24 Port 10/100Mbps Switch FMS-24K
Management Guide 24-Port Fast Ethernet Switch Intelligent Fast Ethernet Switch with 24 10BASE-T / 100BASE-TX Ports, and Optional 100BASE-FX/1000BASE-X Modules
Contents Chapter 1: Switch Management Connecting to the Switch Configuration Options Required Connections Remote Connections Basic Configuration Console Connection Setting Passwords Setting an IP Address Enabling SNMP Management Access Saving Configuration Settings Managing System Files System Defaults Chapter 2: Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu Basic Configuration Displaying System Information Setting
Contents Setting Static Addresses Displaying the Address Table Changing the Aging Time Spanning Tree Algorithm Configuration Displaying Global Settings Configuring Global Settings Displaying Interface Settings Configuring Interface Settings VLAN Configuration Overview Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Information Displaying Current VLANs Creating VLANs Adding Static Members to VLANs (VLAN Index) Adding Static Members to VLANs (Port Index) Configuring VLAN Behavior for Interfa
Contents Chapter 3: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands Configuration Commands Command Line Processing Command Groups General Commands enable disable configure show history reload prompt end exit
Contents Web Server Commands ip http port ip http server Event Logging Commands logging on logging history clear logging show logging System Status Commands light unit show startup-config show running-config show system show users show version SNMP Commands snmp-server community snmp-server contact snmp-server location snmp-server host snmp-server enable traps show snmp DHCP Client IP Interface Commands Basic IP Configuration ip address ip default-gateway show ip interface show ip redirects ping Line Comman
Contents Interface Commands interface description speed-duplex negotiation capabilities flowcontrol clear counters shutdown switchport broadcast packet-rate show interfaces status show interfaces counters show interfaces switchport Address Table Commands mac-address-table static show mac-address-table clear mac-address-table dynamic mac-address-table aging-time Spanning Tree Commands spanning-tree spanning-tree mode spanning-tree forward-time spanning-tree hello-time spanning-tree max-age spanning-tree prio
Contents switchport ingress-filtering switchport native vlan switchport allowed vlan switchport forbidden vlan Displaying VLAN Information show vlan Configuring Private VLANs private-vlan private-vlan association switchport mode private-vlan switchport private-vlan host-association switchport private-vlan mapping show vlan private-vlan GVRP and Bridge Extension Commands switchport gvrp show gvrp configuration garp timer show garp timer bridge-ext gvrp show bridge-ext Multicast Filtering Commands IGMP Snoopi
Contents show queue cos-map Priority Commands (Layer 3 and 4) Mirror Port Commands port monitor show port monitor Link Aggregation Commands channel-group lacp Rate Limit Commands rate-limit Authentication Commands Authentication Sequence RADIUS Client TACACS+ Client 802.
Contents xii
Tables Table 1-1. Table 2-1. Table 2-2. Table 2-3. Table 2-4. Table 2-5. Table 2-6. Table 2-7. Table 2-8. Table 3-1. Table 3-2. Table 3-3. Table 3-4. Table 3-5. Table 3-6. Table 3-7. Table 3-10. Table 3-11. Table 3-12. Table 3-13. Table 3-14. Table 3-15. Table 3-16. Table 3-17. Table 3-18. Table 3-19. Table 3-20. Table 3-21. Table 3-22. Table 3-23. Table 3-24. Table 3-25. Table 3-26. Table 3-27. Table 3-28. Table 3-29. Table 3-30. Table 3-31. Table 3-32. Table 3-33. Table 3-34. Table 3-35.
Tables Table 3-36. Table 3-37. Table 3-38. Table 3-39. Table 3-40. Table 3-41. Table 3-42. Table 3-43. Table 3-44.
Figures Figure 2-1. Figure 2-2. Figure 2-3. Figure 2-4. Figure 2-5. Figure 2-6. Figure 2-7. Figure 2-8. Figure 2-9. Figure 2-10. Figure 2-11. Figure 2-12. Figure 2-13. Figure 2-14. Figure 2-15. Figure 2-16. Figure 2-17. Figure 2-18. Figure 2-19. Figure 2-20. Figure 2-21. Figure 2-22. Figure 2-23. Figure 2-24. Figure 2-25. Figure 2-26. Figure 2-27. Figure 2-28. Figure 2-29. Figure 2-30. Figure 2-31. Figure 2-32. Figure 2-33. Figure 2-34. Figure 2-35. Figure 2-36. Figure 2-37. Figure 2-38. Figure 2-39.
Figures Figure 2-43. Figure 2-44. Figure 2-45. Figure 2-46. Figure 2-47. Figure 2-48. Figure 2-49. Figure 2-50. Figure 2-51. Figure 2-52. Figure 2-53. Figure 2-54. Figure 2-55. Figure 2-56. Figure 2-57. Figure 2-58. Figure 2-59. Figure 2-60. Figure 2-61. Figure 2-62. Figure 2-63.
Chapter 1: Switch Management Connecting to the Switch Configuration Options This 24-Port Layer 2 Switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI). Note: The IP address for this switch is assigned via DHCP by default. To change this address, see “Setting an IP Address” on page 1-4.
1 • • • • Switch Management Configure up to six static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information and statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.
Basic Configuration 1 For a description of how to use the CLI, see “Using the Command Line Interface” on page 3-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 3-8. Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol.
1 Switch Management 3. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.) 4. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level. Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names using the “username” command, record them and put them in a safe place.
1 Basic Configuration Note: Only one VLAN interface can be assigned an IP address (the default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address and this becomes the new management VLAN. Manual Configuration You can manually assign an IP address to the switch.
1 Switch Management values can include the IP address, subnet mask, and default gateway.) If the “bootp” or “dhcp” option is saved to the startup-config file, then the switch will start broadcasting service requests as soon as it is powered on. To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps: 1.
1 Basic Configuration Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
1 Switch Management 1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host. Press . 2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either authentication or link-up-down.
System Defaults 1 run-time code. This code runs the switch operations and provides the CLI, Web and SNMP management interfaces. See “Managing Firmware” on page 2-15 for more information. • Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test). This code also provides a facility to upload firmware files to the system directly through the console port. See “Upgrading Firmware via the Serial Port” on page A-1.
1 Switch Management Table 1-1.
1 System Defaults Table 1-1. System Defaults Function Parameter Default Spanning Tree Protocol Status Enabled (Defaults: All parameters based on IEEE 802.
1 Switch Management 1-12
Chapter 2: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Note: You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet.
2 Configuring the Switch Home Page When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics. Figure 2-1.
2 Panel Display Table 2-1. Configuration Options Button Action Apply Sets specified values to the system. Revert Cancels specified values and restores current values prior to pressing Apply. Help Links directly to webhelp. Panel Display The Web agent displays an image of the switch’s ports, indicating whether each link is up or down. Clicking on the image of a port opens the Port Configuration page as described on page 2-24. Figure 2-2.
2 Configuring the Switch Table 2-2.
Main Menu 2 Table 2-2. Main Menu Menu Description Page Private VLAN Port/Trunk Information Displays the interfaces associated with private VLANs 2-59 Private VLAN Port/Trunk Configuration Sets the private VLAN interface type, and associates the interfaces with a private VLAN 2-60 Default Port Priority Sets the default priority for each port 2-62 Default Trunk Priority Sets the default priority for each trunk 2-62 Traffic Classes Maps IEEE 802.
2 Configuring the Switch Table 2-2.
Basic Configuration 2 Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows you to access the Command Line Interface via Telnet.) Figure 2-3. Displaying System Information CLI – Specify the hostname, location and contact information.
2 Configuring the Switch Setting the IP Address An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s user-specified defaults (IP address 0.0.0.0 and netmask 255.0.0.0) to values that are compatible with your network.
Basic Configuration 2 Manual Configuration Web – Click System, IP. Specify the management interface, IP address and default gateway, then click Apply. Figure 2-4. IP Configuration CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 Console(config-if)#ip address 10.2.13.30 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.
2 Configuring the Switch Web – Click System, IP. Specify the Management VLAN, set the IP Address Mode to DHCP or BOOTP. Then click Apply to save your changes. The switch will broadcast a request for IP configuration settings on the next power reset. Otherwise, you can click Restart DHCP to immediately request a new address. Note: If you lose your management connection, use a console connection and enter “show ip interface” to determine the new switch address.
Security 2 Security Use the Passwords or RADIUS/TACACS+ menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch (Passwords menu), or you can use a remote access authentication server based on the RADIUS/TACACS+ protocol. After you set up user names and passwords on the RADIUS/TACACS+ server, you can use IEEE 802.1x port authentication to control access to specific ports (dot1X menu).
2 Configuring the Switch CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password. Console(config)#username bob access-level 15 Console(config)#username bob password 0 smith Console(config)# 3-21 Configuring RADIUS/TACACS Logon Authentication You can configure this switch to authenticate users logging into the system for management access using local, RADIUS, or TACACS+ authentication methods.
Security 2 - TACACS – User authentication is performed using a TACACS+ server only. - Local – User authentication is performed only locally by the switch. - [authentication sequence] – User authentication is performed by up to three authentication methods in the indicated sequence. RADIUS Settings • Server IP Address – Address of the RADIUS server. (Default: 10.1.0.1) • Server Port Number – Network (UDP) port of the RADIUS server used for authentication messages.
2 Configuring the Switch Web – Click System, Authentication Settings. Specify the authentication sequence, server address, port number and other parameters, then click Apply. Figure 2-6. Authentication Settings CLI – Specify all the required parameters to enable login authentication. Console(config)#authentication login radius Console(config)#radius-server host 192.168.1.
2 Security Managing Firmware You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version. Command Attributes • TFTP Server IP Address – The IP address of a TFTP server.
2 Configuring the Switch Figure 2-8. Setting the Start-Up file CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file TFTP server ip address: 10.1.0.99 Choose file type: 1. config: 2. opcode: <1-2>: 2 Source file name: MCD0121.bix Destination file name: mcd0121.bix / Console#config Console(config)#boot system opcode: mcd0121.
Security 2 Web – Click System, Configuration. Enter the IP address of the TFTP server, enter the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click Transfer from Server. Figure 2-9. Downloading Configuration Settings Setting the Startup Configuration File If you download to a new file name, then select the new file from the drop-down box for Startup Configuration File, and press Apply Changes.
2 Configuring the Switch Copying the Running Configuration to a File You can copy the running configuration to a file. Figure 2-11. Copying the Running Config to File CLI – If you copy the running configuration to a file, you can set this file as the startup file at a later time, and then restart the switch. Console#copy running-config file destination file name : 051902.cfg / Console# Console#config Console(config)#boot system config: 051902.
Security 2 Command Attributes • Extended Multicast Filtering Services – This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol). • Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes. (Refer to “Class of Service Configuration” on page 2-61.) • Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses.
2 Configuring the Switch Web – Click System, Bridge Extension. Figure 2-13. Bridge Extension Configuration CLI – Enter the following command.
Security 2 • Internal Power Status – Displays the status of the internal power supply. • Redundant Power Status* – Displays the status of the redundant power supply. * CLI only. Management Software • Loader Version – Version number of loader code. • Boot-ROM Version – Version number of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows if the switch is stacked or operating stand-alone.
2 Configuring the Switch CLI – Use the following command to display version information. Console#show version Unit1 Serial number Service tag Hardware version Module A type Module B type Number of ports Main power status Redundant power status Agent(master) Unit id Loader version Boot rom version Operation code version Console# 3-35 :A224029499 : :R0A :not present :not present :24 :up :not present :1 :0.0.6.5 :1.0.1.4 :0.1.2.
Port Configuration 2 Web – Click Port, Port Information or Trunk Information. Figure 2-15. Displaying Port Information CLI – This example shows the connection status for Port 13.
2 Configuring the Switch Field Attributes (CLI) Basic Information: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • MAC address – The physical layer address for this port. (To access this item on the web, see “Setting the IP Address” on page 2-8.) Configuration: • • • • • • • • • Name – Interface label. Port admin – Shows if the interface is enabled or disabled (i.e., up or down). Speed-duplex – Shows the current speed and duplex mode.
Port Configuration 2 Command Attributes • Name – Allows you to label an interface. (Range: 1-64 characters) • Admin – Allows you to manually disable an interface. You can disable an interface due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also disable an interface for security reasons. • Speed/Duplex – Allows manual selection of port speed and duplex mode (i.e., with auto-negotiation disabled).
2 Configuring the Switch Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. Figure 2-16. Port Configuration CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 Console(config-if)#shutdown . Console(config-if)#no shutdown Console(config-if)#no negotiation Console(config-if)#speed-duplex 100half Console(config-if)#flowcontrol .
Port Configuration 2 Command Usage • • • • Broadcast Storm Control is enabled by default. The default threshold is 500 packets per second. Broadcast control does not effect IP multicast traffic. The specified threshold applies to all ports on the switch. Command Attributes • Threshold – Threshold as percentage of port bandwidth.
2 Configuring the Switch Command Attributes • • • • Mirror Sessions – Displays a list of current mirror sessions. Source Unit – The unit whose traffic will be monitored. Source Port – The port whose traffic will be monitored. Type – Allows you to select which traffic to mirror to the target port, Rx (receive), Tx (transmit), or Both. • Target Port – The port that will “duplicate” or “mirror” the traffic on the source port. Web – Click Port, Mirror.
2 Address Table Settings Command Attributes • • • • • Static Address Counts* – The number of manually configured addresses. Current Static Address Table – Lists all the static addresses. Interface – Port or trunk associated with the device assigned a static address. MAC Address – Physical address of a device mapped to this interface. VLAN – ID of configured VLAN (1-4094). * Web Only Web – Click Address Table, Static Addresses.
2 Configuring the Switch • MAC Address – Physical address associated with this interface. • VLAN – ID of configured VLAN (1-4094). • Address Table Sort Key – You can sort the information displayed based on interface (port or trunk) or MAC address. • Dynamic Address Counts – The number of addresses dynamically learned. • Current Dynamic Address Table – Lists all the dynamic addresses. Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e.
Spanning Tree Algorithm Configuration 2 Changing the Aging Time You can change the aging time for entries in the dynamic address table. Command Attributes • Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 seconds; Default: 300 seconds) Web – Click Address Table, Address Aging. Specify the new aging time, then click Apply. Figure 2-21. Setting the Address Aging Time CLI – This example sets the aging time to 300 seconds.
2 Configuring the Switch connected to designated bridging devices are assigned as designated ports. After determining the lowest cost spanning tree, it enables all root ports and designated ports, and disables all other ports. Network packets are therefore only forwarded between root ports and designated ports, eliminating any possible network loops. Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge.
Spanning Tree Algorithm Configuration 2 • Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.
2 Configuring the Switch CLI – This command displays global STA settings, followed by settings for each port. Console#show spanning-tree Bridge-group information -------------------------------------------------------------Spanning tree protocol :IEEE Std 8021D Spanning tree enable/disable :enable Priority :32768 Hello Time (sec.) :2 Max Age (sec.) :20 Forward Delay (sec.) :15 Designated Root :32768.
Spanning Tree Algorithm Configuration 2 BPDU after the migration delay expires, RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port. Command Attributes Basic Configuration of Global Settings • Spanning Tree State – Enables/disables STA on this switch. (Default: Enabled) • Spanning Tree Type – Specifies the type of spanning tree used on this switch: - STP: Spanning Tree Protocol (IEEE 802.1D; i.e.
2 Configuring the Switch • Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. - Default: 15 - Minimum: The higher of 4 or [(Max.
2 Spanning Tree Algorithm Configuration Web – Click Spanning Tree, STA Configuration. Modify the required attributes, click Apply. Figure 2-23. Configuring Spanning Tree CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes.
2 Configuring the Switch Displaying Interface Settings The STP Port Information and STP Trunk Information pages display the current status of ports and trunks in the Spanning Tree. Command Attributes The following attributes are read-only and cannot be changed: • STA Status – Displays current state of this port within the Spanning Tree: - Discarding - Port receives STA configuration messages, but does not forward packets.
Spanning Tree Algorithm Configuration 2 backup port that may provide connectivity if other bridges, bridge ports, or LANs fail or are removed. The role is set to disabled (i.e., disabled port) if a port has no role within the spanning tree. • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only) These additional parameters are only displayed for the CLI: • Admin status – Shows if STA has been enabled on this interface.
2 Configuring the Switch Web – Click Spanning Tree, STA Port Information or STA Trunk Information. Figure 2-24.
2 Spanning Tree Algorithm Configuration CLI – This example shows general STA configuration and attributes for all ports. Console#show spanning-tree ethernet 1/5 Console#show spanning-tree Spanning-tree information --------------------------------------------------------------Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.
2 Configuring the Switch Command Attributes The following attributes are read-only and cannot be changed: • Port – Ports only; i.e., no trunks or trunk port members. • STA State – Displays current state of this port within the Spanning Tree: - Discarding - Port receives STA configuration messages, but does not forward packets. - Learning - Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information.
2 Spanning Tree Algorithm Configuration • Admin Link Type – The link type attached to this interface. - Point-to-Point – A connection to exactly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media. • Admin Edge Port (Fast Forwarding) – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node.
2 Configuring the Switch VLAN Configuration Overview In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks. This also provides a more secure and cleaner network environment. An IEEE 802.
2 VLAN Configuration Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. tagged frames VA VA VA: VLAN Aware VU: VLAN Unaware tagged frames VA untagged frames VA VU Figure 2-26. VLAN Frame Tagging VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways.
2 Configuring the Switch GVRP-compliant devices to be automatically configured for VLAN groups based solely on endstation requests. To implement GVRP in a network, first add the host devices to the required VLANs (using the operating system or other application software), so that these VLANs can be propagated onto the network. For both the edge switches attached directly to these hosts, and core switches in the network, enable GVRP on the links between these devices.
2 VLAN Configuration VLAN-unaware device, it first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port’s default VID. Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network.
2 Configuring the Switch • Maximum VLAN ID – Maximum VLAN ID recognized by this switch. • Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch. * Web only. Web – Click VLAN, VLAN Base Information. Figure 2-29. Displaying Basic VLAN Information CLI – Enter the following command.
2 VLAN Configuration Web – Click VLAN, VLAN Current Table. Select any ID from the scroll-down list. Figure 2-30. Displaying Current VLANs Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. • Name – Name of the VLAN (1 to 32 characters). • Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is operational.
2 Configuring the Switch Creating VLANs Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes • Current – Lists all the current VLAN groups created for this system. Up to 255 VLAN groups can be defined. VLAN 1 is the default untagged VLAN. • New – Allows you to specify the name and numeric identifier for a new VLAN group.
VLAN Configuration 2 CLI – This example creates a new VLAN.
2 Configuring the Switch GVRP. For more information, see “Automatic VLAN Registration” on page 2-45. - None: Interface is not a member of the VLAN. Packets associated with this VLAN will not be transmitted by the interface. • Trunk Member – Indicates if a port is a member of a trunk. To add a trunk to the selected VLAN, use the last table on the VLAN Static Table page. Web – Click VLAN, VLAN Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required.
2 VLAN Configuration • Member – VLANs for which the selected interface is a tagged member. • Non-Member – VLANs for which the selected interface is not a tagged member. Web – Open VLAN, VLAN Static Membership. Select an interface from the scroll-down box (Port or Trunk). Click Query to display membership information for the interface. Select a VLAN ID, and then click Add to add the interface as a tagged member, or click Remove to remove the interface.
2 Configuring the Switch Command Attributes • PVID – VLAN ID assigned to untagged frames received on the interface. (Default: 1) - If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN, the interface will automatically be added to VLAN 1 as an untagged member. For all other VLANs, an interface must first be configured as an untagged member before you can assign its PVID to that group.
VLAN Configuration 2 • Mode – Indicates VLAN membership mode for an interface. (Default: 1Q Trunk) - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. However, note that frames belonging to the port’s default VLAN (i.e., associated with the PVID) are sent untagged. - Hybrid – Specifies a hybrid VLAN interface. The port may transmit tagged or untagged frames.
2 Configuring the Switch own community VLAN, and with their designated promiscuous ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.) Uplink Ports Primary VLAN (promiscuous ports) x Downlink Ports Secondary VLAN (private ports) Figure 2-35. Promiscuous and Community VLAN Ports Each private VLAN consists of two components: a primary VLAN and one or more community VLANs.
VLAN Configuration 2 • Ports List – The list of ports (and assigned type) in the selected private VLAN. Web – Click Private VLAN, Private VLAN Information. Select the desired port from the VLAN ID drop-down menu. Figure 2-36. Displaying Private VLAN Information CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6.
2 Configuring the Switch associated promiscuous ports. • Current – Displays a list of the currently configured VLANs. Web – Click Private VLAN, Private VLAN Configuration. Enter the VLAN ID number, select Primary or Community type, then click Add. To remove a private VLAN from the switch, highlight an entry in the Current list box and then click Remove. Note that all member ports must be removed from the VLAN before it can be deleted. Figure 2-37.
2 VLAN Configuration Web – Click Private VLAN, Private VLAN Association. Select the required primary VLAN from the scroll-down box, highlight one or more community VLANs in the Non-Association list box, and click Add to associate these entries with the selected primary VLAN. (A community VLAN can only be associated with one primary VLAN.) Figure 2-38. Private VLAN Association CLI – This example associates community VLANs 6 and 7 with primary VLAN 5.
2 Configuring the Switch Web – Click Private VLAN, Private VLAN Port Information or Private VLAN Trunk Information. Figure 2-39. Displaying Private VLANs CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have been configured as a host ports and associated with VLAN 6. This means that traffic for port 4 and 5 can only pass through port 3.
2 Class of Service Configuration • Secondary VLAN – On this switch, all secondary VLANs are community VLANs. A community VLAN conveys traffic between community ports, and from community ports to their designated promiscuous ports. If PVLAN Port Type is “Host,” then specify the associated secondary VLAN. Web – Click Private VLAN, Private VLAN Port Configuration or Private VLAN Trunk Configuration. Set the PVLAN Port Type for each port that will join a private VLAN.
2 Configuring the Switch You can set the default priority for each interface, and configure the mapping of frame priority tags to the switch’s priority queues. Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch. All untagged packets entering the switch are tagged with the specified default port priority, and then sorted into the appropriate priority queue at the output port.
Class of Service Configuration 2 CLI – This example assigns a default priority of 5 to port 3.
2 Configuring the Switch Command Attributes • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) • Traffic Class* – Output queue buffer. (Range: 0-3, where 3 is the highest CoS priority queue) * CLI shows Queue ID. Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to output queues. Assign priorities to the traffic classes (i.e., output queues) for the selected interface, then click Apply. Figure 2-42.
Class of Service Configuration 2 Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping CoS Values to Egress Queues” on page 2-63, the traffic classes are mapped to one of the four egress queues provided for each port. You can assign a weight to each of these queues (and thereby to the corresponding traffic priorities).
2 Configuring the Switch Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet or the number of the TCP/UDP port. If priority bits are used, the ToS octet may contain three bits for IP Precedence or six bits for Differentiated Services Code Point (DSCP) service.
Class of Service Configuration 2 Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).
2 Configuring the Switch Web – Click Priority, IP Precedence Priority. Select a port or trunk from the Interface field. Select an entry from the IP Precedence Priority Table, enter a value in the Class of Service Value field, and then click Apply. Figure 2-45. Selecting IP Precedence Priority * Mapping specific values for IP Precedence is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch.
Class of Service Configuration 2 Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, and it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP default values are defined in the following table.
2 Configuring the Switch Web – Click Priority, IP DSCP Priority. Select a port or trunk from the Interface field. Select an entry from the DSCP table, enter a value in the Class of Service Value field, then click Apply. Figure 2-46. Mapping IP DSCP Priority Values * Mapping specific values for IP Precedence is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch.
Class of Service Configuration * 2 Mapping specific values for IP Precedence is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch. Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110.
2 Configuring the Switch Web – Click Priority, IP Port Priority. Select a port or trunk from the Interface field. Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box, and then click Add IP Port. Figure 2-48. Mapping IP Port Priority to Interfaces * Mapping specific values for IP Precedence is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch.
Trunk Configuration 2 Trunk Configuration You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices. You can create up to six trunks at a time. The switch supports both static trunking and dynamic Link Aggregation Control Protocol (LACP).
2 Configuring the Switch Dynamically Configuring a Trunk Command Usage • To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports before disabling LACP. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID.
Trunk Configuration 2 CLI – The following example enables LACP for ports 17 and 18. Just connect these ports to two LACP-enabled trunk ports on another switch to form a trunk.
2 Configuring the Switch Web – Click Trunk, Trunk Configuration. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply. Figure 2-50. Configuring Port Trunks CLI – This example creates trunk 1 with ports 11 and 12. Just connect these ports to two static trunk ports on another switch to form a trunk.
Simple Network Management Protocol 2 Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
2 Configuring the Switch Web – Click SNMP, SNMP Configuration. Add new community strings as required, select the access rights from the Access Mode drop-down list, then click Add. Figure 2-51. Configuring SNMP CLI – The following example adds the string “spiderman” with read/write access. Console(config)#snmp-server community spiderman rw Console(config)# 3-36 Specifying Trap Managers Traps indicating status changes are issued by the switch to specified trap managers.
Simple Network Management Protocol 2 • Trap Version – Indicates if the user is running version 1 or version 2c. • Enable Authentication Traps – Issues a trap message to specified IP trap managers whenever authentication of an SNMP request fails. (The default is enabled.) • Enable Link-up and Link-down Traps – Issues a trap message whenever a port link is established or broken. Web – Click SNMP, SNMP Configuration.
2 Configuring the Switch Multicast Filtering Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Multicast Filtering 2 Static IGMP Host Interface – For multicast applications that you need to control more carefully, you can manually assign a multicast service to specific interfaces on the switch (page 2-85). Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic.
2 Configuring the Switch • IGMP Version — Sets the protocol version for compatibility with other devices on the network. (Default: 2, Range: 1 - 2) Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout. Web – Click IGMP, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) Figure 2-53.
Multicast Filtering 2 Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.
2 Configuring the Switch can ensure that multicast traffic is passed to all the appropriate interfaces within the switch. Command Attributes • Interface – Activates the Port or Trunk scroll down list. • VLAN ID – Selects the VLAN to propagate all multicast traffic coming from the attached multicast router/switch. • Port or Trunk – Specifies the interface attached to a multicast router. Web – Click IGMP, Static Multicast Router Port Configuration.
Multicast Filtering 2 • Multicast Group Port List – Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service. Web – Click IGMP, IP Multicast Registration Table. Select the VLAN ID and multicast IP address. The switch will display all the ports that are propagating this multicast service. Figure 2-56.
2 Configuring the Switch Command Attributes • Interface – Activates the Port or Trunk scroll down list. • VLAN ID – Selects the VLAN to propagate all multicast traffic coming from the attached multicast router/switch. • Multicast IP – The IP address for a specific multicast service. • Port or Trunk – Specifies the interface attached to a multicast router. Web – Click IGMP, IGMP Member Port Table.
2 Multicast Filtering frame types and sizes passing through each port. All values displayed have been accumulated since the last system reboot, and are shown as counts per second. Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as HP OpenView. Statistical Values Table 2-7.
2 Configuring the Switch Table 2-7. Port Statistics Parameter Description Alignment Errors The number of alignment errors (missynchronized data packets). Late Collisions The number of times that a collision is detected later than 512 bit-times into the transmission of a packet. FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check.
2 Multicast Filtering Table 2-7. Port Statistics Parameter Description Undersize Frames The total number of frames received that were less than 64 octets long (excluding framing bits, but including FCS octets) and were otherwise well formed. Oversize Frames The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed.
2 Configuring the Switch Figure 2-58.
Rate Limit Configuration 2 CLI – This example shows statistics for port 13.
2 Configuring the Switch Command Attributes • Port/Trunk– Displays the port number. • Rate Limit Status – Enables or disables the rate limit.(Default: Disabled) • Rate Limit (Mbps) – Sets the rate limit in Mbps. Web - Click Rate Limit, Input/Output Rate Limit Port/Trunk Configuration. Enable the Rate Limit Status for the required interfaces, set the Rate Limit to one of the options shown in the preceding table, and click Apply. Figure 2-59.
Configuring 802.1x Port Authentication 2 The IEEE 802.1x (dot1x) standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication. Access to all switch ports in a network can be centrally controlled from a server, which means that authorized users can use the same credentials for authentication from any point within the network.
2 Configuring the Switch the client identity lookup process that runs between the switch and authentication server. These parameters are described in this section. Command Attributes • dot1x Re-authentication - Indicates if switch ports require a client to be re-authenticated after a certain period of time. • dot1x Max Request Count - The maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session.
Configuring 802.1x Port Authentication 2 CLI – This example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the CLI, see “show dot1x” on page 3-141. Console#show dot1x Global 802.1X Parameters reauth-enabled: n/a reauth-period: 3600 quiet-period: 60 tx-period: 30 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 3-141 802.
2 Configuring the Switch • authentication dot1x* – Sets the default authentication server type. Note the specified authentication server type must be enabled and properly configured for dot1x to function properly. (Options: radius) * CLI only. Web - Select 802.1X, 802.1X Configuration. Enable dot1x globally for the switch, modify any of the parameters as required, and then click Apply. . Figure 2-61. Configuring 802.
2 Configuring 802.1x Port Authentication • Authorized – - Yes – Connected client is authorized. - No – Connected client is not authorized. - Blank – Displays nothing when dot1x is disabled on a port. • Supplicant – Indicates the MAC address of a connected client. • Trunk – Indicates if the port is configured as a trunk port. Web - Select 802.1X, 802.1X Port Configuration. Figure 2-62. 802.1x Port Configuration CLI - In Interface mode type dot1x port-control auto, or use the no form to disable.
2 Configuring the Switch Table 2-8. 802.1x Statistics Parameter Description Rx EAP Resp/Oth The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator. Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid. Rx Last EAPOLVer The protocol version number carried in the most recently received EAPOL frame.
Configuring 802.1x Port Authentication 2 CLI – This example displays the dot1x statistics for port 2.
2 Configuring the Switch 2-100
Chapter 3: Command Line Interface This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands on a UNIX system.
3 Command Line Interface Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host portion. For example, the IP address assigned to this switch, 10.1.0.1, consists of a network portion (10.1.0) and a host portion (1).
Entering Commands 3 Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
3 Command Line Interface display a list of valid keywords for a specific command. For example, the command “show ?” displays a list of possible show commands: Console#show ? bridge-ext calendar dot1x garp gvrp history interfaces ip line logging mac-address-table map port queue radius-server running-config snmp spanning-tree startup-config system tacacs-server users version vlan Console#show Bridge extend information Date information Show 802.
Entering Commands 3 Negating the Effect of Commands For many configuration commands you can enter the prefix keyword “no” to cancel the effect of a command or reset the configuration to the default value. For example, the logging command will log system messages to a host server. To disable logging, specify the no logging command. This guide describes the negation effect for all applicable commands. Using Command History The CLI maintains a history of commands that have been entered.
3 Command Line Interface system will now display the “Console#” command prompt. You can also enter Privileged Exec mode from within Normal Exec mode, by entering the enable command, followed by the privileged level password “super” (page 3-9). To enter Privileged Exec mode, enter the following commands and passwords: Username: admin Password: [system login password] CLI session with the Intelligent Switch is opened. To end the CLI session, enter [Exit].
Entering Commands 3 To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands. Console#configure Console(config)# To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode. Table 3-2.
3 Command Line Interface Table 3-3. Command Line Processing Keystroke Function Ctrl-W Deletes the last word typed. Delete key or backspace key Erases a mistake when entering a command. Command Groups The system commands can be broken down into the functional groups shown below. Table 3-4.
3 General Commands Table 3-4. Command Groups Command Group Description Rate Limiting Controls the maximum rate for traffic transmitted or received on a port Page 3-127 Authentication Configures RADIUS and TACACS+ client-server authentication for logon access and commands for IEEE 802.1x port access control.
3 Command Line Interface Default Setting Level 15 Command Mode Normal Exec Command Usage • “super” is the default password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on page 3-22.) • The “#” character is appended to the end of the prompt to indicate that the system is in privileged access mode.
General Commands 3 Related Commands enable (3-9) configure Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, and VLAN Database Configuration. See “Understanding Command Modes” on page 3-5.
3 Command Line Interface Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configurat
General Commands 3 prompt Use this command to customize the CLI prompt. Use the no form to revert to the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the command prompt. (Maximum length: 255 characters) Default Setting Console Command Mode Global Configuration Example Console(config)#prompt FMS-24K FMS-24K(config)# end Use this command to return to Privileged Exec mode.
3 Command Line Interface Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: quit Use this command to exit the configuration program. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program.
Flash/File Commands 3 Flash/File Commands These commands are used to manage the system code or configuration files. Table 3-6.
3 Command Line Interface Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) • Due to the size limit of the flash memory, the switch supports only two operation code files.
Flash/File Commands 3 The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01 Startup configuration file name [startup]: Write to FLASH Programming. \Write to FLASH finish. Success. Console# delete Use this command to delete a file or image. Syntax delete filename filename - Name of the configuration file or image name.
3 Command Line Interface dir Use this command to display a list of files in flash memory. Syntax dir [boot-rom | config | opcode [:filename]] The type of file or image to display includes: • • • • boot-rom - Boot ROM (or diagnostic) image file config - Switch configuration file opcode - Run-time operation code image file. filename - Name of the file or image. If this file exists but contains errors, information on this file cannot be shown.
Flash/File Commands 3 whichboot Use this command to display which files were booted when the system powered up. Default Setting None Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command.
3 Command Line Interface Command Usage • A colon (:) is required after the specified file type. • If the file contains an error, it cannot be set as the default file. Example Console(config)#boot system config: startup Console(config)# Related Commands dir (3-18) whichboot (3-19) System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information. Table 3-8.
System Management Commands 3 Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode Global Configuration Example Console(config)#hostname FMS-24K Console(config)# User Access Commands The basic commands required for management access are listed in this section.
3 Command Line Interface • {0 | 7} - 0 means plain password, 7 means encrypted password. • password password - The authentication password for the user. (Maximum length: 8 characters plain text, 32 encrypted, case sensitive) Default Setting • The default access level is Normal Exec. • The factory defaults for the user names and passwords are: Table 3-11.
System Management Commands 3 Default Setting • The default is level 15. • The default password is “super” Command Mode Global Configuration Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 3-9). • The encrypted password is required for compatibility with legacy password settings (i.e.
3 Command Line Interface • month - January | February | March | April | May | June | July | August | September | October | November | December • day - Day of month. (Range: 1 - 31) • year - Year (4-digit). (Range: 2001 - 2101) Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15:12:34, March 21st, 2003. Console#calendar set 15 12 34 march 21 2003 Console# show calendar Use this command to display the system clock.
System Management Commands 3 Web Server Commands Table 3-13. Unit ID Command Command Function Mode ip http port Specifies the port to be used by the Web browser interface GC ip http server Allows the switch to be monitored or configured from a browser GC Page 3-25 ip http port Use this command to specify the TCP port number used by the Web browser interface. Use the no form to use the default port.
3 Command Line Interface Command Mode Global Configuration Example Console(config)#ip http server Console(config)# Related Commands ip http port (3-25) Event Logging Commands Table 3-14.
System Management Commands 3 Related Commands logging history (3-27) clear logging (3-28) logging history Use this command to limit syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
3 Command Line Interface Command Usage The message level specified for flash memory must be a higher priority (i.e., numerically lower) than that specified for RAM. Example Console(config)#logging history ram 0 Console(config)# clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
System Management Commands 3 Command Mode Privileged Exec Command Usage This command shows the following information: • Syslog logging – Whether or not system logging has been enabled via the logging on command. • History logging in FLASH/RAM – The message level(s) that are reported based on the logging history command. • Any system and event messages stored in memory. Example The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e.
3 Command Line Interface light unit Use this command to display the unit ID of a switch using its front-panel LED indicators. Syntax light unit unit unit - Specifies a unit in a switch stack to light the panel LEDs. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The unit ID is displayed using the port status LED indicators for ports 1 to 8. When the light unit command is entered, the LED corresponding to the switch’s ID will flash for about 15 seconds.
System Management Commands - 3 SNMP community strings Users (names and access levels) VLAN database (VLAN ID, name and state) VLAN configuration settings for each interface IP address configured for VLANs Spanning tree settings Any configured settings for the console port and Telnet Example Console#show startup-config building startup-config, please wait.....
3 Command Line Interface show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes.
System Management Commands 3 Example Console#show running-config building running-config, please wait.....
3 Command Line Interface Command Usage • For a description of the items shown by this command, refer to “Displaying System Information” on page 2-6. • The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: FMS-24K System OID string: 1.3.6.1.4.1.259.6.10.45 System information System Up time: 0 days, 1 hours, 1 minutes, and 1.
System Management Commands 3 Example Console#show users Username accounts: Username Privilege -------- --------guest 0 admin 15 Online users: Line Username Idle time (h:m:s) Remote IP addr. ----------- -------- ----------------- --------------* 0 console admin 0:00:00 1 vty 0 admin 0:04:37 10.1.0.19 Console# show version Use this command to display hardware and software version information for the system.
3 Command Line Interface SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. Table 3-17.
SNMP Commands 3 Command Usage The first snmp-server community command you enter enables SNMP (SNMPv1). The no snmp-server community command disables SNMP. Example Console(config)#snmp-server community alpha rw Console(config)# snmp-server contact Use this command to set the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information.
3 Command Line Interface Default Setting None Command Mode Global Configuration Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (3-37) snmp-server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host.
SNMP Commands 3 receive notifications, at least one snmp-server enable traps command and the snmp-server host command for that host must be enabled. • However, some notification types cannot be controlled with the snmp-server enable traps command. For example, some notification types are always enabled. Example Console(config)#snmp-server host 10.1.19.
3 Command Line Interface Example Console(config)#snmp-server enable traps link-up-down Console(config)# Related Commands snmp-server host (3-38) show snmp Use this command to check the status of SNMP communications.
SNMP Commands 3 Example Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read-write 2.
3 Command Line Interface • DHCP requires the server to reassign the client’s last address if available. • If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will be based on this new domain. Example In the following example, the device is reassigned the same address. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#ip dhcp restart Console#show ip interface IP address and netmask: 192.
IP Interface Commands 3 ip address Use this command to set the IP address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} no ip address • ip-address - IP address • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • bootp - Obtains IP address from BOOTP. • dhcp - Obtains IP address from DHCP. Default Setting IP address: 0.0.
3 Command Line Interface Related Commands ip dhcp restart (3-43) ip default-gateway Use this command to a establish a static route between this device and management stations that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default gateway Default Setting No static route is established.
IP Interface Commands 3 Example Console#show ip interface IP address and netmask: 10.1.0.254 255.255.255.0 on VLAN 1, and address mode: User specified. Console# Related Commands show ip redirects (3-45) show ip redirects Use this command to show the default gateway configured for this device. Default Setting None Command Mode Privileged Exec Example Console#show ip redirects ip default gateway 10.1.0.
3 Command Line Interface Command Usage • Use the ping command to see if another site on the network can be reached. • Following are some results of the ping command: • Normal response -The normal response occurs in one to ten seconds, depending on network traffic. • Destination does not respond - If the host does not respond, a “timeout” appears in ten seconds. • Destination unreachable - The gateway for this destination indicates that the destination is unreachable.
Line Commands 3 Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal). Table 3-20.
3 Command Line Interface Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty” in screen displays such as show users. However, the serial communication parameters (e.g., databits) do not affect Telnet connections. Example To enter console line mode, enter the following command: Console(config)#line console Console(config-line)# Related Commands show line (3-54) show users (3-34) login Use this command to enable password checking at login.
Line Commands 3 • This command controls login authentication via the switch itself. To configure user names and passwords for remote authentication servers, you must use the RADIUS/TACACS software installed on those servers. Example Console(config-line)#login local Console(config-line)# Related Commands username (3-23) password (3-49) password Use this command to specify the password for a line. Use the no form to remove the password.
3 Command Line Interface Related Commands login (3-48) password-thresh (3-50) exec-timeout Use this command to set the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout seconds no exec-timeout seconds - Integer that specifies the number of seconds.
Line Commands 3 Default Setting The default value is three attempts. Command Mode Line Configuration Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down. • This command applies to both the local console and Telnet connections.
3 Command Line Interface Example To set the silent time to 60 seconds, enter this command: Console(config-line)#silent-time 60 Console(config-line)# Related Commands password-thresh (3-50) databits Use this command to set the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits • 7 - Seven data bits per character. • 8 - Eight data bits per character.
Line Commands 3 parity Use this command to define generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting.
3 Command Line Interface Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on devices connected to the port might not be supported. The system indicates if the speed you selected is not supported. Example To specify 57600 bps, enter this command: Console(config-line)#speed 57600 Console(config-line)# stopbits Use this command to set the number of the stop bits transmitted per byte. Use the no form to restore the default setting.
Interface Commands 3 Command Mode Normal Exec, Privileged Exec Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 65535 Console# Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN.
3 Command Line Interface interface Use this command to configure an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Interface Commands 3 Example The following example adds a description to port 25 Console(config)#interface ethernet 1/25 Console(config-if)#description RD-SW#3 Console(config-if)# speed-duplex Use this command to configure the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default.
3 Command Line Interface Related Commands negotiation (3-58) capabilities (3-59) negotiation Use this command to enable autonegotiation for a given interface. Use the no form to disable autonegotiation. Syntax [no] negotiation Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command.
Interface Commands 3 capabilities Use this command to advertise the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capability, or the no form without parameters to restore the default values.
3 Command Line Interface Related Commands negotiation (3-58) speed-duplex (3-57) flowcontrol (3-60) flowcontrol Use this command to enable flow control. Use the no form to disable flow control. Syntax [no] flowcontrol Default Setting Flow control enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill.
Interface Commands 3 clear counters Use this command to clear statistics on an interface. Syntax clear counters interface interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session.
3 Command Line Interface Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also want to disable a port for security reasons. Example The following example disables port 5. Console(config)#interface ethernet 1/5 Console(config-if)#shutdown Console(config-if)# switchport broadcast packet-rate Use this command to configure broadcast storm control.
Interface Commands 3 show interfaces status Use this command to display the status for an interface. Syntax show interfaces status [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • vlan vlan-id (Range: 1-4094) Default Setting Shows the status for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed.
3 Command Line Interface show interfaces counters Use this command to display interface statistics. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed.
Interface Commands 3 Example Console#show interfaces counters ethernet 1/7 Ethernet 1/7 Iftable stats: Octets input: 30658, Octets output: 196550 Unicast input: 6, Unicast output: 5 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 3064 Broadcast input: 262, Broadcast output: 1 Ether-like stats: Alignment errors: 0, FCS errors: 0 Single Collision frames: 0, Multiple collision frames: 0
3 Command Line Interface Command Usage If no interface is specified, information on all interfaces is displayed. Example This example shows the configuration setting for port 25.
Address Table Commands 3 Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Table 3-22.
3 Command Line Interface Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table. Static addresses have the following characteristics: • Static addresses will not be removed from the address table when a given interface link is down. • Static addresses are bound to the assigned interface and will not be moved.
Address Table Commands 3 Command Usage • The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: - Learned - Dynamic address entries - Permanent - Static entry - Delete-on-reset - Static entry to be deleted when system is reset • The mask should be hexadecimal numbers (representing an equivalent bit mask) in the form xx-xx-xx-xx-xx-xx that is applied to the specified MAC address.
3 Command Line Interface Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 300 Console(config)# Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 3-23.
Spanning Tree Commands 3 spanning-tree Use this command to enable the Spanning Tree Algorithm globally for the switch. Use the no form to disable it. Syntax [no] spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
3 Command Line Interface Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. • Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU after a port’s migration delay timer expires, the switch assumes it is connected to an 802.
Spanning Tree Commands 3 changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state; otherwise, temporary data loops might result. Example Console(config)#spanning-tree forward-time 20 Console(config)# spanning-tree hello-time Use this command to configure the spanning tree bridge hello time globally for this switch. Use the no form to restore the default.
3 Command Line Interface Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN.
Spanning Tree Commands 3 Example Console(config)#spanning-tree priority 40000 Console(config)# spanning-tree pathcost method Use this command to configure the path cost method used for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 1-200,000,000. • short - Specifies 16-bit based values that range from 1-65535.
3 Command Line Interface Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs. Example Console(config)#spanning-tree transmission-limit 4 Console(config)# spanning-tree cost Use this command to configure the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port.
Spanning Tree Commands 3 Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree cost 50 Console(config-if)# spanning-tree port-priority Use this command to configure the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for a port.
3 Command Line Interface Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and proceed straight to Forwarding. • Since end-nodes cannot cause forwarding loops, they can be passed through the spanning tree state changes more quickly than allowed by standard convergence time.
Spanning Tree Commands 3 Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
3 Command Line Interface spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible). Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree protocol-migration Console(config-if)# spanning-tree link-type Use this command to configure the link type for Rapid Spanning Tree. Use the no form to restore the default.
Spanning Tree Commands 3 show spanning-tree Use this command to show the spanning tree configuration. Syntax show spanning-tree [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree.
3 Command Line Interface Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.) :20 Root Forward Delay (sec.) :15 Designated Root :32768.
VLAN Commands 3 VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface. Table 3-24.
3 Command Line Interface Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN. The results of these commands are written to the running-configuration file, and you can display this file by entering the show running-config command.
VLAN Commands 3 Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default. Console(config)#vlan database Console(config-vlan)#vlan 105 name RD5 media ethernet Console(config-vlan)# Related Commands show vlan (3-91) Configuring VLAN Interfaces Table 3-26.
3 Command Line Interface Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands shutdown (3-61) switchport mode Use this command to configure the VLAN membership mode for a port. Use the no form to restore the default.
VLAN Commands 3 switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types • all - The port accepts all frames, tagged or untagged. • tagged - The port only passes tagged frames.
3 Command Line Interface Command Usage • Ingress filtering only affects tagged frames. • If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port). • If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be discarded.
VLAN Commands 3 Example The following example shows how to set the PVID for port 1 to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport native vlan 3 Console(config-if)# switchport allowed vlan Use this command to configure VLAN groups on the selected interface. Use the no form to restore the default. Syntax switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list} no switchport allowed vlan • add vlan-list - List of VLAN identifiers to add.
3 Command Line Interface • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged Console(config-if)# switchport forbidden vlan Use this command to configure forbidden VLANs.
VLAN Commands 3 Displaying VLAN Information Table 3-27. Show VLAN Commands Command Function Mode Page show vlan Shows VLAN information NE, PE 3-91 show interfaces status vlan Displays status for the specified VLAN interface NE, PE 3-63 show interfaces switchport Displays the administrative and operational status of an interface NE, PE 3-65 show vlan Use this command to show VLAN information. Syntax show vlan [id vlan-id | name vlan-name] • id - Keyword to be followed by the VLAN ID.
3 Command Line Interface own community VLAN, and with their designated promiscuous ports. This section describes commands used to configure private VLANs. Table 3-28.
VLAN Commands 3 private-vlan Use this command to create a primary or secondary (i.e., community) private VLAN. Use the no form to remove the specified private VLAN. Syntax private-vlan vlan-id {community | isolated | primary} no private-vlan vlan-id • • • • vlan-id - ID of private VLAN. (Range: 1-4093, no leading zeroes). community – Specifies a community VLAN. primary – Specifies a primary VLAN. isolated – Specifies an isolated VLAN.
3 Command Line Interface private-vlan association Use this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no form to remove all associations for the specified primary VLAN. Syntax private-vlan primary-vlan-id association {secondary-vlan-id | add secondary-vlan-id | remove secondary-vlan-id} no private-vlan primary-vlan-id association • primary-vlan-id - ID of private VLAN. (Range: 2-4094, no leading zeroes). • secondary-vlan-id - ID of private (i.e. community) VLAN.
VLAN Commands 3 Default Setting Normal VLAN Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage Promiscuous ports assigned to a primary VLAN can communicate with all other promiscuous ports in the same VLAN, as well as with all the ports in the associated secondary VLANs.
3 Command Line Interface switchport private-vlan mapping Use this command to map an interface to a primary VLAN. Use the no form to remove this mapping. Syntax switchport private-vlan mapping primary-vlan-id no switchport private-vlan mapping primary-vlan-id – ID of primary VLAN. (Range: 1-4093, no leading zeroes).
GVRP and Bridge Extension Commands 3 Example Console#sh vlan private-vlan Primary Secondary Type Interfaces -------- ----------- ---------- -------------------------------------2 primary Eth1/ 2 2 3 community Eth1/ 3 2 4 community Eth1/ 4 2 5 community Eth1/ 5 6 primary Eth1/ 6 6 7 community Eth1/ 7 6 8 community Eth1/ 8 6 9 community Eth1/ 9 Console# GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically regist
3 Command Line Interface Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# show gvrp configuration Use this command to show if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows both global and interface-specific configuration.
GVRP and Bridge Extension Commands 3 Default Setting • join: 20 centiseconds • leave: 60 centiseconds • leaveall: 1000 centiseconds Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate.
3 Command Line Interface Command Mode Normal Exec, Privileged Exec Example Console#show garp timer ethernet 1/1 Eth 1/ 1 GARP timer status: Join timer: 20 centiseconds Leave timer: 60 centiseconds Leaveall timer: 1000 centiseconds Console# Related Commands garp timer (3-98) bridge-ext gvrp Use this command to enable GVRP globally for the switch. Use the no form to disable it.
Multicast Filtering Commands 3 Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 2-47 and “Displaying Bridge Extension Capabilities” on page 2-18 for a description of the displayed items.
3 Command Line Interface IGMP Snooping Commands Table 3-31.
Multicast Filtering Commands 3 ip igmp snooping vlan static Use this command to add a port to a multicast group. Use the no form to remove the port. Syntax ip igmp snooping vlan vlan-id static ip-address interface no ip igmp snooping vlan vlan-id static ip-address interface • vlan-id - VLAN ID (Range: 1-4094) • ip-address - IP address for multicast group • interface • ethernet unit/port - unit - This is device 1. - port - Port number.
3 Command Line Interface Command Usage • All systems on the subnet must support the same version. If there are legacy devices in your network that only support Version 1, you will also have to configure this switch to use Version 1. • Some commands are only enabled for IGMPv2, including ip igmp query-max-response-time and ip igmp query-timeout.
Multicast Filtering Commands 3 show mac-address-table multicast Use this command to show known multicast addresses. Syntax show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] • vlan-id - VLAN ID (1 to 4094) • user - Display only the user-configured multicast entries. • igmp-snooping - Display only entries learned through IGMP snooping. Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER, depending on selected options.
3 Command Line Interface ip igmp snooping querier Use this command to enable the switch as an IGMP querier. Use the no form to disable it. Syntax [no] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic.
Multicast Filtering Commands 3 is started using the time defined by ip igmp snooping query-maxresponse-time. If the countdown finishes, and the client still has not responded, then that client is considered to have left the multicast group.
3 Command Line Interface Default Setting 10 seconds Command Mode Global Configuration Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries defined by the ip igmp snooping query-count, but a client has not responded, a countdown timer is started using an initial value set by this command.
Multicast Filtering Commands 3 Command Usage The switch must use IGMPv2 for this command to take effect. Example The following shows how to configure the default timeout to 300 seconds: Console(config)#ip igmp snooping query-time-out 300 Console(config)# Related Commands ip igmp snooping version (3-103) Static Multicast Routing Commands Table 3-33.
3 Command Line Interface Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your switch, you can manually configure that interface to join all the current multicast groups.
Priority Commands 3 Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
3 Command Line Interface Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • The default priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both untagged and tagged frames).
Priority Commands 3 Command Mode Global Configuration Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights. Example The following example shows how to assign WRR weights of 1, 3, 5 and 7 to the CoS priority queues 0, 1, 2 and 3: Console(config)#queue bandwidth 1 3 5 7 Console(config)# Related Commands show queue bandwidth (3-114) queue cos-map Use this command to assign class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 3).
3 Command Line Interface Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage CoS assigned at the ingress port is used to select a CoS priority at the egress port.
Priority Commands 3 Syntax show queue cos-map [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Example Console#show queue cos-map ethernet 1/11 Information of Eth 1/11 Queue ID Traffic class -------- ------------0 1 2 1 0 3 2 4 5 3 6 7 Console# Priority Commands (Layer 3 and 4) Table 3-37.
3 Command Line Interface map ip port (Global Configuration) Use this command to enable IP port mapping (i.e., class of service mapping for TCP/UDP sockets). Use the no form to disable IP port mapping. Syntax [no] map ip port Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.
Priority Commands 3 Example The following example shows how to map HTTP traffic to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip port 80 cos 0 Console(config-if)# map ip precedence (Global Configuration) Use this command to enable IP precedence mapping (i.e., IP Type of Service). Use the no form to disable IP precedence mapping.
3 Command Line Interface Default Setting The list below shows the default priority mapping Table 3-38. Mapping IP Precedence Values IP Precedence Value 0 1 2 3 4 5 6 7 CoS Value 0 1 2 3 4 5 6 7 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.
Priority Commands 3 Example The following example shows how to enable IP DSCP mapping globally: Console(config)#map ip dscp Console(config)# map ip dscp (Interface Configuration) Use this command to set IP DSCP priority (i.e., Differentiated Services Code Point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp • dscp-value - 8-bit DSCP value.
3 Command Line Interface Example The following example shows how to map IP DSCP value 1 to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip dscp 1 cos 0 Console(config-if)# show map ip port Use this command to show the IP port priority map. Syntax show map ip port [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Priority Commands 3 show map ip precedence Use this command to show the IP precedence priority map. Syntax show map ip precedence [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
3 Command Line Interface show map ip dscp Use this command to show the IP DSCP priority map. Syntax show map ip dscp [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 . . .
Mirror Port Commands 3 Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Table 3-40. Mirror Port Commands Command Function Mode port monitor Configures a mirror session IC Page 3-123 show port monitor Shows the configuration for a mirror port PE 3-124 port monitor Use this command to configure a mirror session. Use the no form to clear a mirror session.
3 Command Line Interface Example The following example configures the switch to mirror all packets from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 both Console(config-if)# show port monitor Use this command to display mirror information. Syntax show port monitor [interface] interface - ethernet unit/port (source port) • unit - Switch (unit 1). • port - Port number. Default Setting Shows all sessions.
Link Aggregation Commands 3 Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device. For static trunks, the switches have to comply with the Cisco EtherChannel standard. For dynamic trunks, the switches have to comply with LACP.
3 Command Line Interface channel-group Use this command to add a port to a trunk. Use the no form to remove a port from a trunk. Syntax channel-group channel-id no channel-group channel-id - Trunk index (Range: 1-6) Default Setting The current port will be added to this trunk. Command Mode Interface Configuration (Ethernet) Command Usage • When configuring static trunks, the switches must comply with the Cisco EtherChannel standard. • Use no channel-group to remove a port group from a trunk.
Rate Limit Commands 3 Command Usage • The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation. • A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically.
3 Command Line Interface the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped. Rate limiting can be applied to individual ports or trunks. When an interface is configured with this feature, the traffic rate will be monitored by the hardware to verify conformity. Non-conforming traffic is dropped, conforming traffic is forwarded without any changes. Table 3-42.
Authentication Commands 3 Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local, RADIUS, or TACACS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x.
3 Command Line Interface • radius - Use RADIUS server password only. • tacacs - Use TACACS server password only. Default Setting Local Command Mode Global Configuration Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server.
Authentication Commands 3 Table 3-45.
3 Command Line Interface Command Mode Global Configuration Example Console(config)#radius-server port 181 Console(config)# radius-server key Use this command to set the RADIUS encryption key. Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
Authentication Commands 3 Example Console(config)#radius-server retransmit 5 Console(config)# radius-server timeout Use this command to set the interval between transmitting authentication requests to the RADIUS server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the switch waits for a reply before resending a request.
3 Command Line Interface TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch. Table 3-46.
Authentication Commands 3 tacacs-server port Use this command to specify the TACACS+ server TCP port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages. (Range: 1-65535) Default Setting None Command Mode Global Configuration Example Console(config)#tacacs-server port 181 Console(config)# tacacs-server key Use this command to set the TACACS+ encryption key.
3 Command Line Interface show tacacs-server Use this command to display the current settings for the TACACS+ server. Default Setting None Command Mode Global Configuration Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with tacacs server: green Server port number: 1824 Console 802.1x Port Authentication The switch supports IEEE 802.
Authentication Commands 3 authentication dot1x default Sets the default authentication server type. Use the no form to restore the default. Syntax authentication dot1x default radius no authentication dot1x Default Setting RADIUS Command Mode Global Configuration Example Console(config)#authentication dot1x default radius Console(config)# dot1x default Sets all configurable dot1x global and port settings to their default values.
3 Command Line Interface Command Mode Global Configuration Example Console(config)#dot1x max-req 2 Console(config)# dot1x port-control Sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control • auto – Requires a dot1x-aware connected client to be authorized by the RADIUS server. Clients that are not dot1x-aware will be denied access.
Authentication Commands 3 Command Mode Privileged Exec Example Console#dot1x re-authenticate Console# dot1x re-authentication Enables periodic re-authentication globally for all ports. Use the no form to disable re-authentication.
3 Command Line Interface dot1x timeout re-authperiod Sets the time period after which a connected client must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod seconds - The number of seconds.
Authentication Commands 3 show dot1x Use this command to show general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. Command Mode Privileged Exec Command Usage This command displays the following information: • Global 802.
3 Command Line Interface - Reauth Count – Number of times connecting state is re-entered. • Backend State Machine - State – Current state (including request, response, success, fail, timeout, idle, initialize). - Request Count – Number of EAP Request packets sent to the Supplicant without receiving a response. - Identifier(Server) – Identifier carried in the most recent EAP Success, Failure or Request packet received from the Authentication Server.
Authentication Commands 3 Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.1X Port Summary Port Name Status 1 disabled 2 disabled . . . 25 disabled 26 enabled Mode ForceAuthorized ForceAuthorized Authorized n/a n/a ForceAuthorized Auto yes yes 802.1X Port Details 802.1X is disabled on port 1 . . . 802.
3 Command Line Interface 3-144
Authentication Commands 3 3-145
3 Command Line Interface 3-146
Appendix A: Upgrading Firmware via the Serial Port The switch contains three firmware components that can be upgraded; the diagnostics (or Boot-ROM) code, runtime operation code and the loader code. The runtime code can be upgraded via the switch’s RS-232 serial console port, via a network connection to a TFTP server, or using SNMP management software. The diagnostics and the loader code can be upgraded only via the switch’s RS-232 serial console port.
Upgrading Firmware via the Serial Port 6. Press to select the option for 115200 baud. There are two baud rate settings available, 9600 and 115200. Using the higher baud rate minimizes the time required to download firmware code files. 7. Set your PC’s terminal emulation software to match the 115200 baud rate. Press Press to reset communications with the switch. Select> Change baudrate [A]9600 [B]115200 Baudrate set to 115200 8.
For example, the following screen text shows the download procedure for a runtime code file: Select>x Xmodem Receiving Start :: [R]untime [D]iagnostic [L]oader Update Image File:r Runtime Image Filename : run_1013 Updating file system. File system updated. [Press any key to continue] 12. To set the new downloaded file as the startup file, use the [S]et Startup File menu option. 13.
Upgrading Firmware via the Serial Port A-4
Appendix B: Troubleshooting Troubleshooting Chart Symptom Action Cannot connect using Telnet, • Be sure you have configured the agent with a valid IP address, subnet Web browser, or SNMP mask and default gateway. software • If you are trying to connect to the agent via the IP address for a tagged VLAN group, your management station must include the appropriate tag in its transmitted frames.
Troubleshooting B-2
Appendix C: Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) DHCP Client Port Configuration 100BASE-TX: 10/100 Mbps, half/full duplex 1000BASE-T: 1000 Mbps, full duplex Flow Control Full Duplex: IEEE 802.
C Software Specifications Additional Features BOOTP client CIDR (Classless Inter-Domain Routing) SNTP (Simple Network Time Protocol) SNMP (Simple Network Management Protocol) RMON (Remote Monitoring, groups 1,2,3,9) Management Features In-Band Management Telnet, Web-based HTTP or HTTPS, SNMP manager, or Secure Shell Out-of-Band Management RS-232 DB-9 console port Software Loading TFTP in-band or XModem out-of-band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1, 2
Management Information Bases C SSH (Version 1.5) Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ethernet MIB (RFC 2665) Ether-like MIB (RFC 1643) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) IP Multicasting related MIBs MIB II (RFC 1213) Port Access Entity MIB (IEEE 802.
C C-6 Software Specifications
Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3, 4, or 5 UTP cable. 100BASE-TX IEEE 802.3u specification for 100 Mbps Fast Ethernet over two pairs of Category 5 UTP cable. 1000BASE-T IEEE 802.3ab specification for Gigabit Ethernet over two pairs of Category 5, 5e 100-ohm UTP cable. 1000BASE-X IEEE 802.3 shorthand term for any 1000 Mbps Gigabit Ethernet based on 8B/10B signaling.
Glossary Ethernet A network communication system developed and standardized by DEC, Intel, and Xerox, using baseband transmission, CSMA/CD access, logical bus topology, and coaxial cable. The successor IEEE 802.3 standard provides for integration into the OSI model and extends the physical layer and media with repeaters and implementations that operate on fiber, thin coax and twisted-pair cable. Fast Ethernet A 100 Mbps network communication system based on Ethernet and the CSMA/CD access method.
Glossary IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value. IEEE 802.
Glossary routers is made the “querier” and assumes responsibility for keeping track of group membership. In-Band Management Management of the network from a station attached directly to the network. IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts. Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses.
Glossary Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target port to be studied unobstructively. Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links. Remote Monitoring (RMON) RMON provides comprehensive network monitoring capabilities.
Glossary XModem A protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected.
Index Numerics E 802.1x commands 3-129 configure 2-95 default 3-137 802.
Index log in CLI interface 3-1 log-in Web interface 2-1 logon authentication RADIUS client 3-130 RADIUS server 2-12, 3-130 TACACS server 2-12 TACACS+ client 3-134 TACACS+ server 3-134 M main menu 2-3 Management Information Bases (MIBs) C-5 managing STA interface settings 2-38, 2-41 mirror port, configuring 2-27 multicast configuring 2-80 router 3-109 P passwords administrator setting 2-11, 3-21 path cost 2-39 method 3-75 STA 3-75 path cost, method 2-36 port authentication 3-136 port priority configuring 2
Index V VLANs configuring 2-44 egress mode 2-55 W Web interface access requirements 2-1 configuration buttons 2-2 home page 2-2 menu list 2-3 panel display 2-3 X XModem downloads A-1, B-1 Index-3
Index Index-4
