SMC Networks SMC8612XL3 Manual de usuario

TigerSwitch 10/100/1000Gigabit Ethernet Switch◆ 12 1000BASE-X SFP ports◆ 4 RJ45 ports shared with 4 SFP transceiver slots◆ Non-blocking switching arch

CONTENTSxEnabling or Disabling GVRP (Global Setting) . . . . . . . . . . . 3-111Displaying Basic VLAN Information . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-46- Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (

USER AUTHENTICATION3-47CLI – Specify all the required parameters to enable logon authentication.Console(config)#authentication login radius3-93Console

CONFIGURING THE SWITCH3-48Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socke

USER AUTHENTICATION3-49Secure-site Certificate” on page 3-49. Command Attributes• HTTPS Status – Allows you to enable/disable the HTTPS server feature

CONFIGURING THE SWITCH3-50Caution:For maximum security, we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity.

USER AUTHENTICATION3-51Note: The switch supports both SSH Version 1.5 and 2.0.Command UsageThe SSH server on this switch supports both password and pu

CONFIGURING THE SWITCH3-52shown in the following example:1024 35 1341081685609893921040944920155425347631641921872958921143173880 05553616163105177594

USER AUTHENTICATION3-53Telnet sessions and SSH sessions.Generating the Host Key PairA host public/private key pair is used to provide secure communica

CONFIGURING THE SWITCH3-54Web – Click Security, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host

USER AUTHENTICATION3-55Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status – Allo

CONTENTSxiConfiguring General DNS Server Parameters . . . . . . . . . . . . 3-150Configuring Static DNS Host to Address Entries . . . . . . . . .

CONFIGURING THE SWITCH3-56CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that th

USER AUTHENTICATION3-57intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message.To use

CONFIGURING THE SWITCH3-58- Shutdown: Disable the port.- Trap and Shutdown: Send an SNMP trap message and disable the port.• Status – Enables or disab

USER AUTHENTICATION3-59CLI – This example sets the command mode to Port 5, sets the port security action to send a trap and disable the port, and spec

CONFIGURING THE SWITCH3-60Configuring 802.1x Port Authentication Network switches can provide open and easy access to network resources by simply atta

USER AUTHENTICATION3-61certificate. The RADIUS server verifies the client credentials and responds with an accept or reject packet. If authentication

CONFIGURING THE SWITCH3-62• dot1x Max Request Count – The maximum number of times the switch port will retransmit an EAP request packet to the client

USER AUTHENTICATION3-63CLI – This example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the

CONFIGURING THE SWITCH3-64Configuring 802.1x Global SettingsThe dot1x protocol includes global parameters that control the client authentication proce

USER AUTHENTICATION3-65Web – Select Security, 802.1x, Configuration. Enable dot1x globally for the switch, modify any of the parameters required, and

CONTENTSxiiDisplaying the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195Configuring the Routing Information Protocol . . . .

CONFIGURING THE SWITCH3-66Default: 5)• Mode – Sets the authentication mode to one of the following options:- Auto – Requires a dot1x-aware client to b

USER AUTHENTICATION3-67CLI – This example sets the authentication mode to enable 802.1x on port 2, and allows up to ten clients to connect to this por

CONFIGURING THE SWITCH3-68Tx EAP Req/Id The number of EAP Req/Id frames that have been transmitted by this Authenticator.Tx EAP Req/Oth The number of

USER AUTHENTICATION3-69Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the statistic

CONFIGURING THE SWITCH3-70Command Usage• The management interfaces are open to all IP addresses by default. Once you add an entry to a filter list, ac

USER AUTHENTICATION3-71Web – Click Security, IP Filter. Enter the addresses that are allowed management access to an interface, and click Add IP Filte

CONFIGURING THE SWITCH3-72Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 p

ACCESS CONTROL LISTS3-731.User-defined rules in the Egress MAC ACL for egress ports.2.User-defined rules in the Egress IP ACL for egress ports.3.User-

CONFIGURING THE SWITCH3-74CLI – This example creates a standard IP ACL named bill.Configuring a Standard IP ACLCommand Attributes• Action – An ACL can

ACCESS CONTROL LISTS3-75select “IP,” enter a subnet address and the mask for an address range. Then click Add.CLI – This example configures one permit

CONTENTSxiiiAccessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Console Connection . . . . . . . . . . . .

CONFIGURING THE SWITCH3-76(See the description for SubMask on page 3-74.)• Service Type – Packet priority settings based on the following criteria:- P

ACCESS CONTROL LISTS3-77Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any

CONFIGURING THE SWITCH3-78(3)Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Configuring a MAC ACLCom

ACCESS CONTROL LISTS3-79- Untagged-eth2 – Untagged Ethernet II packets.- Untagged-802.3 – Untagged Ethernet 802.3 packets.- Tagged-eth2 – Tagged Ether

CONFIGURING THE SWITCH3-80Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (A

ACCESS CONTROL LISTS3-81Configuring ACL MasksYou can specify optional masks that control the order in which ACL rules are checked. The switch includes

CONFIGURING THE SWITCH3-82Web – Click Security, ACL, ACL Mask Configuration. Click Edit for one of the basic mask types to open the configuration page

ACCESS CONTROL LISTS3-83match this bitmask. (See the description for SubMask on page 3-74.)• Protocol Bitmask – Check the protocol field.• Service Typ

CONFIGURING THE SWITCH3-84Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source

ACCESS CONTROL LISTS3-8510.1.1.1 255.255.255.255” rule has the higher precedence according the “mask host any” entry.Configuring a MAC ACL MaskThis ma

CONTENTSxivexit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23quit . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-86specific VLAN ID(s) or Ethernet type(s). Or check for rules where a packet format was specified. Then click Add.

ACCESS CONTROL LISTS3-87CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules

CONFIGURING THE SWITCH3-88• The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules

PORT CONFIGURATION3-89CLI – This examples assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2.Port ConfigurationDisplaying Co

CONFIGURING THE SWITCH3-90• Trunk Member1 – Shows if port is a trunk member. • Creation2 – Shows if a trunk is manually configured or dynamically set

PORT CONFIGURATION3-91• Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiation. (To access this item on the web

CONFIGURING THE SWITCH3-92mode.• Flow control type – Indicates the type of flow control currently in use.(IEEE 802.3x, Back-Pressure or none)CLI – Thi

PORT CONFIGURATION3-93Configuring Interface ConnectionsYou can use the Port Configuration or Trunk Configuration page to enable/disable an interface,

CONFIGURING THE SWITCH3-94stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-du

PORT CONFIGURATION3-95Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.CLI – Selec

CONTENTSxvSMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46logging sendmail host . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-96Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk of

PORT CONFIGURATION3-97• When configuring static trunks on switches of different types, they must be compatible with the Cisco EtherChannel standard.•

CONFIGURING THE SWITCH3-98and click Add. After you have completed adding ports to the member list, click Apply.

PORT CONFIGURATION3-99CLI – This example creates trunk 2 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to

CONFIGURING THE SWITCH3-100assigned the next available trunk ID. • If more than four ports attached to the same target switch have LACP enabled, the a

PORT CONFIGURATION3-101CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another swit

CONFIGURING THE SWITCH3-102Note – If the port channel admin key (lacp admin key, page 3-26) is not set (through the CLI) when a channel group is forme

PORT CONFIGURATION3-103Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

CONFIGURING THE SWITCH3-104CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; port

PORT CONFIGURATION3-105Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.CLI – The foll

CONTENTSxviradius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69radius-server timeout . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-106Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for

PORT CONFIGURATION3-107Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.LACP Port Pri

CONFIGURING THE SWITCH3-108CLI – The following example displays the LACP configuration settings and operational state for the local side of port chann

PORT CONFIGURATION3-109Neighbor Configuration Information Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the cor

CONFIGURING THE SWITCH3-110CLI – The following example displays the LACP configuration settings and operational state for the remote side of port chan

PORT CONFIGURATION3-111Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if application

CONFIGURING THE SWITCH3-112CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and t

PORT CONFIGURATION3-113Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then att

CONFIGURING THE SWITCH3-114CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port. N

PORT CONFIGURATION3-115Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or received

CONTENTSxviiMAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97access-list mac . . . . . . . . . . . .

CONFIGURING THE SWITCH3-116Web - Click Rate Limit, Input/Output Port/Trunk Configuration. Set the Input Rate Limit Status or Output Rate Limit Status,

PORT CONFIGURATION3-117since the last system reboot, and are shown as counts per second. Statistics are refreshed every 60 seconds by default.Note: RM

CONFIGURING THE SWITCH3-118Transmit Multicast Packets The total number of packets that higher-level protocols requested be transmitted, and which were

PORT CONFIGURATION3-119Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmi

CONFIGURING THE SWITCH3-120Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

PORT CONFIGURATION3-121

CONFIGURING THE SWITCH3-122CLI – This example shows statistics for port 12.Address Table SettingsSwitches store the addresses for all known devices. T

ADDRESS TABLE SETTINGS3-123Command Attributes• Static Address Counts* – The number of manually configured addresses.• Current Static Address Table – L

CONFIGURING THE SWITCH3-124CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.Displayi

ADDRESS TABLE SETTINGS3-125CLI – This example also displays the address table entries for port 1.Changing the Aging TimeYou can set the aging time for

CONTENTSxviiidns-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121next-server . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-126CLI – This example sets the aging time to 400 seconds.Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (ST

SPANNING TREE ALGORITHM CONFIGURATION3-127therefore only forwarded between root ports and designated ports, eliminating any possible network loops.Onc

CONFIGURING THE SWITCH3-128• Max Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to

SPANNING TREE ALGORITHM CONFIGURATION3-129These additional parameters are only displayed for the CLI:• Spanning tree mode – Specifies the type of span

CONFIGURING THE SWITCH3-130• Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall b

SPANNING TREE ALGORITHM CONFIGURATION3-131CLI – This command displays global STA settings, followed by settings for each port. Note: The current root

CONFIGURING THE SWITCH3-132- STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switc

SPANNING TREE ALGORITHM CONFIGURATION3-133Root Device Configuration• Hello Time – Interval (in seconds) at which the root device transmits a configura

CONFIGURING THE SWITCH3-134between devices. The path cost method is used to determine the range of values that can be assigned to each interface. • Lo

SPANNING TREE ALGORITHM CONFIGURATION3-135Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.

CONTENTSxixport monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147show port monitor . . . . . . . . . . . .

CONFIGURING THE SWITCH3-136CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters. D

SPANNING TREE ALGORITHM CONFIGURATION3-137- All ports are discarding when the switch is booted, then some of them change state to learning, and then t

CONFIGURING THE SWITCH3-138(STA Port Information only)These additional parameters are only displayed for the CLI:• Admin status – Shows if this interf

SPANNING TREE ALGORITHM CONFIGURATION3-139an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the

CONFIGURING THE SWITCH3-140Web – Click Spanning Tree, STA, Port Information or STA Trunk Information.CLI – This example shows the STA attributes for p

SPANNING TREE ALGORITHM CONFIGURATION3-141Command AttributesThe following attributes are read-only and cannot be changed:• STA State – Displays curren

CONFIGURING THE SWITCH3-142ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over por

SPANNING TREE ALGORITHM CONFIGURATION3-143Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to for

CONFIGURING THE SWITCH3-1441-4094)Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance p

SPANNING TREE ALGORITHM CONFIGURATION3-145CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-t

CONTENTSxxspanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175spanning-tree link-type . . . . . . . . . . . .

CONFIGURING THE SWITCH3-146CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. Displaying Interface Settings for MSTPThe

SPANNING TREE ALGORITHM CONFIGURATION3-147IST (page 3-127), the settings for other instances only apply to the local spanning tree. Console#show spann

CONFIGURING THE SWITCH3-148Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance using the MSTP Port

SPANNING TREE ALGORITHM CONFIGURATION3-149the best path between devices. Therefore, lower values should be assigned to ports attached to faster media,

CONFIGURING THE SWITCH3-150VLAN ConfigurationOverviewIn large networks, routers are used to isolate broadcast traffic for each subnet into separate do

VLAN CONFIGURATION3-151• Priority tagging Assigning Ports to VLANsBefore enabling VLANs for the switch, you must first assign each port to the VLAN gr

CONFIGURING THE SWITCH3-152Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN g

VLAN CONFIGURATION3-153GVRP on the boundary ports to prevent advertisements from being propagated, or forbid those ports from joining restricted VLANs

CONFIGURING THE SWITCH3-154from a VLAN-unaware device, it first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress

VLAN CONFIGURATION3-155VLANs that can be configured on this switch. * Web OnlyWeb – Click VLAN, 802.1Q VLAN, Basic Information.CLI – Enter the followi

CONTENTSxxiPriority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198switchport priority default . . . . . . . . . . . .

CONFIGURING THE SWITCH3-156- Permanent: Added as a static entry.• Egress Ports – Shows all the VLAN port members.• Untagged Ports – Shows the untagged

VLAN CONFIGURATION3-157CLI – Current VLAN information can be displayed with the following command.Console#show vlan id 13-64VLAN Type Name S

CONFIGURING THE SWITCH3-158Creating VLANsUse the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on

VLAN CONFIGURATION3-159CLI – This example creates a new VLAN.Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port me

CONFIGURING THE SWITCH3-160• Name – Name of the VLAN (1 to 32 characters).• Status – Enables or disables the specified VLAN. - Enable: VLAN is operati

VLAN CONFIGURATION3-161Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if req

CONFIGURING THE SWITCH3-162• Non-Member – VLANs for which the selected interface is not a tagged member.

VLAN CONFIGURATION3-163Web – Open VLAN, 802.1Q VLAN, Static Membership. Select an interface from the scroll-down box (Port or Trunk). Click Query to d

CONFIGURING THE SWITCH3-164bridged LAN. The default values for the GARP timers are independent of the media access method or data rate. These values s

VLAN CONFIGURATION3-165must be globally enabled for the switch before this setting can take effect. (See “Displaying Bridge Extension Capabilities” on

CONTENTSxxiiip igmp query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222ip igmp max-resp-interval . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-166* Timer settings must follow this rule: 2 x (join timer) < leave timer < leaveAll timerWeb – Click VLAN, 802.1Q VLAN,

VLAN CONFIGURATION3-167Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. Data t

CONFIGURING THE SWITCH3-168Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports

VLAN CONFIGURATION3-169port, its VLAN membership can then be determined based on the protocol type being used by the inbound packets.Command UsageTo c

CONFIGURING THE SWITCH3-170 CLI – The following creates protocol group 1, and then specifies Ethernet frames with IP and ARP protocol types. Mapping

VLAN CONFIGURATION3-171Command Attributes• Interface – Port or trunk identifier.• Protocol Group ID – Group identifier of this protocol group. (Range:

CONFIGURING THE SWITCH3-172Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedence when

CLASS OF SERVICE CONFIGURATION3-173* CLI displays this information as “Priority for untagged traffic.”Web – Click Priority, Default Port Priority or D

CONFIGURING THE SWITCH3-174Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using eight prio

CLASS OF SERVICE CONFIGURATION3-175priorities to the traffic classes (i.e., output queues) for the selected interface, then click Apply.CLI – The foll

CONTENTSxxiiiip rip authentication mode . . . . . . . . . . . . . . . . . . . . . . . . 4-246show rip globals . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-176Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

CLASS OF SERVICE CONFIGURATION3-177described in “Mapping CoS Values to Egress Queues” on page 3-174, the traffic classes are mapped to one of the eigh

CONFIGURING THE SWITCH3-178CLI – The following example shows how to assign WRR weights to each of the priority queues.Console(config)#queue bandwidth

CLASS OF SERVICE CONFIGURATION3-179Mapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of prioritizing layer 3/4 tra

CONFIGURING THE SWITCH3-180CLI – The following example enables IP Precedence service on the switch.Console(config)#map ip precedence3-88Console(config

CLASS OF SERVICE CONFIGURATION3-181Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eig

CONFIGURING THE SWITCH3-182Web – Click Priority, IP Precedence Priority. Select an entry from the IP Precedence Priority Table, enter a value in the C

CLASS OF SERVICE CONFIGURATION3-183Mapping DSCP PriorityThe DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DS

CONFIGURING THE SWITCH3-184CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port

CLASS OF SERVICE CONFIGURATION3-185Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port numbe

CONTENTSxxivGeneral Multicast Routing Commands . . . . . . . . . . . . . . . . . 4-282ip multicast-routing . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-186* Mapping specific values for IP Port Priority is implemented as an interface configuration command, but any changes will a

CLASS OF SERVICE CONFIGURATION3-187queue; it is not written to the packet itself. For information on mapping the CoS values to output queues, see page

CONFIGURING THE SWITCH3-188CLI – This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 1.Changing Priori

CLASS OF SERVICE CONFIGURATION3-189Command Attributes• Port – Port identifier.•Name* – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – I

CONFIGURING THE SWITCH3-190CLI – This example changes the DSCP priority for packets matching an IP ACL rule, and the 802.1p priority for packets match

MULTICAST FILTERING3-191continue to receive the multicast service. This procedure is called multicast filtering. The purpose of IP multicast filtering

CONFIGURING THE SWITCH3-192Note that IGMP neither alters nor routes IP multicast packets. A multicast routing protocol must be used to deliver IP mult

MULTICAST FILTERING3-193IGMP Query (Layer 2 or 3) – IGMP Query can only be enabled globally at Layer 2, but can be enabled for individual VLAN interfa

CONFIGURING THE SWITCH3-194is also referred to as IGMP Snooping. (Default: Enabled)• Act as IGMP Querier — When enabled, the switch can serve as the Q

MULTICAST FILTERING3-195CLI – This example modifies the settings for multicast filtering, and then displays the current status.Displaying Interfaces A

CONTENTSxxvshow vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-305show vrrp interface . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-196You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multic

MULTICAST FILTERING3-197interface (port or trunk) on your switch, you can manually configure the interface (and a specified VLAN) to join all the curr

CONFIGURING THE SWITCH3-198Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multica

MULTICAST FILTERING3-199The Type field shows if this entry was learned dynamically or was statically configured.Assigning Ports to Multicast Services

CONFIGURING THE SWITCH3-200multicast router), indicate the VLAN that will propagate the multicast service, specify the multicast IP address, and click

MULTICAST FILTERING3-201Layer 3 IGMP – This protocol includes a form of multicast query specifically designed to work with multicast routing. A router

CONFIGURING THE SWITCH3-202(Range: 1-4094)• IGMP Protocol Status (Admin Status) – Enables IGMP on a VLAN interface. (Default: Disabled)• Last Member Q

MULTICAST FILTERING3-203specific multicast service. Only the designated multicast router for a subnet sends host query messages, which are addressed t

CONFIGURING THE SWITCH3-204Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP paramet

MULTICAST FILTERING3-205Displaying Multicast Group InformationWhen IGMP (Layer 3) is enabled on this switch the current multicast groups learned via I

CONTENTSxxvi

CONFIGURING THE SWITCH3-206CLI – The following shows the IGMP groups currently active on VLAN 1.Configuring Domain Name ServiceThe Domain Naming Syste

CONFIGURING DOMAIN NAME SERVICE3-207DNS client (i.e., not formatted with dotted notation), you can specify a default domain name or a list of domain n

CONFIGURING THE SWITCH3-208Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name serv

CONFIGURING DOMAIN NAME SERVICE3-209CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specif

CONFIGURING THE SWITCH3-210• Alias – Displays the host names that are mapped to the same address(es) as a previously configured entry.Web – Select DNS

CONFIGURING DOMAIN NAME SERVICE3-211CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses.

CONFIGURING THE SWITCH3-212Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name servers.Fie

DYNAMIC HOST CONFIGURATION PROTOCOL3-213CLI - This example displays all the resource records learned from the designated name servers.Dynamic Host Con

CONFIGURING THE SWITCH3-214Configuring DHCP Relay ServiceThis switch supports DHCP relay service for attached host devices. If DHCP relay is enabled,

DYNAMIC HOST CONFIGURATION PROTOCOL3-215Web – Click DHCP, Relay Configuration. Enter up to five IP addresses for any VLAN, then click Restart DHCP Rel

1-1CHAPTER 1INTRODUCTIONThe TigerSwitch 10/100/1000 provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a manage

CONFIGURING THE SWITCH3-216be assigned to hosts based on the client identifier code or MAC address.Command Usage • First configure any excluded addres

DYNAMIC HOST CONFIGURATION PROTOCOL3-217Web – Click DHCP, Server, General. Enter a single address or an address range, and click Add. CLI – This examp

CONFIGURING THE SWITCH3-218address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server). If t

DYNAMIC HOST CONFIGURATION PROTOCOL3-219• Subnet Mask – Specifies the network mask of the client.• Hardware Address – Specifies the MAC address and pr

CONFIGURING THE SWITCH3-220ExamplesCreating a New Address PoolWeb – Click DHCP, Server, Pool Configuration. Specify a pool name, then click Add.CLI –

DYNAMIC HOST CONFIGURATION PROTOCOL3-221Configuring a Network Address PoolWeb – Click DHCP, Server, Pool Configuration. Click the Configure button for

CONFIGURING THE SWITCH3-222Configuring a Host Address PoolWeb – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Clic

DYNAMIC HOST CONFIGURATION PROTOCOL3-223CLI – This example configures a host address pool.Displaying Address BindingsYou can display the host devices

CONFIGURING THE SWITCH3-224Web – Click DHCP, Server, IP Binding. You may use the Delete button to clear an address from the DHCP server’s database.CLI

CONFIGURING ROUTER REDUNDANCY3-225Configuring Router RedundancyRouter redundancy protocols use a virtual IP address to support a primary router and mu

INTRODUCTION1-2Rate Limiting Input and output rate limiting per portPort Mirroring One or more ports mirrored to single analysis portPort Trunking Sup

CONFIGURING THE SWITCH3-226• Several virtual master routers using the same set of backup routers.• Several virtual master routers configured for mutua

CONFIGURING ROUTER REDUNDANCY3-227Configuring VRRP GroupsTo configure VRRP, select an interface on one router in the group to serve as the master virt

CONFIGURING THE SWITCH3-228fails. However, because the priority of the virtual IP address Owner is the highest, the original master router will always

CONFIGURING ROUTER REDUNDANCY3-229• Preemption – Shows if this router is allowed to preempt the acting master.•Priority – Priority of this router in t

CONFIGURING THE SWITCH3-230Command Attributes (VRRP Group Configuration Detail)• Associated IP Table – IP interfaces associated with this virtual rout

CONFIGURING ROUTER REDUNDANCY3-231- The priority for the VRRP group address owner is automatically set to 255.- The priority for backup routers is use

CONFIGURING THE SWITCH3-232Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add.Click the Edit bu

CONFIGURING ROUTER REDUNDANCY3-233IP address into the Associated IP Table. Then set any of the other parameters as required, and click Apply.CLI – Thi

CONFIGURING THE SWITCH3-234VRRP group, sets all of the other VRRP parameters, and then displays the configured settings.Displaying VRRP Global Statist

CONFIGURING ROUTER REDUNDANCY3-235Web – Click IP, VRRP, Global Statistics.CLI – This example displays counters for protocol errors for all the VRRP gr

DESCRIPTION OF SOFTWARE FEATURES1-3Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow c

CONFIGURING THE SWITCH3-236not pass the authentication check.• Error IP TTL Packets – Number of VRRP packets received by the virtual router with IP TT

CONFIGURING ROUTER REDUNDANCY3-237Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group.CLI – This example displays VRRP pr

CONFIGURING THE SWITCH3-238Configuring HSRP GroupsTo configure HSRP, assign the same virtual router address to each router in the group. Set the highe

CONFIGURING ROUTER REDUNDANCY3-239for HSRP such as authentication, tracking, or advertisement interval, then first configure these parameters before e

CONFIGURING THE SWITCH3-240sends other messages indicating that it is no longer acting as the designated router.• You can add a delay to the preempt f

CONFIGURING ROUTER REDUNDANCY3-241- HSRP advertisements from the master and standby virtual router include information about their priority, timer val

CONFIGURING THE SWITCH3-242to the string configured on this router. If the strings match, the message is accepted. Otherwise, the packet is discarded.

CONFIGURING ROUTER REDUNDANCY3-243Click the Edit button for a group entry to open the detailed configuration window. Set the values for the advertisem

CONFIGURING THE SWITCH3-244the corresponding value by which to adjust the priority when the interface state changes. Then click Apply.

CONFIGURING ROUTER REDUNDANCY3-245CLI – This example creates HSRP group 1, sets the virtual router’s address, adds a secondary IP address to the group

38 TeslaIrvine, CA 92618Phone: (949) 679-8000TigerSwitch 10/100/1000Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsOctob

INTRODUCTION1-4by used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to speci

CONFIGURING THE SWITCH3-246IP RoutingOverviewThis switch supports IP routing and routing path management via static routing definitions (page 3-269) a

IP ROUTING3-247IP SwitchingIP Switching (or packet forwarding) encompasses tasks required to forward packets for both Layer 2 and Layer 3, as well as

CONFIGURING THE SWITCH3-248However, if the MAC address is not yet known to the switch, an Address Resolution Protocol (ARP) packet with the destinatio

IP ROUTING3-249calculated only during setup. Once the route has been determined, all packets in the current flow are simply switched or forwarded acro

CONFIGURING THE SWITCH3-250OSPFv2 Dynamic Routing ProtocolOSPF overcomes all the problems of RIP. It uses a link state routing protocol to generate a

IP ROUTING3-251- This command affects both static and dynamic unicast routing.- If IP routing is enabled, all IP packets are routed using either stati

CONFIGURING THE SWITCH3-252Configuring IP Routing InterfacesYou can specify the IP subnets connected to this router by manually assigning an IP addres

IP ROUTING3-253- If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the address server. Requests will be broadcast pe

CONFIGURING THE SWITCH3-254Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnet

IP ROUTING3-255Address Resolution Protocol If IP routing is enabled (page 3-250), the router uses its routing tables to make routing decisions, and us

DESCRIPTION OF SOFTWARE FEATURES1-5redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 6 trunks.Broadcast

CONFIGURING THE SWITCH3-256Proxy ARPWhen a node in the attached subnetwork does not have routing or a default gateway configured, Proxy ARP can be use

IP ROUTING3-257Command Attributes• Timeout – Sets the aging time for dynamic entries in the ARP cache. (Range: 300 - 86400 seconds; Default: 1200 seco

CONFIGURING THE SWITCH3-258can only remove a static entry via the configuration interface.Command Attributes• IP Address – IP address statically mappe

IP ROUTING3-259Command Attributes• IP Address – IP address of a dynamic entry in the cache. • MAC Address – MAC address mapped to the corresponding IP

CONFIGURING THE SWITCH3-260CLI - This example shows all entries in the ARP cache.Displaying Local ARP EntriesThe ARP cache also contains entries for l

IP ROUTING3-261Web - Click IP, ARP, Other Addresses.CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP c

CONFIGURING THE SWITCH3-262Web - Click IP, ARP, Statistics.CLI - This example provides detailed statistics on common IP-related protocols.Sent Request

IP ROUTING3-263Displaying Statistics for IP ProtocolsIP StatisticsThe Internet Protocol (IP) provides a mechanism for transmitting blocks of data (oft

CONFIGURING THE SWITCH3-264Datagrams Failing FragmentationThe number of datagrams that have been discarded because they needed to be fragmented at thi

IP ROUTING3-265Web - Click IP, Statistics, IP.CLI - See the example on page 3-261.ICMP StatisticsInternet Control Message Protocol (ICMP) is a network

INTRODUCTION1-6paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any

CONFIGURING THE SWITCH3-266Destination Unreachable The number of ICMP Destination Unreachable messages received/sent.Time Exceeded The number of ICMP

IP ROUTING3-267Web - Click IP, Statistics, ICMP.CLI - See the example on page 3-261.UDP StatisticsUser Datagram Protocol (UDP) provides a datagram mod

CONFIGURING THE SWITCH3-268Web - Click IP, Statistics, UDP.CLI - See the example on page 3-261.TCP StatisticsThe Transmission Control Protocol (TCP) p

IP ROUTING3-269Web - Click IP, Statistics, TCP.CLI - See the example on page 3-261.Configuring Static RoutesThis router can dynamically configure rout

CONFIGURING THE SWITCH3-270required to access network segments where dynamic routing is not supported, or can be set to force the use of a specific ro

IP ROUTING3-271Web - Click IP, Routing, Static Routes.CLI - This example forwards all traffic for subnet 192.168.1.0 to the router 192.168.5.254, usin

CONFIGURING THE SWITCH3-272• Netmask – Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to speci

IP ROUTING3-273Configuring the Routing Information ProtocolThe RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance

CONFIGURING THE SWITCH3-274• There are several serious problems with RIP that you should consider. First of all, RIP (version 1) has no knowledge of s

IP ROUTING3-275- The timers must be set to the same values for all routers in the network.Command AttributesGlobal Settings• RIP Routing Process – Ena

DESCRIPTION OF SOFTWARE FEATURES1-7except where a connection is explicitly defined via the switch’s routing service.• Use private VLANs to restrict tr

CONFIGURING THE SWITCH3-276Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset in

IP ROUTING3-2770 - 127 is class A, and only the first field in the network address is used.128 - 19 is class B, and the first two fields in the networ

CONFIGURING THE SWITCH3-278message type sent (i.e., RIP version or compatibility mode), the method for preventing loopback of protocol messages, and w

IP ROUTING3-279retransmission of data traffic. When protocol packets are caught in a loop, links will be congested, and protocol packets may be lost.

CONFIGURING THE SWITCH3-280• Send Version – The RIP version to send on an interface.- RIPv1: Sends only RIPv1 packets.- RIPv2: Sends only RIPv2 packet

IP ROUTING3-281Web - Click Routing Protocol, RIP, Interface Settings. Select the RIP protocol message types that will be received and sent, the method

CONFIGURING THE SWITCH3-282RIP Information and Statistics Parameter DescriptionGlobalsRIP Routing Process Indicates if RIP has been enabled or disable

IP ROUTING3-283Web - Click Routing Protocol, RIP, Statistics.

CONFIGURING THE SWITCH3-284CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the f

IP ROUTING3-285Configuring the Open Shortest Path First ProtocolOpen Shortest Path First (OSPF) is more suited for large area networks which experienc

INTRODUCTION1-8OSPF – This approach uses a link state routing protocol to generate a shortest-path tree, then builds up its routing table based on thi

CONFIGURING THE SWITCH3-286Command Usage• OSPF looks at more than just the simple hop count. When adding the shortest path to any node into the tree,

IP ROUTING3-287- And finally, you must specify a virtual link to any OSPF area that is not physically attached to the OSPF backbone. Virtual links can

CONFIGURING THE SWITCH3-288systems to which it may be attached. If a router is enabled as an ASBR, then every other router in the autonomous system ca

IP ROUTING3-289or static configuration, and such a route is known. (See “Redistributing External Routes” on page 3-310.)• External Metric Type 2 – The

CONFIGURING THE SWITCH3-290Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global p

IP ROUTING3-291Configuring OSPF AreasAn autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default,

CONFIGURING THE SWITCH3-292• By default, a stub can only pass traffic to other areas in the autonomous system via the default external route. However,

IP ROUTING3-293Command Usage• Before you create a stub or NSSA, first specify the address range for an area using the Network Area Address Configurati

CONFIGURING THE SWITCH3-294Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for th

IP ROUTING3-295Configuring Area Ranges (Route Summarization for ABRs)An OSPF area can include a large number of nodes. If the Area Border Router (ABR)

DESCRIPTION OF SOFTWARE FEATURES1-9Multicast Routing – Routing for multicast packets is supported by the Distance Vector Multicast Routing Protocol (D

CONFIGURING THE SWITCH3-296Command Attributes• Area ID – Identifies an area for which the routes are summarized. (The area ID must be in the form of a

IP ROUTING3-297The configured summary route is shown in the list of information displayed for area 1.Configuring OSPF InterfacesYou should specify a r

CONFIGURING THE SWITCH3-298• Designated Router – Designated router for this area.• Backup Designated Router – Designated backup router for this area.•

IP ROUTING3-299- The transmit delay must be the same for all routers in an autonomous system.- On slow links, the router may send packets more quickly

CONFIGURING THE SWITCH3-300- Routes are subsequently assigned a metric equal to the sum of all metrics for each interface link in the route.• Authenti

IP ROUTING3-301- Normally, only one key is used per interface to generate authentication information for outbound packets and to authenticate incoming

CONFIGURING THE SWITCH3-302Change any of the interface-specific protocol parameters, and then click Apply.CLI - This example configures the interface

IP ROUTING3-303Configuring Virtual LinksAll OSPF areas must connect to the backbone. If an area does not have a direct physical connection to the back

CONFIGURING THE SWITCH3-304Note: This router supports up 64 virtual links. Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a

IP ROUTING3-305CLI - This example configures a virtual link from the ABR adjacent to area 0.0.0.4, through a transit area to the neighbor router 10.1.

INTRODUCTION1-10System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch d

CONFIGURING THE SWITCH3-306• An area must be assigned a range of subnetwork addresses. This area and the corresponding address range forms a routing i

IP ROUTING3-307other areas in your network, configure an area for all of the other OSPF interfaces, then click Apply.

CONFIGURING THE SWITCH3-308CLI - This example configures the backbone area and one transit area.Configuring Summary Addresses (for External AS Routes)

IP ROUTING3-309• Netmask – Network mask for the summary route.Note: This router supports up 16 Type-5 summary routes. Web - Click Routing Protocol, OS

CONFIGURING THE SWITCH3-310Redistributing External RoutesYou can configure this router to import external routing information from other routing proto

IP ROUTING3-311• Redistribute Metric Type – Indicates the method used to calculate external route costs. (Options: Type 1, Type 2; Default: Type 1)• R

CONFIGURING THE SWITCH3-312ABR. (For a detailed description of NSSA areas, refer to “Configuring OSPF Areas” on page 3-291.)Command Attributes• Area I

IP ROUTING3-313Web - Click Routing Protocol, OSPF, NSSA Settings. Create a new NSSA or modify the routing behavior for an existing NSSA, and click App

CONFIGURING THE SWITCH3-314The full database is exchanged between neighboring routers as soon as a new router is discovered. Afterwards, any changes t

IP ROUTING3-315- A Router ID for Router, Network, and Type 4 AS Summary LSAs.• Self-Originate – Shows LSAs originated by this router.• LS Type – LSA T

SYSTEM DEFAULTS1-11SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabledLink-up-down events: enabledI

CONFIGURING THE SWITCH3-316Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display, t

IP ROUTING3-317• Type – Router type of the destination; either ABR, ASBR or both.• Rte Type – Route type; either intra-area or interarea route (INTRA

CONFIGURING THE SWITCH3-318• Priority – Neighbor’s router priority.• State – OSPF state and identification flag. States include:- Down – Connection do

MULTICAST ROUTING3-319neighbors.Multicast RoutingThis router can route multicast traffic to different subnetworks using either Distance Vector Multica

CONFIGURING THE SWITCH3-320(page 3-324) or PIM (page 3-335), and specify the interfaces that will participate (page 3-329 or 3-336). Note that you can

MULTICAST ROUTING3-321Displaying the Multicast Routing TableYou can display information on each multicast route this router has learned via DVMRP or P

CONFIGURING THE SWITCH3-322Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry.

MULTICAST ROUTING3-323CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multicast so

CONFIGURING THE SWITCH3-324looping and determine the shortest path to the source of this multicast traffic. When this router receives the multicast me

MULTICAST ROUTING3-325Command Usage

INTRODUCTION1-12Virtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledSwitchport Mode (Egress Mode)Hybrid: tagged/untagg

CONFIGURING THE SWITCH3-326Broadcasting periodically floods the sourcefloodingpotentialhostspruningsourcegraftingsource

MULTICAST ROUTING3-327network with traffic from any active multicast server. If IGMP snooping is disabled, multicast traffic is flooded to all ports o

CONFIGURING THE SWITCH3-328neighbors are still active members of the multicast tree. (Range: 1-65535 seconds; Default: 10 seconds)• Neighbor Timeout I

MULTICAST ROUTING3-329Web – Click Routing Protocol, DVMRP, General Settings. Enable or disable DVMRP. Set the global parameters that control neighbor

CONFIGURING THE SWITCH3-330(page 3-324), and also enable DVMRP for each interface that will participate in multicast routing. Command AttributesDVMRP

MULTICAST ROUTING3-331Web – Click Routing Protocol, DVMRP, Interface Settings. Select a VLAN from the drop-down box under DVMRP Interface Settings, mo

CONFIGURING THE SWITCH3-332upstream neighbor.• Up time – The time since this device last became a DVMRP neighbor to this router.• Expire – The time re

MULTICAST ROUTING3-333CLI – This example displays the only neighboring DVMRP router.Displaying the Routing TableThe router learns source-routed inform

CONFIGURING THE SWITCH3-334• Expire – The time remaining before this entry will be aged out.Web – Click Routing Protocol, DVMRP, DVMRP Routing Table.

MULTICAST ROUTING3-335same interface used for routing unicast packets to the multicast source network. If it is not, the router drops the packet and s

SYSTEM DEFAULTS1-13Router RedundancyHSRP DisabledVRRP DisabledMulticast Filtering IGMP Snooping (Layer 2) Snooping: EnabledQuerier: DisabledIGMP (Laye

CONFIGURING THE SWITCH3-336CLI – This example enables PIM-DM globally and displays the current status.Configuring PIM-DM Interface SettingsTo fully en

MULTICAST ROUTING3-337transmitted. Hello messages are sent to neighboring PIM routers from which this device has received probes, and are used to veri

CONFIGURING THE SWITCH3-338acknowledgement message is lost, the router that sent the graft message will resend it a maximum number of times as defined

MULTICAST ROUTING3-339CLI – This example sets the PIM-DM protocol parameters for VLAN 2, and displays the current settings.Displaying Interface Inform

CONFIGURING THE SWITCH3-340Web – Click Routing Protocol, PIM-DM, Interface Information.CLI – This example shows the PIM-DM interface summary for VLAN

MULTICAST ROUTING3-341Web – Click Routing Protocol, PIM-DM, Neighbor Information.CLI – This example displays the only neighboring PIM-DM router.Consol

CONFIGURING THE SWITCH3-342

4-1CHAPTER 4COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the CLI

COMMAND LINE INTERFACE4-2After connecting to the system through the console port, the login screen displays:Telnet ConnectionTelnet operates over the

USING THE COMMAND LINE INTERFACE4-3After you configure the switch with an IP address, you can open a Telnet session by performing these steps:1. From

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

INTRODUCTION1-14

COMMAND LINE INTERFACE4-4Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords

ENTERING COMMANDS4-5Command CompletionIf you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to th

COMMAND LINE INTERFACE4-6Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current

ENTERING COMMANDS4-7The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword wi

COMMAND LINE INTERFACE4-8Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display in

ENTERING COMMANDS4-9console session with the user name and password “admin.” The system will now display the “Console#” command prompt. You can also e

COMMAND LINE INTERFACE4-10packet filtering.• DHCP Configuration - These commands are used to configure the DHCP server.• Interface Configuration - The

ENTERING COMMANDS4-11To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return t

COMMAND LINE INTERFACE4-12Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain e

COMMAND GROUPS4-13Command GroupsThe system commands can be broken down into the functional groups shown below.Command Group Description PageLine Sets

2-1CHAPTER 2INITIAL CONFIGURATIONConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent offer

COMMAND LINE INTERFACE4-14Address Table Configures the address table for filtering specified addresses, displays current entries, clears the table, o

LINE COMMANDS4-15The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) VC (VLAN Database Configuration)

COMMAND LINE INTERFACE4-16lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

LINE COMMANDS4-17Related Commandsshow line (3-26)show users (3-83)loginThis command enables password checking at login. Use the no form to disable pas

COMMAND LINE INTERFACE4-18• This command controls login authentication via the switch itself. To configure user names and passwords for remote authent

LINE COMMANDS4-19password before the system terminates the line connection and returns the terminal to the idle state.• The encrypted password is requ

COMMAND LINE INTERFACE4-20• This command applies to both the local console and Telnet connections.• The timeout for Telnet cannot be disabled.Example

LINE COMMANDS4-21Example To set the password threshold to five attempts, enter this command:Related Commandssilent-time (3-21)silent-timeThis command

COMMAND LINE INTERFACE4-22databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use

LINE COMMANDS4-23parityThis command defines the generation of a parity bit. Use the no form to restore the default setting.Syntax parity {none | even

INITIAL CONFIGURATION2-2The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

COMMAND LINE INTERFACE4-24speedThis command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from te

LINE COMMANDS4-25Syntax stopbits {1 | 2}• 1 - One stop bit • 2 - Two stop bits Default Setting 1 stop bitCommand Mode Line Configuration Example To sp

COMMAND LINE INTERFACE4-26Related Commandsshow ssh (3-55)show users (3-83)show lineThis command displays the terminal line’s parameters.Syntax show li

GENERAL COMMANDS4-27General CommandsenableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, and cert

COMMAND LINE INTERFACE4-28Command ModeNormal ExecCommand Usage • “super” is the default password required to change the command mode from Normal Exec

GENERAL COMMANDS4-29Example Related Commands enable (3-27)configureThis command activates Global Configuration mode. You must enter this mode to modif

COMMAND LINE INTERFACE4-30Command Mode Normal Exec, Privileged ExecCommand Usage The history buffer size is fixed at 10 Execution commands and 10 Conf

GENERAL COMMANDS4-31command.Default Setting NoneCommand Mode Privileged ExecCommand Usage This command resets the entire system.Example This example s

COMMAND LINE INTERFACE4-32exitThis command returns to the previous configuration mode or exit the configuration program.Default Setting NoneCommand Mo

SYSTEM MANAGEMENT COMMANDS4-33Example This example shows how to quit a CLI session:System Management CommandsThese commands are used to control system

CONNECTING TO THE SWITCH2-3Required ConnectionsThe switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring

COMMAND LINE INTERFACE4-34Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Synta

SYSTEM MANAGEMENT COMMANDS4-35Syntax hostname nameno hostnamename - The name of this host. (Maximum length: 255 characters)Default Setting NoneCommand

COMMAND LINE INTERFACE4-36Syntax username name {access-level level | nopassword | password {0 | 7} password}no username name• name - The name of the u

SYSTEM MANAGEMENT COMMANDS4-37Example This example shows how the set the access level and password for a user.enable passwordAfter initially logging o

COMMAND LINE INTERFACE4-38configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.Example Related Co

SYSTEM MANAGEMENT COMMANDS4-39Default Setting All addressesCommand Mode Global ConfigurationCommand Usage • If anyone tries to access a management int

COMMAND LINE INTERFACE4-40• all-client - Adds IP address(es) to the SNMP, web and Telnet groups.• http-client - Adds IP address(es) to the web group.•

SYSTEM MANAGEMENT COMMANDS4-41Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no

COMMAND LINE INTERFACE4-42ip http serverThis command allows this device to be monitored or configured from a browser. Use the no form to disable this

SYSTEM MANAGEMENT COMMANDS4-43Command Usage • Both HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure th

INITIAL CONFIGURATION2-4Windows 2000 service packs. 2. Refer to “Line Commands” on page 4-15 for a complete description of console configuration optio

COMMAND LINE INTERFACE4-44copy tftp https-certificate (3-85)ip http secure-portThis command specifies the UDP port number used for HTTPS/SSL connectio

SYSTEM MANAGEMENT COMMANDS4-45Secure Shell CommandsThe Berkley-standard includes remote access tools originally designed for Unix systems. Some of the

COMMAND LINE INTERFACE4-46The SSH server on this switch supports both password and public key authentication. If password authentication is specified

SYSTEM MANAGEMENT COMMANDS4-47known hosts file on the management station and place the host public key in it. An entry for a public key in the known h

COMMAND LINE INTERFACE4-48c. If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the c

SYSTEM MANAGEMENT COMMANDS4-49Example Related Commandsip ssh crypto host-key generate (3-52)show ssh (3-55)ip ssh timeoutUse this command to configure

COMMAND LINE INTERFACE4-50Example Related Commandsexec-timeout (3-19)show ip ssh (3-54)ip ssh authentication-retriesUse this command to configure the

SYSTEM MANAGEMENT COMMANDS4-51ip ssh server-key sizeUse this command to set the SSH server key size. Use the no form to restore the default setting.Sy

COMMAND LINE INTERFACE4-52Command Mode Privileged ExecExample ip ssh crypto host-key generateUse this command to generate the host key pair (i.e., pub

SYSTEM MANAGEMENT COMMANDS4-53Related Commandsip ssh crypto zeroize (3-53)ip ssh save host-key (3-54)ip ssh crypto zeroizeUse this command to clear th

BASIC CONFIGURATION2-5Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a val

COMMAND LINE INTERFACE4-54ip ssh save host-keyUse this command to save host key from RAM to flash memory. Syntax ip ssh save host-key [dsa | rsa]• dsa

SYSTEM MANAGEMENT COMMANDS4-55show sshUse this command to display the current SSH server connections.Command Mode Privileged ExecExample Console#show

COMMAND LINE INTERFACE4-56show public-keyUse this command to show the public key for the specified user or for the host.Syntax show public-key [user [

SYSTEM MANAGEMENT COMMANDS4-57Command Mode Privileged ExecCommand Usage • If no parameters are entered, all keys are displayed. If the user keyword is

COMMAND LINE INTERFACE4-58Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to switch

SYSTEM MANAGEMENT COMMANDS4-59Example Related Commandslogging history (3-59)clear logging (3-62)logging historyThis command limits syslog messages sav

COMMAND LINE INTERFACE4-60• level - One of the level arguments listed below. Messages sent include the selected level down to level 0. (Range: 0-7)Def

SYSTEM MANAGEMENT COMMANDS4-61Syntax [no] logging host host_ip_addresshost_ip_address - The IP address of a syslog server.Default Setting NoneCommand

COMMAND LINE INTERFACE4-62Command Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect o

SYSTEM MANAGEMENT COMMANDS4-63Syntax clear logging [flash | ram]• flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event

INITIAL CONFIGURATION2-6those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully confi

COMMAND LINE INTERFACE4-64Default Setting NoneCommand Mode Privileged ExecExampleThe following example shows that system logging is enabled, the messa

SYSTEM MANAGEMENT COMMANDS4-65The following example displays settings for the trap function. Related Commandsshow logging sendmail (3-70)SMTP Alert Co

COMMAND LINE INTERFACE4-66logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMTP

SYSTEM MANAGEMENT COMMANDS4-67triggered if the switch cannot successfully open a connection.)Examplelogging sendmail levelThis command sets the severi

COMMAND LINE INTERFACE4-68logging sendmail source-emailThis command sets the email address used for the “From” field in alert messages.Syntaxlogging s

SYSTEM MANAGEMENT COMMANDS4-69Default Setting None Command Mode Global ConfigurationCommand Usage You can specify up to five recipients for alert mess

COMMAND LINE INTERFACE4-70show logging sendmailThis command displays the settings for the SMTP event handler.Command Mode Normal Exec, Privileged Exec

SYSTEM MANAGEMENT COMMANDS4-71sntp clientThis command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified wi

COMMAND LINE INTERFACE4-72Example Related Commandssntp server (3-72)sntp poll (3-73)sntp broadcast client (3-74)show sntp (3-75)sntp serverThis comman

SYSTEM MANAGEMENT COMMANDS4-73Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP clie

BASIC CONFIGURATION2-74. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Ente

COMMAND LINE INTERFACE4-74Example Related Commandssntp client (3-71)sntp broadcast clientThis command synchronizes the switch’s clock based on time br

SYSTEM MANAGEMENT COMMANDS4-75show sntpThis command displays the current time and configuration settings for the SNTP client, and indicates whether or

COMMAND LINE INTERFACE4-76Command Mode Global ConfigurationCommand Usage This command sets the local time zone relative to the Coordinated Universal T

SYSTEM MANAGEMENT COMMANDS4-77Command Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, February 1st, 2002.show

COMMAND LINE INTERFACE4-78System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile memory that is

SYSTEM MANAGEMENT COMMANDS4-79- VLAN database (VLAN ID, name and state)- VLAN configuration settings for each interface- Multiple spanning tree instan

COMMAND LINE INTERFACE4-80Default Setting NoneCommand Mode Privileged ExecCommand Usage • Use this command in conjunction with the show startup-config

SYSTEM MANAGEMENT COMMANDS4-81Example Related Commandsshow startup-config (3-78)Console#show running-configbuilding running-config, please wait...!!

COMMAND LINE INTERFACE4-82show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Usa

SYSTEM MANAGEMENT COMMANDS4-83show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.

INITIAL CONFIGURATION2-8• IP address for the switch • Default gateway for the network • Network mask for this network To assign an IP address to the s

COMMAND LINE INTERFACE4-84Command Usage See “Displaying Switch Hardware/Software Versions” on page 3-16 for detailed information on the items displaye

FLASH/FILE COMMANDS4-85to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead requir

COMMAND LINE INTERFACE4-86success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection. Synt

FLASH/FILE COMMANDS4-87the factory default configuration file, but you cannot use it as the destination. • To replace the startup configuration, you m

COMMAND LINE INTERFACE4-88The following example shows how to download a configuration file: This example shows how to copy a secure-site certificate f

FLASH/FILE COMMANDS4-89• “Factory_Default_Config.cfg” cannot be deleted.Example This example shows how to delete the test2.cfg configuration file from

COMMAND LINE INTERFACE4-90• File information is shown below:Example The following example shows how to display all file information:whichbootThis comm

FLASH/FILE COMMANDS4-91ExampleThis example shows the information displayed by the whichboot command. See the table under the dir command for a descrip

COMMAND LINE INTERFACE4-92ExampleRelated Commandsdir (3-89)whichboot (3-90) Authentication Commands You can configure this switch to authenticate user

AUTHENTICATION COMMANDS4-93Authentication Sequenceauthentication loginThis command defines the login authentication method and precedence. Use the no

BASIC CONFIGURATION2-9If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service re

COMMAND LINE INTERFACE4-94password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted on

AUTHENTICATION COMMANDS4-95radius-server hostThis command specifies the RADIUS server. Use the no form to restore the default.Syntax radius-server hos

COMMAND LINE INTERFACE4-96Example radius-server keyThis command sets the RADIUS encryption key. Use the no form to restore the default.Syntax radius-s

AUTHENTICATION COMMANDS4-97Default Setting 2Command Mode Global ConfigurationExample radius-server timeoutThis command sets the interval between trans

COMMAND LINE INTERFACE4-98Command Mode Privileged ExecExample TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon auth

AUTHENTICATION COMMANDS4-99Default Setting 10.11.12.13Command Mode Global ConfigurationExample tacacs-server portThis command specifies the TACACS+ se

COMMAND LINE INTERFACE4-100Syntax tacacs-server key key_stringno tacacs-server keykey_string - Encryption key used to authenticate logon access for th

AUTHENTICATION COMMANDS4-101Port Security CommandsThese commands can be used to disable the learning function or manually specify secure addresses for

COMMAND LINE INTERFACE4-102Default Setting Status: DisabledAction: NoneMaximum Addresses: 0Command Mode Interface Configuration (Ethernet)Command Usag

AUTHENTICATION COMMANDS4-103Example The following example enables port security for port 5, and sets the response to a security violation to issue a t

vLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un

INITIAL CONFIGURATION2-106. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press

COMMAND LINE INTERFACE4-104802.1x Port AuthenticationThe switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized acce

AUTHENTICATION COMMANDS4-105Syntaxauthentication dot1x default radiusno authentication dot1xDefault SettingRADIUSCommand ModeGlobal ConfigurationExamp

COMMAND LINE INTERFACE4-106count – The maximum number of requests (Range: 1-10) Default2 Command ModeGlobal ConfigurationExampledot1x port-controlThis

AUTHENTICATION COMMANDS4-107dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use th

COMMAND LINE INTERFACE4-108- unit - This is device 1. - port - Port number. Command ModePrivileged ExecExampledot1x re-authenticationThis command enab

AUTHENTICATION COMMANDS4-109Command ModeGlobal ConfigurationExampledot1x timeout re-authperiodThis command sets the time period after which a connecte

COMMAND LINE INTERFACE4-110Default30 secondsCommand ModeGlobal ConfigurationExampleshow dot1xThis command shows general port authentication related se

AUTHENTICATION COMMANDS4-111following global parameters which are set to a fixed value, including the following items:- supp-timeout – Supplicant time

COMMAND LINE INTERFACE4-112- State – Current state (including initialize, reauthenticate).ExampleConsole#show dot1xGlobal 802.1X Parameters reauth-ena

ACCESS CONTROL LIST COMMANDS4-113Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, prot

BASIC CONFIGURATION2-11The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

COMMAND LINE INTERFACE4-114to an interface – Ingress IP ACL, Egress IP ACL, Ingress MAC ACL and Egress MAC ACL.• When an ACL is bound to an interface

ACCESS CONTROL LIST COMMANDS4-115IP ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL), but a mask can be bound to up to four ACLs of the same typ

COMMAND LINE INTERFACE4-116access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the

ACCESS CONTROL LIST COMMANDS4-117•To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule.•

COMMAND LINE INTERFACE4-118to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the specified source IP address, and

ACCESS CONTROL LIST COMMANDS4-119• protocol-number – A specific protocol number. (Range: 0-255)• source – Source IP address.• destination – Destinatio

COMMAND LINE INTERFACE4-120• The control-code bitmask is a decimal number (representing an equivalent bit mask) that is applied to the control code. E

ACCESS CONTROL LIST COMMANDS4-121This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Related Comman

COMMAND LINE INTERFACE4-122Syntax[no] access-list ip mask-precedence {in | out}• in – Ingress mask for ingress ACLs.• out – Egress mask for egress ACL

ACCESS CONTROL LIST COMMANDS4-123Syntax[no] mask [protocol] {any | host | source-bitmask} {any | host | destination-bitmask} [precedence] [tos] [dscp]

INITIAL CONFIGURATION2-121. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” wh

COMMAND LINE INTERFACE4-124• First create the required ACLs and ingress or egress masks before mapping an ACL to an interface.•If you enter dscp, you

ACCESS CONTROL LIST COMMANDS4-125This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit

COMMAND LINE INTERFACE4-126This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets.

ACCESS CONTROL LIST COMMANDS4-127Command ModePrivileged ExecExample Related Commandsmask (IP ACL) (3-122)ip access-group This command binds a port to

COMMAND LINE INTERFACE4-128Example Related Commandsshow ip access-list (3-121)show ip access-groupThis command shows the ports assigned to IP ACLs.Com

ACCESS CONTROL LIST COMMANDS4-129Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command UsageCommand Usage• You must configure an AC

COMMAND LINE INTERFACE4-130• ethernet unit/port- unit - This is device 1. - port - Port number. Command ModePrivileged ExecExample Related Commandsmap

ACCESS CONTROL LIST COMMANDS4-131Command ModeInterface Configuration (Ethernet)Command Usage• You must configure an ACL mask before you can change fra

COMMAND LINE INTERFACE4-132Example Related Commandsmatch access-list ip (3-130)Console#show markingInterface ethernet 1/12 match access-list IP bill s

ACCESS CONTROL LIST COMMANDS4-133MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form t

MANAGING SYSTEM FILES2-13Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, w

COMMAND LINE INTERFACE4-134acl_name – Name of the ACL. (Maximum length: 16 characters)Default SettingNoneCommand ModeGlobal ConfigurationCommand Usage

ACCESS CONTROL LIST COMMANDS4-135[vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]]Note:- The default is for Ethernet II packets.[no] {perm

COMMAND LINE INTERFACE4-136Default SettingNoneCommand ModeMAC ACLCommand Usage• New rules are added to the end of the list.•The ethertype option can o

ACCESS CONTROL LIST COMMANDS4-137Example Related Commandspermit, deny 3-134mac access-group (3-142)access-list mac mask-precedence This command change

COMMAND LINE INTERFACE4-138Example Related Commandsmask (MAC ACL) (3-138)mac access-group (3-142)mask (MAC ACL)This command defines a mask for MAC ACL

ACCESS CONTROL LIST COMMANDS4-139Command Usage• Up to seven masks can be assigned to an ingress or egress ACL.• Packets crossing a port are checked ag

COMMAND LINE INTERFACE4-140ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the ru

ACCESS CONTROL LIST COMMANDS4-141This example creates an Egress MAC ACL.show access-list mac mask-precedence This command shows the ingress or egress

COMMAND LINE INTERFACE4-142Related Commandsmask (MAC ACL) (3-138)mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the

ACCESS CONTROL LIST COMMANDS4-143show mac access-groupThis command shows the ports assigned to MAC ACLs.Command ModePrivileged ExecExample Related Com

INITIAL CONFIGURATION2-14Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings

COMMAND LINE INTERFACE4-144the output queues as shown below.Example Related Commandsqueue cos-map (3-81)show map access-list mac (3-144) show map acce

ACCESS CONTROL LIST COMMANDS4-145Related Commandsmap access-list mac (3-143)match access-list mac This command changes the IEEE 802.1p priority of a L

COMMAND LINE INTERFACE4-146ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined masks.Comm

SNMP COMMANDS4-147Command ModePrivileged ExecutiveExample SNMP CommandsControls access to this switch from management stations using the Simple Networ

COMMAND LINE INTERFACE4-148Syntax snmp-server community string [ro|rw]no snmp-server community string• string - Community string that acts like a pass

SNMP COMMANDS4-149Syntax snmp-server contact stringno snmp-server contactstring - String that describes the system contact information. (Maximum lengt

COMMAND LINE INTERFACE4-150Example Related Commandssnmp-server contact (3-148)snmp-server host This command specifies the recipient of a Simple Networ

SNMP COMMANDS4-151are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. In orde

COMMAND LINE INTERFACE4-152Default Setting Issue authentication and link-up-down traps.Command Mode Global ConfigurationCommand Usage • If you do not

SNMP COMMANDS4-153are allowed SNMP access to the switch.• subnet_mask - An address bitmask of decimal numbers that represent the address bits to match

3-1CHAPTER 3CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the sw

COMMAND LINE INTERFACE4-154show snmpThis command checks the status of SNMP communications.Default Setting NoneCommand Mode Normal Exec, Privileged Exe

DHCP COMMANDS4-155DHCP CommandsThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client, relay, and server functions. Yo

COMMAND LINE INTERFACE4-156• hex - The hexadecimal value. Default Setting NoneCommand Mode Interface Configuration (VLAN)Command Usage This command is

DHCP COMMANDS4-157• If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will b

COMMAND LINE INTERFACE4-158Command Mode Interface Configuration (VLAN)Command Usage This command is used to configure DHCP relay functions for host de

DHCP COMMANDS4-159Syntaxip dhcp relay server address1 [address2 [address3 ...]]no ip dhcp relay serveraddress - IP address of DHCP server. (Range: 1-3

COMMAND LINE INTERFACE4-160DHCP Server Command Function ModePageservice dhcp Enables the DHCP server feature on this switch GC 3-161ip dhcp excluded-a

DHCP COMMANDS4-161service dhcpUse this command to enable the DHCP server on this switch. Use the no form to disable the DHCP server.Syntaxservice dhcp

COMMAND LINE INTERFACE4-162• high-address - The last IP address in an excluded address range.Default Setting All IP pool addresses may be assigned.Com

DHCP COMMANDS4-163within the range of a configured network address pool.Example Related Commandsnetwork (3-163)host (3-170)networkUse this command to

CONFIGURING THE SWITCH3-2on the third failed attempt the current connection is terminated.2. If you log into the web interface as guest (Normal Exec l

COMMAND LINE INTERFACE4-164• This command is valid for DHCP network address pools only. If the mask is not specified, the class A, B, or C natural mas

DHCP COMMANDS4-165domain-nameUse this command to specify the domain name for a DHCP client. Use the no form to remove the domain name.Syntax domain-na

COMMAND LINE INTERFACE4-166Command ModeDHCP Pool ConfigurationUsage Guidelines • If DNS IP servers are not configured for a DHCP client, the client ca

DHCP COMMANDS4-167bootfileUse this command to specify the name of the default boot image for a DHCP client. This file should placed on the Trivial Fil

COMMAND LINE INTERFACE4-168• address2 - Specifies IP address of alternate NetBIOS WINS name server.Default SettingNoneCommand ModeDHCP Pool Configurat

DHCP COMMANDS4-169Command ModeDHCP Pool ConfigurationExample Related Commandsnetbios-name-server (3-167)Console(config-dhcp)#netbios-node-type hybridC

COMMAND LINE INTERFACE4-170leaseUse this command to configure the duration that an IP address is assigned to a DHCP client. Use the no form to restore

DHCP COMMANDS4-171Syntaxhost address [mask]no host• address - Specifies the IP address of a client.• mask - Specifies the network mask of the client.D

COMMAND LINE INTERFACE4-172Usage Guidelines • Host addresses must fall within the range specified for an existing network pool.• When a client request

DHCP COMMANDS4-173Syntaxclient-identifier {text text | hex hex}no client-identifier• text - A text string. (Range: 1-15 characters) • hex - The hexade

NAVIGATING THE WEB BROWSER INTERFACE3-3Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and pa

COMMAND LINE INTERFACE4-174Syntaxhardware-address hardware-address typeno hardware-address• hardware-address - Specifies the MAC address of the client

DHCP COMMANDS4-175• address - The address of the binding to clear.• * - Clears all automatic bindings.Default Setting NoneCommand ModePrivileged ExecU

COMMAND LINE INTERFACE4-176Command ModeNormal Exec, Privileged ExecExample.DNS CommandsThese commands are used to configure Domain Naming System (DNS)

DNS COMMANDS4-177ip hostThis command creates a static entry in the DNS table that maps a host name to an IP address. Use the no form to remove an entr

COMMAND LINE INTERFACE4-178Example This example maps two address to a host name.clear hostThis command deletes entries from the DNS table.Syntax clear

DNS COMMANDS4-179with dotted notation). Use the no form to remove the current domain name.Syntax ip domain-name nameno ip domain-namename - Name of th

COMMAND LINE INTERFACE4-180Syntax [no] ip domain-list namename - Name of the host. Do not include the initial dot that separates the host name from th

DNS COMMANDS4-181Related Commands ip domain-name (3-178)ip name-serverThis command specifies the address of one or more domain name servers to use for

COMMAND LINE INTERFACE4-182ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (3-

DNS COMMANDS4-183ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (3-178)ip name-server (3-181)show

CONFIGURING THE SWITCH3-4“Apply” or “Apply Changes” button to confirm the new setting. The following table summarizes the web page configuration butto

COMMAND LINE INTERFACE4-184show dnsThis command displays the configuration of the DNS server.Command Mode Privileged ExecExampleshow dns cacheThis com

DNS COMMANDS4-185clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleFLAG The flag is always “4” indica

COMMAND LINE INTERFACE4-186

INTERFACE COMMANDS-1Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLA

-2Syntaxinterface interfaceno interface port-channel channel-idinterface • ethernet unit/port- unit - This is device 1. - port - Port number. • port-c

INTERFACE COMMANDS-3Command Mode Interface Configuration (Ethernet, Port Channel)Example The following example adds a description to port 4.speed-dupl

-4Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex setting is 100half for 100BA

INTERFACE COMMANDS-5Default Setting EnabledCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • When auto-negotiation is enabl

-6• 10full - Supports 10 Mbps full-duplex operation • 10half - Supports 10 Mbps half-duplex operation • flowcontrol - Supports flow control • symmetri

INTERFACE COMMANDS-7flowcontrol (3-7)flowcontrolThis command enables flow control. Use the no form to disable flow control.Syntax [no] flowcontrolDefa

NAVIGATING THE WEB BROWSER INTERFACE3-5The following table briefly describes the selections available from this program.Menu Description PageSystem 3-

-8ExampleThe following example enables flow control on port 5.Related Commands negotiation (3-4)capabilities (flowcontrol, symmetric) (3-5)combo-force

INTERFACE COMMANDS-9ExampleThis forces the switch to use the built-in RJ-45 port for the combination port 8.shutdown This command disables an interfac

-10Syntax switchport broadcast packet-rate rateno switchport broadcastrate - Threshold level as a rate; i.e., packets per second. (Range: 500 - 262143

INTERFACE COMMANDS-11- unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting NoneCommand Mode Privileg

-12Default Setting Shows the status for all interfaces.Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is specified, informatio

INTERFACE COMMANDS-13show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface • ethern

-14Example show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Syntax show interface

INTERFACE COMMANDS-15Default Setting Shows all interfaces.Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is specified, informa

-16Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis command configures a mirror

MIRROR PORT COMMANDS-17Default Setting No mirror session is defined. When enabled, the default mirroring is for both received and transmitted packets.

LIMITED WARRANTYviLIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY

CONFIGURING THE SWITCH3-6SSH 3-50Settings Configures Secure Shell server settings 3-55Host-Key Settings Generates the host key pair (public and privat

-18Default Setting Shows all sessions.Command Mode Privileged ExecCommand Usage This command displays the currently configured source port, destinatio

RATE LIMIT COMMANDS-19by the hardware to verify conformity. Non-conforming traffic is dropped, conforming traffic is forwarded without any changes. ra

-20Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or

LINK AGGREGATION COMMANDS-21• A trunk can have up to eight ports.• The ports at both ends of a connection must be configured as trunk ports.• All port

-22Default Setting The current port will be added to this trunk.Command Mode Interface Configuration (Ethernet)Command Usage • When configuring static

LINK AGGREGATION COMMANDS-23Command Usage • The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-

-24lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default setting.Syntax lacp {actor |

LINK AGGREGATION COMMANDS-25state, and will only take effect the next time an aggregate link is established with the partner.Examplelacp admin-key (Et

-26• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configuring LACP settings for the

LINK AGGREGATION COMMANDS-27that when the LAG is no longer used, the port channel admin key is reset to 0.Examplelacp port-priorityThis command config

NAVIGATING THE WEB BROWSER INTERFACE3-7Port Internal InformationDisplays settings and operational state for the local side3-106Port Neighbors Informat

-28state, and will only take effect the next time an aggregate link is established with the partner.Example show lacpThis command displays LACP inform

LINK AGGREGATION COMMANDS-29Example Console#show 1 lacp countersChannel group : 1 --------------------------------------------------------------

-30Console#show 1 lacp internalChannel group : 1-------------------------------------------------------------------------Oper Key : 4Admin Key : 0Eth

LINK AGGREGATION COMMANDS-31LACP Port PriorityLACP port priority assigned to this interface within the channel group.Admin State,Oper StateAdministrat

-32Console#show 1 lacp neighborsChannel group 1 neighbors-------------------------------------------------------------------------Eth 1/1-------------

ADDRESS TABLE COMMANDS-33Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying cu

-34mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an address.Syntax mac-address

ADDRESS TABLE COMMANDS-35• Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interf

-36- port - Port number. • port-channel channel-id (Range: 1-6) • vlan-id - VLAN ID (Range: 1-4094) • sort - Sort by address, vlan or interface. Defau

ADDRESS TABLE COMMANDS-37Syntax mac-address-table aging-time secondsno mac-address-table aging-timeseconds - Aging time. (Range: 10-1000000 seconds; 0

CONFIGURING THE SWITCH3-8Trunk InformationDisplays trunk settings for a specified MST instance 3-146Port ConfigurationConfigures port settings for a s

-38Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that co

SPANNING TREE COMMANDS-39spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Syntax [

-40• stp - Spanning Tree Protocol (IEEE 802.1D)• rstp - Rapid Spanning Tree Protocol (IEEE 802.1w)Default Setting rstpCommand Mode Global Configuratio

SPANNING TREE COMMANDS-41spanning-tree forward-timeThis command configures the spanning tree bridge forward time globally for this switch. Use the no

-42spanning-tree hello-timeThis command configures the spanning tree bridge hello time globally for this switch. Use the no form to restore the defaul

SPANNING TREE COMMANDS-43Default Setting 20 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) a de

-44Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device, root port, and designated port. The device wit

SPANNING TREE COMMANDS-45Example spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutive

-46This example disables the spanning tree algorithm for port 5.spanning-tree costThis command configures the spanning tree path cost for the specifie

SPANNING TREE COMMANDS-47the maximum value for path cost is 65,535.Example spanning-tree port-priorityThis command configures the priority for the spe

NAVIGATING THE WEB BROWSER INTERFACE3-9Queue ModeSets queue mode to strict priority or Weighted Round-Robin3-176Queue SchedulingConfigures Weighted Ro

-48spanning-tree edge-portThis command specifies an interface as an edge port. Use the no form to restore the default.Syntax [no] spanning-tree edge-p

SPANNING TREE COMMANDS-49spanning-tree portfastThis command sets an interface to fast forwarding. Use the no form to disable fast forwarding.Syntax [n

-50spanning-tree link-typeThis command configures the link type for Rapid Spanning Tree. Use the no form to restore the default.Syntax spanning-tree l

SPANNING TREE COMMANDS-51spanning-tree protocol-migrationThis command re-checks the appropriate BPDU format to send on the selected interface. Syntax

-52• ethernet unit/port- unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting NoneCommand Mode Privil

SPANNING TREE COMMANDS-53ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------Span

-54VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical seg

VLAN COMMANDS-55Command Mode Global ConfigurationCommand Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing

-56- suspend - VLAN is suspended. Suspended VLANs do not pass packets. Default Setting By default only VLAN 1 exists and is active.Command Mode VLAN D

VLAN COMMANDS-57Configuring VLAN Interfacesinterface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLAN p

CONFIGURING THE SWITCH3-10DNS 3-206General ConfigurationEnables DNS; configures domain name and domain list; and specifies IP address of name servers

-58Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN:Related Comman

VLAN COMMANDS-59Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid:Related Commandssw

-60Example The following example shows how to restrict the traffic received on port 1 to tagged frames:Related Commandsswitchport mode (3-58)switchpor

VLAN COMMANDS-61Example The following example shows how to set the interface to port 1 and then enable ingress filtering:switchport native vlanThis co

-62Example The following example shows how to set the PVID for port 1 to VLAN 3:switchport allowed vlanThis command configures VLAN groups on the sele

VLAN COMMANDS-63whether to keep or remove the tag from a frame on egress. • If none of the intermediate network devices nor the host at the other end

-64Command Usage • This command prevents a VLAN from being automatically added to the specified interface via GVRP.• If a VLAN has been added to the s

VLAN COMMANDS-65Default Setting Shows all VLANs.Command Mode Normal Exec, Privileged ExecExample The following example shows how to display informatio

-66To configure protocol-based VLANs, follow these steps:1. First configure VLAN groups for the protocols you want to use (page 3-55). Although not ma

VLAN COMMANDS-67rarp. Default Setting No protocol groups are configured.Command Mode Global ConfigurationExample The following creates protocol group

NAVIGATING THE WEB BROWSER INTERFACE3-11ICMPShows statistics for ICMP traffic, including the amount of traffic, protocol errors, and the number of ech

-68Command Usage • When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces using any of the other VLAN

VLAN COMMANDS-69Command Mode Privileged ExecExample This shows protocol group 1 configured for IP over Ethernet:show interfaces protocol-vlan protocol

-70Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2:Configuring Private V

GVRP AND BRIDGE EXTENSION COMMANDS-71Command Usage• A private VLAN provides port-based security and isolation between ports within the VLAN. Data traf

-72as how to display default configuration settings for the Bridge Extension MIB.bridge-ext gvrpThis command enables GVRP globally for the switch. Use

GVRP AND BRIDGE EXTENSION COMMANDS-73Example show bridge-extThis command shows the configuration for bridge extension commands.Default Setting NoneCom

-74Default Setting DisabledCommand Mode Interface Configuration (Ethernet, Port Channel)Example show gvrp configurationThis command shows if GVRP is e

GVRP AND BRIDGE EXTENSION COMMANDS-75garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the ti

-76successfully.Example Related Commandsshow garp timer (3-76)show garp timerThis command shows the GARP timers for the selected interface.Syntax show

PRIORITY COMMANDS-77Related Commandsgarp timer (3-75)Priority CommandsThe commands described in this section allow you to specify which data packets h

CONFIGURING THE SWITCH3-12Interface SettingsConfigures RIP parameters for each interface, including send and receive versions, message loopback preven

-78for each interface, the relative weight of each queue, and the mapping of frame priority tags to the switch’s priority queues. Priority Commands (L

PRIORITY COMMANDS-79default-priority-id - The priority number for untagged ingress traffic. The priority is a number from 0 to 7. Seven is the highest

-80queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) priority queues. Use the

PRIORITY COMMANDS-81queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queues. Use t

-82Syntax queue cos-map queue_id [cos1 ... cosn]no queue cos-map• queue_id - The ID of the priority queue.Ranges are 0 to 7, where 7 is the highest pr

PRIORITY COMMANDS-83Example The following example shows how to change the CoS assignments to a one-to-one mapping:Related Commands show queue cos-map

-84show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues.Default Setting NoneCom

PRIORITY COMMANDS-85Default Setting NoneCommand Mode Privileged ExecExample Priority Commands (Layer 3 and 4) map ip port (Global Configuration)Use th

-86Default Setting DisabledCommand Mode Global ConfigurationCommand Usage The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, an

PRIORITY COMMANDS-87map ip port (Interface Configuration)Use this command to set IP port priority (i.e., TCP/UDP port priority). Use the no form to re

NAVIGATING THE WEB BROWSER INTERFACE3-13DVMRP3-323General SettingsConfigure global settings for prune and graft messages, and the exchange of routing

-88map ip precedence (Global Configuration)This command enables IP precedence mapping (i.e., IP Type of Service). Use the no form to disable IP preced

PRIORITY COMMANDS-89Default Setting The list below shows the default priority mapping.Command Mode Interface Configuration (Ethernet, Port Channel)Com

-90Command Mode Global ConfigurationCommand Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport p

PRIORITY COMMANDS-91Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP Port, IP Pr

-92Default SettingNoneCommand Mode Privileged ExecExample The following shows that HTTP traffic has been mapped to CoS value 0:Related Commands map ip

PRIORITY COMMANDS-93Command ModePrivileged ExecExample Related Commands map ip precedence (Global Configuration) (3-88)map ip precedence (Interface Co

-94Command Mode Privileged ExecExample Related Commands map ip dscp (Global Configuration) (3-89)map ip dscp (Interface Configuration) (3-90)Console#s

MULTICAST FILTERING COMMANDS-95Multicast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts

-96IGMP Snooping Commands ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp snoopin

MULTICAST FILTERING COMMANDS-97Syntax [no] ip igmp snooping vlan vlan-id static ip-address interface• vlan-id - VLAN ID (Range: 1-4094) • ip-address -

CONFIGURING THE SWITCH3-14Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location a

-98Default Setting IGMP Version 2Command Mode Global ConfigurationCommand Usage • All systems on the subnet must support the same version. If there ar

MULTICAST FILTERING COMMANDS-99Example The following shows the current IGMP snooping configuration:show mac-address-table multicast This command shows

-100Example The following shows the multicast entries learned through IGMP snooping for VLAN 1:IGMP Query Commands (Layer 2) ip igmp snooping querierT

MULTICAST FILTERING COMMANDS-101Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if

-102Example The following shows how to configure the query count to 10:Related Commands ip igmp snooping query-max-response-time (3-102)ip igmp snoopi

MULTICAST FILTERING COMMANDS-103Syntax ip igmp snooping query-max-response-time secondsno ip igmp snooping query-max-response-timeseconds - The report

-104ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the default.Syntax ip igmp snooping

MULTICAST FILTERING COMMANDS-105Static Multicast Routing Commandsip igmp snooping vlan mrouterThis command statically configures a multicast router po

-106Example The following shows how to configure port 11 as a multicast router port within VLAN 1:show ip igmp snooping mrouter This command displays

MULTICAST FILTERING COMMANDS-107IGMP Commands (Layer 3) ip igmpUse this command to enable IGMP on a VLAN interface. Use the no form of this command to

BASIC CONFIGURATION3-15

-108Command Usage IGMP query can be enabled globally at Layer 2 via the ip igmp snooping command, or enabled for specific VLAN interfaces at Layer 3 v

MULTICAST FILTERING COMMANDS-109Command Mode Interface Configuration (VLAN)Command Usage The robustness value is used in calculating the appropriate r

-110multicast routing protocol that runs on the LAN. But for IGMP Version 2, the designated querier is the lowest IP-addressed multicast router on the

MULTICAST FILTERING COMMANDS-111• The number of seconds represented by the maximum response interval must be less than the Query Interval (page 3-109)

-112reduced value results in reduced time to detect the loss of the last member of a group.Example The following shows how to configure the maximum re

MULTICAST FILTERING COMMANDS-113Example The following configures the switch to use IGMP Version 1 on the selected interface:show ip igmp interfaceUse

-114Syntax clear ip igmp group [group-address | interface vlan vlan-id]• group-address - IP address of the multicast group.• vlan-id - VLAN ID (Range:

MULTICAST FILTERING COMMANDS-115Command Mode Normal Exec, Privileged ExecCommand Usage • This command displays information for multicast groups learne

-116IP Interface CommandsThere are no IP addresses assigned to this router by default. You must manually configure a new address to manage the router

IP INTERFACE COMMANDS-117Syntax ip address {ip-address netmask | bootp | dhcp} [secondary]no ip address• ip-address - IP address • netmask - Network m

viiCONTENTSChapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Key Features . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-16CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Inf

-118Anything outside this format will not be accepted by the configuration program. • An interface can have only one primary IP address, but can have

IP INTERFACE COMMANDS-119Syntax ip default-gateway gatewayno ip default-gatewaygateway - IP address of the default gatewayDefault Setting No static ro

-120Example Related Commands show ip redirects (3-120)show ip redirectsThis command shows the default gateway configured for this device.Default Setti

IP INTERFACE COMMANDS-121• size - Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the

-122Address Resolution Protocol (ARP) arpUse this command to add a static entry in the Address Resolution Protocol (ARP) cache. Use the no form to rem

IP INTERFACE COMMANDS-123128.• You may need to enter a static entry in the cache if there is no response to an ARP broadcast message. For example, som

-124clear arp-cacheUse this command to delete all dynamic entries from the Address Resolution Protocol (ARP) cache.Command Mode Privileged ExecExample

IP INTERFACE COMMANDS-125Example This example displays all entries in the ARP cache.ip proxy-arpUse this command to enable proxy Address Resolution Pr

-126IP Routing CommandsAfter you configure network interfaces for this router, you must set the paths used to send traffic between different interface

IP ROUTING COMMANDS-127Global Routing Configurationip routingUse this command to enable IP routing. Use the no form to disable IP routing.Syntax ip ro

BASIC CONFIGURATION3-17supply.• Redundant Power Status* – Displays the status of the redundant power supply.* CLI only.Management Software• Loader Ver

-128Exampleip routeUse this command to configure static routes. Use the no form to remove static routes.Syntax ip route {destination-ip netmask | defa

IP ROUTING COMMANDS-129clear ip routeUse this command to remove dynamically learned entries from the IP routing table.Syntax clear ip route {network [

-130Command Usage If the address is specified without the netmask parameter, the router displays all routes for the corresponding natural class addres

IP ROUTING COMMANDS-131ExampleRouting Information Protocol (RIP)Console#show ip trafficIP statistics: Rcvd: 5 total, 5 local destination 0 c

-132router ripUse this command to enable Routing Information Protocol (RIP) routing for all IP interfaces on the router. Use the no form to disable it

IP ROUTING COMMANDS-133Related Commandsnetwork (3-134)timers basicUse this command to configure the RIP update timer, timeout timer, and garbage- coll

-134network.ExampleThis example sets the update timer to 40 seconds. The timeout timer is subsequently set to 240 seconds, and the garbage-collection

IP ROUTING COMMANDS-135ExampleThis example includes network interface 10.1.0.0 in the RIP routing process.Related Commandsrouter rip (3-132)neighborUs

-136Syntax version {1 | 2}no version• 1 - RIP Version 1• 2 - RIP Version 2Command Mode Router ConfigurationDefault Setting RIP Version 1Command Usage

IP ROUTING COMMANDS-137ip rip receive versionUse this command to specify a RIP version to receive on an interface. Use the no form to restore the defa

CONFIGURING THE SWITCH3-18CLI – Use the following command to display version information.Displaying Bridge Extension CapabilitiesThe Bridge MIB includ

-138ExampleThis example sets the interface version for VLAN 1 to receive RIPv1 packets.Related Commandsversion (3-135)ip rip send versionUse this comm

IP ROUTING COMMANDS-139- Use “none” to passively monitor route information advertised by other routers attached to the network.- Use “1” or “2” if all

-140Command Usage • Split horizon never propagates routes back to an interface from which they have been acquired.• Poison reverse propagates routes b

IP ROUTING COMMANDS-141ExampleThis example sets an authentication password of “small” to verify incoming routing messages and to tag outgoing routing

-142ExampleThis example sets the authentication mode to plain text.Related Commandsip rip authentication key (3-140)show rip globalsUse this command t

IP ROUTING COMMANDS-143show ip ripUse this command to display information about interfaces configured for RIP.Syntax show ip rip {configuration | stat

-144Open Shortest Path First (OSPF) SendModeRIP version sent on this interface (none, RIPv1, RIPv2, or RIPv2-broadcast)ReceiveModeRIP version received

IP ROUTING COMMANDS-145Route Metrics and Summariesarea range Summarizes routes advertised by an ABR RC 3-151area default-costSets the cost for a defau

-146router ospfUse this command to enable Open Shortest Path First (OSPF) routing for all IP interfaces on the router. Use the no form to disable it.S

IP ROUTING COMMANDS-147Command Usage • OSPF is used to specify how routers exchange routing table information.• This command is also used to enter rou

BASIC CONFIGURATION3-19• Local VLAN Capable – This switch supports multiple local bridges; i.e., multiple spanning trees. (Refer to “Configuring Multi

-148• If the priority values of the routers bidding to be the designated router or backup designated router for an area are equal, the router with the

IP ROUTING COMMANDS-149default-information originateUse this command to generate a default external route into an autonomous system. Use the no form t

-150used to import external routes via RIP or static routing, and such a route is known. • Type 1 route advertisements add the internal cost to the ex

IP ROUTING COMMANDS-151• Using a low value allows the router to switch to a new path faster, but uses more CPU processing time.Examplearea rangeUse th

-152ExampleThis example creates a summary address for all area routes in the range of 10.2.x.x.area default-costUse this command to specify a cost for

IP ROUTING COMMANDS-153summary-addressUse this command to aggregate routes learned from other protocols. Use the no form to remove a summary address.S

-154redistributeUse this command to import external routing information from other routing domains (i.e., protocols) into the autonomous system. Use t

IP ROUTING COMMANDS-155• Metric type specifies the way to advertise routes to destinations outside the AS via External LSAs. Specify Type 1 to add the

-156Command Usage • An area ID uniquely defines an OSPF broadcast area. The area ID 0.0.0.0 indicates the OSPF backbone for an autonomous system. Each

IP ROUTING COMMANDS-157• area-id - Identifies the stub area. (The area ID must be in the form of an IP address.)• summary - Makes an Area Border Route

CONFIGURING THE SWITCH3-20Setting the Switch’s IP Address This section describes how to configure an initial IP interface for management access over t

-158area nssaUse this command to define a not-so-stubby area (NSSA). To remove an NSSA, use the no form without any optional keywords. To remove an op

IP ROUTING COMMANDS-159import a default external AS route (for routing protocol domains adjacent to the NSSA but not within the OSPF AS) into the NSSA

-160area virtual-linkUse this command to define a virtual link. To remove a virtual link, use the no form with no optional keywords. To restore the de

IP ROUTING COMMANDS-161• retransmit-interval seconds - Specifies the interval at which the ABR retransmits link-state advertisements (LSA) over the vi

-162Default Setting area-id: Nonerouter-id: Nonehello-interval: 10 secondsretransmit-interval: 5 secondstransmit-delay: 1 seconddead-interval: 40 seco

IP ROUTING COMMANDS-163ip ospf authenticationUse this command to specify the authentication type used for an interface. Enter this command without any

-164ip ospf authentication-keyUse this command to assign a simple password to be used by neighboring routers. Use the no form to remove the password.S

IP ROUTING COMMANDS-165ip ospf message-digest-keyUse this command to enable message-digest (MD5) authentication on the specified interface and to assi

-166Related Commandsip ospf authentication (3-163)ip ospf costUse this command to explicitly set the cost of sending a packet on an interface. Use the

IP ROUTING COMMANDS-167seconds - The maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down. Thi

BASIC CONFIGURATION3-21as long as that VLAN has been assigned an IP address.• IP Address Mode – Specifies whether IP functionality is enabled via manu

-168Exampleip ospf priorityUse this command to set the router priority used when determining the designated router (DR) and backup designated router (

IP ROUTING COMMANDS-169ip ospf retransmit-intervalUse this command to specify the time between resending link-state advertisements (LSAs). Use the no

-170Command Mode Interface Configuration (VLAN)Default Setting 1 secondCommand Usage LSAs have their age incremented by this delay before transmission

IP ROUTING COMMANDS-171show ip ospf border-routersUse this command to show entries in the routing table that lead to an Area Border Router (ABR) or Au

-172show ip ospf databaseUse this command to show information about different OSPF Link State Advertisements (LSAs) stored in this router’s database.S

IP ROUTING COMMANDS-173- An IP network number for Type 3 Summary and External LSAs- A Router ID for Router, Network, and Type 4 AS Summary LSAsAlso, n

-174The following shows output when using the asbr-summary keyword.Console#show ip ospf database asbr-summaryOSPF Router with id(10.1.1.253)

IP ROUTING COMMANDS-175The following shows output when using the database-summary keyword.Console#show ip ospf database database-summaryArea ID (10.1.

-176The following shows output when using the external keyword.Console#show ip ospf database externalOSPF Router with id(192.168.5.1) (Autonomous syst

IP ROUTING COMMANDS-177The following shows output when using the network keyword.Forward Address Forwarding address for data to be passed to the adver

CONFIGURING THE SWITCH3-22Click IP, Global Setting. If this switch and management stations exist on other network segments, then specify the default g

-178The following shows output when using the router keyword.LS Sequence NumberSequence number of LSA (used to detect older duplicate LSAs)LS Checksum

IP ROUTING COMMANDS-179Link State ID Router ID of the router that originated the LSAAdvertising Router Advertising router IDLS Sequence NumberSequence

-180The following shows output when using the summary keyword.Console#show ip ospf database summaryOSPF Router with id(10.1.1.253) Displaying

IP ROUTING COMMANDS-181show ip ospf interfaceUse this command to display summary information for OSPF interfaces.Syntax show ip ospf interface [vlan v

-182show ip ospf neighborUse this command to display information about neighboring routers on each interface within an OSPF area.Syntax show ip ospf n

IP ROUTING COMMANDS-183show ip ospf summary-addressUse this command to display all summary address information.Syntax show ip ospf summary-addressComm

-184show ip ospf virtual-linksUse this command to display detailed information about virtual links.Syntax show ip ospf virtual-linksCommand Mode Privi

MULTICAST ROUTING COMMANDS-185Multicast routers use snooping and query messages, along with a multicast routing protocol to deliver IP multicast packe

-186• interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting No static

MULTICAST ROUTING COMMANDS-187Default Setting Displays multicast router ports for all configured VLANs.Command Mode Privileged ExecCommand Usage Multi

BASIC CONFIGURATION3-23BOOTP. Click Apply to save your changes. Then click Restart DHCP to immediately request a new address. Note that the switch wil

-188Command Mode Global ConfigurationCommand Usage This command is used to enable multicast routing globally for the router. You also need to globally

MULTICAST ROUTING COMMANDS-189and source pair, detailed information is displayed only for the specified entry. If the summary option is selected, an a

-190This example lists all entries in the multicast table in summary form:Console#show ip mroute summaryIP Multicast Forwarding is enabled.IP Multicas

MULTICAST ROUTING COMMANDS-191DVMRP Multicast Routing Commands router dvmrpUse this command to enable Distance-Vector Multicast Routing (DVMRP) global

-192Syntax router dvmrpno router dvmrpCommand Mode Global ConfigurationCommand Usage This command enables DVMRP globally for the router and enters rou

MULTICAST ROUTING COMMANDS-193seconds - Interval between sending neighbor probe messages. (Range: 1-65535)Default Setting 10 secondsCommand Mode Route

-194Examplereport-intervalUse this command to specify how often to propagate the complete set of routing tables to other neighbor DVMRP routers. Use t

MULTICAST ROUTING COMMANDS-195Default Setting 5 secondsCommand Mode Router ConfigurationExampleprune-lifetimeUse this command to specify how long a pr

-196default-gatewayUse this command to specify the default DVMRP gateway for IP multicast traffic. Use the no form to remove the default gateway.Synta

MULTICAST ROUTING COMMANDS-197ip dvmrpUse this command to enable DVMRP on the specified interface. Use the no form to disable DVMRP on this interface.

CONFIGURING THE SWITCH3-24Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web in

-198ip dvmrp metricUse this command to configure the metric used in selecting the reverse path to networks connected directly to an interface on this

MULTICAST ROUTING COMMANDS-199As shown below, this command clears everything from the route table except for the default route.show router dvmrpUse th

-200The default settings are shown in the following example:show ip dvmrp routeUse this command to display all entries in the DVMRP routing table.Comm

MULTICAST ROUTING COMMANDS-201show ip dvmrp neighborUse this command to display all of the DVMRP neighbor routers.Command Mode Normal Exec, Privileged

-202show ip dvmrp interfaceUse this command to display the DVMRP configuration for interfaces which have enabled DVMRP.Command Mode Normal Exec, Privi

MULTICAST ROUTING COMMANDS-203router pimUse this command to enable Protocol-Independent Multicast - Dense Mode (PIM-DM) globally for the router and to

-204ip pim dense-modeUse this command to enable PIM-DM on the specified interface. Use the no form to disable PIM-DM on this interface.Syntax ip pim d

MULTICAST ROUTING COMMANDS-205Exampleip pim hello-intervalUse this command to configure the frequency at which PIM hello messages are transmitted. Use

-206ip pim hello-holdtimeUse this command to configure the interval to wait for hello messages from a neighboring PIM router before declaring it dead.

MULTICAST ROUTING COMMANDS-207Default Setting 5 secondsCommand Mode Interface Configuration (VLAN)Command Usage • When a router first starts or PIM is

BASIC CONFIGURATION3-25to overwrite or specify a new file name, then click Transfer from Server. To start the new firmware, reboot the system via the

-208Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM inter

MULTICAST ROUTING COMMANDS-209Exampleip pim max-graft-retriesUse this command to configure the maximum number of times to resend a Graft message if it

-210show ip pim interfaceUse this command to display information about interfaces configured for PIM.Syntax show ip pim interface vlan-idvlan-id - VLA

ROUTER REDUNDANCY COMMANDS-211Command Mode Normal Exec, Privileged ExecExample Router Redundancy CommandsRouter redundancy protocols use a virtual IP

-212Virtual Router Redundancy Protocol CommandsTo configure VRRP, select an interface on one router in the group to serve as the master virtual router

ROUTER REDUNDANCY COMMANDS-213Use the no form to disable VRRP on an interface and remove the IP address from the virtual router.Syntax vrrp group ip i

-214This example creates VRRP group 1 using the primary interface for VLAN 1 as the VRRP group Owner, and also adds a secondary interface as a member

ROUTER REDUNDANCY COMMANDS-215Examplevrrp priorityUse this command to set the priority of this router in a VRRP group. Use the no form to restore the

-216ExampleRelated Commandsvrrp preempt (3-217)vrrp timers advertiseUse this command to set the interval at which the master virtual router sends adve

ROUTER REDUNDANCY COMMANDS-217before attempting to take over as the master is three times the hello interval plus half a second Examplevrrp preemptUse

CONTENTSviiiUsing DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16Managing Firmware . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-26CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination

-218ExampleRelated Commandsvrrp priority (3-215)show vrrpUse this command to display status information for VRRP.Syntax show vrrp [brief | group]• bri

ROUTER REDUNDANCY COMMANDS-219This example displays the full listing of status information for all groups.Console#show vrrp Vlan 1 - Group 1, state

-220This example displays the brief listing of status information for all groups. show vrrp interfaceUse this command to display status information fo

ROUTER REDUNDANCY COMMANDS-221Defaults NoneCommand Mode Privileged ExecExampleThis example displays the full listing of status information for VLAN 1.

-222show vrrp router countersUse this command to display counters for errors found in VRRP protocol packets.Command Mode Privileged ExecExampleNote th

ROUTER REDUNDANCY COMMANDS-223Example* Refer to “Displaying VRRP Group Statistics” on page 3-235 for a description of the display items.clear vrrp rou

-224Command Mode Privileged ExecExampleConsole#clear vrrp 1 interface 1 countersConsole#

ROUTER REDUNDANCY COMMANDS-225Hot Standby Router Protocol CommandsTo configure HSRP, add the interface for each router that will participate in the vi

-226form to disable HSRP on an interface and remove the IP address for the virtual router.Syntax standby [group] ip [ip-address [secondary]]no standby

ROUTER REDUNDANCY COMMANDS-227• HSRP is enabled once the designated address and priority are configured, and the master and standby routers are electe

BASIC CONFIGURATION3-27file “Factory_Default_Config.cfg” can be copied to the TFTP server, but cannot be used as the destination on the switch.Web – C

-228become the active master router again if the configured priorities have not been changed.• If two or more routers are configured with the same HSR

ROUTER REDUNDANCY COMMANDS-229Default Setting Group number: 0Preempt: DisabledDelay: 0 secondsCommand Mode Interface (VLAN)Command Usage • If preempt

-230standby authenticationUse this command to specify the key used to authenticate HSRP packets received from other routers. Use the no form to delete

ROUTER REDUNDANCY COMMANDS-231ExampleRelated Commandsstandby priority (3-227)standby timersUse this command to set the time between the master and sta

-232• Routers on which the timer settings have not been configured can learn the current timer values from the master or standby router. Timers config

ROUTER REDUNDANCY COMMANDS-233Default Setting Group number: 0Interface priority: 10Command Mode Interface (VLAN)Command Usage • This command adjusts t

-234show standbyUse this command to display status information for HSRP.Syntax show standby [active | init | listen | standby] [brief]•active - Displa

ROUTER REDUNDANCY COMMANDS-235Field DescriptionLocal state State of the local router:• Active - Current master router.• Standby - Designated backup ro

-236This example displays the brief listing of status information for all groups. Authentication textKey used to authenticate HSRP packets received fr

ROUTER REDUNDANCY COMMANDS-237show standby interfaceUse this command to display HSRP status information for the specified interface.Syntax show standb

CONFIGURING THE SWITCH3-28If you download the startup configuration file under a new file name, you can set this file as the startup file at a later t

-238ExampleThis example displays the full listing of status information for VLAN 1. For a description of the displayed information, see the preeeding

-1APPENDIX ASOFTWARE SPECIFICATIONSSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port SecurityAccess Control ListsI

-2Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) VLAN SupportUp to 255 groups; port-based, proto

STANDARDS-3SNMPManagement access via MIB databaseTrap management to specified hostsRMONGroups 1, 2, 3, 9 (Statistics, History, Alarm, Event)StandardsI

-4SNTP (RFC 2030)SSH (Version 2.0)VRRP (RFC 2338)Management Information BasesBridge MIB (RFC 1493)DVMRP MIBEntity MIB (RFC 2737)Ethernet MIB (RFC 2665

MANAGEMENT INFORMATION BASES-5TCP MIB (RFC 2013)Trap (RFC 1215)UDP MIB (RFC 2012)VRRP MIB (RFC 2787)

-6

B-1APPENDIX BTROUBLESHOOTINGTroubleshooting ChartSymptom ActionCannot connect using Telnet, web browser, or SNMP software• Be sure you have configured

TROUBLESHOOTINGB-2

Glossary-1GLOSSARYAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

BASIC CONFIGURATION3-29flash. (Range: 0-7, Default: 3)• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up t

GLOSSARYGlossary-2Distance Vector Multicast Routing Protocol (DVMRP)A distance-vector-style routing protocol used for routing multicast datagrams thro

GLOSSARYGlossary-3Group Attribute Registration Protocol (GARP)See Generic Attribute Registration Protocol. Hot Standby Router Protocol (HSRP)This prot

GLOSSARYGlossary-4IGMP SnoopingListening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups t

GLOSSARYGlossary-5Layer 2Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for netwo

GLOSSARYGlossary-6Out-of-Band ManagementManagement of the network from a station not attached to the network.Port AuthenticationSee IEEE 802.1x.Port M

GLOSSARYGlossary-7Remote Monitoring (RMON)RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard

GLOSSARYGlossary-8data along the shortest available path, maximizing the performance and efficiency of the network. Terminal Access Controller Access

GLOSSARYGlossary-9host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down.XM

GLOSSARYGlossary-10

Index-1Symbols3-31Numerics802.1x, port authentication 3-42, 4-74Aacceptable frame type 3-118, 4-184Access Control List See ACLACLExtended IP 3-51, 4-

CONFIGURING THE SWITCH3-30CLI – Specify the hostname, location and contact information.Remote Log ConfigurationThe Remote Logs page allows you to conf

INDEXIndex-2DVMRPconfiguring3-234, 4-285global settings 3-234, 4-285–4-289interface settings 3-237, 4-289–4-290neighbor routers 3-239, 4-292routing ta

INDEXIndex-3IP routing 3-176, 4-235configuring interfaces 3-180, 4-227enabling or disabling 3-179, 4-235status 3-179, 4-235unicast protocols 3-178IP,

INDEXIndex-4Ppassword, line 4-13passwords 2-4administrator setting 3-30, 4-25path cost 3-90, 3-98method 3-94, 4-167STA 3-90, 3-98, 4-167PIM-DM 3-241,

INDEXIndex-5specifications, software A-1SSH, configuring 3-35, 4-35, 4-36STA 3-88, 4-162edge port 3-98, 3-100, 4-174global settings, configuring 3-92,

INDEXIndex-6WWeb interfaceaccess requirements3-1configuration buttons 3-2home page 3-2menu list 3-3panel display 3-3

38 TeslaIrvine, CA 92618Phone: (949) 679-8000FOR TECHNICAL SUPPORT, CALL:From U.S.A. and Canada (24 hours a day, 7 days a week)(800) SMC-4-YOU; (949)

BASIC CONFIGURATION3-31• Host IP Address – Specifies a new server IP address to add to the Host IP List.Web – Click System, Remote Logs. To add an IP

CONFIGURING THE SWITCH3-32set the logging trap.Displaying Log MessagesUse the Logs page to scroll through the logged system and event messages. The sw

BASIC CONFIGURATION3-33error .Resetting the SystemWeb – Click System, Reset. Click the Reset button to restart the switch.CLI – Use the reload command

CONFIGURING THE SWITCH3-34addresses. The switch will attempt to poll each server in the configured sequence.Broadcast – The switch sets its clock from

BASIC CONFIGURATION3-35Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply.CLI – This example configures the swit

CONTENTSixConfiguring a MAC ACL . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55Configuring ACL Masks . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-36Web – Select SNTP, Clock Time Zone. Set the offset for your time zone relative to the UTC, and click Apply.CLI - This exampl

SIMPLE NETWORK MANAGEMENT PROTOCOL3-37Setting Community Access Strings You may configure up to five community strings authorized for management access

CONFIGURING THE SWITCH3-38CLI – The following example adds the string “spiderman” with read/write access.Console(config)#snmp-server community spiderm

SIMPLE NETWORK MANAGEMENT PROTOCOL3-39Specifying Trap Managers and Trap TypesTraps indicating status changes are issued by the switch to specified tra

CONFIGURING THE SWITCH3-40CLI – This example adds a trap manager and enables both authentication and link-up, link-down traps.Console(config)#snmp-ser

SIMPLE NETWORK MANAGEMENT PROTOCOL3-41Filtering Addresses for SNMP Client AccessThe switch allows you to create a list of up to 16 IP addresses or IP

CONFIGURING THE SWITCH3-42Web – Click SNMP, IP Filtering. To add a client, enter the new address, the subnet mask for a node or an address range, and

USER AUTHENTICATION3-43• 802.1x – Use IEEE 802.1x port authentication to control access to specific ports.Configuring the Logon PasswordThe guest only

CONFIGURING THE SWITCH3-44CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password.Configuring Local/Remote Logon

USER AUTHENTICATION3-45sequence and the corresponding parameters for the remote authentication protocol. Local and remote logon authentication control