Smc-networks SMC Tiger 10/100 SMC6128L2 Manual de usuario

TigerSwitch 10/10024-Port 10/100 MbpsFast Ethernet Managed Switch◆ 24 auto-MDI/MDI-X 10/100BASE-TX ports◆ 4 Gigabit RJ-45/SFP combination ports◆ Non-b

CONTENTSviConfiguring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149Displaying Interface Settings . . . . . . . . . . .

CONFIGURING THE SWITCH3-46Note: The predefined default groups and view can be deleted from the system. You can then define customized groups and views

SIMPLE NETWORK MANAGEMENT PROTOCOL3-47Enabling the SNMP Agent Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3).Command Attr

CONFIGURING THE SWITCH3-48• Access Mode – Specifies the access rights for the community string:- Read-Only – Authorized management stations are only a

SIMPLE NETWORK MANAGEMENT PROTOCOL3-49Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified tr

CONFIGURING THE SWITCH3-503. Create a view with the required notification messages (page 3-65).4. Create a group that includes the required notify vie

SIMPLE NETWORK MANAGEMENT PROTOCOL3-51- Retry times – The maximum number of times to resend an inform message if the recipient does not acknowledge re

CONFIGURING THE SWITCH3-52Configuring SNMPv3 Management AccessTo configure SNMPv3 management access to the switch, follow these steps:1. If you want t

SIMPLE NETWORK MANAGEMENT PROTOCOL3-53Web – Click SNMP, SNMPv3, Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.Figure 3

CONFIGURING THE SWITCH3-54Web – Click SNMP, SNMPv3, Remote Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.Figure 3-27

SIMPLE NETWORK MANAGEMENT PROTOCOL3-55- AuthPriv – SNMP communications use both authentication and encryption (only available for the SNMPv3 security

CONTENTSviiLayer 2 IGMP (Snooping and Query) . . . . . . . . . . . . . . . . . . . 3-207Configuring IGMP Snooping and Query Parameters . . . 3-207En

CONFIGURING THE SWITCH3-56Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a

SIMPLE NETWORK MANAGEMENT PROTOCOL3-57CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remote

CONFIGURING THE SWITCH3-58Command Attributes• User Name – The name of user connecting to the SNMP agent. (Range: 1-32 characters)• Group Name – The na

SIMPLE NETWORK MANAGEMENT PROTOCOL3-59Web – Click SNMP, SNMPv3, Remote Users. Click New to configure a user name. In the New User page, define a name

CONFIGURING THE SWITCH3-60CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3 GroupsAn SNM

SIMPLE NETWORK MANAGEMENT PROTOCOL3-61• Notify View – The configured view for notifications. (Range: 1-64 characters)Table 3-5 Supported Notification

CONFIGURING THE SWITCH3-62warmStart 1.3.6.1.6.3.1.1.5.2 A warmStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing

SIMPLE NETWORK MANAGEMENT PROTOCOL3-63authenticationFailurea1.3.6.1.6.3.1.1.5.5 An authenticationFailure trap signifies that the SNMPv2 entity, acting

CONFIGURING THE SWITCH3-64Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a securit

SIMPLE NETWORK MANAGEMENT PROTOCOL3-65CLI – Use the snmp-server group command to configure a new group, specifying the security model and level, and r

CONTENTSviiiTelnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Entering Commands . . . . . . . . . . . .

CONFIGURING THE SWITCH3-66Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and specify OID subt

USER AUTHENTICATION3-67CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the

CONFIGURING THE SWITCH3-68• ACL - Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port

USER AUTHENTICATION3-69Web – Click Security, User Accounts. To configure a new user account, specify a user name, select the user’s access level, then

CONFIGURING THE SWITCH3-70Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are

USER AUTHENTICATION3-71• RADIUS and TACACS+ logon authentication assign a specific privilege level for each user name/password pair. The user name, pa

CONFIGURING THE SWITCH3-72• RADIUS Settings- Global – Provides globally applicable RADIUS settings. - ServerIndex – Specifies one of five RADIUS serve

USER AUTHENTICATION3-73Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authenticat

CONFIGURING THE SWITCH3-74Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socke

USER AUTHENTICATION3-75Command Attributes• HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled)•Chan

CONTENTSixquit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31System Management Commands . . .

CONFIGURING THE SWITCH3-76CLI – This example enables the HTTP secure server and modifies the port number.Replacing the Default Secure-site Certificate

USER AUTHENTICATION3-77Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of th

CONFIGURING THE SWITCH3-78To use the SSH server, complete these steps:1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a host p

USER AUTHENTICATION3-796. Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair

CONFIGURING THE SWITCH3-80• Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either

USER AUTHENTICATION3-81CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the a

CONFIGURING THE SWITCH3-82• Host-Key Type – The key type used to generate the host key pair (i.e., public and private keys). (Range: RSA, DSA, Both: D

USER AUTHENTICATION3-83CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then d

CONFIGURING THE SWITCH3-84- DSA: The first field indicates that the encryption method used by SSH is based on the Digital Signature Standard (DSS). T

USER AUTHENTICATION3-85Web – Click Security, SSH, SSH User-Key Settings. Select the user type and public-key type from the drop-down box, enter the TF

CONTENTSxclear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62show logging . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-86CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and the

USER AUTHENTICATION3-87learning. Be sure you enable the learning function long enough to ensure that all valid VLAN members have been registered on th

CONFIGURING THE SWITCH3-88Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, set the maximum n

USER AUTHENTICATION3-89Access to all switch ports in a network can be centrally controlled from a server, which means that authorized users can use th

CONFIGURING THE SWITCH3-90The operation of 802.1X on the switch requires the following:• The switch must have an IP address assigned.• RADIUS authenti

USER AUTHENTICATION3-91CLI – This example shows the default global setting for 802.1X. Configuring 802.1X Global SettingsThe 802.1X protocol provides

CONFIGURING THE SWITCH3-92Configuring Port Settings for 802.1XWhen 802.1X is enabled, you need to configure the parameters for the authentication proc

USER AUTHENTICATION3-93•Max-Req – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times

CONFIGURING THE SWITCH3-94Console(config)#interface ethernet 1/2 4-144Console(config-if)#dot1x port-control auto 4-106Console(config-if)#dot1x re-auth

USER AUTHENTICATION3-95Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port.Statistical Values Tab

CONTENTSxiradius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95radius-server port . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-96Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statis

ACCESS CONTROL LISTS3-97CLI – This example displays the 802.1X statistics for port 4.Access Control ListsAccess Control Lists (ACL) provide packet fil

CONFIGURING THE SWITCH3-98Command UsageThe following restrictions apply to ACLs:• Each ACL can have up to 60 rules.• This switch supports ACLs for ing

ACCESS CONTROL LISTS3-99Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended,

CONFIGURING THE SWITCH3-100Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a

ACCESS CONTROL LISTS3-101of addresses with the Address and SubMask fields. (Options: Any, Host, IP; Default: Any)• Src/Dst IP Address – Source or dest

CONFIGURING THE SWITCH3-102For example, use the code value and mask below to catch packets with the following flags set:- SYN flag valid, use control

ACCESS CONTROL LISTS3-1033. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Configuring a MAC ACLComm

CONFIGURING THE SWITCH3-104- Tagged-eth2 – Tagged Ethernet II packets.- Tagged-802.3 – Tagged Ethernet 802.3 packets.Web – Specify the action (i.e.,

ACCESS CONTROL LISTS3-105Binding a Port to an Access Control ListAfter configuring the Access Control Lists (ACL), you can bind the ports that need to

CONTENTSxiishow access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123SNMP Commands . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-106CLI – This examples assigns an IP access list to port 1, and an IP access list to port 2.Filtering Management AccessYou can

FILTERING MANAGEMENT ACCESS3-107Command Attributes• Web IP Filter – Configures IP address(es) for the web group.• SNMP IP Filter – Configures IP addre

CONFIGURING THE SWITCH3-108Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the cu

PORT CONFIGURATION3-109Web – Click Port, Port Information or Trunk Information.Figure 3-49. Port Status InformationField Attributes (CLI)Basic inform

CONFIGURING THE SWITCH3-110• Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiation. (To access this item on th

PORT CONFIGURATION3-111CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configuration o

CONFIGURING THE SWITCH3-112specify the capabilities to be advertised. When auto-negotiation is disabled, you can force the settings for speed, mode, a

PORT CONFIGURATION3-113Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure 3-5

CONFIGURING THE SWITCH3-114The switch supports both static trunking and dynamic Link Aggregation Control Protocol (LACP). Static trunks have to be man

PORT CONFIGURATION3-115Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of different

CONTENTSxiiiLink Aggregation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-162channel-group . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-116Web – Click Port, Trunk Membership. Enter a trunk ID in the Trunk field, select any of the switch ports from the scroll-dow

PORT CONFIGURATION3-117CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to

CONFIGURING THE SWITCH3-118• A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than

PORT CONFIGURATION3-119CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another swit

CONFIGURING THE SWITCH3-120not set (through the CLI) when a channel group is formed (i.e., it has a null value of 0), this key is set to the same valu

PORT CONFIGURATION3-121Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

CONFIGURING THE SWITCH3-122CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; port

PORT CONFIGURATION3-123Web – Click Port, LACP, Port Counters Information. Select an interface port to display the corresponding information.Figure 3-5

CONFIGURING THE SWITCH3-124CLI – The following example displays LACP counters for port channel 1.Displaying LACP Settings and Status for the Local Sid

PORT CONFIGURATION3-125Admin State, Oper StateAdministrative or operational values of the actor’s state parameters:• Expired – The actor’s receive mac

CONTENTSxivswitchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-200switchport acceptable-frame-types . . . . . . . .

CONFIGURING THE SWITCH3-126Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-

PORT CONFIGURATION3-127Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for the

CONFIGURING THE SWITCH3-128Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 3

PORT CONFIGURATION3-129Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if application

CONFIGURING THE SWITCH3-130Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Set the threshold for each port, click Apply.Figure 3-

PORT CONFIGURATION3-131Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then att

CONFIGURING THE SWITCH3-132Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port

PORT CONFIGURATION3-133Command Usage• Input and output rate limits can be enabled or disabled for individual interfaces.Command Attribute• Port/Trunk

CONFIGURING THE SWITCH3-134Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like M

PORT CONFIGURATION3-135Received Discarded PacketsThe number of inbound packets which were chosen to be discarded even though no errors had been detect

CONTENTSxvip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230ip igmp snooping vlan static . . . . . . . . . . . .

CONFIGURING THE SWITCH3-136Alignment Errors The number of alignment errors (missynchronized data packets). Late Collisions The number of times that a

PORT CONFIGURATION3-137Internal MAC Receive ErrorsA count of frames for which reception on a particular interface fails due to an internal MAC sublaye

CONFIGURING THE SWITCH3-138Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

PORT CONFIGURATION3-139Figure 3-61. Displaying Etherlike and RMON Statistics

CONFIGURING THE SWITCH3-140CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices. T

ADDRESS TABLE SETTINGS3-141Command Attributes• Static Address Counts* – The number of manually configured addresses.• Current Static Address Table – L

CONFIGURING THE SWITCH3-142Displaying the Address TableThe Dynamic Address Table contains the MAC addresses learned by monitoring the source address f

ADDRESS TABLE SETTINGS3-143Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN check

CONFIGURING THE SWITCH3-144Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Statu

SPANNING TREE ALGORITHM CONFIGURATION3-145The spanning tree algorithms supported by this switch include these versions:• STP – Spanning Tree Protocol

CONTENTSxviping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-263IP Source Guard Commands . . . . . . . .

CONFIGURING THE SWITCH3-146RSTP is designed as a general replacement for the slower, legacy STP. RSTP achieves must faster reconfiguration (i.e., aro

SPANNING TREE ALGORITHM CONFIGURATION3-147• Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., disc

CONFIGURING THE SWITCH3-148receive configuration messages at regular intervals. If the root port ages out STA information (provided in the last config

SPANNING TREE ALGORITHM CONFIGURATION3-149CLI – This command displays global STA settings, followed by settings for each port. Note: The current root

CONFIGURING THE SWITCH3-150the type of protocol messages the RSTP node transmits, as described below:- STP Mode – If the switch receives an 802.1D BP

SPANNING TREE ALGORITHM CONFIGURATION3-151Root Device Configuration• Hello Time – Interval (in seconds) at which the root device transmits a configura

CONFIGURING THE SWITCH3-152Configuration Settings for RSTP The following attributes apply to RSTP:• Path Cost Method – The path cost is used to determ

SPANNING TREE ALGORITHM CONFIGURATION3-153Figure 3-66. Configuring the Spanning Tree AlgorithmCLI – This example enables Spanning Tree Protocol and t

CONFIGURING THE SWITCH3-154- All ports are discarding when the switch is booted, then some of them change state to learning, and then to forwarding.•

SPANNING TREE ALGORITHM CONFIGURATION3-155Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only)These additional param

CONTENTSxviiGlossaryIndex

CONFIGURING THE SWITCH3-156• Designated root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the ro

SPANNING TREE ALGORITHM CONFIGURATION3-157CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP

CONFIGURING THE SWITCH3-158Command AttributesThe following attributes are read-only and cannot be changed:• STA State – Displays current state of this

SPANNING TREE ALGORITHM CONFIGURATION3-159• Admin Path Cost – This parameter is used by the STP to determine the best path between devices. Therefore,

CONFIGURING THE SWITCH3-160• Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, i

VLAN CONFIGURATION3-161VLAN ConfigurationOverviewIn large networks, routers are used to isolate broadcast traffic for each subnet into separate domain

CONFIGURING THE SWITCH3-162• Priority tagging Assigning Ports to VLANsBefore enabling VLANs for the switch, you must first assign each port to the VLA

VLAN CONFIGURATION3-163Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN group

CONFIGURING THE SWITCH3-164should also determine security boundaries in the network and disable GVRP on the boundary ports to prevent advertisements f

VLAN CONFIGURATION3-165VLAN(s) indicated by the frame tag. However, when this switch receives an untagged frame from a VLAN-unaware device, it first d

CONTENTSxviii

CONFIGURING THE SWITCH3-166CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLA

VLAN CONFIGURATION3-167Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list.Figure 3-70. Displaying VLAN Information

CONFIGURING THE SWITCH3-168CLI – Current VLAN information can be displayed with the following command.Creating VLANsUse the VLAN Static List to create

VLAN CONFIGURATION3-169• Remove – Removes a VLAN group from the current list. If any port is assigned to this group as untagged, it will be reassigned

CONFIGURING THE SWITCH3-170Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port members for the selected VLAN index.

VLAN CONFIGURATION3-171- Untagged: Interface is a member of the VLAN. All packets transmitted by the port will be untagged, that is, not carry a tag a

CONFIGURING THE SWITCH3-172CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VLA

VLAN CONFIGURATION3-173Figure 3-73. Assigning VLAN Port and Trunk GroupsCLI – This example adds Port 3 to VLAN 1 as a tagged port, and removes Port 3

CONFIGURING THE SWITCH3-174• Acceptable Frame Type – Sets the interface to accept all frame types, including tagged or untagged frames, or only tagged

VLAN CONFIGURATION3-175Web – Click VLAN, 802.1Q VLAN, Port Configuration or Trunk Configuration. Fill in the required settings for each interface, cli

xixTABLESTable 1-1. Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Table 1-2. System Defaults . . . . . .

CONFIGURING THE SWITCH3-176Configuring Private VLANsPrivate VLANs provide port-based security between ports within the assigned VLAN. This switch supp

VLAN CONFIGURATION3-177Displaying Current Private VLANsThe Private VLAN Information page displays information on the private VLANs configured on the s

CONFIGURING THE SWITCH3-178Web – Click VLAN, Private VLAN, Information. Select the desired port from the VLAN ID drop-down menu.Figure 3-75. Private

VLAN CONFIGURATION3-179Configuring Private VLANsThe Private VLAN Configuration page is used to create/remove primary, or community VLANs.Command Attri

CONFIGURING THE SWITCH3-180Associating VLANsEach community VLAN must be associated with a primary VLAN.Command Attributes• Primary VLAN ID - ID of pri

VLAN CONFIGURATION3-181Displaying Private VLAN Interface InformationUse the Private VLAN Port Information and Private VLAN Trunk Information menus to

CONFIGURING THE SWITCH3-182Web – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-78. Private VLAN Port InformationCLI – T

VLAN CONFIGURATION3-183- Host – The port is a community port. A community port can communicate with other ports in its own community VLAN and with des

CONFIGURING THE SWITCH3-184CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a pr

VLAN CONFIGURATION3-185Web – Click VLAN, Protocol VLAN, Configuration. Figure 3-80. Protocol VLAN ConfigurationConfiguring Protocol VLAN SystemUse

TABLESxxTable 4-21 SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65Table 4-22 Time Commands . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-186Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedence when

CLASS OF SERVICE CONFIGURATION3-187Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfac

CONFIGURING THE SWITCH3-188priorities are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 80

CLASS OF SERVICE CONFIGURATION3-189Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click A

CONFIGURING THE SWITCH3-190Enabling CoSEnable or disable Class of Service (CoS). Command Attributes.Command Attributes• Traffic Classes - Click to ena

CLASS OF SERVICE CONFIGURATION3-191Web – Click Priority, Queue Mode. Select Strict or WRR, then click Apply.Figure 3-85. Setting the Queue ModeCLI –

CONFIGURING THE SWITCH3-192Web – Click Priority, Queue Scheduling. Highlight a traffic class (i.e., output queue), then click Apply.Figure 3-86. Conf

CLASS OF SERVICE CONFIGURATION3-193• The precedence for priority mapping is IP DSCP Priority, and then Default Port Priority. Selecting IP DSCP Priori

CONFIGURING THE SWITCH3-194Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS value to

QUALITY OF SERVICE3-195CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1),

TABLESxxiTable 4-58 Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-208Table 4-59 GVRP and Bridge Extension Commands . . . .

CONFIGURING THE SWITCH3-196All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to pack

QUALITY OF SERVICE3-197or just reduce the DSCP service level for traffic exceeding the specified rate.5. Use the “Service Policy” to assign a policy m

CONFIGURING THE SWITCH3-198• Remove Class – Removes the selected class.Class Configuration• Class Name – Name of the class map. (Range: 1-16 character

QUALITY OF SERVICE3-199Figure 3-89. Configuring Class MapsCLI – This example creates a class map call “rd-class,” and sets it to match packets marked

CONFIGURING THE SWITCH3-200Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Command Usage• To confi

QUALITY OF SERVICE3-201Command AttributesPolicy Map• Modify Name and Description – Configures the name and a brief description of a policy map. (Range

CONFIGURING THE SWITCH3-202• Remove Class – Deletes a class.- Policy Settings -• Class Name – Name of class map.• Action – Configures the service prov

QUALITY OF SERVICE3-203Figure 3-90. Configuring Policy Maps

CONFIGURING THE SWITCH3-204CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 b

QUALITY OF SERVICE3-205Figure 3-91. Service Policy SettingsCLI – This example applies a service policy to an ingress interface.Console(config)#interf

TABLESxxii

CONFIGURING THE SWITCH3-206Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A

MULTICAST FILTERING3-207Layer 2 IGMP (Snooping and Query)IGMP Snooping and Query — If multicast routing is not supported on other switches in your net

CONFIGURING THE SWITCH3-208• IGMP Querier — A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast

MULTICAST FILTERING3-209• IGMP Version — Sets the protocol version for compatibility with other devices on the network. (Range: 1-2; Default: 2)Notes:

CONFIGURING THE SWITCH3-210Enabling IGMP Filter StatusYou can enable the IGMP filter status and set the IGMP profile configuration.Command Attributes•

MULTICAST FILTERING3-211IGMP immediate leave improves bandwidth management for all hosts in a switched network.Command Attributes• VLAN ID — ID of con

CONFIGURING THE SWITCH3-212Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informat

MULTICAST FILTERING3-213CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying Stati

CONFIGURING THE SWITCH3-214CLI – This example configures port 11 as a multicast router port within VLAN 1.Displaying Port Members of Multicast Service

MULTICAST FILTERING3-215CLI – This example displays all the known multicast services supported on VLAN 1, along with the ports propagating the corresp

xxiiiFIGURESFigure 3-1. Homepage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Figure 3-2. Panel Display . . . . . .

CONFIGURING THE SWITCH3-216Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabl

MULTICAST FILTERING3-217IGMP filtering enables you to assign a profile to a switch port that specifies multcast groups that are permitted or denied on

CONFIGURING THE SWITCH3-218• Access Mode – Sets the access mode of the profile; either permit or deny. • Current Multicast Address Range List – Lists

MULTICAST FILTERING3-219CLI – This example configures profile number 19 by setting the access mode to “permit” and then specifying a range of multicas

CONFIGURING THE SWITCH3-220• Current Multicast Groups – Sets the action to take when the maximum number of multicast groups for the interface has been

MULTICAST VLAN REGISTRATION3-221CLI – This example assigns IGMP profile number 19 to port 1, and then sets the throttling number and action. The curre

CONFIGURING THE SWITCH3-222General Configuration Guidelines for MVR1. Enable MVR globally on the switch, select the MVR VLAN, and add the multicast gr

MULTICAST VLAN REGISTRATION3-223Configuring Global MVR Settings The global settings for Multicast VLAN Registration (MVR) include enabling or disablin

CONFIGURING THE SWITCH3-224Web – Click MVR, Configuration. Enable MVR globally on the switch, select the MVR VLAN, add the multicast groups that will

MULTICAST VLAN REGISTRATION3-225multicast traffic from one of the MVR groups, or a multicast group has been statically assigned to an interface.• Imme

FIGURESxxivFigure 3-37. SSH User Public-Key Settings . . . . . . . . . . . . . . . . . . . . 3-85Figure 3-38. Configuring Port Security . . . . . .

CONFIGURING THE SWITCH3-226• Group Port List – Shows the interfaces with subscribers for multicast services provided through the MVR VLAN.Web – Click

MULTICAST VLAN REGISTRATION3-227Configuring MVR Interface Status Each interface that participates in the MVR VLAN must be configured as an MVR source

CONFIGURING THE SWITCH3-228- Receiver – A subscriber port that can receive multicast data sent through the MVR VLAN.- Non-MVR – An interface that do

MULTICAST VLAN REGISTRATION3-229CLI – This example configures an MVR source port and receiver port, and then enables immediate leave on the receiver p

CONFIGURING THE SWITCH3-230Web – Click MVR, Group Member Configuration. Select a port or trunk from the “Interface” field, and click Query to display

DHCP SNOOPING3-231When enabled, DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping.Filter

CONFIGURING THE SWITCH3-232Additional considerations when the switch itself is a DHCP client – The port(s) through which the switch submits a client r

DHCP SNOOPING3-233DHCP Snooping VLAN ConfigurationEnables DHCP snooping on the specified VLAN.Command Attributes• VLAN ID – ID of a configured VLAN. (

CONFIGURING THE SWITCH3-234When the DHCP Snooping Information Option is enabled, clients can be identified by the switch port to which they are connec

DHCP SNOOPING3-235Web – Click DHCP Snooping, Information Option Configuration. Figure 3-108. DHCP Snooping Information Option ConfigurationCLI – This

FIGURESxxvFigure 3-74. Configuring VLAN Ports . . . . . . . . . . . . . . . . . . . . . . . 3-175Figure 3-75. Private VLAN Information . . . . . .

CONFIGURING THE SWITCH3-236Web – Click DHCP Snooping, Information Option Configuration. Figure 3-109. DHCP Snooping Port ConfigurationCLI – This exam

IP SOURCE GUARD3-237Web – Click DHCP Snooping, DHCP Snooping Binding Information.Figure 3-110. DHCP Snooping Binding InformationCLI – This example sh

CONFIGURING THE SWITCH3-238When enabled, traffic is filtered based upon dynamic entries learned via DHCP snooping or static addresses configured in th

IP SOURCE GUARD3-239CLI – This example shows how to enable IP source guard on port 5.Static IP Source Guard Binding ConfigurationAdds a static address

CONFIGURING THE SWITCH3-240Web – Click IP Source Guard, Static Configuration. Figure 3-112. Static IP Source Guard Binding ConfigurationCLI – This ex

IP SOURCE GUARD3-241Web – Click IP Source Guard, Dynamic Information. Figure 3-113. Dynamic IP Source Guard Binding InformationCLI – This example sho

CONFIGURING THE SWITCH3-242Switch ClusteringSwitch Clustering is a method of grouping switches together to enable centralized management through a sin

SWITCH CLUSTERING3-243• Cluster Commander – Enables or disables the switch as a cluster Commander.• Role – Indicates the current role of the switch in

CONFIGURING THE SWITCH3-244Cluster Member ConfigurationAdds Candidate switches to the cluster as Members. Command Attributes• Member ID – Specify a Me

SWITCH CLUSTERING3-245Cluster Member InformationDisplays current cluster Member switch information.Command Attributes• Member ID – The ID number of th

20 MasonIrvine, CA 92618Phone: (949) 679-8000TigerSwitch 10/100Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsMarch 2007

FIGURESxxviFigure 3-111. IP Source Guard Port Configuration . . . . . . . . . . . . . . 3-238Figure 3-112. Static IP Source Guard Binding Configurati

CONFIGURING THE SWITCH3-246Cluster Candidate InformationDisplays information about discovered switches in the network that are already cluster Members

4-1CHAPTER 4COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the CLI

COMMAND LINE INTERFACE4-2After connecting to the system through the console port, the login screen displays:Telnet ConnectionTelnet operates over the

ENTERING COMMANDS4-32. At the prompt, enter the user name and system password. The CLI will display the “Vty-n#” prompt for the administrator to show

COMMAND LINE INTERFACE4-4• To enter multiple commands, enter each command in the required order. For example, to enable Privileged Exec command mode,

ENTERING COMMANDS4-5Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current comm

COMMAND LINE INTERFACE4-6The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keywo

ENTERING COMMANDS4-7Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display informa

COMMAND LINE INTERFACE4-8Privileged Exec mode from within Normal Exec mode, by entering the enable command, followed by the privileged level password

ENTERING COMMANDS4-9• Line Configuration - These commands modify the console port and Telnet configuration, and include command such as parity and dat

1-1CHAPTER 1INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to config

COMMAND LINE INTERFACE4-10Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain e

COMMAND GROUPS4-11Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command Group IndexCommand Gr

COMMAND LINE INTERFACE4-12The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration)GC

COMMAND GROUPS4-13PE (Privileged Exec) VC (VLAN Database Configuration)

COMMAND LINE INTERFACE4-14Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial

LINE COMMANDS4-15lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax line {con

COMMAND LINE INTERFACE4-16loginThis command enables password checking at login. Use the no form to disable password checking and allow connections wit

LINE COMMANDS4-17ExampleRelated Commandsusername (4-35)password (4-17)passwordThis command specifies the password for a line. Use the no form to remov

COMMAND LINE INTERFACE4-18ExampleRelated Commandslogin (4-16)password-thresh (4-20)timeout login responseThis command sets the interval that the syste

LINE COMMANDS4-19exec-timeoutThis command sets the interval that the system waits until user input is detected. Use the no form to restore the default

INTRODUCTION1-2Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates th

COMMAND LINE INTERFACE4-20password-threshThis command sets the password intrusion threshold which limits the number of failed logon attempts. Use the

LINE COMMANDS4-21silent-timeThis command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempt

COMMAND LINE INTERFACE4-22Default Setting 8 data bits per characterCommand Mode Line Configuration Command Usage The databits command can be used to m

LINE COMMANDS4-23Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting.Ex

COMMAND LINE INTERFACE4-24Example To specify 57600 bps, enter this command:stopbitsThis command sets the number of the stop bits transmitted per byte.

LINE COMMANDS4-25Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for an activ

COMMAND LINE INTERFACE4-26Example To show all lines, enter this command:General CommandsConsole#show line Console configuration: Password threshold:

GENERAL COMMANDS4-27enableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands dis

COMMAND LINE INTERFACE4-28disableThis command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic info

GENERAL COMMANDS4-29ExampleRelated Commands end (4-30)show historyThis command shows the contents of the command history buffer.Default Setting NoneCo

DESCRIPTION OF SOFTWARE FEATURES1-3Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and

COMMAND LINE INTERFACE4-30The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode

GENERAL COMMANDS4-31Command Mode Global Configuration, Interface Configuration, Line Configuration, and VLAN Database Configuration.Example This examp

COMMAND LINE INTERFACE4-32Command Mode Normal Exec, Privileged ExecCommand Usage The quit and exit commands can both exit the configuration program.Ex

SYSTEM MANAGEMENT COMMANDS4-33Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.S

COMMAND LINE INTERFACE4-34ExamplehostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default host

SYSTEM MANAGEMENT COMMANDS4-35usernameThis command adds named users, requires authentication at login, specifies or changes a user's password (or

COMMAND LINE INTERFACE4-36The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when read

SYSTEM MANAGEMENT COMMANDS4-37• The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) whe

COMMAND LINE INTERFACE4-38• end-address - The end address of a range.Default Setting All addressesCommand Mode Global ConfigurationCommand Usage • If

SYSTEM MANAGEMENT COMMANDS4-39show managementThis command displays the client IP addresses that are allowed management access to the switch through va

INTRODUCTION1-4Rate Limiting – This feature controls the maximum rate for traffic received on an interface. Rate limiting is configured on interfaces

COMMAND LINE INTERFACE4-40Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no form

SYSTEM MANAGEMENT COMMANDS4-41ip http serverThis command allows this device to be monitored or configured from a browser. Use the no form to disable t

COMMAND LINE INTERFACE4-42Command Usage • Both HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure the HT

SYSTEM MANAGEMENT COMMANDS4-43ip http secure-portThis command specifies the UDP port number used for HTTPS/SSL connection to the switch’s web interfac

COMMAND LINE INTERFACE4-44Telnet Server Commandsip telnet serverThis command allows this device to be monitored or configured from Telnet. Use the no

SYSTEM MANAGEMENT COMMANDS4-45Default Setting 23Command Mode Global ConfigurationExampleSecure Shell CommandsThe Berkley-standard includes remote acc

COMMAND LINE INTERFACE4-46Note: The switch supports both SSH Version 1.5 and 2.0.The SSH server on this switch supports both password and public key a

SYSTEM MANAGEMENT COMMANDS4-47following section. Note that regardless of whether you use public key or password authentication, you still have to gene

COMMAND LINE INTERFACE4-485. Enable SSH Service – Use the ip ssh server command to enable the SSH server on the switch.6. Configure Challenge-Response

SYSTEM MANAGEMENT COMMANDS4-49Command Mode Global ConfigurationCommand Usage • The SSH server supports up to four client sessions. The maximum number

DESCRIPTION OF SOFTWARE FEATURES1-5Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port.

COMMAND LINE INTERFACE4-50Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiat

SYSTEM MANAGEMENT COMMANDS4-51ip ssh server-key sizeThis command sets the SSH server key size. Use the no form to restore the default setting.Syntax i

COMMAND LINE INTERFACE4-52Example ip ssh crypto host-key generateThis command generates the host key pair (i.e., public and private). Syntax ip ssh cr

SYSTEM MANAGEMENT COMMANDS4-53ip ssh crypto zeroizeThis command clears the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [dsa | rsa]•

COMMAND LINE INTERFACE4-54Default Setting Saves both the DSA and RSA key.Command Mode Privileged ExecExample Related Commandsip ssh crypto host-key ge

SYSTEM MANAGEMENT COMMANDS4-55Table 4-16 show ssh - display description Field DescriptionSession The session number. (Range: 0-3)Version The Secure S

COMMAND LINE INTERFACE4-56show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [userna

SYSTEM MANAGEMENT COMMANDS4-57Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to swi

COMMAND LINE INTERFACE4-58Example Related Commandslogging history (4-58)clear logging (4-62)logging historyThis command limits syslog messages saved t

SYSTEM MANAGEMENT COMMANDS4-59Default Setting Flash: errors (level 3 - 0)RAM: warnings (level 7 - 0)Command Mode Global ConfigurationCommand Usage The

INTRODUCTION1-6Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain

COMMAND LINE INTERFACE4-60Command Usage • By using this command more than once you can build up a list of host IP addresses.• The maximum number of ho

SYSTEM MANAGEMENT COMMANDS4-61logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved

COMMAND LINE INTERFACE4-62clear loggingThis command clears messages from the log buffer.Syntax clear logging [flash | ram]• flash - Event history stor

SYSTEM MANAGEMENT COMMANDS4-63Default Setting NoneCommand Mode Privileged ExecExampleThe following example shows that system logging is enabled, the m

COMMAND LINE INTERFACE4-64Related Commandsshow logging sendmail (4-69)show logThis command displays the log messages stored in local memory.Syntax sho

SYSTEM MANAGEMENT COMMANDS4-65ExampleThe following example shows the event message stored in RAM. SMTP Alert CommandsThese commands configure SMTP eve

COMMAND LINE INTERFACE4-66logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMTP

SYSTEM MANAGEMENT COMMANDS4-67logging sendmail levelThis command sets the severity threshold used to trigger alert messages.Syntaxlogging sendmail lev

COMMAND LINE INTERFACE4-68Command Mode Global ConfigurationCommand Usage You may use an symbolic email address that identifies the switch, or the addr

SYSTEM MANAGEMENT COMMANDS4-69logging sendmailThis command enables SMTP event handling. Use the no form to disable this function.Syntax[no] logging se

SYSTEM DEFAULTS1-7Multicast Filtering – Multicast filtering is a system where network devices forward multicast traffic only to the ports that are reg

COMMAND LINE INTERFACE4-70Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining a

SYSTEM MANAGEMENT COMMANDS4-71Command Usage • The time acquired from time servers is used to record accurate dates and times for log events. Without S

COMMAND LINE INTERFACE4-72Command Mode Global ConfigurationCommand Usage This command specifies time servers from which the switch will poll for time

SYSTEM MANAGEMENT COMMANDS4-73Related CommandsRelated Commands (4-71)show sntpThis command displays the current time and configuration settings for th

COMMAND LINE INTERFACE4-74Default Setting NoneCommand Mode Global ConfigurationCommand Usage This command sets the local time zone relative to the Coo

SYSTEM MANAGEMENT COMMANDS4-75Default Setting NoneCommand Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, Febr

COMMAND LINE INTERFACE4-76System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile memory that is

SYSTEM MANAGEMENT COMMANDS4-77- IP address configured for the switch- Spanning tree settings- Any configured settings for the console port and TelnetE

COMMAND LINE INTERFACE4-78• Use this command in conjunction with the show startup-config command to compare the information in running memory to the i

SYSTEM MANAGEMENT COMMANDS4-79Example Console#show running-configbuilding running-config, please wait...!phymap 00-30-f1-df-9c-a0 00-00-00-00-00-00

INTRODUCTION1-8IP Filtering DisabledWeb Management HTTP Server EnabledHTTP Port Number 80HTTP Secure Server EnabledHTTP Secure Port Number 443SNMP Com

COMMAND LINE INTERFACE4-80show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Usa

SYSTEM MANAGEMENT COMMANDS4-81show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.

COMMAND LINE INTERFACE4-82Command Mode Normal Exec, Privileged ExecCommand Usage See “Displaying Switch Hardware/Software Versions” on page 3-15 for d

SYSTEM MANAGEMENT COMMANDS4-83Command Mode Global ConfigurationCommand Usage • This switch provides more efficient throughput for large sequential dat

COMMAND LINE INTERFACE4-84Flash/File CommandsThese commands are used to manage the system code or configuration files.copy This command moves (uplo

FLASH/FILE COMMANDS4-85• https-certificate - Keyword that allows you to copy the HTTPS secure site certificate.• public-key - Keyword that allows you

COMMAND LINE INTERFACE4-86Example The following example shows how to upload the configuration settings to a file on the TFTP server:The following exam

FLASH/FILE COMMANDS4-87This example shows how to copy a public-key used by SSH from an TFTP server. Note that public key authentication via SSH is onl

COMMAND LINE INTERFACE4-88Example This example shows how to delete the test2.cfg configuration file from flash memory.Related Commandsdir (4-88)delete

FLASH/FILE COMMANDS4-89Command Usage • If you enter the command dir without any parameters, the system displays all files. • A colon (:) is required a

SYSTEM DEFAULTS1-9Traffic PrioritizationIngress Port Priority 0Weighted Round Robin Queue: 0 1 2 3 4 5 6 7Weight: 1 2 4 6 8 10 12 14IP DSCP Priority D

COMMAND LINE INTERFACE4-90Command Mode Privileged ExecExampleThis example shows the information displayed by the whichboot command. See the table unde

AUTHENTICATION COMMANDS4-91ExampleRelated Commandsdir (4-88)whichboot (4-89) Authentication Commands You can configure this switch to authenticate use

COMMAND LINE INTERFACE4-92authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the defa

AUTHENTICATION COMMANDS4-93Example Related Commandsusername - for setting the local user names and passwords (4-35)authentication enableThis command d

COMMAND LINE INTERFACE4-94• You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if

AUTHENTICATION COMMANDS4-95radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply to each

COMMAND LINE INTERFACE4-96Example radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax ra

AUTHENTICATION COMMANDS4-97Default Setting NoneCommand Mode Global ConfigurationExample radius-server retransmitThis command sets the number of retrie

COMMAND LINE INTERFACE4-98radius-server timeoutThis command sets the interval between transmitting authentication requests to the RADIUS server. Use t

AUTHENTICATION COMMANDS4-99TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses softw

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

INTRODUCTION1-10

COMMAND LINE INTERFACE4-100tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.Syntax tac

AUTHENTICATION COMMANDS4-101Example show tacacs-serverThis command displays the current settings for the TACACS+ server.Default Setting NoneCommand Mo

COMMAND LINE INTERFACE4-102port securityThis command enables or configures port security. Use the no form without any keywords to disable port securit

AUTHENTICATION COMMANDS4-103Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

COMMAND LINE INTERFACE4-104802.1X Port AuthenticationThe switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized acce

AUTHENTICATION COMMANDS4-105dot1x system-auth-controlThis command enables IEEE 802.1X port authentication globally on the switch. Use the no form to r

COMMAND LINE INTERFACE4-106dot1x max-reqThis command sets the maximum number of times the switch port will retransmit an EAP request/identity packet t

AUTHENTICATION COMMANDS4-107Defaultforce-authorizedCommand ModeInterface ConfigurationExampledot1x operation-modeThis command allows single or multipl

COMMAND LINE INTERFACE4-108Similarly, a port can become unauthorized for all hosts if one attached host fails re-authentication or sends an EAPOL logo

AUTHENTICATION COMMANDS4-109dot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been exceede

2-1CHAPTER 2INITIAL CONFIGURATIONConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent offer

COMMAND LINE INTERFACE4-110Exampledot1x timeout tx-periodThis command sets the time that the switch waits during an authentication session before re-t

AUTHENTICATION COMMANDS4-111Command ModePrivileged ExecCommand UsageThis command displays the following information:• Global 802.1X Parameters – Shows

COMMAND LINE INTERFACE4-112• Authenticator State Machine - State – Current state (including initialize, disconnected, connecting, authenticating, auth

ACCESS CONTROL LIST COMMANDS4-113Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, prot

COMMAND LINE INTERFACE4-114The following restrictions apply to ACLs:• Each ACL can have up to 60 rules.• This switch supports ACLs for ingress filteri

ACCESS CONTROL LIST COMMANDS4-115access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Us

COMMAND LINE INTERFACE4-116the bottom of the list. To create an ACL, you must add at least one rule to the list.• To remove a rule, use the no permit

ACCESS CONTROL LIST COMMANDS4-117uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the specified sour

COMMAND LINE INTERFACE4-118• sport – Protocol2 source port number. (Range: 0-65535)• dport – Protocol2 destination port number. (Range: 0-65535)• end

ACCESS CONTROL LIST COMMANDS4-119Syntaxshow ip access-list {standard | extended} [acl_name]• standard – Specifies a standard IP ACL.• extended – Speci

INITIAL CONFIGURATION2-2The switch’s Web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

COMMAND LINE INTERFACE4-120• If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the

ACCESS CONTROL LIST COMMANDS4-121Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command Usage• You must configure an ACL mask before

COMMAND LINE INTERFACE4-122• port - Port number. (Range: 1-28)Command ModePrivileged ExecExample Related Commandsmap access-list ip (4-120)ACL Informa

SNMP COMMANDS4-123Example show access-groupThis command shows the port assignments of ACLs.Command ModePrivileged ExecutiveExample SNMP CommandsContro

COMMAND LINE INTERFACE4-124v1, v2c or v3) and security level (i.e., authentication and privacy), and then assign SNMP users to these groups, along wit

SNMP COMMANDS4-125snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no form

COMMAND LINE INTERFACE4-126ExampleConsole#show snmpSNMP Agent: enabledSNMP traps: Authentication: enable Link-up-down: enableSNMP communities: 1.

SNMP COMMANDS4-127snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified commu

COMMAND LINE INTERFACE4-128string - String that describes the system contact information. (Maximum length: 255 characters)Default Setting NoneCommand

SNMP COMMANDS4-129snmp-server hostThis command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form

CONNECTING TO THE SWITCH2-3To connect a terminal to the console port, complete the following steps: 1. Connect the console cable to the serial port on

COMMAND LINE INTERFACE4-130Default Setting • Host Address: None• Notification Type: Traps•SNMP Version: 1• UDP Port: 162Command Mode Global Configurat

SNMP COMMANDS4-1312. Allow the switch to send SNMP traps; i.e., notifications (page 4-132).3. Specify the target host that will receive inform message

COMMAND LINE INTERFACE4-132ExampleRelated Commandssnmp-server enable traps (4-132)snmp-server enable trapsThis command enables this device to send Sim

SNMP COMMANDS4-133In order to send notifications, you must configure at least one snmp-server host command. • The authentication, link-up, and link-do

COMMAND LINE INTERFACE4-134message replay, delay, and redirection. The engine ID is also used in combination with user passwords to generate the secur

SNMP COMMANDS4-135ExampleThis example shows the default engine ID. snmp-server viewThis command adds an SNMP view which controls user access to the MI

COMMAND LINE INTERFACE4-136Command Mode Global ConfigurationCommand Usage • Views are used in the snmp-server group command to restrict user access to

SNMP COMMANDS4-137Example snmp-server groupThis command adds an SNMP group, mapping SNMP users to SNMP views. Use the no form to remove an SNMP group.

COMMAND LINE INTERFACE4-138• readview - Defines the view for read access. (1-64 characters)• writeview - Defines the view for write access. (1-64 char

SNMP COMMANDS4-139Example Console#show snmp groupGroup Name: r&dSecurity Model: v3Read View: defaultviewWrite View: dailyNotify View: noneStorage

INITIAL CONFIGURATION2-4Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a v

COMMAND LINE INTERFACE4-140snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View. U

SNMP COMMANDS4-141Command Mode Global ConfigurationCommand Usage • The SNMP engine ID is used to compute the authentication/privacy digests from the p

COMMAND LINE INTERFACE4-142show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngine

INTERFACE COMMANDS4-143Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

COMMAND LINE INTERFACE4-144interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a trun

INTERFACE COMMANDS4-145Command Mode Interface Configuration (Ethernet, Port Channel)Example The following example adds a description to port 24.speed-

COMMAND LINE INTERFACE4-146• When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilitie

INTERFACE COMMANDS4-147Example The following example configures port 11 to use autonegotiation.Related Commands capabilities (4 -147)speed-duplex (4 -

COMMAND LINE INTERFACE4-148Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings fo

INTERFACE COMMANDS4-149• To force flow control on or off (with the flowcontrol or no flowcontrol command), use the no negotiation command to disable a

BASIC CONFIGURATION2-5Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each l

COMMAND LINE INTERFACE4-150Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then ree

INTERFACE COMMANDS4-151Example The following example clears statistics on port 5.show interfaces statusThis command displays the status for an interfa

COMMAND LINE INTERFACE4-152Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]inte

INTERFACE COMMANDS4-153Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displaye

COMMAND LINE INTERFACE4-154show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Synta

INTERFACE COMMANDS4-155Table 4-43 show interfaces switchport - display descriptionField DescriptionBroadcast threshold Shows if broadcast storm suppr

COMMAND LINE INTERFACE4-156Broadcast CommandsThis section describes how to configure broadcast storm control for the switch.broadcast packet-rateThis

BROADCAST COMMANDS4-157Example The following shows how to configure broadcast storm control at 600 packets per second:switchport broadcastThis command

COMMAND LINE INTERFACE4-158Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port.port monitorThis comma

MIRROR PORT COMMANDS4-159Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach

INITIAL CONFIGURATION2-6 Setting an IP AddressYou must establish IP address information for the switch to obtain management access through the network

COMMAND LINE INTERFACE4-160Example The following shows mirroring configured from port 6 to port 11.Rate Limit CommandsThis function allows the network

RATE LIMIT COMMANDS4-161• input – Input rate• rate – PercentageDefault Setting 100 percentCommand Mode Interface Configuration (Ethernet, Port Channel

COMMAND LINE INTERFACE4-162Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of

LINK AGGREGATION COMMANDS4-163Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding

COMMAND LINE INTERFACE4-164channel-group This command adds a port to a trunk. Use the no form to remove a port from a trunk.Syntax channel-group chann

LINK AGGREGATION COMMANDS4-165Command Mode Interface Configuration (Ethernet)Command Usage • The ports on both ends of an LACP trunk must be configure

COMMAND LINE INTERFACE4-166ExampleThe following shows LACP enabled on ports 10-12. Because LACP has also been enabled on the ports at the other end of

LINK AGGREGATION COMMANDS4-167lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default s

COMMAND LINE INTERFACE4-168lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to restor

LINK AGGREGATION COMMANDS4-169lacp admin-key (Port Channel)This command configures a port channel's LACP administration key string. Use the no fo

BASIC CONFIGURATION2-7To assign an IP address to the switch, complete the following steps:1. From the Privileged Exec level global configuration mode

COMMAND LINE INTERFACE4-170lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lacp {a

LINK AGGREGATION COMMANDS4-171show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbors | sys-i

COMMAND LINE INTERFACE4-172Table 4-48 show lacp counters - display descriptionField DescriptionLACPDUs Sent Number of valid LACPDUs transmitted from

LINK AGGREGATION COMMANDS4-173LACPDUs InternalNumber of seconds before invalidating received LACPDU information.LACP System PriorityLACP system priori

COMMAND LINE INTERFACE4-174Console#show lacp 1 neighborsChannel group 1 neighbors-------------------------------------------------------------------Et

ADDRESS TABLE COMMANDS4-175Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

COMMAND LINE INTERFACE4-176mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an ad

ADDRESS TABLE COMMANDS4-177Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this comm

COMMAND LINE INTERFACE4-178show mac-address-tableThis command shows classes of entries in the bridge-forwarding database.Syntax show mac-address-table

ADDRESS TABLE COMMANDS4-179Examplemac-address-table aging-timeThis command sets the aging time for entries in the address table. Use the no form to re

INITIAL CONFIGURATION2-81. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <En

COMMAND LINE INTERFACE4-180show mac-address-table aging-timeThis command shows the aging time for entries in the address table.Default Setting NoneCom

SPANNING TREE COMMANDS4-181spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Syntax

COMMAND LINE INTERFACE4-182network to ensure that only one route exists between any two stations on the network, and provide backup links which automa

SPANNING TREE COMMANDS4-183adjusting the type of protocol messages the RSTP node transmits, as described below:- STP Mode – If the switch receives an

COMMAND LINE INTERFACE4-184Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., disca

SPANNING TREE COMMANDS4-185Related Commandsspanning-tree forward-time (4 -183)spanning-tree max-age (4 -185)spanning-tree max-ageThis command configur

COMMAND LINE INTERFACE4-186spanning-tree priorityThis command configures the spanning tree priority globally for this switch. Use the no form to resto

SPANNING TREE COMMANDS4-187Protocol. • short - Specifies 16-bit based values that range from 1-65535. This method is based on the IEEE 802.1 Spanning

COMMAND LINE INTERFACE4-188Example spanning-tree spanning-disabledThis command disables the spanning tree algorithm for the specified interface. Use t

SPANNING TREE COMMANDS4-189Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex: 2

BASIC CONFIGURATION2-9Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Protoc

COMMAND LINE INTERFACE4-190Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the priority for the use

SPANNING TREE COMMANDS4-191of frame flooding required to rebuild address tables during reconfiguration events, does not cause the spanning tree to ini

COMMAND LINE INTERFACE4-192forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end-no

SPANNING TREE COMMANDS4-193point-to-point link, while a half-duplex interface is assumed to be on a shared link.• RSTP only works on point-to-point li

COMMAND LINE INTERFACE4-194show spanning-treeThis command shows the configuration for the common spanning tree (CST).Syntax show spanning-tree [interf

SPANNING TREE COMMANDS4-195ExampleConsole#show spanning-treeSpanning-tree information--------------------------------------------------------------- S

COMMAND LINE INTERFACE4-196VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong

VLAN COMMANDS4-197Command Mode Global ConfigurationCommand Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishin

COMMAND LINE INTERFACE4-198Default Setting By default only VLAN 1 exists and is active.Command Mode VLAN Database ConfigurationCommand Usage • no vlan

VLAN COMMANDS4-199interface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLAN parameters for a physical

iLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un

INITIAL CONFIGURATION2-10To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default

COMMAND LINE INTERFACE4-200switchport modeThis command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax s

VLAN COMMANDS4-201• tagged - The port only receives tagged frames. Default Setting All frame typesCommand Mode Interface Configuration (Ethernet, Port

COMMAND LINE INTERFACE4-202switchport ingress-filtering This command enables ingress filtering for an interface. Note: Although the ingress filtering

VLAN COMMANDS4-203switchport native vlanThis command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default.Sy

COMMAND LINE INTERFACE4-204switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the defaul

VLAN COMMANDS4-205• The interface can be added to a VLAN as an untagged member regardless of connected devices to this interface. The default setting

COMMAND LINE INTERFACE4-206Command Usage • This command prevents a VLAN from being automatically added to the specified interface via GVRP.• If a VLAN

VLAN COMMANDS4-207Default Setting Shows all VLANs.Command Mode Normal Exec, Privileged ExecExample The following example shows how to display informat

COMMAND LINE INTERFACE4-208To configure primary/secondary associated groups, follow these steps:1. Use the private-vlan command to designate one or mo

VLAN COMMANDS4-209private-vlan Use this command to create a primary or community VLAN. Use the no form to remove the specified private VLAN.Syntaxpriv

BASIC CONFIGURATION2-11see “snmp-server host” on page 4-129. The following example creates a trap host for each type of SNMP client.Configuring Access

COMMAND LINE INTERFACE4-210Exampleprivate vlan associationUse this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use th

VLAN COMMANDS4-211switchport mode private-vlanUse this command to set the private VLAN mode for an interface. Use the no form to restore the default s

COMMAND LINE INTERFACE4-212switchport private-vlan host-association secondary-vlan-idno switchport private-vlan host-associationsecondary-vlan-id - ID

VLAN COMMANDS4-213Command UsagePromiscuous ports assigned to a primary VLAN can communicate with any other promiscuous ports in the same VLAN, and wit

COMMAND LINE INTERFACE4-214GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN information i

GVRP AND BRIDGE EXTENSION COMMANDS4-215Command Mode Global ConfigurationCommand Usage GVRP defines a way for switches to exchange VLAN information in

COMMAND LINE INTERFACE4-216switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefault Setti

GVRP AND BRIDGE EXTENSION COMMANDS4-217garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the

COMMAND LINE INTERFACE4-218Example Related Commandsshow garp timer (4 -218)show garp timerThis command shows the GARP timers for the selected interfac

PRIORITY COMMANDS4-219Priority CommandsThe commands described in this section allow you to specify which data packets have greater precedence when tra

INITIAL CONFIGURATION2-12To save the current configuration settings, enter the following command:1. From the Privileged Exec mode prompt, type “copy r

COMMAND LINE INTERFACE4-220queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS)

PRIORITY COMMANDS4-221Example The following example sets the queue mode to strict priority service mode.switchport priority defaultThis command sets a

COMMAND LINE INTERFACE4-222Therefore, any inbound frames that do not have priority tags will be placed in queue 0 of the output port. (Note that if th

PRIORITY COMMANDS4-223Related Commandsshow queue bandwidth (4 -224)queue cos-mapThis command assigns class of service (CoS) values to the priority que

COMMAND LINE INTERFACE4-224Example The following example shows how to change the CoS assignments to a one-to-one mapping. Related Commands show queue

PRIORITY COMMANDS4-225Command Mode Privileged ExecExample show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos

COMMAND LINE INTERFACE4-226Priority Commands (Layer 3 and 4)map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiat

PRIORITY COMMANDS4-227map ip dscp (Interface Configuration)This command sets IP DSCP priority (i.e., Differentiated Services Code Point priority). Use

COMMAND LINE INTERFACE4-228Example The following example shows how to map IP DSCP value 1 to CoS value 0.show map ip dscpThis command shows the IP DSC

MULTICAST FILTERING COMMANDS4-229Example Related Commands map ip dscp (Global Configuration) (4 -226)map ip dscp (Interface Configuration) (4 -227)Mul

MANAGING SYSTEM FILES2-13Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many d

COMMAND LINE INTERFACE4-230IGMP Snooping Commandsip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Synt

MULTICAST FILTERING COMMANDS4-231ip igmp snooping vlan staticThis command adds a port to a multicast group. Use the no form to remove the port.Syntax

COMMAND LINE INTERFACE4-232ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Syntax ip

MULTICAST FILTERING COMMANDS4-233ip igmp snooping immediate-leaveThis command enables IGMP immediate leave for specific VLAN. Use the no form to disab

COMMAND LINE INTERFACE4-234Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-207 for a description of the displayed items.E

MULTICAST FILTERING COMMANDS4-235Example The following shows the multicast entries learned through IGMP snooping for VLAN 1:IGMP Query Commands (Layer

COMMAND LINE INTERFACE4-236Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they

MULTICAST FILTERING COMMANDS4-237Example The following shows how to configure the query count to 10:Related Commands ip igmp snooping query-max-respon

COMMAND LINE INTERFACE4-238ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore the defa

MULTICAST FILTERING COMMANDS4-239ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the def

INITIAL CONFIGURATION2-14

COMMAND LINE INTERFACE4-240Static Multicast Routing Commandsip igmp snooping vlan mrouterThis command statically configures a multicast router port. U

MULTICAST FILTERING COMMANDS4-241Example The following shows how to configure port 11 as a multicast router port within VLAN 1:show ip igmp snooping m

COMMAND LINE INTERFACE4-242IGMP Filtering and Throttling CommandsIn certain switch applications, the administrator may want to control the multicast s

IGMP FILTERING AND THROTTLING COMMANDS4-243ip igmp filter (Global Configuration) This command globally enables IGMP filtering and throttling on the sw

COMMAND LINE INTERFACE4-244ip igmp profile This command creates an IGMP filter profile number and enters IGMP profile configuration mode. Use the no f

IGMP FILTERING AND THROTTLING COMMANDS4-245• When the access mode is set to permit, IGMP join reports are processed when a multicast group falls withi

COMMAND LINE INTERFACE4-246ip igmp filter (Interface Configuration) This command assigns an IGMP filtering profile to an interface on the switch. Use

IGMP FILTERING AND THROTTLING COMMANDS4-247ip igmp max-groups This command sets the IGMP throttling number for an interface on the switch. Use the no

COMMAND LINE INTERFACE4-248ip igmp max-groups action This command sets the IGMP throttling action for an interface on the switch. Syntax ip igmp max-g

IGMP FILTERING AND THROTTLING COMMANDS4-249Default Setting NoneCommand Mode Privileged ExecExampleshow ip igmp profile This command displays IGMP filt

3-1CHAPTER 3CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the sw

COMMAND LINE INTERFACE4-250show ip igmp throttle interface This command displays the interface settings for IGMP throttling. Syntax show ip igmp thro

MULTICAST VLAN REGISTRATION COMMANDS4-251multicast VLAN. Also note that MVR maintains the user isolation and data security provided by VLAN segregatio

COMMAND LINE INTERFACE4-252Default Setting •MVR is disabled.• No MVR group address is defined.• The default number of contiguous addresses is 0.• MVR

MULTICAST VLAN REGISTRATION COMMANDS4-253mvr (Interface Configuration) This command configures an interface as an MVR receiver or source port using th

COMMAND LINE INTERFACE4-254MVR VLAN. Multicast groups can also be statically assigned to a receiver port using the group keyword. • One or more interf

MULTICAST VLAN REGISTRATION COMMANDS4-255ExampleThe following configures one source port and several receiver ports on the switch, enables immediate l

COMMAND LINE INTERFACE4-256Command Usage Enter this command without any keywords to display the global settings for MVR. Use the interface keyword to

MULTICAST VLAN REGISTRATION COMMANDS4-257The following shows information about the interfaces associated with multicast groups assigned to the MVR VLA

COMMAND LINE INTERFACE4-258IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for

IP INTERFACE COMMANDS4-259ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the defaul

CONFIGURING THE SWITCH3-2Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is

COMMAND LINE INTERFACE4-260access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address a

IP INTERFACE COMMANDS4-261Example In the following example, the device is reassigned the same address.Related Commands ip address (4 -259)ip default-g

COMMAND LINE INTERFACE4-262Related Commands show ip redirects (4 -262)show ip interfaceThis command displays the settings of an IP interface.Default S

IP INTERFACE COMMANDS4-263pingThis command sends ICMP echo request packets to another node on the network.Syntax ping host [size size] [count count]•

COMMAND LINE INTERFACE4-264ExampleRelated Commands interface (4 -144)IP Source Guard CommandsIP Source Guard is a security feature that filters IP tra

IP SOURCE GUARD COMMANDS4-265ip source-guardThis command configures the switch to filter inbound traffic based source IP address, or source IP address

COMMAND LINE INTERFACE4-266• Static addresses entered in the source guard binding table with the ip source-guard binding command (page 4-267) are auto

IP SOURCE GUARD COMMANDS4-267ip source-guard bindingThis command adds a static address to the source-guard binding table. Use the no form to remove a

COMMAND LINE INTERFACE4-268- If there is an entry with same VLAN ID and MAC address, and the type of entry is static IP source guard binding, then the

DHCP SNOOPING COMMANDS4-269show ip source-guard bindingThis command shows the source guard binding table.Command Mode Privileged ExecExample DHCP Snoo

NAVIGATING THE WEB BROWSER INTERFACE3-3Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and pa

COMMAND LINE INTERFACE4-270ip dhcp snoopingThis command enables DHCP snooping globally. Use the no form to restore the default setting.Syntax [no] ip

DHCP SNOOPING COMMANDS4-271(Dynamic-DHCP-Binding, Static-DHCP-Binding), VLAN identifier, and port identifier.• When DHCP snooping is enabled, the rate

COMMAND LINE INTERFACE4-272• If the DHCP snooping is globally disabled, all dynamic bindings are removed from the binding table.• Additional considera

DHCP SNOOPING COMMANDS4-273Command Usage • When DHCP snooping enabled globally using the ip dhcp snooping command (page 4-270), and enabled on a VLAN

COMMAND LINE INTERFACE4-274Command Usage • An untrusted interface is an interface that is configured to receive messages from outside the network or f

DHCP SNOOPING COMMANDS4-275Command Mode Global ConfigurationCommand Usage If MAC address verification is enabled, and the source MAC address in the Et

COMMAND LINE INTERFACE4-276• When the DHCP Snooping Information Option is enabled, clients can be identified by the switch port to which they are conn

DHCP SNOOPING COMMANDS4-277Example ip dhcp snooping database flashThis command writes all dynamically learned snooping entries to flash memory.Command

COMMAND LINE INTERFACE4-278Example show ip dhcp snooping bindingThis command shows the DHCP snooping binding table entries.Command Mode Privileged Exe

SWITCH CLUSTER COMMANDS4-279clusterThis command enables clustering on the switch. Use the no form to disable clustering.Syntax [no] clusterDefault Set

CONFIGURING THE SWITCH3-4Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made

COMMAND LINE INTERFACE4-280• Switch clusters are limited to a single IP subnet (Layer 2 domain).• A switch can only be a Member of one cluster.• Confi

SWITCH CLUSTER COMMANDS4-281cluster ip-poolThis command sets the cluster IP address pool. Use the no form to reset to the default address.Syntax clust

COMMAND LINE INTERFACE4-282cluster memberThis command configures a Candidate switch as a cluster Member. Use the no form to remove a Member switch fro

SWITCH CLUSTER COMMANDS4-283Command Usage • This command only operates through a Telnet connection to the Commander switch. Managing cluster Members u

COMMAND LINE INTERFACE4-284Example show cluster candidatesThis command shows the discovered Candidate switches in the network.Command Mode Privileged

A-1APPENDIX ASOFTWARE SPECIFICATIONSSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Lists

SOFTWARE SPECIFICATIONSA-2Spanning Tree AlgorithmSpanning Tree Protocol (STP, IEEE 802.1D) Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) VLAN Suppo

SOFTWARE SPECIFICATIONSA-3RMONGroups 1, 2, 3, 9 (Statistics, History, Alarm, Event)StandardsIEEE 802.1D Spanning Tree Protocol and traffic prioritiesI

SOFTWARE SPECIFICATIONSA-4Extended Bridge MIB (RFC 2674)Extensible SNMP Agents MIB (RFC 2742)Forwarding Table MIB (RFC 2096)IGMP MIB (RFC 2933)Interfa

B-1APPENDIX BTROUBLESHOOTINGProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet, w

MAIN MENU3-5Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor netw

TROUBLESHOOTINGB-2Cannot connect using Secure Shell• If you cannot connect using SSH, you may have exceeded the maximum number of concurrent Telnet/SS

USING SYSTEM LOGSB-3Using System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually cau

TROUBLESHOOTINGB-4

Glossary-1GLOSSARYAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GLOSSARYGlossary-2Dynamic Host Control Protocol (DHCP)Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is

GLOSSARYGlossary-3IEEE 802.1DSpecifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.IEEE 802.1QVLAN Tagging

GLOSSARYGlossary-4IGMP SnoopingListening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups t

GLOSSARYGlossary-5Link Aggregation Control Protocol (LACP)Allows ports to automatically negotiate a trunked link with LACP-configured ports on another

GLOSSARYGlossary-6Port MirroringA method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON

GLOSSARYGlossary-7Simple Mail Transfer Protocol (SMTP)A standard host-to-host mail transport protocol that operates over TCP, port 25.Simple Network M

LIMITED WARRANTYiiWARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT O

CONFIGURING THE SWITCH3-6SMTP Sends an SMTP client message to a participating server.3-39Reset Restarts the switch 3-41SNTP 3-42Configuration Configu

GLOSSARYGlossary-8Trivial File Transfer Protocol (TFTP)A TCP/IP protocol commonly used for software downloads.User Datagram Protocol (UDP)UDP provides

Index-1Numerics802.1x, port authentication 4-104Aacceptable frame type 3-174, 4-200Access Control List See ACLACLExtended IP 3-98, 4-113, 4-114, 4-11

INDEXIndex-2HTTPS 3-74, 4-41HTTPS, secure server 3-74, 4-41IIEEE 802.1D 3-145, 4-182IEEE 802.1w 3-145, 4-182IEEE 802.1x 4-104IGMPgroups, displaying 3-

INDEXIndex-34-156capabilities 3-111, 4-147duplex mode 3-111, 4-145flow control 3-111, 4-148speed 3-111, 4-145ports, configuring 3-108, 4-143ports, mir

INDEXIndex-4trunkconfiguration 3-113, 4-162LACP 3-117, 4-164static 3-115, 4-164Uupgrading software 3-25, 4-84user password 3-68, 4-35, 4-36VVLANs 3-16

20 MasonIrvine, CA 92618Phone: (949) 679-8000FOR TECHNICAL SUPPORT, CALL:From U.S.A. and Canada (24 hours a day, 7 days a week)(800) SMC-4-YOU; Phn: (

MAIN MENU3-7Port Security Configures per port security, including status, response for security breach, and maximum allowed MAC addresses3-86 802.1X 3

CONFIGURING THE SWITCH3-8Port Neighbors Information Displays settings and operational state for remote side3-127Port Broadcast Control Sets the broadc

MAIN MENU3-9Port Configuration Configures individual port settings for STA 3-157Trunk Configuration Configures individual trunk settings for STA3-157

CONFIGURING THE SWITCH3-10Trunk Configuration Sets the private VLAN interface type, and associates the interfaces with a private VLAN3-182Protocol VLA

MAIN MENU3-11IGMP Filter Configuration Enables multicast filtering; sets IGMP profiles3-210IGMP Immediate Leave Enables the immediate leave function

CONFIGURING THE SWITCH3-12Trunk Configuration Configures MVR interface type and immediate leave status3-227Group Member ConfigurationStatically assign

BASIC CONFIGURATION3-13Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location and

CONFIGURING THE SWITCH3-14Web – Click System, System Information. Specify the system name, location, and contact information for the system administra

BASIC CONFIGURATION3-15CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Inform

iiiCONTENTS1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Key Features . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-16• Internal Power Status – Displays the status of the internal power supply.Management Software•EPLD Version – Version number

BASIC CONFIGURATION3-17CLI – Use the following command to display version information.Displaying Bridge Extension CapabilitiesThe Bridge MIB includes

CONFIGURING THE SWITCH3-18• Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egre

BASIC CONFIGURATION3-19CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface for

CONFIGURING THE SWITCH3-20• IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configurat

BASIC CONFIGURATION3-21Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, set

CONFIGURING THE SWITCH3-22Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

BASIC CONFIGURATION3-23CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart” comm

CONFIGURING THE SWITCH3-24Web – Click System, Jumbo Frames.Figure 3-8. Enabling Jumbo FramesCLI – Specify the jumbo frame status.Managing FirmwareYou

BASIC CONFIGURATION3-25• TFTP Server IP Address – The IP address of a TFTP server.•File Type – Specify opcode (operational code) to copy firmware.• Fi

CONTENTSivManual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-26If you download to a new destination file, go to the System, File Management, Set Start-Up menu, mark the operation code fil

BASIC CONFIGURATION3-27Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server. The configurati

CONFIGURING THE SWITCH3-28• File Type – Specify config (configuration) to copy configuration file.•File Name — The configuration file name should not

BASIC CONFIGURATION3-29Note: You can also select any configuration file as the start-up configuration by using the System/File Management/Set Start-Up

CONFIGURING THE SWITCH3-30 Command Attributes• Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login atte

BASIC CONFIGURATION3-31Available in CLI only:•Password – Specifies a password for the line connection. When a connection is started on a line with pas

CONFIGURING THE SWITCH3-32CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curr

BASIC CONFIGURATION3-33• Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected wi

CONFIGURING THE SWITCH3-34CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display t

BASIC CONFIGURATION3-35Web – Click System, Log, Logs.Figure 3-16. Displaying LogsCLI – This example shows the event message stored in RAM.System Log

CONTENTSvGenerating the User Public Key Pair . . . . . . . . . . . . . . . . . 3-83Configuring Port Security . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-36Command Attributes• System Log Status – Enables/disables the logging of debug or error messages to the logging process. (Def

BASIC CONFIGURATION3-37Web – Click System, Log, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash

CONFIGURING THE SWITCH3-38to an appropriate service. The attribute specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type

BASIC CONFIGURATION3-39CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap.Simple Mail Transfer ProtocolS

CONFIGURING THE SWITCH3-40- Critical – Sends notification that a critical condition has occurred, such as memory allocation, or free memory error - r

BASIC CONFIGURATION3-41CLI – Enter the host ip address, followed by the mail severity level, source and destination email addresses and enter the send

CONFIGURING THE SWITCH3-42Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic up

BASIC CONFIGURATION3-43Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply.Figure 3-21. SNTP ConfigurationCLI –

CONFIGURING THE SWITCH3-44• Hours (0-13) – The number of hours before/after UTC.• Minutes (0-59) – The number of minutes before/after UTC.• Direction

SIMPLE NETWORK MANAGEMENT PROTOCOL3-45information controlled by the agent. SNMP defines both the format of the MIB specifications and the protocol use