Smc-networks 16 10BASE-T Manual de usuario

TigerSwitch 10/10016-Port Fast Ethernet Switch◆ 16 10BASE-T/100BASE-TX ports◆ Optional 1000BASE-X or 100BASE-FX modules◆ 8.8 Gbps of aggregate band

ContentsivConfiguring IGMP Snooping and Query Parameters 3-133Displaying Interfaces Attached to a Multicast Router 3-135Specifying Static Interfaces

Configuring the Switch3-643CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configurati

Port Configuration3-653- Sym (Gigabit only) - Check this item to transmit and receive pause frames, or clear it to auto-negotiate the sender and recei

Configuring the Switch3-663Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk o

Port Configuration3-673Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of different

Configuring the Switch3-683CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch

Port Configuration3-693Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you h

Configuring the Switch3-703Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the follo

Port Configuration3-713Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

Configuring the Switch3-723CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG.Conso

Port Configuration3-733Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Infor

Contentsvreload 4-22end 4-22exit 4-23quit 4-23System Management Commands 4-24Device Designation Commands 4-24prompt 4-24hostname 4-25User Access Com

Configuring the Switch3-743Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for

Port Configuration3-753Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-45.

Configuring the Switch3-763Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for

Port Configuration3-773CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel

Configuring the Switch3-783Web – Click Port, Port/Trunk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and cli

Port Configuration3-793Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then att

Configuring the Switch3-803Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or rece

Port Configuration3-813Rate Limit ConfigurationUse the rate limit configuration pages to apply rate limiting.Command Usage• Input and output rate lim

Configuring the Switch3-823Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like M

Port Configuration3-833Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been dete

Contentsvisntp server 4-51sntp poll 4-51show sntp 4-52clock timezone 4-52calendar set 4-53show calendar 4-53System Status Commands 4-54light un

Configuring the Switch3-843Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of goo

Port Configuration3-853Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the b

Configuring the Switch3-863CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices. T

Address Table Settings3-873Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address

Configuring the Switch3-883Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN check

Spanning Tree Algorithm Configuration3-893Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attribut

Configuring the Switch3-903Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transm

Spanning Tree Algorithm Configuration3-913• Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., disc

Configuring the Switch3-923• Path Cost Method – The path cost is used to determine the best path between devices. The path cost method is used to dete

Spanning Tree Algorithm Configuration3-933Configuring Global SettingsGlobal settings apply to the entire switch.Command Usage• Spanning Tree ProtocolU

Contentsviidot1x re-authenticate 4-80dot1x re-authentication 4-80dot1x timeout quiet-period 4-81dot1x timeout re-authperiod 4-81dot1x timeout tx-p

Configuring the Switch3-943• Maximum Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting

Spanning Tree Algorithm Configuration3-953Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-56.

Configuring the Switch3-963Displaying Interface SettingsThe STA Port Information and STA Trunk Information pages display the current status of ports a

Spanning Tree Algorithm Configuration3-973• Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only)Figure 3-57. BPDU T

Configuring the Switch3-983• Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged

Spanning Tree Algorithm Configuration3-993Configuring Interface SettingsYou can configure RSTP attributes for specific interfaces, including port prio

Configuring the Switch3-1003• Admin Link Type – The link type attached to this interface.- Point-to-Point – A connection to exactly one other bridge.-

VLAN Configuration3-1013VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into separ

Configuring the Switch3-1023Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags sh

VLAN Configuration3-1033To implement GVRP in a network, first add the host devices to the required VLANs (using the operating system or other applicat

Contentsviiishow interfaces counters 4-112show interfaces switchport 4-113Mirror Port Commands 4-115port monitor 4-115show port monitor 4-116Rate

Configuring the Switch3-1043Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange

VLAN Configuration3-1053CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN a

Configuring the Switch3-1063Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list.Figure 3-62. Displaying Current VLA

VLAN Configuration3-1073CLI – Current VLAN information can be displayed with the following command.Creating VLANsUse the VLAN Static List to create or

Configuring the Switch3-1083Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbo

VLAN Configuration3-1093Command Attributes• VLAN – ID of configured VLAN (1-4094, no leading zeroes).• Name – Name of the VLAN (1 to 32 characters).•

Configuring the Switch3-1103CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VL

VLAN Configuration3-1113Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN id

Configuring the Switch3-1123• GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice th

VLAN Configuration3-1133CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP

Contentsixswitchport mode 4-148switchport acceptable-frame-types 4-148switchport ingress-filtering 4-149switchport native vlan 4-150switchport a

Configuring the Switch3-1143channeling all other traffic through a promiscuous port). Then assign any promiscuous ports to a primary VLAN and any host

VLAN Configuration3-1153CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a promi

Configuring the Switch3-1163Web – Click VLAN, Private VLAN, Configuration. Enter the VLAN ID number, select Primary, Isolated or Community type, then

VLAN Configuration3-1173Web – Click VLAN, Private VLAN, Association. Select the required primary VLAN from the scroll-down box, highlight one or more

Configuring the Switch3-1183Web – Click VLAN, Private VLAN, Port Information or Trunk Information.Figure 3-70. Displaying Private VLAN Port Informati

VLAN Configuration3-1193• Secondary VLAN – On this switch all secondary VLANs are community VLANs. A community VLAN conveys traffic between community

Configuring the Switch3-1203Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedence when

Class of Service Configuration3-1213Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfa

Configuring the Switch3-1223Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using four prio

Class of Service Configuration3-1233Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS va

Contentsxip igmp snooping version 4-178show ip igmp snooping 4-178show mac-address-table multicast 4-179IGMP Query Commands (Layer 2) 4-180ip ig

Configuring the Switch3-1243Command Attributes• WRR - Weighted Round-Robin shares bandwidth at the egress ports by using scheduling weights 1, 2, 4, 6

Class of Service Configuration3-1253Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), ente

Configuring the Switch3-1263Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of priori

Class of Service Configuration3-1273Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining ei

Configuring the Switch3-1283CLI* – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value

Class of Service Configuration3-1293Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS

Configuring the Switch3-1303Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port number (i.e.

Class of Service Configuration3-1313CLI* – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5

Configuring the Switch3-1323Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then click A

Multicast Filtering3-1333to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it w

xiTablesTable 1-1. Key Features 1-1Table 1-2. System Defaults 1-5Table 3-1. Configuration Options 3-3Table 3-2. Main Menu 3-4Table 3-3. Logging Le

Configuring the Switch3-1343Command Attributes• IGMP Status — When enabled, the switch will monitor network traffic to determine which hosts want to r

Multicast Filtering3-1353CLI – This example modifies the settings for multicast filtering, and then displays the current status.Displaying Interfaces

Configuring the Switch3-1363CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying S

Multicast Filtering3-1373Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast

Configuring the Switch3-1383Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query

Multicast Filtering3-1393CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLA

Configuring the Switch3-1403

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

TablesxiiTable 4-27. Authentication Sequence 4-67Table 4-28. RADIUS Client Commands 4-69Table 4-29. TACACS Commands 4-73Table 4-30. Port Security C

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pr

Command Line Interface4-64Exec CommandsWhen you open a new console session on the switch with the user name and password “guest,” the system enters th

Entering Commands4-74To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Co

Command Line Interface4-84Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain e

Command Groups4-94Command GroupsThe system commands can be broken down into the functional groups shown below.The access mode shown in the following t

Command Line Interface4-104Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial

Line Commands4-114Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty” in screen displays such as show users. H

Command Line Interface4-124Example Related Commandsusername (4-26)password (4-12)passwordThis command specifies the password for a line. Use the no fo

Line Commands4-134timeout login responseThis command sets the interval that the system waits for a user to log into the CLI. Use the no form to restor

xiiiFiguresFigure 3-1. Home Page 3-2Figure 3-2. Front Panel Indicators 3-3Figure 3-3. Displaying System Information 3-8Figure 3-4. Displaying Switc

Command Line Interface4-144Command Mode Line ConfigurationCommand Usage • If user input is detected within the timeout interval, the session is kept o

Line Commands4-154Related Commandssilent-time (4-15)timeout login response (4-13)silent-timeThis command sets the amount of time the management consol

Command Line Interface4-164Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with pa

Line Commands4-174speedThis command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal)

Command Line Interface4-184disconnectThis command terminates an SSH, Telnet, or console connection.Syntax disconnect session-idsession-id – The sessio

General Commands4-194Example To show all lines, enter this command:General CommandsenableThis command activates Privileged Exec mode. In privileged mo

Command Line Interface4-204Default SettingLevel 15Command ModeNormal ExecCommand Usage • “super” is the default password required to change the comman

General Commands4-214configureThis command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You mus

Command Line Interface4-224The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mod

General Commands4-234exitThis command returns to the previous configuration mode or exit the configuration program.Default Setting NoneCommand Mode An

FiguresxivFigure 3-43. LACP Port Configuration 3-71Figure 3-44. Displaying LACP Port Counters 3-73Figure 3-45. Displaying LACP Port Internal Informa

Command Line Interface4-244System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration opti

System Management Commands4-254Example hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the defaul

Command Line Interface4-264usernameThis command adds named users, requires authentication at login, specifies or changes a user's password (or sp

System Management Commands4-274enable passwordAfter initially logging onto the system, you should set the Privileged Exec password. Remember to record

Command Line Interface4-284IP Filter CommandsmanagementThis command specifies the client IP addresses that are allowed management access to the switch

System Management Commands4-294ExampleThis example restricts management access to the indicated addresses.show managementThis command displays the cli

Command Line Interface4-304Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no for

System Management Commands4-314Example Related Commandsip http port (4-30)ip http secure-serverThis command enables the secure hypertext transfer prot

Command Line Interface4-324Example Related Commandsip http secure-port (4-32)copy tftp https-certificate (4-61)ip http secure-portThis command specifi

System Management Commands4-334Telnet Server Commandsip telnet portThis command specifies the TCP port number used by the Telnet interface. Use the no

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-344Related Commandsip telnet port (4-33)Secure Shell CommandsThe Berkley-standard includes remote access tools originally desi

System Management Commands4-354The SSH server on this switch supports both password and public key authentication. If password authentication is speci

Command Line Interface4-364corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this proce

System Management Commands4-374ip ssh timeoutThis command configures the timeout for the SSH server. Use the no form to restore the default setting.Sy

Command Line Interface4-384Example Related Commandsshow ip ssh (4-40)ip ssh server-key sizeThis command sets the SSH server key size. Use the no form

System Management Commands4-394Example ip ssh crypto host-key generateThis command generates the host key pair (i.e., public and private). Syntax ip s

Command Line Interface4-404Command Mode Privileged ExecCommand Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh

System Management Commands4-414Example show sshThis command displays the current SSH server connections.Command Mode Privileged ExecExample Console#sh

Command Line Interface4-424show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [usern

System Management Commands4-434Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to sw

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Command Line Interface4-444logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the loggin

System Management Commands4-454logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to re

Command Line Interface4-464logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved to

System Management Commands4-474Related Commandsshow logging (4-48)show logThis command displays the system and event messages stored in memory.Syntax

Command Line Interface4-484show loggingThis command displays the logging configuration.Syntax show logging {flash | ram | trap}• flash - Event history

System Management Commands4-494The following example displays settings for the trap function. Time CommandsThe system clock can be dynamically set by

Command Line Interface4-504sntp clientThis command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with

System Management Commands4-514sntp serverThis command sets the IP address of the servers to which SNTP time requests are issued. Use the this command

Command Line Interface4-524Command Usage This command is only applicable when the switch is set to SNTP client mode.Example Related Commandssntp clien

System Management Commands4-534Command Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich

Description of Software Features1-31Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach

Command Line Interface4-544Command Mode Normal Exec, Privileged ExecExample System Status Commandslight unitThis command displays the unit ID of a swi

System Management Commands4-554show startup-configThis command displays the configuration file stored in non-volatile memory that is used to start up

Command Line Interface4-564Related Commandsshow running-config (4-56)show running-configThis command displays the configuration information currently

System Management Commands4-574Example Related Commandsshow startup-config (4-55)Console#show running-configbuilding running-config, please wait...!

Command Line Interface4-584show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Us

System Management Commands4-594Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) in

Command Line Interface4-604Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Syntax [

Flash/File Commands4-614• Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second. (See the switch

Command Line Interface4-624Default Setting NoneCommand Mode Privileged ExecCommand Usage • The system prompts for data required to complete the copy c

Flash/File Commands4-634The following example shows how to copy the running configuration to a startup file.The following example shows how to downloa

Introduction1-41Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domai

Command Line Interface4-644deleteThis command deletes a file or image.Syntax delete [unit:] filenamefilename - Name of the configuration file or image

Flash/File Commands4-654Command Mode Privileged ExecCommand Usage • If you enter the command dir without any parameters, the system displays all files

Command Line Interface4-664ExampleThis example shows the information displayed by the whichboot command. See the table under the dir command for a des

Authentication Commands4-674Authentication Commands You can configure this switch to authenticate users logging into the system for management access

Command Line Interface4-684• RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user

Authentication Commands4-694• You can specify three authentication methods in a single command to indicate the authentication sequence. For example, i

Command Line Interface4-704• timeout - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535)• retransmit - Numbe

Authentication Commands4-714radius-server keyThis command sets the RADIUS encryption key. Use the no form to restore the default.Syntax radius-server

Command Line Interface4-724radius-server timeoutThis command sets the interval between transmitting authentication requests to the RADIUS server. Use

Authentication Commands4-734TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses soft

System Defaults1-51System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switc

Command Line Interface4-744Command Mode Global ConfigurationExample tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to

Authentication Commands4-754Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch s

Command Line Interface4-764Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

Authentication Commands4-774802.1x Port AuthenticationThe switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized acc

Command Line Interface4-784dot1x defaultThis command sets all configurable dot1x global and port settings to their default values.Syntaxdot1x defaultC

Authentication Commands4-794dot1x port-controlThis command sets the dot1x mode on a port interface. Use the no form to restore the default.Syntaxdot1x

Command Line Interface4-804Exampledot1x re-authenticateThis command forces re-authentication on all ports or a specific interface.Syntaxdot1x re-authe

Authentication Commands4-814dot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been exceede

Command Line Interface4-824dot1x timeout tx-periodThis command sets the time that the switch waits during an authentication session before re-transmit

Authentication Commands4-834• 802.1X Port Details – Displays the port access control parameters for each interface, including the following items:- re

Introduction1-61Port Configuration Admin Status EnabledAuto-negotiation EnabledFlow Control DisabledPort Capability 100BASE-TX –10 Mbps half duplex10

Command Line Interface4-844ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status O

Access Control List Commands4-854Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, prot

Command Line Interface4-864IP ACLs access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs.

Access Control List Commands4-874Command Usage• When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny comm

Command Line Interface4-884Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 1

Access Control List Commands4-894Default SettingNoneCommand ModeExtended ACLCommand Usage• All new rules are appended to the end of the list.• Address

Command Line Interface4-904This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Related Commandsacce

Access Control List Commands4-914Command Usage• A port can only be bound to one ACL.• If a port is already bound to an ACL and you bind it to a differ

Command Line Interface4-924Command UsageA packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the follow

Access Control List Commands4-934MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form t

System Defaults1-71Traffic Prioritization Ingress Port Priority 0Weighted Round Robin Queue: 0 1 2 3 Weight: 1 2 4 6IP Precedence Priority DisabledI

Command Line Interface4-944Related Commandspermit, deny (MAC ACL) (4-94)mac access-group (4-95)show mac access-list (4-95)permit, deny (MAC ACL)This c

Access Control List Commands4-954Example This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where the

Command Line Interface4-964Command Usage• A port can only be bound to one ACL.• If a port is already bound to an ACL and you bind it to a different AC

Access Control List Commands4-974Command Usage• You must configure an ACL mask before you can map CoS values to the rule.• A packet matching a rule wi

Command Line Interface4-984ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined masks.Comm

SNMP Commands4-994SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as

Command Line Interface4-1004Example snmp-server contactThis command sets the system contact string. Use the no form to remove the system contact infor

SNMP Commands4-1014Related Commandssnmp-server contact (4-100)snmp-server host This command specifies the recipient of a Simple Network Management Pro

Command Line Interface4-1024Related Commandssnmp-server enable traps (4-102)snmp-server enable trapsThis command enables this device to send Simple Ne

SNMP Commands4-1034Command Usage This command provides information on the community access strings, counter information for SNMP input and output prot

Introduction1-81

Command Line Interface4-1044Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link

Interface Commands4-1054Command Mode Global Configuration Example To specify port 16, enter the following command:descriptionThis command adds a descr

Command Line Interface4-1064Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex se

Interface Commands4-1074• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Example Th

Command Line Interface4-1084Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Command

Interface Commands4-1094ExampleThe following example enables flow control on port 5.Related Commands negotiation (4-106)capabilities (flowcontrol, sym

Command Line Interface4-1104switchport broadcast packet-rateThis command configures broadcast storm control. Use the no form to disable broadcast stor

Interface Commands4-1114Command Mode Privileged ExecCommand Usage Statistics are only initialized for a power reset. This command sets the base value

Command Line Interface4-1124Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]int

Interface Commands4-1134Example show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-1144Example This example shows the configuration setting for port 16. Console#show interfaces switchport ethernet 1/16 Broadca

Mirror Port Commands4-1154Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis comma

Command Line Interface4-1164Example The following example configures the switch to mirror received packets from port 6 to 11:show port monitorThis com

Rate Limit Commands4-1174Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received

Command Line Interface4-1184Examplerate-limit granularityUse this command to define the rate limit granularity for the Fast Ethernet ports, and the Gi

Link Aggregation Commands4-1194Command Usage • For Fast Ethernet interfaces, the rate limit granularity is 512 Kbps, 1 Mbps, or 3.3 Mbps.• For Gigabit

Command Line Interface4-1204Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding ne

Link Aggregation Commands4-1214Example The following example creates trunk 1 and then adds port 11:lacpThis command enables 802.3ad Link Aggregation C

Command Line Interface4-1224ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end o

Link Aggregation Commands4-1234Command Mode Interface Configuration (Ethernet)Command Usage • Port must be configured with the same system priority to

38 TeslaIrvine, CA 92618Phone: (949) 679-8000TigerSwitch 10/100Installation GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsJuly 200

Initial Configuration2-22• Configure up to 4 static or LACP trunks• Enable port mirroring• Set broadcast storm control on any port• Display system inf

Command Line Interface4-1244• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configur

Link Aggregation Commands4-1254lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lac

Command Line Interface4-1264Default Setting Port Channel: allCommand Mode Privileged ExecExample Console#show 1 lacp countersChannel group : 1 -

Link Aggregation Commands4-1274Console#show lacp 1 internalChannel group : 1-------------------------------------------------------------------------O

Command Line Interface4-1284Console#show lacp 1 neighborsChannel group 1 neighbors--------------------------------------------------------------------

Address Table Commands4-1294Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Command Line Interface4-1304mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an a

Address Table Commands4-1314clear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the transm

Command Line Interface4-132400-00-00-00-00-00 means an exact match, and a mask of FF-FF-FF-FF-FF-FF means “any.”• The maximum number of address entrie

Spanning Tree Commands4-1334Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-1344an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations o

Spanning Tree Commands4-1354spanning-tree forward-timeThis command configures the spanning tree bridge forward time globally for this switch. Use the

Command Line Interface4-1364Command Usage This command sets the time interval (in seconds) at which the root device transmits a configuration message.

Spanning Tree Commands4-1374spanning-tree priorityThis command configures the spanning tree priority globally for this switch. Use the no form to rest

Command Line Interface4-1384Command Usage The path cost method is used to determine the best path between devices. Therefore, lower values should be a

Spanning Tree Commands4-1394Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex:

Command Line Interface4-1404Example Related Commandsspanning-tree cost (4-138)spanning-tree edge-portThis command specifies an interface as an edge po

Spanning Tree Commands4-1414spanning-tree portfastThis command sets an interface to fast forwarding. Use the no form to disable fast forwarding.Syntax

Command Line Interface4-1424Default Setting autoCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Specify a point-to-point

Spanning Tree Commands4-1434Example show spanning-treeThis command shows the configuration for the spanning tree.Syntax show spanning-tree [interface]

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-1444ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------

VLAN Commands4-1454VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the s

Command Line Interface4-1464Example Related Commands show vlan (4-153)vlanThis command configures a VLAN. Use the no form to restore the default setti

VLAN Commands4-1474Configuring VLAN Interfacesinterface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLA

Command Line Interface4-1484switchport modeThis command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax

VLAN Commands4-1494Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage When set to receive all frame types, any received frames

Command Line Interface4-1504Example The following example shows how to set the interface to port 1 and then enable ingress filtering:switchport native

VLAN Commands4-1514switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Syntax

Command Line Interface4-1524switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Sy

VLAN Commands4-1534Displaying VLAN Informationshow vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name | private-vla

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1544Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. T

VLAN Commands4-1554private-vlanUse this command to create a primary, isolated or community private VLAN. Use the no form to remove the specified priva

Command Line Interface4-1564private vlan associationUse this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no f

VLAN Commands4-1574Default Setting Normal VLANCommand Mode Interface Configuration (Ethernet, Port Channel) Command UsagePromiscuous ports assigned to

Command Line Interface4-1584switchport private-vlan mappingUse this command to map an interface to a primary VLAN. Use the no form to remove this mapp

GVRP and Bridge Extension Commands4-1594ExampleGVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchang

Command Line Interface4-1604Example show bridge-extThis command shows the configuration for bridge extension commands.Default Setting NoneCommand Mode

GVRP and Bridge Extension Commands4-1614show gvrp configurationThis command shows if GVRP is enabled.Syntax show gvrp configuration [interface]interfa

Command Line Interface4-1624Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes f

Priority Commands4-1634Related Commandsgarp timer (4-161)Priority CommandsThe commands described in this section allow you to specify which data packe

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1644queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS)

Priority Commands4-1654Default Setting Weights 1, 2, 4, 6 are assigned to queues 0-3 respectively.Queue 0 is non-configurable.Command Mode Global Conf

Command Line Interface4-1664• This switch provides eight priority queues for each port. It is configured to use Weighted Round Robin, which can be vie

Priority Commands4-1674Command Usage • CoS values assigned at the ingress port are also used at the egress port.• This command sets the CoS priority f

Command Line Interface4-1684Example show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interf

Priority Commands4-1694Priority Commands (Layer 3 and 4) map ip port (Global Configuration)This command enables IP port mapping (i.e., class of servic

Command Line Interface4-1704map ip port (Interface Configuration)This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form to

Priority Commands4-1714Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface Configuration)Thi

Command Line Interface4-1724map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping).

Priority Commands4-1734Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specifie

Basic Configuration2-72To configure a community string, complete the following steps:1. From the Privileged Exec level global configuration mode promp

Command Line Interface4-1744Default SettingNoneCommand Mode Privileged ExecExample The following shows that HTTP traffic has been mapped to CoS valu

Priority Commands4-1754Example Related Commands map ip port (Global Configuration) (4-169)map ip precedence (Interface Configuration) (4-171) show map

Command Line Interface4-1764Example Related Commands map ip dscp (Global Configuration) (4-172)map ip dscp (Interface Configuration) (4-172)Multicast

Multicast Filtering Commands4-1774ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp

Command Line Interface4-1784ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Syntax i

Multicast Filtering Commands4-1794Example The following shows the current IGMP snooping configuration:show mac-address-table multicast This command sh

Command Line Interface4-1804IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form

Multicast Filtering Commands4-1814Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier w

Command Line Interface4-1824ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore the def

Multicast Filtering Commands4-1834Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this comman

Initial Configuration2-822. Enter the name of the start-up file. Press <Enter>.Managing System FilesThe switch’s flash memory supports three typ

Command Line Interface4-1844Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Ther

IP Interface Commands4-1854IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for

Command Line Interface4-1864• If you select the bootp or dhcp option, IP is enabled but will not function until a BOOTP or DHCP reply has been receive

IP Interface Commands4-1874Related Commands ip address (4-185)ip default-gatewayThis command establishes a static route between this switch and manag

Command Line Interface4-1884show ip redirectsThis command shows the default gateway configured for this device.Default Setting NoneCommand Mode Privil

IP Interface Commands4-1894Example Related Commands interface (4-104)Console#ping 10.1.0.9Type ESC to abort.PING to 10.1.0.9, by 5 32-byte payload ICM

Command Line Interface4-1904

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port SecurityAccess Control Lis

Software SpecificationsA-2AAdditional FeaturesBOOTP clientCIDR (Classless Inter-Domain Routing)SNTP (Simple Network Time Protocol)SNMP (Simple Network

Management Information BasesA-3ASNMPv2 (RFC 2571)SNTP (RFC 2030)SSH (Version 2.0)TFTP (RFC 1350)Management Information BasesBridge MIB (RFC 1493)Entit

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the

Software SpecificationsA-4A

B-1Appendix B: Troubleshooting Problems Accessing the Management Interface Table B-1. Troubleshooting ChartSymptom ActionCannot connect using Telnet

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2GARP VLAN Registration Protocol (GVRP)Defines a way for switches to exchange VLAN information in order to register necessary VLAN me

Glossary-3GlossaryIGMP SnoopingListening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups t

GlossaryGlossary-4Multicast SwitchingA process whereby the switch filters incoming multicast frames for services for which no attached host has regist

Glossary-5GlossarySecure Shell (SSH)A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographi

GlossaryGlossary-6Virtual LAN (VLAN)A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical l

Index-1Numerics802.1x, port authentication 3-46, 4-77Aacceptable frame type 3-111, 4-148Access Control List See ACLACLExtended IP 3-54, 4-85, 4-86, 4

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Index-2IndexIGMPgroups, displaying 3-137, 4-179Layer 2 3-133, 4-176query 3-133, 4-180query, Layer 2 3-133, 4-180snooping 3-133, 4-177snooping, configu

Index-3IndexRRADIUS, logon authentication 4-69rate limits, setting 3-80, 4-117remote logging 4-46restarting the system 3-27, 4-22RSTP 3-89, 4-134globa

Index-4IndexWWeb interfaceaccess requirements 3-1configuration buttons 3-3home page 3-2menu list 3-4panel display 3-3

38 TeslaIrvine, CA 92618Phone: (949) 679-8000Model Number: SMC6716AL2Version Number: F2.2.3.9 E072004-R01Publication Number: 150000013500HFOR TECHNICA

Panel Display3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a pa

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Main Menu3-53SSH 3-39Settings Configures Secure Shell server settings 3-43Host-Key Settings Generates the host key pair (public and private) 3-41Port

Configuring the Switch3-63Input Trunk Configuration Sets the input rate limit for each trunk 3-81Output Port Configuration Sets the output rate limi

Main Menu3-73Port Information Shows VLAN port type, and associated primary or secondary VLANs3-117Port Configuration Sets the private VLAN interface

Configuring the Switch3-83Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location a

Basic Configuration3-93CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Inform

Configuring the Switch3-103These additional parameters are displayed for the CLI.• Unit ID – Unit number in stack.• Redundant Power Status – Displays

Basic Configuration3-113Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filterin

Configuring the Switch3-123CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface

Basic Configuration3-133Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, se

iLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un

Configuring the Switch3-143Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

Basic Configuration3-153Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web inte

Configuring the Switch3-163Downloading System Software from a ServerWhen downloading runtime code, you can specify the destination file name to replac

Basic Configuration3-173To delete a file select System, File, Delete. Select the file name from the given list by checking the tick box and click Appl

Configuring the Switch3-183- startup-config to tftp – Copies the startup configuration to a TFTP server.- tftp to file – Copies a file from a TFTP ser

Basic Configuration3-193Note that you can also select any configuration file as the start-up configuration by using the System/File/Set Start-Up page.

Configuring the Switch3-203• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the lo

Basic Configuration3-213CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curren

Configuring the Switch3-223• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the lo

Basic Configuration3-233CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the

iiWARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN

Configuring the Switch3-243• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For

Basic Configuration3-253Remote Logs ConfigurationThe Remote Logs page allows you to configure the logging of messages that are sent to syslog servers

Configuring the Switch3-263CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap.Displaying Log MessagesThe

Basic Configuration3-273CLI – This example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3

Configuring the Switch3-283Configuring SNTPYou can configure the switch to send time synchronization requests to time servers.Command Attributes• SNTP

Simple Network Management Protocol3-293Setting the Time ZoneSNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based

Configuring the Switch3-303community string for authentication. The options for configuring community strings, trap functions, and restricting access

Simple Network Management Protocol3-313Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified t

Configuring the Switch3-323User AuthenticationYou can restrict management access to this switch using the following options:• User Accounts – Manually

User Authentication3-333Web – Click Security, User Accounts. To configure a new user account, specify a user name, select the user’s access level, the

iContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-5Chapter 2: Initial Configuration 2-

Configuring the Switch3-343Configuring Local/Remote Logon AuthenticationUse the Authentication Settings menu to restrict management access based on sp

User Authentication3-353Command Attributes• Authentication – Select the authentication, or authentication sequence required:- Local – User authenticat

Configuring the Switch3-363Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authent

User Authentication3-373Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket

Configuring the Switch3-383Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-25. HTTPS Settin

User Authentication3-393Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of t

Configuring the Switch3-4033. Import Client’s Public Key to the Switch – Use the copy tftp public-key command (page 4-61) to copy a file containing th

User Authentication3-413Generating the Host Key PairA host public/private key pair is used to provide secure communications between an SSH client and

Configuring the Switch3-423Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save th

User Authentication3-433Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status – All

ContentsiiConsole Port Settings 3-19Telnet Settings 3-21Configuring Event Logging 3-23System Log Configuration 3-23Remote Logs Configuration 3-25

Configuring the Switch3-443CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that t

User Authentication3-453• If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configurati

Configuring the Switch3-463Configuring 802.1x Port Authentication Network switches can provide open and easy access to network resources by simply att

User Authentication3-473• The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native support

Configuring the Switch3-483Configuring 802.1x Global SettingsThe 802.1x protocol provides client authentication. Command Attributes• 802.1x System Aut

User Authentication3-493• Max-Req – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it tim

Configuring the Switch3-503CLI – This example sets the 802.1x parameters on port 2. For a description of the additional fields displayed in this examp

User Authentication3-513Displaying 802.1x StatisticsThis switch can display statistics for dot1x protocol exchanges for any port.Statistical Values Ta

Configuring the Switch3-523Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the stati

Access Control Lists3-533Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 pr

ContentsiiiSetting Broadcast Storm Thresholds 3-77Configuring Port Mirroring 3-79Configuring Rate Limits 3-80Rate Limit Granularity 3-80Rate Limit

Configuring the Switch3-543Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Na

Access Control Lists3-553Configuring a Standard IP ACLCommand Attributes• Action – An ACL can contain all permit rules or all deny rules. (Default: Pe

Configuring the Switch3-563Configuring an Extended IP ACLCommand Attributes• Action – An ACL can contain either all permit rules or all deny rules. (D

Access Control Lists3-573Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Configuring the Switch3-583Configuring a MAC ACLCommand Attributes• Action – An ACL can contain all permit rules or all deny rules. (Default: Permit r

Access Control Lists3-593CLI – This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where the Ethernet t

Configuring the Switch3-603Filtering Addresses for Management AccessYou create a list of up to 16 IP addresses or IP address groups that are allowed a

Filtering Addresses for Management Access3-613Web – Click Security, IP Filter. Enter the IP addresses or range of addresses, and click Add IP Filterin

Configuring the Switch3-623Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the cu

Port Configuration3-633Field Attributes (CLI)Basic Information:• Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP)• MAC address –