Microsoft ES4649 Bedienungsanleitung

Powered by AcctonManagement GuideES4625/ES464924/48-Port Gigabit EthernetStackable Layer 3 Switch

ContentsxDisplaying Link State Database Information 3-256Displaying Information on Border Routers 3-258Displaying Information on Neighbor Routers 3

Configuring the Switch3-483CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3 GroupsAn SN

Simple Network Management Protocol3-493Table 3-5 Supported Notification MessagesObject Label Object ID DescriptionRFC 1493 TrapsnewRoot 1.3.6.1.2.1.

Configuring the Switch3-503Private TrapsswPowerStatus ChangeTrap1.3.6.1.4.1.259.6.10.64.2.1.0.1 This trap is sent when the power state changes.swFanFa

Simple Network Management Protocol3-513Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, ass

Configuring the Switch3-523Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined vie

User Authentication3-533CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the

Configuring the Switch3-543Command Attributes• Account List – Displays the current list of user accounts and associated access levels. (Defaults: admi

User Authentication3-553Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on spec

Configuring the Switch3-563• RADIUS Settings- Global – Provides globally applicable RADIUS settings.- ServerIndex – Specifies one of five RADIUS serve

User Authentication3-573Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentica

Contentsxidatabits 4-17parity 4-17speed 4-18stopbits 4-18disconnect 4-19show line 4-19General Commands 4-20enable 4-20disable 4-21configure 4-22show

Configuring the Switch3-583Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Sock

User Authentication3-593Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-36 HTTPS SettingsC

Configuring the Switch3-603Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some o

User Authentication3-613be configured locally on the switch via the User Accounts page as described on page 3-53.) The clients are subsequently authen

Configuring the Switch3-623Field Attributes• Public-Key of Host-Key – The public key for the host.- RSA (Version 1): The first field indicates the siz

User Authentication3-633CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then

Configuring the Switch3-643Web – Click Security, SSH, Settings. Enable SSH and adjust the authentication parameters as required, then click Apply. Not

User Authentication3-653Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC add

Configuring the Switch3-663Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbo

User Authentication3-673Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attach

ContentsxiiEvent Logging Commands 4-43logging on 4-43logging history 4-44logging host 4-45logging facility 4-45logging trap 4-46clear log 4-47

Configuring the Switch3-683• The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native suppo

User Authentication3-693Configuring 802.1X Global SettingsThe 802.1X protocol provides port authentication. The 802.1X protocol must be enabled global

Configuring the Switch3-703• Max Request – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before

User Authentication3-713CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example,

Configuring the Switch3-723Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Table 3-7 802.1

User Authentication3-733Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statisti

Configuring the Switch3-743Filtering IP Addresses for Management AccessYou can create a list of up to 16 IP addresses or IP address groups that are al

User Authentication3-753Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interfa

Configuring the Switch3-763Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4

Access Control Lists3-773Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Name

Contentsxiiiradius-server key 4-73radius-server retransmit 4-74radius-server timeout 4-74show radius-server 4-75TACACS+ Client 4-75tacacs-server

Configuring the Switch3-783and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned.Web – Specify the

Access Control Lists3-793• Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicates a specific protocol number (0

Configuring the Switch3-803Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-813Configuring a MAC ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Source/Destina

Configuring the Switch3-823Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-833Configuring ACL MasksYou must specify masks that control the order in which ACL rules are checked. The switch includes two sy

Configuring the Switch3-843Configuring an IP ACL MaskThis mask defines the fields to check in the IP header. Command Usage• Masks that include an entr

Access Control Lists3-853Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source o

Configuring the Switch3-863Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mas

Access Control Lists3-873CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules

Contentsxivshow access-group 4-106SNMP Commands 4-107snmp-server 4-107show snmp 4-108snmp-server community 4-109snmp-server contact 4-109snmp-ser

Configuring the Switch3-883Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egres

Port Configuration3-893• Autonegotiation – Shows if auto-negotiation is enabled or disabled.• Media Type6 – Shows the forced/preferred port type to us

Configuring the Switch3-903• Broadcast storm – Shows if broadcast storm control is enabled or disabled.• Broadcast storm limit – Shows the broadcast s

Port Configuration3-913Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface

Configuring the Switch3-923Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure

Port Configuration3-933Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk offer

Configuring the Switch3-943Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of differ

Port Configuration3-953CLI – This example creates trunk 1 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to

Configuring the Switch3-963Command Attributes• Member List (Current) – Shows configured trunks (Unit, Port).• New – Includes entry fields for creatin

Port Configuration3-973Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following

Contentsxvip domain-name 4-137ip domain-list 4-138ip name-server 4-139ip domain-lookup 4-140show hosts 4-141show dns 4-141show dns cache 4-142c

Configuring the Switch3-983Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can

Port Configuration3-993CLI – The following example configures LACP parameters for ports 1-10. Ports 1-8 are used as active members of the LAG, ports 9

Configuring the Switch3-1003Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters

Port Configuration3-1013Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for the

Configuring the Switch3-1023Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3

Port Configuration3-1033Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for th

Configuring the Switch3-1043CLI – The following example displays the LACP configuration settings and operational state for the remote side of port cha

Port Configuration3-1053Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the threshol

Configuring the Switch3-1063Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can the

Port Configuration3-1073Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or receive

Contentsxvispanning-tree max-age 4-173spanning-tree priority 4-174spanning-tree pathcost method 4-175spanning-tree transmission-limit 4-175spannin

Configuring the Switch3-1083Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like

Port Configuration3-1093Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been det

Configuring the Switch3-1103Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of go

Port Configuration3-1113Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the

Configuring the Switch3-1123CLI – This example shows statistics for port 12.Address Table SettingsSwitches store the addresses for all known devices.

Address Table Settings3-1133Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Configuring the Switch3-1143Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Spanning Tree Algorithm Configuration3-1153Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attribu

Configuring the Switch3-1163Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) trans

Spanning Tree Algorithm Configuration3-1173new root port is selected from among the device ports attached to the network. (References to “ports” in th

Contentsxviishow bridge-ext 4-202switchport gvrp 4-203show gvrp configuration 4-203garp timer 4-204show garp timer 4-205Priority Commands 4-206P

Configuring the Switch3-1183• Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to lea

Spanning Tree Algorithm Configuration3-1193Note: The current root port and current root cost display as zero when this device is not connected to the

Configuring the Switch3-1203• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must configure a rela

Spanning Tree Algorithm Configuration3-1213• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discard

Configuring the Switch3-1223Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-69 STA Global Co

Spanning Tree Algorithm Configuration3-1233CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MS

Configuring the Switch3-1243• Oper Path Cost – The contribution of this port to the path cost of paths towards the spanning tree root which include th

Spanning Tree Algorithm Configuration3-1253• Internal path cost – The path cost for the MST. See the preceding item.• Priority – Defines the priority

Configuring the Switch3-1263CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP and MSTP attr

Spanning Tree Algorithm Configuration3-1273The following interface attributes can be configured:• Spanning Tree – Enables/disables STA on this interfa

Contentsxviiiip igmp snooping query-interval 4-231ip igmp snooping query-max-response-time 4-231ip igmp snooping router-port-expire-time 4-232Stati

Configuring the Switch3-1283• Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs,

Spanning Tree Algorithm Configuration3-1293To use multiple spanning trees:1. Set the spanning tree type to MSTP (STA Configuration, page 3-119).2. Ent

Configuring the Switch3-1303Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priorit

Spanning Tree Algorithm Configuration3-1313CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. -------------------------

Configuring the Switch3-1323Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display the current statu

Spanning Tree Algorithm Configuration3-1333Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usi

Configuring the Switch3-1343• Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower va

VLAN Configuration3-1353VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into separ

Configuring the Switch3-1363Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags sh

VLAN Configuration3-1373these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine secur

Contentsxixip split-horizon 4-260ip rip authentication key 4-260ip rip authentication mode 4-261show rip globals 4-262show ip rip 4-262Open Short

Configuring the Switch3-1383Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange

VLAN Configuration3-1393CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN a

Configuring the Switch3-1403Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4093, no leading zeroes).• Type – Shows how this VLAN was added

VLAN Configuration3-1413Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to

Configuring the Switch3-1423Command Attributes • VLAN – ID of configured VLAN (1-4093).• Name – Name of the VLAN (1 to 32 characters).• Status – Enabl

VLAN Configuration3-1433CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VLAN S

Configuring the Switch3-1443Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLA

VLAN Configuration3-1453Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-300

Configuring the Switch3-1463CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the

VLAN Configuration3-1473Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports des

Contentsxxnbr-timeout 4-301report-interval 4-301flash-update-interval 4-302prune-lifetime 4-302default-gateway 4-303ip dvmrp 4-303ip dvmrp metric 4-

Configuring the Switch3-1483Command UsageTo configure protocol-based VLANs, follow these steps:1. First configure VLAN groups for the protocols you wa

VLAN Configuration3-1493Mapping Protocols to VLANsMap a protocol group to a VLAN for each interface that will participate in the group.Command Usage•

Configuring the Switch3-1503CLI – The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN

Class of Service Configuration3-1513Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfa

Configuring the Switch3-1523Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using eight pri

Class of Service Configuration3-1533Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click

Configuring the Switch3-1543Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

Class of Service Configuration3-1553Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), ente

Configuring the Switch3-1563Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of priori

Class of Service Configuration3-1573Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining ei

ContentsxxiAppendix A: Software Specifications A-1Software Features A-1Management Features A-2Standards A-2Management Information Bases A-3Appendi

Configuring the Switch3-1583CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value

Class of Service Configuration3-1593Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service

Configuring the Switch3-1603Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port number (i.e.

Quality of Service3-1613CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS valu

Configuring the Switch3-1623Configuring Quality of Service Parameters To create a service policy for a specific category or ingress traffic, follow th

Quality of Service3-1633Command AttributesClass Map• Modify Name and Description – Configures the name and a brief description of a class map. (Range:

Configuring the Switch3-1643Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing cl

Quality of Service3-1653Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Command Usage • To configu

Configuring the Switch3-1663Policy Rule Settings- Class Settings -• Class Name – Name of class map.• Action – Shows the service provided to ingress tr

Quality of Service3-1673Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. T

Contentsxxii

Configuring the Switch3-1683CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522

Multicast Filtering3-1693Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A mu

Configuring the Switch3-1703Based on the group membership information learned from IGMP, a router/switch can determine which (if any) multicast traffi

Multicast Filtering3-1713Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Based

Configuring the Switch3-1723Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default se

Multicast Filtering3-1733Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informatio

Configuring the Switch3-1743Specifying Static Interfaces for a Multicast RouterDepending on your network connections, IGMP snooping may not always be

Multicast Filtering3-1753Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast

Configuring the Switch3-1763Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query

Multicast Filtering3-1773Layer 3 IGMP (Query used with Multicast Routing)IGMP Snooping – IGMP Snooping is a Layer 2 function (page 3-171) that can be

xxiiiTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-6Table 3-1 Web Page Configuration Buttons 3-3Table 3-2 Switch Main Menu 3-4Table

Configuring the Switch3-1783• Last Member Query Interval – A multicast client sends an IGMP leave message when it leaves a group. The router then chec

Multicast Filtering3-1793Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parameter

Configuring the Switch3-1803Displaying Multicast Group InformationWhen IGMP (Layer 3) is enabled on this switch the current multicast groups learned v

Configuring Domain Name Service3-1813Configuring Domain Name ServiceThe Domain Naming System (DNS) service on this switch allows host names to be mapp

Configuring the Switch3-1823Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name ser

Configuring Domain Name Service3-1833Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are

Configuring the Switch3-1843Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.Figure 3-

Configuring Domain Name Service3-1853Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name s

Configuring the Switch3-1863CLI - This example displays all the resource records learned from the designated name servers.Dynamic Host Configuration P

Dynamic Host Configuration Protocol3-1873Command Usage You must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP rela

xxivTablesTable 4-18 Logging Levels 4-44Table 4-19 show logging flash/ram - display description 4-48Table 4-20 show logging trap - display descripti

Configuring the Switch3-1883Configuring the DHCP ServerThis switch includes a Dynamic Host Configuration Protocol (DHCP) server that can assign tempor

Dynamic Host Configuration Protocol3-1893Web – Click DHCP, Server, General. Enter a single address or an address range, and click Add. Figure 3-109

Configuring the Switch3-1903Configuring Address PoolsYou must configure IP address pools for each IP interface that will provide addresses to attached

Dynamic Host Configuration Protocol3-1913• Client-Identifier – A unique designation for the client device, either a text string (1-15 characters) or h

Configuring the Switch3-1923Configuring a Network Address PoolWeb – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry.

Dynamic Host Configuration Protocol3-1933Configuring a Host Address PoolWeb – Click DHCP, Server, Pool Configuration. Click the Configure button for a

Configuring the Switch3-1943Displaying Address BindingsYou can display the host devices which have acquired an IP address from this switch’s DHCP serv

Configuring Router Redundancy3-1953Configuring Router Redundancy Router redundancy protocols use a virtual IP address to support a primary router and

Configuring the Switch3-1963• Several virtual master routers configured for mutual backup and load sharing. Load sharing can be accomplished by assign

Configuring Router Redundancy3-1973• VRRP creates a virtual MAC address for the master router based on a standard prefix, with the last octet equal to

xxvTablesTable 4-63 Private VLAN Commands 4-197Table 4-64 Protocol-based VLAN Commands 4-198Table 4-65 GVRP and Bridge Extension Commands 4-202Tabl

Configuring the Switch3-1983Command Attributes (VRRP Group Configuration Detail)• Associated IP Table – IP interfaces associated with this virtual rou

Configuring Router Redundancy3-1993Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add.Figure 3-

Configuring the Switch3-2003Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real interfac

Configuring Router Redundancy3-2013CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary int

Configuring the Switch3-2023CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch.Displaying VRRP

Configuring Router Redundancy3-2033Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group.Figure 3-117 VRRP Group Statisti

Configuring the Switch3-2043IP RoutingOverviewThis switch supports IP routing and routing path management via static routing definitions (page 3-222)

IP Routing3-2053IP SwitchingIP Switching (or packet forwarding) encompasses tasks required to forward packets for both Layer 2 and Layer 3, as well as

Configuring the Switch3-2063the high throughput and low latency of switching by enabling the traffic to bypass the routing engine once the path calcul

IP Routing3-2073Basic IP Interface ConfigurationTo allow routing between different IP subnets, you must enable IP Routing as described in this section

xxviTablesTable 4-108 show ip dvmrp neighbor - display description 4-307Table 4-109 PIM-DM Multicast Routing Commands 4-308Table 4-110 show ip pim n

Configuring the Switch3-2083Configuring IP Routing InterfacesYou can specify the IP subnets connected to this router by manually assigning an IP addre

IP Routing3-2093Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnets. First sp

Configuring the Switch3-2103Address Resolution Protocol If IP routing is enabled (page 3-207), the router uses its routing tables to make routing deci

IP Routing3-2113Basic ARP ConfigurationYou can use the ARP General configuration menu to specify the timeout for ARP cache entries, or to enable Proxy

Configuring the Switch3-2123Configuring Static ARP AddressesFor devices that do not respond to ARP requests, traffic will be dropped because the IP ad

IP Routing3-2133Displaying Dynamically Learned ARP EntriesThe ARP cache contains entries that map IP addresses to the corresponding physical address.

Configuring the Switch3-2143CLI - This example shows all entries in the ARP cache.Displaying Local ARP EntriesThe ARP cache also contains entries for

IP Routing3-2153CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache.Displaying ARP StatisticsYou ca

Configuring the Switch3-2163CLI - This example provides detailed statistics on common IP-related protocols.Displaying Statistics for IP ProtocolsIP St

IP Routing3-2173Datagrams Forwarded The number of input datagrams for which this entity was not their final IP destination, as a result of which an at

xxviiFiguresFigure 3-1 Home Page 3-2Figure 3-2 Front Panel Indicators 3-3Figure 3-3 System Information 3-12Figure 3-4 Switch Information 3-14Figur

Configuring the Switch3-2183Web - Click IP, Statistics, IP.Figure 3-125 IP StatisticsCLI - See the example on page 3-215.ICMP StatisticsInternet Con

IP Routing3-2193Web - Click IP, Statistics, ICMP.Figure 3-126 ICMP StatisticsCLI - See the example on page 3-215.Timestamps The number of ICMP Times

Configuring the Switch3-2203UDP StatisticsUser Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the u

IP Routing3-2213TCP StatisticsThe Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, a

Configuring the Switch3-2223Configuring Static RoutesThis router can dynamically configure routes to other network segments using dynamic routing prot

IP Routing3-2233Displaying the Routing TableYou can display all the routes that can be accessed via the local network interfaces, via static routes, o

Configuring the Switch3-2243CLI - This example shows routes obtained from various methods.Configuring the Routing Information ProtocolThe RIP protocol

IP Routing3-2253routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks. Moreover, RIP (version 1) was

Configuring the Switch3-2263Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset i

IP Routing3-2273Specifying Network Interfaces for RIPYou must specify network interfaces that will be included in the RIP routing process.Command Usag

xxviiiFiguresFigure 3-42 802.1X Port Configuration 3-70Figure 3-43 802.1X Port Statistics 3-73Figure 3-44 IP Filter 3-75Figure 3-45 Selecting ACL T

Configuring the Switch3-2283Configuring Network Interfaces for RIPFor each interface that participates in the RIP routing process, you must specify th

IP Routing3-2293Protocol Message AuthenticationRIPv1 is not a secure protocol. Any device sending protocol messages from UDP port 520 will be consider

Configuring the Switch3-2303• Authentication Key – Specifies the key to use for authenticating RIPv2 packets. For authentication to function properly,

IP Routing3-2313Displaying RIP Information and StatisticsYou can display basic information about the current global configuration settings for RIP, st

Configuring the Switch3-2323Web - Click Routing Protocol, RIP, Statistics.Figure 3-134 RIP Statistics

IP Routing3-2333CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the following co

Configuring the Switch3-2343Configuring the Open Shortest Path First ProtocolOpen Shortest Path First (OSPF) is more suited for large area networks wh

IP Routing3-2353• OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of a point-to-

Configuring the Switch3-2363• AS Boundary Router 24 – Allows this router to exchange routing information with boundary routers in other autonomous sys

IP Routing3-2373Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters a

xxixFiguresFigure 3-87 Traffic Classes 3-153Figure 3-88 Queue Mode 3-154Figure 3-89 Queue Scheduling 3-155Figure 3-90 IP Precedence/DSCP Priority S

Configuring the Switch3-2383Configuring OSPF AreasAn autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0.

IP Routing3-2393 • Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned via OSPF, the default rou

Configuring the Switch3-2403Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for t

IP Routing3-2413Configuring Area Ranges (Route Summarization for ABRs)An OSPF area can include a large number of nodes. If the Area Border Router (ABR

Configuring the Switch3-2423Web - Click Routing Protocol, OSPF, Area Range Configuration. Specify the area identifier, the base address and network ma

IP Routing3-2433Configuring OSPF InterfacesYou should specify a routing interface for any local subnet that needs to communicate with other network se

Configuring the Switch3-2443- On slow links, the router may send packets more quickly than devices can receive them. To avoid this problem, you can us

IP Routing3-2453- You can assign a unique password to each network (i.e., autonomous system) to improve the security of the routing database. However,

Configuring the Switch3-2463Change any of the interface-specific protocol parameters, and then click Apply.Figure 3-139 OSPF Interface Configuration

IP Routing3-2473Configuring Virtual LinksAll OSPF areas must connect to the backbone. If an area does not have a direct physical connection to the bac

Management GuideGigabit Ethernet SwitchLayer 3 Switch with 20/44 RJ-45 Ports, 4 Combination Ports (SFP/RJ-45),1 Extender Module Slot, and 2 Stacking P

xxxFiguresFigure 3-132 RIP Network Addresses 3-227Figure 3-133 RIP Interface Settings 3-230Figure 3-134 RIP Statistics 3-232Figure 3-135 OSPF Gener

Configuring the Switch3-2483Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neig

IP Routing3-2493Configuring Network Area AddressesOSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricted by area to

Configuring the Switch3-2503Web - Click Routing Protocol, OSPF, Network Area Address Configuration. Configure a backbone area that is contiguous with

IP Routing3-2513CLI - This example configures the backbone area and one transit area.Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.0 4-

Configuring the Switch3-2523Configuring Summary Addresses (for External AS Routes)An Autonomous System Boundary Router (ASBR) can redistribute routes

IP Routing3-2533CLI - This example This example creates a summary address for all routes contained in 192.168.x.x.Redistributing External RoutesYou ca

Configuring the Switch3-2543Web - Click Routing Protocol, OSPF, Redistribute. Specify the protocol type to import, the metric type and path cost, then

IP Routing3-2553Note: This router supports up 16 areas, either normal transit areas, stubs, or NSSAs. Web - Click Routing Protocol, OSPF, NSSA Setting

Configuring the Switch3-2563Displaying Link State Database InformationOSPF routers advertise routes using Link State Advertisements (LSAs). The full c

IP Routing3-2573Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display, then click Q

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent tha

Configuring the Switch3-2583Displaying Information on Border RoutersYou can display entries in the local routing table for Area Border Routers (ABR) a

IP Routing3-2593Displaying Information on Neighbor RoutersYou can display about neighboring routers on each interface within an OSPF area.Field Attrib

Configuring the Switch3-2603Multicast RoutingThis router can route multicast traffic to different subnetworks using either Distance Vector Multicast R

Multicast Routing3-2613Displaying the Multicast Routing TableYou can display information on each multicast route this router has learned via DVMRP or

Configuring the Switch3-2623Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry.F

Multicast Routing3-2633CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multicast s

Configuring the Switch3-2643Configuring DVMRPThe Distance-Vector Multicast Routing Protocol (DVMRP) behaves somewhat similarly to RIP. A router suppor

Multicast Routing3-2653Command UsageBroadcasting periodically floods the network with traffic from any active multicast server. If IGMP snooping is di

Configuring the Switch3-2663which this device has received probes, and is used to verify whether or not these neighbors are still active members of th

Multicast Routing3-2673Web – Click Routing Protocol, DVMRP, General Settings. Enable or disable DVMRP. Set the global parameters that control neighbor

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Broadcast storm suppressi

Configuring the Switch3-2683DVMRP Interface Settings• VLAN – Selects a VLAN interface on this router. • Metric – Sets the metric for this interface us

Multicast Routing3-2693Displaying Neighbor InformationYou can display all the neighboring DVMRP routers.Command Attributes• Neighbor Address – The IP

Configuring the Switch3-2703Displaying the Routing TableThe router learns source-routed information from neighboring DVMRP routers and also advertises

Multicast Routing3-2713CLI – This example displays known DVMRP routes.Configuring PIM-DMProtocol-Independent Multicasting (PIM) provides two different

Configuring the Switch3-2723Web – Click Routing Protocol, PIM-DM, General Settings. Enable or disable PIM-DM globally for the router, and click Apply.

Multicast Routing3-2733• Trigger Hello Interval – Configures the maximum time before transmitting a triggered PIM hello message after the router is re

Configuring the Switch3-2743Web – Click Routing Protocol, PIM-DM, Interface Settings. Select a VLAN, enable or disable PIM-DM for the selected interfa

Multicast Routing3-2753Displaying Interface InformationYou can display a summary of the current interface status for PIM-DM, including the number of n

Configuring the Switch3-2763Web – Click Routing Protocol, PIM-DM, Neighbor Information.Figure 3-157 PIM-DM Neighbor InformationCLI – This example di

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Note:You can only access the console interface

Description of Software Features1-31DHCP Server and DHCP Relay – A DHCP server is provided to assign IP addresses to host devices. Since DHCP uses a b

Command Line Interface4-24Note: The IP address for this switch is obtained via DHCP by default. To access the stack through a Telnet session, you must

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword w

Command Line Interface4-64Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display i

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

Command Line Interface4-84To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to ret

Entering Commands4-94Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

Command Line Interface4-104Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command Group Index

Line Commands4-114The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) MST (Multiple Spanning Tree) P

Introduction1-41Spanning Tree Algorithm – The switch supports these spanning tree protocols:Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol

Command Line Interface4-124lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

Line Commands4-134Command Usage • There are three authentication modes provided by the switch itself at login:- login selects authentication by a sing

Command Line Interface4-144• The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when r

Line Commands4-154exec-timeoutThis command sets the interval that the system waits until user input is detected. Use the no form to restore the defaul

Command Line Interface4-164Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of

Line Commands4-174databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use the no f

Command Line Interface4-184Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit

Line Commands4-194Default Setting 1 stop bitCommand Mode Line Configuration Example To specify 2 stop bits, enter this command:disconnectThis command

Command Line Interface4-204Example To show all lines, enter this command:General CommandsenableThis command activates Privileged Exec mode. In privile

General Commands4-214Default SettingLevel 15Command ModeNormal ExecCommand Usage • “super” is the default password required to change the command mode

Description of Software Features1-51When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traf

Command Line Interface4-224configureThis command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. Y

General Commands4-234The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and

Command Line Interface4-244exitThis command returns to the previous configuration mode or exits the configuration program.Default Setting NoneCommand

System Management Commands4-254System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration

Command Line Interface4-264Command Mode Global ConfigurationExample hostnameThis command specifies or modifies the host name for this device. Use the

System Management Commands4-274User Access CommandsThe basic commands required for management access are listed in this section. This switch also incl

Command Line Interface4-284Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encry

System Management Commands4-294Related Commandsenable (4-20)authentication enable (4-71)IP Filter CommandsmanagementThis command specifies the client

Command Line Interface4-304• You can delete an address range just by specifying the start address, or by specifying both the start address and end add

System Management Commands4-314Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no

Introduction1-61Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal netw

Command Line Interface4-324Example Related Commandsip http port (4-31)ip http secure-serverThis command enables the secure hypertext transfer protocol

System Management Commands4-334Example Related Commandsip http secure-port (4-33)copy tftp https-certificate (4-64)ip http secure-portThis command spe

Command Line Interface4-344Telnet Server Commandsip telnet serverThis command allows this device to be monitored or configured from Telnet. It also sp

System Management Commands4-354This section describes the commands used to configure the SSH server. However, note that you also need to install a SSH

Command Line Interface4-36410.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254 150202455931998685443583616519999233297817660658

System Management Commands4-374ip ssh serverThis command enables the Secure Shell (SSH) server on this switch. Use the no form to disable this service

Command Line Interface4-384Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotia

System Management Commands4-394Default Setting 768 bitsCommand Mode Global ConfigurationCommand Usage • The server key is a private key that is never

Command Line Interface4-404Command Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save host-key command to save t

System Management Commands4-414ip ssh save host-keyThis command saves the host key from RAM to flash memory. Syntax ip ssh save host-key [dsa | rsa]•

System Defaults1-71Authentication Privileged Exec Level Username “admin”Password “admin”Normal Exec Level Username “guest”Password “guest”Enable Privi

Command Line Interface4-424show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [usern

System Management Commands4-434• When an RSA key is displayed, the first field indicates the size of the host key (e.g., 1024), the second field is th

Command Line Interface4-444Default Setting NoneCommand Mode Global ConfigurationCommand Usage The logging process controls error messages saved to swi

System Management Commands4-454Default Setting Flash: errors (level 3 - 0)RAM: warnings (level 7 - 0)Command Mode Global ConfigurationCommand Usage Th

Command Line Interface4-464Default Setting 23Command Mode Global ConfigurationCommand Usage The command specifies the facility type tag sent in syslog

System Management Commands4-474clear logThis command clears messages from the log buffer.Syntax clear log [flash | ram]• flash - Event history stored

Command Line Interface4-484ExampleThe following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., de

System Management Commands4-494show logThis command displays the log messages stored in local memory.Syntax show log {flash | ram}• flash - Event hist

Command Line Interface4-504logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMT

System Management Commands4-514Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to the

Introduction1-81Spanning Tree AlgorithmStatus Enabled, RSTP(Defaults: All values based on IEEE 802.1w)Fast Forwarding (Edge Port) DisabledAddress Tabl

Command Line Interface4-524Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to speci

System Management Commands4-534Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintain

Command Line Interface4-544Example Related Commandssntp server (4-54)sntp poll (4-55)show sntp (4-55)sntp serverThis command sets the IP address of th

System Management Commands4-554sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use t

Command Line Interface4-564clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours minute

System Management Commands4-574Default Setting NoneCommand Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, Feb

Command Line Interface4-584Command Usage • Use this command in conjunction with the show running-config command to compare the information in running

System Management Commands4-594Related Commandsshow running-config (4-59)show running-configThis command displays the configuration information curren

Command Line Interface4-604- IP address configured for VLANs- Layer 4 precedence settings- Routing protocol configuration settings- Spanning tree sett

System Management Commands4-614show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecComman

System Defaults1-91Multicast Filtering IGMP Snooping (Layer 2) Snooping: EnabledQuerier: DisabledIGMP (Layer 3) DisabledMulticast Routing DVMRP Disabl

Command Line Interface4-624show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.Def

System Management Commands4-634Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Synt

Command Line Interface4-644Example Flash/File CommandsThese commands are used to manage the system code or configuration files.copy This command mo

Flash/File Commands4-654Default Setting NoneCommand Mode Privileged ExecCommand Usage • The system prompts for data required to complete the copy comm

Command Line Interface4-664The following example shows how to copy the running configuration to a startup file.The following example shows how to down

Flash/File Commands4-674deleteThis command deletes a file or image.Syntax delete [unit:] filename• filename - Name of configuration file or code image

Command Line Interface4-684Command Usage • If you enter the command dir without any parameters, the system displays all files. • A colon (:) is requir

Flash/File Commands4-694ExampleThis example shows the information displayed by the whichboot command. See the table under the dir command for a descri

Command Line Interface4-704Authentication Commands You can configure this switch to authenticate users logging into the system for management access u

Authentication Commands4-714• RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The use

ES4625ES4649F3.1.1.21 E042005-R01149100022900A

Introduction1-101

Command Line Interface4-724authentication is attempted on the TACACS+ server. If the TACACS+ server is not available, the local user name and password

Authentication Commands4-734• key - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum lengt

Command Line Interface4-744Command Mode Global ConfigurationExample radius-server retransmitThis command sets the number of retries. Use the no form t

Authentication Commands4-754show radius-serverThis command displays the current settings for the RADIUS server.Default Setting NoneCommand Mode Privil

Command Line Interface4-764tacacs-server hostThis command specifies the TACACS+ server. Use the no form to restore the default.Syntax tacacs-server ho

Authentication Commands4-774tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to restore the default.Syntax tacacs-server

Command Line Interface4-784Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch st

Authentication Commands4-794Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

Command Line Interface4-804802.1X Port AuthenticationThe switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized acce

Authentication Commands4-814dot1x defaultThis command sets all configurable dot1x global and port settings to their default values.Command ModeGlobal

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-824Defaultforce-authorizedCommand ModeInterface ConfigurationExampledot1x operation-modeThis command allows single or multiple

Authentication Commands4-834dot1x re-authenticateThis command forces re-authentication on all ports or a specific interface.Syntaxdot1x re-authenticat

Command Line Interface4-844Exampledot1x timeout re-authperiodThis command sets the time period after which a connected client must be re-authenticated

Authentication Commands4-854show dot1xThis command shows general port authentication related settings on the switch or a specific interface.Syntaxshow

Command Line Interface4-864- Max Count – The maximum number of hosts allowed to access this port (page 4-82).- Port-control – Shows the dot1x mode on

Access Control List Commands4-874Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, prot

Command Line Interface4-884The following restrictions apply to ACLs:• This switch supports ACLs for both ingress and egress filtering. However, you ca

Access Control List Commands4-894IP ACLs access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP

Command Line Interface4-904Example Related Commandspermit, deny 4-90ip access-group (4-98)show ip access-list (4-93)permit, deny (Standard ACL) This c

Access Control List Commands4-914permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for pack

Initial Configuration2-22• Configure Spanning Tree parameters• Configure Class of Service (CoS) priority queuing• Configure up to 6 static or LACP tru

Command Line Interface4-924Command Usage• All new rules are appended to the end of the list.• Address bitmasks are similar to a subnet mask, containin

Access Control List Commands4-934Related Commandsaccess-list ip (4-89)show ip access-list This command displays the rules for configured IP ACLs.Synta

Command Line Interface4-944• You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associate

Access Control List Commands4-954Command Usage• Packets crossing a port are checked against all the rules in the ACL until a match is found. The order

Command Line Interface4-964This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit acces

Access Control List Commands4-974This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other pac

Command Line Interface4-984Related Commandsmask (IP ACL) (4-94)ip access-group This command binds a port to an IP ACL. Use the no form to remove the p

Access Control List Commands4-994MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form t

Command Line Interface4-1004Related Commandspermit, deny (4-100)mac access-group (4-105)show mac access-list (4-101)permit, deny (MAC ACL)This command

Access Control List Commands4-1014•vid-bitmask29 – VLAN bitmask. (Range: 1-4093)• protocol – A specific Ethernet protocol number. (Range: 600-fff hex.

Stack Operations2-32For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI commands an

Command Line Interface4-1024access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no f

Access Control List Commands4-1034• vid-bitmask – VLAN ID of rule must match this bitmask.• ethertype – Check the Ethernet type field.• ethertype-bitm

Command Line Interface4-1044This example creates an Egress MAC ACL.show access-list mac mask-precedence This command shows the ingress or egress rule

Access Control List Commands4-1054mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the port.Syntaxmac access-group ac

Command Line Interface4-1064ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined masks.Com

SNMP Commands4-1074SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well a

Command Line Interface4-1084Exampleshow snmpThis command can be used to check the status of SNMP communications.Default Setting NoneCommand Mode Norma

SNMP Commands4-1094snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified comm

Command Line Interface4-1104Related Commandssnmp-server location (4-110)snmp-server locationThis command sets the system location string. Use the no f

SNMP Commands4-1114to using the snmp-server host command. (Maximum length: 32 characters)• version - Specifies whether to send notifications as SNMP V

Initial Configuration2-42• If more than one stack Master is selected using the Master/Slave push button on the switch’s front panel, the system will s

Command Line Interface4-1124To send an inform to a SNMPv3 host, complete these steps:1. Enable the SNMP agent (page 4-107).2. Allow the switch to send

SNMP Commands4-1134SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, both a

Command Line Interface4-1144• A remote engine ID is required when using SNMPv3 informs. (See snmp-server host on page 4-110.) The remote engine ID is

SNMP Commands4-1154snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Syntax

Command Line Interface4-1164show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis c

SNMP Commands4-1174Default Setting • Default groups: public30 (read only), private31 (read/write)• readview - Every object belonging to the Internet O

Command Line Interface4-1184show snmp groupFour default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only acc

SNMP Commands4-1194snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify View. Use

Command Line Interface4-1204the user resides. Then use the snmp-server user command to specify the user and the IP address for the remote device where

DHCP Commands4-1214DHCP CommandsThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client, relay, and server functions. Y

Stack Operations2-52the Master button is not depressed on any unit. The stack reboots and resumes operations. However, note that the IP address will b

Command Line Interface4-1224Command Usage This command is used to include a client identifier in all communications with the DHCP server. The identifi

DHCP Commands4-1234DHCP Relayip dhcp restart relayThis command enables DHCP relay for the specified VLAN. Use the no form to disable it.Syntax [no] ip

Command Line Interface4-1244ip dhcp relay serverThis command specifies the addresses of DHCP servers to be used by the switch’s DHCP relay agent. Use

DHCP Commands4-1254service dhcpThis command enables the DHCP server on this switch. Use the no form to disable the DHCP server.Syntax[no] service dhcp

Command Line Interface4-1264Default Setting All IP pool addresses may be assigned.Command ModeGlobal ConfigurationExample ip dhcp poolThis command con

DHCP Commands4-1274networkThis command configures the subnet number and mask for a DHCP address pool. Use the no form to remove the subnet number and

Command Line Interface4-1284Command ModeDHCP Pool ConfigurationUsage Guidelines The IP address of the router should be on the same subnet as the clien

DHCP Commands4-1294Usage Guidelines • If DNS IP servers are not configured for a DHCP client, the client cannot correlate host names to IP addresses.•

Command Line Interface4-1304Example Related Commandsnext-server (4-129)netbios-name-serverThis command configures NetBIOS Windows Internet Naming Serv

DHCP Commands4-1314netbios-node-typeThis command configures the NetBIOS node type for Microsoft DHCP clients. Use the no form to remove the NetBIOS no

Initial Configuration2-62Consistent Runtime Code in Each Switch – The main board runtime firmware version for each unit in the stack must be the same

Command Line Interface4-1324Command Modes DHCP Pool ConfigurationExample The following example leases an address to clients using this pool for 7 days

DHCP Commands4-1334ExampleRelated Commandsclient-identifier (4-133)hardware-address (4-134)client-identifierThis command specifies the client identifi

Command Line Interface4-1344hardware-addressThis command specifies the hardware address of a DHCP client. This command is valid for manual bindings on

DHCP Commands4-1354Usage Guidelines •An address specifies the client’s IP address. If an asterisk (*) is used as the address parameter, the DHCP serve

Command Line Interface4-1364DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries i

DNS Commands4-1374Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP ad

Command Line Interface4-1384Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-138)ip name-server (4-139)i

DNS Commands4-1394ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-name (4-137)ip n

Command Line Interface4-1404ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4

DNS Commands4-1414Related Commands ip domain-name (4-137)ip name-server (4-139)show hostsThis command displays the static host name-to-address mapping

Basic Configuration2-72Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both default

Command Line Interface4-1424show dns cacheThis command displays entries in the DNS cache.Command Mode Privileged ExecExample clear dns cacheThis comma

Interface Commands4-1434Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

Command Line Interface4-1444Command Mode Global Configuration Example To specify port 4, enter the following command:descriptionThis command adds a de

Interface Commands4-1454Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex settin

Command Line Interface4-1464• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Exampl

Interface Commands4-1474Related Commands negotiation (4-145)speed-duplex (4-144)flowcontrol (4-147)flowcontrol32This command enables flow control. Use

Command Line Interface4-1484media-typeThis command forces the port type selected for combination ports 21-24/45-48. Use the no form to restore the def

Interface Commands4-1494switchport broadcast packet-rateThis command configures broadcast storm control. Use the no form to disable broadcast storm co

Command Line Interface4-1504Command Mode Privileged ExecCommand Usage Statistics are only initialized for a power reset. This command sets the base va

Interface Commands4-1514Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interfa

Initial Configuration2-82Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:

Command Line Interface4-1524Example show interfaces switchportThis command displays the administrative and operational status of the specified interfa

Interface Commands4-1534Example This example shows the configuration setting for port 4. Console#show interfaces switchport ethernet 1/4Broadcast thre

Command Line Interface4-1544Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis com

Mirror Port Commands4-1554Example The following example configures the switch to mirror all packets from port 6 to 11:show port monitorThis command di

Command Line Interface4-1564Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic transmitted or receive

Link Aggregation Commands4-1574Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth

Command Line Interface4-1584Dynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following criteria:• Ports must

Link Aggregation Commands4-1594lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

Command Line Interface4-1604lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default set

Link Aggregation Commands4-1614lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to re

Basic Configuration2-925. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter&

Command Line Interface4-1624Default Setting 0Command Mode Interface Configuration (Port Channel)Command Usage • Ports are only allowed to join the sam

Link Aggregation Commands4-1634Example show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbor

Command Line Interface4-1644Console#show lacp 1 internalPort channel: 1-------------------------------------------------------------------------Oper K

Link Aggregation Commands4-1654Console#show lacp 1 neighborsPort channel 1 neighbors------------------------------------------------------------------

Command Line Interface4-1664Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands4-1674mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an a

Command Line Interface4-1684clear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the transm

Address Table Commands4-1694means to match a bit and “1” means to ignore a bit. For example, a mask of 00-00-00-00-00-00 means an exact match, and a m

Command Line Interface4-1704Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Spanning Tree Commands4-1714spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

vContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-6Chapter 2: Initial Configuration 2-

Initial Configuration2-102The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objec

Command Line Interface4-1724members may be inadvertently disabled to prevent network loops, thus isolating group members. When operating multiple VLAN

Spanning Tree Commands4-1734Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., disc

Command Line Interface4-1744Default Setting 20 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) a

Spanning Tree Commands4-1754spanning-tree pathcost methodThis command configures the path cost method used for Rapid Spanning Tree and Multiple Spanni

Command Line Interface4-1764spanning-tree mst-configuration This command changes to Multiple Spanning Tree (MST) configuration mode. Default Setting •

Spanning Tree Commands4-1774and the same instance (on each bridge) with the same set of VLANs. Also, note that RSTP treats each MSTI region as a singl

Command Line Interface4-1784Default Setting Switch’s MAC addressCommand Mode MST ConfigurationCommand Usage The MST region name and revision number (p

Spanning Tree Commands4-1794max-hopsThis command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to re

Command Line Interface4-1804spanning-tree costThis command configures the spanning tree path cost for the specified interface. Use the no form to rest

Spanning Tree Commands4-1814spanning-tree port-priorityThis command configures the priority for the specified interface. Use the no form to restore th

Basic Configuration2-112Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a vie

Command Line Interface4-1824devices such as workstations or servers, retains the current forwarding database to reduce the amount of frame flooding re

Spanning Tree Commands4-1834Related Commandsspanning-tree edge-port (4-181)spanning-tree link-typeThis command configures the link type for Rapid Span

Command Line Interface4-1844The recommended range is -- Ethernet: 200,000-20,000,000- Fast Ethernet: 20,000-2,000,000- Gigabit Ethernet: 2,000-200,000

Spanning Tree Commands4-1854Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the priority for the use

Command Line Interface4-1864show spanning-treeThis command shows the configuration for the common spanning tree (CST) or for an instance within the mu

Spanning Tree Commands4-1874ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------S

Command Line Interface4-1884show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privil

VLAN Commands4-1894vlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.Default Setting NoneCom

Command Line Interface4-1904Command Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state re

VLAN Commands4-1914Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLA

Initial Configuration2-122Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program,

Command Line Interface4-1924switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restor

VLAN Commands4-1934• If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be di

Command Line Interface4-1944switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the defau

VLAN Commands4-1954switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Syntax swit

Command Line Interface4-1964show vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keyword to be followed b

VLAN Commands4-1974Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. This secti

Command Line Interface4-1984show pvlanThis command displays the configured private VLAN.Command Mode Privileged ExecExampleConfiguring Protocol-based

VLAN Commands4-19943. Then map the protocol for each interface to the appropriate VLAN using the protocol-vlan protocol-group command (Interface Confi

Command Line Interface4-2004Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • When creating a protocol-based VLAN, only ass

VLAN Commands4-2014show interfaces protocol-vlan protocol-groupThis command shows the mapping from protocol groups to VLANs for the selected interface

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

Command Line Interface4-2024GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN information

GVRP and Bridge Extension Commands4-2034Command Mode Privileged ExecCommand Usage See “Displaying Basic VLAN Information” on page 3-138 and “Displayin

Command Line Interface4-2044Default Setting Shows both global and interface-specific configuration.Command Mode Normal Exec, Privileged ExecExample ga

GVRP and Bridge Extension Commands4-2054Example Related Commandsshow garp timer (4-205)show garp timerThis command shows the GARP timers for the selec

Command Line Interface4-2064Priority CommandsThe commands described in this section allow you to specify which data packets have greater precedence wh

Priority Commands4-2074Default Setting Weighted Round RobinCommand Mode Global ConfigurationCommand Usage You can set the switch to service the queues

Command Line Interface4-2084• This switch provides eight priority queues for each port. It is configured to use Weighted Round Robin, which can be vie

Priority Commands4-2094queue cos-mapThis command assigns class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 7). Us

Command Line Interface4-2104show queue modeThis command shows the current queue mode.Default Setting NoneCommand Mode Privileged ExecExample show queu

Priority Commands4-2114Default Setting NoneCommand Mode Privileged ExecExample Priority Commands (Layer 3 and 4) map ip port (Global Configuration)Thi

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-2124Example The following example shows how to enable TCP/UDP port mapping globally:map ip port (Interface Configuration)This

Priority Commands4-2134• IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other t

Command Line Interface4-2144map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping).

Priority Commands4-2154Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specifie

Command Line Interface4-2164Default SettingNoneCommand Mode Privileged ExecExample The following shows that HTTP traffic has been mapped to CoS value

Priority Commands4-2174Example Related Commands map ip precedence (Global Configuration) (4-212)map ip precedence (Interface Configuration) (4-213) sh

Command Line Interface4-2184Related Commands map ip dscp (Global Configuration) (4-214)map ip dscp (Interface Configuration) (4-214)Quality of Service

Quality of Service Commands4-2194any traffic that exceeds the specified rate, or just reduce the DSCP service level for traffic exceeding the specifie

Command Line Interface4-2204Related Commands show class map (4-225)matchThis command defines the criteria used to classify traffic. Use the no form to

Quality of Service Commands4-2214This example creates a class map call “rd_class#2,” and sets it to match packets marked for IP Precedence service val

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

Command Line Interface4-2224average bandwidth to 100,000 Kbps, the burst rate to 1522 bytes, and configure the response to drop any violating packets.

Quality of Service Commands4-2234setThis command services IP traffic by setting a CoS, DSCP, or IP Precedence value in a matching packet (as specified

Command Line Interface4-2244Command Usage • You can configure up to 63 policers (i.e., class maps) for Fast Ethernet and Gigabit Ethernet ingress port

Quality of Service Commands4-2254Example This example applies a service policy to an ingress interface.show class-mapThis command displays the QoS cla

Command Line Interface4-2264Exampleshow policy-map interfaceThis command displays the service policy assigned to the specified interface.Syntax show p

Multicast Filtering Commands4-2274IGMP Snooping Commands ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable

Command Line Interface4-2284Default Setting NoneCommand Mode Global ConfigurationExample The following shows how to statically configure a multicast g

Multicast Filtering Commands4-2294Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-171 for a description of the displayed

Command Line Interface4-2304IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form

Multicast Filtering Commands4-2314Command Mode Global ConfigurationCommand Usage The query count defines how long the querier waits for a response fro

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Command Line Interface4-2324Default Setting 10 secondsCommand Mode Global ConfigurationCommand Usage• The switch must be using IGMPv2 for this command

Multicast Filtering Commands4-2334Example The following shows how to configure the default timeout to 300 seconds:Related Commands ip igmp snooping ve

Command Line Interface4-2344Example The following shows how to configure port 11 as a multicast router port within VLAN 1:show ip igmp snooping mroute

Multicast Filtering Commands4-2354ip igmpThis command enables IGMP on a VLAN interface. Use the no form of this command to disable IGMP on the specifi

Command Line Interface4-2364Command Usage The robustness value is used in calculating the appropriate range for other IGMP variables, such as the Grou

Multicast Filtering Commands4-2374ip igmp max-resp-intervalThis command configures the maximum response time advertised in IGMP queries. Use the no fo

Command Line Interface4-2384Command Mode Interface Configuration (VLAN)Command Usage• A multicast client sends an IGMP leave message when it leaves a

Multicast Filtering Commands4-2394show ip igmp interfaceThis command shows the IGMP configuration for a specific VLAN interface or for all interfaces.

Command Line Interface4-2404Example The following example clears all multicast group entries for VLAN 1:show ip igmp groupsThis command displays infor

IP Interface Commands4-2414IP Interface CommandsThere are no IP addresses assigned to this router by default. You must manually configure a new addres

Navigating the Web Browser Interface3-53SNMPv3 3-42Engine ID Sets the SNMP v3 engine ID 3-43Remote Engine ID Sets the SNMP v3 engine ID on a remote de

Command Line Interface4-2424ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the defa

IP Interface Commands4-2434periodically by this device in an effort to learn its IP address. (BOOTP and DHCP values can include the IP address, defaul

Command Line Interface4-2444Related Commands show ip redirects (4-244)ip routing (4-249)ip route (4-250)show ip interfaceThis command displays the set

IP Interface Commands4-2454pingThis command sends ICMP echo request packets to another node on the network.Syntax ping host [count count][size size]•

Command Line Interface4-2464Address Resolution Protocol (ARP) arpThis command adds a static entry in the Address Resolution Protocol (ARP) cache. Use

IP Interface Commands4-2474arp-timeoutThis command sets the aging time for dynamic entries in the Address Resolution Protocol (ARP) cache. Use the no

Command Line Interface4-2484Command Usage This command displays information about the ARP cache. The first line shows the cache timeout. It also shows

IP Routing Commands4-2494IP Routing CommandsAfter you configure network interfaces for this router, you must set the paths used to send traffic betwee

Command Line Interface4-2504Command Usage • The command affects both static and dynamic unicast routing.• If IP routing is enabled, all IP packets are

IP Routing Commands4-2514clear ip routeThis command removes dynamically learned entries from the IP routing table.Syntax clear ip route {network [netm

Configuring the Switch3-63LACP 3-93Configuration Allows ports to dynamically join trunks 3-95Aggregation Port Configures parameters for link aggrega

Command Line Interface4-2524Example show ip host-routeThis command displays the interface associated with known routes.Command Mode Privileged ExecEx

IP Routing Commands4-2534show ip trafficThis command displays statistics for IP, ICMP, UDP, TCP and ARP protocols.Command Mode Privileged ExecCommand

Command Line Interface4-2544Routing Information Protocol (RIP)router ripThis command enables Routing Information Protocol (RIP) routing for all IP int

IP Routing Commands4-2554timers basicThis command configures the RIP update timer, timeout timer, and garbage- collection timer. Use the no form to re

Command Line Interface4-2564networkThis command specifies the network interfaces that will be included in the RIP routing process. Use the no form to

IP Routing Commands4-2574Command Usage This command can be used to configure a static neighbor with which this router will exchange information, rathe

Command Line Interface4-2584ip rip receive versionThis command specifies a RIP version to receive on an interface. Use the no form to restore the defa

IP Routing Commands4-2594ip rip send versionThis command specifies a RIP version to send on an interface. Use the no form to restore the default value

Command Line Interface4-2604ip split-horizonThis command enables split-horizon or poison-reverse (a variation) on an interface. Use the no form to dis

IP Routing Commands4-2614• For authentication to function properly, both the sending and receiving interface must be configured with the same password

Navigating the Web Browser Interface3-73Trunk Configuration Configures trunk settings for a specified MST instance 3-133VLAN 3-135802.1Q VLANGVRP Stat

Command Line Interface4-2624show rip globalsThis command displays global configuration settings for RIP.Command Mode Privileged ExecExample show ip ri

IP Routing Commands4-2634Example Console#show ip rip configurationInterface SendMode ReceiveMode Poison Authentication--------------- ---------------

Command Line Interface4-2644Open Shortest Path First (OSPF) Table 4-89 Open Shortest Path First CommandsCommand Function Mode PageGeneral Configurat

IP Routing Commands4-2654router ospfThis command enables Open Shortest Path First (OSPF) routing for all IP interfaces on the router. Use the no form

Command Line Interface4-2664Command Usage • The router ID must be unique for every router in the autonomous system. Using the default setting based on

IP Routing Commands4-2674default-information originateThis command generates a default external route into an autonomous system. Use the no form to di

Command Line Interface4-2684Related Commandsip route (4-250)redistribute (4-270)timers spfThis command configures the hold time between making two con

IP Routing Commands4-2694Default Setting DisabledCommand Usage • This command can be used to advertise routes between areas.• If routes are set to be

Command Line Interface4-2704summary-addressThis command aggregates routes learned from other protocols. Use the no form to remove a summary address.Sy

IP Routing Commands4-2714Default Setting redistribution - noneprotocol - RIP and staticmetric-value - 0type-metric - 2Command Usage • This router supp

ContentsviDisplaying Switch Hardware/Software Versions 3-13Displaying Bridge Extension Capabilities 3-15Configuring Support for Jumbo Frames 3-16S

Configuring the Switch3-83QoS 3-161DiffServ Configure QoS classification criteria and service policies 3-161Class Map Creates a class map for a type o

Command Line Interface4-2724Command Usage • An area ID uniquely defines an OSPF broadcast area. The area ID 0.0.0.0 indicates the OSPF backbone for an

IP Routing Commands4-2734Command Usage • All routers in a stub must be configured with the same area ID.• Routing table space is saved in a stub by bl

Command Line Interface4-2744Command Usage • All routers in a NSSA must be configured with the same area ID.• An NSSA is similar to a stub, because whe

IP Routing Commands4-2754• authentication - Specifies the authentication mode. If no optional parameters follow this keyword, then plain text authenti

Command Line Interface4-2764Default Setting area-id: Nonerouter-id: Nonehello-interval: 10 secondsretransmit-interval: 5 secondstransmit-delay: 1 seco

IP Routing Commands4-2774Command Mode Interface Configuration (VLAN)Default Setting No authenticationCommand Usage • Before specifying plain-text pass

Command Line Interface4-2784ExampleThis example sets a password for the specified interface.Related Commandsip ospf authentication (4-276)ip ospf mess

IP Routing Commands4-2794Related Commandsip ospf authentication (4-276)ip ospf costThis command explicitly sets the cost of sending a packet on an int

Command Line Interface4-2804ExampleRelated Commandsip ospf hello-interval (4-280)ip ospf hello-intervalThis command specifies the interval between sen

IP Routing Commands4-2814Default Setting 1Command Usage • Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to an

Navigating the Web Browser Interface3-93ARP 3-210General Sets the protocol timeout, and enables or disables proxy ARP for the specified VLAN3-211Stati

Command Line Interface4-2824ip ospf transmit-delayThis command sets the estimated time to send a link-state update packet over an interface. Use the n

IP Routing Commands4-2834show ip ospf border-routersThis command shows entries in the routing table that lead to an Area Border Router (ABR) or Autono

Command Line Interface4-2844show ip ospf databaseThis command shows information about different OSPF Link State Advertisements (LSAs) stored in this r

IP Routing Commands4-2854Command Mode Privileged ExecExamplesThe following shows output for the show ip ospf database command.Console#show ip ospf dat

Command Line Interface4-2864The following shows output when using the asbr-summary keyword.Console#show ip ospf database asbr-summaryOSPF Router with

IP Routing Commands4-2874The following shows output when using the database-summary keyword.Console#show ip ospf database database-summaryArea ID (10.

Command Line Interface4-2884The following shows output when using the external keyword.Console#show ip ospf database externalOSPF Router with id(192.1

IP Routing Commands4-2894The following shows output when using the network keyword.Console#show ip ospf database networkOSPF Router with id(10.1.1.253

Command Line Interface4-2904The following shows output when using the router keyword.Console#show ip ospf database routerOSPF Router with id(10.1.1.25

IP Routing Commands4-2914The following shows output when using the summary keyword.Number of TOS metrics Type of Service metric – This router only sup

Configuring the Switch3-103Routing Protocol 3-206RIP 3-224General Settings Enables or disables RIP, sets the global RIP version and timer values3-225N

Command Line Interface4-2924show ip ospf interfaceThis command displays summary information for OSPF interfaces.Syntax show ip ospf interface [vlan vl

IP Routing Commands4-2934show ip ospf neighborThis command displays information about neighboring routers on each interface within an OSPF area.Syntax

Command Line Interface4-2944show ip ospf summary-addressThis command displays all summary address information.Syntax show ip ospf summary-addressComma

Multicast Routing Commands4-2954Multicast Routing CommandsThis router uses IGMP snooping and query to determine the ports connected to downstream mult

Command Line Interface4-2964Default Setting No static multicast router ports are configured. Command Mode Global ConfigurationCommand Usage Depending

Multicast Routing Commands4-2974General Multicast Routing Commands ip multicast-routingThis command enables IP multicast routing. Use the no form to d

Command Line Interface4-2984Command Usage This command displays information for multicast routing. If no optional parameters are selected, detailed in

Multicast Routing Commands4-2994DVMRP Multicast Routing Commands router dvmrpThis command enables Distance-Vector Multicast Routing (DVMRP) globally f

Command Line Interface4-3004ExampleRelated Commands ip dvmrp (4-303)show router dvmrp (4-305)probe-intervalThis command sets the interval for sending

Multicast Routing Commands4-3014nbr-timeoutThis command sets the interval to wait for messages from a DVMRP neighbor before declaring it dead. Use the

Navigating the Web Browser Interface3-113PIM-DMGeneral Settings Enables or disables PIM-DM globally for the switch 3-271Interface Settings Enables or

Command Line Interface4-3024flash-update-intervalThis command specifies how often to send trigger updates, which reflect changes in the network topolo

Multicast Routing Commands4-3034default-gatewayThis command specifies the default DVMRP gateway for IP multicast traffic. Use the no form to remove th

Command Line Interface4-3044Command Usage To fully enable DVMRP, you need to enable multicast routing globally for the router with the ip multicast-ro

Multicast Routing Commands4-3054clear ip dvmrp routeThis command clears all dynamic routes learned by DVMRP.Command Mode Privileged ExecExampleAs show

Command Line Interface4-3064show ip dvmrp routeThis command displays all entries in the DVMRP routing table.Command Mode Normal Exec, Privileged ExecE

Multicast Routing Commands4-3074show ip dvmrp neighborThis command displays all of the DVMRP neighbor routers.Command Mode Normal Exec, Privileged Exe

Command Line Interface4-3084PIM-DM Multicast Routing Commands router pimThis command enables Protocol-Independent Multicast - Dense Mode (PIM-DM) glob

Multicast Routing Commands4-3094ip pim dense-modeThis command enables PIM-DM on the specified interface. Use the no form to disable PIM-DM on this int

Command Line Interface4-3104ip pim hello-intervalThis command configures the frequency at which PIM hello messages are transmitted. Use the no form to

Multicast Routing Commands4-3114ip pim trigger-hello-intervalThis command configures the maximum time before transmitting a triggered PIM Hello messag

Configuring the Switch3-123Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location

Command Line Interface4-3124Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffi

Multicast Routing Commands4-3134Default Setting 2Command Mode Interface Configuration (VLAN)Exampleshow router pimThis command displays the global PIM

Command Line Interface4-3144show ip pim neighborThis command displays information about PIM neighbors.Syntax show ip pim neighbor [ip-address]ip-addre

Router Redundancy Commands4-3154Virtual Router Redundancy Protocol CommandsTo configure VRRP, select an interface on one router in the group to serve

Command Line Interface4-3164Command Usage • The interfaces of all routers participating in a virtual router group must be within the same IP subnet.•

Router Redundancy Commands4-3174• When a VRRP packet is received from another router in the group, its authentication key is compared to the string co

Command Line Interface4-3184vrrp timers advertiseThis command sets the interval at which the master virtual router sends advertisements communicating

Router Redundancy Commands4-3194Default Setting Preempt: EnabledDelay: 0 secondsCommand Mode Interface (VLAN)Command Usage • If preempt is enabled, an

Command Line Interface4-3204ExampleThis example displays the full listing of status information for all groups.This example displays the brief listing

Router Redundancy Commands4-3214show vrrp interfaceThis command displays status information for the specified VRRP interface.Syntax show vrrp interfac

Basic Configuration3-133CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Infor

Command Line Interface4-3224show vrrp router countersThis command displays counters for errors found in VRRP protocol packets.Command Mode Privileged

Router Redundancy Commands4-3234clear vrrp router counters This command clears VRRP system statistics.Command Mode Privileged ExecExampleclear vrrp in

Command Line Interface4-3244

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS+, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Li

Software SpecificationsA-2AMulticast Routing DVMRP, PIM-DMIP Routing ARP, Proxy ARPStatic routesRIP, RIPv2 and OSPFv2 dynamic routingVRRP (Virtual Rou

Management Information BasesA-3ADHCP Relay (RFC 951)DHCP Server (RFC 2131)DVMRP (RFC 1075)HTTPSICMP (RFC 792)IGMP (RFC 1112)IGMPv2 (RFC 2236)OSPF (RFC

Software SpecificationsA-4ARMON MIB (RFC 2819)RMON II Probe Configuration Group (RFC 2021, partial implementation)SNMPv2 IP MIB (RFC 2011)SNMP Framewo

B-1Appendix B: TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

Configuring the Switch3-143• Operation Code Version – Version number of runtime code.• Role – Shows that this switch is operating as Master or Slave.T

GlossaryGlossary-2Distance Vector Multicast Routing Protocol (DVMRP)A distance-vector-style routing protocol used for routing multicast datagrams thro

Glossary-3GlossaryIEEE 802.1QVLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to differ

GlossaryGlossary-4IP Multicast FilteringA process whereby this switch can pass multicast traffic along to participating hosts.IP PrecedenceThe Type of

Glossary-5GlossaryNetwork Time Protocol (NTP)NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarc

GlossaryGlossary-6Dense Mode is designed for networks where the probability of a multicast client is high and frequent flooding of multicast traffic c

Glossary-7GlossaryTelnetDefines a remote communication facility for interfacing to a terminal device over TCP/IP.Terminal Access Controller Access Con

GlossaryGlossary-8

Index-1Numerics802.1X, port authentication 3-67, 4-80Aacceptable frame type 3-144, 4-192Access Control List See ACLACLExtended IP 3-77, 4-87, 4-89, 4

Index-2IndexDynamic Host Configuration Protocol See DHCPEedge port, STA 3-125, 3-127, 4-181event logging 4-43Ffirmwaredisplaying version 3-13, 4-62u

Index-3IndexMSTP 4-171global settings 3-128, 4-170interface settings 3-126, 4-170multicast filtering 3-169, 4-226multicast groups 3-175, 3-180, 4-229d

Basic Configuration3-153Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filterin

Index-4Indexinterface protocol settings 3-228, 4-256–4-261specifying interfaces 3-227, 4-256statistics 3-231, 4-263router redundancyprotocols 3-195, 4

Index-5Indexinterface configuration 3-144, 4-192–4-195private 3-146, 4-197protocol 3-147, 4-198VRRP 3-196, 4-315authentication 3-198, 4-316configurati

Index-6Index

ES4625ES4649E042005-R01149100022900A

Configuring the Switch3-163CLI – Enter the following command. Configuring Support for Jumbo FramesThe switch provides more efficient throughput for la

Basic Configuration3-173Setting the Switch’s IP Address This section describes how to configure an initial IP interface for management access over the

ContentsviiConfiguring Port Settings for 802.1X 3-69Displaying 802.1X Statistics 3-72Filtering IP Addresses for Management Access 3-74Access Contro

Configuring the Switch3-183Manual ConfigurationWeb – Click IP, General, Routing Interface. Select the VLAN through which the management station is att

Basic Configuration3-193Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the stack to be dynamically configured by the

Configuring the Switch3-203Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires o

Basic Configuration3-213Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace

Configuring the Switch3-223To delete a file select System, File Management, Delete. Select the file name from the given list by checking the tick box

Basic Configuration3-233Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server, or copy files

Configuring the Switch3-243Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set

Basic Configuration3-253CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch,

Configuring the Switch3-263• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match

Basic Configuration3-273CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curren

ContentsviiiCreating VLANs 3-140Adding Static Members to VLANs (VLAN Index) 3-141Adding Static Members to VLANs (Port Index) 3-143Configuring VLAN

Configuring the Switch3-283• Password3 – Specifies a password for the line connection. When a connection is started on a line with password protection

Basic Configuration3-293Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that are

Configuring the Switch3-303Web – Click System, Logs, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and f

Basic Configuration3-313Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Addres

Configuring the Switch3-323Displaying Log MessagesUse the Logs page to scroll through the logged system and event messages. The switch can store up to

Basic Configuration3-333• SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to connect to the other liste

Configuring the Switch3-343CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and spec

Basic Configuration3-353CLI – This example renumbers all units in the stack.Resetting the SystemWeb – Click System, Reset. Click the Reset button to r

Configuring the Switch3-363Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply.Figure 3-23 SNTP ConfigurationCL

Simple Network Management Protocol3-373Web – Select SNTP, Clock Time Zone. Set the offset for your time zone relative to the UTC, and click Apply.Figu

ContentsixEnabling the Server, Setting Excluded Addresses 3-188Configuring Address Pools 3-190Displaying Address Bindings 3-194Configuring Router R

Configuring the Switch3-383The SNMPv3 security structure consists of security models, with each model having it’s own security levels. There are three

Simple Network Management Protocol3-393Enabling the SNMP AgentEnables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Att

Configuring the Switch3-403Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Access Mode drop-

Simple Network Management Protocol3-413To send an inform to a SNMPv2c host, complete these steps:1. Enable the SNMP agent (page 3-39).2. Enable trap i

Configuring the Switch3-423• Enable Link-up and Link-down Traps4 – Issues a notification message whenever a port link is established or broken. (Defau

Simple Network Management Protocol3-433Setting a Local Engine IDAn SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine

Configuring the Switch3-443The engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are specified, traili

Simple Network Management Protocol3-453• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Pr

Configuring the Switch3-463CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remote SNMPv3 User

Simple Network Management Protocol3-473• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Pr