– 808 –CONFIGURING MAC BASED VLANSWhen using IEEE 802.1Q port-based VLAN classification, all
CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 809 –◆ When MAC-based, IP subnet-based, and protocol-based VLANs are supported concurrently, pr
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 81 –Configure Interface Configures VoIP traffic settings for ports, inclu
CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 810 –voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID. Use
CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 811 –voice vlan aging This command sets the Voice VLAN ID time out. Use the no form to restore
CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 812 –COMMAND USAGE◆ VoIP devices attached to the switch can be identified by the manufacturer’s
CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 813 –EXAMPLE The following example sets port 1 to Voice VLAN auto mode.Console(config)#interfac
CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 814 –DEFAULT SETTINGOUI: EnabledLLDP: DisabledCOMMAND MODEInterface ConfigurationCOMMAND USAGE◆
CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 815 –EXAMPLE The following example enables security filtering on port 1.Console(config)#interfa
CHAPTER 34 | VLAN CommandsConfiguring Voice VLANs– 816 –
– 817 –35 CLASS OF SERVICE COMMANDSThe commands described in this section allow you to specify which data packets have greater precedence when traff
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 2)– 818 –queue mode This command sets the scheduling mode used for processing each
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 2)– 819 –preserving the overall weight ratios between the queues. This produces les
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 82 –Network Access MAC address-based network access authentication 277Con
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 2)– 820 –COMMAND USAGE ◆ This command shares bandwidth at the egress port by defini
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 2)– 821 –frames that do not have VLAN tags are tagged with the input port's de
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 822 –PRIORITY COMMANDS (LAYER 3 AND 4)This section describes commands use
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 823 –DEFAULT SETTING. COMMAND MODE Interface Configuration (Port, Static
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 824 –qos map dscp-mutationThis command maps DSCP values in incoming packe
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 825 –map should be applied at the receiving port (ingress mutation) at th
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 826 –EXAMPLE Console(config)#interface ethernet 1/5Console(config-if)#qos
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 827 –show qos mapdscp-mutationThis command shows the ingress DSCP to inte
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 828 –COMMAND MODE Privileged ExecEXAMPLE Console#show qos map phb-queue i
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 829 –show qos map trust-modeThis command shows the QoS mapping mode.SYNTA
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 83 –Show Rule Shows the rules specified for an ACL 302Configure Interface
CHAPTER 35 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 830 –
– 831 –36 QUALITY OF SERVICE COMMANDSThe commands described in this section are used to configure Differentiated Services (DiffServ) classification
CHAPTER 36 | Quality of Service Commands– 832 –To create a service policy for a specific category of ingress traffic, follow these steps:1. Use th
CHAPTER 36 | Quality of Service Commands– 833 –◆ One or more class maps can be assigned to a policy map (page 835). The policy map is then bound b
CHAPTER 36 | Quality of Service Commands– 834 –match This command defines the criteria used to classify traffic. Use the no form to delete the mat
CHAPTER 36 | Quality of Service Commands– 835 –This example creates a class map call “rd-class#2,” and sets it to match packets marked for IP Prec
CHAPTER 36 | Quality of Service Commands– 836 –COMMAND USAGE ◆ Use the policy-map command to specify the name of the policy map, and then use the
CHAPTER 36 | Quality of Service Commands– 837 – police commands define parameters such as the maximum throughput, burst rate, and response to non-
CHAPTER 36 | Quality of Service Commands– 838 –COMMAND MODE Policy Map Class ConfigurationCOMMAND USAGE ◆ You can configure up to 16 policers (i.e
CHAPTER 36 | Quality of Service Commands– 839 –police srtcm-color This command defines an enforcer for classified traffic based on a single rate t
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 84 –Show Local Device Information 361General Displays general information
CHAPTER 36 | Quality of Service Commands– 840 –◆ The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets according to t
CHAPTER 36 | Quality of Service Commands– 841 –EXAMPLE This example creates a policy called “rd-policy,” uses the class command to specify the pre
CHAPTER 36 | Quality of Service Commands– 842 –violate-action - Action to take when rate exceeds the PIR. (There are not enough tokens in bucket B
CHAPTER 36 | Quality of Service Commands– 843 –When a packet of size B bytes arrives at time t, the following happens if trTCM is configured to op
CHAPTER 36 | Quality of Service Commands– 844 –COMMAND USAGE ◆ The set cos command is used to set the CoS value in the VLAN tag for matching packe
CHAPTER 36 | Quality of Service Commands– 845 –EXAMPLE This example creates a policy called “rd-policy,” uses the class command to specify the pre
CHAPTER 36 | Quality of Service Commands– 846 –show class-map This command displays the QoS class maps which define matching criteria used for cla
CHAPTER 36 | Quality of Service Commands– 847 –Description: class rd-class set phb 3 Console#show policy-map rd-policy class rd-classPolicy Map r
CHAPTER 36 | Quality of Service Commands– 848 –
– 849 –37 MULTICAST FILTERING COMMANDSThis switch uses IGMP (Internet Group Management Protocol) to check for any attached hosts that want to receiv
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 85 –RMON Remote Monitoring 393Configure GlobalAddAlarm Sets threshold bou
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 850 –ip igmp snooping This command enables IGMP snooping globally on the switch or on a se
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 851 –DEFAULT SETTING DisabledCOMMAND MODE Global ConfigurationCOMMAND USAGE ◆ When IGMP sn
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 852 –◆ If the IGMP proxy reporting is configured on a VLAN, this setting takes precedence
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 853 –COMMAND USAGE As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 854 –ip igmp snoopingtcn-floodThis command enables flooding of multicast traffic if a span
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 855 –EXAMPLE The following example enables TCN flooding.Console(config)#ip igmp snooping t
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 856 –COMMAND MODE Global ConfigurationCOMMAND USAGE Once the table used to store multicast
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 857 –ip igmp snoopingversionThis command configures the IGMP snooping version. Use the no
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 858 –DEFAULT SETTING Global: DisabledVLAN: Disabled COMMAND MODE Global ConfigurationCOMMA
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 859 –ip igmp snoopingvlan immediate-leaveThis command immediately deletes a member port of
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 86 –Show MTU Shows the maximum transmission unit (MTU) cache for destina
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 860 –ip igmp snoopingvlan last-memb-query-countThis command configures the number of IGMP
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 861 –COMMAND USAGE ◆ When a multicast host leaves a group, it sends an IGMP leave message.
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 862 –messages is not required and may be disabled using the no ip igmp snooping vlan mrd c
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 863 –EXAMPLE The following example sets the source address for proxied IGMP query messages
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 864 –ip igmp snoopingvlan proxy-query-resp-intvlThis command configures the maximum time t
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 865 –COMMAND USAGE ◆ Static multicast entries are never aged out.◆ When a multicast entry
CHAPTER 37 | Multicast Filtering CommandsIGMP Snooping– 866 –..show ip igmpsnooping groupThis command shows known multicast group, source, and hos
CHAPTER 37 | Multicast Filtering CommandsStatic Multicast Routing– 867 –STATIC MULTICAST ROUTINGThis section describes commands used to configure
CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 868 –show ip igmpsnooping mrouterThis command displays information on stat
CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 869 –ip igmp filter (GlobalConfiguration)This command globally enables IGM
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 87 – Interface 451Configure Configures IGMP snooping per VLAN interface 4
CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 870 –ip igmp profile This command creates an IGMP filter profile number an
CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 871 –EXAMPLE Console(config)#ip igmp profile 19Console(config-igmp-profile
CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 872 –COMMAND USAGE ◆ The IGMP filtering profile must first be created with
CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 873 –ip igmp max-groupsactionThis command sets the IGMP throttling action
CHAPTER 37 | Multicast Filtering CommandsIGMP Filtering and Throttling– 874 –EXAMPLE Console#show ip igmp filterIGMP filter enabledConsole#show ip
CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 875 –DEFAULT SETTING NoneCOMMAND MODE Privileged ExecCOMMAND USAGE Using thi
CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 876 –mvr This command enables Multicast VLAN Registration (MVR) globally on
CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 877 –◆ IGMP snooping and MVR share a maximum number of 255 groups. Any multi
CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 878 –mvr type This command configures an interface as an MVR receiver or sou
CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 879 –mvr vlan group This command statically binds a multicast group to a por
CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 88 –
CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 880 –show mvr This command shows information about the global MVR configurat
CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 881 –The following displays information about the interfaces attached to the
CHAPTER 37 | Multicast Filtering CommandsMulticast VLAN Registration– 882 –Source Address Indicates the source address of the multicast service, o
– 883 –38 LLDP COMMANDSLink Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast d
CHAPTER 38 | LLDP Commands– 884 –lldp This command enables LLDP globally on the switch. Use the no form to disable LLDP.SYNTAX[no] lldpDEFAULT SET
CHAPTER 38 | LLDP Commands– 885 –DEFAULT SETTINGHoldtime multiplier: 4 TTL: 4*30 = 120 secondsCOMMAND MODEGlobal ConfigurationCOMMAND USAGEThe tim
CHAPTER 38 | LLDP Commands– 886 –lldp refresh-interval This command configures the periodic transmit interval for LLDP advertisements. Use the no
CHAPTER 38 | LLDP Commands– 887 –EXAMPLEConsole(config)#lldp reinit-delay 10Console(config)#lldp tx-delay This command configures a delay between
CHAPTER 38 | LLDP Commands– 888 –DEFAULT SETTINGtx-rxCOMMAND MODEInterface Configuration (Ethernet, Port Channel)EXAMPLEConsole(config)#interface
CHAPTER 38 | LLDP Commands– 889 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#lldp basic-tlv management-ip-addressConsole(confi
– 89 –4 BASIC MANAGEMENT TASKSThis chapter describes the following topics:◆ Displaying System Information – Provides basic system description, inclu
CHAPTER 38 | LLDP Commands– 890 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#lldp basic-tlv system-capabilitiesConsole(config-
CHAPTER 38 | LLDP Commands– 891 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#lldp basic-tlv system-nameConsole(config-if)#lldp
CHAPTER 38 | LLDP Commands– 892 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#no lldp dot1-tlv proto-vidConsole(config-if)#lldp
CHAPTER 38 | LLDP Commands– 893 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#no lldp dot1-tlv vlan-nameConsole(config-if)#lldp
CHAPTER 38 | LLDP Commands– 894 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#no lldp dot3-tlv mac-phyConsole(config-if)#lldp d
CHAPTER 38 | LLDP Commands– 895 –◆ SNMP trap destinations are defined using the snmp-server host command.◆ Information about additional changes in
CHAPTER 38 | LLDP Commands– 896 – Eth 1/5 | Tx-Rx True...Console#show lldp config detail ethernet 1/1LLDP Port Configuration Detail Port
CHAPTER 38 | LLDP Commands– 897 – Management Address : 192.168.0.101 (IPv4) LLDP Port Information Interface |PortID Type PortID P
CHAPTER 38 | LLDP Commands– 898 – PortID Type : MAC Address PortID : 00-01-02-03-04-06 SysName : SysDescr
CHAPTER 38 | LLDP Commands– 899 –EXAMPLEswitch#show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated : 2450279 seco
CONTENTS– 9 –Overview 251Configuring VoIP Traffic 251Configuring Telephony OUI 253Configuring VoIP Traffic Ports 25414 SECURITY MEASURES 257AAA A
CHAPTER 4 | Basic Management TasksDisplaying Hardware/Software Versions– 90 –PARAMETERSThese parameters are displayed:◆ System Description – Brief
CHAPTER 38 | LLDP Commands– 900 –
– 901 –39 DOMAIN NAME SERVICE COMMANDSThese commands are used to configure Domain Naming System (DNS) services. Entries can be manually configured i
CHAPTER 39 | Domain Name Service Commands– 902 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ Domain names are added to the end of the list one
CHAPTER 39 | Domain Name Service Commands– 903 –◆ If all name servers are deleted, DNS will automatically be disabled.EXAMPLEThis example enables
CHAPTER 39 | Domain Name Service Commands– 904 –Name Server List:Console#RELATED COMMANDS ip domain-list (901)ip name-server (905)ip domain-lookup
CHAPTER 39 | Domain Name Service Commands– 905 –ip name-server This command specifies the address of one or more domain name servers to use for na
CHAPTER 39 | Domain Name Service Commands– 906 –ipv6 host This command creates a static entry in the DNS table that maps a host name to an IPv6 ad
CHAPTER 39 | Domain Name Service Commands– 907 –clear host This command deletes dynamic entries from the DNS table.SYNTAX clear host {name | *}nam
CHAPTER 39 | Domain Name Service Commands– 908 –show dns cache This command displays entries in the DNS cache.COMMAND MODE Privileged ExecEXAMPLE
CHAPTER 39 | Domain Name Service Commands– 909 –Table 132: show hosts - display description Field DescriptionNo. The entry number for each resour
CHAPTER 4 | Basic Management TasksDisplaying Hardware/Software Versions– 91 –PARAMETERSThe following parameters are displayed: Main Board Informat
CHAPTER 39 | Domain Name Service Commands– 910 –
– 911 –40 DHCP COMMANDSThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client functions. DHCP CLIENTUse the commands
CHAPTER 40 | DHCP CommandsDHCP Client– 912 –ip dhcp clientclass-idThis command specifies the DCHP client vendor class identifier for the current i
CHAPTER 40 | DHCP CommandsDHCP Client– 913 –COMMAND USAGE ◆ This command issues a BOOTP or DHCP client request for any IP interface that has been
CHAPTER 40 | DHCP CommandsDHCP Client– 914 –◆ When the DHCP client process is enabled and a prefix is successfully acquired, the prefix is stored
CHAPTER 40 | DHCP CommandsDHCP Client– 915 –show ipv6 dhcp vlan This command shows DHCPv6 information for the specified interface(s).SYNTAX show i
CHAPTER 40 | DHCP CommandsDHCP Client– 916 –
– 917 –41 IP INTERFACE COMMANDS An IP Version 4 and Version 6 address may be used for management access to the switch over the network. Both IPv4 or
CHAPTER 41 | IP Interface CommandsIPv4 Interface– 918 –BASIC IPV4CONFIGURATIONThis section describes commands used to configure IP addresses for V
CHAPTER 41 | IP Interface CommandsIPv4 Interface– 919 –broadcast periodically by the router in an effort to learn its IP address. (BOOTP and DHCP
CHAPTER 4 | Basic Management TasksConfiguring Support for Jumbo Frames– 92 –CONFIGURING SUPPORT FOR JUMBO FRAMESUse the System > Capability pag
CHAPTER 41 | IP Interface CommandsIPv4 Interface– 920 –show ip default-gatewayThis command shows the IPv4 default gateway configured for this devi
CHAPTER 41 | IP Interface CommandsIPv4 Interface– 921 –COMMAND MODE Privileged ExecCOMMAND USAGE ◆ Use the traceroute command to determine the pat
CHAPTER 41 | IP Interface CommandsIPv4 Interface– 922 –COMMAND MODE Normal Exec, Privileged ExecCOMMAND USAGE ◆ Use the ping command to see if ano
CHAPTER 41 | IP Interface CommandsIPv4 Interface– 923 –ARP CONFIGURATION This section describes commands used to configure the Address Resolution
CHAPTER 41 | IP Interface CommandsIPv4 Interface– 924 –clear arp-cache This command deletes all dynamic entries from the Address Resolution Protoc
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 925 –IPV6 INTERFACEThis switch supports the following IPv6 interface commands. Table 139: IPv6 C
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 926 –ipv6 default-gatewayThis command sets an IPv6 default gateway to use when the destination i
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 927 –ipv6 address This command configures an IPv6 global unicast address and enables IPv6 on an
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 928 –Joined group address(es):FF02::1:FF00:72FF02::1:FF00:FDFF02::1IPv6 link MTU is 1500 bytesND
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 929 –EXAMPLE This example assigns a dynamic global unicast address of 2001:DB8:2222:7272:2E0:CFF
CHAPTER 4 | Basic Management TasksDisplaying Bridge Extension Capabilities– 93 –DISPLAYING BRIDGE EXTENSION CAPABILITIESUse the System > Capabi
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 930 –COMMAND USAGE ◆ The prefix must be formatted according to RFC 2373 “IPv6 Addressing Archite
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 931 –Global unicast address(es): 2001:DB8::1:2E0:CFF:FE00:FD/64, subnet is 2001:DB8::1:0:0:0:0/
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 932 –EXAMPLE This example assigns a link-local address of FE80::269:3EF9:FE19:6779 to VLAN 1. No
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 933 –◆ If a duplicate address is detected on the local segment, this interface will be disabled
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 934 –COMMAND USAGE ◆ IPv6 routers do not fragment IPv6 packets forwarded from other routers. How
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 935 –show ipv6 interface This command displays the usability and configured settings for IPv6 in
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 936 –This example displays a brief summary of IPv6 addresses configured on the switch.Console#sh
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 937 –EXAMPLE The following example shows the MTU cache for this device:Console#show ipv6 mtuMTU
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 938 –ICMPv6 Statistics:ICMPv6 received input errors
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 939 –unknown protocols The number of locally-addressed datagrams received successfully but disca
CHAPTER 4 | Basic Management TasksManaging System Files– 94 –WEB INTERFACETo view Bridge Extension information:1. Click System, then Capability. F
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 940 –ICMPv6 StatisticsICMPv6 receivedinput The total number of ICMP messages received by the int
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 941 –clear ipv6 traffic This command resets IPv6 traffic counters.COMMAND MODE Privileged ExecCO
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 942 –ping6 This command sends (IPv6) ICMP echo request packets to another node on the network.SY
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 943 –response time: 0 ms [FE80::2E0:CFF:FE00:FC] seq_no: 4response time: 0 ms [FE80::2E0
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 944 –◆ If the link-local address for an interface is changed, duplicate address detection is per
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 945 –COMMAND USAGE ◆ This command specifies the interval between transmitting neighbor solicitat
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 946 –COMMAND USAGE ◆ The time limit configured by this command allows the switch to detect unava
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 947 –EXAMPLE The following shows all known IPv6 neighbors for this switch:Console#show ipv6 neig
CHAPTER 41 | IP Interface CommandsIPv6 Interface– 948 –
– 949 –SECTION IVAPPENDICESThis section provides additional information and includes these items:◆ "Software Specifications" on page 951◆
CHAPTER 4 | Basic Management TasksManaging System Files– 95 –CLI REFERENCES◆ "copy" on page 512PARAMETERSThe following parameters are di
SECTION IV | Appendices– 950 –
– 951 –A SOFTWARE SPECIFICATIONSSOFTWARE FEATURESMANAGEMENTAUTHENTICATIONLocal, RADIUS, TACACS+, Port Authentication (802.1X), HTTPS, SSH, Port Secu
APPENDIX A | Software SpecificationsManagement Features– 952 –VLAN SUPPORT Up to 256 groups; port-based, protocol-based, tagged (802.1Q),private V
APPENDIX A | Software SpecificationsStandards– 953 –RMON Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event)STANDARDSIEEE 802.1AB Link Layer Dis
APPENDIX A | Software SpecificationsManagement Information Bases– 954 –Extended Bridge MIB (RFC 2674)Extensible SNMP Agents MIB (RFC 2742)Forwardi
– 955 –B TROUBLESHOOTINGPROBLEMS ACCESSING THE MANAGEMENT INTERFACE Table 144: Troubleshooting ChartSymptom ActionCannot connect using Telnet, web b
APPENDIX B | TroubleshootingUsing System Logs– 956 –USING SYSTEM LOGSIf a fault does occur, refer to the Installation Guide to ensure that the pro
– 957 –C LICENSE INFORMATIONThis product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GNU
APPENDIX C | License InformationThe GNU General Public License– 958 –GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND
APPENDIX C | License InformationThe GNU General Public License– 959 –b). Accompany it with a written offer, valid for at least three years, to giv
CHAPTER 4 | Basic Management TasksManaging System Files– 96 –3. Select FTP Upgrade, HTTP Upgrade, or TFTP Upgrade as the file transfer method.4. I
APPENDIX C | License InformationThe GNU General Public License– 960 –9. If the distribution and/or use of the Program is restricted in certain cou
– 961 –GLOSSARYACL Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for c
GLOSSARY– 962 –DIFFSERV Differentiated Services provides quality of service on large networks by employing a well-defined set of building blocks fro
GLOSSARY– 963 –GMRP Generic Multicast Registration Protocol. GMRP allows network devices to register end stations with multicast groups. GMRP requir
GLOSSARY– 964 –IGMP Internet Group Management Protocol. A protocol through which hosts can register with their local router for multicast services.
GLOSSARY– 965 –MD5 MD5 Message-Digest is an algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is
GLOSSARY– 966 –PORT MIRRORING A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON
GLOSSARY– 967 –SNTP Simple Network Time Protocol allows a device to set its internal clock based on periodic updates from a Network Time Protocol (N
GLOSSARY– 968 –VLAN Virtual LAN. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical lo
– 969 –COMMAND LISTAaaa accounting commands 595aaa accounting dot1x 596aaa accounting exec 597aaa accounting update 598aaa authorization exe
CHAPTER 4 | Basic Management TasksManaging System Files– 97 –◆ Destination File Name – Copy to the currently designated startup file, or to a new
– 970 –COMMAND LISTdot1x timeout start-period 630dot1x timeout supp-timeout 625dot1x timeout tx-period 626Eenable 487enable password 584en
– 971 –COMMAND LISTipv6 enable 932ipv6 host 906ipv6 mtu 933ipv6 nd dad attempts 943ipv6 nd ns-interval 944ipv6 nd reachable-time 945Jjum
– 972 –COMMAND LISTport monitor 727port security 639power-save 714prompt 485protocol-vlan protocol-group (Configuring Groups) 803protocol-
– 973 –COMMAND LISTshow mac-address-table 755show mac-address-table aging-time 756show mac-vlan 809show management 634show memory 504show
– 974 –COMMAND LISTstopbits 527subnet-vlan 806switchport acceptable-frame-types 789switchport allowed vlan 790switchport dot1q-tunnel mode
– 975 –INDEXNUMERICS802.1Q tunnel 168, 796access 173, 798configuration, guidelines 171configuration, limitations 171description 168etherne
– 976 –INDEXCLIcommand modes 478showing commands 476clustering switches, management access 405, 549command line interface See CLIcommitted bur
– 977 –INDEXencryptionDSA 293, 295, 615RSA 293, 295, 615engine ID 373, 374, 563event logging 351, 529excess burst size, QoS policy 244, 84
– 978 –INDEXglobal unicast 420, 927link-local 421, 928manual configuration (global unicast) 62, 420, 927manual configuration (link-local) 62
– 979 –INDEXdescription 463interface status, configuring 466, 877, 878interface status, displaying 468, 880setting interface type 467, 878se
CHAPTER 4 | Basic Management TasksManaging System Files– 98 –WEB INTERFACETo set a file to use for system initialization:1. Click System, then Fil
– 980 –INDEXRMON 393, 575alarm, displaying settings 396, 580alarm, setting thresholds 394, 576commands 575event settings, displaying 399,
– 981 –INDEXtime range, ACL 298, 545time zone, setting 106, 543time, setting 103, 540TPID 172, 799traffic segmentation 150, 800assigning p
– 982 –INDEX
MS453490ME072010-CS-R01149xxxxxxxxxx
CHAPTER 4 | Basic Management TasksManaging System Files– 99 –Figure 10: Displaying System FilesAUTOMATICOPERATION CODEUPGRADEUse the System >
Commentaires sur ces manuels