TigerSwitch 10/100 24-Port Layer 3 Switch ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ 24 10BASE-T/100BASE-TX auto-MDI/MDI-X ports Optional 1000BASE-T or 1000BASE-X GBIC modules 8.
TigerSwitch 10/100 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 October 2003 Pub.
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright © 2003 by SMC Networks, Inc. 38 Tesla Irvine, CA 92618 All rights reserved.
LIMITED WARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term.
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
CONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Description of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading System Software from a Server . . . . . . . . . . Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . Downloading Configuration Settings from a Server . . . . . Setting the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70 Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71 Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77 Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79 Dynamically Configuring a Trunk . . . . . . . . . . . . . . . . . . . . . . . 3-80 Statically Configuring a Trunk . . . . . . .
CONTENTS Mapping IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Copying IP Settings to Another Interface . . . . . . . . . . . . . . . . Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IGMP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Layer 2 IGMP (Snooping and Query) . . . . . . . . . . . . . . . . . . . Configuring IGMP Snooping Parameters . . . . . . . . . . . .
CONTENTS Specifying Network Interfaces for RIP . . . . . . . . . . . . . . 3-178 Configuring Network Interfaces for RIP . . . . . . . . . . . . . 3-179 Displaying RIP Information and Statistics . . . . . . . . . . . 3-183 Configuring the Open Shortest Path First Protocol . . . . . . . . 3-186 Configuring General Protocol Settings . . . . . . . . . . . . . . 3-188 Configuring OSPF Areas . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Negating the Effect of Commands . . . . . . . . . . . . . . . . . .
CONTENTS username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35 ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35 ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 Event Logging Commands . . . . . . . . . . . . . . .
CONTENTS radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802.1x Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 DHCP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 ip dhcp client-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 ip dhcp restart client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 DHCP Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99 ip dhcp restart relay . . . . . . .
CONTENTS show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . rate-limit . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-166 switchport acceptable-frame-types . . . . . . . . . . . . . . . . . 4-167 switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . 4-168 switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-169 switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . 4-170 switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . . . . show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . show mac-address-table multicast . . . . . . . . . . . . . . . . . . IGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . ip igmp snooping querier . . . . . . . . . . . . . . . . .
CONTENTS ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-227 clear ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-228 show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-228 show ip traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-229 Routing Information Protocol (RIP) . . . . . . . . . . . . . . . . . . . . 4-231 router rip . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS ip ospf priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip ospf retransmit-interval . . . . . . . . . . . . . . . . . . . . . . . . ip ospf transmit-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip ospf border-routers . . . . . . . . . . . . . . . . . . . . . . . show ip ospf database . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip ospf interface . . .
CONTENTS ip pim trigger-hello-interval . . . . . . . . . . . . . . . . . . . . . . . ip pim join-prune-holdtime . . . . . . . . . . . . . . . . . . . . . . . ip pim graft-retry-interval . . . . . . . . . . . . . . . . . . . . . . . . . ip pim max-graft-retries . . . . . . . . . . . . . . . . . . . . . . . . . . show router pim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip pim interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip pim neighbor . . . . . . . . . .
CONTENTS xxii
CHAPTER 1 INTRODUCTION This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
INTRODUCTION Feature Description Broadcast Storm Control Supported Address Table Up to 8K MAC addresses in the forwarding table, 100 static MAC addresses per port; Up to 2K IP address entries, 128 static IP addresses in the ARP cache, 256 static IP routes IEEE 802.
DESCRIPTION OF SOFTWARE FEATURES minimum delay for moving real-time multimedia data across the network. While multicast filtering and routing provide support for real-time network applications. Some of the management features are briefly described below. Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings.
INTRODUCTION network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard. Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network.
DESCRIPTION OF SOFTWARE FEATURES IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 8K addresses. Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port.
INTRODUCTION Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned.
DESCRIPTION OF SOFTWARE FEATURES IP Routing – The switch provides Layer 3 IP routing. To maintain a high rate of throughput, the switch forwards all traffic passing within the same segment, and routes only traffic that passes between different subnetworks. The wire-speed routing provided by this switch lets you easily link network segments or VLANs together without having to deal with the bottlenecks or configuration hassles normally associated with conventional routers.
INTRODUCTION Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query at Layer 2 and IGMP at Layer 3 to manage multicast group registration.
SYSTEM DEFAULTS Function Parameter Default Authentication Privileged Exec Level Username “admin” Password “admin” Normal Exec Level Username “guest” Password “guest” Enable Privileged Exec from Normal Exec Level Password “super” RADIUS Authentication Disabled 802.
INTRODUCTION Function Parameter Default Port Capability 1000BASE-SX/LX/LH – 1000 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP (all ports) Disabled Broadcast Storm Status Protection Broadcast Limit Rate Spanning Tree Protocol 500 packets per second Status Enabled (Defaults: All values based on IEEE 802.
SYSTEM DEFAULTS Function IP Settings Unicast Routing Multicast Filtering Parameter Default IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled Management. VLAN Any VLAN configured with an IP address IP Address 0.0.0.0 Subnet Mask 255.0.0.0 Default Gateway 0.0.0.
INTRODUCTION 1-12
CHAPTER 2 INITIAL CONFIGURATION Connecting to the Switch Configuration Options The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI). Note: The IP address for this switch is unassigned by default. To change this address, see “Setting an IP Address” on page 2-6.
INITIAL CONFIGURATION The switch’s Web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions: • • • • • • • • • • • • • • • • • • Set user names and passwords for up to 16 users Set an IP interface for a management VLAN Configure SNMP parameters Enable/disable any port Set the speed/duplex mode for any port Configure the bandwidth of any port by limiting input or output rates Configure up to 255 IEEE 802.
CONNECTING TO THE SWITCH To connect a terminal to the console port, complete the following steps: 1. Connect the console cable to the serial port on a terminal, or a PC running terminal emulation software, and tighten the captive retaining screws on the DB-9 connector. 2. Connect the other end of the cable to the RS-232 serial port on the switch. 3. Make sure the terminal emulation software is set as follows: • • • • • • Select the appropriate serial port (COM port 1 or COM port 2).
INITIAL CONFIGURATION Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. The IP address for this switch is unassigned by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 2-6. Notes: 1. This switch supports four concurrent Telnet sessions. 2.
BASIC CONFIGURATION Basic Configuration Console Connection The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully configure switch parameters, you must access the CLI at the Privileged Exec level.
INITIAL CONFIGURATION Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names using the “username” command, record them and put them in a safe place. Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows: 1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level. 2.
BASIC CONFIGURATION Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment (if routing is not enabled on this switch). Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program. Note: The IP address for this switch is unassigned by default.
INITIAL CONFIGURATION Dynamic Configuration If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart client” command to start broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information. (BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.
BASIC CONFIGURATION 6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press . Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#ip dhcp restart client Console#show ip interface Vlan 1 is up, addressing mode is DHCP Interface address is 10.1.0.54, mask is 255.255.255.
INITIAL CONFIGURATION The default strings are: • public - with read-only access. Authorized management stations are only able to retrieve MIB objects. • private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects. Note: If you do not intend to utilize SNMP, we recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access to the switch is disabled.
BASIC CONFIGURATION Trap Receivers You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, complete the following steps: 1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host. Press . 2.
INITIAL CONFIGURATION Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file. The three types of files are: • Configuration — This file stores system configuration information and is created when configuration settings are saved.
MANAGING SYSTEM FILES Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.
INITIAL CONFIGURATION 2-14
CHAPTER 3 CONFIGURING THE SWITCH Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Note: You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet.
CONFIGURING THE SWITCH Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated. 2. If you log into the Web interface as guest (Normal Exec level), you can view the configuration settings or change the guest password. If you log in as “admin” (Privileged Exec level), you can change the settings on any page. 3.
NAVIGATING THE WEB BROWSER INTERFACE Navigating the Web Browser Interface To access the Web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.” Home Page When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below.
CONFIGURING THE SWITCH Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the “Apply” or “Apply Changes” button to confirm the new setting. The following table summarizes the Web page configuration buttons. Button Action Revert Cancels specified values and restores current values prior to pressing “Apply” or “Apply Changes.” Refresh Immediately updates values for the current page.
NAVIGATING THE WEB BROWSER INTERFACE Main Menu Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.
CONFIGURING THE SWITCH Menu Description Spanning Tree Page 3-87 STA Information Displays STA values used for the bridge 3-89 STA Configuration Configures global bridge settings for STA 3-92 STA Port Information Configures individual port settings for STA 3-95 STA Trunk Information Configures individual trunk settings for STA 3-95 STA Port Configuration Configures individual port settings for STA 3-99 STA Trunk Configuration Configures individual trunk settings for STA 3-99 VLAN VLAN Bas
NAVIGATING THE WEB BROWSER INTERFACE Menu Description Page Traffic Classes Maps IEEE 802.1p priority tags to output queues 3-122 Queue Scheduling Configures Weighted Round Robin queueing 3-124 IP Precedence/ DSCP Priority Status Globally selects IP Precedence or DSCP Priority, 3-126 or disables both.
CONFIGURING THE SWITCH Menu Description Statistics Lists Ethernet and RMON port statistics Rate Limit 3-71 3-77 Input Rate Limit Port Sets the input rate limit for each port Configuration 3-77 Input Rate Limit Trunk Configuration Sets the input rate limit for each trunk 3-77 Output Rate Limit Port Configuration Sets the output rate limit for each port 3-77 Output Rate Limit Trunk Configuration Sets the output rate limit for each trunk 3-77 Port authentication 3-32 dot1X Information Displ
NAVIGATING THE WEB BROWSER INTERFACE Menu Description Page Dynamic Addresses Shows dynamically learned entries in the IP routing table 3-161 Other Addresses Shows internal addresses used by the switch 3-163 Statistics Shows statistics on ARP requests sent and received 3-164 IGMP Interface Settings 3-144 Configures Layer 3 IGMP for specific VLAN interfaces 3-145 Group Membership Displays the current multicast groups learned via 3-148 IGMP Statistics 3-165 IP Shows statistics for IP traffic,
CONFIGURING THE SWITCH Menu Description Routing Protocol 3-152 RIP General Settings 3-175 Enables or disables RIP, sets the global RIP version and timer values 3-176 Network Addresses Configures the network interfaces that will use RIP 3-178 Interface Settings Configure RIP parameters for each interface, including send and receive versions, message loopback prevention, and authentication 3-179 Statistics Displays general information on update time, 3-183 route changes and number of queries, as
NAVIGATING THE WEB BROWSER INTERFACE Menu NSSA Settings Description Page Configures settings for importing routes into or 3-212 exporting routes out of not-so-stubby areas Link State Database Shows information about different OSPF Link Information State Advertisements (LSAs) stored in this router’s database 3-213 Border Router Information Displays routing table entries for area border routers and autonomous system boundary routers 3-216 Neighbor Information Display information about neighboring ro
CONFIGURING THE SWITCH Menu General Description Enables DHCP server; configures excluded address range Page 3-56 Pool Configuration Configures address pools for network groups or a specific host 3-57 IP Binding Displays addresses currently bound to DHCP clients 3-62 ACL Configuration Configures packet filtering based on IP or MAC addresses 3-41 ACL Port Binding Binds a port to the specified ACL 3-49 ACL 3-41 Basic Configuration Displaying System Information You can easily identify the system
BASIC CONFIGURATION Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows access to the Command Line Interface via Telnet.) CLI – Specify the hostname, location and contact information.
CONFIGURING THE SWITCH Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • • • • • Serial Number – The serial number of the switch. Service Tag* – Not implemented. Number of Ports – Number of built-in RJ-45 ports and expansion ports. Hardware Version – Hardware version of the main board.
BASIC CONFIGURATION Web – Click System, Switch Information. CLI – Use the following command to display version information. Console#show version Unit1 Serial number Service tag Hardware version Number of ports Main power status Redundant power status Agent(master) Unit id Loader version Boot rom version Operation code version Console# 4-52 :1111111111 : :R0A :26 :up :not present :1 :0.0.6.5 :0.0.5.2 :0.0.2.
CONFIGURING THE SWITCH Displaying Bridge Extension Capabilities The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables, or to configure the global setting for GARP VLAN Registration Protocol (GVRP).
BASIC CONFIGURATION Web – Click System, Bridge Extension. CLI – Enter the following command.
CONFIGURING THE SWITCH You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program. Command Usage • This section describes how to configure a single local interface for initial access to the switch.
BASIC CONFIGURATION • Subnet Mask – This mask identifies the host address bits used for routing to specific subnets. (Default: 255.0.0.0) • Default Gateway – IP address of the gateway router between this device and management stations that exist on other network segments. (Default: 0.0.0.0) Manual Configuration Web – Click IP, General, Routing Interface.
CONFIGURING THE SWITCH CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)# 4-119 4-216 4-218 Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services. Web – Click IP, General, Routing Interface.
BASIC CONFIGURATION CLI – Specify the management interface, and set the IP Address Mode to DHCP or BOOTP, and then enter the “ip dhcp restart client” command. Console#config Console(config)#interface vlan 1 4-119 Console(config-if)#ip address dhcp 4-216 Console(config-if)#end Console#ip dhcp restart client 4-98 Console#show ip interface 4-219 Vlan 1 is up, addressing mode is Dhcp Interface address is 10.1.0.253, mask is 255.255.255.
CONFIGURING THE SWITCH Managing Firmware You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version. Command Attributes • TFTP Server IP Address – The IP address of a TFTP server.
BASIC CONFIGURATION If you download to a new destination file, then select the file from the drop-down box for the operation code used at startup, and click Apply Changes. To start the new firmware, reboot the system via the System/ Reset menu. CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file TFTP server ip address: 10.1.0.
CONFIGURING THE SWITCH 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) Note: The maximum number of user-defined configuration files is limited only by available flash memory space. Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it.
BASIC CONFIGURATION CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config TFTP server ip address: 192.168.1.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming. -Write to FLASH finish. Success.
CONFIGURING THE SWITCH Configuring SNTP You can configure the switch to send time synchronization requests to specific time servers (i.e., client mode), update its clock based on broadcasts from time servers, or use both methods. When both methods are enabled, the switch will update its clock using information broadcast from time servers, but will query the specified server(s) if a broadcast is not received within the polling interval. Command Attributes • Current Time – Displays the current time.
BASIC CONFIGURATION CLI – This example configures the switch to operate as an SNTP broadcast client. Console(config)#sntp Console(config)#sntp Console(config)#sntp 128.250.36.2 Console(config)#sntp Console(config)# client poll 16 server 10.1.0.19 137.82.140.80 broadcast client 4-42 4-44 4-43 4-45 Setting the Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude.
CONFIGURING THE SWITCH Resetting the System Web – Click System, Reset. Click the Reset button to restart the switch. CLI – Use the reload command to restart the switch. Console#reload System will be restarted, continue ? 4-28 Note: When restarting the system, it will always run the Power-On Self-Test. User Authentication Use the Passwords or Radius menu to restrict management access based on specified user names and passwords.
USER AUTHENTICATION The default guest name is “guest” with the password “guest.” The default administrator name is “admin” with the password “admin.” Note that user names can only be assigned via the CLI. Command Attributes • User Name* – The name of the user. (Maximum length: 8 characters; maximum number of users: 5) • Access Level* – Specifies the user level. (Options: Normal and Privileged) • Password – Specifies the user password. (Range: 0-8 characters plain text, case sensitive) * CLI only.
CONFIGURING THE SWITCH Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch, or you can use a remote access authentication server based on the RADIUS protocol. Remote Authentication Dial-in User Service (RADIUS) is a logon console Web Telnet authentication protocol that uses software 1. Client attempts management access. running on a central 2.
USER AUTHENTICATION (1) RADIUS and (2) Local, the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then the local user name and password is checked. Command Attributes • Authentication – Select the authentication, or authentication sequence required: - Local – User authentication is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server only.
CONFIGURING THE SWITCH Web – Click System, Radius. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to two methods), fill in the parameters for RADIUS authentication if selected, and click Apply. CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius Console(config)#radius-server host 192.168.1.
USER AUTHENTICATION ports in a network can be centrally controlled from a server, which means that authorized users can use the same credentials for authentication from any point within the network. This switch uses the Extensible Authentication 802.1x Protocol over LANs client (EAPOL) to exchange authentication 1. Client attempts to access a switch port. 2. Switch sends client an identity request. protocol messages 3. Client sends back identity information. RADIUS 4.
CONFIGURING THE SWITCH • Each switch port that will be used must be set to dot1x “Auto” mode. • Each client that needs to be authenticated must have dot1x client software installed and properly configured. • The RADIUS server and 802.1x client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) • The RADIUS server and client also have to support the same EAP authentication type – MD5, TLS, TTLS, PEAP, etc.
USER AUTHENTICATION • Server timeout – The time the switch waits for a response from the authentication server (RADIUS) to an authentication request. • Re-authentication Max Count – The number of times the switch will attempt to re-authenticate a connected client before the port becomes unauthorized. Web – Click dot1x, dot1x Information. CLI – This example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the CLI, See “show dot1x” on page 72.
CONFIGURING THE SWITCH 802.1X Port Details 802.1X is disabled on port 1 . . . 802.1X is enabled on port 26 Max request 2 Quiet period 350 Reauth period 300 Tx period 300 Status Unauthorized Port-control Auto Supplicant 00-00-00-00-00-00 Authenticator State Machine State Connecting Reauth Count 3 Backend State Machine State Idle Request Count 0 Identifier(Server) 0 Reauthentication State Machine State Initialize Console# Configuring 802.
USER AUTHENTICATION • Timeout for Quiet Period – Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds) • Timeout for Re-authentication Period – Sets the time period after which a connected client must be re-authenticated.
CONFIGURING THE SWITCH Configuring Port Authorization Mode When dot1x is enabled, you need to specify the dot1x authentication mode configured for each port. Command Attributes • Status – Indicates if authentication is enabled or disabled on the port. • Mode – Sets the authentication mode to one of the following options: - Auto – Requires a dot1x-aware client to be authorized by the authentication server. Clients that are not dot1x-aware will be denied access.
USER AUTHENTICATION CLI – This example sets the authentication mode to enable dot1x on port 2. Console(config)#interface ethernet 1/2 Console(config-if)#dot1x port-control auto Console(config-if)# 4-119 4-68 Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Statistical Values Parameter Description Rx EXPOL Start The number of EAPOL Start frames that have been received by this Authenticator.
CONFIGURING THE SWITCH Parameter Description Tx EAP Req/Id The number of EAP Req/Id frames that have been transmitted by this Authenticator. Tx EAP Req/Oth The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. Web – Select dot1X, dot1X Statistics. Select the required port and then click Query. Click Refresh to update the statistics. CLI – This example displays the dot1x statistics for port 4.
ACCESS CONTROL LISTS Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, TCP/UDP port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, and then bind the list to a specific port.
CONFIGURING THE SWITCH The order in which active ACLs are checked is as follows: 1. 2. 3. 4. 5. User-defined rules in the MAC ACL. User-defined rules in the IP ACL. Explicit default rule (permit any any) in the IP ACL. Explicit default rule (permit any any) in the MAC ACL. If no explicit rule is matched, the implicit default is permit all. Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL.
ACCESS CONTROL LISTS Web – Click ACL, ACL Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended, or MAC), and click Add to open the configuration page for the new list. CLI – This example creates a standard IP ACL named bill. Console(config)#access-list ip standard bill Console(config-std-acl)# 4-76 Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain all permit rules or all deny rules.
CONFIGURING THE SWITCH Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Then click Add. CLI – This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask.. Console(config-std-acl)#permit host 10.1.1.21 Console(config-std-acl)#permit 168.92.16.
ACCESS CONTROL LISTS • Src/Dst SubMask – Subnet mask for source or destination address. (See SubMask in the preceding section.) • Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicates a specific protocol number (0-255). (Options: TCP, UDP, Others; Default: TCP) • Src/Dst Port – TCP or UDP source/destination port number. (Range: 0-65535) • Control Code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header.
CONFIGURING THE SWITCH Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Set any other required criteria, such as service type, protocol type, or TCP control code. Then click Add. CLI – This example adds three rules: 1. Accept any incoming packets if the source address is in subnet 10.7.1.x.
ACCESS CONTROL LISTS 3. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any 4-79 Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any dport 80 Console(config-ext-acl)#permit 192.168.1.0 255.255.255.
CONFIGURING THE SWITCH Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Enter a specific address (e.g., 11-22-33-44-55-66). Or enter a base address and a hexadecimal bitmask for an address range. Set any other required criteria, such as Ethernet type, or packet format. Then click Add. CLI – This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where the Ethernet type is 0800.
ACCESS CONTROL LISTS Binding a Port to an Access Control List After configuring Access Control Lists (ACL), you can bind the ports that need to filter traffic to the appropriate ACLs. You can only assign one IP access list and/or one MAC access list to any port. Command Attributes • Port – Fixed port or module. (Range: 1-26) • IP – Specifies the IP ACL to bind to a port. • MAC – Specifies the MAC ACL to bind to a port. Web – Click ACL, ACL Port Binding.
CONFIGURING THE SWITCH Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
SIMPLE NETWORK MANAGEMENT PROTOCOL • Access Mode - Read-Only – Specifies read-only access. Authorized management stations are only able to retrieve MIB objects. - Read/Write – Specifies read-write access. Authorized management stations are able to both retrieve and modify MIB objects. Web – Click SNMP, SNMP Configuration. Add new community strings as required, select the access rights from the Access Mode drop-down list, then click Add.
CONFIGURING THE SWITCH Command Usage • You can enable or disable authentication messages via the Web interface. • You can enable or disable authentication messages or link-up-down messages via the CLI. Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Trap Manager IP Address – Internet address of the host (the targeted recipient). • Trap Manager Community String – Community string sent with the notification operation.
DYNAMIC HOST CONFIGURATION PROTOCOL Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients when they boot up. If a subnet does not already include a BOOTP or DHCP server, you can relay DHCP client requests to a DHCP server on another subnet, or configure the DHCP server on this switch to support that subnet.
CONFIGURING THE SWITCH Command Usage You must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP relay agent will not forward client requests to a DHCP server. Command Attributes • VLAN ID – ID of configured VLAN. • VLAN Name – Name of the VLAN. • Server IP Address – Addresses of DHCP servers to be used by the switch’s DHCP relay agent in order of preference. Web – Click DHCP, Relay Configuration.
DYNAMIC HOST CONFIGURATION PROTOCOL Configuring the DHCP Server This switch includes a Dynamic Host Configuration Protocol (DHCP) server that can assign temporary IP addresses to any attached host requesting service. It can also provide other network settings such as the domain name, default gateway, Domain Name Servers (DNS), Windows Internet Naming Service (WINS) name servers, or information on the bootup file for the host device to download.
CONFIGURING THE SWITCH Enabling the Server, Setting Excluded Addresses Enable the DHCP Server and specify the IP addresses that it should not be assigned to clients. Command Attributes • DHCP Server – Enables or disables the DHCP server on this switch. (Default: Disabled) • Excluded Addresses – Specifies IP addresses that the DHCP server should not assign to DHCP clients. You can specify a single address or an address range.
DYNAMIC HOST CONFIGURATION PROTOCOL Configuring Address Pools You must configure IP address pools for each IP interface that will provide addresses to attached clients via the DHCP server. Command Usage • First configure address pools for the network interfaces. Then you can manually bind an address to a specific client if required. However, note that any static host address must fall within the range of an existing network address pool.
CONFIGURING THE SWITCH Command Attributes Creating a New Address Pool • Pool Name – A string or integer. (Range: 1-8 characters) Setting the Network Parameters • IP – The IP address of the DHCP address pool. • Subnet Mask – The bit combination that identifies the network (or subnet) and the host portion of the DHCP address pool. Setting the Host Parameters • IP – The IP address of the DHCP address pool. • Subnet Mask – Specifies the network mask of the client.
DYNAMIC HOST CONFIGURATION PROTOCOL • Bootfile – The default boot image for a DHCP client. This file should placed on the Trivial File Transfer Protocol (TFTP) server specified as the Next Server. • Next Server – The IP address of the next server in the boot process, which is typically a Trivial File Transfer Protocol (TFTP) server. • Lease Time – The duration that an IP address is assigned to a DHCP client.
CONFIGURING THE SWITCH Configuring a Network Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Network.” Enter the IP address and subnet mask for the network pool. Configure the optional parameters such as default router and DNS server. Then click Apply. CLI – This example configures a network address pool. Console(config)#ip dhcp pool tps Console(config-dhcp)#network 10.1.0.0 255.255.255.
DYNAMIC HOST CONFIGURATION PROTOCOL Configuring a Host Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Host.” Enter the IP address, subnet mask, and hardware address for the client device. Configure the optional parameters such as gateway server and DNS server. Then click Apply.
CONFIGURING THE SWITCH CLI – This example configures a host address pool. Console(config)#ip dhcp pool mgr Console(config-dhcp)#host 10.1.0.19 255.255.255.0 Console(config-dhcp)#hardware-address 00-e0-29-94-34-28 ethernet Console(config-dhcp)#client-identifier text bear Console(config-dhcp)#default-router 10.1.0.253 Console(config-dhcp)#dns-server 10.2.3.4 Console(config-dhcp)#netbios-name-server 10.1.0.33 Console(config-dhcp)#netbios-node-type hybrid Console(config-dhcp)#domain-name example.
PORT CONFIGURATION Web – Click DHCP, Server, IP Binding. You may use the Delete button to clear an address from the DHCP server’s database. CLI – This example displays the current binding, and then clears all automatic binding. Console#show ip dhcp binding 4-117 IP MAC Lease Time Start --------------- ----------------- ------------ ----------10.1.0.
CONFIGURING THE SWITCH • Speed/Duplex Status – Shows the current speed and duplex mode. (Auto, or fixed choice) • Flow Control Status – Indicates type of flow control currently in use. (IEEE 802.3x, Back-Pressure or None) • Autonegotiation – Shows if auto-negotiation is enabled or disabled. • Trunk Member1 – Shows if port is a trunk member. • Creation2 – Shows if a trunk is manually configured or dynamically set via LACP. 1: Port Information only.
PORT CONFIGURATION • Speed-duplex – Shows the current speed and duplex mode. (Auto, or fixed choice) • Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiation. (To access this item on the Web, see “Configuring Interface Connections” on page 3-48.) The following capabilities are supported.
CONFIGURING THE SWITCH CLI – This example shows the connection status for Port 13.
PORT CONFIGURATION Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. Command Attributes • Name – Allows you to label an interface. (Range: 1-64 characters) • Admin – Allows you to manually disable an interface. You can disable an interface due to abnormal behavior (e.g.
CONFIGURING THE SWITCH port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub.) (Default: Autonegotiation enabled; Advertised capabilities for 100BASE-TX – 10half, 10full, 100half, 100full; 1000BASE-T – 10half, 10full, 100half, 100full, 1000full; 1000BASE-SX/LX/LH – 1000full) • Trunk – Indicates if a port is a member of a trunk.
PORT CONFIGURATION Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt. You can protect your network from broadcast storms by setting a threshold for broadcast traffic for each port.
CONFIGURING THE SWITCH CLI – Specify any interface, and then enter the threshold. The following sets broadcast suppression at 600 packets per second.
PORT CONFIGURATION • Type – Allows you to select which traffic to mirror to the target port, Rx (receive), Tx (transmit), or Both. • Target Port – The port that will “duplicate” or “mirror” the traffic on the source port. Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add. CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port.
CONFIGURING THE SWITCH passing through each port. All values displayed have been accumulated since the last system reboot, and are shown as counts per second. Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as SMC’s EliteView. Statistical Values Parameter Description Interface Statistics 3-72 Received Octets The total number of octets received on the interface, including framing characters.
PORT CONFIGURATION Parameter Description Transmit Multicast Packets The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a multicast address at this sub-layer, including those that were discarded or not sent. Transmit Broadcast Packets The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent.
CONFIGURING THE SWITCH Parameter Description Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision. Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame. SQE Test Errors A count of times that the SQE TEST ERROR message is generated by the PLS sublayer for a particular interface.
PORT CONFIGURATION Parameter Description CRC/Alignment Errors The number of CRC/alignment errors (FCS or alignment errors). Undersize Frames The total number of frames received that were less than 64 octets long (excluding framing bits, but including FCS octets) and were otherwise well formed. Oversize Frames The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed.
CONFIGURING THE SWITCH Web – Click Statistics, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen.
PORT CONFIGURATION CLI – This example shows statistics for port 13.
CONFIGURING THE SWITCH Command Usage Due to a switch chip limitation, the input rate limit can only be enabled or disabled globally for all interfaces on the switch. However, the output rate limit can be enabled or disabled for individual interfaces. Command Attribute • Rate Limit – Sets the input or output rate limit for an interface.
TRUNK CONFIGURATION CLI - This example sets the rate limit for input and output traffic passing through port 1 to 60 Mbps. Console(config)#interface ethernet 1/1 Console(config-if)#rate-limit input 60 Console(config-if)#rate-limit output 60 Console(config-if)# 4-119 4-136 Trunk Configuration You can create multiple links between devices that work as one virtual, aggregate link.
CONFIGURING THE SWITCH Command Usage Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port in the trunk fails. However, before making any physical connections between devices, use the Web interface or CLI to specify the trunk on the devices at both ends.
TRUNK CONFIGURATION • A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. • All ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation. Web – Click Trunk, LACP Configuration.
CONFIGURING THE SWITCH CLI – The following example enables LACP for ports 17 and 18. Just connect these ports to two LACP-enabled trunk ports on another switch to form a trunk.
TRUNK CONFIGURATION Web – Click Trunk, Trunk Configuration. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply. CLI – This example creates trunk 2 with ports 11 and 12. Just connect these ports to two static trunk ports on another switch to form a trunk.
CONFIGURING THE SWITCH Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port. Setting Static Addresses A static address can be assigned to a specific interface on this switch.
ADDRESS TABLE SETTINGS Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.
CONFIGURING THE SWITCH • Address Table Sort Key – You can sort the information displayed based on interface (port or trunk) or MAC address. Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query. CLI – This example also displays the address table entries for port 1.
SPANNING TREE ALGORITHM CONFIGURATION Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes • Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 seconds; Default: 300 seconds) Web – Click Address Table, Address Aging. Specify the new aging time, click Apply. CLI – This example sets the aging time to 400 seconds.
CONFIGURING THE SWITCH STA uses a distributed algorithm to select a bridging device (STA-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device. It selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device.
SPANNING TREE ALGORITHM CONFIGURATION Displaying Global Settings You can display a summary of the current bridge STA information that applies to the entire switch using the STA Information screen. Field Attributes • Spanning Tree State – Shows if the switch is enabled to participate in an STA-compliant network. • Bridge ID – A unique identifier for this bridge, consisting of the bridge priority and MAC address (where the address is taken from the switch system).
CONFIGURING THE SWITCH - Root Path Cost – The path cost from the root port on this switch to the root device. • Configuration Changes – The number of times the Spanning Tree has been reconfigured. • Last Topology Change – Time since the Spanning Tree was last reconfigured. These additional parameters are only displayed for the CLI: • Spanning tree mode – Specifies the type of spanning tree used on this switch: - STP: Spanning Tree Protocol (IEEE 802.1D) - RSTP: Rapid Spanning Tree (IEEE 802.
SPANNING TREE ALGORITHM CONFIGURATION • Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. Web – Click Spanning Tree, STA Information. CLI – This command displays global STA settings, followed by settings for each port.
CONFIGURING THE SWITCH Configuring Global Settings Global settings apply to the entire switch. Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. • Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU (i.e.
SPANNING TREE ALGORITHM CONFIGURATION device with the lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.) Default: 32768 Range: 0-61440, in steps of 4096 Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 Root Device Configuration • Hello Time – Interval (in seconds) at which the root device transmits a configuration message. Default: 2 Minimum: 1 Maximum: The lower of 10 or [(Max.
CONFIGURING THE SWITCH Advanced Configuration Settings for RSTP • Path Cost Method – The path cost is used to determine the best path between devices. The path cost method is used to determine the range of values that can be assigned to each interface. Long: Specifies 32-bit based values that range from 1-200,000,000. Short: Specifies 16-bit based values that range from 1-65535. (This is the default.
SPANNING TREE ALGORITHM CONFIGURATION CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes.
CONFIGURING THE SWITCH • Designated Cost – The cost for a packet to travel from this port to the root in the current Spanning Tree configuration. The slower the media, the higher the cost. • Designated Bridge – The bridge priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree. • Designated Port – The port priority and number of the port through which this switch, acting as a designated bridge, communicates with the attached LAN or host device.
SPANNING TREE ALGORITHM CONFIGURATION R A x Backup port receives more useful BPDUs from the same bridge and is therefore not selected as the designated port. R D B • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only) These additional parameters are only displayed for the CLI: • Admin status – Shows if STA has been enabled on this interface. • Path Cost – This parameter is used by the STA to determine the best path between devices.
CONFIGURING THE SWITCH directly through to the spanning tree forwarding state. Specifying Edge Ports provides quicker convergence for devices such as workstations or servers, retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events, does not cause the spanning tree to reconfigure when the interface changes state, and also overcomes other STA-related timeout problems.
SPANNING TREE ALGORITHM CONFIGURATION CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 Eth 1/ 1 information -----------------------------------------Admin status : enable Role : designate State : forwarding Path cost : 100000 Priority : 128 Designated cost : 0 Designated port : 128.1 Designated root : 32768.0000ABCD0000 Designated bridge : 32768.
CONFIGURING THE SWITCH - Forwarding - Port forwards packets, and continues learning addresses. • Trunk – Indicates if a port is a member of a trunk. (STA Port Configuration only) The following interface attributes can be configured: • Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
SPANNING TREE ALGORITHM CONFIGURATION • Admin Link Type – The link type attached to this interface. - Point-to-Point – A connection to exactly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media. (This is the default setting.
CONFIGURING THE SWITCH Web – Click Spanning Tree, STA Port Configuration or STA Trunk Configuration. Modify the required attributes, then click Apply. CLI – This example sets STA attributes for port 7.
VLAN CONFIGURATION An IEEE 802.1Q VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections. VLANs can be easily organized to reflect departmental groups (such as Marketing or R&D), usage groups (such as e-mail), or multicast groups (used for multimedia applications such as videoconferencing).
CONFIGURING THE SWITCH switch to participate in one or more VLANs, but none of the intermediate network devices nor the host at the other end of the connection supports VLANs, then you should add this port to the VLAN as an untagged port. Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging.
VLAN CONFIGURATION used to manually isolate user groups or subnets. However, you should use IEEE 802.3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration. Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned. If an end station (or its network adapter) supports the IEEE 802.
CONFIGURING THE SWITCH still enable GVRP on these edge switches, as well as on the core switches in the network. Port-based VLAN 2 1 9 10 11 3 4 5 13 12 6 15 16 14 7 8 18 19 Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN. However, to participate in a VLAN group that crosses several switches, you should create a VLAN for that group and enable tagging on all ports.
VLAN CONFIGURATION Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network. GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch.
CONFIGURING THE SWITCH • Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch. * Web Only Web – Click VLAN, VLAN Base Information. CLI – Enter the following command.
VLAN CONFIGURATION • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP. - Permanent: Added as a static entry. • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members. Web – Click VLAN, VLAN Current Table. Select any ID from the scroll-down list. Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch.
CONFIGURING THE SWITCH CLI – Current VLAN information can be displayed with the following command.
VLAN CONFIGURATION • Remove – Removes a VLAN group from the current list. If any port is assigned to this group as untagged, it will be reassigned to VLAN group 1 as untagged. Web – Click VLAN, VLAN Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add. CLI – This example creates a new VLAN.
CONFIGURING THE SWITCH 2. VLAN 1 is the default untagged VLAN containing all ports on the switch, and can only be modified by first reassigning the default port VLAN ID as described under “Configuring VLAN Behavior for Interfaces” on page 3-114. Command Attributes • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable: VLAN is operational. - Disable: VLAN is suspended; i.e.
VLAN CONFIGURATION Web – Click VLAN, VLAN Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks. Click Apply. CLI – The following example adds tagged and untagged ports to VLAN 2.
CONFIGURING THE SWITCH Web – Open VLAN, VLAN Static Membership. Select an interface from the scroll-down box (Port or Trunk). Click Query to display membership information for the interface. Select a VLAN ID, and then click Add to add the interface as a tagged member, or click Remove to remove the interface. After configuring VLAN membership for each interface, click Apply. CLI – This example adds Port 3 to VLAN 1 as a tagged port, and removes Port 3 from VLAN 2.
VLAN CONFIGURATION media access method or data rate. These values should not be changed unless you are experiencing difficulties with GVRP registration/ deregistration. Command Attributes • PVID – VLAN ID assigned to untagged frames received on the interface. (Default: 1) - If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN, the interface will automatically be added to VLAN 1 as an untagged member.
CONFIGURING THE SWITCH • GARP Join Timer* – The interval between transmitting requests/ queries to participate in a VLAN group. (Range: 20-1000 centiseconds; Default: 20) • GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the join time. This ensures that after a Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group.
VLAN CONFIGURATION Web – Click VLAN, VLAN Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click Apply. CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
CONFIGURING THE SWITCH Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.
VLAN CONFIGURATION Configuring Uplink and Downlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with any other ports on the switch and with any designated downlink ports. Web – Click Private VLAN, Private VLAN Link Status. Mark the ports that will serve as uplinks and downlinks for the private VLAN, then click Apply.
CONFIGURING THE SWITCH Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues. You can set the default priority for each interface, and configure the mapping of frame priority tags to the switch’s priority queues.
CLASS OF SERVICE CONFIGURATION Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. CLI – This example assigns a default priority of 5 to port 3.
CONFIGURING THE SWITCH Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using four priority queues for each port, with service schedules based on Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table.
CLASS OF SERVICE CONFIGURATION Command Attributes • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) • Traffic Class* – Output queue buffer. (Range: 0-3, where 3 is the highest CoS priority queue) * CLI shows Queue ID. Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to output queues. Assign priorities to the traffic classes (i.e., output queues) for the selected interface, then click Apply.
CONFIGURING THE SWITCH CLI – The following example shows how to map CoS values 0, 1 and 2 to priority queue 0, value 3 to priority queue 1, values 4 and 5 to priority queue 2, and values 6 and 7 to priority queue 3.
CLASS OF SERVICE CONFIGURATION Web – Click Priority, Queue Scheduling. Select a traffic class (i.e., output queue), enter a weight, then click Apply. CLI – The following example shows how to assign WRR weights of 16, 64, 128 and 240 to the CoS priority queues 0, 1, 2 and 3.
CONFIGURING THE SWITCH Because different priority information may be contained in the traffic, this switch maps priority values to the output queues in the following manner: • The precedence for priority mapping is IP Port Priority, IP Precedence or DSCP Priority, and then Default Port Priority. • IP Precedence and DSCP Priority cannot both be enabled. Enabling one of these priority types will automatically disable the other.
CLASS OF SERVICE CONFIGURATION Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth). Bits 6 and 7 are used for network control, and the other bits for various application types.
CONFIGURING THE SWITCH Web – Click Priority, IP Precedence Priority. Select a port or trunk from the Interface field. Select an entry from the IP Precedence Priority Table, enter a value in the Class of Service Value field, and then click Apply. * Mapping specific values for IP Precedence is implemented as an interface configuration command, but any changes apply to the all interfaces on the switch.
CLASS OF SERVICE CONFIGURATION Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP default values are defined in the following table.
CONFIGURING THE SWITCH Web – Click Priority, IP DSCP Priority. Select a port or trunk from the Interface field. Select an entry from the DSCP table, enter a value in the Class of Service Value field, then click Apply. * Mapping specific values for IP DSCP is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch.
CLASS OF SERVICE CONFIGURATION Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110. Command Attributes • IP Port Priority Status – Enables or disables the IP port priority. • Interface – Selects the port or trunk interface to which the settings apply.
CONFIGURING THE SWITCH Click Priority, IP Port Priority. Select a port or trunk from the Interface field. Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box, and then click Add IP Port. * Mapping specific values for IP Port Priority is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch.
CLASS OF SERVICE CONFIGURATION Copying IP Settings to Another Interface You can copy IP Precedence, DSCP priority, or IP port priority settings from one interface (port or trunk) to other interfaces on the switch. Command Attributes • Copy IP Precedence Priority Settings – Selects IP Precedence priority settings to be copied to other interfaces. • Copy DSCP Priority Settings – Selects DSCP priority settings to be copied to other interfaces.
CONFIGURING THE SWITCH Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
MULTICAST FILTERING This switch not only supports IP multicast filtering by passively monitoring IGMP query and report messages and multicast routing probe messages to register end-stations as multicast group members, but also supports the DVMRP and PIM-DM multicast routing protocols required to forward multicast traffic to other subnets (page 3-222 and 3-231). IGMP Protocol The Internet Group Management Protocol (IGMP) runs between hosts and their immediately adjacent multicast router/switch.
CONFIGURING THE SWITCH Note that IGMP neither alters nor routes IP multicast packets. A multicast routing protocol must be used to deliver IP multicast packets across different subnetworks. Therefore, when DVMRP or PIM routing is enabled for a subnet on this switch, you also need to enable IGMP.
MULTICAST FILTERING IGMP Query (Layer 2 or 3) – IGMP Query can only be enabled globally at Layer 2, but can be enabled for individual VLAN interfaces at Layer 3 (page 3-144). However, note that Layer 2 query is disabled if Layer 3 query is enabled. Configuring IGMP Snooping Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic.
CONFIGURING THE SWITCH • Act as IGMP Querier — When enabled, the switch can serve as the Querier, which is responsible for asking hosts if they want to receive multicast traffic. (Default: Disabled) • IGMP Query Count — Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group. (Range: 2-10, Default: 2) • IGMP Query Interval — Sets the frequency at which the switch sends IGMP host-query messages.
MULTICAST FILTERING CLI – This example modifies the settings for multicast filtering, and then displays the current status.
CONFIGURING THE SWITCH Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to display the associated multicast routers. CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.
MULTICAST FILTERING Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add. After you have finished adding interfaces to the list, click Apply. CLI – This example configures port 11 as a multicast router port within VLAN 1.
CONFIGURING THE SWITCH Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service. Command Attribute • VLAN ID – Selects the VLAN for which to display port members. • Multicast IP Address – The IP address for a specific multicast service. • Multicast Group Port List – Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service.
MULTICAST FILTERING Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in “Configuring IGMP Snooping Parameters” on page 3-137. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
CONFIGURING THE SWITCH CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.1.1.12 ethernet 1/12 Console(config)#exit Console#show mac-address-table multicast vlan 1 VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------1 224.1.1.12 Eth1/12 USER 1 224.1.2.
MULTICAST FILTERING Configuring IGMP Interface Parameters This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. The hosts may respond with several types of IP multicast messages. Hosts respond to queries with report messages that indicate which groups they want to join or the groups to which they already belong.
CONFIGURING THE SWITCH • Max Query Response Time – Configures the maximum response time advertised in IGMP queries. (Range: 0-25 seconds; Default: 10 seconds) - The switch must be using IGMPv2 for this command to take effect. - This command defines how long any responder (i.e., client or router) still in the group has to respond to a query message before the router deletes the group.
MULTICAST FILTERING • Querier – Device currently serving as the IGMP querier for this multicast service. Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parameters for each interface, then click Apply.
CONFIGURING THE SWITCH CLI – This example configures the IGMP parameters for VLAN 1.
IP ROUTING • V1 Timer – The time remaining until the switch assumes that there are no longer any IGMP Version 1 members on the IP subnet attached to this interface. (Default: 400 seconds) - If the switch receives an IGMP Version 1 Membership Report, it sets a timer to note that there are Version 1 hosts present which are members of the group for which it heard the report.
CONFIGURING THE SWITCH networks. However, when the switch is first booted, no default routing is defined. As with all traditional routers, the routing functions must first be configured to work. Initial Configuration In the default configuration, all ports belong to the same VLAN and the switch provides only Layer 2 functionality.
IP ROUTING IP Switching IP Switching (or packet forwarding) encompasses tasks required to forward packets for both Layer 2 and Layer 3, as well as traditional routing.
CONFIGURING THE SWITCH there, the switch broadcasts an ARP packet to all the ports on the destination VLAN to find out the destination MAC address. After the MAC address is discovered, the packet is reformatted and sent out to the destination. The reformat process includes decreasing the Time-To-Live (TTL) field of the IP header, recalculating the IP header checksum, and replacing the destination MAC address with either the MAC address of the destination node or that of the next hop router.
IP ROUTING • Dynamic routing uses a routing protocol to exchange routing information, calculate routing tables, and respond to changes in the status or loading of the network. The switch supports RIP, RIP-2 and OSPFv2 dynamic routing protocols. RIP and RIP-2 Dynamic Routing Protocols The RIP protocol is the most widely used routing protocol. RIP uses a distance-vector-based approach to routing.
CONFIGURING THE SWITCH Basic IP Interface Configuration To allow routing between different IP subnets, you must enable IP Routing as described in this section. You also need to you define a VLAN for each IP subnet that will be connected directly to this switch. Note that you must first create a VLAN as described under “Creating VLANs” on page 3-110 before configuring the corresponding subnet.
IP ROUTING Web - Click IP, General, Global Settings. Set IP Routing Status to Disabled to restrict operation to Layer 2, or Enabled to allow multilayer switching, specify the default gateway which will be forwarded packets for all unknown subnets, and click Apply. CLI - This example enables IP routing, and sets the default gateway. Console(config)#ip routing Console(config)#ip route default 10.1.0.
CONFIGURING THE SWITCH • Before you configure any network interfaces on this router, you should first create a VLAN for each unique user group, or for each network application and its associated users. Then assign the ports associated with each of these VLANs. Command Attributes • VLAN ID – ID of configured VLAN (1-4094, no leading zeroes). • IP Address Mode – Specifies whether the IP address for this interface is statically assigned, or obtained from a network address server.
IP ROUTING Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnets. First specify a primary address, and click Set IP Configuration. If you need to assign secondary addresses, enter these addresses one at a time, and click Set IP Configuration after entering each address. CLI - This example sets a primary IP address for VLAN 1, and then adds a secondary IP address for a different subnet also attached to this router interface.
CONFIGURING THE SWITCH appropriate field in the frame header, and forwards the frame on to the next hop. IP traffic passes along the path to its final destination in this way, with each routing device mapping the destination IP address to the MAC address of the next hop toward the recipient, until the packet is delivered to the final destination. If there is no entry for an IP address in the ARP cache, the router will broadcast an ARP request packet to all devices on the network.
IP ROUTING request by sending its own MAC address to the requesting node. That node then sends traffic to the router, which in turn uses its own routing table to forward the traffic to the remote destination. Proxy ARP no routing, no default gateway ARP request Remote ARP Server Basic ARP Configuration You can use the ARP General configuration menu to specify the timeout for ARP cache entries, or to enable Proxy ARP for specific VLAN interfaces.
CONFIGURING THE SWITCH Web - Click IP, ARP, General. Set the timeout to a suitable value for the ARP cache, enable Proxy ARP for subnetworks that do not have routing or a default gateway, and click Apply. CLI - This example sets the ARP cache timeout for 15 minutes (i.e., 900 seconds), and enables Proxy ARP for VLAN 3.
IP ROUTING • MAC Address – MAC address statically mapped to the corresponding IP address. (Valid MAC addresses are hexadecimal numbers in the format: xx-xx-xx-xx-xx-xx.) • Entry Count – The number of static entries in the ARP cache. Web - Click IP, ARP, Static Addresses. Enter the IP address, the corresponding MAC address, and click Apply. CLI - This example sets a static entry for the ARP cache. Console(config)#arp 10.1.0.
CONFIGURING THE SWITCH • Dynamic to Static* – Changes a selected dynamic entry to a static entry. • Clear All* – Deletes all dynamic entries from the ARP cache. • Entry Count – The number of dynamic entries in the ARP cache. * These buttons take effect immediately. You are not prompted to confirm the action. Web - Click IP, ARP, Dynamic Addresses. You can use the buttons provided to change a dynamic entry to a static entry, or to clear all dynamic entries in the cache.
IP ROUTING Displaying Local ARP Entries The ARP cache also contains entries for local interfaces, including subnet, host, and broadcast addresses. Command Attributes • IP Address – IP address of a local entry in the cache. • MAC Address – MAC address mapped to the corresponding IP address. • Interface – VLAN interface associated with the address entry. • Entry Count – The number of local entries in the ARP cache. Web - Click IP, ARP, Other Addresses.
CONFIGURING THE SWITCH Displaying ARP Statistics You can display statistics for ARP messages crossing all interfaces on this router. Statistical Values Parameter Description Received Request Number of ARP Request packets received by the router. Received Reply Number of ARP Reply packets received by the router. Sent Request Number of ARP Request packets sent by the router. Sent Reply Number of ARP Reply packets sent by the router. Web - Click IP, ARP, Statistics.
IP ROUTING CLI - This example provides detailed statistics on common IP-related protocols.
CONFIGURING THE SWITCH Statistical Values Parameter Description Packets Received The total number of input datagrams received from interfaces, including those received in error. Received Address Errors The number of input datagrams discarded because the IP address in the header's destination field was not a valid address for this entity. Received Packets Discarded The number of input datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (e.g.
IP ROUTING Parameter Description Unknown Protocols Received The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. Received Packets Delivered The total number of input datagrams successfully delivered to IP user-protocols (including ICMP). Discarded Output Packets The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded (e.g.
CONFIGURING THE SWITCH ICMP Statistics Internet Control Message Protocol (ICMP) is a network layer protocol that transmits message packets to report errors in processing IP packets. ICMP is therefore an integral part of the Internet Protocol. ICMP messages may be used to report various situations, such as when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route.
IP ROUTING Parameter Description Timestamp Replies The number of ICMP Timestamp Reply messages received/sent. Address Masks The number of ICMP Address Mask Request messages received/sent. Address Mask Replies The number of ICMP Address Mask Reply messages received/sent. Web - Click IP, Statistics, ICMP. CLI - See the example on page 3-164.
CONFIGURING THE SWITCH UDP Statistics User Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying transport mechanism, providing access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets. UDP is useful when TCP would be too complex, too slow, or just unnecessary.
IP ROUTING TCP Statistics The Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, and is used in conjunction with IP to support a wide variety of Internet protocols. Statistical Values Parameter Description Segments Received The total number of segments received, including those received in error. This count includes segments received on currently established connections.
CONFIGURING THE SWITCH Web - Click IP, Statistics, TCP. CLI - See the example on page 3-164. Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF). However, you can also manually enter static routes in the routing table.
IP ROUTING Web - Click IP, Routing, Static Routes. CLI - This example forwards all traffic for subnet 192.168.1.0 to the router 192.168.5.254, using the default metric of 1. Console(config)#ip route 192.168.1.0 255.255.255.0 192.168.5.254 Console(config)# 4-227 Displaying the Routing Table You can display all the routes that can be accessed via the local network interfaces, via static routes, or via a dynamically learned route.
CONFIGURING THE SWITCH • Netmask – Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • Next Hop – The IP address of the next hop (or gateway) in this route. • Protocol – The protocol which generated this route information. (Options: local, static, RIP, OSPF) • Metric – Cost for this interface. • Entry Count – The number of table entries. Web - Click IP, Routing, Routing Table.
IP ROUTING Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost. Each router broadcasts its advertisement every 30 seconds, together with any updates to its routing table.
CONFIGURING THE SWITCH • There are several serious problems with RIP that you should consider. First of all, RIP (version 1) has no knowledge of subnets, both RIP versions can take a long time to converge on a new route after the failure of a link or router during which time routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks.
IP ROUTING Command Attributes Global Settings • RIP Routing Process – Enables RIP routing for all IP interfaces on the router. (Default: Disabled) • Global RIP Version – Specifies a RIP version used globally by the router. (Default: RIP Version 1) Timer Settings • Update – Sets the rate at which updates are sent. This value will also set the timeout timer to 6 times the update time, and the garbage-collection timer to 4 times the update time.
CONFIGURING THE SWITCH CLI - This example sets the router to use RIP Version 2, and sets the basic timer to 15 seconds.
IP ROUTING Web - Click Routing Protocol, RIP, Network Addresses. Add all interfaces that will participate in RIP, and click Apply. CLI - This example includes network interface 10.1.0.0 in the RIP routing process. Console(config)#router-rip Console(config-router)#network 10.1.0.0 Console(config-router)#end Console#show ip rip status 4-231 4-233 4-242 Peer UpdateTime Version RcvBadPackets RcvBadRoutes --------------- ------------ --------- --------------- -------------10.1.0.253 0 0 73 10.1.1.
CONFIGURING THE SWITCH Command Usage Specifying Receive and Send Protocol Types • Setting the RIP Receive Version or Send Version for an interface overrides the global setting specified by the RIP / General Settings, Global RIP Version field. • You can specify the Receive Version based on these options: - Use “RIPv1” or “RIPv2” if all routers in the local network are based on RIPv1 or RIPv2, respectively.
IP ROUTING three methods that can provide faster convergence when the network topology changes and prevent most loops from occurring: • Split Horizon – Never propagate routes back to an interface port from which they have been acquired. • Poison Reverse – Propagate routes back to an interface port from which they have been acquired, but set the distance-vector metrics to infinity. (This provides faster convergence.
CONFIGURING THE SWITCH - RIPv2: Sends only RIPv2 packets. - RIPv1 Compatible: Route information is broadcast to other routers with RIPv2. (Default) - Do Not Send: Does not transmit RIP updates.
IP ROUTING Web - Click Routing Protocol, RIP, Interface Settings. Select the RIP protocol message types that will be received and sent, the method used to provide faster convergence and prevent loopback (i.e., prevent instability in the network topology), and the authentication option and corresponding password. Then click Apply. CLI - This example sets the receive version to accept both RIPv1 or RIPv2 messages, the send mode to RIPv1 compatible (i.e.
CONFIGURING THE SWITCH RIP Information and Statistics Parameter Description Globals RIP Routing Process Indicates if RIP has been enabled or disabled. Update Time in Seconds The interval at which RIP advertises known route information. (Default: 30 seconds) Number of Route Changes Number of times routing information has changed. Number of Queries Number of router database queries received by this router. Interface Information Interface IP address of the interface.
IP ROUTING Web - Click Routing Protocol, RIP, Statistics.
CONFIGURING THE SWITCH CLI - The information displayed by the RIP Statistics screen via the Web interface can be accessed from the CLI using the following commands. Console#show rip globals 4-242 RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4 Number of Queries: 0 Console#show ip rip configuration 4-242 Interface SendMode ReceiveMode Poison Authentication --------------- --------------- ------------- -------------- -----------------10.1.0.
IP ROUTING OSPF routers exist; as well as the not-so-stubby area option (RFC 1587). isolated area stub ABR ABR virtual link backbone ABR ABR normal area ASBR NSSA Autonomous System A ASBR ASBR Router external network Autonomous System B Command Usage • OSPF looks at more than just the simple hop count. When adding the shortest path to any node into the tree, the optimal path is chosen on the basis of delay, throughput and connectivity.
CONFIGURING THE SWITCH • OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of a point-to-multipoint interface which allows OSPF to run over non-broadcast networks, as well as support for overlapping area ranges. • When using OSPF, you must organize your network (i.e.
IP ROUTING • OSPF Router ID – Assigns a unique router ID for this device within the autonomous system. (Default: The lowest interface address) • Version Number 1 – This router only supports OSPF Version 2. • Area Border Router 1 – Indicates if this router connect directly to networks in two or more areas. An area border router runs a separate copy of the Shortest Path First algorithm, maintaining a separate routing database for each area.
CONFIGURING THE SWITCH • SPF Hold Time (seconds) – The hold time between making two consecutive shortest path first (SPF) calculations. (Range: 0-65535; Default: 10) • Area Numbers 1 – The number of OSPF areas configured on this router. Default Route Information – • Originate Default Route 2 – Generates a default external route into an autonomous system. Note that the AS Boundary Router field must be enabled, and the Advertise Default Route field properly configured.
IP ROUTING Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters as required, and click Apply. CLI - This example configures the router with the same settings as shown in the screen capture for the Web interface. Console(config)#router ospf Console(config-router)#router-id 10.1.1.
CONFIGURING THE SWITCH Configuring OSPF Areas An autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default, all other areas are created as normal transit areas. Routers in a normal area may import or export routing information about individual nodes. To reduce the amount of routing traffic flooded onto the network, you can configure an area to export a single summarized route that covers a broad range of network addresses within the area (page 3-196).
IP ROUTING • By default, a stub can only pass traffic to other areas in the autonomous system via the default external route. However, you also can configure an area border router to send Type 3 summary link advertisements into the stub. NSSA – A not-so-stubby area (NSSA) is similar to a stub. It blocks most external routing information, and can be configured to advertise a single default route for traffic passing between the NSSA and other areas within the autonomous system (AS).
CONFIGURING THE SWITCH Command Usage • Before you create a stub or NSSA, first specify the address range for an area using the Network Area Address Configuration screen (page 3-206). • Stubs and NSSAs cannot be used as a transit area, and should therefore be placed at the edge of the routing domain. • A stub or NSSA can have multiple ABRs or exit points.
IP ROUTING Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default summary route sent into a stub, and click Apply. CLI - This example configures area 0.0.0.1 as a normal area, area 0.0.0.2 as a stub, and area 0.0.0.3 as an NSSA. It also configures the router to propagate a default summary route into the stub and sets the cost for this default route to 10. Console(config-router)#network 10.1.1.0 255.255.255.0 area 0.0.0.
CONFIGURING THE SWITCH Console#show ip ospf Routing Process with ID 192.168.1.253 Supports only single TOS(TOS0) route Number of area in this router is 3 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 40 times Area 0.0.0.2 (STUB) Number of interfaces in this area is 1 SPF algorithm executed 8 times Area 0.0.0.
IP ROUTING Command Attributes • Area ID – Identifies an area for which the routes are summarized. (The area ID must be in the form of an IP address.) • Range Network – Base address for the routes to summarize. • Range Netmask – Network mask for the summary route. • Advertising – Indicates whether or not to advertise the summary route. If the summary is not sent, the routes remain hidden from the rest of the network. (Default: Advertise) Note: This router supports up 64 summary routes for area ranges.
CONFIGURING THE SWITCH CLI - This example summarizes all the routes for area 1. Note that the default for the area range command is to advertise the route summary. The configured summary route is shown in the list of information displayed for area 1. Console(config-router)#area 0.0.0.1 range 10.1.1.0 255.255.255.0 Console(config-router)#end Console#show ip ospf Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.
IP ROUTING Field Attributes OSPF Interface List • VLAN ID – The VLAN to which an IP interface has been assigned. • Interface IP – The IP interface associated with the selected VLAN. • Area ID – The area to which this interface has been assigned. • Designated Router – Designated router for this area. • Backup Designated Router – Designated backup router for this area. • Entry Count – The number of IP interfaces assigned to this VLAN. Note: This router supports up 64 OSPF interfaces.
CONFIGURING THE SWITCH interface when estimating this delay. Set the transmit delay according to link speed, using larger values for lower-speed links. - The transmit delay must be the same for all routers in an autonomous system. - On slow links, the router may send packets more quickly than devices can receive them. To avoid this problem, you can use the transmit delay to force the router to wait a specified interval between transmissions.
IP ROUTING • Authentication Type – Specifies the authentication type used for an interface. (Options: None, Simple password, MD5; Default: None) - Use authentication to prevent routers from inadvertently joining an unauthorized area. Configure routers in the same area with the same password or key. - When using simple password authentication, a password is included in the packet. If it does not match the password configured on the receiving router, the packet is discarded.
CONFIGURING THE SWITCH - When changing to a new key, the router will send multiple copies of all protocol messages, one with the old key and another with the new key. Once all the neighboring routers start sending protocol messages back to this router with the new key, the router will stop using the old key. This rollover process gives the network administrator time to update all the routers on the network without affecting the network connectivity.
IP ROUTING Change any of the interface-specific protocol parameters, and then click Apply CLI - This example configures the interface parameters for VLAN 1.
CONFIGURING THE SWITCH Configuring Virtual Links All OSPF areas must connect to the backbone. If isolated an area does not have a area direct physical connection to the backbone, you can ABR configure a virtual link that provides a logical path to the virtual link backbone. To connect an backbone ABR isolated area to the normal area backbone, the logical path can cross a single non-backbone area (i.e., transit area) to reach the backbone.
IP ROUTING Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router ID, configure the link attributes, and click Add. To modify the settings for an existing link, click the Detail button for the required entry, modify the link settings, and click Set. CLI - This example configures a virtual link from the ABR adjacent to area 0.0.0.4, through a transit area to the neighbor router 10.1.1.
CONFIGURING THE SWITCH Configuring Network Area Addresses OSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricted by area to limit their impact on network performance. A large network should be split up into separate OSPF areas to increase network stability, and to reduce protocol traffic by summarizing routing information into more compact messages.
IP ROUTING Command Attributes • IP Address – Address of the interfaces to add to the area. • Netmask – Network mask of the address range to add to the area. • Area ID – Area to which the specified address or range is assigned. An OSPF area identifies a group of routers that share common routing information. (The area ID must be in the form of an IP address.) Note: This router supports up to 16 total areas (either normal transit areas, stubs, or NSSAs).
CONFIGURING THE SWITCH CLI - This example configures the backbone area and one transit area. Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.0 4-255 Console(config-router)#network 10.1.1.0 255.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf 4-271 Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 8 times Area 0.0.0.
IP ROUTING Command Attributes • IP Address – Summary address covering a range of addresses. • Netmask – Network mask for the summary route. Note: This router supports up 16 Type-5 summary routes. Web - Click Routing Protocol, OSPF, Summary Address Configuration. Specify the base address and network mask, then click Add. CLI - This example This example creates a summary address for all routes contained in 192.168.x.x. Console(config-router)#summary-address 192.168.0.0 255.255.0.
CONFIGURING THE SWITCH Redistributing External Routes You can configure this router to import external routing information from other routing protocols into the autonomous system. Router ASBR OSPF AS RIP, or static routes Command Usage • This router supports redistribution for both RIP and static routes. • When you redistribute external routes into an OSPF autonomous system (AS), the router automatically becomes an autonomous system boundary router (ASBR).
IP ROUTING Command Attributes • Redistribute Protocol – Specifies the external routing protocol type for which routing information is to be redistributed into the local routing domain. (Options: RIP, Static; Default: RIP) • Redistribute Metric Type – Indicates the method used to calculate external route costs. (Options: Type 1, Type 2; Default: Type 1) • Redistribute Metric – Metric assigned to all external routes for the specified protocol.
CONFIGURING THE SWITCH Configuring NSSA Settings Use the OSPF / NSSA Settings page to configure a not-so-stubby area (NSSA), and to control the use of default routes for ABRs and ASBRs, or external routes learned from other routing domains and imported via an ABR. (For a detailed description of NSSA areas, refer to “Configuring OSPF Areas” on page 3-192.) Command Attributes • Area ID – Identifier for an not-so-stubby area (NSSA).
IP ROUTING Web - Click Routing Protocol, OSPF, NSSA Settings. Create a new NSSA or modify the routing behavior for an existing NSSA, and click Apply. CLI - This example configures area 0.0.0.1 as a stub and sets the cost for the default summary route to 10. Console(config-router)#area 0.0.0.1 nssa default-information-originate Console(config-router)#area 0.0.0.
CONFIGURING THE SWITCH The full database is exchanged between neighboring routers as soon as a new router is discovered. Afterwards, any changes that occur in the routing tables are synchronized with neighboring routers through a process called reliable flooding.
IP ROUTING • Adv Router – IP address of the advertising router. If not entered, information about all advertising routers is displayed. • Age* – Age of LSA (in seconds). • Seq* – Sequence number of LSA (used to detect older duplicate LSAs). • CheckSum* – Checksum of the complete contents of the LSA. * These items are read only. Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display, then click Query.
CONFIGURING THE SWITCH Displaying Information on Border Routers You can display entries in the local routing table for Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR) known by this device. Field Attributes • Destination – Identifier for the destination router. • Next Hop – IP address of the next hop toward the destination. • Cost – Link metric for this route. • Type – Router type of the destination; either ABR, ASBR or both.
IP ROUTING Displaying Information on Neighbor Routers You can display about neighboring routers on each interface within an OSPF area. Field Attributes • ID – Neighbor’s router ID. • Priority – Neighbor’s router priority. • State – OSPF state and identification flag.
CONFIGURING THE SWITCH Web - Click Routing Protocol, OSPF, Neighbor Information. CLI - This shows a designated router and backup designated router as neighbors. Console#show ip ospf neighbor 4-282 ID Pri State Address --------------- ------ ---------------- --------------10.2.44.5 1 FULL/DR 10.2.44.88 10.2.44.6 2 FULL/BDR 10.2.44.
MULTICAST ROUTING it routing protocol independent. Also note that the Dense Mode version of PIM is supported on this router because it is suitable for densely populated multicast groups which occur primarily in the LAN environment. If DVMRP and PIM-DM are not enabled on this router or another multicast routing protocol is used on your network, you can manually configure the switch ports attached to a multicast router (page 3-140).
CONFIGURING THE SWITCH routes to forward multicast traffic only if group members appear on directly-attached subnetworks or on subnetworks attached to downstream routers. Field Attributes • Group Address – IP group address for a multicast service. • Source Address – Subnetwork containing the IP multicast source. • Netmask – Network mask for the IP multicast source. • Interface – Interface leading to the upstream neighbor. • Owner – The associated multicast protocol (i.e., DVMRP or PIM).
MULTICAST ROUTING Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry.
CONFIGURING THE SWITCH CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multicast source routed by DVMRP, and another source routed via PIM. Console#show ip mroute IP Multicast Forwarding is enabled. 4-288 IP Multicast Routing Table Flags: P - Prune, F - Forwarding (234.5.6.7, 10.1.0.0, 255.255.255.0) Owner: DVMRP Upstream Interface: vlan2 Upstream Router: 10.1.0.0 Downstream: (234.5.6.8, 10.1.5.19, 255.255.255.
MULTICAST ROUTING to build up a source-rooted multicast delivery tree that allows it to prevent looping and determine the shortest path to the source of this multicast traffic. source branch leaf leaf When this router receives the multicast message, it checks its unicast routing table to locate the port that provides the shortest path back to the source.
CONFIGURING THE SWITCH Command Usage Broadcasting periodically floods the network with traffic from any active multicast server. If IGMP snooping is disabled, multicast traffic is flooded to all ports on the router. However, if IGMP snooping is enabled, then the first packet for any source group pair is flooded to all DVMRP downstream neighbors.
MULTICAST ROUTING The global settings that control the prune and graft messages (i.e., prune lifetime) should be configured to the same values on all routers throughout the network to allow DVMRP to function properly. However, if you encounter problems in maintaining a multicast flow, then you may need to modify the protocol variables which control the exchange of topology information between DVMRP routers; such as the probe interval, neighbor timeout or report interval.
CONFIGURING THE SWITCH to the router. When the router receives these messages, it records all the downstream routers for the default route. - When multicast traffic with an unknown source address (i.e., not found in the route table) is received on the default upstream route interface, the router forwards this traffic out through the other interfaces (with known downstream routers).
MULTICAST ROUTING CLI – This sets the global parameters for DVMRP and displays the current settings. Console(config)#router dvmrp Console(config-router)#probe-interval 30 Console(config-router)#nbr-timeout 40 Console(config-router)#report-interval 90 Console(config-router)#flash-update-interval 10 Console(config-router)#prune-lifetime 5000 Console(config-router)#default-gateway 10.1.0.
CONFIGURING THE SWITCH • Status – Enables or disables DVMRP. - If DVMRP is enabled on any interface, Layer 3 IGMP should also be enabled on the router (page 3-144). - If DVMRP is disabled, the interface cannot propagate IP multicast routing information. However, as long as IGMP snooping is enabled, the interface will still forward multicast traffic to downstream group members within the VLAN.
MULTICAST ROUTING Displaying Neighbor Information You can display all the neighboring DVMRP routers. Command Attributes • Neighbor Address – The IP address of the network device immediately upstream for this multicast delivery tree. • Interface – The IP interface on this router that connects to the upstream neighbor. • Up time – The time since this device last became a DVMRP neighbor to this router. • Expire – The time remaining before this entry will be aged out.
CONFIGURING THE SWITCH CLI – This example displays the only neighboring DVMRP router. Console#show ip dvmrp neighbor 4-300 Address Interface Uptime Expire Capabilities ---------------- --------------- -------- -------- ------------10.1.0.254 vlan1 79315 32 6 Console# Displaying the Routing Table The router learns source-routed information from neighboring DVMRP routers and also advertises learned routes to its neighbors.
MULTICAST ROUTING • Up time – The time elapsed since this entry was created. • Expire – The time remaining before this entry will be aged out. Web – Click Routing Protocol, DVMRP, DVMRP Routing Table. CLI – This example displays known DVMRP routes. Console#show ip dvmrp route 4-299 Source Mask Upstream_nbr Interface Metric UpTime Expire --------------- --------------- --------------- --------- ------ ------ -----10.1.0.0 255.255.255.0 10.1.0.253 vlan1 1 84438 0 10.1.1.0 255.255.255.0 10.1.1.
CONFIGURING THE SWITCH network. If it is not, the router drops the packet and sends a prune message back out the source interface. If it is the same interface used by the unicast protocol, then the router forwards a copy of the packet to all the other interfaces for which is has not already received a prune message for this specific source-group pair. DVMRP holds the prune state for about two hours, while PIM-DM holds it for only about three minutes.
MULTICAST ROUTING CLI – This example enables PIM-DM globally and displays the current status. Console(config)#router pim Console#show router pim Admin Status: Enabled Console# 4-302 4-308 Configuring PIM-DM Interface Settings To fully enable PIM-DM, you need to enable multicast routing globally for the router (page 3-219), enable PIM-DM globally for the router (page 3-232), and also enable PIM-DM for each interface that will participate in multicast routing.
CONFIGURING THE SWITCH not these neighbors are still active members of the multicast tree. (Range: 1-65535 seconds; Default: 30) • Hello Holdtime – Sets the interval to wait for hello messages from a neighboring PIM router before declaring it dead. Note that the hello holdtime should be 3.5 times the value of Hello Interval.
MULTICAST ROUTING Web – Click Routing Protocol, PIM-DM, Interface Settings. Select a VLAN, enable or disable PIM-DM for the selected interface, modify any of the protocol parameters as required, and click Apply. CLI – This example sets the PIM-DM protocol parameters for VLAN 2, and displays the current settings.
CONFIGURING THE SWITCH Displaying Interface Information You can display a summary of the current interface status for PIM-DM, including the number of neighboring PIM routers, and the address of the designated PIM router. Command Attributes • Interface – A VLAN interface on this router. • Address – The IP address for this interface. • Mode – The PIM mode in use. (This router only supports Dense Mode at this time.) • Neighbor Count – The number of PIM neighbors detected on this interface.
MULTICAST ROUTING Displaying Neighbor Information You can display all the neighboring PIM-DM routers. Command Attributes • Neighbor Address – IP address of the next-hop router. • Interface – VLAN that is attached to this neighbor. • Up time – The duration this entry has been active. • Expire – The time before this entry will be removed. • Mode – PIM mode used on this interface. (Only Dense Mode is supported.) Web – Click Routing Protocol, PIM-DM, Neighbor Information.
CONFIGURING THE SWITCH 3-238
CHAPTER 4 COMMAND LINE INTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands on a UNIX system.
COMMAND LINE INTERFACE 3. When finished, exit the session with the “quit” or “exit” command. After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the SMC6724L3 1 Intelligent Switch is opened. To end the CLI session, enter [Exit]. Console# Telnet Connection Telnet operates over the IP transport protocol.
ENTERING COMMANDS After you configure the switch with an IP address, you can open a Telnet session by performing these steps: 1. From the remote host, enter the Telnet command and the IP address of the device you want to access. 2. At the prompt, enter the user name and system password. The CLI will display the “Vty-0#” prompt for the administrator to show that you are using privileged access mode (i.e., Privileged Exec), or “Vty-0>” for the guest to show that you are using normal access mode (i.e.
COMMAND LINE INTERFACE You can enter commands as follows: • To enter a simple command, enter the command keyword. • To enter multiple commands, enter each command in the required order. For example, to enable Privileged Exec command mode, and display the startup configuration, enter: Console>enable Console#show startup-config • To enter commands that require parameters, enter the required parameters after the command keyword.
ENTERING COMMANDS Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, DHCP, Interface, Line, Router or VLAN Database). You can also display a list of valid keywords for a specific command.
COMMAND LINE INTERFACE Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.
ENTERING COMMANDS command classes and associated modes are displayed in the following table: Class Mode Exec Normal Privileged Configuration Global* Access Control List DHCP Interface Line Router VLAN Database * You must be in Privileged Exec mode to access the Global configuration mode. You must be in Global Configuration mode to access any of the other configuration modes.
COMMAND LINE INTERFACE Username: guest Password: [guest login password] CLI session with the SMC6724L3 1 Switch is opened. To end the CLI session, enter [Exit]. Console#enable Password: [privileged level password] Console# Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted.
ENTERING COMMANDS To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands. Console#configure Console(config)# To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode.
COMMAND LINE INTERFACE Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?” character to display a list of possible matches.
COMMAND GROUPS Command Groups The system commands can be broken down into the functional groups shown below.
COMMAND LINE INTERFACE Command Group Description Page Spanning Tree Configures Spanning Tree settings for the switch 4-146 VLANs Configures VLAN settings, and defines port membership for VLAN groups; also enables or configures private VLANs 4-162 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning; shows the configuration for the bridge extension MIB 4-175 Priority Sets port priority for untagged frames, relative weight 4-181 for each priority queue, also sets
LINE COMMANDS Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal).
COMMAND LINE INTERFACE line Use this command to identify a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line. Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty” in screen displays such as show users.
LINE COMMANDS login Use this command to enable password checking at login. Use the no form to disable password checking and allow connections without a password. Syntax login [local] no login local - Selects local password checking. Authentication is based on the user name specified with the username command.
COMMAND LINE INTERFACE Example Console(config-line)#login local Console(config-line)# Related Commands username (4-33) password (4-16) password Use this command to specify the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password • {0 | 7} - 0 means plain password, 7 means encrypted password • password - Character string that specifies the line password.
LINE COMMANDS configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example Console(config-line)#password 0 secret Console(config-line)# Related Commands login (4-15) password-thresh (4-18) exec-timeout Use this command to set the interval that the system waits until user input is detected. Use the no form to restore the default.
COMMAND LINE INTERFACE Example To set the timeout to two minutes, enter this command: Console(config-line)#exec-timeout 120 Console(config-line)# password-thresh Use this command to set the password intrusion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold value. Syntax password-thresh [threshold] no password-thresh threshold - The number of allowed password attempts. (Range: 1-120; 0: no threshold) Default Setting The default value is three attempts.
LINE COMMANDS Related Commands silent-time (4-19) silent-time Use this command to set the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command. Use the no form to remove the silent time value. Syntax silent-time [seconds] no silent-time seconds - The number of seconds to disable console response. (Range: 0-65535; 0: no silent-time) Default Setting The default value is no silent-time.
COMMAND LINE INTERFACE databits Use this command to set the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits • 7 - Seven data bits per character. • 8 - Eight data bits per character. Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity.
LINE COMMANDS parity Use this command to define generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting.
COMMAND LINE INTERFACE speed Use this command to set the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 9600, 19200, 38400, 57600, 115200 bps) Default Setting 9600 bps Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port.
LINE COMMANDS stopbits Use this command to set the number of the stop bits transmitted per byte. Use the no form to restore the default setting. Syntax stopbits {1 | 2} • 1 - One stop bit • 2 - Two stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits, enter this command: Console(config-line)#stopbits 2 Console(config-line)# show line Use this command to display the terminal line’s parameters. Syntax show line [console | vty] • console - Console terminal line.
COMMAND LINE INTERFACE Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 65535 General Commands 4-24 Command Function Mode Page enable Activates privileged mode NE 4-25 disable Returns to normal mode from privileged mode PE 4-26 configure Activates global co
GENERAL COMMANDS enable Use this command to activate Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 4-6. Syntax enable [level] level - Privilege level to log into the device. The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. Enter level 15 to access Privileged Exec mode.
COMMAND LINE INTERFACE disable Use this command to return to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See “Understanding Command Modes” on page 4-6. Default Setting None Command Mode Privileged Exec Command Usage The “>” character is appended to the end of the prompt to indicate that the system is in normal access mode.
GENERAL COMMANDS configure Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, and VLAN Database Configuration. See “Understanding Command Modes” on page 4-6.
COMMAND LINE INTERFACE Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration
GENERAL COMMANDS Command Usage This command resets the entire system. Example This example shows how to reset the switch: Console#reload System will be restarted, continue ? y end Use this command to return to Privileged Exec mode.
COMMAND LINE INTERFACE Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: quit Use this command to exit the configuration program. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program.
SYSTEM MANAGEMENT COMMANDS System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information.
COMMAND LINE INTERFACE hostname Use this command to specify or modify the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode Global Configuration Example Console(config)#hostname SMC6724L3 Console(config)# User Access Commands The basic commands required for management access are listed in this section.
SYSTEM MANAGEMENT COMMANDS username Use this command to add named users, require authentication at login, specify or change a user's password (or specify that no password is required), or specify or change a user's access level. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} password} no username name • name - The name of the user. (Maximum length: 8 characters, case sensitive.
COMMAND LINE INTERFACE Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example This example shows how the set the access level and password for a user.
SYSTEM MANAGEMENT COMMANDS Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 4-25). • The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server.
COMMAND LINE INTERFACE Default Setting 80 Command Mode Global Configuration Example Console(config)#ip http port 769 Console(config)# Related Commands ip http server (4-36) ip http server Use this command to allow this device to be monitored or configured from a browser. Use the no form to disable this function.
SYSTEM MANAGEMENT COMMANDS Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4-37 logging history Limits syslog messages saved to switch memory GC based on severity 4-38 clear logging Clears messages from the logging buffer PE 4-39 show logging Displays the state of logging PE 4-40 logging on Use this command to control logging of error messages. This command sends debug or error messages to switch memory.
COMMAND LINE INTERFACE logging history Use this command to limit syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). • level - One of the level arguments listed below.
SYSTEM MANAGEMENT COMMANDS Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority (i.e., numerically lower) than that specified for RAM. Example Console(config)#logging history ram 0 Console(config)# clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e.
COMMAND LINE INTERFACE show logging Use this command to display the logging configuration, along with any system and event messages stored in memory. Syntax show logging {flash | ram} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
SYSTEM MANAGEMENT COMMANDS Example The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “debugging” (i.e., default level 7 - 0), and lists one sample error Console#show logging flash Syslog logging: Enable History logging in FLASH: level errors [0] 0:0:5 1/1/1 "PRI_MGR_InitDefault function fails." level: 3, module: 13, function: 0, and event no.
COMMAND LINE INTERFACE sntp client Use this command to enable SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp servers command. Use the no form of this command to disable SNTP client requests. Syntax sntp client no sntp client Default Setting Disabled Command Mode Global Configuration Command Usage • The time acquired from time servers is used to record accurate dates and times for log events.
SYSTEM MANAGEMENT COMMANDS Example Console(config)#sntp server 10.1.0.19 Console(config)#sntp poll 60 Console(config)#sntp client Console(config)#end Console#show sntp Current time: Dec 23 02:52:44 2002 Poll interval: 60 Current mode: unicast Console# Related Commands sntp server (4-43) sntp poll (4-44) sntp broadcast client (4-45) show sntp (4-45) sntp server Use this command to set the IP address of the servers to which SNTP time requests are issued.
COMMAND LINE INTERFACE Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode. The client will poll the time servers in the order specified until a response is received. It issues time synchronization requests based on the interval set via the sntp poll command. Example Console(config)#sntp server 10.1.0.
SYSTEM MANAGEMENT COMMANDS Example Console(config)#sntp poll 60 Console# Related Commands sntp client (4-42) sntp broadcast client Use this command to synchronize the switch’s clock based on time broadcast from time servers (using the multicast address 224.0.1.1). Use the no form to disable SNTP broadcast client mode.
COMMAND LINE INTERFACE Command Usage This command displays the current time, the poll interval used for sending time synchronization requests (when the switch is set to SNTP client mode), and the current SNTP mode (i.e., client or broadcast). Example Console#show sntp Current time: Dec 23 05:13:28 2002 Poll interval: 16 Current mode: unicast Console# clock timezone Use this command to set the time zone for the switch’s internal clock.
SYSTEM MANAGEMENT COMMANDS a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
COMMAND LINE INTERFACE Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!” symbols, and includes the configuration mode command, and corresponding commands.
SYSTEM MANAGEMENT COMMANDS interface vlan 1 ip address 0.0.0.0 255.0.0.0 ip address dhcp ! line console ! line vty ! end Console# Related Commands show running-config (4-49) show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory.
COMMAND LINE INTERFACE - Routing protocol configuration settings - Spanning tree settings - Any configured settings for the console port and Telnet Example Console#show running-config building running-config, please wait.....
SYSTEM MANAGEMENT COMMANDS show system Use this command to display system information. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage • For a description of the items shown by this command, refer to “Displaying System Information” on page -12. • The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: TigerSwitch 10/100 Managed 24+2 L3 Switch System OID string: 1.3.6.
COMMAND LINE INTERFACE Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number. Example Console#show users Username accounts: Username Privilege -------- --------guest 0 admin 15 Online users: Line Username Idle time (h:m:s) Remote IP addr. ----------- -------- ----------------- --------------* 0 console admin 0:00:00 1 vty 0 admin 0:04:37 10.1.0.
FLASH/FILE COMMANDS Example Console#show version Unit1 Serial number Service tag Hardware version Number of ports Main power status Redundant power status Agent(master) Unit id Loader version Boot rom version Operation code version Console# :1111111111 : :R0A :26 :up :not present :1 :1.0.0.0 :1.0.0.0 :1.0.1.3 Flash/File Commands These commands are used to manage the system code or configuration files.
COMMAND LINE INTERFACE Syntax copy copy copy copy file {file | running-config | startup-config | tftp} running-config {file | startup-config | tftp} startup-config {file | running-config | tftp} tftp {file | running-config | startup-config} • file - Keyword that allows you to copy to/from a file. • running-config - Keyword that allows you to copy to/from the current running configuration. • startup-config - The configuration used for system initialization.
FLASH/FILE COMMANDS the download menu during a boot up to download the Boot ROM (or diagnostic) image. See “Upgrading Firmware via the Serial Port” on page B-1 for more details. Example The following example shows how to upload the configuration settings to a file on the TFTP server: Console#copy file tftp Choose file type: 1. config: 2. opcode: <1-2>: 1 Source file name: startup TFTP server ip address: 10.1.0.99 Destination file name: startup.01 TFTP completed. Success.
COMMAND LINE INTERFACE delete Use this command to delete a file or image. Syntax delete filename filename - Name of the configuration file or image name. Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cfg” cannot be deleted. Example This example shows how to delete the test2.cfg configuration file from flash memory. Console#delete test2.
FLASH/FILE COMMANDS dir Use this command to display a list of files in flash memory. Syntax dir [boot-rom | config | opcode [:filename]] The type of file or image to display includes: • • • • boot-rom - Boot ROM (or diagnostic) image file. config - Switch configuration file. opcode - Run-time operation code image file. filename - Name of the file or image. If this file exists but contains errors, information on this file cannot be shown.
COMMAND LINE INTERFACE Example The following example shows how to display all file information: Console#dir file name file type startup size (byte) -------------------------------- -------------- ------- ----------diag_0060 Boot-Rom image Y 111360 run_01642 Operation Code N 1074304 run_0200 Operation Code Y 1083008 Factory_Default_Config.
FLASH/FILE COMMANDS boot system Use this command to specify the file or image used to start up the system. Syntax boot system {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: • boot-rom - Boot ROM. • config - Configuration file. • opcode - Run-time operation code. The colon (:) is required. • filename - Name of the configuration file or image name.
COMMAND LINE INTERFACE Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x.
AUTHENTICATION COMMANDS Command Mode Global Configuration Command Usage • RADIUS uses UDP which only offers best effort delivery. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server. • RADIUS logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server.
COMMAND LINE INTERFACE Command Function Mode Page radius-server retransmit Sets the number of retries GC 4-64 radius-server timeout Sets the interval between sending authentication requests GC 4-65 show radius-server PE 4-65 Shows the current RADIUS settings radius-server host Use this command to specify the RADIUS server. Use the no form to restore the default. Syntax radius-server host host_ip_address no radius-server host host_ip_address - IP address of server. Default Setting 10.1.0.
AUTHENTICATION COMMANDS radius-server port Use this command to set the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting 1812 Command Mode Global Configuration Example Console(config)#radius-server port 181 Console(config)# radius-server key Use this command to set the RADIUS encryption key.
COMMAND LINE INTERFACE Command Mode Global Configuration Example Console(config)#radius-server key green Console(config)# radius-server retransmit Use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server.
AUTHENTICATION COMMANDS radius-server timeout Use this command to set the interval between transmitting authentication requests to the RADIUS server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the switch waits for a reply before resending a request.
COMMAND LINE INTERFACE 802.1x Port Authentication The switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first enter a user ID and password for authentication. Client authentication is controlled centrally by a RADIUS server using EAPOL (Extensible Authentication Protocol Over LAN).
AUTHENTICATION COMMANDS authentication dot1x default Sets the default authentication server type. Use the no form to restore the default. Syntax authentication dot1x default radius no authentication dot1x Default Setting RADIUS Command Mode Global Configuration Example Console(config)#authentication dot1x default radius Console(config)# dot1x default Sets all configurable dot1x global and port settings to their default values.
COMMAND LINE INTERFACE dot1x max-req Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session. Use the no form to restore the default. Syntax dot1x max-req count no dot1x max-req count – The maximum number of requests (Range: 1-10) Default 2 Command Mode Global Configuration Example Console(config)#dot1x max-req 2 Console(config)# dot1x port-control Sets the dot1x mode on a port interface.
AUTHENTICATION COMMANDS Default force-authorized Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x port-control auto Console(config-if)# dot1x re-authenticate Forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
COMMAND LINE INTERFACE Command Mode Global Configuration Example Console(config)#dot1x re-authentication Console(config)# dot1x timeout quiet-period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form of this command to reset the default. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period seconds seconds - The number of seconds.
AUTHENTICATION COMMANDS Default 3600 seconds Command Mode Global Configuration Example Console(config)#dot1x timeout re-authperiod 300 Console(config)# dot1x timeout tx-period Sets the time that the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - The number of seconds.
COMMAND LINE INTERFACE show dot1x Use this command to show general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. Command Mode Privileged Exec Command Usage This command displays the following information: • Global 802.
AUTHENTICATION COMMANDS (page 4-71), and Port-control (page 4-68). It also displays the following information: - Status– Authorization status (authorized or unauthorized). - Supplicant– MAC address of authorized client. • Authenticator State Machine - State– Current state (including initialize, disconnected, connecting, authenticating, authenticated, aborting, held, force_authorized, force_unauthorized). - Reauth Count– Number of times connecting state is re-entered.
COMMAND LINE INTERFACE 802.1X Port Details 802.1X is disabled on port 1 . . . 802.
ACCESS CONTROL LIST COMMANDS There are three filtering modes: • Standard IP ACL mode (STD-ACL) filters packets based on the source IP address. • Extended IP ACL mode (EXT-ACL) filters packets based on source or destination IP address, as well as protocol type and TCP/UDP port number. If the TCP protocol type is specified, then you can also filter packets based on the TCP control code.
COMMAND LINE INTERFACE Command Groups Function Page IP ACLs Configures ACLs based on IP addresses, TCP/UDP port number, protocol type, and TCP control code 4-76 MAC ACLs Configures ACLs based on hardware addresses, packet format, and Ethernet type 4-84 ACL Information Displays ACLs and associated rules; shows ACLs assigned to each port 4-89 IP ACLs Command Function access-list ip Creates an IP ACL and enters configuration GC mode Mode Page 4-76 permit, deny Filters packets matching a speci
ACCESS CONTROL LIST COMMANDS • extended – Specifies an ACL that filters packets based on the source or destination IP address, and other more specific criteria. • acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configuration Command Usage • An ACL can contain either all permit commands or all deny commands.
COMMAND LINE INTERFACE permit, deny (Standard ACL) Use this command to add a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source. Use the no form to remove a rule. Syntax {permit | deny} {any | source bitmask | host source} no {permit | deny} {any | source bitmask | host source} • • • • any – Any source IP address. source – Source IP address. bitmask – Decimal number representing the address bits to match.
ACCESS CONTROL LIST COMMANDS Related Commands access-list ip (4-76) permit, deny (Extended ACL) Use this command to add a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source and destination IP addresses, protocol types, source and destination TCP/UDP ports, or TCP control codes. Use the no form to remove a rule.
COMMAND LINE INTERFACE • host – Keyword followed by a specific IP address. • source-port – TCP/UDP source port number. (Range: 0-65535) • destination-port – TCP/UDP destination port number. (Range: 0-65535) • protocol-number – A specific protocol number. (Range: 0-255) • control-code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63) • code-bitmask – Decimal number representing the code bits to match.
ACCESS CONTROL LIST COMMANDS - Both SYN and ACK valid, use “control-code 18 18” - SYN valid and ACK invalid, use “control-code 2 18” Example This example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through. Console(config-ext-acl)#permit 10.7.1.1 255.255.255.
COMMAND LINE INTERFACE Default Setting None Command Mode Interface Configuration (Ethernet) Example Console(config)#int eth 1/25 Console(config-if)#ip access-group standard david in Console(config-if)# Related Commands show ip access-list (4-83) show ip access-group Use this command to show the ports assigned to IP ACLs.
ACCESS CONTROL LIST COMMANDS show ip access-list Use this command to display the rules for configured IP ACLs. Syntax show ip access-list {standard | extended} [acl_name] • standard – Specifies a standard IP ACL. • extended – Specifies an extended IP ACL. • acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example Console#show ip access-list standard IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 0.0.15.
COMMAND LINE INTERFACE MAC ACLs Command Function Mode Page access-list mac Creates a MAC ACL and enters configuration GC mode 4-84 permit, deny Filters packets matching a specified source and destination address, packet format, and Ethernet type MACACL 4-85 mac access-group Adds a port to a MAC ACL IC 4-87 show mac access-group Shows port assignments for MAC ACLs PE 4-87 show mac access-list Displays the rules for configured MAC ACLs PE 4-88 access-list mac Use this command to add a MAC
ACCESS CONTROL LIST COMMANDS the bottom of the list. To create an ACL, you must add at least one rule to the list. • To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule. • An ACL can contain up to 32 rules. Example Console(config)#access-list mac jerry Console(config-mac-acl)# Related Commands permit, deny (4-85) mac access-group (4-87) show mac access-list (4-88) permit, deny (MAC ACL) Use this command to add a rule to a MAC ACL.
COMMAND LINE INTERFACE • any – Any MAC source address, destination address, or Ethernet protocol. • source – Source MAC address. • source bitmask – Binary mask for the source MAC address. • destination – Destination MAC address. • destination bitmask – Binary mask for the destination MAC address. • protocol – A specific Ethernet protocol number. (Range: 0-65535) Default Setting None Command Mode MAC ACL Command Usage • New rules are added to the end of the list.
ACCESS CONTROL LIST COMMANDS mac access-group Use this command to bind a port to a MAC ACL. Use the no form to remove the port. Syntax mac access-group acl_name in acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage • A port can only be bound to one ACL. • If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one.
COMMAND LINE INTERFACE Example Console#show mac access-group Interface ethernet 1/25 MAC access-list jerry Console# Related Commands mac access-group (4-87) show mac access-list Use this command to display the rules for configured MAC ACLs. Syntax show mac access-list [acl_name] acl_name – Name of the ACL.
ACCESS CONTROL LIST COMMANDS ACL Information Command Function Mode show access-list Show all ACLs and associated rules PE 4-89 PE 4-89 show access-group Shows the ACLs assigned to each port Page show access-list Use this command to show all ACLs and associated rules. Command Mode Privileged Exec Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 0.0.15.255 IP extended access-list bob: permit 10.7.1.1 0.0.0.255 any permit 192.168.1.0 0.0.0.
COMMAND LINE INTERFACE SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers.
SNMP COMMANDS Default Setting • public - Read-only access. Authorized management stations are only able to retrieve MIB objects. • private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects. Command Mode Global Configuration Command Usage The first snmp-server community command you enter enables SNMP (SNMPv1). The no snmp-server community command disables SNMP.
COMMAND LINE INTERFACE Related Commands snmp-server location (4-92) snmp-server location Use this command to set the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text - String that describes the system location.
SNMP COMMANDS snmp-server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host host-addr community-string no snmp-server host host-addr • host-addr - Internet address of the host (the targeted recipient). (Maximum host addresses: 5 trap destination IP address entries) • community-string - Password-like community string sent with the notification operation.
COMMAND LINE INTERFACE • However, some notification types cannot be controlled with the snmp-server enable traps command. For example, some notification types are always enabled. Example Console(config)#snmp-server host 10.1.19.23 batman Console(config)# Related Commands snmp-server enable traps (4-94) snmp-server enable traps Use this command to enable this device to send Simple Network Management Protocol traps (SNMP notifications). Use the no form to disable SNMP notifications.
SNMP COMMANDS notifications are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. • The snmp-server enable traps command is used in conjunction with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. In order to send notifications, you must configure at least one snmp-server host command.
COMMAND LINE INTERFACE Example Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read-write 2.
DHCP COMMANDS DHCP Commands These commands are used to configure Dynamic Host Configuration Protocol (DHCP) client, relay, and server functions. You can configure any VLAN interface to be automatically assigned an IP address via DHCP. This switch can be configured to relay DHCP client configuration requests to a DHCP server on another network, or you can configure this switch to provide DHCP service directly to any client.
COMMAND LINE INTERFACE Default Setting None Command Mode Interface Configuration (VLAN) Command Usage This command is used to include a client identifier in all communications with the DHCP server. The identifier type depends on the requirements of your DHCP server.
DHCP COMMANDS • If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will be based on this new domain. Example In the following example, the device is reassigned the same address. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart client Console#show ip interface Vlan 1 is up, addressing mode is Dhcp Interface address is 10.1.0.254, mask is 255.255.255.
COMMAND LINE INTERFACE Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage This command is used to configure DHCP relay functions for host devices attached to the switch. If DHCP relay service is enabled, and this switch sees a DHCP request broadcast, it inserts its own IP address into the request so the DHCP server will know the subnet where the client is located. Then, the switch forwards the packet to the DHCP server on another network.
DHCP COMMANDS ip dhcp relay server Use this command to specify the addresses of DHCP servers to be used by the switch’s DHCP relay agent. Use the no form to clear all addresses. Syntax ip dhcp relay server address1 [address2 [address3 ...]] no ip dhcp relay server address - IP address of DHCP server. (Range: 1-3 addresses) Default Setting None Command Mode Interface Configuration (VLAN) Usage Guidelines • You must specify the IP address for at least one DHCP server.
COMMAND LINE INTERFACE DHCP Server Command Function Mode Page service dhcp Enables the DHCP server feature on this switch GC 4-103 ip dhcp excluded-address Specifies IP addresses that a DHCP server should not assign to DHCP clients GC 4-104 ip dhcp pool Configures a DHCP address pool on a DHCP GC Server 4-104 network Configures the subnet number and mask for a DC DHCP address pool 4-105 default-router Specifies the default router list for a DHCP client DC 4-106 domain-name Specifies th
DHCP COMMANDS Command Function clear ip dhcp binding Deletes an automatic address binding from the PE DHCP server database Mode Page show ip dhcp binding Displays address bindings on the DHCP server 4-116 PE, NE 4-117 * These commands are used for manually binding an address to a client. service dhcp Use this command to enable the DHCP server on this switch. Use the no form to disable the DHCP server.
COMMAND LINE INTERFACE ip dhcp excluded-address Use this command to specify IP addresses that the DHCP server should not assign to DHCP clients. Use the no form to remove the excluded IP addresses. Syntax ip dhcp excluded-address low-address [high-address] no ip dhcp excluded-address low-address [high-address] • low-address - An excluded IP address, or the first IP address in an excluded address range. • high-address - The last IP address in an excluded address range.
DHCP COMMANDS Command Mode Global Configuration Usage Guidelines • After executing this command, the switch changes to DHCP Pool Configuration mode, identified by the (config-dhcp)# prompt. • From this mode, first configure address pools for the network interfaces (using the network command). You can also manually bind an address to a specific client (with the host command) if required. You can configure up to 8 network address pools, and up to 32 manually bound host address pools (i.e.
COMMAND LINE INTERFACE Usage Guidelines • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server). If there is no gateway in the client request (i.e., the request was not forwarded by a relay server), the switch searches for a network pool matching the interface through which the client request was received.
DHCP COMMANDS Command Mode DHCP Pool Configuration Usage Guidelines The IP address of the router should be on the same subnet as the client. You can specify up to two routers. Routers are listed in order of preference (starting with address1 as the most preferred router). Example Console(config-dhcp)#default-router 10.1.0.54 10.1.0.64 Console(config-dhcp)# domain-name Use this command to specify the domain name for a DHCP client. Use the no form to remove the domain name.
COMMAND LINE INTERFACE dns-server Use this command to specify the Domain Name System (DNS) IP servers available to a DHCP client. Use the no form to remove the DNS server list. Syntax dns-server address1 [address2] no dns-server • address1 - Specifies the IP address of the primary DNS server. • address2 - Specifies the IP address of the alternate DNS server.
DHCP COMMANDS next-server Use this command to configure the next server in the boot process of a DHCP client. Use the no form to remove the boot server list. Syntax next-server address no next-server address address - Specifies the IP address of the next server in the boot process, which is typically a Trivial File Transfer Protocol (TFTP) server. Default Setting None Command Mode DHCP Pool Configuration Example Console(config-dhcp)#next-server 10.1.0.
COMMAND LINE INTERFACE Default Setting None Command Mode DHCP Pool Configuration Example Console(config-dhcp)#bootfile wme.bat Console(config-dhcp)# Related Commands next-server (4-109) netbios-name-server Use this command to configure NetBIOS Windows Internet Naming Service (WINS) name servers that are available to Microsoft DHCP clients. Use the no form to remove the NetBIOS name server list.
DHCP COMMANDS Example Console(config-dhcp)#netbios-name-server 10.1.0.33 10.1.0.34 Console(config-dhcp)# Related Commands netbios-node-type (4-111) netbios-node-type Use this command to configure the NetBIOS node type for Microsoft DHCP clients. Use the no form to remove the NetBIOS node type.
COMMAND LINE INTERFACE lease Use this command to configure the duration that an IP address is assigned to a DHCP client. Use the no form to restore the default value. Syntax lease {days [hours][minutes] | infinite} no lease • days - Specifies the duration of the lease in numbers of days. (Range: 0-364) • hours - Specifies the number of hours in the lease. A days value must be supplied before you can configure hours. (Range: 0-23) • minutes - Specifies the number of minutes in the lease.
DHCP COMMANDS host Use this command to specify the IP address and network mask to manually bind to a DHCP client. Use the no form to remove the IP address for the client. Syntax host address [mask] no host • address - Specifies the IP address of a client. • mask - Specifies the network mask of the client. Default Setting None Command Mode DHCP Pool Configuration Usage Guidelines • Host addresses must fall within the range specified for an existing network pool.
COMMAND LINE INTERFACE is used (see page 3-178). This command is valid for manual bindings only. • The no host command only clears the address from the DHCP server database. It does not cancel the IP address currently in use by the host. Example Console(config-dhcp)#host 10.1.0.21 255.255.255.0 Console(config-dhcp)# Related Commands client-identifier (4-114) hardware-address (4-115) client-identifier Use this command to specify the client identifier of a DHCP client.
DHCP COMMANDS • BOOTP clients cannot transmit a client identifier. To bind an address to a BOOTP client, you must associate a hardware address with the host entry. Example Console(config-dhcp)#client-identifier text steve Console(config-dhcp)# Related Commands host (4-113) hardware-address Use this command to specify the hardware address of a DHCP client. This command is valid for manual bindings only. Use the no form to remove the hardware address.
COMMAND LINE INTERFACE Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command. BOOTP clients cannot transmit a client identifier. To bind an address to a BOOTP client, you must associate a hardware address with the host entry. Example.
DHCP COMMANDS Example Console#clear ip dhcp binding * Console# Related Commands show ip dhcp binding (4-117) show ip dhcp binding Use this command to display address bindings on the DHCP server. Syntax show ip dhcp binding [address] address - Specifies the IP address of the DHCP client for which bindings will be displayed. Default Setting None Command Mode Normal Exec, Privileged Exec Example Console#show ip dhcp binding IP MAC Lease Time Start --------------- ----------------- ------------ ----------192.
COMMAND LINE INTERFACE Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN.
INTERFACE COMMANDS interface Use this command to configure an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit/port - unit - This is device 1. - port - Port number.
COMMAND LINE INTERFACE Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 25. Console(config)#interface ethernet 1/25 Console(config-if)#description RD-SW#3 Console(config-if)# speed-duplex Use this command to configure the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default.
INTERFACE COMMANDS Command Usage • To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation command to disable auto-negotiation on the selected interface. • When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilities command. To set the speed/duplex mode under auto-negotiation, the required mode must be specified in the capabilities list for an interface.
COMMAND LINE INTERFACE Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands. • If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports. Example The following example configures port 11 to use autonegotiation.
INTERFACE COMMANDS • symmetric (Gigabit only) - When specified, the port transmits and receives pause frames; when not specified, the port will auto-negotiate to determine the sender and receiver for asymmetric pause frames. (The current switch ASIC only supports symmetric pause frames.
COMMAND LINE INTERFACE flowcontrol Use this command to enable flow control. Use the no form to disable flow control. Syntax flowcontrol no flowcontrol Default Setting Flow control enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.
INTERFACE COMMANDS Example The following example enables flow control on port 5. Console(config)#interface ethernet 1/5 Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (4-121) capabilities (flowcontrol, symmetric) (4-122) shutdown Use this command to disable an interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown Default Setting All interfaces are enabled.
COMMAND LINE INTERFACE switchport broadcast packet-rate Use this command to configure broadcast storm control. Use the no form to disable broadcast storm control. Syntax switchport broadcast packet-rate rate no switchport broadcast rate - Threshold level as a rate; i.e., packets per second.
INTERFACE COMMANDS clear counters Use this command to clear statistics on an interface. Syntax clear counters interface interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session.
COMMAND LINE INTERFACE show interfaces status Use this command to display the status for an interface. Syntax show interfaces status [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • vlan vlan-id (Range: 1-4094) Default Setting Shows the status for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed.
INTERFACE COMMANDS Example Console#show interfaces status ethernet 1/5 Information of Eth 1/5 Basic information: Port type: 100TX Mac address: 00-00-AB-CD-00-01 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, Broadcast storm: Enabled Broadcast storm limit: 500 packets/second Flow control: Disabled Lacp: Disabled Current status: Link status: Up Port operation status: Up Operation speed-duplex: 100full Flow control type: None Console#show interfaces statu
COMMAND LINE INTERFACE Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Showing Port Statistics” on page 3-71.
INTERFACE COMMANDS show interfaces switchport Use this command to display the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed.
COMMAND LINE INTERFACE Field Description Broadcast threshold Shows if broadcast storm suppression is enabled or disabled; if enabled it also shows the threshold level (page 4-126). Lacp status Shows if Link Aggregation Control Protocol has been enabled or disabled (page 4-139). VLAN membership Indicates membership mode as Trunk or Hybrid (page mode 4-166). 4-132 Ingress rule Shows if ingress filtering is enabled or disabled (page 4-168).
MIRROR PORT COMMANDS Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Command Function Mode Page port monitor Configures a mirror session IC 4-133 show port monitor Shows the configuration for a mirror port PE 4-134 port monitor Use this command to configure a mirror session. Use the no form to clear a mirror session.
COMMAND LINE INTERFACE probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner. • The destination port is set by specifying an Ethernet interface. • The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port. • You can create multiple mirror sessions, but all sessions must share the same destination port.
RATE LIMIT COMMANDS Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------Destination port(listen port):Eth1/1 Source port(monitored port) :Eth1/6 Mode :RX/TX Console# Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interfac
COMMAND LINE INTERFACE rate-limit Use this command to define the rate limit for a specific interface. Use this command without specifying a rate to restore the default rate. Use the no form to restore the default status of disabled. Syntax rate-limit {input | output} [rate] no rate-limit {input | output} • input – Input rate • output – Output rate • rate – Maximum value in Mbps.
LINK AGGREGATION COMMANDS Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device. For static trunks, the switches have to comply with the Cisco EtherChannel standard. For dynamic trunks, the switches have to comply with LACP.
COMMAND LINE INTERFACE • All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specified port-channel. • STP, VLAN, and IGMP settings can only be made for the entire trunk via the specified port-channel. channel-group Use this command to add a port to a trunk. Use the no form to remove a port from a trunk.
LINK AGGREGATION COMMANDS lacp Use this command to enable 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to disable it. Syntax lacp no lacp Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation. • A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID.
COMMAND LINE INTERFACE Example The following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that Trunk1 has been established.
ADDRESS TABLE COMMANDS Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time.
COMMAND LINE INTERFACE • action - delete-on-reset - Assignment lasts until the switch is reset. - permanent - Assignment is permanent. Default Setting No static addresses are defined. The default mode is permanent. Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table.
ADDRESS TABLE COMMANDS Command Mode Privileged Exec Example Console#clear mac-address-table dynamic Console# show mac-address-table Use this command to view classes of entries in the bridge-forwarding database. Syntax show mac-address-table [address mac-address [mask]] [interface interface] [vlan vlan-id] [sort {address | vlan | interface}] • mac-address - MAC address. • mask - Bits to match in the address. • interface • ethernet unit/port - unit - This is device 1. - port - Port number.
COMMAND LINE INTERFACE Command Usage • The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: - Learned - Dynamic address entries - Permanent - Static entry - Delete-on-reset - Static entry to be deleted when system is reset • The mask should be hexadecimal numbers (representing an equivalent bit mask) in the form xx-xx-xx-xx-xx-xx that is applied to the specified MAC address.
ADDRESS TABLE COMMANDS Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 100 Console(config)# show mac-address-table aging-time Use this command to show the aging time for entries in the address table. Default Setting None Command Mode Privileged Exec Example Console#show mac-address-table aging-time Aging time: 300 sec.
COMMAND LINE INTERFACE Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface.
SPANNING TREE COMMANDS spanning-tree Use this command to enable the Spanning Tree Algorithm globally for the switch. Use the no form to disable it. Syntax spanning-tree no spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
COMMAND LINE INTERFACE spanning-tree mode Use this command to select the spanning tree mode for this switch. Use the no form to restore the default. Syntax spanning-tree mode {stp | rstp} no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.1D) • rstp - Rapid Spanning Tree Protocol (IEEE 802.1w) Default Setting rstp Command Mode Global Configuration Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs.
SPANNING TREE COMMANDS Example The following example configures the switch to use Rapid Spanning Tree: Console(config)#spanning-tree mode rstp Console(config)# spanning-tree forward-time Use this command to configure the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds. (Range: 4 - 30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1].
COMMAND LINE INTERFACE spanning-tree hello-time Use this command to configure the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1].
SPANNING TREE COMMANDS Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN.
COMMAND LINE INTERFACE Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
SPANNING TREE COMMANDS Example Console(config)#spanning-tree pathcost method long Console(config)# spanning-tree transmission-limit Use this command to configure the minimum interval between the transmission of consecutive RSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds.
COMMAND LINE INTERFACE spanning-tree cost Use this command to configure the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port.
SPANNING TREE COMMANDS spanning-tree port-priority Use this command to configure the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for a port. (Range: 0-240, in steps of 16) Default Setting 128 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command defines the priority for the use of a port in the Spanning Tree Algorithm.
COMMAND LINE INTERFACE spanning-tree edge-port Use this command to specify an interface as an edge port. Use the no form to restore the default. Syntax spanning-tree edge-port no spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node.
SPANNING TREE COMMANDS spanning-tree portfast Use this command to set an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax spanning-tree portfast no spanning-tree portfast Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and proceed straight to Forwarding.
COMMAND LINE INTERFACE Related Commands spanning-tree edge-port (4-156) spanning-tree link-type Use this command to configure the link type for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree link-type {auto | point-to-point | shared} no spanning-tree link-type • auto - Automatically derived from the duplex mode setting. • point-to-point - Point-to-point link. • shared - Shared medium.
SPANNING TREE COMMANDS spanning-tree protocol-migration Use this command to re-check the appropriate BPDU format to send on the selected interface. Syntax spanning-tree protocol-migration interface interface • ethernet unit/port - unit - This is device 1. - port - Port number.
COMMAND LINE INTERFACE show spanning-tree Use this command to show the spanning tree configuration. Syntax show spanning-tree [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree.
SPANNING TREE COMMANDS Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.) :20 Root Forward Delay (sec.) :15 Designated Root :32768.
COMMAND LINE INTERFACE VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
VLAN COMMANDS Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN. The results of these commands are written to the running-configuration file, and you can display this file by entering the show running-config command.
COMMAND LINE INTERFACE Default Setting By default only VLAN 1 exists and is active. Command Mode VLAN Database Configuration Command Usage • • • • no vlan vlan-id deletes the VLAN. no vlan vlan-id name removes the VLAN name. no vlan vlan-id state returns the VLAN to the default state (i.e., active). You can configure up to 255 VLANs on the switch. Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.
VLAN COMMANDS Command Function Mode Page switchport allowed vlan Configures the VLANs associated with an interface IC 4-170 switchport gvrp Enables GVRP for an interface IC 4-177 IC 4-171 switchport forbidden Configures forbidden VLANs for an vlan interface interface vlan Use this command to enter interface configuration mode for VLANs, and configure a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN.
COMMAND LINE INTERFACE switchport mode Use this command to configure the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {trunk | hybrid} no switchport mode • trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. However, note that frames belonging to the port’s default VLAN (i.e., associated with the PVID) are sent untagged.
VLAN COMMANDS switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types • all - The port accepts all frames, tagged or untagged. • tagged - The port only receives tagged frames.
COMMAND LINE INTERFACE switchport ingress-filtering Use this command to enable ingress filtering for an interface. Use the no form to restore the default. Syntax switchport ingress-filtering no switchport ingress-filtering Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Ingress filtering only affects tagged frames.
VLAN COMMANDS switchport native vlan Use this command to configure the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port.
COMMAND LINE INTERFACE switchport allowed vlan Use this command to configure VLAN groups on the selected interface. Use the no form to restore the default. Syntax switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list} no switchport allowed vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan-list - List of VLAN identifiers to remove. • vlan-list - Separate nonconsecutive VLAN identifiers with a comma and no spaces; use a hyphen to designate a range of IDs.
VLAN COMMANDS • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged Console(config-if)# switchport forbidden vlan Use this command to configure forbidden VLANs.
COMMAND LINE INTERFACE Example The following example shows how to prevent port 1 from being added to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport forbidden vlan add 3 Console(config-if)# Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE, PE 4-172 show interfaces status vlan Displays status for the specified VLAN interface NE, PE 4-128 show interfaces switchport Displays the administrative and operational NE, status of an i
VLAN COMMANDS Example The following example shows how to display information for VLAN 1: Console#show vlan id 1 VLAN Type Name Status Ports/Channel groups ---- ------- ---------------- --------- ---------------------------------1 Static DefaultVlan Active Eth1/ 1 Eth1/ 2 Eth1/ 3 Eth1/ 4 Eth1/ 5 Eth1/ 6 Eth1/ 7 Eth1/ 8 Eth1/ 9 Eth1/10 Eth1/11 Eth1/12 Eth1/13 Eth1/14 Eth1/15 Eth1/16 Eth1/17 Eth1/18 Eth1/19 Eth1/20 Eth1/21 Eth1/22 Eth1/23 Eth1/24 Eth1/25 Eth1/26 Console# Configuring Private VLANs Private VLAN
COMMAND LINE INTERFACE Command Usage • A private VLAN provides port-based security and isolation between ports within the VLAN. Data traffic on the downlink ports can only be forwarded to, and from, the uplink port. • Private VLANs and normal VLANs can exist simultaneously within the same switch. • Entering the pvlan command without any parameters enables the private VLAN. Entering no pvlan disables the private VLAN.
GVRP AND BRIDGE EXTENSION COMMANDS GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB.
COMMAND LINE INTERFACE Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. Example Console(config)#bridge-ext gvrp Console(config)# show bridge-ext Use this command to show the configuration for bridge extension commands.
GVRP AND BRIDGE EXTENSION COMMANDS Example Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Disabled GMRP: Disabled Console# switchport gvrp Use this command to enable GVRP for a port. Use the no form to disable it.
COMMAND LINE INTERFACE show gvrp configuration Use this command to show if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows both global and interface-specific configuration.
GVRP AND BRIDGE EXTENSION COMMANDS Default Setting • join: 20 centiseconds • leave: 60 centiseconds • leaveall: 1000 centiseconds Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate.
COMMAND LINE INTERFACE show garp timer Use this command to show the GARP timers for the selected interface. Syntax show garp timer [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows all GARP timers.
PRIORITY COMMANDS Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
COMMAND LINE INTERFACE switchport priority default Use this command to set a priority for incoming untagged frames. Use the no form to restore the default value. Syntax switchport priority default default-priority-id no switchport priority default default-priority-id - The priority number for untagged ingress traffic. The priority is a number from 0 to 7. Seven is the highest priority. Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero.
PRIORITY COMMANDS Example The following example shows how to set a default priority on port 3 to 5: Console(config)#interface ethernet 1/3 Console(config-if)#switchport priority default 5 queue bandwidth Use this command to assign weighted round-robin (WRR) weights to the four class of service (CoS) priority queues. Use the no form to restore the default weights. Syntax queue bandwidth weight1...weight4 no queue bandwidth weight1...
COMMAND LINE INTERFACE queue cos-map Use this command to assign class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 3). Use the no form set the CoS map to the default values. Syntax queue cos-map queue_id [cos1 ... cosn] no queue cos-map • queue_id - The ID of the priority queue. Ranges are 0 to 3, where 3 is the highest priority queue. • cos1 .. cosn - The CoS values that are mapped to the queue ID. It is a space-separated list of numbers.
PRIORITY COMMANDS Command Usage CoS assigned at the ingress port is used to select a CoS priority at the egress port.
COMMAND LINE INTERFACE show queue cos-map Use this command to show the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
PRIORITY COMMANDS Priority Commands (Layer 3 and 4) Command Function Mode Page map ip port Enables TCP/UDP class of service mapping GC map ip port Maps TCP/UDP socket to a class of service IC 4-187 4-188 map ip precedence Enables IP precedence class of service mapping GC 4-189 map ip precedence Maps IP precedence value to a class of service IC 4-189 map ip dscp Enables IP DSCP class of service mapping GC 4-191 map ip dscp Maps IP DSCP value to a class of service IC 4-191 show map ip po
COMMAND LINE INTERFACE Example The following example shows how to enable TCP/UDP port mapping globally: Console(config)#map ip port Console(config)# map ip port (Interface Configuration) Use this command to set IP port priority (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port-number cos cos-value no map ip port port-number • port-number - 16-bit TCP/UDP port number.
PRIORITY COMMANDS map ip precedence (Global Configuration) Use this command to enable IP precedence mapping (i.e., IP Type of Service). Use the no form to disable IP precedence mapping. Syntax map ip precedence no map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled.
COMMAND LINE INTERFACE Default Setting The list below shows the default priority mapping. IP Precedence Value CoS Value 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence values are mapped to default Class of Service values on a one-to-one basis according to recommendations in the IEEE 802.
PRIORITY COMMANDS map ip dscp (Global Configuration) Use this command to enable IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax map ip dscp no map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled.
COMMAND LINE INTERFACE Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0. IP DSCP Value CoS Value 0 0 8 1 10, 12, 14, 16 2 18, 20, 22, 24 3 26, 28, 30, 32, 34, 36 4 38, 40, 42 5 48 6 46, 56 7 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.
PRIORITY COMMANDS show map ip port Use this command to show the IP port priority map. Syntax show map ip port [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port Port no.
COMMAND LINE INTERFACE show map ip precedence Use this command to show the IP precedence priority map. Syntax show map ip precedence [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
PRIORITY COMMANDS show map ip dscp Use this command to show the IP DSCP priority map. Syntax show map ip dscp [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 . . .
COMMAND LINE INTERFACE Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
MULTICAST FILTERING COMMANDS ip igmp snooping Use this command to enable IGMP snooping on this switch. Use the no form to disable it. Syntax ip igmp snooping no ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static Use this command to add a port to a multicast group. Use the no form to remove the port.
COMMAND LINE INTERFACE Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port: Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/5 Console(config)# ip igmp snooping version Use this command to configure the IGMP snooping version. Use the no form to restore the default.
MULTICAST FILTERING COMMANDS Example The following configures the switch to use IGMP Version 1: Console(config)#ip igmp snooping version 1 Console(config)# show ip igmp snooping Use this command to show the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Snooping Parameters” on page -137 for a description of the displayed items.
COMMAND LINE INTERFACE show mac-address-table multicast Use this command to show known multicast addresses. Syntax show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] • vlan-id - VLAN ID (1 to 4094) • user - Display only the user-configured multicast entries. • igmp-snooping - Display only entries learned through IGMP snooping. Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER, depending on selected options.
MULTICAST FILTERING COMMANDS IGMP Query Commands (Layer 2) Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4-201 ip igmp snooping query-count Configures the query count GC 4-202 ip igmp snooping query-interval Configures the query interval GC 4-203 ip igmp snooping Configures the report delay query-max-responsetime GC 4-203 ip igmp snooping router-port-expiretime GC 4-204 Configures the query timeout ip igmp snooping que
COMMAND LINE INTERFACE ip igmp snooping query-count Use this command to configure the query count. Use the no form to restore the default. Syntax ip igmp snooping query-count count no ip igmp snooping query-count count - The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group.
MULTICAST FILTERING COMMANDS ip igmp snooping query-interval Use this command to configure the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages.
COMMAND LINE INTERFACE Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries defined by the ip igmp snooping query-count, but a client has not responded, a countdown timer is started using an initial value set by this command.
MULTICAST FILTERING COMMANDS Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect.
COMMAND LINE INTERFACE ip igmp Use this command to enable IGMP on a VLAN interface. Use the no form of this command to disable IGMP on the specified interface. Syntax ip igmp no ip igmp Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage IGMP query can be enabled globally at Layer 2 via the ip igmp snooping command, or enabled for specific VLAN interfaces at Layer 3 via the ip igmp command. (Layer 2 query is disabled if Layer 3 query is enabled.
MULTICAST FILTERING COMMANDS ip igmp robustval Use this command to specify the robustness (i.e., expected packet loss) for this interface. Use the no form of this command to restore the default value. Syntax ip igmp robustval robust-value no ip igmp robustval robust-value - The robustness of this interface.
COMMAND LINE INTERFACE Default Setting 125 seconds Command Mode Interface Configuration (VLAN) Command Usage • Multicast routers send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multicast service. Only the designated multicast router for a subnet sends host query messages, which are addressed to the multicast address 224.0.0.1.
MULTICAST FILTERING COMMANDS Command Mode Interface Configuration (VLAN) Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines how long any responder (i.e., client or router) still in the group has to respond to a query message before the router deletes the group.
COMMAND LINE INTERFACE Default Setting 1 second Command Mode Interface Configuration (VLAN) Command Usage • A multicast client sends an IGMP leave message when it leaves a group. The router then checks to see if this was the last host in the group by sending an IGMP query and starting a timer based on this command. If no reports are received before the timer expires, the group is deleted. • This value may be tuned to modify the leave latency of the network.
MULTICAST FILTERING COMMANDS Command Mode Interface Configuration (VLAN) Command Usage • All routers on the subnet must support the same version. However, the multicast hosts on the subnet may support either IGMP version 1 or 2. • The switch must be set to version 2 to enable the ip igmp max-resp-interval (page 4-208).
COMMAND LINE INTERFACE Example The following example shows the IGMP configuration for VLAN 1, as well as the device currently serving as the IGMP querier for this multicast service. Console#show ip igmp interface vlan 1 Vlan 1 is up IGMP is enable, version is 2 Robustness variable is 2 Query interval is 125 sec Query Max Response Time is 10 sec, Last Member Query Interval is 1 sec Querier is 10.1.0.253 Console# clear ip igmp group Use this command to delete entries from the IGMP cache.
MULTICAST FILTERING COMMANDS Example The following example clears all multicast group entries for VLAN 1: Console#clear ip igmp group interface vlan 1 Console# show ip igmp groups Use this command to display information on multicast groups active on this switch. Syntax show ip igmp groups [group-address | interface vlan vlan-id] • group-address - IP address of the multicast group. • vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays information for all known groups.
COMMAND LINE INTERFACE Example The following shows the IGMP groups currently active on VLAN 1: Console#show ip igmp groups vlan 1 GroupAddress InterfaceVlan Lastreporter Uptime Expire V1Timer --------------- --------------- --------------- -------- -------- --------234.5.6.8 1 10.1.5.19 7068 220 0 Console# 4-214 Field Description GroupAddress IP multicast group address with subscribers directly attached or downstream from this switch.
IP INTERFACE COMMANDS IP Interface Commands There are no IP addresses assigned to this router by default. You must manually configure a new address to manage the router over your network or to connect the router to existing IP subnets. You may also need to a establish a default gateway between this device and management stations or other devices that exist on another network segment (if routing is not enabled).
COMMAND LINE INTERFACE ip address Use this command to set the IP address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} [secondary] no ip address • ip-address - IP address • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • bootp - Obtains IP address from BOOTP. • dhcp - Obtains IP address from DHCP.
IP INTERFACE COMMANDS You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the configuration program. • An interface can have only one primary IP address, but can have many secondary IP addresses.
COMMAND LINE INTERFACE ip default-gateway Use this command to a establish a static route between this router and devices that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default gateway Default Setting No static route is established. Command Mode Global Configuration Command Usage • The gateway specified in this command is only valid if routing is disabled with the no ip routing command.
IP INTERFACE COMMANDS show ip interface Use this command to display the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Example Console#show ip interface Vlan 1 is up, addressing mode is User Interface address is 10.1.0.254, mask is 255.255.255.0, Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled Console# Related Commands show ip redirects (4-219) show ip redirects Use this command to show the default gateway configured for this device.
COMMAND LINE INTERFACE ping Use this command to send ICMP echo request packets to another node on the network. Syntax ping host [count count][size size] • host - IP address or IP alias of the host. • count - Number of packets to send. (Range: 1-16, default: 5) • size - Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the size specified because the router adds header information. Default Setting This command has no default for the host.
IP INTERFACE COMMANDS Example Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.1.0.
COMMAND LINE INTERFACE arp Use this command to add a static entry in the Address Resolution Protocol (ARP) cache. Use the no form to remove an entry from the cache. Syntax arp ip-address hardware-address no arp ip-address • ip-address - IP address to map to a specified hardware address. • hardware-address - Hardware address to map to a specified IP address. (The format for this address is xx-xx-xx-xx-xx-xx.
IP INTERFACE COMMANDS arp-timeout Use this command to set the aging time for dynamic entries in the Address Resolution Protocol (ARP) cache. Use the no form to restore the default. Syntax arp-timeout seconds no arp-timeout seconds - The time a dynamic entry remains in the ARP cache. (Range: 300-86400; 86400 is one day) Default Setting 1200 seconds (20 minutes) Command Mode Global Configuration Command Usage Use the show arp command to display the current cache timeout value.
COMMAND LINE INTERFACE show arp Use this command to display entries in the Address Resolution Protocol (ARP) cache. Command Mode Normal Exec, Privileged Exec Command Usage This command displays information about the ARP cache. The first line shows the cache timeout. It also shows each cache entry, including the corresponding IP address, MAC address, type (static, dynamic, other), and VLAN interface. Note that entry type “other” indicates local addresses for this router.
IP ROUTING COMMANDS Command Mode Interface Configuration (VLAN) Command Usage Proxy ARP allows a non-routing device to determine the MAC address of a host on another subnet or network. Example Console(config)#interface vlan 3 Console(config-if)#ip proxy-arp Console(config-if)# IP Routing Commands After you configure network interfaces for this router, you must set the paths used to send traffic between different interfaces.
COMMAND LINE INTERFACE Global Routing Configuration Command Function Mode Page ip routing Enables static and dynamic IP routing GC 4-226 ip route Configures static routes GC 4-227 clear ip route Deletes specified entries from the routing table PE 4-228 show ip route Displays specified entries in the routing table PE 4-228 show ip traffic Displays statistics for IP, ICMP, UDP, TCP and PE ARP protocols 4-229 ip routing Use this command to enable IP routing.
IP ROUTING COMMANDS ip route Use this command to configure static routes. Use the no form to remove static routes. Syntax ip route {destination-ip netmask | default} {gateway} [metric metric] no ip route {destination-ip netmask | default | *} • destination-ip – IP address of the destination network, subnetwork, or host. • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • default – Sets this entry as the default route.
COMMAND LINE INTERFACE clear ip route Use this command to remove dynamically learned entries from the IP routing table. Syntax clear ip route {network [netmask] | *} • network – Network or subnet address. • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • * – Removes all dynamic routing table entries. Command Mode Privileged Exec Command Usage • This command only clears dynamically learned routes.
IP ROUTING COMMANDS Command Usage If the address is specified without the netmask parameter, the router displays all routes for the corresponding natural class address (page 4-233). Example Console#show ip route Ip Address Netmask Next Hop Protocol Metric Interface --------------- --------------- --------------- ---------- ------ --------0.0.0.0 0.0.0.0 10.2.48.102 static 0 1 10.2.48.2 255.255.252.0 10.2.48.16 local 0 1 10.2.5.6 255.255.255.0 10.2.8.12 RIP 1 2 10.3.9.1 255.255.255.0 10.2.9.
COMMAND LINE INTERFACE Example Console#show ip traffic IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragment Sent: 9 generated 0 no route ICMP statistics: Rcvd: 0 checksum errors, 0 redirects, 0 unreachable, 0 echo 5 echo reply, 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp Sent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply 0 mask requests, 0 mask replies, 0 quench, 0
IP ROUTING COMMANDS Routing Information Protocol (RIP) Command Function Mode Page router rip Enables the RIP routing protocol GC 4-231 timers basic Sets basic timers, including update, timeout, garbage collection RC 4-232 network Specifies the network interfaces that are to use RC RIP routing 4-233 neighbor Defines a neighboring router with which to exchange information RC 4-234 version Specifies the RIP version to use on all network RC interfaces (if not already specified with a receive
COMMAND LINE INTERFACE Command Mode Global Configuration Default Setting Disabled Command Usage • RIP is used to specify how routers exchange routing table information. • This command is also used to enter router configuration mode. Example Console(config)#router rip Console(config-router)# Related Commands network (4-233) timers basic Use this command to configure the RIP update timer, timeout timer, and garbage- collection timer. Use the no form to restore the defaults.
IP ROUTING COMMANDS Command Usage • The update timer sets the rate at which updates are sent. This is the fundamental timer used to control all basic RIP processes. • The timeout timer is the time after which there have been no update messages that a route is declared dead. The route is marked inaccessible (i.e., the metric set to infinite) and advertised as unreachable. However, packets are still forwarded on this route.
COMMAND LINE INTERFACE Default Setting No networks are specified. Command Usage • RIP only sends updates to interfaces specified by this command. • Subnet addresses are interpreted as class A, B or C, based on the first field in the specified address. In other words, if a subnet address nnn.xxx.xxx.xxx is entered, the first field (nnn) determines the class: 0 - 127 is class A, and only the first field in the network address is used.
IP ROUTING COMMANDS Command Usage This command can be used to configure a static neighbor with which this router will exchange information, rather than relying on broadcast messages generated by the RIP protocol. Example Console(config-router)#neighbor 10.2.0.254 Console(config-router)# version Use this command to specify a RIP version used globally by the router. Use the no form to restore the default value.
COMMAND LINE INTERFACE Example This example sets the global version for RIP to send and receive version 2 packets. Console(config-router)#version 2 Console(config-router)# Related Commands ip rip receive version (4-236) ip rip send version (4-237) ip rip receive version Use this command to specify a RIP version to receive on an interface. Use the no form to restore the default value.
IP ROUTING COMMANDS • You can specify the receive version based on these options: - Use “none” if you do not want to add any dynamic entries to the routing table for an interface. (For example, you may only want to allow static routes for a specific interface.) - Use “1” or “2” if all routers in the local network are based on RIPv1 or RIPv2, respectively. - Use “1 2” if some routers in the local network are using RIPv2, but there are still some older routers using RIPv1.
COMMAND LINE INTERFACE Default Setting The default depends on the setting specified with the version command: Global RIPv1 - Routes broadcast to other routers with RIPv2 Global RIPv2 - RIPv2 packets Command Usage • Use this command to override the global setting specified by the RIP version command. • You can specify the receive version based on these options: - Use “none” to passively monitor route information advertised by other routers attached to the network.
IP ROUTING COMMANDS ip split-horizon Use this command to enable split-horizon or poison-reverse (a variation) on an interface. Use the no form to disable split-horizon. Syntax ip split-horizon [poison-reverse] no ip split-horizon poison-reverse - Enables poison-reverse on the current interface. Command Mode Interface Configuration (VLAN) Default Setting split-horizon Command Usage • Split horizon never propagates routes back to an interface from which they have been acquired.
COMMAND LINE INTERFACE ip rip authentication key Use this command to enable authentication for RIPv2 packets and to specify the key that must be used on an interface. Use the no form to prevent authentication. Syntax ip rip authentication key key-string no ip rip authentication key-string - A password used for authentication.
IP ROUTING COMMANDS ip rip authentication mode Use this command to specify the type of authentication that can be used on an interface. Note that the current firmware version only supports a simple password. Use the no form to restore the default value. Syntax ip rip authentication mode {text} no ip rip authentication mode text - Indicates that a simple password will be used.
COMMAND LINE INTERFACE show rip globals Use this command to display global configuration settings for RIP. Command Mode Privileged Exec Example Console#show rip globals RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 0 Number of Queries: 1 Console# Field Description RIP Process Indicates if RIP has been enabled or disabled. Update Time in Seconds The interval at which RIP advertises known route information.
IP ROUTING COMMANDS Command Mode Privileged Exec Example Console#show ip rip configuration Interface SendMode ReceiveMode Poison Authentication --------------- --------------- ------------- -------------- -----------------10.1.0.253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10.1.1.253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication Console#show ip rip status Interface RcvBadPackets RcvBadRoutes SendUpdates --------------- --------------- -------------- --------------10.1.0.253 0 0 13 10.
COMMAND LINE INTERFACE Field Description Version Whether RIPv1 or RIPv2 packets were received from this peer. RcvBadPackets Number of bad RIP packets received from this peer. RcvBadRoutes Number of bad routes received from this peer.
IP ROUTING COMMANDS Command Function Mode Page Specifies the authentication type for an interface IC 4-263 IC 4-264 ip ospf Enables MD5 authentication and sets the key IC message-digest-key for an interface 4-265 ip ospf cost Specifies the cost of sending a packet on an interface IC 4-266 ip ospf dead-interval Sets the interval at which hello packets are not IC seen before neighbors declare the router down 4-267 ip ospf hello-interval Specifies the interval between sending hello packets I
COMMAND LINE INTERFACE Command Function Mode Page show ip ospf summary-address Displays all summary address redistribution information PE 4-283 show ip ospf virtual-links Displays parameters and the adjacency state of PE virtual links 4-284 router ospf Use this command to enable Open Shortest Path First (OSPF) routing for all IP interfaces on the router. Use the no form to disable it.
IP ROUTING COMMANDS router-id Use this command to assign a unique router ID for this device within the autonomous system. Use the no form to use the default router identification method (i.e., the lowest interface address). Syntax router-id ip-address no router-id ip-address - Router ID formatted as an IP address. Command Mode Router Configuration Default Setting Lowest interface address Command Usage • The router ID must be unique for every router in the autonomous system.
COMMAND LINE INTERFACE compatible rfc1583 Use this command to calculate summary route costs using RFC 1583 (OSPFv1). Use the no form to calculate costs using RFC 2328 (OSPFv2). Syntax compatible rfc1583 no compatible rfc1583 Command Mode Router Configuration Default Setting RFC 1583 compatible Command Usage All routers in an OSPF routing domain should use the same RFC for calculating summary routes.
IP ROUTING COMMANDS Command Mode Router Configuration Default Setting Disabled Command Usage • The metric for the default external route is used to calculate the path cost for traffic passed from other routers within the AS out through the ASBR. • When you use this command to redistribute routes into a routing domain (i.e., an Autonomous System, this router automatically becomes an Autonomous System Boundary Router (ASBR).
COMMAND LINE INTERFACE timers spf Use this command to configure the hold time between making two consecutive shortest path first (SPF) calculations. Use the no form to restore the default value. Syntax timers spf spf-holdtime no timers spf spf-holdtime - Minimum time between two consecutive SPF calculations. (Range: 0-65535 seconds) Command Mode Router Configuration Default Setting 10 seconds Command Usage • Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations.
IP ROUTING COMMANDS area range Use this command to summarize the routes advertised by an Area Border Router (ABR). Use the no form to disable this function. Syntax area area-id range ip-address netmask [advertise | not-advertise] no area area-id range ip-address netmask [advertise | not-advertise] • area-id - Identifies an area for which the routes are summarized. (The area ID must be in the form of an IP address.) • ip-address - Base address for the routes to summarize.
COMMAND LINE INTERFACE area default-cost Use this command to specify a cost for the default summary route sent into a stub or not-so-stubby area (NSSA) from an Area Border Router (ABR). Use the no form to remove the assigned default cost. Syntax area area-id default-cost cost no area area-id default-cost • area-id - Identifier for a stub or NSSA, in the form of an IP address. • cost - Cost for the default summary route sent to a stub or NSSA.
IP ROUTING COMMANDS summary-address Use this command to aggregate routes learned from other protocols. Use the no form to remove a summary address. Syntax summary-address summary-address netmask no summary-address summary-address netmask • summary-address - Summary address covering a range of addresses. • netmask - Network mask for the summary route.
COMMAND LINE INTERFACE redistribute Use this command to import external routing information from other routing domains (i.e., protocols) into the autonomous system. Use the no form to disable this feature. Syntax redistribute [rip | static] [metric metric-value] [metric-type type-value] no redistribute [rip | static] [metric metric-value] [metric-type type-value] • rip - External routes will be imported from the Routing Information Protocol into this Autonomous System.
IP ROUTING COMMANDS • Metric type specifies the way to advertise routes to destinations outside the AS via External LSAs. Specify Type 1 to add the internal cost metric to the external route metric. In other words, the cost of the route from any router within the AS is equal to the cost associated with reaching the advertising ASBR, plus the cost of the external route. Specify Type 2 to only advertise the external route metric.
COMMAND LINE INTERFACE Command Usage • An area ID uniquely defines an OSPF broadcast area. The area ID 0.0.0.0 indicates the OSPF backbone for an autonomous system. Each router must be connected to the backbone via a direct connection or a virtual link. • Set the area ID to the same value for all routers on a network segment using the network mask to add one or more interfaces to an area.
IP ROUTING COMMANDS area stub Use this command to define a stub area. To remove a stub, use the no form without the optional keyword. To remove the summary attribute, use the no form with the summary keyword. Syntax area area-id stub [summary] no area area-id stub [summary] • area-id - Identifies the stub area. (The area ID must be in the form of an IP address.) • summary - Makes an Area Border Router (ABR) send a summary link advertisement into the stub area.
COMMAND LINE INTERFACE Related Commands area default-cost (4-252) area nssa Use this command to define a not-so-stubby area (NSSA). To remove an NSSA, use the no form without any optional keywords. To remove an optional attribute, use the no form without the relevant keyword. Syntax area area-id nssa [no-redistribution] [default-information-originate] no area area-id nssa [no-redistribution] [default-information-originate] • area-id - Identifies the NSSA. (The area ID must be in the form of an IP address.
IP ROUTING COMMANDS Command Usage • All routers in a NSSA must be configured with the same area ID. • An NSSA is similar to a stub, because when the router is an ABR, it can send a default route for other areas in the AS into the NSSA using the default- information-originate keyword.
COMMAND LINE INTERFACE area virtual-link Use this command to define a virtual link. To remove a virtual link, use the no form with no optional keywords. To restore the default value for an attribute, use the no form with the required keyword.
IP ROUTING COMMANDS • • • • • to an autonomous system. (Range: 1-65535 seconds; Default: 10 seconds) retransmit-interval seconds - Specifies the interval at which the ABR retransmits link-state advertisements (LSA) over the virtual link. The retransmit interval should be set to a conservative value that provides an adequate flow of routing information, but does not produce unnecessary protocol traffic. However, note that this value should be larger for virtual links.
COMMAND LINE INTERFACE Default Setting area-id: None router-id: None hello-interval: 10 seconds retransmit-interval: 5 seconds transmit-delay: 1 second dead-interval: 40 seconds authentication-key: None message-digest-key: None Command Usage • All areas must be connected to a backbone area (0.0.0.0) to maintain routing connectivity throughout the autonomous system. If it not possible to physically connect an area to the backbone, you can use a virtual link.
IP ROUTING COMMANDS ip ospf authentication Use this command to specify the authentication type used for an interface. Enter this command without any optional parameters to specify plain text (or simple password) authentication. Use the no form to restore the default of no authentication. Syntax ip ospf authentication [message-digest | null] no ip ospf authentication • message-digest - Specifies message-digest (MD5) authentication. • null - Indicates that no authentication is used.
COMMAND LINE INTERFACE ip ospf authentication-key Use this command to assign a simple password to be used by neighboring routers. Use the no form to remove the password. Syntax ip ospf authentication-key key no ip ospf authentication-key key - Sets a plain text password.
IP ROUTING COMMANDS ip ospf message-digest-key Use this command to enable message-digest (MD5) authentication on the specified interface and to assign a key-id and key to be used by neighboring routers. Use the no form to remove an existing key. Syntax ip ospf message-digest-key key-id md5 key no ip ospf message-digest-key key-id • key-id - Index number of an MD5 key. (Range: 1-255) • key - Alphanumeric password used to generate a 128 bit message digest or “fingerprint.
COMMAND LINE INTERFACE Related Commands ip ospf authentication (4-263) ip ospf cost Use this command to explicitly set the cost of sending a packet on an interface. Use the no form to restore the default value. Syntax ip ospf cost cost no ip ospf cost cost - Link metric for this interface. Use higher values to indicate slower ports. (Range: 1-65535) Command Mode Interface Configuration (VLAN) Default Setting 1 Command Usage Interface cost reflects the port speed.
IP ROUTING COMMANDS ip ospf dead-interval Use this command to set the interval at which hello packets are not seen before neighbors declare the router down. Use the no form to restore the default value. Syntax ip ospf dead-interval seconds no ip ospf dead-interval seconds - The maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down. This interval must be set to the same value for all routers on the network.
COMMAND LINE INTERFACE ip ospf hello-interval Use this command to specify the interval between sending hello packets on an interface. Use the no form to restore the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval seconds - Interval at which hello packets are sent from an interface. This interval must be set to the same value for all routers on the network.
IP ROUTING COMMANDS Command Mode Interface Configuration (VLAN) Default Setting 1 Command Usage • Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to any value other than zero, the router with the highest priority will become the DR and the router with the next highest priority becomes the BDR. If two or more routers are tied with the same highest priority, the router with the higher ID will be elected.
COMMAND LINE INTERFACE Command Usage A router will resend an LSA to a neighbor if it receives no acknowledgment. The retransmit interval should be set to a conservative value that provides an adequate flow of routing information, but does not produce unnecessary protocol traffic. Note that this value should be larger for virtual links.
IP ROUTING COMMANDS show ip ospf Use this command to show basic information about the routing configuration. Command Mode Privileged Exec Example Console#show ip ospf Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route It is an area border and autonomous system boundary router Redistributing External Routes from, rip with metric mapped to 10 Number of area in this router is 2 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 19 times Area 10.1.0.
COMMAND LINE INTERFACE show ip ospf border-routers Use this command to show entries in the routing table that lead to an Area Border Router (ABR) or Autonomous System Boundary Router (ASBR). Command Mode Privileged Exec Example Console#show ip ospf border-routers Destination Next Hop Cost Type RteType Area SPF No --------------- --------------- ------ ----- -------- --------------- ------10.1.1.252 10.1.1.253 0 ABR INTRA 10.1.0.0 3 10.2.6.252 10.2.9.253 0 ASBR INTER 10.2.0.
IP ROUTING COMMANDS show ip ospf database Use this command to show information about different OSPF Link State Advertisements (LSAs) stored in this router’s database.
COMMAND LINE INTERFACE • • • • • • • Also, note that when an Type 5 ASBR External LSA is describing a default route, its link-state-id is set to the default destination (0.0.0.0). self-originate - Shows LSAs originated by this router. database-summary - Shows a count for each LSA type for each area stored in the database, and the total number of LSAs in the database. external - Shows information about external LSAs. network - Shows information about network LSAs.
IP ROUTING COMMANDS The following shows output when using the asbr-summary keyword. Console#show ip ospf database asbr-summary OSPF Router with id(10.1.1.253) Displaying Summary ASB Link States(Area 0.0.0.0) LS age: 433 Options: (No TOS-capability) LS Type: Summary Links (AS Boundary Router) Link State ID: 192.168.5.1 (AS Boundary Router's Router ID) Advertising Router: 192.168.1.5 LS Sequence Number: 80000002 LS Checksum: 0x51E2 Length: 32 Network Mask: 255.255.255.
COMMAND LINE INTERFACE The following shows output when using the database-summary keyword. Console#show ip ospf database database-summary Area ID (10.1.0.
IP ROUTING COMMANDS Field Description OSPF Router id Router ID LS age Age of LSA (in seconds) Options Optional capabilities associated with the LSA LS Type AS External Links - LSA describes routes to destinations outside the AS (including default external routes for the AS) Link State ID IP network number (External Network Number) Advertising Router Advertising router ID LS Sequence Number Sequence number of LSA (used to detect older duplicate LSAs) LS Checksum Checksum of the complete cont
COMMAND LINE INTERFACE The following shows output when using the network keyword. Console#show ip ospf database network OSPF Router with id(10.1.1.253) Displaying Net Link States(Area 10.1.0.0) Link State Data Network (Type 2) ------------------------------LS age: 433 Options: Support External routing capability LS Type: Network Links Link State ID: 10.1.1.252 (IP interface address of the Designated Router) Advertising Router: 10.1.1.
IP ROUTING COMMANDS The following shows output when using the router keyword. Console#show ip ospf database router OSPF Router with id(10.1.1.253) Displaying Router Link States(Area 10.1.0.0) Link State Data Router (Type 1) ------------------------------LS age: 233 Options: Support External routing capability LS Type: Router Links Link State ID: 10.1.1.252 (Originating Router's Router ID) Advertising Router: 10.1.1.
COMMAND LINE INTERFACE Field Description Link ID Link type and corresponding Router ID or network address Link Data • Router ID for transit network • Network's IP address mask for stub network • Neighbor Router ID for virtual link Link Type Link-state type, including transit network, stub network, or virtual link Number of TOS metrics Type of Service metric – This router only supports TOS 0 (or normal service) Metrics Cost of the link The following shows output when using the summary keyword.
IP ROUTING COMMANDS Field Description LS Sequence Number Sequence number of LSA (used to detect older duplicate LSAs) LS Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Network Mask Destination network’s IP address mask Metrics Cost of the link show ip ospf interface Use this command to display summary information for OSPF interfaces.
COMMAND LINE INTERFACE Field Description Cost Interface transmit cost Transmit Delay Interface transmit delay (in seconds) State • Disabled – OSPF not enabled on this interface • Down – OSPF is enabled on this interface, but interface is down • Loopback – This is a loopback interface • Waiting – Router is trying to find the DR and BDR • DR – Designated Router State (continued) • BDR – Backup Designated Router • DRother – Interface is on a multiaccess network, but is not the DR or BDR Priority Rou
IP ROUTING COMMANDS Field Description ID Neighbor’s router ID Pri Neighbor’s router priority State OSPF state and identification flag States include: Down – Connection down Attempt – Connection down, but attempting contact (for non-broadcast networks) Init – Have received Hello packet, but communications not yet established Two-way – Bidirectional communications established ExStart – Initializing adjacency between neighbors Exchange – Database descriptions being exchanged Loading – LSA databases bein
COMMAND LINE INTERFACE Related Commands summary-address (4-253) show ip ospf virtual-links Use this command to display detailed information about virtual links. Syntax show ip ospf virtual-links Command Mode Privileged Exec Example Console#show ip ospf virtual-links Virtual Link to router 10.1.1.253 is up Transit area 10.1.1.
MULTICAST ROUTING COMMANDS Multicast Routing Commands This router uses IGMP snooping and query to determine the ports connected to downstream multicast hosts, and to propagate this information back up through the multicast tree to ensure that requested services are forwarded through each intermediate node between the multicast server and its hosts, and also to filter traffic from all of the other interfaces that do not require these services.
COMMAND LINE INTERFACE ip igmp snooping vlan mrouter Use this command to statically configure a multicast router port. Use the no form to remove the configuration. Syntax ip igmp snooping vlan vlan-id mrouter interface no ip igmp snooping vlan vlan-id mrouter interface • vlan-id - VLAN ID (Range: 1-4094) • interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting No static multicast router ports are configured.
MULTICAST ROUTING COMMANDS show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic.
COMMAND LINE INTERFACE ip multicast-routing Use this command to enable IP multicast routing. Use the no form to disable IP multicast routing. Syntax ip multicast-routing no ip multicast-routing Default Setting Disabled Command Mode Global Configuration Command Usage This command is used to enable multicast routing globally for the router.
MULTICAST ROUTING COMMANDS Command Mode Privileged Exec Command Usage This command displays information for multicast routing. If no optional parameters are selected, detailed information for each entry in the multicast address table is displayed. If you select a multicast group and source pair, detailed information is displayed only for the specified entry. If the summary option is selected, an abbreviated list of information for each entry is displayed on a single line.
COMMAND LINE INTERFACE This example lists all entries in the multicast table in summary form: Console#show ip mroute summary IP Multicast Forwarding is enabled. IP Multicast Routing Table (Summary) Flags: P - Prune UP Group Source Source Mask Interface Owner Flags --------------- --------------- --------------- ---------- ------- -----224.1.1.1 10.1.0.0 255.255.0.0 vlan1 DVMRP P 224.2.2.2 10.1.0.0 255.255.0.
MULTICAST ROUTING COMMANDS Command Function Mode Page show ip dvmrp route Displays DVMRP routing information NE, PE 4-299 show ip dvmrp neighbor Displays DVMRP neighbor information NE, PE 4-300 show ip dvmrp interface Displays DVMRP configuration settings for the interfaces NE, PE 4-301 router dvmrp Use this command to enable Distance-Vector Multicast Routing (DVMRP) globally for the router and to enter router configuration mode. Use the no form to disable DVMRP multicast routing.
COMMAND LINE INTERFACE Related Commands ip dvmrp (4-296) show router dvmrp (4-298) probe-interval Use this command to set the interval for sending neighbor probe messages to the multicast group address for all DVMRP routers. Use the no form to restore the default value. Syntax probe-interval seconds seconds - Interval between sending neighbor probe messages.
MULTICAST ROUTING COMMANDS nbr-timeout Use this command to set the interval to wait for messages from a DVMRP neighbor before declaring it dead. Use the no form to restore the default value. Syntax nbr-timeout seconds seconds - Interval before declaring a neighbor dead. (Range: 1-65535) Default Setting 35 seconds Command Mode Router Configuration Command Usage This command is used for timing out routes, and for setting the children and leaf flags.
COMMAND LINE INTERFACE Command Mode Router Configuration Example Console(config-router)#report-interval 90 Console(config-router)# flash-update-interval Use this command to specify how often to send trigger updates, which reflect changes in the network topology. Use the no form to restore the default value. Syntax flash-update-interval seconds seconds - Interval between sending flash updates when network topology changes have occurred.
MULTICAST ROUTING COMMANDS Default Setting 7200 seconds Command Mode Router Configuration Command Usage This command sets the prune state lifetime. After the prune state expires, the router will resume flooding multicast traffic from the multicast source device. Example Console(config-router)#prune-lifetime 5000 Console(config-router)# default-gateway Use this command to specify the default DVMRP gateway for IP multicast traffic. Use the no form to remove the default gateway.
COMMAND LINE INTERFACE to the router. When the router receives these messages, it records all the downstream routers for the default route. • When multicast traffic with an unknown source address (i.e., not found in the route table) is received on the default upstream route interface, the router forwards this traffic out through the other interfaces (with known downstream routers).
MULTICAST ROUTING COMMANDS Example Console(config)#interface vlan 1 Console(config-if)#ip dvmrp Console(config-if)#end Console#show ip dvmrp interface Vlan 1 is up DVMRP is enabled Metric is 1 Console# ip dvmrp metric Use this command to configure the metric used in selecting the reverse path to networks connected directly to an interface on this router. Use the no form to restore the default value.
COMMAND LINE INTERFACE clear ip dvmrp route Use this command to clear all dynamic routes learned by DVMRP. Command Mode Privileged Exec Example As shown below, this command clears everything from the route table except for the default route. Console#clear ip dvmrp route clear all ip dvmrp route Console#show ip dvmrp route Source Mask Upstream_nbr Interface Metric UpTime Expire --------------- --------------- --------------- --------- ------ ------ -----10.1.0.0 255.255.255.0 10.1.0.
MULTICAST ROUTING COMMANDS Example The default settings are shown in the following example: Console#show route dvmrp Admin Status Probe Interval Nbr expire Minimum Flash Update Interval prune lifetime route report Default Gateway Metric of Default Gateway Console# : : : : : : : : enable 10 35 5 7200 60 0.0.0.0 1 show ip dvmrp route Use this command to display all entries in the DVMRP routing table.
COMMAND LINE INTERFACE Field Description UpTime The time elapsed since this entry was created. Expire The time remaining before this entry will be aged out. show ip dvmrp neighbor Use this command to display all of the DVMRP neighbor routers. Command Mode Normal Exec, Privileged Exec Example Console#show ip dvmrp neighbor Address Interface Uptime Expire Capabilities ---------------- --------------- -------- -------- ------------10.1.0.
MULTICAST ROUTING COMMANDS show ip dvmrp interface Use this command to display the DVMRP configuration for interfaces which have enabled DVMRP.
COMMAND LINE INTERFACE Command Function show ip pim interface Displays information about interfaces configured for PIM show ip pim neighbor Mode Page NE, PE 4-309 Displays information about PIM neighbors NE, PE 4-309 router pim Use this command to enable Protocol-Independent Multicast - Dense Mode (PIM-DM) globally for the router and to enter router configuration mode. Use the no form to disable PIM-DM multicast routing.
MULTICAST ROUTING COMMANDS ip pim dense-mode Use this command to enable PIM-DM on the specified interface. Use the no form to disable PIM-DM on this interface.
COMMAND LINE INTERFACE Example Console(config)#interface vlan 1 Console(config-if)#ip pim dense-mode Console#show ip pim interface Vlan 1 is up PIM is enabled, mode is Dense. Internet address is 10.1.0.253. Hello time interval is 30 sec, trigger hello time interval is 5 sec. Hello holdtime is 105 sec. Join/Prune holdtime is 210 sec. Graft retry interval is 3 sec, max graft retries is 2. DR Internet address is 10.1.0.253, neighbor count is 0.
MULTICAST ROUTING COMMANDS ip pim hello-holdtime Use this command to configure the interval to wait for hello messages from a neighboring PIM router before declaring it dead. Use the no form to restore the default value. Syntax ip pim hello-holdtime seconds no ip pim hello-interval seconds - The hold time for PIM hello messages. (Range: 1-65535) Default Setting 105 seconds Command Mode Interface Configuration (VLAN) Command Usage The ip pim hello-holdtime should be 3.
COMMAND LINE INTERFACE Default Setting 5 seconds Command Mode Interface Configuration (VLAN) Command Usage • When a router first starts or PIM is enabled on an interface, the hello-interval is set to random value between 0 and the trigger-hello-interval. This prevents synchronization of Hello messages on multi-access links if multiple routers are powered on simultaneously.
MULTICAST ROUTING COMMANDS Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM interfaces on the router. If there are no requesting groups on that interface, the leaf node sends a prune message upstream and enters a prune state for this multicast stream. The prune state is maintained until the join-prune-holdtime timer expires or a graft message is received for the forwarding entry.
COMMAND LINE INTERFACE Example Console(config-if)#ip pim graft-retry-interval 9 Console(config-if)# ip pim max-graft-retries Use this command to configure the maximum number of times to resend a Graft message if it has not been acknowledged. Use the no form to restore the default value. Syntax ip pim max-graft-retries retries no ip pim graft-retry-interval retries - The maximum number of times to resend a Graft.
MULTICAST ROUTING COMMANDS show ip pim interface Use this command to display information about interfaces configured for PIM. Syntax show ip pim interface vlan-id vlan-id - VLAN ID (Range: 1-4094) Command Mode Normal Exec, Privileged Exec Command Usage This command displays the PIM settings for the specified interface as described in the preceding pages. It also shows the address of the designated PIM router and the number of neighboring PIM routers.
COMMAND LINE INTERFACE Command Mode Normal Exec, Privileged Exec Example Console#show ip pim neighbor Address VLAN Interface Uptime Expire Mode --------------- ---------------- -------- -------- ------10.1.0.254 1 17:38:16 00:01:25 Dense Console# 4-310 Field Description Address IP address of the next-hop router. VLAN Interface Interface number that is attached to this neighbor. Uptime The duration this entry has been active. Expire The time before this entry will be removed.
APPENDIX A TROUBLESHOOTING Troubleshooting Chart Symptom Action Cannot connect using • Be sure you have configured the agent with a valid IP Telnet, Web browser, or address, subnet mask and default gateway. SNMP software • If you are trying to connect to the agent via the IP address for a tagged VLAN group, your management station must include the appropriate tag in its transmitted frames. • Check that you have a valid network connection to the switch and that the port you are using has not been disabled.
TROUBLESHOOTING A-2
APPENDIX B UPGRADING FIRMWARE VIA THE SERIAL PORT The switch contains three firmware components that can be upgraded; the loader code, diagnostics (or Boot-ROM) code, and runtime operation code. The runtime code can be upgraded via the switch’s RS-232 serial console port, via a network connection to a TFTP server, or using SNMP management software. The loader code and diagnostics code can be upgraded only via the switch’s RS-232 serial console port.
UPGRADING FIRMWARE VIA THE SERIAL PORT power on or rebooting the switch.
12. If using Windows HyperTerminal, click the “Transfer” button, and then click “Send File....” Select the XModem Protocol and then use the “Browse” button to select the required firmware code file from your PC system. The “Xmodem file send” window displays the progress of the download procedure. Note: The download file must be a binary software file for this switch. 13. After the file has been downloaded, you are prompted with “Update Image File:” to specify the type of code file.
UPGRADING FIRMWARE VIA THE SERIAL PORT 16. To set the new downloaded file as the startup file, use the [S]et Startup File menu option. 17. When you have finished downloading code files, use the [C]hange Baudrate menu option to change the baud rate of the switch’s serial connection back to 9600 baud. 18. Set your PC’s terminal emulation software baud rate back to 9600 baud. Press to reset communications with the switch. 19. Press to quit the firmware-download mode and boot the switch.
GLOSSARY Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol (ARP) ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
GLOSSARY Dynamic Host Control Protocol (DHCP) Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allocation of reusable network addresses and additional configuration options. Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch.
GLOSSARY IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value. IEEE 802.
GLOSSARY Internet Group Management Protocol (IGMP) A protocol through which hosts can register with their local router for multicast services. If there is more than one multicast router on a given subnetwork, one of the routers is made the “querier” and assumes responsibility for keeping track of group membership. In-Band Management Management of the network from a station attached directly to the network.
GLOSSARY Management Information Base (MIB) An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group. Network Time Protocol (NTP) NTP provides the mechanisms to synchronize time across the network.
GLOSSARY Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. Protocol-Independent Multicasting (PIM) This multicast routing protocol floods multicast traffic downstream, and calculates the shortest-path back to the multicast source network via reverse path forwarding.
GLOSSARY Simple Network Time Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol (NTP) server. Updates can be requested from a specific NTP server, or can be received via broadcasts sent by NTP servers. Spanning Tree Protocol (STP) A technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems.
GLOSSARY XModem A protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected.
INDEX A acceptable frame type 3-115, 4-167 Access Control List See ACL ACL Extended IP 3-42, 4-75, 4-76, 4-79 MAC 3-42, 4-75, 4-84, 4-84–4-88 Standard IP 3-42, 4-75, 4-76, 4-78 Address Resolution Protocol See ARP address table 3-84, 4-141 aging time 3-87, 4-145 ARP configuration 3-159, 4-221 description 3-157 proxy 3-158, 4-224 statistics 3-164, 4-229 B BOOTP 3-20, 4-216 BPDU 3-88 broadcast storm, threshold 3-69, 4-126 C Class of Service See CoS CLI, showing commands 4-5 command line interface See CLI com
INDEX F GARP VLAN Registration Protocol See GVRP gateway, default 3-154, 4-218 GVRP global setting 3-107, 4-175 interface configuration 3-115, 4-177 BOOTP/DHCP 3-20, 4-98, 4-216 setting 2-6, 3-17, 4-216 IP port priority enabling 3-131, 4-187 mapping priorities 3-131, 4-188 IP precedence enabling 3-126, 4-189 mapping priorities 3-127, 4-189 IP routing 3-149, 4-225 configuring interfaces 3-155, 4-216 enabling or disabling 3-154, 4-226 status 3-154, 4-226 unicast protocols 3-152 IP, statistics 3-165, 4-229
INDEX routing table 3-219, 4-288 multicast services configuring 3-143, 4-197 displaying 3-142, 4-200 multicast, static router port 3-140, 4-286 O OSPF 3-186, 4-244 area border router 3-189, 4-251 AS summary route 3-208, 4-253 autonomous system boundary router 3-189, 4-249 backbone 3-192, 4-256 default external route 3-190, 4-248 general settings 3-188, 4-244 normal area 3-192, 4-255 NSSA 3-192, 4-258 redistributing external routes 3-210, 4-254 stub 3-192, 4-257 transit area 3-192, 4-260 virtual link 3-204,
INDEX S serial port configuring 4-13 XModem downloads B-1 Simple Network Management Protocol See SNMP SNMP 3-50 community string 3-50, 4-90 enabling traps 3-51, 4-94 trap manager 3-51, 4-93 software displaying version 3-14, 4-52 downloading 3-22, 4-53, B-1 Spanning Tree Protocol See STA STA 3-87, 4-146 edge port 3-97, 3-101, 4-156 global settings, configuring 3-92, 4-147–4-153 global settings, displaying 3-89, 4-160 interface settings 3-95, 4-154–4-159, 4-160 link type 3-98, 3-101, 4-158 path cost 3-97, 4-
INDEX W Web interface access requirements 3-1 configuration buttons 3-4 home page 3-3 menu list 3-5 panel display 3-4 X XModem downloads B-1 Index-5
INDEX Index-6
FOR TECHNICAL SUPPORT, CALL: From U.S.A. and Canada (24 hours a day, 7 days a week) (800) SMC-4-YOU; Phn: (949) 679-8000; Fax: (949) 679-1481 From Europe Contact details can be found on www.smc-europe.com or www.smc.com INTERNET E-mail addresses: techsupport@smc.com european.techsupport@smc-europe.com Driver updates: http://www.smc.com/index.cfm?action=tech_support_drivers_downloads World Wide Web: http://www.smc.com http://www.smc-europe.com FOR LITERATURE OR ADVERTISING RESPONSE, CALL: U.S.A.
