Edge-CoreメーカーES4612の使用説明書/サービス説明書
ページ先へ移動 of 666
t h e r e i s n o e d g e l i m i t t h e r e i s n o p e r m a n e n t c o r e t h e r e i s n o e d g e l i m i t t h e r e i s n o p e r m a n e n t c o r e Gigabit Ethernet Switch Management Guide.
.
Mana geme nt Guide Giga bit Ether net Swit ch Laye r 3 Wo rkgroup Switc h with 8 SF P Po rts, and 4 Gigabit Combin ation (R J-45/S FP) Por ts.
ES461 2 F1.0 .2.5 E092 004-R01 1500 000464 00A.
v Conten ts Chapter 1: In troduction 1-1 Key Fe atures 1-1 Descripti on of So ftware Feature s 1-2 Sys tem Defa ult s 1-6 Chapter 2: In itial Config uration 2-1 Connec ting to the Swit ch 2-1 Config u.
Contents vi Cons ole Port Setting s 3-24 Teln et Settings 3-26 Confi guring E ve nt Logg ing 3-28 Syst em Log Con figurati on 3-28 Remot e Log C onfi guratio n 3-30 Displ aying Lo g Messa ges 3-32 Res.
Contents vii Port Conf igu ration 3-78 Displ aying Con nectio n Status 3-78 Config uring I nte rface Con necti ons 3-81 Cre ating T runk G roups 3-83 Static ally Co nfiguri ng a Tr unk 3-84 Enabli ng .
Contents viii Selec ting t he Que ue Mo de 3-1 42 Settin g the Se rvice Weigh t for Traff ic Classe s 3-142 Layer 3 /4 Pr iority Settings 3-144 Mappin g Laye r 3/ 4 Priorit ies to C oS Value s 3-144 S.
Contents ix Config uring I P Rout ing Interfa ces 3-197 Addres s Resolu tion Pro tocol 3-199 Proxy ARP 3-199 Ba sic ARP Conf igu rati on 3- 200 Config uring Sta tic AR P Address es 3-201 Displ aying D.
Contents x Displ aying Neighb or In format ion 3-264 Chapter 4 : Command L ine Interfa ce 4-1 Using the C ommand Li ne Inter face 4-1 Acc essing t he CL I 4-1 Cons ole C onnec tion 4-1 Teln et Conn ec.
Contents xi Syste m Man ageme nt Co mman ds 4-25 De vice Desi gna tion Co mmand s 4-25 promp t 4-26 hostn ame 4- 26 User Ac cess Com mand s 4-27 usern ame 4- 27 enabl e pas sword 4-28 IP Filter Comm a.
Contents xii Tim e Co mmand s 4-53 snt p cli ent 4-5 3 snt p serv er 4-5 4 sntp poll 4-55 show snt p 4 -55 clo ck time zone 4-56 cale ndar s et 4-57 show cal endar 4 -57 Sys tem Sta tus Com mands 4 -5.
Contents xiii dot1x operat ion- mode 4-82 dot1x re-auth entica te 4-82 dot1x re-auth entica tio n 4-83 dot1x timeo ut qui et-perio d 4- 83 dot1x timeo ut re-au thperio d 4-84 dot1x timeo ut tx-p eriod.
Contents xiv snmp-s erver eng ine-id 4-1 19 show s nm p engi ne- id 4 -119 snmp -serve r v iew 4 -120 sho w sn mp vi ew 4-12 1 snmp-s erver group 4-121 sho w sn mp gro up 4-123 snmp-s erver user 4-124.
Contents xv Int erf ace Co mman ds 4- 149 inter face 4-1 49 des cri pti on 4 -150 spee d-dupl ex 4-1 50 neg oti atio n 4- 151 capa bilit ies 4-1 52 media-t ype 4-1 54 shut down 4-1 54 switc hport b ro.
Contents xvi spa nning -tree edg e-port 4-181 spa nning -tree port fast 4-182 spa nning -tree lin k-typ e 4-183 spa nning -tree ms t cost 4-1 83 spanni ng-tree mst p ort-priori ty 4-184 spa nning -tre.
Contents xvii show q ueu e cos- map 4-2 12 Priorit y Comm ands (Layer 3 and 4 ) 4-213 map i p port (Gl obal Co nfigura tio n) 4-2 13 map i p port (Inter face Co nfigura tion) 4-214 map i p prec edenc .
Contents xviii arp 4-2 41 arp-ti meout 4-2 42 clea r arp-ca che 4-242 show arp 4-2 42 ip pr oxy-arp 4-243 IP Routing Commands 4-244 Gl obal Rou tin g Config ura tion 4-244 ip ro uting 4-244 ip ro ute .
Contents xix ip os pf hel lo-inte rval 4-276 ip os pf prio rity 4-2 76 ip os pf retra nsmit -int erval 4-277 ip os pf trans mit-d elay 4-2 78 sho w ip os pf 4 -27 8 show i p osp f border-r outer s 4-2.
Contents xx Rou ter Redunda nc y Comman ds 4-311 Virtua l Ro uter R edund ancy Protocol Comma nds 4-311 vrrp ip 4-312 vrrp a uthent icatio n 4-313 vrrp p riority 4-313 vrrp t imers adv ertise 4-3 14 v.
xxi Tables Tabl e 1-1 Key Fe atures 1-1 Tab le 1 -2 Sys tem Def aul ts 1- 6 Tabl e 3-1 Web Pa ge Confi guratio n Bu ttons 3-3 Tabl e 3-2 Switch Ma in Menu 3-4 Tabl e 3-3 Logging Lev els 3-2 9 Tabl e 3-4 SNMPv3 Securit y Mod els an d Lev els 3-35 Tabl e 3-5 HTTPS System Support 3-4 9 Tabl e 3-6 802.
xxii T ables Table 4-18 show l ogging flash - disp lay d escrip tio n 4-48 Table 4-19 show l ogging trap - d ispla y des criptio n 4-49 Table 4-20 SMTP Ale rt Comm ands 4-49 Table 4-2 1 Time Comman ds.
xxiii T ables Tabl e 4-63 Prio rity Com mand s 4 -207 Tabl e 4-64 Prio rity Com mand s (Lay er 2) 4-207 Tabl e 4-65 Defaul t CoS Pri ority Levels 4-21 1 Tabl e 4-66 Prio rity Com mand s ( Layer 3 and .
xxiv T ables Table 4-108 VRRP Comma nds 4 -311 Table 4-110 show v rrp brief - disp lay d escrip tio n 4-317 Table 4-109 show v rrp - dis play descr iption 4-317 Table 4-111 HSRP Com mands 4 -320 Table.
xxv Figure s Fig ure 3- 1 Hom e Pag e 3-2 Figu re 3-2 F ront Panel Indi cators 3-3 Figu re 3-3 Syst em Info rmatio n 3-11 Figu re 3-4 Switch Inform ation 3-13 Figu re 3-5 Bridge Extens ion Co nfigura .
xxvi Figures Figu re 3-42 ACL C onfigu ration - Ext ended IP 3-70 Figu re 3-43 ACL C onfigu ration - MAC 3-72 Figu re 3-44 ACL Mask Conf igurat ion 3-7 3 Figu re 3-45 ACL Mask Config uration - IP 3-75.
xxvii Figures Figu re 3-87 IP DSCP Priority 3-14 7 Figu re 3-88 IP Port Pr iority Statu s 3-148 Figu re 3-89 IP Port Pr iority 3-148 Figu re 3-90 ACL CoS Priori ty 3-15 0 Fig ure 3- 91 ACL M ark er 3-.
xxviii Figures Figu re 3-132 OSPF Area Co nfigura tion 3-229 Figu re 3-133 OSPF Range Config uration 3-231 Figu re 3-134 OSPF Interface Config ura tion 3-23 4 Figu re 3-135 OSPF Inte rface C onfig ura.
1-1 Chapter 1: Introduction This sw itch provid es a broa d range of fe atures for Layer 2 swi tching and La yer 3 routi ng. It includ es a manag ement agent tha t allows you to configu re the fea tures listed in th is manu al. The defa ult configur ation can be used f or most of the features prov ided by this swi tch.
Introducti on 1-2 1 Description of S oftware Features The s witch provid es a w ide range o f a dvanced perfor mance enha ncing featur es. Flow co ntrol elim inates th e loss of packets du e to bottle necks cau sed by po rt satura tion. Broa dcast st orm sup pression pr even t s broadc ast traffic stor ms from engulf ing the netw ork.
Descripti on of Software Feat ures 1-3 1 DHCP Server and DHCP Relay – A DHCP server i s provided to a ssign IP addresses to ho st de v ices. Sinc e DHCP uses a broadca st mechanism, a DHCP serv er and its clie nt m ust ph ysical ly resi de on the same subnet .
Introducti on 1-4 1 T o avoid dropping frame s on cong ested ports, th e switch pr ovides 1 MB for frame buffering. This buffer can queu e pack ets awa iting tra nsm ission o n co ngested netwo rks. Sp anning T ree Protocol – The s witch sup ports thes e spanning tre e protoc ols: S panning T ree Prot ocol (ST P , I EEE 802.
Descripti on of Software Feat ures 1-5 1 This sw itch also supports sev eral comm on met hods of pr ioritizing layer 3/4 tr aff ic to mee t applicati on require ments. T raffic can be prio ritized bas ed on th e priority bits in the IP fram e’s T ype of Service ( T oS) octe t or the nu mber of th e TCP/UDP p ort.
Introducti on 1-6 1 Multicast Routing – Routing fo r multicas t p ack ets is suppor ted by the D istance V ector M ulticast R outing P rotoco l (DVMR P) and Protocol -Indepe ndent Mul ticast ing - De nse Mode (PIM- DM). T hese prot ocol s work i n conj uncti on with IGMP t o filt er an d route m ulticast tra f fic.
System Defaults 1-7 1 Web Man ageme nt HTTP Server Enabled HTTP Po rt Number 80 HTTP Se cure Serve r Enabl ed HTTP Secure Port N umber 443 SNMP Comm unity S trings “ public” (r ead on ly) “priva.
Introducti on 1-8 1 Spa nnin g T ree Protoc ol Status Enabled, MSTP (Defau lts: All values based on IEEE 802.1s ) Fast F orward ing (Edge Port) Disabl ed Addre ss T abl e Ag ing Time 30 0 seco nds Vir.
System Defaults 1-9 1 Route r Redu ndancy HSRP Disabl ed VRRP Dis abled Multica st Filte ring IGMP Sn ooping (Layer 2) Snoop ing: E nabled Querie r: Disa bled IGMP (La yer 3) Disabl ed Multica st Rout.
Introducti on 1-10 1.
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configur ation Options The swi tch inclu des a built-i n network managem ent age nt. The ag ent offers a var iety of m anagem ent options, includi ng S NMP , R MON a nd a web- based i nterfac e.
Initial C onfiguratio n 2-2 2 • Configu re S panning Tre e param eter s • Configu re C lass of Service (CoS) priorit y queui ng • Configu re up to 6 st atic or LAC P trunk s • Enabl e port mir.
Basic Confi guration 2-3 2 Remote Connections Prior to ac cessing the s witch’s on board a gent via a netwo rk c onnection , you mus t fi rst c onfi gure it w it h a va lid I P add ress , su bnet mask , an d def aul t ga tewa y usin g a conso le connec tion, D HCP or BO OTP proto col.
Initial C onfiguratio n 2-4 2 Setting Passwords Note: If this is your first t ime to log into t he CLI program, y ou should define new passwords for both default user names us ing the “u sername” c ommand, rec ord them and put them in a safe place.
Basic Confi guration 2-5 2 Before y ou can as sign an IP address t o the switch , you mus t obtain the f ollowing infor mation from your netw ork adm inistr ator: • I P addr ess for th e swit ch • Defau lt gateway for the ne twork • Netwo rk mask fo r this network T o assi gn an IP add ress to the switc h, comp lete the fo llowing st eps: 1.
Initial C onfiguratio n 2-6 2 5. W ai t a few min utes, an d then chec k the IP con figurat ion settings by typ ing the “sho w ip interface ” comm and. P ress <Ent er>. 6. Then sa ve your con figur ation ch anges by ty ping “co py running- confi g startup-co nfig.
Basic Confi guration 2-7 2 Th e defa ult s tring s are : • public - wi th re ad-only acces s. Aut horize d mana gement stat ions a re onl y able to ret rieve MIB ob ject s. • private - with read-w rite ac cess. A uthorized ma nagemen t stat ions a re abl e to both ret rieve and modif y MIB object s.
Initial C onfiguratio n 2-8 2 Configurin g Access for SNMP Vers ion 3 Clie nts T o confi gure ma nageme nt acc ess for SNMP v3 clien t s, yo u need to first create a view tha t defin es the po rtions of MIB that the client ca n read or write, assign the v iew to a group , and then assign th e user to a group .
Managing System Files 2-9 2 Managing Syste m Files Th e swit ch’ s fl ash memory su pport s th ree type s of syst em fi les t hat can be manag ed by the CLI program, web interface, or SNMP . The switch’ s file system allows files to be upload ed and d ownlo aded, cop ied, delet ed, and se t as a start-up file.
Initial C onfiguratio n 2-10 2.
3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This sw itch pr ovides an e mbedde d HT TP web agent. Using a web browse r you c an conf igure the swi tch and view statistic s to monit or networ k activity . The web agen t can be ac cess ed by any com puter on th e netwo rk using a stand ard web browse r (Interne t Explorer 5.
Configu ring the Switch 3-2 3 Navigating the W eb Browser Inter face T o acce ss the w eb-brows er inte rface you m ust first ent er a user name and password . The ad mini strator h as Rea d/Write ac cess to all co nfigurat ion parame ters and statist ics.
Navigating the Web Browser Interfac e 3-3 3 Configur ation Options Configu rable paramete rs have a di alog b ox or a drop -down list. O nce a configur ation chang e has bee n made on a page, be sure t o click on th e Apply but ton to co nfirm the new setting.
Configu ring the Switch 3-4 3 Main Menu Using the onboa rd web ag ent, you can de fine sy stem parame ters, ma nage an d cont rol the switc h, and all its por t s , or monit or networ k conditi ons. The f ollowing table briefl y descri bes the selec tions av ailab le from this pr ogram.
Navigating the Web Browser Interfac e 3-5 3 Securi ty 3-36 User A ccoun ts Config ures u ser names , passw ords, and ac cess le vels 3-44 Authe nticatio n Settings Config ures a uthenticat ion seq uen.
Configu ring the Switch 3-6 3 Rate L imit 3-96 Input P ort Co nfiguration Se ts the i nput ra te limit for each p ort 3-9 6 Input T runk C onfigu ration Sets t he inpu t rate l imit for each trun k 3-.
Navigating the Web Browser Interfac e 3-7 3 Static Membe rship Config ures m ember ship type f or inter faces, includi ng tagg ed, untag ged or forbidden 3-1 31 Port C onfigur ation Specif ies def aul.
Configu ring the Switch 3-8 3 IP Multica st Registra tion Table Displa ys all m ulticast gr oups a ctive o n this s witch, inclu ding multica st IP a ddress es and VL AN ID 3-1 58 IG MP Memb er Po rt .
Navigating the Web Browser Interfac e 3-9 3 UDP Shows sta tistics for UD P , inclu ding th e amo unt of traffic and errors 3-2 09 TCP Shows s tatistics for TCP , inclu ding t he am ount of traffic an .
Configu ring the Switch 3-10 3 Interfa ce Con figurat ion Sh ows ar ea ID and design ated ro uter; a lso config ures O SPF protoc ol setti ngs an d authent ication for eac h inter face 3-2 32 Virtual .
Basic Confi guration 3-11 3 Basic Configuration Display i ng System Inf ormation Y o u can ea sily ident ify the sy stem by displayin g the devi ce name , locatio n and contact inf ormat ion. Field Attributes • Syst em Name – Nam e assigne d to the swit ch system .
Configu ring the Switch 3-12 3 CLI – S peci fy th e ho stnam e, l ocat ion and cont act i nfor mat ion. Display ing Switch Har dw are/ Software Versions Use the Switch Inf ormat ion page to disp lay hard ware/firm ware ve rsion nu mbers for the mai n board an d manage ment so ftware, as we ll as the powe r status of the syst em.
Basic Confi guration 3-13 3 These additiona l parameter s are displ ayed for the CLI. • Unit ID – Un it number in sta c k. • Redunda nt Power Status – Di splays the status of th e redunda nt powe r supp ly. Web – Click System, S witch I nformation.
Configu ring the Switch 3-14 3 Display ing Bridge Ext ension Capabilit ies The Bridg e MIB incl udes exte nsions for manage d devices that supp ort Multi cast Fil ter ing, T raf fi c Clas ses, a nd V i rtu al LA Ns. Y ou ca n acce ss the se ex tensi ons t o dis play def ault se ttin gs fo r the key va riable s.
Basic Confi guration 3-15 3 CLI – Enter th e following co mm and. Setting the Switc h’s IP Address Th is sec tion descri bes how t o co nfi gure an ini tial IP i nterf ace fo r man age ment access over the network. The IP addre ss for this sw itc h is obtain ed via DHCP by defaul t.
Configu ring the Switch 3-16 3 Command Attri b utes •V L A N – ID of the config ured VLAN (1 -4094, no leading ze roes). By defaul t, all ports on the switch ar e memb ers of VLAN 1. Howev er, the man agem ent station can be att ach ed t o a port be long ing t o an y VLAN, as lo ng as th at VL AN has been assigne d an IP ad dress.
Basic Confi guration 3-17 3 Click I P , G lobal S etting. If t his swi tch and mana geme nt stati ons exist on o ther netwo rk segm ents, then spe cify the defau lt gatew ay , an d click Ap ply . Figu re 3-7 Default G atewa y CLI – S p ecify the manag ement interfac e, IP addres s and defau lt gate way .
Configu ring the Switch 3-18 3 Using DHCP/BOOTP If your ne twork provides DHCP/BOOTP services, you can config ure the switch to be dyn amic ally co nfig ured by t hes e servi ces. We b – C lick IP , General , Routing I nterface . S pe cify the VLA N to wh ich the mana gemen t sta tion is att ach ed, se t the I P Addr ess Mo de to DHCP or BO OTP .
Basic Confi guration 3-19 3 We b – If the address assigned by DH CP is no lo ng er fun ctio ning, you will not be able to rene w the IP settings v ia the web int erface. Y ou can o nly restart DHC P serv ice via the we b interfa ce if the cur rent add ress is sti ll available.
Configu ring the Switch 3-20 3 Downl oading Sy stem Software from a Server When download ing runt ime cod e, you can specify the destin ation file na me to replac e the curr ent image , or first dow nload th e file using a di f f erent nam e from the current runtim e code file, an d then set the new fi le as the startup f ile.
Basic Confi guration 3-21 3 T o delete a file select Syste m, File, Delete. Select th e file name from the given list by check ing the ti ck box and cl ick Apply .
Configu ring the Switch 3-22 3 Saving or Restor ing Configurati on Settings Y o u can up load/d ownload co nfigurat ion setting s to/from a TF TP serv er .
Basic Confi guration 3-23 3 Downloadi ng Configuration Se ttings from a Server Y o u can dow nload th e configura tion file un der a new file name and th en set it as th e startup file, or y ou can specify the c urrent sta rtup co nfigurat ion file a s the destinat ion file to dire ctly repl ace it.
Configu ring the Switch 3-24 3 CLI – Ent er the IP addr ess of the TFTP s erver , sp ecify th e source file on t he ser ver , set the sta rtup file nam e on the swi tch, an d then res tart the switch . T o sele ct anothe r config uration f ile as the start-up configu ration, use the boo t system comm and and t hen res tar t th e switch .
Basic Confi guration 3-25 3 • Speed – Sets the term inal line’s baud rate for trans mit (to term inal) and r eceive (from te rminal ). Set the spe ed to matc h the baud r ate of the dev ice conn ected to the serial port.
Configu ring the Switch 3-26 3 CLI – Enter Li ne Config uration m ode for the console, t hen spe cify the con nection paramet ers as requ ired. T o di splay the cu rren t console po rt settings , use the s how lin e command fr o m the Normal Ex e c l evel.
Basic Confi guration 3-27 3 • Password Th reshold – Sets the password intrusion t hreshol d, which limits the num ber of fail ed logon attempts. W hen the logon attempt t hreshol d is reach ed, th.
Configu ring the Switch 3-28 3 CLI – Enter Li ne Config uration m ode for a virtua l termin al, then spe cify the connectio n p a ramete rs as requir ed. T o di splay th e current virtual termi nal setti ngs, use the sho w line comma nd fr om th e Normal E xec lev el .
Basic Confi guration 3-29 3 • RAM Level – Li mits log me ssage s sav ed to the sw itch’s temporar y RAM mem ory for all l eve l s up to the s pecified lev e l. For e xample, if le vel 7 is specified, all messages fro m l e vel 0 to level 7 will be logg ed to RAM.
Configu ring the Switch 3-30 3 Remote Log Config uration The Rem ote Logs page allows yo u to co nfigure the l ogging of m essag es that are sent to sy slog serve rs or othe r manag emen t st ation s. Y o u can al so limit the ev ent mes sages sent to only tho se messa ges at or ab ove a spe cified leve l.
Basic Confi guration 3-31 3 We b – Click System, Logs, Remote Logs. T o add an IP addre ss to the Ho st IP List, type the new IP add ress in the Host IP Addr ess box, and then cl ick Add. T o de lete an IP ad dress, c lick the entr y in the Hos t IP List, and t hen cli ck Remove .
Configu ring the Switch 3-32 3 Display ing Log Messages Use the Logs page to sc roll through the logg ed system and ev ent mes sages. Th e switch can store up to 2048 log entrie s in tempo rary ra ndom acc ess mem ory (RAM ; i.e., mem ory flush ed on powe r reset ) and up to 40 96 entries in permane nt flash memory .
Basic Confi guration 3-33 3 Setting the System Clock Simple Networ k T ime Protocol (SNTP) allows the s witch to s et it s i nternal cloc k based on period ic updates from a time s erver (SN TP or NTP). Mai ntaining an accur ate time on t he switc h enables the syste m log to recor d mea ningful da tes and time s for even t entries.
Configu ring the Switch 3-34 3 CLI – This exam ple con figures t he switch to oper ate as an SNT P client and then displa ys the cur rent tim e and setti ngs.
Simple Netw ork Managemen t Protocol 3-35 3 Simple Network Management Pro tocol Sim ple Ne twork Man agem ent Pr otoc ol (SNM P) i s a communi cati on prot ocol designe d speci fically f or manag ing device s on a net work. Equ ipmen t comm only man aged with SN MP includ es switc hes, route rs and ho st comp uters.
Configu ring the Switch 3-36 3 Note: The predefined default groups and view can be deleted from the system . You ca n then d efine custom ized groups and vie ws for the SNMP cli ents that requ ire access. Enabling t he SNMP Agent Enables SNMPv3 service for all management client s (i.
Simple Netw ork Managemen t Protocol 3-37 3 • Access Mode – S pecifies the access rights for the com munity string: - Read-Only – A uth ori zed ma nageme nt s tatio ns are onl y able to r etrie ve MI B obje cts. - Read/Write – Aut horize d manage ment stat ions ar e able to both retrieve and modify MIB objects.
Configu ring the Switch 3-38 3 • Enable A uthentica tion Traps – I ssues a trap messa ge to sp ecified IP tr ap man agers when ever aut henticat ion of an SNMP reques t fails. (Defa ult: Enabled ) • Enable Link-up and Link-down Traps – Is sues a tr ap mess age when ever a port link is est ablished or broken .
Simple Netw ork Managemen t Protocol 3-39 3 A local en gine ID is auto matic ally gener ated that is un ique to the s witch. T his is referred to as the de fault engi ne ID. If the l ocal engine ID is del eted or ch anged , all SNMP users will be cleared.
Configu ring the Switch 3-40 3 • Privacy – The encryp tion algo rithm use for data priva cy; only 56- bit DES is current ly avail able • Actions – Enab les the user to be assi gned to ano ther SN MPv3 gr oup. We b – C lick SNMP , SNMP v3, User s.
Simple Netw ork Managemen t Protocol 3-41 3 CLI – Us e th e snmp- ser ver user com mand t o configur e a new use r name an d assign i t to a group. Configurin g SNMPv3 Groups An SNMP v3 gro up sets the ac cess po licy for its ass igned use rs, res tricting them to specif ic read an d write vie ws.
Configu ring the Switch 3-42 3 We b – Click SNMP , SNMPv3, Groups. Click New to configure a new group. I n the New Group page, def ine a name, assign a se curity m odel a nd lev el, and then s elect read and write v iews. C lick A dd to sav e the new group and re turn to t he Grou p s list.
Simple Netw ork Managemen t Protocol 3-43 3 Setting SNMPv3 Views SNMPv 3 view s are used to restri ct user a ccess to specified portions of the M IB tree. The pre defined vi ew “de faultview” include s access t o the entir e MIB tree. Command Attri b utes • View Name – The name of the SNM P view .
Configu ring the Switch 3-44 3 CLI – Us e th e snmp- serve r view comm and to co nfigure a ne w view . Thi s examp le view in cludes the MI B -2 interfaces tabl e , a nd the wildc ard mask sele cts a ll in dex entri es.
User Authentication 3-45 3 Command Attri b utes • Account List – Show s the l ist of users th at are allow ed mana geme nt access . (Def aults: admi n, and gue st) • New Account – Disp lays con figuratio n settings for a new account. - User Name – The name of the us er.
Configu ring the Switch 3-46 3 Configur ing Local /Remote Logon Authenticat ion Use t he Aut henticat ion Se ttings menu t o res trict ma nagem ent a ccess based on specif ied us er n ames and pas sword s.
User Authentication 3-47 3 • RADIUS Settings - Server IP Address – Address of authent ication s erver. ( D efaul t: 10.1.0 .1) - Serv er Port Numbe r – N etwork ( UDP) por t of authen ticatio n server us ed for auth entication me ssages.
Configu ring the Switch 3-48 3 CLI – S pec ify all the r equired parame ters to en able logon authe ntication. Configur ing HTTPS Y o u can co nfigure t he switch to enable th e Secure Hyp ertext T r ansfer Protocol (HTTPS ) over the Secu re Soc ket Layer (SSL), pr oviding se cure acce ss (i.
User Authentication 3-49 3 • The fo llowing web browse rs and oper ating s ystems currently su pport H TTPS: • To spec ify a secure -site cer tificate, se e “Replac ing the De fault Secur e-site Certifi cate” on page 3-49. Command Attri b utes • HTTPS Status – Al lows you to en able/dis able the HTTPS ser ver featur e on the switch.
Configu ring the Switch 3-50 3 When you have obtained these, plac e them on your TFTP server , and use the follow ing com mand at the switch's co mmand -line inte rface to rep lace the default (unreco gnized ) certifica te with an authoriz ed one: Note: The switch must be re set for the new certificate to be ac tivated.
User Authentication 3-51 3 Other wise, y ou need to manual ly create a known h osts file on the mana gement station and place the host pu blic ke y in it. An e ntry for a pu blic key in the know n hosts file wou ld app ear simila r to the foll owing exam ple: 10.
Configu ring the Switch 3-52 3 Notes: 1. To use SS H with only password authentication, the host public key must still be given to the client, either during in itial connection or manually ent ered into the known host file. However, you do not need to configure the client’s keys.
User Authentication 3-53 3 We b – C lick Securi ty , Hos t-Key Sett ings. Sele ct the host -key type from the drop-d own box, select the option to s a ve th e hos t key f rom memory to flas h (if requir ed) prior to ge nerating the key , and then c lick Gene rate.
Configu ring the Switch 3-54 3 Configurin g the SSH Server The SS H server include s basic se ttings fo r authentica tion. Field Attributes • SSH Server Status – Al lows you to enable/di sable the S SH server on the sw itch. (Defaul t: Enabled) • Version – Th e S ecu re She ll ve rsio n nu mber.
User Authentication 3-55 3 CLI – This exam ple ena bles SSH , sets the authen ticatio n p arame ters, and dis plays the current c onfigu ration. It show s that the ad minist rator has mad e a conn ection via SHH, and then dis ables this con nectio n.
Configu ring the Switch 3-56 3 • I f a p ort is di sabl ed (sh ut d own) due t o a se cur ity v iolat ion, it m ust be manua lly re-enab led from the Port/Po rt Configu ration pag e (pag e 3-81). Command Attri b utes •P o r t – Port nu mber. •N a m e – D es crip tive t ext ( pag e 4-150 ).
User Authentication 3-57 3 CLI – This exa m ple sets the command mo de to Port 5, sets the port securi ty action to sen d a trap and disab le the por t, and sp ecifies a ma ximum address count , and then enab les port security for the port . Configur ing 802.
Configu ring the Switch 3-58 3 Th e oper atio n of do t1x on the sw itc h requ ires the f oll owing : • T he swi tch must have an IP addr ess a ssigne d. • RADIU S authen tication m ust be enab led on th e switch an d the IP add ress of the RADIUS server specifi e d.
User Authentication 3-59 3 We b – Clic k 802.1x , Informat ion. Figu re 3-35 802.1X Inform ation CLI – T his ex ampl e shows the def ault prot ocol s etti ngs for dot1 x. F or a desc ripti on of the add itional ent ries disp layed in the CLI, see “ show dot 1x” on page 4- 85.
Configu ring the Switch 3-60 3 Configurin g 802.1x Glob al Settings The dot 1x protoco l includes global parameters tha t contro l the client authent ication proc ess that run s betwe en the clie nt and the sw itch (i.
User Authentication 3-61 3 We b – Sele ct Secu rity , 802. 1x, Conf iguration . Enable do t1x glob ally for the swi tch, mod ify any of the para meters re quired , and then clic k Apply . Figure 3-36 802.1X Confi guration CLI – This enab les re-a uthent ication an d sets all of the glob al paramete rs for dot1 x.
Configu ring the Switch 3-62 3 • Supplicant – Indi cates th e MAC ad dress of a con nected cl ient. • Trunk – Indi cate s if the po rt is co nfi gured as a tr unk po rt. We b – Clic k Security , 80 2.1x, Port C onfigurati on. Select the authent ication mo de f rom the dr op-d own bo x and cl ick Ap ply .
User Authentication 3-63 3 We b – Select Security , 802.1x, S tatisti cs. Select the re quired port an d th en click Query . Click Refre sh to update the s tatis tics. Figur e 3-38 802. 1X Statist ics Rx EA P Resp /Oth The n umber of valid EA P Res ponse frames (other tha n Resp /Id fra mes) that h ave be en receive d by th is Auth entica tor .
Configu ring the Switch 3-64 3 CLI – This exam ple di splays the d ot1x statisti cs for port 4. Filteri ng IP Addresses for Management Access Y o u can sp ecify the cl ient IP add ress es that are al lowed m anage ment ac cess to the switch through th e web interf a ce , SNMP , or T elnet.
User Authentication 3-65 3 We b – Clic k Security , I P Filter . Enter the IP ad dres ses or range of address es tha t are allow ed mana gement access to an interface , and click Add IP Filtering En try . Figure 3-39 IP Filte r CLI – T his ex ampl e rest ri cts manage ment acces s f or T el net clie nts .
Configu ring the Switch 3-66 3 Access Control Lists Acces s Contr ol Lists (A CL) prov ide packe t filtering for I P frames (bas ed on address , protoc ol, Laye r 4 protocol por t numbe r or TCP cont rol code) or any frame s (based on M AC add ress or Etherne t type ).
Access C ontrol Lis ts 3-67 3 Setting the ACL Name and Ty pe Use the ACL Conf iguration page t o design ate the na me and ty pe of an ACL. Command Attri b utes • Name – Name of th e ACL.
Configu ring the Switch 3-68 3 and com pared wi th the ad dress for eac h IP packet entering the port(s) to which this ACL ha s been as signe d. We b – S pecify the action (i.e., Pe rmit or Deny). Select the address type ( A ny , Host, or IP) . If yo u se lect “ Host,” enter a spe cific ad dres s.
Access C ontrol Lis ts 3-69 3 Configurin g an Extended IP ACL Command Attri b utes • Action – An ACL can contain either all perm it rules or all den y rules. (De faul t: Pe rmit r ule s) • Source /Destinat ion Addre ss Type – Spec ifie s t he sourc e or de stin atio n IP addre ss.
Configu ring the Switch 3-70 3 We b – S pec ify the act ion (i.e., Per mit or Deny ). S peci fy the sourc e and/or destin ation addr esses . Select the ad dress typ e (Any , Host, or IP). If you selec t “Host, ” ente r a s pecific addr ess. If you s elect “IP ,” enter a s ubnet address and the mas k for an add ress rang e.
Access C ontrol Lis ts 3-71 3 Configurin g a MAC ACL Command Attri b utes • Action – An ACL can contain al l permit rule s or all deny rul es. (De faul t: Pe rmit r ule s) • Source /Destinat ion.
Configu ring the Switch 3-72 3 We b – S pec ify the act ion (i.e., Per mit or Deny ). S peci fy the sourc e and/or destin ation ad dresses . Select th e address type (Any , H ost, or MA C). If you sel ect “Host, ” enter a speci fic addr ess (e. g.
Access C ontrol Lis ts 3-73 3 Configur ing ACL Masks Y o u mus t specify ma sks that con trol the or der in which ACL rule s are chec ked. Th e sw itc h incl udes two syste m def ault masks that p ass/f ilt er p acket s ma tchi ng the permi t/deny rule s speci fied in an ing ress ACL .
Configu ring the Switch 3-74 3 Configurin g an IP ACL Mask This ma sk defin es the fields to check i n the IP hea der . Command Usage • Mas ks that inclu de an ent ry for a Laye r 4 protoc ol sourc e port or dest ination port can only be appl ied to packet s with a he ader len gth of exa ctly five byt es.
Access C ontrol Lis ts 3-75 3 We b – Con figure the mask to match the r equired rules in th e IP ingress or egre ss ACLs. Set the ma sk to chec k for any so urce or de stination a ddres s, a speci fic host addre ss, or an a ddress ra nge.
Configu ring the Switch 3-76 3 Configurin g a MAC ACL Mask This ma sk defin es the fields to check i n the packet he ader . Command Usage Y o u must c onfigure a mask for an AC L rule bef ore you can bind it to a po rt.
Access C ontrol Lis ts 3-77 3 CLI – This e xam ple sho ws how to c reate an Ingres s M AC AC L and bind it to a port. You can then see th at the order of the rule s have been change d by the ma sk.
Configu ring the Switch 3-78 3 We b – Clic k Secur ity , A CL, P ort Bi nding. M ark t he E nable field for the p ort yo u wan t to bind to an ACL for ing ress or egr ess tra f f ic, select the r equire d ACL from the drop-do wn list, then click Ap ply .
Port Configur ation 3-79 3 • Media Type 6 – Shows t he forc ed/pre ferred por t type to use for combin ation por ts 9-12 . (Copper-Forced , Copp er-Preferred-A uto, SFP-Forc ed, SFP-Preferre d-Auto) • Trunk M ember 6 – Shows if port is a trunk me mber.
Configu ring the Switch 3-80 3 • Flow control – Shows i f flow control is enabled or disabled . • LACP – Show s if LACP is enabled or disabled. • Port Security – Show s if port secu rity is enable d or disab led. • Max MAC count – Shows t he maxi mum numb er of MA C addres s that ca n be learne d by a port.
Port Configur ation 3-81 3 Configur ing Interface Connect ions Y o u ca n use the Po rt Conf iguration or Trunk Co nfigurat ion page to ena ble/disa ble an inter face, set auto- negoti ation and th e interface capab ilities to advertise, or manua lly fix the spe ed, du plex mod e, and flow co ntrol.
Configu ring the Switch 3-82 3 Note: Auto-negotiation must be disabled before yo u can configure or force the interface to use the Speed/Duplex Mode or Flow Control options. We b – Cli ck Po rt, P ort Co nfig urat ion or T runk C on figur ati on. Modif y th e requ ired interf a ce s e ttin gs, and cli c k Appl y .
Port Configur ation 3-83 3 Creati ng Trunk Groups Y o u can cr eate mu ltiple links betwee n device s that wor k as one vir tual, aggr egate link. A por t trunk offers a dram atic inc rease in bandwi dth for networ k segmen ts where bottle necks exist, as well a s prov iding a fault -tolera nt link betwee n tw o devices .
Configu ring the Switch 3-84 3 Statica lly Configuring a Trunk Command Usage • When confi guring st atic tr unks, y ou may not be able to li nk switch es of diff erent types , depen ding on th e manuf acturer’ s implem entat ion. Howev er, not e that the st atic trunks on this swit ch are Cisc o EtherCh annel compatible .
Port Configur ation 3-85 3 CLI – This e xample cre ates trunk 2 with por t s 9 and 10. Jus t conn ect these por ts to two static trun k ports on ano ther sw itch to form a trunk.
Configu ring the Switch 3-86 3 We b – C lick Port, LA CP , C onfigurati on. Select any of the sw itch ports from the scro ll-down port li st and click Add. After you have comp leted adding ports to the member lis t, click Appl y . Figure 3-51 LACP T ru nk Co nfigura tion CLI – The fo llowing ex ample enables LACP for ports 1 to 6.
Port Configur ation 3-87 3 Configurin g LACP Parameters Dynam ically Cr eating a Port Ch annel – Ports assigne d to a co mmon po rt chann el must m eet the fol lowing c riteria: • Ports must have the same LACP Syste m Priority . • Ports must have the same LACP port Admin Key.
Configu ring the Switch 3-88 3 Web – Click Por t, LACP , Aggreg ation Port. Set the Syste m Priority , Admin Ke y , and Po rt Pri ori ty fo r t he Por t Acto r .
Port Configur ation 3-89 3 Displaying LACP Port Counters Y o u can disp lay statist ics for LACP proto col messag es. We b – Click Port, LACP , Port Counters In formation. Se lect a member port t o disp la y the co rrespon ding info rmation . Figur e 3-53 LACP - Port Co unters Inform ation CLI – This fun ction is not su pported by the CL I.
Configu ring the Switch 3-90 3 Display ing LACP Setti ngs and Status for th e Local Side Y o u can disp lay co nfigurat ion setting s and the op eratio nal state for th e local sid e of an li nk a ggregat ion.
Port Configur ation 3-91 3 Web – Click Port, LACP , Port Internal Informa tion. Select a port channel to dis play the co rrespon ding info rmation . Figu re 3-54 LAC P - Port In ternal Inform ation CLI – This fun ction is not su pported by the CL I.
Configu ring the Switch 3-92 3 Display ing LACP Setti ngs and Status for the Remote Side Y o u can disp lay co nfigurati on setting s and the op eratio nal state for th e remote si de of an link ag grega tion. We b – C lick Port, LA CP , Por t Neighbo rs Informa tion.
Port Configur ation 3-93 3 Setting Br oadcast Storm Thresholds Broad cast storm s may oc cur whe n a device on your network i s malfunc tioning, or if applic ation prog rams ar e not well des igned or properly co nfigur ed.
Configu ring the Switch 3-94 3 CLI – S p ecify a ny interfa ce, and t hen enter the thresho ld. The fol lowing disables broad cast stor m contr ol for port 1, and t hen sets bro adcast su ppressi on at 600 packets per sec ond for po rt 2.
Port Configur ation 3-95 3 Configur ing Port Mirrorin g Y o u can m irror traffic fro m any sour ce port to a target port for real-tim e analysi s. Y ou can t hen attach a logi c analyze r or RMO N prob e to the target port and study t he traffic cros sing the sour ce port in a comp letel y unobtrus ive manner .
Configu ring the Switch 3-96 3 Configur ing Rate Limits This fun ction allow s the netw ork ma nager to c ontrol the m aximum rate for traffic transm itted or rec eived on an interfa ce. Rate limi ting is co nfigured on interfa ces at the ed ge of a netw ork to limit tra f fic into or out of the s witch.
Port Configur ation 3-97 3 Showing Por t Statist i c s Y o u can disp lay standa rd statistics on netw ork traffic from th e Interfac es Grou p and Etherne t-like MI Bs, as well as a detailed breakd own of tra f fic bas ed on the RM ON MIB. Int erface s and Ether net-like stati stics dis play error s on the traffic passin g throug h each po rt.
Configu ring the Switch 3-98 3 T ra nsmit Disc arded Pac kets The numbe r of outbound pack ets w hich w ere c hosen to be discar ded e ven thoug h no er rors had b een de tected to pre vent th eir being t ransmit ted. One p ossible reason fo r disca rding s uch a p acket could be t o free up buffer spa ce.
Port Configur ation 3-99 3 Receiv ed Fra mes The to tal numbe r of fra mes (b ad, bro adcast an d multi cast) re ceived . Broad cast Fr ames The to tal num ber of good fram es rec eived t hat we re direc ted to the broad cast ad dress. No te that this do es not include multicast packe ts.
Configu ring the Switch 3-100 3 We b – C lick Port, Port St atis tics. Select the requ ired interfac e, and click Query . Y ou can also use the Refresh bu tton at the bottom of the page to upd ate the sc reen.
Address T able Settings 3-101 3 CLI – T his exam pl e sh ows st ati st ics for port 12. Address Table Settings Switche s store th e addre sses for all known devi ces. This i nforma tion is used to p a ss traffic direct ly betwee n the inboun d and out bound ports.
Configu ring the Switch 3-102 3 We b – C lick Addre ss T ab le, S tatic Addresse s. S peci fy the inter face, the MAC add ress and VLA N, the n cl ic k Ad d S ta tic A ddres s. Figur e 3-60 Stati c Address es CLI – This exam ple add s an addr ess to the stati c address t abl e, but sets it to be deleted wh e n t he switch is reset.
Address T able Settings 3-103 3 We b – Click Ad dress T able, Dynam ic Add resses. Specify the s earch t ype (i.e., ma rk t he In terf ace, MAC Add ress, or V LAN ch eckbo x), selec t th e meth od of sort in g th e displa yed add resses, and then c lick Q uery .
Configu ring the Switch 3-104 3 Changing the Aging Time Y o u can se t the aging t ime for en tries in the dy nam ic address tab le. Command Attri b utes • Aging Status – E nables/ disables the aging funct ion. • Aging Time – The time afte r which a le arned ent ry is disca rded.
Spanning T r ee Algorith m Configuration 3-105 3 Once a stab le networ k topology has bee n establishe d, all bridge s listen fo r Hello BPDU s (Bridge Prot ocol Data Units) transm itted fro m the Root Br idge.
Configu ring the Switch 3-106 3 • Hello Time – I nte rval (in se conds) at w hich th e root dev ice transm its a conf iguration m essa ge. • Forward De lay – The maxi mum time (i n second s) t he root d e vic e wi ll wait before chang ing states (i.
Spanning T r ee Algorith m Configuration 3-107 3 i nfor mat ion t hat w oul d mak e i t r etu rn to a dis card ing stat e; ot herwi se, t empor ary da ta l oo ps mi gh t r esu lt. • Root Hold Time – The interval ( in sec onds) d uring which n o m ore th an two bridge config uration pr otocol dat a units sha ll be trans mitted b y this node.
Configu ring the Switch 3-108 3 CLI – This command displays global ST A settings, f ollowed by settings for each port . Note: The current root por t and current root cost display as zero when this device is not connected to the network. Configur ing Global Sett ings Globa l settings ap ply to th e entire swi tch.
Spanning T r ee Algorith m Configuration 3-109 3 • Multip le Span ning T ree Protocol - To a llow mu ltiple spa nning trees to op erate ov er the ne twork, yo u must con figur e a related se t of bridge s with th e same M STP confi guration , allowing them to parti cipate in a sp ecific se t of spann ing tree inst ances .
Configu ring the Switch 3-110 3 • Forward Delay – Th e maximum ti me (in seconds) this devic e will wait bef ore chang ing states (i.e., dis carding to learning t o forwardin g). This dela y is requir ed becau se every de vice mu st receiv e informa tion abo ut topolog y chang es befor e it starts to forwar d frames.
Spanning T r ee Algorith m Configuration 3-111 3 We b – C lick S panning T ree, ST A, Configura tion. Mo dify the requir ed attrib utes, and click Ap ply .
Configu ring the Switch 3-112 3 CLI – T hi s e xampl e enab les S p anni ng T ree Protoc ol, s et s the mode t o MST , and then conf igures the ST A an d MSTP parameters . Display i ng Interf ace Settings The S T A Port I nformati on and ST A Trunk Inf orma tion pages display the c urrent status of por t s and t runks in th e S panning Tr ee.
Spanning T r ee Algorith m Configuration 3-113 3 • Oper Link Type – Th e oper ational po int-to-po int status of the LAN segm ent att ache d to t his i nter fac e. T his par amete r is d eter mined by ma nual conf ig urat ion o r by auto- detection, as describ ed for Adm in Link Ty pe in STA Port Co nfigurat ion on page 3- 115.
Configu ring the Switch 3-114 3 • Priority – De fines th e priority used for this por t in the S panni ng Tree A lgorith m. If the path co st for al l ports on a switch is the same, the po rt with the h ighest pr iority (i.e., lowest value) will b e confi g ured a s an active l in k i n th e Spanning Tree.
Spanning T r ee Algorith m Configuration 3-115 3 CLI – This exam ple sho ws the ST A attr ibutes for por t 5. Configur ing Interface Set t ings Y o u can co nfigure R STP a nd MST P attributes fo r specific i nterface s, including port priorit y , path co st, link typ e, and edge port.
Configu ring the Switch 3-116 3 Protoco l is detect ing netw ork loop s. Wher e more than one por t is assigne d the highest priority, the port with l owest num eric ide ntifier w ill be enable d. • Defau lt: 128 • Range: 0-240, in steps of 16 • Path Cost – Th is parame ter is used by the STP to determine the best pat h betwe en dev ices.
Spanning T r ee Algorith m Configuration 3-117 3 We b – Click S panning T ree, ST A , Port Configurati o n or T runk Configuration. Modify the requ ired attrib utes, the n click Appl y . Figu re 3-66 ST A Port C onfigu ration CLI – This exam ple sets ST A attr ibutes for por t 7.
Configu ring the Switch 3-118 3 T o ensure that the MSTI maintains connectivity across the netwo rk, you mus t configure a related set of bridges with the same MSTI settin gs. Command Attri b utes • MST Inst ance – Ins tance identifie r of this spanni ng tree .
Spanning T r ee Algorith m Configuration 3-119 3 CLI – This di splays ST A settings for ins tance 1, followed b y settin gs for each po rt. CLI – T hi s ex ampl e se ts t he pr iorit y fo r MSTI 1, an d add s VLA Ns 1- 5 to this MSTI.
Configu ring the Switch 3-120 3 Display i ng Interf ace Settings for MSTP The MS TP Port Inform ation and MSTP T r unk Infor mation pages display th e current status of por t s and t runks in th e select ed MST ins tance. Field Attributes • MST Inst ance ID – I n stance identifie r to configure .
Spanning T r ee Algorith m Configuration 3-121 3 Configur ing Interface Set t ings for MSTP Y o u can co nfigure the ST A i nterface settings for an MST Instanc e using the M STP Port Conf igurati on and MST P T run k Con figuratio n pa ges .
Configu ring the Switch 3-122 3 • MST Path Cost – This p arameter is use d by the MSTP to det ermine t he best path betwe en dev ices. Ther efore, l ower v alues sh ould be a ssigned to port s attached to faster media, an d higher values ass igned to por ts with slow er media.
VLAN Configur ation 3-123 3 VLAN Configurati on Configur ing IEEE 802.1Q VLANs In larg e network s, routers are used t o isolate br oadcast traffic for each su bnet into separate dom ains. Thi s switch provi des a similar ser vice at Layer 2 by using VLANs to organ ize any gr oup of net work no des into separ ate broad cast dom ains.
Configu ring the Switch 3-124 3 Note: VLAN-tagged fram es can pass through VLAN-awa re or V LAN-unaware network interconnection devices, but the VLAN tags should be st ripped off before passing it on to a ny end-node h ost that does not support VLAN tagging.
VLAN Configur ation 3-125 3 these hos ts, and cor e switche s in the ne twork, enab le GVR P on the link s betwe en these dev ices. Y ou should al so deter mine secu rity bou ndarie s in the netwo rk .
Configu ring the Switch 3-126 3 Enablin g or Disabling GVRP (Gl obal Setting) GARP VL AN Regi stration Pro tocol (GVRP) defines a w ay for switche s to excha nge VL AN infor mat ion i n order to reg ist er VLAN memb ers on por ts acr oss th e netwo rk.
VLAN Configur ation 3-127 3 CLI – Enter th e following co mm and. Displaying Current VLANs The VLAN C urren t T a ble shows the curr ent port mem bers of ea ch VLAN an d wheth er or not the por t suppor t s VLAN tagging. Ports assign ed to a large VL AN group that cross es seve ral switch es shoul d use VLAN t agging .
Configu ring the Switch 3-128 3 Command Attri b utes (CLI ) • VLAN – ID of con figured VL AN (1-4 094, no leadin g zeroe s). • Type – Sho ws how th is VLAN wa s added to the switch. - Dynamic : Automa tically learned via GVRP. - Static : Adde d as a sta tic e ntry.
VLAN Configur ation 3-129 3 We b – C lick VLAN, 802. 1Q VLAN, S t atic Lis t. T o c reate a ne w VLAN, en ter the VLAN ID and VLAN name, mark the Enable checkbox to ac ti vate the VLAN, and th en c lic k Add . Figur e 3-73 VLAN St atic Li st - Cre ating VLANs CLI – T his exam pl e cr eates a new VLAN .
Configu ring the Switch 3-130 3 Command Attri b utes • VLAN – ID of con figured VL AN (1-4094 , no leadin g zeroes) . • Name – Name of the VLAN ( 1 to 32 c haracte rs). • Status – En ables or dis ables the sp ecified VL AN. - Enable : VLAN is op erationa l.
VLAN Configur ation 3-131 3 CLI – The follow ing exa mple ad ds tagged and untagged ports to VLAN 2. Adding S ta tic Me m bers to VLANs (Port Index) Use the VLAN S tatic Membe rship by Por t menu to ass ign VLAN gr oups to the select ed interf ace as a tagged memb er .
Configu ring the Switch 3-132 3 Configurin g VLAN Behavior for Interfac es Y ou can confi gure VL AN beha vior f or spe cifi c in te rf aces , incl udin g the de fau lt VLA N identif ier (PVID) , accepted f rame type s, ingress filtering , GVRP status , and GAR P tim ers .
VLAN Configur ation 3-133 3 Leave or Le aveAll m essag e has b een issu ed, the applican ts ca n rejoin b efore t he port act ually leave s the grou p.
Configu ring the Switch 3-134 3 CLI – Th is exam ple s ets port 3 to ac cept o nly tagged f rames , assign s P VID 3 as the na tive VL AN ID , ena ble s G V RP , s ets t he GA RP ti mer s, an d t hen s ets th e swi tch po rt mode to hybr id.
VLAN Configur ation 3-135 3 Configurin g Uplink and Downl i nk Ports Us e th e Pri vate V LAN Li nk S t atus p age to set po rt s as d ownli nk or up link port s. Ports desi gnated as down link po rts can not c ommun icate w ith any other po rts on the sw itc h excep t for th e upli nk por ts .
Configu ring the Switch 3-136 3 Configurin g Protocol Groups Create a pr otocol group fo r one or more protoco ls. Command Attri b utes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Ty pe – Fram e type us ed by this pr otocol .
VLAN Configur ation 3-137 3 - If th e frame is unt agged and the protoc ol type mat ches, the f rame is forw arded to the app ropriate VLAN . - If t he frame is unt agge d but the prot ocol type do es not ma tch, the f rame is forwar ded to the def ault VLAN for this interfac e.
Configu ring the Switch 3-138 3 Class of Servic e Configuration Class of Service ( CoS) allow s you to sp ecify whi ch data packets have greater prec edence w hen traffic is buffered in the switc h due to cong estion. Th is switch suppo rts CoS with e ight priority queues for each port.
Class of Serv ice Configur ation 3-139 3 We b – Click Pr iority , De fault Po rt Priority or Default T runk Priority . Modify the defau lt prior ity for a ny in terface, then clic k Apply . Figure 3-81 Defau lt Port Pri ority CLI – T his exam pl e as signs a defa ult p rior ity o f 5 t o port 3.
Configu ring the Switch 3-140 3 Mapp ing CoS Valu es to Egress Q ueues This sw itch proce sses Clas s of Service (CoS) p riority tagged traffic by usin g eigh t priorit y queues f or each port, with ser vice sch edules b ased on strict or Weigh ted Round R obin (WR R).
Class of Serv ice Configur ation 3-141 3 We b – C lick Priority , T raffic Clas ses. Mark an interface an d click Select to displ ay the curr ent mappi ng of CoS val ues to outp ut queu es. Assign priorities to the traffic classes (i.e., ou tput queue s) for th e selected interface , then cli ck Apply .
Configu ring the Switch 3-142 3 Selec ting the Queue M ode Y o u can se t the switc h to service the que ues based o n a strict ru le that req uires all traffic in a higher priority qu eue to be pr oc.
Class of Serv ice Configur ation 3-143 3 We b – C lick Priority , Q ueue Sc heduling. Select the inte rface, highl ight a traffic clas s (i.e., out put queue ), ente r a weight, then click Appl y . Figure 3-84 Queu e Sche duling CLI – The follow ing exa mple sh ows how t o assign W RR weig hts to each of the priorit y queues.
Configu ring the Switch 3-144 3 Layer 3/4 Pri ority Settings Mapping Layer 3/4 Pr iorities to CoS Values This sw itch suppo rts severa l commo n meth ods of prio ritizing laye r 3/4 traffic to m eet applic ation requ irements.
Class of Serv ice Configur ation 3-145 3 Mapp ing IP Precedence Th e T ype of Serv ice (T oS) oc tet in t he IPv4 head er incl udes t hree pre ceden ce bit s defining eight differen t priority levels ran ging from highes t priority for netwo rk control p acket s to l owes t pr ior ity for rout in e tr aff ic.
Configu ring the Switch 3-146 3 CLI – The follow ing exa mple glob ally ena bles IP Prece dence service on th e switch , maps IP P recedenc e value 1 t o CoS value 0 (on port 1), and t hen disp lays the IP Pre ceden ce sett i ngs .
Class of Serv ice Configur ation 3-147 3 We b – Cl ic k P rior ity , IP D SCP P rio rit y . Se lec t a n en tr y fr om the DS C P tab le , ent er a value in the Class of Serv ice V al ue field, t hen click App ly .
Configu ring the Switch 3-148 3 Mapping IP Port Priority Y o u can also map ne twork app licatio ns to Clas s of Service values bas ed on th e IP port numb er (i.e., TCP/ UDP por t number) in the frame head er . So me of the mor e comm on TCP ser vice ports includ e: HTTP: 80, FTP : 21, T elnet : 23 and POP3 : 1 1 0.
Class of Serv ice Configur ation 3-149 3 CLI – The follow ing exa mple glob ally enabl es IP Port Pr iority servic e on the switc h, maps HTTP tra ffic ( on port 1) to Co S value 0 , and th en displays th e IP Port P riorit y settings .
Configu ring the Switch 3-150 3 We b – Click Prior ity , ACL CoS Priorit y . Select a port , select an ACL rule , specify a CoS priority , then click Add. Fig ure 3- 90 AC L CoS Pr io rity CLI – T his exam pl e as signs a CoS v alue of z ero t o p ack ets m atc hing rul es wi thi n the speci fied ACL on port 1.
Class of Serv ice Configur ation 3-151 3 Command Attri b utes • Port – Po rt identifier. • Name 16 – Name of ACL. • Type – Ty pe of ACL (IP or MA C). • Preceden ce – I P Precede nce value . (Ran ge: 0-7) • DSCP – Differ entiated Servi ces C ode P oint val ue.
Configu ring the Switch 3-152 3 Multicast Filteri ng Multic asting is u sed to supp ort real -time applic ations s uch as v ideocon ferencin g or stream ing aud io. A mult icast ser ver does n ot ha ve to establis h a separate co nnecti on with ea ch client.
Mu ltic ast Filte rin g 3-153 3 Based on the gro up memb ership informa tion learned from IG MP , a router/s witch ca n dete rmine whi ch (if any) multica st traffic needs to be forwar ded to each of its ports.
Configu ring the Switch 3-154 3 Configurin g IGMP Snooping and Query Parame ters Y o u can co nfigure t he switch to forward m ulticas t traffic intellige ntly . Base d on the IGMP quer y and repor t mess ages, the sw i tch f orwar ds tr af fi c only to t he por ts t hat reque st multic ast traffic.
Mu ltic ast Filte rin g 3-155 3 We b – Click IGMP Snooping, IGMP Configuration. Ad just the IGMP s e ttings a s requir ed, and then click App ly . (T he default settings are show n below .) Figu re 3-92 IGMP C onfigu ration CLI – Th is exam ple m odifie s the s ettings for m ulticast filtering, and then disp lays the current status.
Configu ring the Switch 3-156 3 Display ing Interfa ces Attached to a Multicast Router Mult icast router s that are at tached to po rts on the swit ch use infor mation ob tained f rom IGMP , alon g wit h a mu ltic ast rou ting prot ocol such as DV MRP or PIM , to sup port IP multi casti ng a cros s th e Int ern et.
Mu ltic ast Filte rin g 3-157 3 Specify ing Static Inter faces fo r a M ulticast Router Depend ing on your net work co nnection s, IGMP snoopi ng may n ot always be abl e to locate the IGMP querier .
Configu ring the Switch 3-158 3 Display ing Port M embers o f Multic ast Services Y o u can disp lay the po rt memb ers ass ociated w ith a spe cified VLA N and mu lticast serv ice. Command Attri b ute • VLAN ID – Sele cts the VL AN for whic h to display por t member s.
Mu ltic ast Filte rin g 3-159 3 Assign ing Ports to Mul ticast Services Multic ast filterin g can be dyna micall y configur ed using IG MP Snoop ing and IGM P Query message s as desc ribed in “ Confi guring IGM P Snoop ing and Que ry Parame ters” o n page 3-154.
Configu ring the Switch 3-160 3 Layer 3 IGMP (Query u s ed wit h Multicast Routing) IGM P Snooping – IGMP Snooping is a La yer 2 func tion (page 3-1 54) that ca n be used to pr ovide m ulticast f iltering whe n no other switches in the networ k supp ort multic ast routing.
Mu ltic ast Filte rin g 3-161 3 • La st M ember Quer y Int erval – A mul ticast client sen ds an IGMP l eave m essage wh en i t lea ves a group . The r oute r then chec ks to s ee i f thi s was the last host in the grou p by sen ding an IGM P que ry and starti ng a timer based on th is comma nd.
Configu ring the Switch 3-162 3 We b – Click IP , IGMP , Inte rfac e Se ttings. S pecify each i nterface that wil l support IGM P (Laye r 3), speci fy the IGMP paramet ers f or eac h int erface, then c lick Apply . Figur e 3-97 IGMP In terface Settin gs CLI – This e xample configures th e IGMP p arameters f o r VLAN 1.
Mu ltic ast Filte rin g 3-163 3 Display ing Mul ticast Group Inform ation When IGMP ( Laye r 3) is e nabled on this switch t he cu rrent m ulticast g roups lea rned via IGM P can be dis played in th e IP/IGMP/ Grou p Informa tion page.
Configu ring the Switch 3-164 3 Configuring Doma in Name Servic e The Domain Nami ng System (DNS) ser vice on thi s switch allows h ost n ames to be map ped to IP ad dresses u sing static table e ntries or b y redirecti on to othe r name serv ers on the network.
Configuring Domain Name Ser vice 3-165 3 We b – Sele ct DNS, Ge neral Con figurat ion. Set the def ault dom ain nam e or list of dom ain name s, specif y one or mo re name s ervers to us e to use for add ress reso lution, enab le doma in looku p status, and cli ck Apply .
Configu ring the Switch 3-166 3 Configur ing Static DNS H ost to Address Entr ies Y o u can m anually co nfigur e static entries i n the DNS table that are used to ma p dom ain name s to IP addres ses.
Configuring Domain Name Ser vice 3-167 3 We b – Sele ct DNS, S tatic Hos t T able. Ent er a host nam e and one or more corres ponding addr esse s, then click Apply . Fi gure 3 -10 0 DNS St ati c Ho st T able CLI - T hi s ex ample map s t wo ad dres s to a hos t nam e, a nd th en confi gur es an alia s host nam e for th e same add resse s.
Configu ring the Switch 3-168 3 Display ing the DNS Cache Y o u can disp lay en tries in the DN S cac he that have b een lea rned via the designa ted nam e servers . Field Attributes •N o – The ent ry num ber for each resource record. • Flag – Th e flag is alw ays “4” indic ating a ca che entr y and ther efore unrel iable.
Dynamic Host Configura tion Proto col 3-169 3 CLI - This exam ple disp lays all the re source r ecord s learned f rom the desi gnated name s ervers. Dynamic Host C onfiguration Protoc ol Dynam ic Host.
Configu ring the Switch 3-170 3 Command Usage Y ou must specify the IP address for at least one DHCP serv er . Otherwi se, the switch’ s DHCP relay agent wi ll not forward client re quests to a DHCP server . Command Attri b utes • VLAN ID – ID of conf igured VLAN.
Dynamic Host Configura tion Proto col 3-171 3 Configur ing the DHCP Ser ver This switch in cludes a Dynamic Host Configur ation Protocol (DHCP) serv e r that ca n assign temp orary IP a ddresse s to any attached host reques ting servic e.
Configu ring the Switch 3-172 3 We b – Click DHCP , Server , General. Enter a s ingle address or a n ad dress range, and clic k Add. Figure 3-103 DHCP Serve r Genera l Confi guratio n CLI – This exam ple ena bles the DHCP and sets an excl uded addre ss range.
Dynamic Host Configura tion Proto col 3-173 3 Configurin g Address Pools Y o u mus t configure I P address pools for eac h IP inte rface that will provid e addre sses to attac hed clients via t he DHCP ser ver . Command Usage • First c onfigure a ddress po ols for the networ k interface s.
Configu ring the Switch 3-174 3 • Client-Identifier – A unique designati on for the cl ient devi ce, either a te xt string (1-15 ch aracter s) or hex adecim al value . Setti ng the Optio nal Parameters • Default R outer – The IP addr ess of the p rimary and alternat e g ateway router .
Dynamic Host Configura tion Proto col 3-175 3 Configu ring a Netw ork Addr ess Pool We b – Click DHCP , Server , Pool Configuration. Cli c k the Configure butto n for a ny entry . C lick the rad io butt on for “N etwork.” Enter th e IP addr ess and subne t mask for the netwo rk poo l.
Configu ring the Switch 3-176 3 Configu ring a Hos t Address Pool We b – Click DHCP , Server , Pool Configuration. Cli c k the Configure butto n for a ny entry . Click th e r adio butto n for “ Host.” Enter the IP ad d ress, subnet mask , and hardw are add ress for th e client de vice.
Dynamic Host Configura tion Proto col 3-177 3 Display ing Address Bindings Y o u can disp lay the ho st devi ces which h ave acq uired an I P address from thi s switch’ s DHCP server . Command Attri b utes • IP Ad dr ess – IP addres s assi gned to hos t.
Configu ring the Switch 3-178 3 Configuring Route r Redundancy Route r redund ancy prot ocols us e a virtual IP addres s to suppor t a primary r outer and mu ltiple backu p router s. The backup routers can be co nfigur ed to take over the wo rkl oad if the master route r fa ils, o r can also be conf igur ed to share the t raf fic l oad.
Configurin g Router R edundancy 3-179 3 • S evera l vi rtu al maste r ro uter s conf igur ed for mutual backu p an d lo ad sha ring. Load shar ing can b e acco mplishe d by as signin g a subset of addr esses t o differe nt host addre ss pools using t h e DHCP ser ver.
Configu ring the Switch 3-180 3 • VRRP creates a virtual M AC addr ess for the m aster rou ter based on a stan dard prefix, with the las t octet equa l to the grou p ID. Whe n a backu p router ta kes ove r as the mas ter, it c ontinu es to f orward traffi c add ressed to this virtua l MAC addr ess.
Configurin g Router R edundancy 3-181 3 Command Attri b utes (VRRP Group Configuration Detail ) • Associ ated I P Tabl e – IP interfac es asso ciated with this vir tual route r group.
Configu ring the Switch 3-182 3 We b – C lick IP , VRR P , Gr oup Configu ration. Se lect the VLA N ID, enter the VR ID group number , and cl ick Add.
Configurin g Router R edundancy 3-183 3 Click the Ed it button for a group ent ry to ope n the detailed con figurat ion windo w . Enter th e IP addre ss of a real int erface on this router t o make it the m aster v irtual router for the grou p. Other wise, enter the virtu al addre ss for an ex isting group to make it a ba ck up router .
Configu ring the Switch 3-184 3 CLI – This example creat es VRRP group 1, set s this switch as the m aster virtual router by assigning the primary interface address for t he selected V LAN to t he virtual IP address.
Configurin g Router R edundancy 3-185 3 CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch. Display ing VRRP Group Sta tistics The VR RP Group S tatist ics page displ ays count ers for VR RP protoc ol events an d errors that h ave o ccurre d on a spec ific VR RP in terface.
Configu ring the Switch 3-186 3 We b – C lick IP , VRR P , Gr oup S ta tistics. Sele ct the VLAN and v irtual router group. Figur e 3-1 1 1 VRRP Group Sta tistics CLI – This example displays VRRP protocol statistics for group 1, VLAN 1.
Configurin g Router R edundancy 3-187 3 Command Usage Ad dres s Assi gnme nt – • The des ignate d virtual IP addres s must b e configur ed on at le ast one rout er in the virtu al router grou p. If an IP add ress is not speci fied, the desi gnated addre ss is learne d through the excha nge of HS RP mes sages.
Configu ring the Switch 3-188 3 stop s sending hello mes sages or sends ot her mess ages ind icating t hat it is no longer acting as th e designa ted router . • You can add a delay to the pree mpt funct ion to giv e addition al time to re ceive an adver tiseme nt mes sage from th e curre nt ma ster befo re tak ing con trol.
Configurin g Router R edundancy 3-189 3 • Authen tication Strin g – K ey us ed to authen tica te HSR P pack ets recei ved f rom other ro uters. (Ra nge: 1-8 alphanum eric char acters ) - Al l routers in the same H SRP gro up must be confi gured with t he same authent ication string.
Configu ring the Switch 3-190 3 We b – C lick IP , HSR P , Group C onfigura tion. Select th e VLAN ID, enter the HSR P group number , and cl ick Add.
Configurin g Router R edundancy 3-191 3 Click the E dit but ton for a gr oup entr y to open the detailed con figura tion wind ow . Set the valu es for the adver tisemen t interval, preempti on, priorit y , and aut henticat ion as requir ed. Enter the virtu al IP add ress fo r the group .
Configu ring the Switch 3-192 3 CLI – This example creat es HSRP group 1, sets t he virt ual rout er ’s address, adds a secondary IP address t o the group, specifies an i nterface for tracking, set s all the other HSRP parameters, and then d isplays the configured settings.
IP Routing 3-193 3 IP Routing Overview This sw itch suppo rts IP routing an d routin g path mana gement via static routin g definit ions (page 3 -21 1) and dyna mic rout ing such as RIP (page 3-21 3) or OSP F (page 3-223 ).
Configu ring the Switch 3-194 3 IP Sw itch ing IP Swi tching (o r packet for warding ) enc ompasses tas ks requir ed to fo rward packe ts for bot h Layer 2 and Layer 3, as well as trad itional rou ting.
IP Routing 3-195 3 the hi gh thr oughpu t and low laten cy of switc hing b y ena bling th e traffic to b ypass t he routi ng engine once the path calcu lation has been per formed.
Configu ring the Switch 3-196 3 Basic IP Inte rface Configurat ion T o a llow r outing betwee n differen t IP subne ts, you m ust e nabl e IP R outing as descr ibed in this section . Y ou a lso need t o you define a VLAN for each IP subn et that wi ll be connected dir ectly to this switch.
IP Routing 3-197 3 Configur ing IP Routing Interf aces Y o u can sp ecify the I P subne t s connec ted to th is router by m anually as signin g an I P ad dre ss to each VLA N, or by u sin g t he RI P .
Configu ring the Switch 3-198 3 We b - Click IP , General, Routin g In terface. S p ecify an IP inte rface fo r each VLAN that will support rou ting to ot her subne ts.
IP Routing 3-199 3 Address Res olution Protocol If IP routin g is enabl ed (page 3-19 6), the rou ter uses it s routi ng tables to make routi ng decision s, and use s Addre ss Resolu tion Pro tocol (AR P) to forw ard traffic from one hop t o the n ext.
Configu ring the Switch 3-200 3 Basic A RP Configuration Y o u can us e the ARP Ge neral co nfiguratio n menu to spe cify the tim eout for ARP cac he en tries , or to ena ble Proxy ARP fo r sp eci fi c VLA N in terf aces. Command Usage • The agi ng time de termine s how lo ng dynam ic entrie s remain t he cach e.
IP Routing 3-201 3 Configurin g Static ARP Address es For devices that d o not respond to ARP request s, traffi c will be dropped because the IP add ress cann ot be map ped to a physical ad dress . If this occu rs, you ca n man ually map an IP addres s to the co rrespon ding phy sical ad dress in the ARP .
Configu ring the Switch 3-202 3 Display ing Dynamica lly Learned ARP Entries Th e ARP c ache cont ains ent ries that map I P a ddre sses t o th e corr espon ding physica l addres s. Most of the s e en tri es will be d ynamica lly learned thro ugh replies to broadc ast mes sages.
IP Routing 3-203 3 CLI - This exam ple shows al l entries in th e ARP cach e. Displaying Local ARP Entries Th e ARP cac he also cont ains en tries for l oca l inte rfac es, in cludi ng sub net, host , and broad cast a ddre sses. Command Attri b utes • IP Ad dr ess – IP addr ess of a loca l entry in t he cache.
Configu ring the Switch 3-204 3 CLI - This rout er uses the T yp e specific ation “ot her” to indica te local cac he entries in the ARP cache. Displaying ARP Statistics Y o u can disp lay statisti cs for ARP mes sages crossin g all interface s on this rou ter .
IP Routing 3-205 3 CLI - This exam ple provid es detailed stati stics on com mo n IP-related protoco ls. Display i ng Statist ics for IP Prot ocols IP Statistics The Inte rnet Pro tocol (IP) provi des.
Configu ring the Switch 3-206 3 Datag rams F orwarded The numb er of in put da tagram s for whic h this e ntity w as not the ir final IP destin ation, a s a result of whic h an a ttempt was made to find a rou te to forwar d them to tha t final dest ination .
IP Routing 3-207 3 We b - Click IP , S tatis tics, I P . Figure 3-121 IP St atistics CLI - See the exa mple on page 3- 204. ICMP Stat istics Internet Control Messag e Protoco l (ICMP) is a ne twork laye r protoc ol that trans mits mess age p ack ets t o re port e rrors in proc essi ng I P pa cket s.
Configu ring the Switch 3-208 3 We b - Click IP , S tatis tics, ICMP . Figu re 3-12 2 ICM P Statisti cs CLI - See the exa mple on page 3- 204. Timestamp s The numb er of I CMP Times tamp (r equest) m essage s rece ived/se nt. Timestamp Replie s The num ber of ICMP Time stamp Rep ly mes sages receive d/sent.
IP Routing 3-209 3 UDP Statistics User Data gram Prot ocol (UDP ) provide s a datagram m ode of packet -switche d comm unic ation s. It uses IP as the un derl ying t rans port mech anis m, prov idin g access to I P -lik e services.
Configu ring the Switch 3-210 3 TCP Statistics The T r ansmi ssion Con trol Protoco l (TCP) provides hi ghly reliab le host -to-host conne ctions in pack et-swi tched netwo rks, a nd is used in c onjunct ion wi th IP to suppo rt a wide va riety of Int ernet prot ocols.
IP Routing 3-211 3 Configur ing Static Routes Th is ro uter can d ynam ical ly co nfig ure r outes to ot her n etwor k segme nts usin g dynami c routing protoco ls (i.e., RIP or OS PF). How ever , you ca n also manua lly ente r st atic ro utes in the routing table.
Configu ring the Switch 3-212 3 Display i ng the Routing Table Y o u can d isplay all the rou tes tha t can be access ed via t he local networ k interf aces, via static rout es, or via a d ynamic ally learne d route.
IP Routing 3-213 3 CLI - This exam ple show s route s obtained from various me thods. Configur ing the Routing Infor m ation Prot ocol The RIP protocol is th e most wide ly used ro uting protoc ol. The RI P protoc ol uses a distance -vector- based approach t o routing.
Configu ring the Switch 3-214 3 routi ng loops may occu r , a nd its smal l hop count l imitation of 15 rest ricts its use to sma ller netwo rks. More over , RIP (ver sion 1) wa stes v aluable net wor.
IP Routing 3-215 3 We b - Click Ro uting Prot ocol, RIP , Gene ral Settings . Enab le or disable RI P , set the RIP versi on used on previous ly unset in terfaces to RIPv1 or RIPv 2, set the ba sic update t imer, an d then click App ly.
Configu ring the Switch 3-216 3 Specify ing Network I nterfaces for RIP Y ou mu st spe cify netwo rk in terf aces t hat wil l be inc luded in th e RIP rou ting proce ss. Command Usage • RIP onl y sends up dates to interface s specifi ed by this com mand.
IP Routing 3-217 3 Configurin g Network Inte r faces for RI P For eac h interface th at participates in the R IP routing process, you must spec ify the protoc ol mes sage typ e acce pted (i.
Configu ring the Switch 3-218 3 Protoco l Me ssage Authen tication RIPv1 is not a secur e protoco l. Any devi ce send ing protoc ol mess ages from UDP por t 520 wil l be cons ider ed a ro uter by it s neigh bors. Malic ious or u nwant ed proto col mes sages can be easily pro pagated througho ut the ne twork if no au thentica tion is requir ed.
IP Routing 3-219 3 • Authen tication Key – S pecifies the key to use for authe nticati ng RIPv2 packe ts. For auth entica tion to funct ion prop erly, both th e sending and recei ving inte rface mus t use the sam e passw ord. (Ran ge: 1-16 charac ters, cas e sensitiv e) We b - Click Ro uting Prot ocol, RIP , Interf ace Settin gs.
Configu ring the Switch 3-220 3 Display ing RIP Info rmation a nd Statistics Y o u can disp lay ba sic inform ation ab out the cu rrent glo bal config uration se tting s for RIP , statisti cs a bout r.
IP Routing 3-221 3 We b - Click Ro uting Pr otocol, RI P , S tatisti cs. Figur e 3-130 RIP Statistics.
Configu ring the Switch 3-222 3 CLI - The informa tion displ ayed by t he RIP S tatistics scree n via the we b interface can be ac cess ed fro m the CLI u sing t he fo llowin g comm and s.
IP Routing 3-223 3 Configur ing the Open Shortest Path First Protocol Open Sho rtest Path First (OSPF) is mo re suited for large area ne tworks w hich exper ience fre quent cha nges in th e links.
Configu ring the Switch 3-224 3 • OSPF v2 is a compatible u pgrade to OSPF . It invo lves enh anceme nts t o pro tocol mes sage auth entication , and the a ddition of a point-to- multipo int interfac e which allows OSPF to ru n over non- broadca st networ ks, as w ell as suppo rt for over lapping ar ea ranges .
IP Routing 3-225 3 • AS Boundary Rout er 20 – Allo ws this rout er to exch ange rout ing infor mation wi th bou ndary ro uters in other autonom ous syst ems to which it ma y be attached. I f a router is enab led as an ASBR , t hen every other ro uter in t he auto nomous syste m c an lea rn about external routes from this devi ce.
Configu ring the Switch 3-226 3 We b - Click Ro uting Prot ocol, OSP F , Gene ral Config uration. Ena ble OSPF , speci fy the Rou ter ID, con figure the other globa l parameter s as requir ed, and cl ick Apply .
IP Routing 3-227 3 Configurin g OSPF Areas An autono mous system must be c onfigured with a back bone area , design ated by area ide ntifier 0. 0.0.0. By default, al l other are as are cr eated as n ormal tr ansit are as. Ro uter s in a norm al area ma y imp ort or ex port rout in g inf ormat ion abo ut indi vidu al nodes .
Configu ring the Switch 3-228 3 • Route s that can be adverti sed with NSS A exter nal LSAs include net work destin ations out side the AS lear ned via OSPF , the def ault route, stat ic routes, routes derived from other ro uting prot ocols su ch as RI P, or directl y connect ed netwo rks that are not running O SPF.
IP Routing 3-229 3 We b - Click Ro uting Pr otocol, OSP F , Are a Configu ration. S et any are a to a stub or NSSA as requi red, speci fy the cos t for the defaul t summary r oute sent into a st u b, and clic k Apply . Fig ure 3- 132 OSP F Area Conf igur at ion CLI - This examp le config ures area 0.
Configu ring the Switch 3-230 3 Configurin g Area Ranges (Ro ute Summarizati on for ABRs) An OSP F area can i nclude a large numb er of node s. If the Area Border Rout er (ABR) has to adver tise route infor mation for e ach o f these node s, th is waste s a lot of band width and pr ocessor time.
IP Routing 3-231 3 We b - Click Ro uting Pr otocol, OSP F , Are a Range Co nfigur ation. S pec ify the are a identif ier , the ba se add ress and netwo rk mas k, sele ct wh ether or n ot to ad vertise t he sum mary rout e to other ar eas, and then click Ap ply .
Configu ring the Switch 3-232 3 Configurin g OSPF Interfaces Y o u should specify a routing in terface for any local subnet that needs to com municat e with ot her net work segm ents loc ated on thi s rout er or elsew here in t he network.
IP Routing 3-233 3 - O n slow link s, the rou ter may sen d pack ets mor e quickly t han dev ices can rece ive them. To avoi d this pro blem, yo u can u se the tran smit delay to f orce the router to wait a spec ified inter val bet ween tran smiss ions.
Configu ring the Switch 3-234 3 - You can ass ign a uniq ue passw ord to eac h network (i.e., auto nomous system ) to imp rove the secu rity of th e routing da tabase. However , the pas sword must be used co nsiste ntly on all neig hboring routers through out a netw ork.
IP Routing 3-235 3 Ch ang e any of th e int erfa ce- speci fi c prot ocol p arame ters , an d then cl ick App ly . Figu re 3-1 35 OS PF Interf ace Co nfigura tion - Detaile d CLI - T hi s ex ample confi gure s th e int erfa ce p ara meter s for VLAN 1.
Configu ring the Switch 3-236 3 Configurin g Virtual Links All OSPF area s must c onnect to the backb one. I f an ar ea d oes no t have a direct physica l connec tion to the backb one, you c an conf igure a vi rt ual lin k that pro vide s a log ic al path to the back bone.
IP Routing 3-237 3 We b - Cl ick Rout ing Protoc ol, OSPF , V i rtual Link C onfigur ation. T o create a ne w virtu al link, sp ecify the Are a ID a nd Neigh bor Ro uter ID , conf igure th e link attribute s, and clic k Add.
Configu ring the Switch 3-238 3 Configurin g Network Area Address es OSPF pro tocol broa dcast mess ages ( i.e., Link S tate Adv ertisemen ts or LSAs) are restric ted by are a to limit their impact on net work pe rforman ce.
IP Routing 3-239 3 We b - Click Ro uting Prot ocol, OSP F , Netw ork Area Ad dress Con figuration . Co nfi gure a back bone area tha t i s cont iguo us wi th al l th e oth er ar eas in you r netwo rk, configur e an area f or all of the othe r OSPF inte rfaces, t hen click App ly .
Configu ring the Switch 3-240 3 CLI - This examp le conf igures the backbo ne area and one trans it area. Console(config-router)# network 10.0.0.0 255.0.0.0 area 0.0.0.0 4-267 Console(config-router)# network 10.1.1.0 255.255.255.0 area 0.0.0.1 Console(config-router)# end Console#show ip ospf 4-278 Routing Process with ID 10.
IP Routing 3-241 3 Configurin g Summary Addresse s (for External AS Routes) An Autono mous Syst em Boun dary Ro uter (ASB R) can redist ribute rout es learned from oth er proto cols into a ll attached au tonomous syste ms.
Configu ring the Switch 3-242 3 CLI - T hi s ex ample Th is exa mple c reat es a s umm ary addr ess for all rout es containe d in 192.1 68.x.x . Redistrib uting Exte rnal Routes Y o u can co nfigure t his router to import ext ernal rou ting info rmation from other routi ng protocol s into the au tonom ous syste m.
IP Routing 3-243 3 We b - Cl ick Rout ing Protoc ol, OSPF , Redistr ibute. S pec ify the pro tocol type to impor t, the metric type and path cos t, then clic k Add. Figure 3-139 OSPF Redist ribute Co nfigur ation CLI - This exam ple redist ributes rout es lear ned from RI P as T ype 1 exter nal routes .
Configu ring the Switch 3-244 3 Note: This router support s up 16 areas , either normal transit areas, stubs, or NSSAs. We b - Click Ro uting Protocol, OSPF , NSSA Settings. Create a new NSSA or modify the rout ing beha vior for an exist ing NSS A, and click Apply .
IP Routing 3-245 3 Display ing Link State Data base Inf ormation OSPF route rs advertise routes usi ng Link S tate Advertisem ents (LSAs). Th e full col lect ion o f LSAs col lecte d by a router int erfa ce f rom t he att ach ed are a is k nown as a li nk sta te dat a base.
Configu ring the Switch 3-246 3 We b - Cl ick Rout ing Protoc ol, OSP F , Link S tate Database Informa tion. S pe cify paramet ers for the LSAs y ou want to display , then c lick Quer y . Figur e 3-14 1 OSPF Link S tate Da tabase Inform ation CLI - The CLI pr ovides a wi der sele ction of disp lay opt ions for vi ewing the Link S tate Databas e.
IP Routing 3-247 3 Display ing Information on Border Routers Y o u can display e ntries i n the local routing table for A rea Bord er Route rs (ABR) and Autonom ous Sy stem Bound ary Rou ters (ASB R) known by t his device . Field Attributes • De sti natio n – Identifier for the de stination router.
Configu ring the Switch 3-248 3 Display ing Information on Neighb or Routers Y o u can disp lay ab out neighbo ring ro uters on e ach inte rface wi thin an OSP F area. Field Attributes • ID – Ne ighbor ’s ro uter ID. • Priority – N eigh bor’s router p riority .
Mult ica st Rou ting 3-249 3 Multicast Routing This rou ter can ro ute multic ast traffic to different su bnetwo rks usin g either Di stance V ec tor Multica st Routi ng Protocol (DVMR P) or Protoc ol-Indep endent M ulticas ting - Dense M ode (P IM-DM) .
Configu ring the Switch 3-250 3 Display i ng the Multica st Routing Table Y o u can disp lay inf ormatio n on each multicast route thi s router has learned via DVMR P or PIM. Th e router le arns mu lticast route s from nei ghboring r outers, and also adv ertise s these rout es to its neighbo rs.
Mult ica st Rou ting 3-251 3 We b – Click IP , Mu lticast Routi n g, Mult ic as t Routing T able. Click Det ail to displ a y addition al inform ation fo r any entry .
Configu ring the Switch 3-252 3 CLI – This exam ple sho ws that m ulticast f orwarding i s enab led. The mult icast routi ng table display s one entr y for a multicas t source routed by DVMR P , and another source ro uted via PI M. Console#show ip mroute 4-293 IP Multicast Forwarding is enabled.
Mult ica st Rou ting 3-253 3 Configur ing DVMRP The Dis t a nce-V ec tor Multicas t Routing Pr otocol (DVM RP) be haves som ewha t simila rly to RI P . A router suppor ting DVM RP p eriodicall y floods its attached networ ks to pass infor mation ab out su pported mu lticast services al ong to new routers and hosts.
Configu ring the Switch 3-254 3 Command Usage Broad casting pe riodical ly floods the network wit h traf fic from a ny active mult icast se rver . If I GMP snoop ing is disa bled, mul ticast tra f fic is floo ded to all ports o n the rout er .
Mult ica st Rou ting 3-255 3 which this devic e has receiv ed prob es, and is use d to veri fy whethe r or not thes e neighbo rs are s till acti ve mem bers of the multi cast tree .
Configu ring the Switch 3-256 3 We b – Click Routing Pr o tocol , DVMRP , General Settings . Enable or dis ab le DVMR P . Set th e global param eters th at control neighbo r timeout, th e exchange of routing i nformat ion, or the pru ne lifetime , and click Apply .
Mult ica st Rou ting 3-257 3 DVMRP Interface Settings • VLAN – Sele cts a VLA N in terf ace on this r out er. • Metric – Sets the met ric for this in terface us ed to calcul ate dista nce vec tors.
Configu ring the Switch 3-258 3 Display ing Neighbor Informat ion Y o u can disp lay all th e neighbo ring DVM RP router s. Command Attri b utes • Neighbor Addr ess – T he IP add ress o f the ne twork de vice i mmediat ely ups tream for th is multicast deli v ery tree.
Mult ica st Rou ting 3-259 3 Display ing the Ro uting Table The rou ter learns so urce-ro uted info rmation from neig hboring DVMRP r outers and also adv ertises l earned ro utes to its neigh bors. The ro uter mere ly records path i nfor mat ion i t has lear ned o n it s o wn or f rom ot her router s.
Configu ring the Switch 3-260 3 CLI – This exam ple displ ays know n DVMR P routes . Configur ing PIM-DM Protoco l-Indepe ndent Multicast ing (PIM ) provides two different m odes of ope ration: sparse mod e and den se mo de.
Mult ica st Rou ting 3-261 3 We b – Clic k Routing Pro tocol, PIM -DM, Gen eral Sett ings. Enabl e or disabl e PIM-DM globally f or the router , an d click Apply . Figure 3-150 PIM- DM Ge neral Sett ings CLI – T his ex ampl e enab les PIM-D M gl oball y an d di spla ys t he cur rent sta tus.
Configu ring the Switch 3-262 3 • Trigger H ello Interval – Confi g ures the maximum ti me before transmitt ing a triggere d PIM hello m essag e after the router is r ebooted or PIM is enabl ed on an inter face.
Mult ica st Rou ting 3-263 3 We b – Click Routing Protocol, PIM-DM, Inte rface Se ttin g s. Select a VLAN, enable or disabl e PIM-DM f or the select ed interface , modi fy any of the pro tocol param eters as requir ed, and cli ck Apply .
Configu ring the Switch 3-264 3 Display ing Interface Information Y o u can dis play a sum mary of the curre nt interfac e status for PIM -DM, including the num ber of neigh boring PIM routers, and the add ress of the de signat ed PIM rout er. Command Attri b utes • In terf ace – A VLAN inte rface on this r outer.
Mult ica st Rou ting 3-265 3 We b – Click Rout ing Protocol , PIM-DM, Neig hbor Informati on. Figur e 3-15 3 PIM- DM Neigh bor In format ion CLI – This exam ple displ ays the o nly neighbo ring PIM-D M router .
Configu ring the Switch 3-266 3.
4-1 Chapter 4: Command Line Interface This chap ter desc ribes ho w to use the Comm and Line Interface (CLI). Using the Comm and Line Interface Accessing the CLI When access ing the ma nagemen t inter.
Command Li ne Interface 4-2 4 T o acce ss the switch thr ough a T e lnet ses sion, you m ust firs t set the IP ad dress fo r the swit ch, and se t the def ault gatewa y if you ar e manag ing the swi tch from a different IP su bnet.
Enteri ng Commands 4-3 4 Entering Comma nds Th is sect ion de scri bes how t o enter CL I comman ds. Keywords and Arguments A CLI comm and is a series of key words and ar gumen t s. Ke ywords iden tify a com mand, and ar guments specify con figuration paramete rs.
Command Li ne Interface 4-4 4 Showing Com mands If you ent er a “?” at the co mm and prom pt, the sys tem will display th e first leve l of keywor ds for the cu rrent c omman d class (N ormal E xec or Privil eged Exec) or configurati o n class (Gl oba l , ACL, DHCP , Interface, Line, Router , VLAN Database, or MSTP ).
Enteri ng Commands 4-5 4 The co mma nd “ show interf aces ? ” will display the foll owing informati o n: Partial Keyword Lookup If you term inate a part ial keywor d with a ques tion mar k, altern atives tha t match th e initial let ters are pro vided.
Command Li ne Interface 4-6 4 Understand ing Com mand Modes The com mand s et is divided into Exec and Config uration clas ses. Exe c comma nds gener ally disp lay infor mation on system status or clea r statistical co unters. Configu ratio n comm ands, on the oth er hand, modify in terfac e parameter s or enab le certain sw itching f unctions.
Enteri ng Commands 4-7 4 Configur ation Commands Configu ratio n comma nds are pr ivileged level co mmand s used to m odify sw itch settings . These com mands m odify the run ning config uration onl y and are not sav ed when th e switch is rebooted .
Command Li ne Interface 4-8 4 T o ent er the other modes, at the configu ratio n prompt ty pe one of the f ollowing com mands. Use the exit or end comma n d to r e tur n to the Privile ged Exec mode.
Enteri ng Commands 4-9 4 Command Line Pr ocessing Comm ands ar e not case se nsitive . Y ou can ab brevia te comm ands a nd parameter s as long as they co ntain enough l etters to different iate them from any ot her cur rently availa ble com mands or parameters .
Command Li ne Interface 4-10 4 Command Group s The sy stem c omma nds ca n be brok en do wn into the fun ctional g roups show n belo w . T able 4- 4 Co mmand G roup Index Comm and G roup De scripti on.
Line Co mmands 4-11 4 The acc ess mode shown i n the follow ing tables is indi cated by t hese abbr eviation s: NE (N orm al Ex ec) VC (VLAN D atabase Co nfigur ation) PE (Privileg ed Exec ) MST (M ul.
Command Li ne Interface 4-12 4 line This com mand i dentifie s a spe cific line for con figuration , and to process subse quent line con figurat ion com mands. Syntax lin e { co nsole | vty } • console - Cons ole term inal line. • vty - Vi rtua l t ermin al fo r rem ote co nsole acces s (i.
Line Co mmands 4-13 4 Command Usage • There are three aut henticat ion mo des provide d by the swi tch itself at login: - lo gin select s authenti cation b y a single gl obal pass word as spec ified by th e password l ine confi guration c omman d. Wh en using thi s meth od, the managemen t interf a ce starts in Normal Exec ( N E) mode.
Command Li ne Interface 4-14 4 num ber of times a user can ent er an inc orrect pas sword before th e system termin ates the line conn ection and r eturns the termina l to the idle st ate. • The enc rypted passwor d is requ ired for comp atibi lity with legac y pass word settings (i.
Line Co mmands 4-15 4 exec -timeout This com mand se ts the interv al that the sys tem w aits until user in put is dete cted. Us e the no form to rest ore the d efault. Syntax exec-tim eout [ seco nds ] no exec-t imeout seconds - Integer that specifies the number of seconds.
Command Li ne Interface 4-16 4 Command Usage • When the logo n attemp t threshol d is rea ched, the sy stem in terface become s silent fo r a specified amou nt of time befor e allowing the nex t logon attem pt. (Use the s ile n t-t ime com ma nd to s et th is inte rv al.
Line Co mmands 4-17 4 databi ts This com mand se ts the numb er of data bits per chara cter that are interp reted and gener ated by the co nsol e port. Use t he no for m to resto re th e defau lt va lue. Syntax d ata b its { 7 | 8 } no dat a bit s • 7 - Seve n data bits pe r charac ter.
Command Li ne Interface 4-18 4 Command Usage Comm unica tion prot ocols provi ded by devices such as te rminals and mode ms often requ ire a specifi c p arit y bit setting . Example T o specify no pari ty , enter this command: spe ed This command s e t s the terminal line’s b aud rate.
Line Co mmands 4-19 4 Defaul t Setting 1 stop bit Command Mod e Line C onfigur ation Example T o spec ify 2 stop bits, ent er this com mand : disco nnect Th is com mand termi nate s an SS H, T elnet , or c onsol e co nne ction . Syntax disconne ct sessio n-id sessi on-i d – The session identifi er for an SSH, T elnet or con sole connection.
Command Li ne Interface 4-20 4 Command Mod e Normal Exec, P rivile ged Exec Example T o show all lines, en ter this co mmand : General Comma nds Console#show line Console configuration: Password thres.
General Commands 4-21 4 ena ble Th is com mand acti vates Priv ileg ed Exec mode. In pr ivi leg ed mode , ad di tio nal com mands a re av ailable, a nd certain c omman ds di splay a dditiona l informa tion. See “Un derstandin g Comm and Mod es” on page 4-6.
Command Li ne Interface 4-22 4 Example Related Commands enable (4-21) config ure This c omman d ac tivates Glob al Conf iguration mo de. Y ou m ust e nter t his mo de t o mod ify any setti ngs on the switch.
General Commands 4-23 4 Example In this exa mple, the show hi story co mmand lists the con tents of the comm and histor y buffer: The ! comma nd repeat s comma nds fr om the Exec utio n co mmand hi st.
Command Li ne Interface 4-24 4 end This com mand re turns to Priv ileged Exec mode. Defaul t Setting None Command Mod e Globa l Configur ation, Inte rface Con figurat ion, Line Con figurat ion, VLAN Databas e Configu ration, an d Multiple S pann ing T re e Configu ration.
System Management Commands 4-25 4 Example Th is exam ple s hows how to qu it a CLI se ssio n: System Manage ment Commands Th ese co mmand s ar e us ed to c ontr ol sys tem lo gs, p assw ords , us er na mes, brow ser conf iguration op tions, and display or confi gure a variet y of other sy stem inf ormatio n.
Command Li ne Interface 4-26 4 prompt Th is com mand custo mizes the CLI prompt . Us e t he no form t o restore t he defaul t prompt . Syntax prompt string no prompt string - Any al phanumeric string to use for the CLI prompt .
System Management Commands 4-27 4 User Acces s Commands The b asic c omma nds required for m ana gement access ar e liste d in thi s s ection. This sw itch also includes ot her option s for passwor d .
Command Li ne Interface 4-28 4 Command Usage The enc rypted pass word is re quired for compatibility with legacy password settings (i.e ., plain text or e ncrypt ed) w hen rea ding t he c onfigura tion fi le dur ing system bootup or when downl oading the config uration f ile from a T FTP serve r .
System Management Commands 4-29 4 Related Commands enable (4-21) IP Fi lter Commands mana gement This com mand sp ecifies t he client IP address es that a re allowed m anage ment acces s to the swi tch throu gh vario us protoc ols. Use the no form to restore the defa ult setting .
Command Li ne Interface 4-30 4 • You can delete an addre ss range ju st by spec ifying the st art add ress, or by specif ying bot h the sta rt address an d end ad dress . Example Th is exam ple r estri cts m a n age ment ac ces s to the in dica ted ad dress es.
System Management Commands 4-31 4 Web Server Commands ip http port This com mand sp ecifies t he TCP por t numbe r used by the w eb brow ser inter face. Us e the no form to us e the defaul t port. Syntax ip http port po rt-numb er no ip http port port-number - The TCP port to be u sed by the browse r interface.
Command Li ne Interface 4-32 4 Example Related Commands ip htt p port (4-31 ) ip http secure-server This com mand en ables th e secure hy pertex t transfer pr otocol (HTT PS) over the Secure Socket Layer (SSL), p roviding sec ure acc ess (i.e ., an encrypted conn ection ) to the swi tch’s web inte rface.
System Management Commands 4-33 4 Example Related Commands ip http secu re-por t (4- 33) copy tftp https-cer tificate (4 -64) ip http secure-port This com mand sp ecifies the UDP port n umber used for HTTP S/SSL conn ection to the switc h ’ s web interface .
Command Li ne Interface 4-34 4 Telnet Ser ver Commands ip teln et port This co mmand spec ifies the TCP port n umber used by the T e lnet int erface . Use t he no form to use the def ault port. Syntax ip telnet port port-n u mbe r no ip telnet port port-number - The TCP port to be u sed by the browse r interface.
System Management Commands 4-35 4 Related Commands ip t e l net port (4 -34) Secure She ll Commands The Ber kley-s t a ndard includes r emote a ccess too ls original ly designe d for Un ix system s. Som e of these tools have al so bee n implemen ted for Mi crosoft Windo ws and ot her enviro nments.
Command Li ne Interface 4-36 4 The SS H server on this swi tch supp orts both passw ord and pub lic key auth entication . If password au then tication is specifie d by the SS H client, the n the passw.
System Management Commands 4-37 4 corres ponding to the publ ic keys s tored on the switch ca n gain a ccess. Th e follow ing exch anges take plac e during this proces s: a. The cl ient se nds it s pu blic key to the swi tch. b. The swi tch com p ares the client' s public key to those st ored in me mory .
Command Li ne Interface 4-38 4 ip ss h timeout This com mand co nfigur es the time out for the SSH se rver . Use t he no form to r estore the defa ult settin g. Syntax ip ss h time out secon ds no ip ssh t imeout seconds – The timeout for client response during SSH negotiation.
System Management Commands 4-39 4 Example Related Commands show ip ssh (4-4 1 ) ip ss h server-key s ize This com mand sets the SSH serv er key size. Use the no f orm to restor e the defa ult setting. Syntax ip ssh se rver-k ey size key- size no ip ssh ser ver-key size key-size – The size of server key .
Command Li ne Interface 4-40 4 Example ip ss h crypto host-k ey gene rate This com mand ge nerates the host key pair (i.e., pub lic and privat e). Syntax ip ssh cryp to host-k ey generat e [ dsa | rsa ] • dsa – DSA (V ersion 2) key type . • rsa – RSA (Versi on 1) key typ e.
System Management Commands 4-41 4 Command Mod e Privileged Exec Command Usage • Th is co mmand clear s the ho s t key fr om volatil e memo ry (RAM). Use t he no ip s sh save host -key command to c lear th e host k ey from flash memory. • The SSH server mu st be disa bled befor e you ca n execu te this comm and.
Command Li ne Interface 4-42 4 Example show ss h This com mand di splays the current SSH server con nectio ns. Command Mod e Privileged Exec Example Console#show ip ssh SSH Enabled - version 1 .
System Management Commands 4-43 4 show pub lic-key Th is com mand shows the publ ic ke y for the s pec ified user or fo r th e ho st. Syntax show public- key [ us er [ us ernam e ]| host ] username – Name of an SSH u ser . (Range: 1-8 ch aracters) Defaul t Setting Shows al l public ke ys.
Command Li ne Interface 4-44 4 Event L ogging Commands loggin g on This com mand co ntrols logging of error mess ages, se nding deb ug or er ror messa g es to swi tch memory .
System Management Commands 4-45 4 loggin g history This com man d limits syslog messa ges sa ved to sw itch mem ory base d on seve rity . The no f orm return s the lo g ging of syslo g messages to the def ault le vel.
Command Li ne Interface 4-46 4 loggin g host This com mand ad ds a sysl og serve r host IP address t hat will recei ve logg ing mes sages. Use the no form to remove a s y slo g server host. Syntax [ no ] log ging hos t host_ip_ address host_ip_address - The IP address of a sysl og server .
System Management Commands 4-47 4 loggin g trap This com mand en able s the loggin g of system messag es to a rem ote serv er , or limits the sy slog me ssage s saved to a rem ote ser ver based on sever ity . Use th is com mand witho ut a spe cified leve l to enable r emote logging .
Command Li ne Interface 4-48 4 Related Commands show lo gging (4 -48) show log ging This com mand di splays the loggin g config uration, along with an y system and ev ent messa ges stor e d i n memory . Syntax sh ow logg ing { flash | ram | sendmail | tr ap } • flas h - Event history s tored in flas h memo ry (i.
System Management Commands 4-49 4 The follow ing ex ample dis plays set tings for th e trap funct ion. Related Commands show lo gging sen dma il (4-52) SMTP Alert Commands These comman ds configu re SMTP ev ent handl ing, and fo rwardi ng of alert mes sages to the s pecified SMTP se rvers and email recip ients.
Command Li ne Interface 4-50 4 loggin g sendmail h ost This co mmand spec ifies SM TP se rvers tha t will b e sent a lert me ssage s. Use t he no form to remove an SMTP serv e r . Syntax [ no ] log ging sendmail host ip_ad dres s ip_address - IP address of an SMTP server t hat will be sent alert messages for event handling.
System Management Commands 4-51 4 Command Usage The specified level indicates an event threshold. All event s at this level or higher will be se n t to the confi g ured email rec ipients. (For example, u sing Level 7 wil l report all even ts fr o m le vel 7 to le v el 0.
Command Li ne Interface 4-52 4 Command Usage Y o u can spe cify up to five recipien ts for alert mes sages . Howev er , yo u must ente r a separate com mand to specify each reci pient. Example loggin g sendmail This com mand en ables SMTP ev ent hand ling.
System Management Commands 4-53 4 Time Commands The sys tem clock can be dy namic ally set by p olling a set of specifie d time ser vers (N TP or SNTP). Mai ntai ni ng an ac curat e ti me on the sw itc h enab les t he sy st em l og to re c ord me a ningf ul dates and times f or event ent ries.
Command Li ne Interface 4-54 4 Example Related Commands sntp s erver (4 -5 4) sntp poll (4-55) show sn tp (4-55 ) snt p ser ver This com mand se t s th e IP addres s of the serv ers to which SN TP time requests are issued. Use the th is comma nd with no argume nts to clear al l time serve rs from the current list.
System Management Commands 4-55 4 Related Commands sntp cl ient (4-53) sntp poll (4-55) show sn tp (4-55 ) sntp p o ll This com mand se ts the interv al betwe en sendin g time req uests when th e switch is set to SNTP client mo de. Use the no form to res tore to th e def ault.
Command Li ne Interface 4-56 4 Example clo ck ti mez one This comma nd set s the t ime zone for t h e s witch’ s internal cl o ck. Syntax clock timez one nam e hour hour s minu te minutes { before -utc | aft er- utc } • nam e - Name of timezone , usually an acron ym.
System Management Commands 4-57 4 cal end ar se t This com mand se ts the syst em cloc k. It may be use d if there is no t ime serve r on your network , or if y ou have n ot co nfigured the sw itch to receive signals from a time serv er . Syntax cale ndar set hou r min se c { day m onth year | mont h day yea r } • hour - Hour in 24-hour fo rmat.
Command Li ne Interface 4-58 4 System Status Com mands show sta rtup-config This command d isplays th e conf iguration f ile stored in non-v olatile me mo ry that is used to star t up the sy stem.
System Management Commands 4-59 4 Example Related Commands show ru nning- config (4-59) show runn ing-config This com mand di splays the config uration in format ion current ly in use.
Command Li ne Interface 4-60 4 - VLA N datab ase (VL AN ID , name an d state) - VLA N con figuratio n settings for each i nterface - M ultiple spa nning tr ee instanc es (na me and inte rfaces) - IP a.
System Management Commands 4-61 4 show sy stem This command displays system in formatio n . Defaul t Setting None Command Mod e Normal Exec, P rivile g ed Exec Command Usage • For a de scriptio n of the item s shown b y this comm and, re fer to “D isplay ing System Informa tion” on pag e 3-11.
Command Li ne Interface 4-62 4 show us ers Shows all a ctive consol e and T eln et ses sions, i ncluding use r nam e, idle time, and IP addre ss of T elnet client. Defaul t Setting None Command Mod e Normal Exec, P rivile ged Exec Command Usage The s ession used to exec ute this com mand i s indica ted by a “* ” symb ol next to the Line (i.
System Management Commands 4-63 4 Example Frame Size Commands jumbo frame This com mand en ables sup port fo r jumbo fram es. Use t he no form to di sable i t.
Command Li ne Interface 4-64 4 • Enabl ing jumb o frames w ill limit the ma ximum threshol d for broad cast sto rm cont rol to 64 packe ts per sec ond. (See the switchport br oadcast co mmand on pa ge 4-15 5.) Example Flash/File Comm ands These comm ands are u sed to ma nage the s ystem code or co nfigur ation f iles.
Flash/F ile Commands 4-65 4 Defaul t Setting None Command Mod e Privileged Exec Command Usage • The s ystem pr o mpts fo r data requi r ed to comple te the copy command. • The de stinati on file na me shou ld no t contain slashe s ( or /) , the lead ing letter of the file na me sh ould not b e a period (.
Command Li ne Interface 4-66 4 The follow ing ex ample sh ows how t o copy the running c onfigurat ion to a startup file. The follow ing ex ample sh ows how t o downloa d a config uration f ile: This exam ple sho ws how to copy a se cure-site ce rtificate from an T FTP server .
Flash/F ile Commands 4-67 4 delete This com mand de letes a file or image . Syntax delete file name filename - Name of t he configuration file or image name. Defaul t Setting None Command Mod e Privileged Exec Command Usage • If th e file type i s us ed for sys tem startu p, then t his file c a nnot be delete d.
Command Li ne Interface 4-68 4 Command Usage • I f you enter the command dir wit hout an y par ame ters , the sy stem displ ays al l files. • F ile i nfor mation is shown bel ow: Example The follo.
Flash/F ile Commands 4-69 4 boot s ystem This com mand sp ecifi es the file or im age use d to start up the sy stem. Syntax boot sy stem { boot -rom | conf ig | op code }: filenam e The type of file or image to set as a default includes: • boot-rom - B oot ROM.
Command Li ne Interface 4-70 4 Authentication Co mmands Y o u can co nfigure t his swit ch to authen ticate users log ging into the syste m for man agement access us ing loca l or remot e authen ticatio n method s. Y o u can also enable po rt-bas ed authe ntication f or networ k client ac cess u sing IEEE 802.
Authenticati on Commands 4-71 4 • RADIUS and TACACS+ logon authentication assigns a specific privile g e level for eac h us er name and passwor d pai r. T he user n ame, pa sswor d, and privile ge level mu st be conf igured on t he authen ticatio n server .
Command Li ne Interface 4-72 4 authent ication is attempt ed on the TACACS + server . If the TACA CS+ s erver is not av ailable, th e local user name and passw ord is check ed.
Authenticati on Commands 4-73 4 radi us-serve r port This com mand s ets the RA DIUS se rver netw ork por t. Use the no for m to re stor e the defaul t. Syntax radius-serv er port p ort_nu mber no radius-server port port_number - RA DIUS server U DP port used f or authentication messages.
Command Li ne Interface 4-74 4 radius- server r etransmi t This c omman d se t s t he num ber of ret ries. U se t he no form to rest ore the defa ult. Syntax rad ius-s erve r retran smit numb er_of _retr ies no radius-server retransm it number_of_retries - N umber of times the switch will try to authenticate logon access vi a the RADIUS server .
Authenticati on Commands 4-75 4 Example TACACS+ Client T ermina l Access Controller Acc ess Control Syste m (T ACA CS+) is a logon authent ication protoco l that uses s oftware runni ng on a ce ntral ser ver to control acces s to T ACACS -aw are device s on the network.
Command Li ne Interface 4-76 4 tacac s-server por t This command specifies the T A CACS+ server network port. Use the no form to restor e the defa ult. Syntax t a cacs- serv er port port _numb er no tacacs-serv er port port_number - T ACA CS+ server TCP port used for authentication messages.
Authenticati on Commands 4-77 4 sho w ta cac s-ser ver This com mand di splays the current settings for the T ACA CS+ se rver . Defaul t Setting None Command Mod e Privileged Exec Example Port Security Commands These comman ds can be use d to ena ble port se curity on a po rt.
Command Li ne Interface 4-78 4 port security This com mand en ables or configure s port sec urity . Use the no f orm wi thout any keywor ds to dis able p ort s ecurity . Use the no fo rm wit h the appr opr iate ke yword t o resto re the d e faul t setti n gs for a r esponse to secur ity violat ion or fo r the maximum num ber of allow ed addres ses.
Authenticati on Commands 4-79 4 Example The follow ing ex ample en ables po rt security for port 5, an d sets the respo nse to a secur ity violat ion to issu e a trap mess age: Related Commands shutdow n (4-154) mac -addres s-table static (4-1 66) show m ac-addr ess-table (4 -167) 802.
Command Li ne Interface 4-80 4 authen tication dot1x default This com mand se ts the defau lt authen tication ser ver typ e. Use the no form to restor e the defa ult.
Authenticati on Commands 4-81 4 Command Mod e Globa l Configur ation Example dot1x port-co ntrol This com mand se ts the dot1x m ode on a po rt interfac e.
Command Li ne Interface 4-82 4 dot1x opera tion-mode This command allows single or multiple hosts (clie n t s) to connect to an 802 .1X-a utho ri zed port . Use th e no fo rm with no ke ywo rds to rest ore the de fault to single hos t. Use the no form with the m ulti-host max-count keywor ds to restor e the defaul t ma ximum co u nt.
Authenticati on Commands 4-83 4 Command Mod e Privileged Exec Example dot1x re-au thentication This com mand en ables per iodic re- authenti cation gl obally for al l ports.
Command Li ne Interface 4-84 4 dot1x time out re-authperiod This com mand se ts the tim e perio d after whic h a conne cted clie nt must be re-aut henticat ed. Syntax dot1x t imeout re-authperiod secon ds no dot1x timeou t re-authperiod secon ds - The number of seconds.
Authenticati on Commands 4-85 4 show dot 1x Th is com mand shows gener al port authe ntica tion rel ated sett ings o n the s witc h or a specif ic interfac e. Syntax show dot1x [ statistics ] [ interf ace inte rf ace ] • stati stics - Displ ays do t1x stat us for ea ch por t.
Command Li ne Interface 4-86 4 • Backe nd State Ma chine - St ate – Curr ent state ( includin g request , response , success, fail, ti meout, idle, initialize). - R equest Co unt – Number of EAP Reques t packet s sent to the Supplicant without receiv ing a response.
Access C ontrol List Co mmands 4-87 4 Access Control List Commands Acces s Contr ol Lists (A CL) prov ide packe t filtering for I P frames (bas ed on address , protoc ol, Laye r 4 protocol por t numbe r or TCP cont rol code) or any frame s (based on MAC addres s or Etherne t type).
Command Li ne Interface 4-88 4 The ord er in which ac tive ACLs ar e check ed is as follows : 1. User-defined rules in the Egress MAC ACL for egress port s. 2. User-de fined rul es in the Egre ss IP ACL for egres s ports. 3. User-de fined rul es in the Ingr ess MAC ACL for ingr ess po rts.
Access C ontrol List Co mmands 4-89 4 acce ss-list ip This co mmand adds an I P acce ss list and ent ers con figura tion mo de for standard or extende d IP AC Ls.
Command Li ne Interface 4-90 4 permit , den y (Standard ACL ) This com mand ad ds a rule to a St anda rd IP AC L. The rule se t s a filte r condition f or packets eman ating fro m the spe cified sou rce. Use t he no f orm to remov e a rule. Syntax [ no ] { pe rmit | deny } { any | source bit mask | host sou rce } • any – Any source IP a ddress.
Access C ontrol List Co mmands 4-91 4 permit , den y (Extended ACL) This com mand ad ds a rule to an Ext ended IP ACL. The rule sets a fi lter conditio n for packets with s pecific so urce or de stinati on IP addre sses, pr otocol ty pes, sour ce or destin ation prot ocol ports, or TC P control co des.
Command Li ne Interface 4-92 4 Command Usage • All new ru les are ap pende d to the end o f the list. • Addre ss bitma sks are s imilar to a subn et mask , conta ining fou r integer s from 0 to 25 5, e ach s eparate d by a p eriod. The binary m ask uses 1 b its t o indicat e “matc h” and 0 bits to ind icate “i gnore.
Access C ontrol List Co mmands 4-93 4 Related Commands ac cess -lis t ip (4 -8 9) show ip access-list This com mand di splays the rules fo r configured IP ACLs. Syntax show ip ac cess-l ist { standard | exte nded } [ acl _na me ] • stand ard – Speci fies a stan dard IP ACL.
Command Li ne Interface 4-94 4 Command Usage • A mas k can only be used by all ingr ess ACL s or all egress AC Ls. • The pre ceden ce of the AC L rules appl ied to a packe t is not de termined by orde r of the rules, but instea d by the ord er of the ma sks; i.
Access C ontrol List Co mmands 4-95 4 Command Mod e IP Ma sk Command Usage • Packe ts cross ing a port ar e checked ag ainst a ll the rules in th e ACL unti l a match is foun d. The or der in wh ich these p acket s are ch ecked is determ ined by the ma sk, and no t the order in w hich the AC L rules w ere entered .
Command Li ne Interface 4-96 4 This s hows how to cr eate a standar d ACL with an in gress mask to de ny a ccess t o the IP hos t 171.69 .198.1 02, and per mit acce ss to any ot hers. This show s how to create an ex tended AC L with a n egress m ask to dro p p ack ets leavin g network 171.
Access C ontrol List Co mmands 4-97 4 This is a mo re compr ehensi ve examp le. It denies any TCP packe t s in w hich the SYN bit is O N, and perm its all other packets. It then sets the ing ress ma sk to check the deny r ule first, and finally bind s port 1 to th is ACL.
Command Li ne Interface 4-98 4 Related Commands mas k (I P ACL ) (4 -94 ) ip ac cess-group This com mand bi nds a port to an IP ACL. Use the no f orm to r emove the p ort. Syntax [ no ] ip acces s-group acl_na me { in | out } • acl_nam e – Nam e of the ACL .
Access C ontrol List Co mmands 4-99 4 Related Commands ip a ccess-g rou p (4-9 8) map a ccess -list ip This com mand se ts the output queue for pack ets matching an ACL rul e. The specif ied CoS value is onl y used to map the matc hing packet to an output queue ; it is not writ ten to the pack et itself.
Command Li ne Interface 4-100 4 show ma p access-l ist ip This com mand s hows th e CoS va lue mapped to an IP AC L for the current inte rface. (The Co S value det ermines the outpu t queue f or packets matchi ng an ACL r ule.) Syntax show ma p access- list ip [ interface ] int erfac e • etherne t unit / po rt - unit - Th is is devic e 1.
Access C ontrol List Co mmands 4-101 4 Command Usage • Y ou mus t conf igur e a n ACL ma sk be fore you c an c hange fram e pri ori ties based on an A CL ru le. • Traffic priorities may be include d in the IEEE 802.1p priority tag. This tag is also inc orporated a s part o f the ov erall IEEE 80 2.
Command Li ne Interface 4-102 4 MAC ACLs acce ss-list mac Th is com mand adds a MAC ac cess lis t an d ente rs MA C ACL c onf igur ation mode. Us e the no form to rem ove the sp ecified ACL . Syntax [ no ] a ccess -list m ac acl_nam e acl_name – Name of the ACL.
Access C ontrol List Co mmands 4-103 4 Example Related Commands permi t, deny 4-10 3 mac acce ss -gro up ( 4-108 ) show mac acce ss-li st (4- 104) permit , den y (MAC ACL) This com mand ad ds a rule to a M AC ACL. Th e rule filters packets ma tching a specif ied MAC so urce or destinat ion addr ess (i.
Command Li ne Interface 4-104 4 • dest ination – De stinati on MAC ad dress ra nge with b itmask. • addr ess- bitmas k 25 – Bitmask for M AC addre ss (in hexi decimal format). • vid – VLAN ID . (Range: 1-4095) • vid -bitm ask 25 – VLAN bi tmask.
Access C ontrol List Co mmands 4-105 4 Example Related Commands permi t, deny 4-10 3 mac acce ss -gro up ( 4-108 ) acce ss-list mac mask-pre cedence This com mand ch anges to MAC Ma sk mod e used to co nfigur e access co ntrol mask s. Us e th e no form to de lete th e mask table.
Command Li ne Interface 4-106 4 mask (MAC ACL) This com mand define s a mask for MA C ACLs. This mas k defin es the fi elds to ch eck in the packe t header .
Access C ontrol List Co mmands 4-107 4 Example This exam ple sho ws how to create an Ingress MA C ACL an d bind it to a port. You can th en see that t he order of th e rules ha ve been changed by the mask .
Command Li ne Interface 4-108 4 show ac cess-list m ac mask-prec edence This co mmand shows th e ingres s o r egress rule mask s for MAC ACLs. Syntax show acc ess-list mac mask -preced ence [ in | out ] • in – In gress m ask preced ence for i ngress ACLs .
Access C ontrol List Co mmands 4-109 4 Related Commands show mac acce ss-li st (4- 104) show mac a ccess-g roup This com mand sh ows the por ts assigne d to MA C ACLs. Command Mod e Privileged Exec Example Related Commands mac acce ss -gro up ( 4-108 ) map a ccess -list mac This com mand se ts the output queue for pack ets matching an ACL rul e.
Command Li ne Interface 4-110 4 Example Related Commands queue cos -map (4- 210) show map acce ss-l ist ma c (4-1 1 0) show ma p access-l ist mac Th is comma nd shows t he CoS val ue mapp ed to a MAC AC L for th e curr ent interfa ce. (The Co S value det ermines the outp ut queue f or packets matchi ng an ACL rule.
Access C ontrol List Co mmands 4-111 4 match access-list ma c This com mand ch anges the IEEE 802.1p pri ority of a Layer 2 frame ma tching th e define d ACL rule. (T his featur e is com monly refer red to as ACL packet marki ng.) Us e the no for m to r e move t h e ACL mar k er .
Command Li ne Interface 4-112 4 ACL Information show ac cess-list This co mmand show s all ACLs an d ass ociated rules, as we ll as al l the user-def ined mas ks. Command Mod e Privileged Exec Command Usage Once the ACL is bound to an interface (i.e .
SNMP Commands 4-113 4 SNMP Command s Controls access to this switch from ma n agement s tations using the Simple Netwo rk Man agement Pr otocol (SNM P), as wel l as the err or types sen t to trap ma nagers.
Command Li ne Interface 4-114 4 Command Mod e Globa l Configur ation Example show snmp This com mand ca n be used to chec k the status of S NMP co mmunica tions.
SNMP Commands 4-115 4 snmp- server com munity This com mand de fines the SN MP v1 an d v2c com muni ty acces s string. U se the no form to re move the specif ied com munity s tring.
Command Li ne Interface 4-116 4 Related Commands snm p-ser ver loca tio n (4-1 1 6) snmp- server loc ation This com mand se ts the syst em location string . Use the no form to re move the loca tion stri ng. Syntax snmp -server loc ation te xt no snm p-serve r locati on text - S tring that describes the system location.
SNMP Commands 4-117 4 snmp- server host This com mand sp ecifies t he recipie nt of a Simp le Networ k Manag emen t Protocol notific ation oper ation. Use the no f o rm to re move th e specifi ed host.
Command Li ne Interface 4-118 4 suppo rts. If the sn mp-s erver hos t co mman d does no t specify t he SNM P vers ion, the defau lt is to sen d SNMP ve rsion 1 not ification s. • I f you spe cify an SNM P Ve rsio n 3 host, then t he commun ity st rin g is interpr eted as an SNMP use r name.
SNMP Commands 4-119 4 Related Commands snm p-serve r host (4- 1 17 ) snmp- server eng ine-id This com mand co nfigur es an iden tification s tring for the SNMPv 3 engine.
Command Li ne Interface 4-120 4 snmp- server vie w This command adds an SNMP view which controls user access to the MIB. Use the no for m to remo ve an SNMP view . Syntax snmp -server view view- name oi d-tree { includ ed | exclude d } no snm p-serve r view view -nam e • vie w-name - Name of an SNMP view.
SNMP Commands 4-121 4 show snmp v iew This c omman d sh ows inf ormati on on the SNMP views. Command Mod e Privileged Exec Example snmp- server group This com mand ad ds an SNM P group, mapping SN MP user s to SNMP vi ews. U se th e no form t o re mo ve an SNMP gro u p.
Command Li ne Interface 4-122 4 Defaul t Setting Defau lt groups: pub lic 26 (rea d only ), pr iv ate 27 (read /write) readv iew - Every obj ect belon ging to the In ternet OID space (1.3.6. 1). writevi ew - Not hi ng is defi ned. Command Mod e Globa l Configur ation Command Usage • A group sets the access pol icy for the assigne d users.
SNMP Commands 4-123 4 sho w snm p gr ou p Four de fault groups ar e provid ed – SNMP v1 read-o nly acce ss and read /writ e acces s, and SN MPv2 c read-o nly acces s and read /write acc ess.
Command Li ne Interface 4-124 4 snmp- server use r Th is com mand adds a use r to an SNMP grou p, r estr ict ing t he us er t o a s pec ific SNMP R ead and a Writ e Vi ew .
SNMP Commands 4-125 4 Example show snmp u ser This c omman d sh ows inf ormati on on SNMP user s. Command Mod e Privileged Exec Example snmp ip filter This com mand se ts the IP addres ses of clients that are al lowed m anageme nt acces s to the swi tch via SN MP .
Command Li ne Interface 4-126 4 Command Usage • You can create a l ist of up to 16 IP addresse s or IP ad dress gr oups that ar e allowe d acces s to the swit ch via SNM P mana gement sof tware. • A ddr ess bi tma sks are si mi lar to a su bnet ma sk, co ntai ning four decim al intege rs from 0 to 255 , each separat ed by a period .
DHCP Co mmands 4-127 4 ip dhc p client-iden tifier This com mand sp ecifies t he DCH P clie nt identifier for the cur rent interface . Use th e no form to re move this id entifier . Syntax i p dhc p clie nt-i dent ifie r { text text | hex hex } no ip dhcp client-identifier • te xt - A text st ring.
Command Li ne Interface 4-128 4 Example In the fo llowing ex ample , the device is reassi gned the same add ress. Related Commands ip a ddres s (4-2 36) DHCP Relay ip dhc p restart rel a y This command e nables DHCP relay for the s pecified VL A N. Use the no form to disabl e it.
DHCP Co mmands 4-129 4 Example In the fo llowing ex ample , the device is reassi gned the same add ress. Related Commands ip dhcp re lay serv er (4-12 9) ip dhc p relay server This com mand sp ecifi es the addr esses of DHCP se rvers to be used by th e switch’s DHCP relay age nt.
Command Li ne Interface 4-130 4 DHCP Server servic e dhcp This command e nables the DHCP ser ver on this s witch. Use the no form to disa ble the DHCP serv er .
DHCP Co mmands 4-131 4 Example ip dhc p excluded-addre ss This com mand sp ecifies I P address es tha t the DHC P ser ver should not ass ign to DHCP client s .
Command Li ne Interface 4-132 4 host com mand m ust fall wi thin the rang e of a con figured ne twork address pool. Example Related Commands net work (4 -132) host (4 -137) network This command c o nfi g ures th e subne t number an d mask for a DHCP address po ol.
DHCP Co mmands 4-133 4 defaul t-router This command s pecifies d efault ro uters for a DHCP pool. Us e the no form to remov e the de fault router s. Syntax defa ult-ro u ter ad dress 1 [ addr ess2 ] no default-route r • addr ess1 - Specif ies the IP ad dress of the primary r outer.
Command Li ne Interface 4-134 4 dns-se rver This command specifies the Domain Name System (DNS) IP servers availabl e to a DHCP client. Us e the no for m to remove t he DNS server lis t. Syntax dns-ser ver add ress1 [ a ddres s2 ] no dns-ser ver • addr ess1 - Specif ies the IP ad dress of the primary D NS ser ver.
DHCP Co mmands 4-135 4 bootfile This com mand s pecifies the nam e of the def ault boot image for a DH CP cli ent. T his file should placed on t he T rivial File T ransfer Protocol (TFTP) server spe cif ied with the next-server com mand. Use the no fo rm to dele te the boot im age name .
Command Li ne Interface 4-136 4 Related Commands netb ios-node- type ( 4-136) netbio s-node-type This command c onfigures the NetBIOS node typ e fo r Microsof t DHCP client s .
DHCP Co mmands 4-137 4 Defaul t Setting On e day Command Mod es DHCP Pool Configuration Example The follow ing ex ample lea ses an ad dress to clie nts using this poo l for 7 day s. host Use th is com mand to specify t he IP a ddress a nd netw ork ma sk to ma nually bi nd to a DHCP client.
Command Li ne Interface 4-138 4 •T h e no hos t c o mmand on ly clears t he address f rom the DHCP server data base. It doe s not canc el the IP a ddress cu rrently in use by the host. Example Related Commands clien t-ident ifier (4-138) hardw are-add ress (4-139 ) clien t-identifier This command specifies the client identifie r of a DHCP client.
DHCP Co mmands 4-139 4 hardware-a ddress This command s pecifies th e hardware address of a DHCP c lient. This command is valid for manual bindings on ly .
Command Li ne Interface 4-140 4 Usage Guidelines •A n addr ess speci fies the cli ent’s IP address . If an aste risk (*) is use d as the address parameter, t h e DHCP server clears all auto matic bindin gs. •U s e t h e no host comma nd t o de lete a manu al bi nding .
DNS Co mmands 4-141 4 DNS Commands Th ese comma nds are us ed to co nfi gure Do mai n Nam ing Sy stem (D NS) servi ces. Y ou ca n manual ly co nfigu re ent ri es in t he DNS domai n na me to IP addr ess ma ppin g table, conf igure defa ult dom ain nam es, or spe cify one or m ore nam e server s to use for d o main n a me to a ddress transl a tion .
Command Li ne Interface 4-142 4 Command Usage Serve rs or other ne twork dev ices ma y suppo rt one or mor e connect ions via mult iple IP addr esses. If m ore than one IP address is asso ciated wit h.
DNS Co mmands 4-143 4 Defaul t Setting None Command Mod e Globa l Configur ation Example Related Commands i p do main- list (4 -143) ip name -server (4-144) i p do main- lookup (4- 145) ip dom ain-list This com mand de fines a lis t of domai n names t hat can be append ed to inco mplete host nam es (i.
Command Li ne Interface 4-144 4 Example This exam ple add s two do main name s to the cu rrent list and then di splays the list. Related Commands i p do main- name (4- 142) ip nam e-server This com mand speci fies the address of one or more d omain n ame servers to use for nam e-to-addr ess reso lution.
DNS Co mmands 4-145 4 Example Th is exam ple ad ds two dom ai n-n ame ser ver s to the l ist and then di spl ays th e list. Related Commands i p do main- name (4 -14 2) i p do main- lookup (4- 145) ip dom ain-lookup This com mand en ables D NS host name-to- address translat ion.
Command Li ne Interface 4-146 4 Example This e xamp le ena bles DN S and the n disp lays th e con figur ation. Related Commands i p do main- name (4- 142) ip name -server (4-144) show hos ts This com mand di splays the static hos t name-t o-addre ss mappi ng table.
DNS Co mmands 4-147 4 show dns This com mand di splays the config uratio n of the DNS se rver . Command Mod e Privileged Exec Example show dns cache This com mand di splays entries in the DNS ca che. Command Mod e Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
Command Li ne Interface 4-148 4 clear dns cac he This com mand cl ears all en tries in the DN S cac he. Command Mod e Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG TYP.
Interface Co mmands 4-149 4 Interface Comm ands Th ese comma nds are us ed to di splay or se t com muni cati on p arame ters for an Etherne t port, aggre gated link, or VL AN. interfac e This com mand co nfigur es an in terface type and ente r interface configu ration mo de.
Command Li ne Interface 4-150 4 Command Mod e Globa l Configur ation Example T o spec ify p ort 4, enter t he following comman d: desc r iption This com mand ad ds a descripti on to an inte rface.
Interface Co mmands 4-151 4 Defaul t Setting • Auto-ne gotiati on is enab led by def ault. • When auto-ne gotiation i s disabled , the def ault speed- duplex setting is 1000ful l for Gigab it Ethernet por ts.
Command Li ne Interface 4-152 4 • If a u tonegotia tion is disabled , au t o-MDI/MDI-X pin s ignal configuratio n will also be di sabled for the RJ- 45 ports .
Interface Co mmands 4-153 4 Example The fol lowing e xample c onfigu res Ethe rnet po rt 5 capabilities to 100ha lf, 100f ull and fl ow cont rol. Related Commands negoti ation (4-1 51) speed -duple x (4-150) flo wco ntro l (4 -153 ) flowcontrol This com mand en ables flow control .
Command Li ne Interface 4-154 4 Example The follow ing ex ample en ables flo w control on p ort 5. Related Commands negoti ation (4-1 51) cap abiliti e s ( flowcontrol, sy mmetric) (4-152) media -type Th is comma nd forc es th e por t type select ed fo r combi nati on po rts 8 - 12.
Interface Co mmands 4-155 4 Defaul t Setting All interface s are en abled. Command Mod e Inter face Conf iguration (E thernet , Port Ch annel) Command Usage This com mand al lows you t o disable a por t due to ab normal beh avior (e.g. , exces sive coll isions), and then reen able it after the pr oblem ha s been reso lved.
Command Li ne Interface 4-156 4 Example Th e fol lowi ng sho ws ho w to conf igur e broa dcast st orm c ontrol at 6 00 p acket s pe r secon d: clear coun ters This com mand cl ears statistic s on an inte rface. Syntax clea r count ers in terf ac e int erfac e • etherne t unit / po rt - unit - Th is is devic e 1.
Interface Co mmands 4-157 4 show inte rfaces st atus This com mand di splays the status for an i nterface . Syntax show interf aces status [ in te rfa ce ] int erfac e • etherne t unit / po rt - unit - Th is is devic e 1.
Command Li ne Interface 4-158 4 show inte rfaces counte rs This c omman d di splays inte rface stati stics. Syntax show inter faces counte rs [ interface ] int erfac e • etherne t unit / po rt - unit - Th is is devic e 1. - port - Port number . • port-ch annel c hanne l-id (Range: 1-6 ) Defaul t Setting Shows t he coun ters for all inter faces.
Interface Co mmands 4-159 4 show inte rfaces swi tchport This com mand di splays the adm inistrat ive and op erationa l status of th e specifie d in ter fa ces . Syntax show interf aces switchpo rt [ interface ] int erfac e • etherne t unit / po rt - unit - Th is is devic e 1.
Command Li ne Interface 4-160 4 Mirror Port Comm ands This sect ion des cribes ho w to mirro r traffic from a so urce por t to a target port. port mon itor This c omman d co nfigur es a m irror sess ion.
Mirror Por t Commands 4-161 4 Command Usage • You can mirror t raffic from an y sour ce port to a de stinat ion port for r eal-time analysi s. You can then attac h a logic an alyzer or RM ON p robe to the dest ination p ort and s tudy the t raffic c rossing t he sou rce port i n a comp letely unobt rusive m anner.
Command Li ne Interface 4-162 4 Example The follow ing sh ows mirror ing conf igured fr om port 6 to por t 1 1: Rate Limit Comm ands This fun ction allow s the netw ork ma nager to c ontrol the m aximum rate for traffic transm itted or rec eived on an interfa ce.
Link Aggre gation Commands 4-163 4 Example Link Aggregation Commands Ports can be s t atica lly groupe d into an aggregat e link (i.e., trunk) to incr ease the bandwi dth of a netw ork conne ction or to ensure fa ult recove ry .
Command Li ne Interface 4-164 4 chann el-group This com mand a dds a po rt to a trunk . Use the no form to rem ove a po rt from a tr unk. Syntax channe l-group c hannel-i d no chann el-group channel-id - T ru nk index (Range: 1-6) Defaul t Setting The current port will be added to this trunk.
Link Aggre gation Commands 4-165 4 • If the target swi tch has also ena bled LAC P on th e conn ected ports, t he trunk will be activated automat ically.
Command Li ne Interface 4-166 4 Address Table Commands Th ese comma nds are us ed to co nfi gure t he ad dress ta ble fo r f ilte ri n g spec ified add resse s, dis playi ng curr ent en tri es, cle arin g the t abl e, or s ett ing th e aging t ime . mac-a ddress-table stati c This com mand m aps a static address to a destina tion port in a VLAN.
Address T able Co mmands 4-167 4 Command Usage The static add ress for a host de vice can be assigned to a specifi c port within a specif ic VLAN. Use this comm and to add st a tic addr esses to the MAC Addre ss T able.
Command Li ne Interface 4-168 4 Defaul t Setting None Command Mod e Privileged Exec Command Usage • The M AC Addre ss Table co ntains the MAC add ress es associ ated with ea ch interfa ce.
Spanni ng T ree Co mmands 4-169 4 Example show ma c-address-tab le aging-time Th is comma nd shows t he ag ing tim e for entr ies i n the ad dres s ta ble.
Command Li ne Interface 4-170 4 spa nni ng- tree This com mand enables the S pann ing T ree Alg orithm g lobally for the swi tch. Us e the no form to disabl e it.
Spanni ng T ree Co mmands 4-171 4 Example This exam ple sho ws how to enable the Sp an ning T ree Algo rithm for the switch: spann ing-tree mode This com mand se lects the s p anni ng tree mod e for this sw itch. Use t he no form to restor e the defa ult.
Command Li ne Interface 4-172 4 • Multip le Span ning T ree Protocol - To a llow mu ltiple sp anning tre es to oper ate over the networ k, you m ust config ure a relat ed set of bri dges wit h the sam e MSTP conf igurati on, allowi ng the m to participa te in a s pecif ic set of span ning tree i nstanc es.
Spanni ng T ree Co mmands 4-173 4 spann ing-tree he llo-time This com mand co nfigur es the spannin g tree bridg e hello tim e global ly for this swit ch. Us e the no form to rest ore the d efault. Syntax sp a nning-tree hello-time ti me no spanning-tree he llo-time time - T ime in seconds.
Command Li ne Interface 4-174 4 config uration m essage ) become s the desi gnated port for the att ach ed LAN. If it is a root por t, a new root po rt is selec ted from am ong the device por ts attached t o the netwo rk. Example spann ing-tree priority This c omman d co nfigures the spanning tree priority globa lly for this switch.
Spanni ng T ree Co mmands 4-175 4 Defaul t Setting Long m ethod Command Mod e Globa l Configur ation Command Usage The path co st method is used to de termine th e best path betwee n devi ces. There fore, l ower val ues should be assi gned to ports at tached t o faster media , and higher values ass igned to ports w ith sl ower media.
Command Li ne Interface 4-176 4 Command Mod e Globa l Configur ation Example Related Commands mst vlan (4- 176) mst prio rit y (4-1 77) na me (4 -17 7) revi sion ( 4-17 8) max- h op s (4-179) mst vlan Th is com mand ad ds VLA Ns to a s pan ning tr ee i ns tanc e.
Spanni ng T ree Co mmands 4-177 4 Example mst priority This c omman d co nfigures the priorit y of a spannin g tree instanc e. Use the no for m to rest ore the defa ult. Syntax mst instance_id prio ri ty priority no mst instanc e_id prio rit y • instan ce_id - In stance identifier of the spann ing tree .
Command Li ne Interface 4-178 4 Defaul t Setting Switch’s MAC address Command Mod e MST Con figuratio n Command Usage The MS T region na me and re vision num ber (page 4-178 ) are used to designa te a un ique MST region. A br idge (i.e., spann ing-tree complia nt devic e suc h as th is sw itc h) can only be long to one MST regi on.
Spanni ng T ree Co mmands 4-179 4 max-h ops This com mand co nfigur es the ma ximum nu mber of hops in the region before a BPDU is dis carded. U se t he no form to re store the de fault. Syntax max- hop s ho p-numb er hop-number - Maximum hop number for m ultiple sp a nning tree.
Command Li ne Interface 4-180 4 spa nni ng- tree cos t This com mand co nfigur es the spanning tree path co st for the sp ecified int erface . Us e the no form to rest ore the d efault. Syntax sp a nning-tree cos t cost no spanning-tr ee cost cost - The path cost for the port.
Spanni ng T ree Co mmands 4-181 4 Defaul t Setting 128 Command Mod e Inter face Conf iguration (E thernet , Port Ch annel) Command Usage • This com mand de fines the pr iority for th e use of a port in t he Span ning Tree Alg orith m.
Command Li ne Interface 4-182 4 Example Related Commands spanning- tree p ortfast ( 4-182) spann ing-tree portfast This command s e t s an interface to fast forwardin g .
Spanni ng T ree Co mmands 4-183 4 spann ing-tree li nk-type This c omman d co nfigures the link t ype f or Ra pid S panni ng Tree and Mult iple S panning T r ee.
Command Li ne Interface 4-184 4 Defaul t Setting • Etherne t – half dupl ex: 2,0 00,000; fu ll duplex: 1, 000,00 0; trunk: 5 00,000 • Fast Eth ernet – half dup lex: 200 ,000; full duplex: 100,.
Spanni ng T ree Co mmands 4-185 4 interf a ce with the highest prio rity (t hat is, lowest v alue) will be c onfig ured as an activ e link in the sp annin g tree. • Where m ore tha n one inte rface is ass igned the hi ghes t priority, the i nterface with lowes t numeri c id e ntif ier will b e enabled.
Command Li ne Interface 4-186 4 show sp anning-tree This c omman d sh ows the con figuratio n for the c ommon spanning tree (CST) or for an inst a nce within the multiple sp anning tree (MST). Syntax show s p anning- tree [ interface | mst instance _id ] • in ter fa ce • etherne t unit / po rt - unit - Th is is devic e 1.
Spanni ng T ree Co mmands 4-187 4 Example Console#show spanning-t ree Spanning-tree informati on ----------------------- ---------------------------------------- Spanning tree mode :MSTP Spanning tree enable/d isable :enable Instance :0 Vlans configuration :1-4094 Priority :32768 Bridge Hello Time (sec .
Command Li ne Interface 4-188 4 show sp anning-tree ms t configuration This c omman d sh ows t he con figura tion of the multiple spanning tree . Command Mod e Privileged Exec Example VLAN Commands A VLAN is a gro up of ports that ca n be locat ed anyw here in the ne twork, but com munica te as though they be long to the s ame phys ical seg ment.
VLAN Commands 4-189 4 Editing VLAN Groups vlan data base This com mand en ters VLAN da tabase mo de. All comm ands in this m ode will take effect im mediat ely . Defaul t Setting None Command Mod e Globa l Configur ation Command Usage • Use t he V LAN da tabase comm and mo de t o add, change , an d dele te VLANs .
Command Li ne Interface 4-190 4 vla n This co mmand conf igures a VLAN . Use t he no form to restore the def ault settin gs or de lete a V LAN . Syntax vlan vl an-id [ na me vlan-n ame ] media et herne t [ state { acti ve | suspen d }] no vlan vl an-id [ nam e | st at e ] • vlan -id - ID of config ured VLAN.
VLAN Commands 4-191 4 Configur ing VLAN Interfa ces interf ace v lan This com mand en ters interfac e conf iguration m ode for VLAN s, which is use d to config ure VLA N paramete rs for a physic al interf ace. Syntax inte rface vl an vlan -id vlan-id - ID of the configured VLAN.
Command Li ne Interface 4-192 4 swi tchport mode This com mand co nfigures the VLAN m ember ship mode for a port. Us e the no form to rest ore the defa ult. Syntax switchport mo de { trunk | hybr id } no switchport m ode • trunk - Spe cifies a port as an end -point for a VLAN trunk.
VLAN Commands 4-193 4 Command Mod e Inter face Conf iguration (E thernet , Port Ch annel) Command Usage When set to recei ve all frame types, an y received f rames that are untagge d are as signed to th e default VLA N.
Command Li ne Interface 4-194 4 Example The follow ing ex ample sh ows how t o set the inter face to port 1 and then enable ingres s filterin g: swi tchport native v lan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to re store the d efault .
VLAN Commands 4-195 4 swit chport allo wed vlan This c omman d co nfigures VLAN grou ps on the se lected interfac e. Us e the no form to rest ore the defa ult. Syntax swit chport al lowed vlan { add vlan-list [ tagged | untagged ] | rem ove vlan -list } no switchp ort al lowed vla n • add vlan- li st - List of V LAN i dent ifi ers to add.
Command Li ne Interface 4-196 4 swit chport forbid den vlan This c omman d co nfigures forbidd en V LANs. U se th e no form to remove the list of forbidde n VLAN s. Syntax switchport forbidde n vlan { add vl an-li st | re move vlan-li st } no swit chport fo rbidd en vlan • add vlan- li st - List of V LAN i dent ifi ers to add.
VLAN Commands 4-197 4 Display ing VLAN Information show vlan This c omman d sh ows V LAN i nformati on. Syntax show vlan [ id vlan- id | name vlan-n ame ] • id - Key word to be fol lowed by the VLAN ID. vlan -id - ID of the con figured V LAN. (R ange: 1-4094, no lead ing zeroe s) • name - Key word to be foll owed by the VLAN na me.
Command Li ne Interface 4-198 4 Configur ing Private VLANs Private VLA Ns prov ide port -based s ecurity an d isolation betwee n ports within th e assigne d VLA N. Th is sec tion describes com mands use d to c onfigu re priva te V lANs. pvlan This com mand en ables or configur es a priva te VLAN.
VLAN Commands 4-199 4 show pv lan This com mand disp lays the configure d private VL AN. Command Mod e Privileged Exec Example Configur ing Protocol-base d VLANs The n etwork d evices requ ired to suppor t multi ple pro tocols c annot b e easi ly group ed into a common VLAN.
Command Li ne Interface 4-200 4 protocol -vlan protocol-group ( Configuri ng Group s) Th is comman d create s a prot ocol group , o r to ad d spec ific pr otoc ols to a gr oup.
VLAN Commands 4-201 4 Command Usage • When creating a p rotocol- based VLAN , only ass ign interfa ces via this com mand. If you as sign in terfaces u sing any of the other VL AN com mands (such as vlan on page 4-190) , these inte rfaces will a dmit traffic of any p roto co l ty pe in to the as soci ated VL AN.
Command Li ne Interface 4-202 4 show inte rfaces protoco l-vlan protocol -group This com mand sh ows the mappin g from proto col groups t o VLANs for t he selec ted in ter fa ces . Syntax show interf aces protocol- vlan protocol-gr oup [ interf ace ] int erfac e • etherne t unit / po rt - unit - Th is is devic e 1.
GVRP and Bridge Ex tension Co mmands 4-203 4 GVRP and Bridg e Extension Com mands GARP VL AN Reg istration Protoco l defines a wa y for sw itches to ex change VLA N inform ation in or der to automa tically register VLAN memb ers on inter faces ac ross the ne twork.
Command Li ne Interface 4-204 4 show bridg e-ext Th is com mand shows the conf igur ation for b ridg e exte nsio n co mmands. Defaul t Setting None Command Mod e Privileged Exec Command Usage Se e “.
GVRP and Bridge Ex tension Co mmands 4-205 4 show gv r p configura tion This c omman d sh ows i f GV RP is enabl ed. Syntax show g vrp conf iguration [ interface ] int erfac e • etherne t unit / po rt - unit - Th is is devic e 1. - port - Port number.
Command Li ne Interface 4-206 4 Command Usage • Group Addres s Reg istration Protoc ol is u sed by GVR P a nd GM RP to regis ter or deregi ster cli ent attr ibute s fo r cl ient se rvic es w it hin a b ridg ed LAN . The defaul t values fo r the GARP timers ar e indepe ndent of the media ac cess metho d or data ra te.
Priority Co mmands 4-207 4 Related Commands garp timer (4 -205) Priority Comma nds The com mands describ ed in this se ction all ow you to sp ecify whi ch data packets have gr eater prec edenc e when t raffi c is buffered in the switc h due to con gestio n.
Command Li ne Interface 4-208 4 queue mode This com mand se ts the queue mode to st rict priority or Weighted R ound-R obin (WR R) for the clas s of se rvic e (CoS) prio rit y que ues.
Priority Co mmands 4-209 4 switchpo r t priority def ault This com mand se ts a priority for inc oming u ntagged fra mes. Us e the no form to restor e the defa ult value . Syntax switchport priority default default -priority -id no switchport pr iority default default-priority-id - The priority number f or untagged ingress t raf f ic.
Command Li ne Interface 4-210 4 queue bandwidth Th is com mand assi gns weig hted r ound-r obin (WRR ) we ight s to the ei ght c lass o f serv ice (CoS) prior ity queues . Use the no form to res tore the def ault weig hts. Syntax queue ba ndwid th weight1.
Priority Co mmands 4-211 4 Defaul t Setting This sw itch suppo rts Class of Servi ce by using eig ht priority que ues, wit h Weighted Round Robi n queuin g for each port. Eight se parate traffic class es are d efined i n IEEE 80 2.1p. T he defau lt priori ty level s are as signed accordi ng to recom menda tions in the IE EE 802.
Command Li ne Interface 4-212 4 Example show que ue bandwi dth This command d isplays th e weighted r o und- robin (WRR) bandwid th allocati o n for the eigh t priority queu es. Defaul t Setting None Command Mod e Privileged Exec Example show que ue cos-map Th is comma nd shows th e class of se rvice pr iorit y map.
Priority Co mmands 4-213 4 Example Prior ity Commands ( Layer 3 and 4) map i p port (Globa l Configura tion) Use th is command to e nable IP port mapping (i.e ., class of s e rvi c e mappin g fo r TCP/UDP soc kets). U se the no fo rm to d isabl e IP port mappin g.
Command Li ne Interface 4-214 4 Example The follow ing ex ample show s how to en able TC P/UDP port mappin g globally: map i p port (Interfac e Confi guration) This command s e t s IP port prior ity (i.e., T CP/UDP port pri o rity ). Use the no form to remove a s pecific setti ng.
Priority Co mmands 4-215 4 Command Usage • The pre ceden ce for priorit y mappi ng is IP Port, I P Preceden ce or IP DS CP, and def ault switch port prio rity. • IP Prece dence and IP D SCP cann ot both be enab led. Enabl ing one of these prior ity typ es will aut o matica lly disable the other ty p e.
Command Li ne Interface 4-216 4 map i p dscp (Globa l Configurat ion) This com mand en ables IP DSCP mapp ing (i.e., D if fe rentiated Se rvices Code Point map ping).
Priority Co mmands 4-217 4 Defaul t Setting Th e D SC P def ault val ue s are def ine d in the f ollo win g tabl e. Not e that al l the DSCP values that are n ot spec ified a re ma pped to C oS va lue 0.
Command Li ne Interface 4-218 4 Defaul t Setting None Command Mod e Privileged Exec Example The follow ing sh ows that HTT P traffic has be en ma pped to CoS va lue 0: Related Commands map ip p ort (G.
Priority Co mmands 4-219 4 Example Related Commands map ip prec edenc e (Global C onfigu ration) ( 4-214) map ip prec edenc e (Interface Confi guration ) (4-215 ) show ma p ip dscp This com mand sh ows the IP DSCP priority map. Syntax show map ip dscp [ interf ace ] int erfac e • etherne t unit / po rt - unit - Th is is devic e 1.
Command Li ne Interface 4-220 4 Example Related Commands map ip ds cp (Globa l Configur ation) (4-21 6) map ip d scp (Int erfa ce C onfi gura tion ) (4- 216 ) Multicast Filteri ng Commands This sw itch uses IG MP (Interne t Grou p Manage ment Prot ocol) to que ry for any attached hosts th at wa nt to re ceive a spe cific m ulticas t serv ice.
Multic ast Filtering Commands 4-221 4 IGMP Snooping Commands ip igm p snooping This com mand enables IGM P snoo ping on thi s swit ch. Use t he no form to di sabl e it. Syntax [ no ] ip igm p snooping Defaul t Setting Enabled Command Mod e Globa l Configur ation Example The follow ing ex ample en ables IG MP snoopi ng.
Command Li ne Interface 4-222 4 Command Mod e Globa l Configur ation Example The follow ing sh ows how to statically co nfigure a m ulticas t group on a por t: ip igm p snooping versio n This c omman d co nfigures the I GMP snoopi ng ver sion. U se th e no form to re store the defa ult.
Multic ast Filtering Commands 4-223 4 Command Usage See “C onfigurin g IGMP Snoopin g and Query Pa ramet ers” on page 3-154 for a descr iption of th e displa yed items . Example The fo llowin g show s the curre nt IGM P s nooping configu ration: show ma c-address-tab le multicast This com mand sh ows know n mul ticast ad dresses .
Command Li ne Interface 4-224 4 IGMP Query Commands (Layer 2) ip igm p snooping qu erier This co mmand enab les th e switc h as an IGM P quer ier . Use the no form to disable it.
Multic ast Filtering Commands 4-225 4 Defaul t Setting 2 times Command Mod e Globa l Configur ation Command Usage The q uery c ount defines how long the q uerier waits for a res ponse from a mult icast cl ient bef ore taking act ion.
Command Li ne Interface 4-226 4 ip igm p snooping qu ery-max- r espo nse-time This c omman d co nfigures the query repor t dela y . U se t he no form to rest ore the defaul t. Syntax ip igmp snoop ing query- max-res ponse-tim e se conds no ip igmp snoo ping query-max- response-t ime seconds - The report delay a dvertised in IGM P queries.
Multic ast Filtering Commands 4-227 4 Defaul t Setting 300 sec onds Command Mod e Globa l Configur ation Command Usage The switch must use I G MPv 2 for th i s co mma nd to tak e effe ct.
Command Li ne Interface 4-228 4 Command Usage Depend ing on your network connec tions, IGMP snoopi ng may not always be able to loca te the IGMP queri er .
Multic ast Filtering Commands 4-229 4 IGM P Co mma nds (Layer 3) ip igm p This com mand en ables IGM P on a VLA N interfac e. Use the no fo rm o f th is com mand to dis able IGMP on the spe cified inter face.
Command Li ne Interface 4-230 4 Related Commands i p igm p sn oopi ng ( 4-22 1) show ip igmp sno oping (4 -222) ip igm p robustval This c omman d sp ecifies the robust ness (i.e., expec ted pack et los s) fo r this i nter face . Use the no for m of this c o mmand to restore th e default v a l ue.
Multic ast Filtering Commands 4-231 4 Command Usage • Mult icast router s send ho st query mes sages to determin e the inte rfaces tha t are co nnected to downs tream hos ts reque sting a sp ecific m ulticast se rvice.
Command Li ne Interface 4-232 4 Related Commands ip igm p ver si on (4-2 32 ) ip i gmp query- inter val (4-230) ip igm p last-m emb-query -interval This c omman d co nfigures the last m ember qu ery in terval. U se the no form of this comm and to rest ore th e defa ult .
Multic ast Filtering Commands 4-233 4 Command Mod e Interfa ce Config uration (V LAN) Command Usage • All router s on t he s ubn et must supp ort th e same vers ion. Howe ver , the multic ast hosts on the sub net may supp ort eithe r IGMP ve rsion 1 or 2.
Command Li ne Interface 4-234 4 clear ip igmp group Thi s c omm an d de le te s en tri es f rom th e IGM P cac he. Syntax clear ip ig mp gr oup [ g roup-ad dress | interf ace vlan vlan-id ] • gro up-a ddre ss - IP addres s of the m ulticast gr oup.
Multic ast Filtering Commands 4-235 4 • If th ere are Version 1 ho sts present f o r a p art icular grou p, the swit ch will ig nore any Lea ve Grou p messag es tha t it receives for that group .
Command Li ne Interface 4-236 4 IP Interface Com mands There are no IP addre sses as signed t o this router by defaul t. Y ou mu st manu ally conf igure a new address t o manage the rout er over yo ur networ k or to conn ect the router to exist ing IP sub nets.
IP Interface Co mmands 4-237 4 Defaul t Setting IP a ddress: 0.0.0. 0 Net ma sk : 255 .0 .0 .0 Command Mod e Interfa ce Config uration (V LAN) Command Usage • If this rout er is directly connec ted .
Command Li ne Interface 4-238 4 Example In the follo wing ex ample, the de vice is assig ned an ad dress in VLAN 1. Related Commands ip dhcp re start client (4-127 ) ip defa ult-gateway This command speci f ies the de fault gateway for destinations not found i n the local routing table s.
IP Interface Co mmands 4-239 4 show ip interface This command d isplays th e setti n gs of an IP in terface. Defaul t Setting All interfaces Command Mod e Privileged Exec Example Related Commands sho w ip re di rects (4 -239 ) show ip r edirec ts This com mand sh ows the def ault gate way conf igured fo r this devi ce.
Command Li ne Interface 4-240 4 Defaul t Setting This com mand ha s no defa ult for the hos t. Command Mod e Normal Exec, P rivile ged Exec Command Usage • Use th e ping c omm and to see if anot her si te on th e netwo rk can be rea ched.
IP Interface Co mmands 4-241 4 Address Res olution Protocol ( AR P) ar p This com mand ad ds a static ent ry in the Addr ess Res olution Prot ocol (AR P) cach e.
Command Li ne Interface 4-242 4 arp-time out This com mand se ts the aging tim e for dyn amic entr ies in the Ad dress Reso lution Protoco l (ARP) ca che. Us e the no form to restor e the defaul t. Syntax arp-tim eout se conds no arp-timeo ut seconds - The time a dynamic entry remains in the ARP cache.
IP Interface Co mmands 4-243 4 Command Usage This com mand di splays informati on about the AR P cach e. The first lin e shows the ca che timeo ut. It also sho ws ea ch cache ent ry , includi ng the corres ponding IP addre ss, MAC ad dres s, type (static, dy namic , other), and VLAN interfac e.
Command Li ne Interface 4-244 4 IP Routing Comm ands After you con figure netw ork interfac es for this rout er , you must se t t he paths u sed to send tra f fic betw een differe nt interfac es. If you ena ble rout ing on this device, traffic will au tomatical ly be forwar ded be tween all of the loca l subnetw orks.
IP Routing Co mmands 4-245 4 Command Usage • The com mand a ffects bot h static an d dynami c unica st routing . • If IP routing is enable d, all IP pack ets are rout ed using eit her static rou ting or dynam ic routing via RIP or OS PF, and ot her pack ets for all no n-IP pro tocols (e.
Command Li ne Interface 4-246 4 clear ip rout e Th is com mand remo ves dynami cally lea rned e ntri es fr om t he IP rou ting tabl e. Syntax clear ip route { netwo rk [ ne tmask ] | * } • netwo rk – Netw ork or sub net addr ess. • netma sk - N etwo rk mask for the as sociat ed IP subn et.
IP Routing Co mmands 4-247 4 Example show ip host-route This com mand di splays the interfac e assoc iated wit h known r outes. Command Mod e Privileged Exec Example Cons ole# show ip ro ute Ip Add ress Ne tmas k Next Hop Prot ocol Me tric I nter face ---- ---- ---- --- ---- ---- ---- --- -- ---- ------ --- --- ---- --- -- ---- ----- ---- 0.
Command Li ne Interface 4-248 4 show ip tr affic This com mand disp lays statistic s for IP , IC MP , UDP , TC P and ARP pr otocols. Command Mod e Privileged Exec Command Usage For a des cription of the informa tion sho wn by this co mman d, see “Displ aying S tatistics for IP Protocols ” on page 3 -205.
IP Routing Co mmands 4-249 4 router rip This com mand en ables R outing Info rmation Protocol (RIP) rout ing for all IP i nter face s on th e ro uter .
Command Li ne Interface 4-250 4 Defaul t Setting Up date : 30 sec onds T ime out: 1 80 se conds Garba ge colle ction: 120 second s Command Usage •T h e upd ate time r sets the rate at which up dates are sent. This is the fundam ental timer used to control al l basic RIP pr ocesses .
IP Routing Co mmands 4-251 4 Command Usage • RIP onl y sends up dates to inter faces sp ecified b y this comm and. • Subne t address es are inte rpreted as c lass A, B or C , based on the f irst field in the speci fied add ress . In ot her w ords, i f a sub net a ddre ss nnn.
Command Li ne Interface 4-252 4 ver sion This com mand sp ecifies a R IP versio n used g lobally by th e router . Use th e no form to rest ore the defa ult value.
IP Routing Co mmands 4-253 4 ip rip re ceive version This command specif ie s a RIP versio n to re c eive on an in terface. Use the no form to restor e the defa ult value . Syntax ip rip re ceive ve rsion { none | 1 | 2 | 1 2 } no ip rip receive version • none - Doe s not acce pt incom ing RIP packets.
Command Li ne Interface 4-254 4 ip rip s e nd version This command s pecifies a RIP version to send on an in terface. Use the no for m to restor e the defa ult value . Syntax ip rip send v ersion { non e | 1 | 2 | v2-broadca st } no ip rip send version • none - Do es not tran smit RIP upda tes.
IP Routing Co mmands 4-255 4 ip spl it-horizon This com mand en ables spl it-horizo n or poiso n-reve rse (a var iation) on an i nterface . Us e the no for m to d isable s plit-horiz on. Syntax ip split-horizon [ poiso n-reverse ] no ip split-horizon poison-rev erse - E nabl es po ison-rev erse on the curre nt inte rface.
Command Li ne Interface 4-256 4 • For auth entica tion to fun ction prop erly, bot h the sending and rec eiving inter face must be config ured wit h the sam e passwo rd. Example This exam ple sets an aut henticat ion passwor d of “smal l” to verif y incomin g routing mes sages and t o tag outgoing routing m essag es.
IP Routing Co mmands 4-257 4 show rip g lobals This c omman d di splays globa l conf iguration set tings f or R IP . Command Mod e Privileged Exec Example show ip rip This c omman d di splays inform ation a bout interf aces co nfigur ed fo r RIP .
Command Li ne Interface 4-258 4 Example Conso le#s how i p rip c onfig urat ion Inte rface S endMo de R eceiv eMode P oison Aut hentica tion ----- ---- ----- - ----- ----- ---- - --- ----- ----- - ---- ----- ---- ----- ------- ---- -- 10.1 .0.25 3 rip1 Compa tibl e RIPv 1Orv2 Spl itHor izon noA uthenti cati on 10.
IP Routing Co mmands 4-259 4 Open Shortest Path First (OSP F) T able 4- 85 Ope n Short est Path First Comm ands Comm and Function Mode P age Gener al Con figurati on router osp f Enab les or disable s.
Command Li ne Interface 4-260 4 router os pf This c omman d ena bles Op en Sh ortest Pa th First (OSP F) routing for a ll IP int erfaces on t he ro uter .
IP Routing Co mmands 4-261 4 Command Usage • The rou ter ID mus t be uniqu e for ever y router in the autonom ous syst em. Us in g th e def aul t se tti ng bas ed on the l owest int erf ace add ress e nsure s th at each r outer ID is un ique. A lso, note that you canno t set the router ID to 0.
Command Li ne Interface 4-262 4 defaul t-information originate This com mand ge nerates a defaul t external ro ute into an au tonom ous syste m. Use th e no form to di sable t his fe ature.
IP Routing Co mmands 4-263 4 Related Commands ip route (4-245) redistribute (4-266) timers spf This com mand co nfigur es the hold t ime betw een mak ing two co nsecu tive shortes t path first (SPF) ca lculations . Use the no form to restore the default val ue.
Command Li ne Interface 4-264 4 ar ea ran ge This com mand su mmar izes the route s advert ised by an Area Border R outer (ABR ). Us e the no for m to di sable this function. Syntax [ no ] area ar ea-id range ip-addre ss n etma sk [ adver tise | not- advertise ] • area -id - Ident i fie s an a rea for w hic h th e ro utes are summa rize d.
IP Routing Co mmands 4-265 4 Defaul t Setting 1 Command Usage • If y o u en te r th is command for a nor mal area, it will c hange d to a stub. • If t he default c ost is set to “0 ,” t h e r outer will not adverti s e a default route into the attached stub or NSSA.
Command Li ne Interface 4-266 4 redistribute This com mand i mports extern al routing informa tion from othe r routing do mains (i.e., protoc ols) int o the aut onomou s sy stem.
IP Routing Co mmands 4-267 4 network a r ea This com mand de fines an OSPF area and the inte rfaces tha t operat e within th is area. Use the no for m to disable O SPF fo r a specifi ed interf ace. Syntax [ no ] netwo rk ip-a ddress ne tmask ar ea area- i d • ip-a dd ress - Addres s of the int erfaces to add to the ar ea.
Command Li ne Interface 4-268 4 ar ea stu b This com mand de fines a st ub area. T o remov e a stu b, use the no f orm wi thout the option al keywor d. T o rem ove the su mmar y attribu te, use the no form with the sum mary key word. Syntax [ no ] area area-id stub [ summary ] • area -id - Id e nti fies the stub are a.
IP Routing Co mmands 4-269 4 ar ea nss a This comm and define s a not-so-stubb y area (NSSA ). T o remov e an NSSA, use the no form with out any op tion al key words . T o remo ve an opti onal a ttri bute, us e the no for m with out t he rel eva nt keyw ord.
Command Li ne Interface 4-270 4 Example This exam ple cr eates a stub a rea 10.3. 0.0, an d assigns all interface s with cl ass B addresses 1 0.3.x .x to t h e NSSA. It a lso i nstructs the router to g enerate e xternal LSAs into the NSSA when it is an NSSA ABR or NSSA ASBR.
IP Routing Co mmands 4-271 4 propaga tion delays. LSAs hav e their age inc rement ed by this am ount before transmis sion. Thi s value must be the sam e for all route rs attache d to an auto nomous system .
Command Li ne Interface 4-272 4 Example This exam ple cr eates a virtua l link usi ng the def aults for all option al paramete rs. This exam ple cr eates a virtua l link usi ng MD5 aut henticat ion.
IP Routing Co mmands 4-273 4 Related Commands ip ospf authentication-key (4-273) ip ospf message-diges t- key (4-274) ip osp f authenticati on-key This com mand as sign s a simple pass word to be us ed by ne ighboring router s. Use th e no form t o re mo ve the passwo rd.
Command Li ne Interface 4-274 4 ip osp f message-d igest-key This com mand en able s messag e-diges t (MD5) aut henticat ion on th e specifi ed inter face and to ass ign a ke y-id and key t o be used by ne ighboring routers . Use the no form to remove a n exis ting key .
IP Routing Co mmands 4-275 4 ip osp f cost This com mand ex plicitly s ets the cost of send ing a packet on an interf ace. Use t he no form to restor e the default value. Syntax ip os p f c os t cost no ip osp f cost cost - Link m etric fo r this interfac e.
Command Li ne Interface 4-276 4 Related Commands ip ospf hello-interval (4-276) ip osp f hello-interva l This co mman d spe cifies t he in terval b etwee n sen ding he llo pack ets on an interf ace.
IP Routing Co mmands 4-277 4 Command Usage • Set the priority t o zero to prev ent a ro uter from being elected as a D R or BD R. If set to any value othe r t han zero, the router with the highest priori ty will becom e the DR and the rou ter with the ne xt highe st priorit y become s the BDR .
Command Li ne Interface 4-278 4 ip osp f transmit-delay This comma nd set s the e stimate d time to s en d a link-s tate upda t e pac k et ov e r a n i nter face .
IP Routing Co mmands 4-279 4 show ip ospf border-routers This c omman d sh ows e ntries in the routing table th at lead to an Area Bor der Rou ter (ABR) or Autonom ous System Bo undary Rou ter (ASBR).
Command Li ne Interface 4-280 4 show ip ospf databas e This c omman d sh ows inf ormati on abou t d if ferent OSPF Link S tate Adve rtise ments (LSAs) stored in thi s rout er ’s database .
IP Routing Co mmands 4-281 4 Command Mod e Privileged Exec Examples The follow ing sh ows out put for the show ip ospf dat ab ase c ommand. Cons ole# show ip os pf d atab ase Dis play ing Ro uter Link Stat es(A rea 10 .1.0 .0) Link ID ADV Ro uter Ag e Seq # Che cksu m ---- ---- ---- --- ---- ---- ---- --- -- ---- --- ---- ---- -- ---- ----- 10.
Command Li ne Interface 4-282 4 The follow ing sh ows out put when usi ng the asbr-summary key word. Cons ole# show ip os pf d atab ase asbr -summa ry OSP F Router with id (10.
IP Routing Co mmands 4-283 4 The follow ing sh ows out put when usi ng the dat abase-summa ry keywo rd. Console#show ip ospf database database-su mmary Area ID (10.
Command Li ne Interface 4-284 4 The follow ing sh ows out put when usi ng the ex terna l key word. Cons ole# show ip os pf d atab ase exte rnal OSP F Router with id (192.1 68.5 .1) (Aut onom ous sys tem 5) Di splayi ng A S Ex tern al L ink St ates LS ag e: 433 Opt ions: (N o TOS- capabi lity ) LS Ty pe: AS Ext erna l Link Link Sta te I D: 10.
IP Routing Co mmands 4-285 4 The follow ing sh ows out put when usi ng the net work ke ywo rd. Cons ole# show ip os pf d atab ase netw ork OSP F Router with id (10.
Command Li ne Interface 4-286 4 The follow ing sh ows out put when usi ng the ro uter key word. Cons ole# show ip os pf d atab ase rout er OSP F Router with id (10.
IP Routing Co mmands 4-287 4 The follow ing sh ows out put when usi ng the summary ke yword. Numbe r of TOS metrics T ype of Ser vice me tric – T his rou ter only su pports TOS 0 (o r norm al service) Metrics C ost of the link Cons ole# show ip os pf d atab ase summ ary OSP F Router with id (10.
Command Li ne Interface 4-288 4 show ip ospf interface This co mmand display s summar y informa tion for OSPF interfa ces. Syntax show ip os p f i nterface [ vlan vl an-id ] vlan -id - VLAN ID (Range : 1-4094) Command Mod e Privileged Exec Example Console#show ip ospf in terface vlan 1 Vlan 1 is up Interface Address 10.
IP Routing Co mmands 4-289 4 show ip ospf neighbor This c omman d di splays inform ation a bout neigh boring route rs on each interfa ce wit hin an OSPF ar ea. Syntax show ip ospf neighbor Command Mod e Privileged Exec Example Console#show ip ospf ne ighbor ID Pri State Address --------------- ------ ---------------- --------------- 10.
Command Li ne Interface 4-290 4 show ip ospf summary -address This command dis plays all summary add ress in f o rmat ion. Syntax show ip osp f summary -address Command Mod e Privileged Exec Example This exam ple sho ws a sum mary ad dress and associa ted netw ork ma sk.
Multicast R outing Commands 4-291 4 Multicast Routing Commands This rou ter uses IGM P snoo ping and qu ery to deter mine the ports connec ted to downst ream multica st hosts, and to pr opagate this i.
Command Li ne Interface 4-292 4 Defaul t Setting No static mul ticast rout er ports are con figured. Command Mod e Globa l Configur ation Command Usage Depend ing on your network connec tions, IGMP snoopi ng may not always be able to loca te the IGMP queri er .
Multicast R outing Commands 4-293 4 General Mult icast Routi ng Commands ip mul ticast-routing This com mand enables IP m ulticast rou ting. Use the no form to disa ble IP mu lticast routing.
Command Li ne Interface 4-294 4 Command Mod e Privileged Exec Command Usage This c omman d di splays inform ation f or mu lticast routin g. If n o op tional paramet ers are selec ted, detailed informat ion for eac h entry in th e multicast addre ss table is display ed.
Multicast R outing Commands 4-295 4 This example l ists al l en t ries in th e multi c ast t able in summary form: DVMRP Multicast Routing Commands router dv m rp This com mand ena bles Dis t a nce-V ec tor Multic ast Routing (DVMR P) globally fo r the router and to ent er router co nfigurat ion mode.
Command Li ne Interface 4-296 4 Command Mod e Globa l Configur ation Command Usage This com mand en ables DV MRP glob ally for the rout er and ent ers router config uration m ode.
Multicast R outing Commands 4-297 4 Command Usage Probe me ssages ar e sent to ne ighbor ing DVMRP r outers fro m which t his device ha s rece ived pro bes, and is use d to veri fy whethe r or not these neighbor s are still active members of the multicast tree.
Command Li ne Interface 4-298 4 Command Mod e Ro uter Conf i gura tion Example flash-u pdate-int erval This co mmand speci fies how often to send t rigger u pdates, whi ch reflec t chang es in the netwo rk topol ogy . Use the no form to re store th e default v alue.
Multicast R outing Commands 4-299 4 Example defaul t-gateway This com mand sp ecifies t he default DVMRP gat eway for IP multicas t traffic. Use the no form to re move the d e faul t gateway . Syntax defa ult-ga teway ip-address no default-gatewa y ip-address - IP address of the defaul t DVMRP gateway .
Command Li ne Interface 4-300 4 Defaul t Setting Disabled Command Mod e Interfa ce Config uration (V LAN) Command Usage T o fully en able DVM RP , you ne ed to enable m ulticas t routing glo bally for.
Multicast R outing Commands 4-301 4 Example clear ip dvmrp ro ute This com mand cl ears all dy namic rou tes learne d by DV MRP . Command Mod e Privileged Exec Example As sh own bel ow , this c omma nd cl ears ev erything from the ro ute table e xcept f or the defaul t route.
Command Li ne Interface 4-302 4 Example The defau lt settings are sho wn in the fol lowing e xample: show ip dvmrp route This com mand di splays al l entries in the DV MRP ro uting table.
Multicast R outing Commands 4-303 4 show ip dvmrp neighbo r This com mand di splays all of the DVM RP nei ghbor ro uters. Command Mod e Normal Exec, P rivile g ed Exec Example show ip dvmrp interface This com mand displa ys the DV MRP c onfigu ration f or interfa ces whic h have enabled DVMRP .
Command Li ne Interface 4-304 4 PIM-DM Multicast Routi ng Com mands router pim This com mand en ables Pro tocol-Inde pende nt Multica st - Dense Mode (PI M-DM) global ly for the rout er and to ent er router c onfigu ration mo de. Use th e no form to disabl e PIM-DM m ulticast routing.
Multicast R outing Commands 4-305 4 Example ip pim dense-mode This com mand en ables PI M-DM on the specifie d interface. Use the no form to disabl e PIM-D M on this interfac e.
Command Li ne Interface 4-306 4 ip pim hello-interval This com mand co nfigur es the frequ ency a t which PIM hello mess ages are transm itted. U se the no form to re store the de fault val ue. Syntax ip pim he ll o-i nte rva l secon ds no pim hello-interva l secon ds - Interval between sending PIM hello messages.
Multicast R outing Commands 4-307 4 Example ip pim trigger-hell o-interval This com mand co nfigures the maxi mum time before tra nsmitt ing a trigger ed PIM Hello m essage after the router is rebo oted or PIM is enabled on an interfa ce. Use th e no form to restore the default va lue.
Command Li ne Interface 4-308 4 Defaul t Setting 210 sec onds Command Mod e Interfa ce Config uration (V LAN) Command Usage The mu lticast inte rface that first receive s a multic ast stream from a particu lar sou rce f orw ards t hi s tr af fic t o all other P IM int erfa ces on the r ou ter .
Multicast R outing Commands 4-309 4 ip pim max-graft-retr ies This com mand configu res the maximu m numb er of t imes to r esend a Graft mess age if it has no t been ackn owled ged.
Command Li ne Interface 4-310 4 Example show ip pim neighbor Th is comma nd dis pla ys i nf orm ati on abou t PIM nei ghbo rs. Syntax show ip pim neighb or [ ip-addre ss ] ip-address - IP address of a PI M neighbor . Defaul t Setting Displa ys inform ation for all kno wn PIM nei ghbors .
Router Re dundancy Co mmands 4-311 4 Router Redundancy Commands Route r redund ancy prot ocols us e a virtual IP addres s to suppor t a primary r outer and mu ltiple backu p router s. The backup routers can be co nfigur ed to take over the wo rkl oad if the master route r fa ils, o r can also be conf igur ed to share the t raf fic l oad.
Command Li ne Interface 4-312 4 vrrp ip This com mand en ables th e Vi r tual Rou ter Redun dancy Protoco l (VRRP) on an inter face and sp ecify the I P address of the virtu al router . Us e the no form to d isable VRRP on an interf ace and remo ve the IP address from the vir tual rout er .
Router Re dundancy Co mmands 4-313 4 vrrp auth entication This com mand sp ecifies t he key u sed to authen ticat e VRRP packets rece ived from othe r routers. U se the no f orm t o prevent authenti cation. Syntax vrrp group auth enti cati on key no vr rp gr oup auth enticati on • grou p - Identifies t he virtual ro uter gro up.
Command Li ne Interface 4-314 4 Command Usage • A router that has a p hysical interface w ith the sa me IP addr ess as tha t used for t h e v irtual router will be c ome the master v irtual router. The back u p router with the highest priority wi ll become the master router if th e current m aster fails.
Router Re dundancy Co mmands 4-315 4 • VRRP adverti sement s are sent to the multic ast addre ss 224 .0.0.8. Us ing a mult icast addr ess reduc es the a mount of tra ffic that has to proces sed by netwo rk devices that are no t part of the de signated VR RP gro up.
Command Li ne Interface 4-316 4 Related Commands vrrp prio rity (4-313) show vrrp This com mand di splays status inform ation for VRRP . Syntax show v rrp [ brief | gr oup ] • brief - Displ ays sum ma ry info rmation for all V RRP gr oups on this route r .
Router Re dundancy Co mmands 4-317 4 This exam ple di splays the brief listing of status infor mation f or all groups. T ab le 4-10 9 show vrrp - display de scrip tion Field De scripti on State VR RP .
Command Li ne Interface 4-318 4 show vrrp interfa ce This com mand di splays status inform ation for th e specifie d VRRP inter face. Syntax show vrrp inte rface vlan vl an-id [ br ief ] • vlan -id - Identifier of configure d VLAN in terface. (Ra nge: 1 -4094) • brief - Displ ays sum ma ry info rmation for all V RRP gr oups on this route r .
Router Re dundancy Co mmands 4-319 4 show vrrp interfa ce counters This com mand di splays counters fo r VRRP pro tocol e vents and errors t hat have occur red for the s peci fied gr oup a nd inter face. show v rrp grou p i nter face vl an int er fac e co unters • grou p - Identifies a VRR P group .
Command Li ne Interface 4-320 4 Defaults None Command Mod e Privileged Exec Example Hot Standby Router Protocol Commands T o configure HSRP , add the interf a ce for each router t h at will parti c ip ate in the virtual router group, se t the priorities , and conf igure an authent ication string.
Router Re dundancy Co mmands 4-321 4 standb y ip This com mand en ables th e Hot S tandby Rou ter Protoc ol (HSR P) on an interf ace and s pecify t he IP address of the virtual r outer . Us e the no form to disabl e HSR P on an inter face and remove the IP addr ess for the v irtual rout er .
Command Li ne Interface 4-322 4 Example This exam ple cr eates HSR P group 1 f or VLAN 1, and also adds a second ary interfa ce as a mem ber of the gr oup. standb y priority This com mand se ts the priority of this rout er in a HSRP gro up. Use th e no form to restor e the defa ult settin g.
Router Re dundancy Co mmands 4-323 4 Related Commands standby a uthe ntication ( 4-324) standby t rack (4-3 26) standb y preempt Th is com mand conf igu res the rout er to ta ke ov er as the ma ster vi rt ual ro uter for an HSR P g roup i f it has hig her pr iorit y than the cur ren t maste r virt ual r out er .
Command Li ne Interface 4-324 4 sta ndby aut hent ic atio n This command s p ecifie s the key used to auth enticate HSRP p acket s received from othe r routers. U se the no f orm t o delete an au thentica tion st ring. Syntax standby [ group ] au thenti cation st ring no standby [ gr oup ] a uthent ication • grou p - Identifies t he HSR P group.
Router Re dundancy Co mmands 4-325 4 standb y timers This com mand se ts the time be tween th e maste r and standby rou ter send ing hello p acket s, and th e time be fore ot her ro uters de clar e the ac tiv e maste r ro uter or standby rou ter down.
Command Li ne Interface 4-326 4 sta ndby trac k This com mand co nfigur es an inter face so th at the HSR P priority c hanges based on the avai lability of othe r IP inter faces on thi s router .
Router Re dundancy Co mmands 4-327 4 show sta ndby This com mand di splays status inform ation for HS RP . Syntax sh ow st andby [ acti ve | init | list en | st andby ] [ brief ] •a c t i v e - Disp lays HS RP grou ps i n the act ive st ate. •i n i t - Displa ys HSRP groups in the ini tial state.
Command Li ne Interface 4-328 4 This exam ple di splays the brief listing of status infor mation f or all groups. priority Pri ority of this ro uter . may p reempt Ro uter wi ll attem pt to ta ke over a s the m aster r outer if its priority is high er .
Router Re dundancy Co mmands 4-329 4 show sta ndby interface This com mand di splays HSRP status informa tion for the sp ecified interface . Syntax show st a ndby interf ace vlan vlan -id [ gr oup grou p ] [ acti ve | init | listen | standby ] [ br ie f ] • vlan -id - Identifier of configure d VLAN in terface.
Command Li ne Interface 4-330 4.
A-1 Appendix A: Software Specifications Software Featur es Authenticatio n Local, RADIUS, T A CACS, Port (802.1x), HTTPS, SSH, Port Securi ty Ac cess Cont rol L ist s IP , M AC ( up t o 32 lis ts) DHC.
Software Sp ecifications A-2 A Multicas t Filtering IGM P Snoo ping ( Layer 2) I GMP (L ayer 3) Multi cast Routing DVMRP , PIM-DM IP R outing ARP , Proxy ARP S tat ic ro utes RIP , RIPv2 and OSPFv2 dy.
Managem ent Information Bases A-3 A IEEE 80 2.3x Full-du plex flow cont rol (ISO/IEC 8802-3) IEEE 802.3z Gigabi t Ether net, IEEE 802. 3ab 1000BA SE-T IEEE 802.
Software Sp ecifications A-4 A PIM MIB (RFC 2934) Port A ccess E ntity MIB (IEEE 802 .1x) Port Access Entity Equipment MIB Private M IB RADIUS Authentication Cl ie nt MIB (RFC 2 621) RIP1 MIB (RFC 105.
B-1 App endix B: Trou bleshoot ing Problems Accessi n g the Management Interface T able B -1 T roubl eshoot ing Cha rt Symp tom A cti on Cann ot conn ect usin g T e lnet, web browse r , or SN MP softw are • Be su re the swit ch is po wered up. • Check network c abling betwee n the manag ement sta tion an d the s witch.
T r oubleshooting B-2 B Using System Logs If a fa ult does occur , refer t o the I n st allation Guid e to e nsur e that th e pr oblem you encou ntered is actually ca used by the switc h. If the prob lem app ears to be c aused by th e swit ch, fol low thes e step s: 1.
Gl ossa ry-1 Glossa ry Acces s Control Lis t (ACL) ACLs ca n limit n etwo rk tra ff ic and re str ic t acce ss to ce rt ain us ers or devic es by check ing each packet for ce rtain IP or MA C (i.e., Laye r 2) info rmation . Address Resolutio n Protocol (ARP) ARP conv erts betwee n IP addre sses and M AC (i.
Glossary Glossa ry-2 of autom atic alloc ation o f reusable network ad dress es and addi tional co nfigurat ion option s. Extens ible Authentica tion Protocol ov er LAN (EAPOL) EAPOL is a client authe nticatio n protocol used b y this switch to verify the network acces s rights for any de vice tha t is plugge d into the sw itch.
Gl ossa ry-3 Glossary IEEE 802 .1p An IEEE standard for prov iding quality of service ( QoS) in Ethernet ne tworks. The standard u ses packe t tags that defi ne up to eigh t traffic cla sses an d allows swi tches to tran smit packets ba sed on the tag ged priori ty value.
Glossary Glossa ry-4 IP Multica st Filtering A proce ss whereb y this swi tch can pass multica st traffic along to part icipating hosts. IP Precedenc e Th e T ype of Serv ice (T oS) oc tet in t he IPv.
Gl ossa ry-5 Glossary Network Tim e Prot ocol (NTP) NTP prov ides th e mechan isms to syn chro nize tim e across the ne twor k. The tim e serv ers opera te in a hiera rchical-m aster- slave co nfigurat ion in orde r to synch ronize local clo cks withi n the sub net and to nationa l time standar ds via wire or radio.
Glossary Glossa ry-6 Remote Monitoring (RMON) RMO N provid es compr ehens ive netw ork mon itoring capabi lities. It eli minates the polling r equired in standard SNM P , and can set alar ms on a var iety of traffic conditi o ns, including s pecif ic error ty pes.
Gl ossa ry-7 Glossary Termin al Access Con troller Acces s Control Sy stem Plus (TACACS+) TACACS+ is a log on aut henticat ion proto col that us es software running on a central serv er to contro l acce ss to T AC ACS-co mpliant dev ices o n the netwo rk.
Glossary Glossa ry-8.
Index-1 Numerics 802.1x, port authe nticati on 3-5 7, 4-79 A accep table fra me type 3- 132, 4-19 2 Ac cess Cont rol L ist See ACL ACL Extende d IP 3-67, 4-87, 4-88, 4-91 MAC 3- 67, 4- 87, 4-10 2, 4-1.
Index-2 Index F firmwa r e displa ying v ersion 3- 12, 4- 62 upgra ding 3-20 , 4-64 G GARP VL AN Registration Protocol Se e GVRP gatew ay, defa ult 3-16, 3- 196, 4-238 GVRP global settin g 3- 126, 4-2.
Index-3 Index mi rror po rt, con figu ring 3-9 5, 4-16 0 MSTP 4- 171 global settin gs 3-1 17, 4-16 9 interfa ce setting s 3 -115, 4- 170 multic ast filterin g 3 -152, 4- 220 multic ast grou ps 3-1 58,.
Index-4 Index specif ying i nterfac es 3-2 16, 4-25 0 st ati sti cs 3-22 0, 4-2 58 router redun dancy HSRP 3-186 , 4-320 protoc ols 3-178, 4-311 VRRP 3-1 79, 4-31 1 routi ng table, disp laying 3- 212,.
Index-5 Index egres s mode 3-13 3, 4-192 interfa ce configur ation 3- 132, 4-19 2–4-196 private 3 -134, 4-198 protoc ol 3-135, 4 -199 VRRP 3-1 79, 4-31 1 authent ication 3- 181, 4 -313 conf iguratio.
Index-6 Index.
.
ES4612 E09200 4-R01 15000 0046400A.
デバイスEdge-Core ES4612の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Edge-Core ES4612をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはEdge-Core ES4612の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Edge-Core ES4612の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Edge-Core ES4612で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Edge-Core ES4612を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はEdge-Core ES4612の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Edge-Core ES4612に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちEdge-Core ES4612デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。