SMC Networks L2-Lite Manual de usuario

MANAGEMENT GUIDEtaTigerSwitchTM 10/100/1000L2-Lite SMB PoE Gigabit SwitchSMC8126PL2-F

ContentsxSetting a Switch Power Budget 3-136Displaying Port Power Status 3-136Configuring Port PoE Power 3-137Address Table Settings 3-139Setting

Configuring the Switch3-523Setting SNMPv3 Views SNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined vi

Simple Network Management Protocol3-533CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces

Configuring the Switch3-543User AuthenticationYou can configure this switch to authenticate users logging into the system for management access using

User Authentication3-553Web – Click Security, User Accounts. To configure a new user account, specify a user name, select the user’s access level, the

Configuring the Switch3-563Configuring Local/Remote Logon AuthenticationUse the Authentication Settings menu to restrict management access based on sp

User Authentication3-573Command Attributes• Authentication – Select the authentication, or authentication sequence required:- Local – User authenticat

Configuring the Switch3-583Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authent

User Authentication3-593CLI – Specify all the required parameters to enable logon authentication.Configuring Encryption KeysThe Encryption Key feature

Configuring the Switch3-603- Confirm Secret Text String – Re-type the string entered in the previous field to ensure no errors were made. The switch w

User Authentication3-613AAA Authorization and AccountingThe Authentication, authorization, and accounting (AAA) feature provides the main framework fo

ContentsxiQuality of Service 3-200Configuring Quality of Service Parameters 3-201Configuring a Class Map 3-201Creating QoS Policies 3-204Attachi

Configuring the Switch3-623Configuring AAA RADIUS Group SettingsThe AAA RADIUS Group Settings screen defines the configured RADIUS servers to use for

User Authentication3-633Configuring AAA TACACS+ Group SettingsThe AAA TACACS+ Group Settings screen defines the configured TACACS+ servers to use for

Configuring the Switch3-643The group names “radius” and “tacacs+” specifies all configured RADIUS and TACACS+ hosts (see "Configuring Local/Remot

User Authentication3-653AAA Accounting UpdateThis feature sets the interval at which accounting updates are sent to accounting servers.Command Attribu

Configuring the Switch3-663AAA Accounting 802.1X Port SettingsThis feature applies the specified accounting method to an interface.Command Attributes•

User Authentication3-673AAA Accounting Exec Command PrivilegesThis feature specifies a method name to apply to commands entered at specific CLI privil

Configuring the Switch3-683AAA Accounting Exec SettingsThis feature specifies a method name to apply to console and Telnet connections.Command Attribu

User Authentication3-693Web – Click Security, AAA, Summary. Figure 3-43 AAA Accounting Summary

Configuring the Switch3-703CLI – Use the following command to display the currently applied accounting methods, and registered users.Authorization Set

User Authentication3-713Web – Click Security, AAA, Authorization, Settings. To configure a new authorization method, specify a method name and a group

ContentsxiiPartial Keyword Lookup 4-5Negating the Effect of Commands 4-5Using Command History 4-5Understanding Command Modes 4-6Exec Commands 4-6

Configuring the Switch3-723CLI – Specify the authorization method to use for Console and Telnet interfaces.Authorization SummaryThe Authorization Summ

User Authentication3-733Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket

Configuring the Switch3-743Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-47 HTTPS Setting

User Authentication3-753Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of t

Configuring the Switch3-7633. Import Client’s Public Key to the Switch – Use the copy tftp public-key command (4-25) to copy a file containing the pub

User Authentication3-773Authenticating SSH v2 Clientsa. The client first queries the switch to determine if DSA public key authentication using a pref

Configuring the Switch3-783Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save th

User Authentication3-793Configuring the SSH ServerThe SSH server includes basic settings for authentication. Note:You must first generate the host key

Configuring the Switch3-803CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that t

User Authentication3-813TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), or TTLS (Tunneled Transport Layer Securit

Contentsxiiispeed 4-38stopbits 4-38disconnect 4-39show line 4-39Event Logging Commands 4-40logging on 4-41logging history 4-42logging host 4-43l

Configuring the Switch3-823CLI – This example shows the default global setting for 802.1X. Configuring 802.1X Global SettingsThe 802.1X protocol provi

User Authentication3-833Configuring Port Settings for 802.1XWhen 802.1X is enabled, you need to configure the parameters for the authentication proces

Configuring the Switch3-843Web – Click Security, 802.1X, Port Configuration. Modify the parameters required, and click Apply.Figure 3-52 802.1X Port

User Authentication3-853CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example,

Configuring the Switch3-863Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Web – Select Secu

User Authentication3-873CLI – This example displays the 802.1X statistics for port 4. Filtering IP Addresses for Management AccessYou create a list of

Configuring the Switch3-883Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an inte

General Security Measures3-893General Security Measures This switch supports many methods of segregating traffic for clients attached to each of the d

Configuring the Switch3-903Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC

Access Control Lists3-913Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox

Contentsxivsnmp-server engine-id 4-68show snmp engine-id 4-69snmp-server view 4-69show snmp view 4-71snmp-server group 4-71show snmp group 4-73s

Configuring the Switch3-923• When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind

Access Control Lists3-933Configuring a Standard IP ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Addres

Configuring the Switch3-943Configuring an Extended IP ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Sou

Access Control Lists3-953Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Configuring the Switch3-963Configuring a MAC ACLUse this page to configure ACLs based on hardware addresses, packet format, and Ethernet type.Command

Access Control Lists3-973Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Configuring the Switch3-983Binding a Port to an Access Control ListAfter configuring the Access Control Lists (ACL), you can bind the ports that need

Access Control Lists3-993CLI – This example assigns an IP access list to port 1, and an IP access list to port 3.Filtering IP Addresses for Management

Configuring the Switch3-1003Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an int

Access Control Lists3-1013DHCP SnoopingThe addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings

ContentsxvWeb Server Commands 4-99ip http port 4-99ip http server 4-100ip http secure-server 4-100ip http secure-port 4-101Telnet Server Commands

Configuring the Switch3-1023- If a DHCP packet from a client passes the filtering criteria above, it will only be forwarded to trusted ports in the sa

Access Control Lists3-1033DHCP Snooping VLAN ConfigurationUse the DHCP Snooping VLAN Configuration page to enable or disable DHCP snooping on specific

Configuring the Switch3-1043Command Usage• DHCP Snooping (see 3-102) must be enabled for Option 82 information to be inserted into request packets.• W

Access Control Lists3-1053CLI – This example enables DHCP Snooping Information Option, and sets the policy as replace.DHCP Snooping Port Configuration

Configuring the Switch3-1063Web – Click DHCP Snooping, Port Configuration. Set any ports within the local network or firewall to trusted, and click Ap

Access Control Lists3-1073• IP Address Type – Indicates an IPv4 address type.• Lease Time (Seconds) – The time for which this IP address is leased to

Configuring the Switch3-1083Command Usage• Setting source guard mode to SIP (Source IP) or SIP-MAC (Source IP and MAC) enables this function on the se

Access Control Lists3-1093Web – Click IP Source Guard, Port Configuration. Set the required filtering type for each port and click Apply. Figure 3-67

Configuring the Switch3-1103- If there is an entry with the same VLAN ID and MAC address, and the type of the entry is dynamic DHCP snooping binding,

Access Control Lists3-1113Displaying Information for Dynamic IP Source Guard BindingsUse the Dynamic Information page to display the source-guard bind

Contentsxvishow network-access mac-address-table 4-130DHCP Snooping Commands 4-131ip dhcp snooping 4-132ip dhcp snooping vlan 4-133ip dhcp snoopin

Configuring the Switch3-1123Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the c

Port Configuration3-1133Configuration:• Name – Interface label.• Port admin – Shows if the interface is enabled or disabled (i.e., up or down).•Speed-

Configuring the Switch3-1143CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configurat

Port Configuration3-1153problem has been resolved. You may also disable an interface for security reasons.• Speed/Duplex – Allows you to manually set

Configuring the Switch3-1163CLI – Select the interface, and then enter the required settings.Creating Trunk GroupsYou can create multiple links betwee

Port Configuration3-1173• The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, dupl

Configuring the Switch3-1183CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switc

Port Configuration3-1193Command Attributes • Member List (Current) – Shows configured trunks (Port).• New – Includes entry fields for creating new tru

Configuring the Switch3-1203CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another

Port Configuration3-1213- System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a

Contentsxviishow interfaces switchport 4-165Link Aggregation Commands 4-167channel-group 4-168lacp 4-169lacp system-priority 4-170lacp admin-key

Configuring the Switch3-1223CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG.Disp

Port Configuration3-1233Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 3-75

Configuring the Switch3-1243Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for

Port Configuration3-1253Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-76

Configuring the Switch3-1263Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state fo

Port Configuration3-1273CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel

Configuring the Switch3-1283Web – Click Port, Port/Trunk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and cl

Port Configuration3-1293Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port, t

Configuring the Switch3-1303Web – Click Port, Rate Limit, Input/Output Port/Trunk Configuration. Enable the Rate Limit Status for the required interfa

Port Configuration3-1313Received Multicast Packets The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addressed to

Contentsxviiimst priority 4-203name 4-204revision 4-205max-hops 4-205spanning-tree spanning-disabled 4-206spanning-tree cost 4-206spanning-tree por

Configuring the Switch3-1323Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one

Port Configuration3-1333Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the

Configuring the Switch3-1343Figure 3-81 Port StatisticsCLI – This example shows statistics for port 13.Power Over Ethernet SettingsThe switch can pro

Power Over Ethernet Settings3-1353power, if necessary by dropping power to ports set for a lower priority. If power is dropped to some low-priority po

Configuring the Switch3-1363Setting a Switch Power BudgetA maximum PoE power budget for the switch (power available to all switch ports) can be define

Power Over Ethernet Settings3-1373re-enabled when the overload condition is no longer detected on the port. (Default: Disabled)Web – Click PoE, Power

Configuring the Switch3-1383• If a device is connected to a critical or high-priority port and causes the switch to exceed its budget, port power is t

Address Table Settings3-1393Address Table SettingsSwitches store the addresses for all known devices. This information is used to pass traffic directl

Configuring the Switch3-1403Displaying the Address TableThe Dynamic Address Table contains the MAC addresses learned by monitoring the source address

Address Table Settings3-1413CLI – This example also displays the address table entries for port 1.Changing the Aging TimeYou can set the aging time fo

ContentsxixConfiguring Private VLANs 4-235private-vlan 4-236private vlan association 4-237switchport mode private-vlan 4-238switchport private-vlan

Configuring the Switch3-1423Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, a

Spanning Tree Algorithm Configuration3-1433MSTP – MSTP When using STP or RSTP, it may be difficult to maintain a stable path between all VLAN members.

Configuring the Switch3-1443Once you specify the VLANs to include in a Multiple Spanning Tree Instance (MSTI), the protocol will automatically build a

Spanning Tree Algorithm Configuration3-1453These additional parameters are only displayed for the CLI:• Spanning tree mode – Specifies the type of spa

Configuring the Switch3-1463Web – Click Spanning Tree, STA, Information.Figure 3-89 Displaying Spanning Tree InformationCLI – This command displays g

Spanning Tree Algorithm Configuration3-1473Configuring Global Settings for STAGlobal settings apply to the entire switch.Command Usage• Spanning Tree

Configuring the Switch3-1483• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the hig

Spanning Tree Algorithm Configuration3-1493• Transmission Limit – The maximum transmission rate for BPDUs is specified by setting the minimum interval

Configuring the Switch3-1503Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-90 Configuring Sp

Spanning Tree Algorithm Configuration3-1513CLI – This example enables Spanning Tree Protocol, sets the mode to RSTP, and then configures the STA and R

ContentsxxIGMP Snooping Commands 4-266ip igmp snooping 4-267ip igmp snooping vlan static 4-267ip igmp snooping version 4-268ip igmp snooping leave

Configuring the Switch3-1523• Designated Port – The port priority and number of the port on the designated bridging device through which this switch m

Spanning Tree Algorithm Configuration3-1533These additional parameters are only displayed for the CLI:• Admin Status – Shows if this interface is enab

Configuring the Switch3-1543CLI – This example shows the STA attributes for port 5. Configuring Interface Settings for STAYou can configure RSTP and M

Spanning Tree Algorithm Configuration3-1553The following interface attributes can be configured:• Spanning Tree – Enables/disables STA on this interfa

Configuring the Switch3-1563• Admin Link Type – The link type attached to this interface.- Point-to-Point – A connection to exactly one other bridge.-

Spanning Tree Algorithm Configuration3-1573Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes,

Configuring the Switch3-1583Configuring Multiple Spanning TreesMSTP generates a unique spanning tree for each instance. This provides multiple pathway

Spanning Tree Algorithm Configuration3-1593Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the i

Configuring the Switch3-1603CLI – This displays STA settings for instance 1, followed by settings for each port.Console#show spanning-tree mst 1 4-213

Spanning Tree Algorithm Configuration3-1613Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display th

Contentsxxiip default-gateway 4-298ip dhcp restart 4-299show ip interface 4-299show ip redirects 4-300ping 4-300Appendix A: Software Specificatio

Configuring the Switch3-1623CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are globa

Spanning Tree Algorithm Configuration3-1633Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usi

Configuring the Switch3-1643Web – Click Spanning Tree, MSTP, Port Configuration or Trunk Configuration. Enter the priority and path cost for an interf

VLAN Configuration3-1653This switch supports the following VLAN features:• Up to 255 VLANs based on the IEEE 802.1Q standard• Distributed VLAN learnin

Configuring the Switch3-1663Untagged VLANs – Untagged (or static) VLANs are typically used to reduce broadcast traffic and to increase security. A gro

VLAN Configuration3-1673Forwarding Tagged/Untagged FramesIf you want to create a small port-based VLAN for devices attached directly to a single switc

Configuring the Switch3-1683Displaying Basic VLAN InformationThe VLAN Basic Information page displays basic information on the VLAN type supported by

VLAN Configuration3-1693Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN and whether or not the port support

Configuring the Switch3-1703• Name – Name of the VLAN (1 to 32 characters).• Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is ope

VLAN Configuration3-1713Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to

Contentsxxii

Configuring the Switch3-1723CLI – This example creates a new VLAN.Console(config)#vlan database 4-220Console(config-vlan)#vlan 2 name R&D media et

VLAN Configuration3-1733Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port members for the selected VLAN index. As

Configuring the Switch3-1743Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status i

VLAN Configuration3-1753Adding Static Members to VLANs (Port Index)Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected i

Configuring the Switch3-1763Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLA

VLAN Configuration3-1773• GARP Leave Timer13 – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the j

Configuring the Switch3-1783Configuring IEEE 802.1Q TunnelingIEEE 802.1Q Tunneling (QinQ) is designed for service providers carrying traffic for multi

VLAN Configuration3-1793customer’s network. The packet is sent as a normal IEEE 802.1Q-tagged frame, preserving the original VLAN numbers used in the

Configuring the Switch3-1803Layer 2 Flow for Packets Coming into a Tunnel Uplink PortAn uplink port receives one of the following packets:• Untagged•

VLAN Configuration3-1813• Static trunk port groups are compatible with QinQ tunnel ports as long as the QinQ configuration is consistent within a trun

xxiiiTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-6Table 3-1 Configuration Options 3-3Table 3-2 Main Menu 3-4Table 3-3 Logging Leve

Configuring the Switch3-1823incoming frames containing that ethertype are assigned to the VLAN contained in the tag following the ethertype field, as

VLAN Configuration3-1833the attached client is using a nonstandard 2-byte ethertype to identify 802.1Q tagged frames (see "Displaying Basic VLAN

Configuring the Switch3-1843Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN.

VLAN Configuration3-1853Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports des

Configuring the Switch3-1863Command UsageTo configure protocol-based VLANs, follow these steps:1. First configure VLAN groups for the protocols you wa

VLAN Configuration3-1873CLI – This example creates protocol group 1 for Ethernet frames using the IP protocol, and group 2 for Ethernet frames using t

Configuring the Switch3-1883Web – Click VLAN, Protocol VLAN, Port Configuration.Figure 3-108 Protocol VLAN Port ConfigurationCLI – The following maps

Class of Service Configuration3-1893Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precede

Configuring the Switch3-1903Command Attributes• Default Priority14 – The priority that is assigned to untagged frames received on the specified interf

Class of Service Configuration3-1913Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using f

TablesxxivTable 4-25 Authentication Commands 4-76Table 4-24 show snmp user - display description 4-76Table 4-26 User Access Commands 4-77Table 4-27

Configuring the Switch3-1923Web – Click Priority, Traffic Classes. Select a port or trunk for the current mapping of CoS values to output queues to be

Class of Service Configuration3-1933Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traf

Configuring the Switch3-1943Setting the Service Weight for Traffic ClassesThis switch uses the Weighted Round Robin (WRR) algorithm to determine the f

Class of Service Configuration3-1953Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods o

Configuring the Switch3-1963Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight diff

Class of Service Configuration3-1973CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to Co

Configuring the Switch3-1983Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS value t

Class of Service Configuration3-1993Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port numb

Configuring the Switch3-2003CLI* – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS v

Quality of Service3-2013Configuring Quality of Service Parameters To create a service policy for a specific category or ingress traffic, follow these

TablesxxvTable 4-76 Priority Commands 4-244Table 4-77 Priority Commands (Layer 2) 4-244Table 4-78 Default CoS Values to Egress Queues 4-248Table 4-

Configuring the Switch3-2023Class Configuration• Class Name – Name of the class map. (Range: 1-16 characters)• Type – Only one match command is permit

Quality of Service3-2033Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing class.

Configuring the Switch3-2043Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Command Usage • To con

Quality of Service3-2053Policy Rule Settings- Class Settings -• Class Name – Name of class map.• Action – Shows the service provided to ingress traffi

Configuring the Switch3-2063Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Polic

Quality of Service3-2073CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps,

Configuring the Switch3-2083CLI - This example applies a service policy to an ingress interface.Multicast Filtering Multicasting is used to support re

Multicast Filtering3-2093Layer 2 IGMP (Snooping and Query)IGMP Snooping and Query – If multicast routing is not supported on other switches in your ne

Configuring the Switch3-2103Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Bas

Multicast Filtering3-2113• Act as IGMP Querier — When enabled, the switch can serve as the Querier, which is responsible for asking hosts if they want

Tablesxxvi

Configuring the Switch3-2123CLI – This example modifies the settings for multicast filtering, and then displays the current status.Enabling IGMP Immed

Multicast Filtering3-2133Command Attributes• VLAN ID – ID of configured VLAN (1-4094).• Immediate Leave – Sets the status for immediate leave on the s

Configuring the Switch3-2143Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informa

Multicast Filtering3-2153Specifying Static Interfaces for a Multicast RouterDepending on your network connections, IGMP snooping may not always be abl

Configuring the Switch3-2163Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multic

Multicast Filtering3-2173Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query me

Configuring the Switch3-2183CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on

Multicast Filtering3-2193Web – Click IGMP Snooping, IGMP Filter Configuration. Create a profile number by entering the number in text box and clicking

Configuring the Switch3-2203• Access Mode – Sets the access mode of the profile; either permit or deny. (Default: Deny)• New Multicast Address Range L

Multicast Filtering3-2213CLI – This example configures profile number 19 by setting the access mode to “permit” and then specifying a range of multica

xxviiFiguresFigure 3-1 Home Page 3-2Figure 3-2 Panel Display 3-3Figure 3-3 System Information 3-12Figure 3-4 Switch Information 3-13Figure 3-5 Bri

Configuring the Switch3-2223Web – Click IGMP Snooping, IGMP Filter/Throttling Port Configuration or IGMP Filter/Throttling Trunk Configuration. Select

Multicast Filtering3-2233Multicast VLAN Registration Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLA

Configuring the Switch3-2243Configuring Global MVR Settings The global settings for Multicast VLAN Registration (MVR) include enabling or disabling MV

Multicast Filtering3-2253Web – Click MVR, Configuration. Enable MVR globally on the switch, select the MVR VLAN, add the multicast groups that will st

Configuring the Switch3-2263Displaying MVR Interface Status You can display information about the interfaces attached to the MVR VLAN.Field Attributes

Multicast Filtering3-2273Displaying Port Members of Multicast GroupsYou can display the multicast groups assigned to the MVR VLAN either through IGMP

Configuring the Switch3-2283Configuring MVR Interface Status Each interface that participates in the MVR VLAN must be configured as an MVR source port

Multicast Filtering3-2293- Non-MVR – An interface that does not participate in the MVR VLAN. (This is the default type.)• Immediate Leave – Configures

Configuring the Switch3-2303Assigning Static Multicast Groups to InterfacesFor multicast streams that will run for a long term and be associated with

Configuring Domain Name Service3-2313Configuring Domain Name Service The Domain Naming System (DNS) service on this switch allows host names to be map

FiguresxxviiiFigure 3-43 AAA Accounting Summary 3-69Figure 3-44 AAA Authorization Settings 3-71Figure 3-45 AAA Authorization Exec Settings 3-71Figu

Configuring the Switch3-2323Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name ser

Configuring Domain Name Service3-2333Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are

Configuring the Switch3-2343Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.Figure 3-

Configuring Domain Name Service3-2353Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name s

Configuring the Switch3-2363Switch ClusteringSwitch Clustering is a method of grouping switches together to enable centralized management through a si

Switch Clustering3-2373• Cluster IP Pool – An “internal” IP address pool that is used to assign IP addresses to Member switches in the cluster. Intern

Configuring the Switch3-2383Cluster Member ConfigurationAdds Candidate switches to the cluster as Members. Command Attributes• Member ID – Specify a M

Switch Clustering3-2393Displaying Information on Cluster MembersUse the Cluster Member Information page to display information on current cluster Memb

Configuring the Switch3-2403Cluster Candidate InformationUse the Cluster Candidate Information page to display information about discovered switches i

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

FiguresxxixFigure 3-88 Setting the Address Aging Time 3-141Figure 3-89 Displaying Spanning Tree Information 3-146Figure 3-90 Configuring Spanning Tr

Command Line Interface4-24Telnet ConnectionTelnet operates over the IP transport protocol. In this environment, your management station and any networ

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword w

Command Line Interface4-64Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display i

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

Command Line Interface4-84To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to ret

Entering Commands4-94Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

Command Line Interface4-104Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command GroupsComman

General Commands4-114The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration) NE (No

20 MasonIrvine, CA 92618Phone: (949) 679-8000TigerSwitch 10/100/1000Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsAugus

FiguresxxxFigure 3-133 MVR Port Configuration 3-229Figure 3-134 MVR Group Member Configuration 3-230Figure 3-135 DNS General Configuration 3-232Fig

Command Line Interface4-124Command ModeNormal ExecCommand Usage • “super” is the default password required to change the command mode from Normal Exec

General Commands4-134Example Related Commands end (4-14)show historyThis command shows the contents of the command history buffer.Command Mode Normal

Command Line Interface4-144Command Mode Privileged ExecCommand Usage • This command resets the entire system.• When the system is restarted, it will a

General Commands4-154exitThis command returns to the previous configuration mode or exit the configuration program.Command Mode AnyExample This exampl

Command Line Interface4-164System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration opti

System Management Commands4-174Example System Status CommandsThis section describes commands used to display system information.show startup-configThi

Command Line Interface4-184Example Related Commandsshow running-config (4-18)show running-configThis command displays the configuration information c

System Management Commands4-194Command Usage • Use this command in conjunction with the show startup-config command to compare the information in runn

Command Line Interface4-204Example Related Commandsshow startup-config (4-17)Console#show running-configbuilding startup-config, please wait...!<

System Management Commands4-214show systemThis command displays system information.Command Mode Normal Exec, Privileged ExecCommand Usage • For a desc

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-224Example show versionThis command displays hardware and software version information for the system.Command Mode Normal Exec

System Management Commands4-234Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Syntax [no]

Command Line Interface4-244File Management CommandsManaging FirmwareFirmware can be uploaded and downloaded to or from an TFTP server. By saving run-t

System Management Commands4-254copyThis command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFT

Command Line Interface4-264• The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server. You must follow the instructions in the re

System Management Commands4-274The following example shows how to download a configuration file: This example shows how to copy a secure-site certific

Command Line Interface4-284deleteThis command deletes a file or image.Syntax delete filenamefilename - Name of the configuration file or image name.Co

System Management Commands4-294• File information is shown below:Example The following example shows how to display all file information:whichbootThis

Command Line Interface4-304boot systemThis command specifies the image used to start up the system.Syntax boot system {boot-rom| config | opcode}: fil

System Management Commands4-314Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the server’s se

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Command Line Interface4-324Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty” in screen displays such as show

System Management Commands4-334Example Related Commandsusername (4-77)password (4-33)passwordThis command specifies the password for a line. Use the n

Command Line Interface4-344timeout login responseThis command sets the interval that the system waits for a user to log into the CLI. Use the no form

System Management Commands4-354Command Mode Line ConfigurationCommand Usage • If user input is detected within the timeout interval, the session is ke

Command Line Interface4-364Related Commandssilent-time (4-36)timeout login response (4-13)silent-timeThis command sets the amount of time the manageme

System Management Commands4-374Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits wit

Command Line Interface4-384speedThis command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from t

System Management Commands4-394Example To specify 2 stop bits, enter this command:disconnectThis command terminates an SSH, Telnet, or console connect

Command Line Interface4-404Example To show all lines, enter this command:Event Logging Commands Console#show line Console Configuration: Password Thr

System Management Commands4-414logging onThis command controls logging of error messages, sending debug or error messages to switch memory. The no for

Description of Software Features1-31Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, o

Command Line Interface4-424logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the loggin

System Management Commands4-434logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to re

Command Line Interface4-444logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved to

System Management Commands4-454Related Commandsshow logging (4-45)show loggingThis command displays the configuration settings for logging messages to

Command Line Interface4-464The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-50)show logThis com

System Management Commands4-474ExampleThe following example shows sample messages stored in RAM.SMTP Alert CommandsThese commands configure SMTP event

Command Line Interface4-484Command Mode Global ConfigurationCommand Usage • You can specify up to three SMTP servers for event handing. However, you m

System Management Commands4-494logging sendmail source-emailThis command sets the email address used for the “From” field in alert messages. Use the n

Command Line Interface4-504logging sendmailThis command enables SMTP event handling. Use the no form to disable this function.Syntax[no] logging sendm

System Management Commands4-514Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintain

Introduction1-41(CRC). This prevents bad frames from entering the network and wasting bandwidth.To avoid dropping frames on congested ports, the switc

Command Line Interface4-524Example Related Commandssntp server (4-52)sntp poll (4-53)show sntp (4-53)sntp serverThis command sets the IP address of th

System Management Commands4-534sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use t

Command Line Interface4-544clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours minute

System Management Commands4-554calendar setThis command sets the system clock. It may be used if there is no time server on your network, or if you ha

Command Line Interface4-564Switch Cluster CommandsSwitch Clustering is a method of grouping switches together to enable centralized management through

System Management Commands4-574Command Usage • To create a switch cluster, first be sure that clustering is enabled on the switch (the default is enab

Command Line Interface4-584cluster ip-poolThis command sets the cluster IP address pool. Use the no form to reset to the default address.Syntax cluste

System Management Commands4-594Command Usage • The maximum number of cluster Members is 16.• The maximum number of switch Candidates is 100.Examplerco

Command Line Interface4-604show cluster membersThis command shows the current switch cluster members.Command Mode Privileged ExecExampleshow cluster c

SNMP Commands4-614SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as

Description of Software Features1-51Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using four pr

Command Line Interface4-624snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use th

SNMP Commands4-634Examplesnmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specifie

Command Line Interface4-644Command Mode Global ConfigurationExample snmp-server contactThis command sets the system contact string. Use the no form to

SNMP Commands4-654Example Related Commandssnmp-server contact (4-64)snmp-server host This command specifies the recipient of a Simple Network Manageme

Command Line Interface4-664Command Usage • If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switc

SNMP Commands4-674exist, and the switch will not authorize SNMP access for the host. However, if you specify a V3 host with the “noauth” option, an SN

Command Line Interface4-684Related Commandssnmp-server host (4-65)snmp-server engine-idThis command configures an identification string for the SNMPv3

SNMP Commands4-694Related Commandssnmp-server host (4-65)show snmp engine-idThis command shows the SNMP engine ID.Command Mode Privileged ExecExampleT

Command Line Interface4-704Command Usage • Views are used in the snmp-server group command to restrict user access to specified portions of the MIB tr

SNMP Commands4-714show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis command add

Introduction1-61System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch d

Command Line Interface4-724Default Setting • Default groups: public20 (read only), private21 (read/write)• readview - Every object belonging to the In

SNMP Commands4-734show snmp groupFour default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access and re

Command Line Interface4-744snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify V

SNMP Commands4-754Command Usage • The SNMP engine ID is used to compute the authentication/privacy digests from the password. You should therefore con

Command Line Interface4-764Authentication Commands You can configure this switch to authenticate users logging into the system for management access u

Authentication Commands4-774User Account and Privilege Level CommandsThe basic commands required for management access are listed in this section. Thi

Command Line Interface4-784Command Mode Global ConfigurationCommand Usage • Privilege level 0 provides access to a limited number of the commands whic

Authentication Commands4-794Example Related Commandsenable (4-11)authentication enable (4-82)privilegeThis command assigns a privilege level to specif

Command Line Interface4-804Command Usage Due to system limitations in the current software, privilege commands (page 4-79) entered during the current

Authentication Commands4-814authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the de

System Defaults1-71SNMP SNMP Agent EnabledCommunity Strings “public” (read only), “private” (read/write) Traps Authentication traps: enabledLink-up-do

Command Line Interface4-824authentication enableThis command defines the authentication method and precedence to use when changing from Exec command m

Authentication Commands4-834RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software run

Command Line Interface4-844Example radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax r

Authentication Commands4-854radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radius-serv

Command Line Interface4-864Example TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that us

Authentication Commands4-874tacacs-server hostThis command specifies the TACACS+ server. Use the no form to restore the default.Syntax [no] tacacs-ser

Command Line Interface4-884Example tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to restore the default.Syntax tacacs

Authentication Commands4-894tacacs-server timeoutThis command sets the interval between transmitting authentication requests to the TACACS+ server. Us

Command Line Interface4-904AAA CommandsThe Authentication, authorization, and accounting (AAA) feature provides the main framework for configuring acc

Authentication Commands4-914Example serverThis command adds a security server to an AAA server group. Use the no form to remove the associated server

Introduction1-81IP Settings IP Address DHCP assignedSubnet Mask 255.255.255.0Default Gateway 0.0.0.0DHCP Client: EnabledDNS Client/Proxy service: Disa

Command Line Interface4-924aaa accounting dot1xThis command enables the accounting of requested 802.1X services for network access. Use the no form to

Authentication Commands4-934aaa accounting execThis command enables the accounting of requested Exec services for network access. Use the no form to d

Command Line Interface4-944aaa accounting commandsThis command enables the accounting of Exec mode commands. Use the no form to disable the accounting

Authentication Commands4-954aaa accounting updateThis command enables the sending of periodic updates to the accounting server. Use the no form to dis

Command Line Interface4-964Example accounting execThis command applies an accounting method to local console or Telnet connections. Use the no form to

Authentication Commands4-974Command Mode Line ConfigurationExample aaa authorization execThis command enables the authorization for Exec access. Use t

Command Line Interface4-984authorization execThis command applies an authorization method to local console or Telnet connections. Use the no form to d

Authentication Commands4-994Command ModePrivileged ExecExample Web Server CommandsThis section describes commands used to configure web browser manage

Command Line Interface4-1004ExampleRelated Commandsip http server (4-100)ip http serverThis command allows this device to be monitored or configured f

Authentication Commands4-1014• When you start HTTPS, the connection is established in this way:- The client authenticates the server using the server’

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-1024Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port. • If you change the HTTPS port numbe

Authentication Commands4-1034Secure Shell CommandsThis section describes the commands used to configure the SSH server. However, note that you also ne

Command Line Interface4-1044Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. A

Authentication Commands4-1054d) The client uses its private key to decrypt the challenge string, computes the MD5 checksum, and sends the checksum bac

Command Line Interface4-1064Related Commandsip ssh crypto host-key generate (4-108)show ssh (4-110)ip ssh timeoutThis command configures the timeout f

Authentication Commands4-1074Command Mode Global ConfigurationExample Related Commandsshow ip ssh (4-109)ip ssh server-key sizeThis command sets the S

Command Line Interface4-1084Example ip ssh crypto host-key generateThis command generates the host key pair (i.e., public and private). Syntax ip ssh

Authentication Commands4-1094Default Setting Clears both the DSA and RSA key.Command Mode Privileged ExecCommand Usage • This command clears the host

Command Line Interface4-1104Example show sshThis command displays the current SSH server connections.Command Mode Privileged ExecExample Console#show

Authentication Commands4-1114show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [use

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

Initial Configuration2-22• Configure up to 32 static or LACP trunks• Enable port mirroring• Set broadcast, multicast or unknown unicast storm control

Command Line Interface4-1124802.1X Port AuthenticationThe switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized acc

Authentication Commands4-1134dot1x defaultThis command sets all configurable dot1x global and port settings to their default values.Command ModeGlobal

Command Line Interface4-1144Defaultforce-authorizedCommand ModeInterface ConfigurationExampledot1x operation-modeThis command allows single or multipl

Authentication Commands4-1154dot1x re-authenticateThis command forces re-authentication on all ports or a specific interface.Syntaxdot1x re-authentica

Command Line Interface4-1164Related Commandsdot1x timeout re-authperiod (4-116)dot1x timeout quiet-periodThis command sets the time that a switch port

Authentication Commands4-1174dot1x timeout tx-periodThis command sets the time that an interface on the switch waits during an authentication session

Command Line Interface4-1184Exampleshow dot1xThis command shows general port authentication related settings on the switch or a specific interface.Syn

Authentication Commands4-1194- max-req – Maximum number of times a port will retransmit an EAP request/identity packet to the client before it times o

Command Line Interface4-1204ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status

Authentication Commands4-1214Management IP Filter CommandsThis section describes commands used to configure IP management access to the switch.managem

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-1224ExampleThis example restricts management access to the indicated addresses.show managementThis command displays the client

General Security Measures4-1234General Security MeasuresThis switch supports many methods of segregating traffic for clients attached to each of the d

Command Line Interface4-1244Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch s

General Security Measures4-1254Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it

Command Line Interface4-1264Network Access (MAC Address Authentication)Network Access authentication controls access to the network by authenticating

General Security Measures4-1274Command Usage The maximum number of MAC addresses per port is 2048, and the maximum number of secure MAC addresses supp

Command Line Interface4-1284indicates untagged VLAN and “t” tagged VLAN. The “Tunnel-Type” attribute should be set to “VLAN,” and the “Tunnel-Medium-T

General Security Measures4-1294Examplemac-authentication max-mac-countUse this command to set the maximum number of MAC addresses that can be authenti

Command Line Interface4-1304Example show network-access mac-address-tableUse this command to display secure MAC address table entries.Syntaxshow netwo

General Security Measures4-1314Example DHCP Snooping CommandsDHCP snooping allows a switch to protect a network from rogue DHCP servers or other devic

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-1324ip dhcp snoopingThis command enables DHCP snooping globally. Use the no form to restore the default setting.Syntax [no] ip

General Security Measures4-1334MAC address verification is enabled, then the packet will only be forwarded if the client’s hardware address stored in

Command Line Interface4-1344packet filtering will be performed on any untrusted ports within the VLAN as specified by the ip dhcp snooping trust comma

General Security Measures4-1354• Additional considerations when the switch itself is a DHCP client – The port(s) through which it submits a client req

Command Line Interface4-1364ip dhcp snooping information optionThis command enables the DHCP Option 82 information relay for the switch. Use the no fo

General Security Measures4-1374ip dhcp snooping information policyThis command sets the DHCP snooping information option policy for DHCP client packet

Command Line Interface4-1384show ip dhcp snoopingThis command shows the DHCP snooping configuration settings.Command Mode Privileged ExecExampleshow i

General Security Measures4-1394IP Source Guard CommandsIP Source Guard is a security feature that filters IP traffic on network interfaces based on ma

Command Line Interface4-1404• When enabled, traffic is filtered based upon dynamic entries learned via DHCP snooping, or static addresses configured i

General Security Measures4-1414ip source-guard bindingThis command adds a static address to the source-guard binding table. Use the no form to remove

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1424Related Commands ip source-guard (4-139)ip dhcp snooping (4-132)ip dhcp snooping vlan (4-133)show ip source-guardThis comm

Access Control List Commands4-1434Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, pro

Command Line Interface4-1444access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the

Access Control List Commands4-1454permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for pack

Command Line Interface4-1464permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets w

Access Control List Commands4-1474Command Usage• All new rules are appended to the end of the list.• Address bitmasks are similar to a subnet mask, co

Command Line Interface4-1484Related Commandsaccess-list ip (4-144)show ip access-list This command displays the rules for configured IP ACLs.Syntaxsho

Access Control List Commands4-1494Example Related Commandsshow ip access-list (4-148)show ip access-groupThis command shows the ports assigned to IP A

Command Line Interface4-1504access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the s

Access Control List Commands4-1514[no] {permit | deny} untagged-eth2{any|hostsource | source address-bitmask} {any|hostdestination | destination addre

Initial Configuration2-624. If network connections are normally slow, type “ip dhcp restart” to re-start broadcasting service requests. Press <Ente

Command Line Interface4-1524Example This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where the Ether

Access Control List Commands4-1534Example Related Commandsshow mac access-list (4-152)show mac access-groupThis command shows the ports assigned to MA

Command Line Interface4-1544ACL Informationshow access-listThis command shows all ACLs and associated rules.Command ModePrivileged ExecExample show ac

Interface Commands4-1554Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

Command Line Interface4-1564Command Mode Global Configuration Example To specify port 24, enter the following command:descriptionThis command adds a d

Interface Commands4-1574Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex settin

Command Line Interface4-1584Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capab

Interface Commands4-1594Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a

Command Line Interface4-1604• Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back

Interface Commands4-1614Default Setting All interfaces are enabled.Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage This com

Basic Configuration2-72The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

Command Line Interface4-1624Example The following shows how to configure broadcast storm control at 500 packets per second: clear countersThis command

Interface Commands4-1634show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface • e

Command Line Interface4-1644show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface •

Interface Commands4-1654show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Syntax s

Command Line Interface4-1664 Private-VLAN Mode: NONE Private-VLAN host-association: NONE Private-VLAN Mapping: NONE 802.1Q-tunnel

Link Aggregation Commands4-1674Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth

Command Line Interface4-1684Dynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following criteria:• Ports must

Link Aggregation Commands4-1694lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

Command Line Interface4-1704ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end o

Link Aggregation Commands4-1714Command Mode Interface Configuration (Ethernet)Command Usage • Port must be configured with the same system priority to

Initial Configuration2-82Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a vi

Command Line Interface4-1724• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configur

Link Aggregation Commands4-1734lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lac

Command Line Interface4-1744show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbors | sysid}•

Link Aggregation Commands4-1754Console#show lacp 1 internalPort channel : 1-------------------------------------------------------------------------Op

Command Line Interface4-1764Console#show lacp 1 neighborsPort channel 1 neighbors---------------------------------------------------------------------

Link Aggregation Commands4-1774Console#show lacp sysidPort Channel System Priority System MAC Address------------------------------------------

Command Line Interface4-1784Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis com

Mirror Port Commands4-1794Example The following example configures the switch to mirror received packets from port 6 to 11:show port monitorThis comma

Command Line Interface4-1804RSPAN Mirroring CommandsRemote Switched Port Analyzer (RSPAN) allows you to mirror traffic from remote switches for analys

RSPAN Mirroring Commands4-1814has been configured, MAC address learning will still not be re-started on the RSPAN uplink ports. • IEEE 802.1X – RSPAN

Managing System Files2-92Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many d

Command Line Interface4-1824• The source port and destination port cannot be configured on the same switch.Example The following example configures th

RSPAN Mirroring Commands4-1834Example The following example configures port 4 to receive mirrored RSPAN traffic:rspan remote vlanUse this command to s

Command Line Interface4-1844switchport allowed vlan command (page 4-226). Nor can GVRP dynamically add port members to an RSPAN VLAN. Also, note that

Rate Limit Commands4-1854Command Mode Privileged ExecExample Rate Limit CommandsThis function allows the network manager to control the maximum rate f

Command Line Interface4-1864Command Mode Interface Configuration (Ethernet, Port Channel)ExamplePower over Ethernet CommandsThe commands in this group

Power over Ethernet Commands4-1874Default Setting 375 wattsCommand Mode Global ConfigurationCommand Usage • Setting a maximum power budget for the swi

Command Line Interface4-1884Example power inlineThis command instructs the switch to automatically detect if a PoE-compliant device is connected to th

Power over Ethernet Commands4-1894power inline maximum allocationThis command limits the power allocated to specific ports. Use the no form to restore

Command Line Interface4-1904Command Usage • If the power demand from devices connected to the switch exceeds the power budget setting, the switch uses

Power over Ethernet Commands4-1914show power inline statusThis command displays the current power status for all ports or for specific ports.Syntax sh

Initial Configuration2-102

Command Line Interface4-1924show power mainpowerUse this command to display the current power status for the switch.Command Mode Privileged ExecExampl

Power over Ethernet Commands4-1934mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remov

Command Line Interface4-1944clear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the transm

Power over Ethernet Commands4-1954means to match a bit and “1” means to ignore a bit. For example, a mask of 00-00-00-00-00-00 means an exact match, a

Command Line Interface4-1964Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Spanning Tree Commands4-1974spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Command Line Interface4-1984Command Usage • Spanning Tree ProtocolUses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This create

Spanning Tree Commands4-1994Default Setting 15 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) t

Command Line Interface4-2004spanning-tree max-ageThis command configures the spanning tree bridge maximum age globally for this switch. Use the no for

Spanning Tree Commands4-2014Default Setting 32768Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device,

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

Command Line Interface4-2024spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutive RSTP/

Spanning Tree Commands4-2034mst vlanThis command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no f

Command Line Interface4-2044Default Setting 32768Command Mode MST ConfigurationCommand Usage • MST priority is used in selecting the root bridge and a

Spanning Tree Commands4-2054revisionThis command configures the revision number for this multiple spanning tree configuration of this switch. Use the

Command Line Interface4-2064bridge decrements the hop count by one before passing on the BPDU. When the hop count reaches zero, the message is dropped

Spanning Tree Commands4-2074Default Setting By default, the system automatically detects the speed and duplex mode used on each port, and configures t

Command Line Interface4-2084spanning-tree port-priorityThis command configures the priority for the specified interface. Use the no form to restore th

Spanning Tree Commands4-2094devices such as workstations or servers, retains the current forwarding database to reduce the amount of frame flooding re

Command Line Interface4-2104Related Commandsspanning-tree edge-port (4-208)spanning-tree link-typeThis command configures the link type for Rapid Span

Spanning Tree Commands4-2114spanning-tree mst costThis command configures the path cost on a spanning instance in the Multiple Spanning Tree. Use the

vAbout This GuidePurposeThis guide gives specific information on how to operate and use the management functions of the switch.AudienceThe guide is in

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-2124spanning-tree mst port-priorityThis command configures the interface priority on a spanning instance in the Multiple Spann

Spanning Tree Commands4-2134Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs,

Command Line Interface4-2144ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------

VLAN Commands4-2154show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privileged Exec

Command Line Interface4-2164GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN information

VLAN Commands4-2174show bridge-extThis command shows the configuration for bridge extension commands.Default Setting NoneCommand Mode Privileged ExecC

Command Line Interface4-2184show gvrp configurationThis command shows if GVRP is enabled.Syntax show gvrp configuration [interface]interface • etherne

VLAN Commands4-2194Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client

Command Line Interface4-2204Related Commandsgarp timer (4-218)Editing VLAN Groupsvlan databaseThis command enters VLAN database mode. All commands in

VLAN Commands4-2214vlanThis command configures a VLAN. Use the no form to restore the default settings or delete a VLAN.Syntax vlan vlan-id [name vlan

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

Command Line Interface4-2224Configuring VLAN Interfacesinterface vlanThis command enters interface configuration mode for VLANs, which is used to conf

VLAN Commands4-2234switchport modeThis command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax switchpor

Command Line Interface4-2244switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restor

VLAN Commands4-2254• If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be f

Command Line Interface4-2264switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the defau

VLAN Commands4-2274switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Syntax swit

Command Line Interface4-2284Displaying VLAN Informationshow vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name | pr

VLAN Commands4-2294Configuring IEEE 802.1Q TunnelingIEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers

Command Line Interface4-2304reconfigured to overcome a break in the tree. It is therefore advisable to disable spanning tree on these ports.dot1q-tunn

VLAN Commands4-2314• When a tunnel uplink port receives a packet from a customer, the customer tag (regardless of whether there are one or more tag la

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Command Line Interface4-2324ExampleRelated Commandsshow interfaces switchport (4-165)show dot1q-tunnelThis command displays information about QinQ tun

VLAN Commands4-2334Configuring Port-based Traffic SegmentationIf tighter security is required for passing traffic from different clients through downl

Command Line Interface4-2344Examplepvlan up-link/down-linkThis command configures uplink/downlink ports for traffic-segmentation client sessions. Use

VLAN Commands4-2354ExampleConfiguring Private VLANsPrivate VLANs provide port-based security and isolation of local ports contained within different p

Command Line Interface4-2364To configure primary/community associated groups, follow these steps:1. Use the private-vlan command to designate one or m

VLAN Commands4-2374Exampleprivate vlan associationUse this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no for

Command Line Interface4-2384switchport mode private-vlanUse this command to set the private VLAN mode for an interface. Use the no form to restore the

VLAN Commands4-2394Command UsageAll ports assigned to a secondary (i.e., community) VLAN can pass traffic between group members, but must communicate

Command Line Interface4-2404Default Setting NoneCommand Mode Privileged Executive ExampleConfiguring Protocol-based VLANsThe network devices required

VLAN Commands4-2414Ethernet traffic must not be mapped to another VLAN or you will lose administrative network connectivity to the switch. If lost in

Navigating the Web Browser Interface3-53SNMPv3 3-43Engine ID Sets the SNMP v3 engine ID on this switch 3-43Remote Engine ID Sets the SNMP v3 engine ID

Command Line Interface4-2424Default Setting No protocol groups are mapped for any interface.Command Mode Interface Configuration (Ethernet, Port Chann

VLAN Commands4-2434Example This shows protocol group 1 configured for IP over Ethernet:show interfaces protocol-vlan protocol-groupThis command shows

Command Line Interface4-2444Class of Service CommandsThe commands described in this section allow you to specify which data packets have greater prece

Class of Service Commands4-2454queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (C

Command Line Interface4-2464Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero.Comma

Class of Service Commands4-2474Default Setting Weights 1, 2, 4, 8 are assigned to queues 0-3 respectively.Command Mode Interface Configuration (Ethern

Command Line Interface4-2484Default Setting This switch supports Class of Service by using four priority queues, with Weighted Round Robin queuing for

Class of Service Commands4-2494show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the four priority que

Command Line Interface4-2504Priority Commands (Layer 3 and 4) map ip port (Global Configuration)This command enables IP port mapping (i.e., class of s

Class of Service Commands4-2514map ip port (Interface Configuration)This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form

Configuring the Switch3-63 802.1X Port authentication 3-80Information Displays global configuration settings 3-82Configuration Configures the global

Command Line Interface4-2524Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface Configuratio

Class of Service Commands4-2534Default Setting DisabledCommand Mode Global ConfigurationCommand Usage The precedence for priority mapping is IP DSCP,

Command Line Interface4-2544Command Usage • The precedence for priority mapping is IP DSCP, and default switchport priority. • DSCP priority values ar

Class of Service Commands4-2554show map ip precedenceThis command shows the IP precedence priority map.Syntax show map ip precedence [interface]interf

Command Line Interface4-2564Command Mode Privileged ExecExample Related Commands map ip dscp (Global Configuration) (4-252)map ip dscp (Interface Conf

Quality of Service Commands4-2574Quality of Service CommandsThe commands described in this section are used to configure Differentiated Services (Diff

Command Line Interface4-25845. Use the set command to modify the QoS value for matching traffic class, and use the policer command to monitor the aver

Quality of Service Commands4-2594matchThis command defines the criteria used to classify traffic. Use the no form to delete the matching criteria.Synt

Command Line Interface4-2604renameThis command redefines the name of a class map or policy map.Syntax rename map-namemap-name - Name of the class map

Quality of Service Commands4-2614policy-mapThis command creates a policy map that can be attached to multiple interfaces, and enters Policy Map config

Navigating the Web Browser Interface3-73Power Config Configures the power budget for the switch 3-136Power Port Status Displays the status of port pow

Command Line Interface4-2624Command Mode Policy Map ConfigurationCommand Usage • Use the policy-map command to specify a policy map and enter Policy M

Quality of Service Commands4-2634incoming packets will receive, and then uses the police command to limit the average bandwidth to 100,000 Kbps, the b

Command Line Interface4-2644service-policyThis command applies a policy map defined by the policy-map command to the ingress queue of a particular int

Quality of Service Commands4-2654Exampleshow policy-map This command displays the QoS policy maps which define classification criteria for incoming tr

Command Line Interface4-2664Command Mode Privileged ExecExample Multicast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol)

Multicast Filtering Commands4-2674ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp

Command Line Interface4-2684ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Syntax i

Multicast Filtering Commands4-2694• The IGMP snooping leave-proxy feature suppresses all unnecessary IGMP leave messages so that the non-querier switc

Command Line Interface4-2704ExampleThe following shows how to enable immediate leave. show ip igmp snoopingThis command shows the IGMP snooping config

Multicast Filtering Commands4-2714Command Mode Privileged ExecCommand Usage Member types displayed include IGMP or USER, depending on selected options

Configuring the Switch3-83Trunk Configuration Specifies default trunk VID and VLAN attributes 3-176Tunnel Port Configuration Adds ports to a QinQ tun

Command Line Interface4-2724Command Usage • IGMP snooping querier is not supported for IGMPv3 snooping (see ip igmp snooping version, page 4-268).• If

Multicast Filtering Commands4-2734ip igmp snooping query-intervalThis command configures the query interval. Use the no form to restore the default.Sy

Command Line Interface4-2744Example The following shows how to configure the maximum response time to 20 seconds:Related Commands ip igmp snooping ver

Multicast Filtering Commands4-2754Static Multicast Routing CommandsThis section describes commands used to configure static multicast routing on the s

Command Line Interface4-2764show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast

Multicast Filtering Commands4-2774IGMP Filtering and Throttling CommandsIn certain switch applications, the administrator may want to control the mult

Command Line Interface4-2784• The IGMP filtering feature operates in the same manner when MVR is used to forward multicast traffic.Example ip igmp pro

Multicast Filtering Commands4-2794• When the access mode is set to permit, IGMP join reports are processed when a multicast group falls within the con

Command Line Interface4-2804Command Mode Interface ConfigurationCommand Usage • The IGMP filtering profile must first be created with the ip igmp prof

Multicast Filtering Commands4-2814Example ip igmp max-groups actionThis command sets the IGMP throttling action for an interface on the switch. Syntax

Navigating the Web Browser Interface3-93IGMP Immediate Leave Enables the immediate leave function 3-212Multicast Router Port InformationDisplays the p

Command Line Interface4-2824Command Mode Privileged ExecExample show ip igmp profileThis command displays IGMP filtering profiles created on the switc

Multicast Filtering Commands4-2834show ip igmp throttle interfaceThis command displays the interface settings for IGMP throttling. Syntax show ip igmp

Command Line Interface4-2844Multicast VLAN Registration CommandsThis section describes commands used to configure Multicast VLAN Registration (MVR). A

Multicast Filtering Commands4-2854Command Mode Global ConfigurationCommand Usage • Use the mvr group command to statically configure all multicast gro

Command Line Interface4-2864mvr (Interface Configuration)This command configures an interface as an MVR receiver or source port using the type keyword

Multicast Filtering Commands4-2874• Immediate leave applies only to receiver ports. When enabled, the receiver port is immediately removed from the mu

Command Line Interface4-2884Default Setting Displays global configuration settings for MVR when no keywords are used.Command Mode Privileged ExecComma

Multicast Filtering Commands4-2894The following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN:Statu

Command Line Interface4-2904Domain Name Service CommandsThese commands are used to configure Domain Naming System (DNS) services. Entries can be manua

Domain Name Service Commands4-2914Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If mor

Configuring the Switch3-103Binding Information Displays the DHCP Snooping binding information 3-106IP Source Guard 3-107Port Configuration Enables IP

Command Line Interface4-2924Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-292)ip name-server (4-293)i

Domain Name Service Commands4-2934ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-

Command Line Interface4-2944ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4

Domain Name Service Commands4-2954Related Commands ip domain-name (4-291)ip name-server (4-293)show hostsThis command displays the static host name-to

Command Line Interface4-2964show dns cacheThis command displays entries in the DNS cache.Command Mode Privileged ExecExample clear dns cacheThis comma

IP Interface Commands4-2974IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for

Command Line Interface4-2984• If you select the bootp or dhcp option, IP is enabled but will not function until a BOOTP or DHCP reply has been receive

IP Interface Commands4-2994Related Commands show ip redirects (4-300)ip dhcp restart This command submits a BOOTP or DHCP client request.Default Setti

Command Line Interface4-3004Related Commands show ip redirects (4-300)show ip redirectsThis command shows the default gateway configured for this devi

IP Interface Commands4-3014• Press <Esc> to stop pinging.Example Related Commands interface (4-155)Console#ping 10.1.0.9Type ESC to abort.PING t

Basic Configuration3-113Basic ConfigurationThis section describes the basic functions required to set up management access to the switch, display or u

Command Line Interface4-3024

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthentication and General Security MeasuresLocal, RADIUS, TACACS, Port (802.1X, MAC Authentica

Software SpecificationsA-2AMulticast Filtering IGMP Snooping (Layer 2)Multicast VLAN RegistrationQuality of ServiceDiffServ supports class maps, polic

Management Information BasesA-3ADHCP Client (RFC 2131)DHCP Options (RFC 2132)HTTPS IGMP (RFC 1112)IGMPv2 (RFC 2236)IGMPv3 (RFC 3376) - partial support

Software SpecificationsA-4ASNMP View Based ACM MIB (RFC 3415)TACACS+ Authentication Client MIBTCP MIB (RFC 2013)Trap (RFC 1215)UDP MIB (RFC 2013)

B-1Appendix B: Troubleshooting Problems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2DHCP SnoopingA technique used to enhance network security by snooping on DHCP server messages to track the physical location of host

Glossary-3GlossaryIEEE 802.1pAn IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define u

vi

Configuring the Switch3-123Web – Click System, System Information. Specify the system name, location, and contact information for the system administr

GlossaryGlossary-4IP Multicast FilteringA process whereby this switch can pass multicast traffic along to participating hosts.IP PrecedenceThe Type of

Glossary-5GlossaryMultiple Spanning Tree Protocol (MSTP)MSTP can provide an independent spanning tree for different VLANs. It simplifies network manag

GlossaryGlossary-6Remote Monitoring (RMON)RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard

Glossary-7GlossaryTransmission Control Protocol/Internet Protocol (TCP/IP)Protocol suite that includes TCP as the primary transport protocol, and IP a

GlossaryGlossary-8

Index-1Numerics802.1Q tunnel 3-178, 4-229access 3-183, 4-230configuration, guidelines 3-181configuration, limitations 3-180description 3-178ethernet t

Index-2IndexDdefault gateway, configuration 3-16, 4-298default priority, ingress port 3-189, 4-245default settings, system 1-6DHCP 3-18, 4-297client 3

Index-3IndexIGMPfilter profiles, configuration 3-219, 4-277filter, parameters 3-219, 4-277filtering & throttling, creating profile 3-218, 4-278fil

Index-4IndexMSTP 3-158, 4-197configuring 3-158, 4-202–4-213global settings, configuring 3-147, 3-158, 4-196, 4-203–4-205global settings, displaying 3-

Index-5Indexproblems, troubleshooting B-1profiles, IGMP filter 3-219, 4-278promiscuous ports 4-235protocol migration 3-156, 4-212protocol VLANs 3-185,

Basic Configuration3-133Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers for

Index-6IndexSTA 3-142, 4-196edge port 3-153, 3-156, 4-208global settings, configuring 3-147, 4-197–4-202global settings, displaying 3-144, 4-213interf

Index-7IndexVVLANs 3-164, 3-185, 3-189, 4-215, 4-228802.1Q tunnel mode 3-183, 4-230adding static members 3-173, 3-175, 4-226creating 3-170, 4-221descr

Index-8Index

149100000023A R01SMC8126PL2-F

Configuring the Switch3-143CLI – Use the following command to display version information.Console#show version 4-22Unit 1Unit 1 Serial Number:

Basic Configuration3-153Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filterin

Configuring the Switch3-163CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface

Basic Configuration3-173Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, se

Configuring the Switch3-183Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

Basic Configuration3-193Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or t

Configuring the Switch3-203Managing FirmwareJust specify the method of file transfer, along with the file type and file names as required. By saving r

Basic Configuration3-213Web –Click System, File Management, Copy Operation. Select “tftp to file” as the file transfer method, enter the IP address of

viiContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-6Chapter 2: Initial Configuration 2

Configuring the Switch3-223CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “opcode” as the file typ

Basic Configuration3-233Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set it

Configuring the Switch3-243CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the swit

Basic Configuration3-253• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match th

Configuring the Switch3-263CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the cur

Basic Configuration3-273• Password2 – Specifies a password for the line connection. When a connection is started on a line with password protection, t

Configuring the Switch3-283Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that

Basic Configuration3-293Web – Click System, Log, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash

Configuring the Switch3-303• Host IP Address – Specifies a new server IP address to add to the Host IP List.Web – Click System, Log, Remote Logs. To a

Basic Configuration3-313Displaying Log MessagesThe Logs page allows you to scroll through the logged system and event messages. The switch can store u

ContentsviiiSaving or Restoring Configuration Settings 3-22Downloading Configuration Settings from a Server 3-23Console Port Settings 3-24Telnet Se

Configuring the Switch3-323• SMTP Server – Specifies a new SMTP server address to add to the SMTP Server List.• Email Destination Address List – Speci

Basic Configuration3-333CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify

Configuring the Switch3-343CLI – Use the reload command to restart the switch. When prompted, confirm that you want to reset the switch.When restartin

Basic Configuration3-353Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic upda

Configuring the Switch3-363Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply.Figure 3-22 SNTP ConfigurationCLI

Simple Network Management Protocol3-373Web – Select SNTP, Clock Time Zone. Set the offset for your time zone relative to the UTC, and click Apply.Figu

Configuring the Switch3-383Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity, au

Simple Network Management Protocol3-393Enabling the SNMP AgentEnables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3).Command Attr

Configuring the Switch3-403Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Access Mode drop-

Simple Network Management Protocol3-413To send an inform to a SNMPv2c host, complete these steps:1. Enable the SNMP agent (3-39).2. Enable trap inform

ContentsixGenerating the Host Key Pair 3-77Configuring the SSH Server 3-79Configuring 802.1X Port Authentication 3-80Displaying 802.1X Global Sett

Configuring the Switch3-423• Enable Authentication Traps3 – Issues a notification message to specified IP trap managers whenever an invalid community

Simple Network Management Protocol3-433Configuring SNMPv3 Management AccessTo configure SNMPv3 management access to the switch, follow these steps:1.

Configuring the Switch3-443Specifying a Remote Engine IDTo send inform messages to an SNMPv3 user on a remote device, you must first specify the engin

Simple Network Management Protocol3-453Configuring SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific

Configuring the Switch3-463Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a

Simple Network Management Protocol3-473Configuring Remote SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a s

Configuring the Switch3-483Web – Click SNMP, SNMPv3, Remote Users. Click New to configure a user name. In the New User page, define a name and assign

Simple Network Management Protocol3-493Configuring SNMPv3 Groups An SNMPv3 group sets the access policy for its assigned users, restricting them to sp

Configuring the Switch3-503linkDown*1.3.6.1.6.3.1.1.5.3 A linkDown trap signifies that the SNMP entity, acting in an agent role, has detected that the

Simple Network Management Protocol3-513Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, ass