Accton TechnologyメーカーES3628Cの使用説明書/サービス説明書
ページ先へ移動 of 674
P owered by Accton Manage ment G uide ES3628C 24 10/100 Ports + 4GE Intellig ent Layer 2/3/4 Fast Ethernet Switch www .edge-core.com.
.
Manage ment Guide Fast Ethernet Switch Layer 3 Stand alone Swi tch with 24 10 0BASE-T X (RJ- 45) Por ts, 2 100 0BASE- T (RJ-45 ) Po rts, a nd 2 SFP Slots.
ES362 8C F3.1.0.1 8 E0320 05-R01 1491000 05100 H.
v Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem Defa ult s 1-7 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uratio.
Contents vi Savi ng or Resto ring Con figuration Setting s 3-23 Downloa ding Confi guration Se ttings from a Server 3-24 Console Port Setti ngs 3-25 Telnet Setti ngs 3-27 Confi guring Eve nt Loggin g .
Contents vii Config uring ACL M asks 3- 83 Specifyi ng the Mask Ty pe 3-83 Config uring an IP A CL Mask 3-84 Config uring a MAC ACL M ask 3-86 Binding a Port to an Access Co ntrol List 3-87 Port Conf .
Contents viii Mappin g Protocols to VLANs 3-149 Class o f Service C onfigura tion 3-150 Layer 2 Que ue Set ting s 3-15 0 Setting th e Default Pri ority for Interfa ces 3-150 Mappin g CoS Values to Egr.
Contents ix IP Routi ng 3-205 Overvi ew 3-205 Initial C onfigura tion 3-205 IP Switching 3-206 Routin g Path Mana gement 3-207 Routin g Protocols 3-207 Basic IP Interface C onfigura tion 3-208 Config .
Contents x Conf igu ring DVMR P Int erf ace S et tings 3- 268 Displ aying Nei ghbor Informat ion 3-270 Displ aying the Routing Ta ble 3-271 Configuri ng PIM-DM 3-272 Config uring Globa l PIM-DM Sett i.
Contents xi disabl e 4-21 configu re 4-22 show history 4-22 reload 4- 23 end 4- 23 exit 4- 24 quit 4- 24 System M anageme nt Comm ands 4-25 Devic e Designa tion Comm ands 4-25 prompt 4- 25 hostnam e 4.
Contents xii SMTP Alert Comma nds 4-49 logging send mail hos t 4-50 logging send mail lev el 4-50 logging send mail sou rce-em ail 4-51 logging send mail des tination-e mail 4-51 logging send mail 4-5.
Contents xiii Port Securi ty Commands 4-77 port sec urity 4-78 802.1X Port Authen tication 4-79 dot1x sy stem-au th-control 4-80 dot1x de fault 4-80 dot1x m ax-req 4-80 dot1x po rt-control 4-81 dot1x .
Contents xiv snmp-serv er engine-id 4-113 show s nmp e ngi ne-i d 4-11 4 snmp- serve r vi ew 4 -11 5 show snmp vi ew 4-116 snmp-serv er group 4-116 show snmp gro up 4-117 snmp-serv er user 4-118 show .
Contents xv Inte rfac e Co mman ds 4 -14 3 interf ace 4-143 des cri ption 4- 144 speed-d uplex 4-1 44 negot iat io n 4- 145 capabi lities 4-1 46 shutdow n 4-148 switchp ort broad cast pac ket-rate 4-1.
Contents xvi max-ho ps 4-179 spanni ng-tree sp anning -disable d 4-179 spanni ng-tree co st 4-180 spanni ng-tree port -priority 4-180 spanni ng-tree edg e-port 4-181 spanni ng-tree port fast 4-182 spa.
Contents xvii queue ba ndwidth 4-208 queue co s-map 4-2 09 show q ueue mode 4-210 show q ueue band width 4-210 show q ueue cos -map 4-211 Priority Co mmands (Layer 3 a nd 4) 4-212 map ip p ort (Global.
Contents xviii ip igmp query-int erval 4-238 ip igmp max-resp-in terval 4-238 ip igmp last- memb-que ry-interval 4-239 ip igmp version 4-240 show ip igmp inte rface 4-240 clear ip igmp gro up 4-241 sh.
Contents xix default-i nformation originate 4-269 timers s pf 4-270 area range 4-270 area defa ult-cost 4-271 summar y-address 4-272 redi stri but e 4- 272 network are a 4-273 area stub 4-274 area nss.
Contents xx show ip dvmrp rout e 4-308 show ip dvmrp nei ghbor 4-3 09 show ip dvmrp int erface 4-309 PIM-DM Multic ast Rout ing Comma nds 4-310 router pim 4-310 ip pim dense -mode 4-311 ip pim hello- .
xxi Tables Table 1- 1 Key Featu res 1-1 Tab le 1 -2 Sy st em D efa ult s 1-7 Table 3- 1 Web Page C onfigura tion Button s 3-3 Table 3- 2 Switch Main Men u 3-4 Table 3- 3 Logging Lev els 3-29 Table 3- 4 SNMPv3 Security Mod els and L evels 3-38 Table 3-5 Sup ported Notif ication Messa ges 3-49 Table 3-6 HTTPS Sys tem Support 3-58 Table 3- 7 802.
xxii T ables Table 4-1 8 Logging Levels 4-44 Table 4-1 9 s how l ogging fla sh/ram - dis play des cription 4-48 Table 4-2 0 show logging trap - disp lay des cription 4-48 Table 4-2 1 SMTP Alert Comm a.
xxiii T ables Table 4- 63 Private VLAN C ommands 4-197 Table 4- 64 Protocol-based V LAN Comm ands 4-198 Table 4- 65 GVRP and Bridge Ext ensio n Commands 4-20 2 Table 4- 66 Priority Com mands 4 -206 Ta.
xxiv T ables Table 4-1 08 show i p dvmrp n eighbor - di splay d escriptio n 4-309 Table 4-1 09 PIM-DM Mul ticast Rou ting Com mands 4-310 Table 4-1 10 show i p pim nei ghbor - dis play des cription 4-.
xxv Figures Figur e 3- 1 Home P ag e 3-2 Figure 3-2 Front Panel Indi cators 3 -3 Figure 3 -3 System Informa tion 3-12 Figure 3 -4 Switch Inform ation 3-14 Figure 3 -5 Displaying Bridge Ext ension Con .
xxvi Figures Figure 3 -42 802.1X Port Stat istics 3-73 Figure 3-43 IP Filter 3-75 Figure 3 -44 Selecting ACL Ty pe 3-77 Figure 3 -45 ACL Configurati on - Standard IP 3-78 Figure 3 -46 ACL Configur ati.
xxvii Figures Figure 3- 87 Q ueue Mode 3- 154 Figure 3-88 Queue Sch edulin g 3- 155 Figure 3 -89 IP Precedence/DS CP Priority S tatus 3-156 Figure 3-90 IP Precedenc e Priority 3 -157 Figure 3-91 IP DS.
xxviii Figures Figure 3-132 RIP Inte rface Settings 3-231 Figure 3-133 RIP Stati stics 3-233 Figure 3-134 O SPF General Config uration 3-238 Figure 3-135 O SPF Area Configuratio n 3-241 Figure 3-136 O.
1-1 Chapter 1: Introduction This switc h provid es a broad r ange of fe atures for Layer 2 switching and Laye r 3 routing. It in cludes a manag ement agent tha t allows you to configu re the fea tures listed in this manual . The defaul t configur ation can be used for most of the features provided by this swi tch.
Introduction 1-2 1 Description of Software F eatures The sw itch pr ovides a w ide range o f a dvanced perf orman ce enha ncin g feat ures. Flow cont rol elimina tes the l oss of packets du e to bottlene cks cau sed by po rt satura tion. Broadc ast stor m suppr ession pr even ts broadcas t traffic storms f rom engulfin g the netw ork.
Description of Softw are Feat ures 1-3 1 Access C ontrol Lists – ACLs prov ide packet filtering for IP frames (based on address , protocol, TCP/UDP port numb er or TCP con trol co de) or any fra mes (based on MAC add ress or Et hernet type).
Introduction 1-4 1 IEEE 802.1D Bridge – Th e switch s upports IEE E 802.1D tr ansparent br idging . The address table facilitates data s witching by learni ng addres ses, and t hen filte ring or forwar ding traffic based on this info rmatio n. The ad dress table su pports up to 16K address es.
Description of Softw are Feat ures 1-5 1 • Use pri vate VLA Ns to restrict traffic to pa ss only betw een da ta ports and t he uplink ports, ther eby iso lating ad jace nt ports wi thin the same VL AN, and allowi ng you to limit the tota l numbe r of VLANs th at need to be co nfigur ed.
Introduction 1-6 1 remote net work, the switch checks to see i f it has t he best rout e. If it doe s, it sends it s own MAC a ddre ss t o the host . Th e host the n send s tr af fic f or the r emot e destinat ion via the switch, which uses its own rout ing table to reac h the dest ination on th e othe r netw ork.
System Defaults 1-7 1 System Defaults The switc h’s system de faults are provi ded in th e configur ation file “Fact ory_D efault_ Config. cfg.” To re set the s witch def aults, thi s file shou ld be set as the start up configur ation file (page 3-2 4).
Introduction 1-8 1 SNMP SNMP Ag ent Enabl ed Communi ty Strin gs “pu blic” (r ead on ly) “privat e” (read/w rite) Traps Au thentic ation tr aps: e nabled Link-up-d own ev ents: e nabled SNMP V.
System Defaults 1-9 1 IP Setting s Managem ent. V LAN Any VLAN co nfigure d with an IP addres s IP Address 0.0.0.0 Subnet M ask 255.0.0.0 Default G ateway 0.
Introduction 1-10 1.
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in ne twork managem ent age nt. The ag ent offers a var iety of m anageme nt opt ions, includi ng S NMP , R MON a nd a web- based interfac e.
Initial Confi guration 2-2 2 • Configu re Spa nning Tree param eter s • Configure Class of Service (CoS) p riorit y queui ng • Configu re up to 12 sta tic or LAC P trunks • Enable po rt mirror.
Basic Configur ation 2-3 2 Remote Connections Prior to acces sing t he s witch’s on board a gent via a netw ork c onnec tion, y ou mus t fi rst c onf igure it w ith a val id I P add ress , su bnet mask, and defa ult g atewa y us ing a console connec tion, DH CP or BOO TP proto col.
Initial Confi guration 2-4 2 Setting Passwords Note: If this is yo ur first time to log into the CLI program, y ou should define new passwords for both default user names us ing the “u sername” comm and, record them and put them in a saf e place. Passwo rds can con sist of up t o 8 alphanu meri c charact ers and ar e case s ensitive .
Basic Configur ation 2-5 2 Before y ou can assi gn an IP addr ess to th e switch , you mus t obtain the f ollowing inform ation from y our netwo rk adm inistrat or: • I P addr ess fo r the sw itch • Default ga teway for the netwo rk • Network mask for thi s network T o assig n an IP add ress to the switch, comp lete the fo llowing st eps: 1.
Initial Confi guration 2-6 2 5. W ait a few minutes, and then c heck t he IP conf iguratio n settings by typin g the “show ip int erface ” comm and. Pre ss <Ent er>. 6. Then save y our con figurat ion chang es by typi ng “copy running- confi g startup-co nfig.
Basic Configur ation 2-7 2 The defa ult s tri ngs are: • public - wit h read- only acces s. Aut horize d mana geme nt stat ions a re o nly able to ret rieve MIB obje cts. • private - w ith read-wr ite acces s. A uthorized ma nagemen t stat ions a re ab le to bot h ret rieve and modify MIB obje cts.
Initial Confi guration 2-8 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re manag eme nt access for SNMPv 3 clien ts, you need to f irst create a view tha t defines the port ions of M IB that the client ca n read or write, assign t he view to a group , and then assi gn the use r to a group .
Managing System Files 2-9 2 Managing System Files The s wit ch’ s fl ash memory supp ort s th ree type s of syste m fi les t hat can be mana ged by the CLI program, web interface, or SNMP . The switch’ s file system allows files to be upload ed and d ownloade d, cop ied, deleted , and se t as a start-up fil e.
Initial Confi guration 2-10 2.
3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch prov ides an e mbedde d HTTP web agent. Using a we b browse r yo u can configur e the swit ch and view statistics t o monitor network ac tivity . The web ag ent can be acce ssed by any com puter on the netwo rk using a standard w eb brow ser (Interne t Explorer 5.
Configuring the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web- brows er interfac e you m ust first ent er a user name and password . The ad minist rator h as Rea d/Write ac cess to all co nfigurat ion parame ters and statistics.
Navigating the Web Brow ser Interface 3-3 3 Configurati on Options Configu rable paramete rs have a dial og b ox or a drop -down list. Once a conf iguration change ha s been m ade on a page, be sure t o click on th e Apply but ton to co nfirm the new set ting.
Configuring the Switch 3-4 3 Main Menu Using th e onboa rd web agent , you can de fine sy stem parame ters, manage an d contro l the switc h, and all its ports, or m onitor netw ork cond itions. The follow ing table briefly des cribes the selec tions av ailable from this pr ogram.
Navigating the Web Brow ser Interface 3-5 3 SNMPv3 3-4 2 Engine ID Sets t he SNM P v3 e ngine ID 3-43 Remote E ngine ID Sets the S NMP v3 eng ine ID on a re mote d evice 3-43 User s Conf igu res SN MP.
Configuring the Switch 3-6 3 LACP 3-93 Configura tion Allo ws po rts to d ynamic ally join tru nks 3-95 Aggregat ion Port Config ures para meters for link aggregat ion group mem bers 3-9 8 Port Coun t.
Navigating the Web Brow ser Interface 3-7 3 Trun k Co nfigu rati on Conf igur es tru nk set tin gs for a spe cifi ed MST inst ance 3-133 VLAN 3-135 802.
Configuring the Switch 3-8 3 QoS 3-161 Diff Ser v Con figu re Q oS cla ssif icat ion cr it eria and se rvic e poli ci es 3-161 Clas s Map Cr eates a clas s ma p for a type o f traf fi c 3-162 Policy M.
Navigating the Web Brow ser Interface 3-9 3 ARP 3-21 1 General Sets the pro tocol tim eout, an d enable s or disab les prox y ARP for the specif ied VL AN 3-212 Static Add resses Statica lly ma ps a p.
Configuring the Switch 3-10 3 Routing P rotoco l 3 -207 RIP 3-225 General S ettings En ables o r disab les RIP , sets the glo bal RIP versio n and timer values 3-226 Network A ddress es Configure s th.
Navigating the Web Brow ser Interface 3-11 3 PIM-DM General S ettings En ables o r disab les PIM -DM g lobally for the switch 3-272 Interface Setting s Enabl es or d isables PIM-D M per i nterfac e, c.
Configuring the Switch 3-12 3 Basic Configuration Displaying Syste m Information Y o u can easi ly identi fy the syst em by dis playin g the device name , locatio n and contac t informati on. Field Attributes • Syst em Name – Name assi gned to th e switch s ystem.
Basic Configur ation 3-13 3 CLI – S peci fy th e ho stnam e, l ocat ion and co nt act infor mat ion. Displaying Switch Hardware/Soft ware Versions Use the Sw itch Infor matio n page to displa y hardw are/firm ware ve rsion nu mbers for the main bo ard and m anage ment so ftware, as we ll as the powe r status of th e system .
Configuring the Switch 3-14 3 • Operation Code Version – Version nu mbe r of runtime code. • Role – Shows tha t this switch is operating as Maste r or Slave 2 . These addi tiona l parameters ar e displaye d for the CLI. • Unit ID – Unit number in sta ck 2 .
Basic Configur ation 3-15 3 Displaying Bridge Extension Capa bilities The Bridg e MIB includ es exte nsions for manage d devices that supp ort Multi cast Fil ter ing, T raf fic Cl asses , and Vi rtu al L ANs. Y ou can acces s the se ex tens ions to dis play def ault se tti ngs for t he key va riabl es.
Configuring the Switch 3-16 3 CLI – Enter the fo llowing co mman d. Configuring Suppor t for Jumbo Frames The switc h provides more efficient throug hput for la rge seque ntial data tran sfers by support ing jumb o frame s up to 9216 bytes. Com pared to standa rd Ether net frame s that run only up to 1.
Basic Configur ation 3-17 3 Setting the Switch’s IP Address Thi s sec tion desc ribe s how to confi gur e an in it ial I P int erf ace f or m anage ment access over th e network.
Configuring the Switch 3-18 3 Manual Co nfiguration We b – Clic k IP , General, R outing Inter face. Se lect the VLA N through which the manage ment station i s attached, s et the IP Addr ess Mode to “St atic,” a nd speci fy a “Primar y” interfac e.
Basic Configur ation 3-19 3 Using DHCP/BOOTP If your network pr ovides DHCP/BOOTP services, you can configure the switch to be dyna mic ally co nfi gured by thes e serv ices . We b – Cl ick IP , General, Routing Int erface . S pecify the VLA N to wh ich the mana gemen t st atio n is att ached, set th e IP Addr ess Mo de to D HCP or BO OTP .
Configuring the Switch 3-20 3 Renewing DCHP – DHC P may lease addres ses to clients indefini tely or fo r a specific period o f time. If the address ex pires or the switch is mo ved to a not h er network segmen t, you will lo se management access to the switch.
Basic Configur ation 3-21 3 Downloadi ng System Softw are from a Se rver When dow nload ing runti me code, you can specify the destin ation file na me to replace th e curren t image, or first dow nload th e file using a differen t name f rom the current ru ntime co de file, an d then set the new fi le as the startup fi le.
Configuring the Switch 3-22 3 T o delete a f ile select Sy stem, File M anagem ent, Del ete. Sele ct the file na me from the given l ist by check ing the t ick box and click Appl y . Note that the file cur rently designa ted as th e startup code ca nnot be delete d.
Basic Configur ation 3-23 3 Saving or Restoring Confi guration Settings Y ou c an up load/d ownload configu ration s ettings to/from a TFT P server, or copy files to and from switch units in a stack 4 . Th e conf igur atio n file can be later downl oaded to restor e the switch ’s settings.
Configuring the Switch 3-24 3 Downloadi ng Configuration Se ttings from a Se rver Y ou ca n dow nload th e configura tion file un der a new file name an d then set it as the startup file, or you can sp ecify the cur rent sta rtup co nfigurat ion file a s the desti nation file to direct ly replac e it.
Basic Configur ation 3-25 3 CLI – Enter the IP address of the TFTP s erver , specif y the s ource file on th e ser ver , set the startup file name on the sw itch, and t hen res tart the switch . T o selec t anothe r configur ation file as the start-up configur ation, use the boot system comma nd and then restart the s witch.
Configuring the Switch 3-26 3 • Speed – Sets the termi nal line’s baud rate for trans mit (to ter minal) and r eceive (from termi nal). Set the speed to matc h the baud r ate of the dev ice conn ected to the serial po rt.
Basic Configur ation 3-27 3 CLI – Enter Line Co nfigur ation mod e for the console, t hen speci fy the conne ction parameter s as requi red. T o disp lay the cu rrent c onsole po rt settings , use the s how line command fr om the Normal Exec level.
Configuring the Switch 3-28 3 • Password 6 – Specifies a passw ord f or the li ne con nection. When a conn ection is started on a line with pa sswor d protec tion, the system prompts f or the pas sword. If you ente r the correc t pass word, th e system shows a prompt .
Basic Configur ation 3-29 3 Configuring Event Logging The sw itch allow s you to c ontrol the logg ing of error m essag es, incl uding t he typ e of events that are re corded in switch mem ory , logging to a rem ote Syst em Log (sy slog) server, and disp lays a list of recen t event me ssages .
Configuring the Switch 3-30 3 We b – Click Sy stem, Logs , System Logs. S pecify Sy stem Lo g St atus, set the leve l o f event mess age s to be lo gge d to RA M an d fl ash m emor y , then cli ck Ap pl y . Figu re 3 -17 Sys tem Lo gs CLI – Enable system logging an d then specif y the level of mes sages to be logge d to RAM an d flash mem ory .
Basic Configur ation 3-31 3 We b – Click System, Logs, Remote Logs. T o add an I P address to t he Host IP List, type the new IP addre ss in the Ho st IP Addr ess box, and then clic k Add. T o de lete an IP addr ess, click the entry i n the Hos t IP List, and t hen click R emove .
Configuring the Switch 3-32 3 Displaying Log Me ssages Use the Log s page to sc roll through the logg ed system and ev ent mes sages. Th e switch can store up t o 2048 log entrie s in tempo rary rando m acc ess mem ory (RAM ; i.e., memor y flush ed on powe r reset ) and up to 40 96 entries in permane nt flas h memory .
Basic Configur ation 3-33 3 • SMTP Se rver L ist – Speci fies a list of up to thre e rec ipie nt S MTP se rver s. The switch attempts to connec t to the othe r listed se rvers if th e first fails . Use the New SMTP Serv er text field an d the Add/ Remo ve buttons t o configur e the list.
Configuring the Switch 3-34 3 CLI – Enter the IP ad dress of at lea st one SM TP se rver , set the s yslog s everity l evel to trigger a n ema il messa ge, and sp ecify t he switc h (sourc e) and up t o five rec ipient (destina tion) emai l addresses .
Basic Configur ation 3-35 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allows the switch to set its int ernal clock based on pe riodic upd ates from a time serv er (SNT P or NTP). Mai ntaining an accurate t ime on the s witch ena bles the system log to recor d mea ningful da tes and times fo r event en tries.
Configuring the Switch 3-36 3 CLI – This examp le configu res the sw itch to operate a s an SNTP cl ient and th en displays the curre nt time an d setti ngs.
Simple Network Managemen t Protocol 3-37 3 Simple Network Manage ment Protocol Simp le Ne twor k Manage ment Pr ot ocol (SNMP) i s a commu nica tion pr ot ocol designe d specif ically for managi ng device s on a net work. Equ ipmen t comm only manage d with SN MP includ es sw itches, rout ers and ho st comp uters.
Configuring the Switch 3-38 3 securi ty mode ls v1 and v2 c. The foll owing table shows the s ecurit y mod els and levels ava ilable and the sys tem defau lt setti ngs. Note: The predefined default groups and view c an be deleted from the system. You ca n then d efine custom ized groups and views for the SNMP cli ents that re quire access.
Simple Network Managemen t Protocol 3-39 3 CLI – The followi ng exam ple enabl es SNMP on the swi tch. Setting Community Acc ess Strings Y o u may confi gure up to fiv e commu nity string s autho rized for manage ment ac cess by clien ts using SN MP v1 and v2c .
Configuring the Switch 3-40 3 Specifying Trap Managers and Trap Types T raps indic ating statu s change s are iss ued by the sw itch to sp ecified t rap ma nager s. Y o u must spec ify trap m anage rs so that ke y events a re reporte d by this sw itch to your ma nageme nt station (u sing net work man agem ent platform s such a s HP OpenVie w).
Simple Network Managemen t Protocol 3-41 3 Version 1 or 2c clients ), or define a co rrespon ding “User Nam e” in the SN MPv3 Users pag e (for Ver sion 3 client s). (Ran ge: 1-32 c haracte rs, case sensitiv e) • Trap UDP Port – Specifies th e UDP po rt number used by the trap man ager.
Configuring the Switch 3-42 3 We b – Cl ick SNMP , Configu ratio n. Enter the IP addres s and comm unit y string fo r each management stat ion that will receive trap messages, specify the UDP port, SNMP trap ve rsio n, trap secu rity le vel (f or v3 cl ients), t rap infor m s ettings (for v2c/v3 clients), an d then c lick Ad d.
Simple Network Managemen t Protocol 3-43 3 Setting a Local Engine ID An SNMP v3 eng ine is an ind epend ent S NMP a gent that resid es on t he swit ch.
Configuring the Switch 3-44 3 The en gine ID can be s pecif ied by ente ring 1 to 26 hex adeci mal ch arac ters . If les s than 26 ch aracter s are spec ified, tra iling zeroes are add ed to the va lue. For example, the valu e “1234” is equival ent to “1234 ” follow ed by 22 zer oes.
Simple Network Managemen t Protocol 3-45 3 • Privacy Protocol – The encryp tion a lgorithm use for data privac y; onl y 56-bi t DES is currentl y availabl e. • Privacy P assw ord – A mini mum of ei ght plain text charact ers is requ ired. • Actions – Enable s the user to be assigne d to ano ther SNM Pv3 gr oup.
Configuring the Switch 3-46 3 CLI – Us e th e snmp-s erver u ser comm and to configur e a new use r name an d assign it to a group. Configuring Rem ote SNMPv3 Users Each SNMP v3 user is defined by a unique n ame. Use rs must be configur ed with a specific securi ty level a nd assig ned to a gr oup.
Simple Network Managemen t Protocol 3-47 3 • Privacy Protocol – The encryp tion a lgorithm use for data privac y; onl y 56-bi t DES is currentl y availabl e. • Privacy P assw ord – A mini mum of ei ght plain text charact ers is requ ired. We b – Clic k SNMP , SNMPv 3, Remot e User s.
Configuring the Switch 3-48 3 CLI – Us e th e snmp-s erver u ser comm and to configur e a new use r name an d assign it to a group. Configuring SNM Pv3 Groups An SNMP v3 group se ts the ac cess po licy for its ass igned use rs, res tricting th em to specific read, writ e, and noti fy views .
Simple Network Managemen t Protocol 3-49 3 T ab le 3-5 Supp orted N otificatio n Mess ages Object La bel Objec t ID Descr iption RFC 1493 Traps newRoot 1.
Configuring the Switch 3-50 3 Private Tr aps swPowerS tatus ChangeT rap 1.3.6.1.4. 1.259. 6.10.7 5.2.1.0 .1 This tr ap is sent when the power sta te change s. swFanFai lureTra p 1.3.6.1.4. 1.259. 6.10.7 5.2.1.0 .17 This tr ap is s ent wh en the fan fail s.
Simple Network Managemen t Protocol 3-51 3 We b – Click SNMP , SNMPv3, Groups. Click New to configure a new group. In the New G roup page , defi ne a name, assign a se curity m odel a nd lev el, and the n selec t read, wr ite, and noti fy views . Click Add t o save the ne w group and return t o the Groups list.
Configuring the Switch 3-52 3 Setting SNMPv3 Views SNMPv 3 views ar e used to restrict user acce ss to specified portions of the M IB tree. The prede fined view “defa ultview” includes ac cess t o the entir e MIB tree. Command Attributes • View Name – The nam e of the SNMP view.
User Authent ication 3-53 3 CLI – Us e th e snmp-s erver vi ew comm and to co nfigure a ne w view. This example view incl udes the MIB-2 in terfaces tabl e, and the wildc ard mask select s all ind ex entries.
Configuring the Switch 3-54 3 Command Attributes • Account List – Dis plays the cu rren t list of user acc ount s and associ ated acc ess levels. (D efaults : admin, and gues t) • New Account – Displ ays con figuratio n settings for a new acc ount.
User Authent ication 3-55 3 Configuring Local/Remote Logon Authentication Use the Authe nticati on Se ttings menu t o res trict ma nagem ent a ccess bas ed on specifie d us er nam es and pas sword s.
Configuring the Switch 3-56 3 • RADIUS Settings - Global – Provides g lobally ap plicab le RADI US settings . - ServerIndex – Speci fies on e of five RA DIUS se rvers th at may be configure d. The switch at tempts authen tication us ing the li sted sequ ence of ser vers.
User Authent ication 3-57 3 We b – Click Security , Authentication Sett ings. T o configure local or remote authenti cation preferenc es, sp ecify the au then tication se quence (i.e., on e to three methods), fill in t he parameters f or RADIUS or T ACACS+ authentication if s elected, and click Ap ply .
Configuring the Switch 3-58 3 Configuring HTTPS Y ou ca n conf igure the sw itch to e nable the Sec ure Hyp ertext T ransfer Protocol (HTTPS ) over the Secure S ocket Lay er (SS L), providi ng secu re access (i.e., an encrypt ed con nect ion) to the switc h’s web i nterface .
User Authent ication 3-59 3 We b – Click Security , HTTPS Settings . Enable HTTP S and specify t he p ort numb er , then c lic k App ly . Figure 3- 35 HT TPS S ettings CLI – This example ena bles the HTTP secu re serve r and modi fies the p ort num ber .
Configuring the Switch 3-60 3 Configuring the Secure She ll The Berkl ey-standa rd includ es remot e acce ss tools orig inally des igne d for Unix systems. Some of these too ls have al so been im plemen ted for M icros oft Windows and other environm ents.
User Authent ication 3-61 3 be config ured loca lly on the sw itch via the Use r Accounts page as described on page 3-53.) Th e clients are subseq uently aut henticat ed using the se keys .
Configuring the Switch 3-62 3 Field Attributes • Public-Key of Host-Key – T he pu bli c key for the h ost . - RSA (Ver sion 1): The first field indi cates the size of the hos t key (e. g., 1024 ), the second f ield is the encod ed pub lic exp onent ( e.
User Authent ication 3-63 3 CLI – Th is ex ampl e ge nera tes a hos t-ke y p air usin g bot h th e RSA and DSA algorithms, stores the keys to flash memory , and then displays the host’s p ublic keys. Configuring the SSH Server The SSH se rver includes ba sic se ttings for au thentica tion.
Configuring the Switch 3-64 3 We b – Click Security , SSH, Settings. Enable SSH and adjust the authenticati on para meters as requir ed, then clic k Apply . Note that y ou must firs t generate t he host key pair on the SSH Ho st-K ey Setti ngs page before you c an e nable t he SS H ser ver .
User Authent ication 3-65 3 Configuring Port Security Port securit y is a featur e that allow s you to co nfigure a sw itch port with one or more device MA C addr esse s that are aut horize d to acces s the netw ork thro ugh that port.
Configuring the Switch 3-66 3 We b – Click Security , Port Security . Set the action to take when an invalid address is detected o n a port, m ark the checkbox i n the St atus col umn to en able secu rity for a port, set the m aximu m numb er of M AC addr esse s allowe d on a port, and click A pply .
User Authent ication 3-67 3 Configuring 802. 1X Port Authentication Netw ork switch es can pr ovid e open an d eas y access to netw ork resour ces by simply attac hing a clie nt PC.
Configuring the Switch 3-68 3 • The RADI US ser ver and c lient al so have t o supp ort the sa me EA P authenti cation type – MD 5. (Som e clients ha ve nat ive suppo rt in Win dows, otherwi se the dot 1x client mus t supp ort it.) Displaying 802 .
User Authent ication 3-69 3 Configuring 80 2.1X Globa l Settings The 80 2.1X proto col pr ovid es por t auth enti cati on. The 802. 1X pro tocol must be enabled globa lly for the swit ch s ystem befor e port sett ings a re a ctive. Command Attributes 802.
Configuring the Switch 3-70 3 • Max Reque st – Sets the ma ximum number of times the swi tch port will retran smit an EAP reques t pack et to the cl ient b efore it times out the aut henticat ion ses sion.
User Authent ication 3-71 3 CLI – Th is ex ampl e se ts t he 80 2.1 X pa rame ters on po rt 2. For a de scri ptio n of the addition al fields di splayed in this exam ple, see “ show dot 1x” on pag e 4-84 .
Configuring the Switch 3-72 3 Display ing 802.1X Statistics Thi s swit ch c an di spl ay st ati sti cs fo r do t1x prot ocol exch anges for any port . T ab le 3-7 802.1 X Stat istics Paramete r Descr iption Rx EAPO L Start The numb er of EAPOL Start fra mes th at have been re ceived b y this Au thenticato r.
User Authent ication 3-73 3 We b – Select Security , 802.1X, S tatistics. Select the requir ed port and th en click Query . Click Refresh to upd ate the statis tics. Figure 3- 42 80 2.1X P ort Sta tistics CLI – Th is ex ampl e dis pla ys th e dot 1x s tat is tics for p ort 4.
Configuring the Switch 3-74 3 Filteri ng IP Addresses for Management Access Y o u can cre ate a list of up to 16 IP add resse s or IP ad dress groups tha t are all owed manage ment ac cess to th e switch through the web inter face, SNM P , or T elnet.
User Authent ication 3-75 3 We b – Click Se curity , IP Filter . Enter the IP addres ses or ran ge of add resses t hat are allowe d manage ment acc ess to an i nterface , and click Add IP Filtering En try . Figure 3-4 3 IP F ilter CLI – Th is ex ampl e re stri ct s mana geme nt ac cess for T eln et cl ie nts.
Configuring the Switch 3-76 3 Access Control Lists Access C ontr ol Lists (A CL) prov ide packe t filtering for I P fram es (bas ed on address , protocol , Layer 4 prot ocol por t numbe r or TCP contr ol code) or any frame s (based on MAC add ress or Etherne t type).
Access C ontrol Lis ts 3-77 3 Setting the ACL Name and Ty pe Use the AC L Config uration page to de sign ate the na me and type of an ACL. Command Attributes • Name – Name of the AC L.
Configuring the Switch 3-78 3 and comp ared wit h the addre ss for eac h IP packet entering the port(s) to which thi s ACL ha s been as sign ed. We b – S pecify th e action (i.e ., Permit or Den y). Select the address type (Any , Host, or IP). If yo u se lect “H ost,” e nter a spe cific addres s.
Access C ontrol Lis ts 3-79 3 • Protocol – Speci fies the pr otocol ty pe to match as TCP, UD P or Other s, whe re others in dicate s a speci fic proto col numbe r (0-255 ). (Opt ions: T CP, UDP, Others; Default: TCP) • Source/D estinati on Port – Sour ce/des tinatio n port numb er for the spe cifie d protocol type.
Configuring the Switch 3-80 3 We b – Specify the action (i.e., Permit or D eny). Specify the sourc e and/or destinat ion addr esses. Se lect the ad dress typ e (Any , Host, or IP) . If you selec t “Host,” enter a s pecific address . If you s elec t “IP ,” ent er a s ubnet addre ss a nd the mask for an addre ss range.
Access C ontrol Lis ts 3-81 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any combin ation of perm it or deny r ules. • Source/D estinati on Address Type – U se “.
Configuring the Switch 3-82 3 We b – Specify the action (i.e., Permit or D eny). Specify the sourc e and/or destinat ion addr esses. Se lect the ad dress type (Any , Host, or MA C). If you sel ect “Host,” enter a specif ic addr ess (e. g., 1 1-22- 33-4 4-55-66 ).
Access C ontrol Lis ts 3-83 3 Configuring ACL Masks Y ou m ust spec ify ma sks that con trol the or der in whi ch ACL ru les are ch ecked . The swi tch i ncl udes t wo s ystem def ault masks that p ass/ filt er p ack ets matc hing the permit /deny rule s specif ied in an ing ress ACL .
Configuring the Switch 3-84 3 Configuring an IP ACL Mask This mask d efines the fields to check in th e IP hea der . Command Usage • Masks t hat inclu de an entry for a Laye r 4 protoc ol sourc e port or dest ination port can only be applie d to packets with a he ader len gth of exa ctly five byt es.
Access C ontrol Lis ts 3-85 3 We b – Con figure th e mask to match the r equired rules in th e IP ingre ss or egre ss ACLs. S et the mask to check f or any sour ce or de stination a ddres s, a speci fic host address , or an addr ess rang e.
Configuring the Switch 3-86 3 Configuring a MAC ACL Mask This mask d efines the fields to check i n the packet he ader . Command Usage Y ou m ust conf igure a mask for an AC L rule bef ore you can bind it to a po rt.
Access C ontrol Lis ts 3-87 3 CLI – This e xampl e show s how to cre ate an Ingres s M AC A CL and bind it to a port. You can the n see that the order of the rules ha ve been change d by the mask.
Configuring the Switch 3-88 3 We b – Click Secur ity , A CL, P ort Bind ing. Ma rk the Enab le field for the p ort yo u wan t to bind to an ACL for ing ress or egres s traffic, selec t the requ ired ACL fro m the drop-do wn list, then click Appl y .
Port Configurati on 3-89 3 • Trunk Me mber 8 – Sh ows if por t is a trunk me mber. • Creation 9 – Shows if a trunk is manu ally configu red or dyna mically set via LACP .
Configuring the Switch 3-90 3 • Flow control – Shows if flow control i s enabled or disabled . • LACP – Shows if LACP is enabled or di sabled. • Port secu rity – Show s if port secur ity is enab led or disab led. • Max MAC count – Shows the m axim um numb er of MA C addres s that ca n be learned by a port.
Port Configurati on 3-91 3 Configuring I nterface Connections Y ou can u se t he Po rt Confi guration or Trunk Co nfigurat ion page to ena ble/disa ble an interface, set auto-ne gotiat ion and the in terface capab ilities to advertise, or manua lly fix the spe ed and du plex mode , an d flow contr ol.
Configuring the Switch 3-92 3 We b – Cli ck Po rt, Port Conf igur ati on or T run k Con figur ati on. Modif y th e re quir ed interface settings, and click Apply . Figure 3-5 3 Por t - Por t Confi guratio n CLI – Select the interfac e, and then ent er the requ ired set tings.
Port Configurati on 3-93 3 Creating Tr unk Groups Y o u can crea te multip le links between de vice s that wor k as one vir tual, aggr egate link. A por t trunk offers a dram atic inc rease in bandw idth for netw ork segm ents where b ottle necks exist, as well a s prov iding a fault -tolera nt link bet ween two devices.
Configuring the Switch 3-94 3 Statically Configuring a Trunk Command Usage • When co nfigur ing st atic trunk s, y ou may not be able to link sw itch es of differe nt types , dependi ng on the m anufact urer’s implemen tatio n. Howev er, not e that the stat ic trunks on th is switch a re Cisco Et herCh annel compatible.
Port Configurati on 3-95 3 CLI – This examp le creat es trunk 1 with ports 9 and 10. Just co nnect thes e ports to two static trun k ports on ano ther sw itch to form a trunk.
Configuring the Switch 3-96 3 Command Attributes • Member Li st (Cur rent ) – Show s con figured tru nks (Un it, Port). • New – Include s entry fie lds for crea ting new trunks. - Unit – St ack u nit 11 . ( Rang e: 1- 1) - Port – Port i dentifier.
Port Configurati on 3-97 3 CLI – The follo wing exam ple ena bles LACP for por ts 1 to 6. Just conne ct these por ts to LACP -enabled t runk ports on another switch to fo rm a trunk . Console(config)#interface ethernet 1/1 4-143 Console(config-if)#lacp 4-159 Console(config-if)#exit .
Configuring the Switch 3-98 3 Configuring LACP Pa rameters Dynami cally Creat ing a Port Ch annel – Ports assigne d to a com mon port chann el must m eet the follo wing cri teria: • Ports must have the same LACP Syste m Priority. • Ports must h ave the same LACP port Admin Key.
Port Configurati on 3-99 3 We b – Clic k Port, LACP , Aggreg ation Port. Set the Syste m Priority , Adm in Key , and Por t Prio rit y for the Por t Acto r .
Configuring the Switch 3-100 3 CLI – The followi ng exam ple conf igures LACP param eters for ports 1-10. Ports 1-8 are used as active member s of the LA G , ports 9 and 10 are set to ba ckup m ode.
Port Configurati on 3-101 3 Displaying LACP Port Cou nters Y o u can disp lay statistics f or LACP protocol messag es. We b – Click Port, LACP , Port Counters Information.
Configuring the Switch 3-102 3 Displaying LACP Settings and Status for the Lo cal Side Y o u can disp lay conf igurati on setting s and the op eratio nal state for th e local sid e of an link aggr egatio n.
Port Configurati on 3-103 3 We b – Click Port, LACP , Port In ternal Informa tion. Select a port channel t o display the corres ponding inform ation. Figure 3-58 LAC P - Po rt Inter nal Inf ormati on CLI – The followi ng exa mple disp lays the LAC P confi guration settings and operat ional state for th e local side of port ch annel 1.
Configuring the Switch 3-104 3 Displaying LACP Settings and Status for the Rem ote Side Y o u can disp lay conf iguration s etting s and the op eratio nal state for th e remote si de of an link ag gregatio n. We b – Clic k Port, LAC P , P ort Neighbo rs Inform ation.
Port Configurati on 3-105 3 CLI – The followi ng exa mple disp lays the LAC P confi guration settings and operat ional state for th e remot e side of port chann el 1.
Configuring the Switch 3-106 3 We b – Clic k Port, Port Br oadcast Control or Trunk Broadca st Con trol. Chec k the Enabled box for any in terface, set the th reshol d, and click Apply . Figure 3- 60 Po rt B roadc ast Contro l CLI – S pecify any i nterface , and then enter th e thresho ld.
Port Configurati on 3-107 3 Configuring Port Mirroring Y o u can mi rror traffic from any source port to a target port for re al-time an alysis . Y ou can the n attach a logic an alyze r or RMON probe to the target port and s tudy the traffic crossi ng the source port in a comp letely u nobtrus ive m anner.
Configuring the Switch 3-108 3 Configuring Rat e Limits This funct ion allows the netwo rk manag er to cont rol the m aximum r ate for traffic transmi tted or rec eived on an interfa ce. Rate l imiting is co nfigur ed on inte rfaces at the edge o f a networ k to limit tra ffic into or out of the s witch.
Port Configurati on 3-109 3 Showing Port Statistics Y o u can disp lay standa rd statistics o n network traffic from th e Interfac es Grou p and Ethernet- like MIBs, as well as a detail ed breakd own of tra ffic based on the R MON MIB. Inter faces an d Etherne t-like statist ics displ ay errors on the traffic passin g throug h each port .
Configuring the Switch 3-110 3 Transmit Disc arded Pac kets The num ber o f out bound packets which were cho sen to be discar ded e ven though no errors had b een de tected to pre vent th eir being t ransmit ted. One poss ible rea son fo r disca rding s uch a p acket cou ld be t o free up buffer spa ce.
Port Configurati on 3-111 3 Received Frame s The total numbe r of fra mes (b ad, bro adcast an d multi cast) re ceived . Broadcas t Frame s The total numbe r of go od fram es rec eived t hat were d irected to the broadcas t addre ss. No te that this do es not include multic ast packe ts.
Configuring the Switch 3-112 3 We b – Clic k Port, Port St atistics . Select the re quired interface, and click Quer y . Y ou can also use the Re fresh bu tton at the bottom of the page to upd ate the sc reen.
Address T abl e Settings 3-113 3 CLI – Th is ex ampl e sh ows s tat isti cs f or po rt 12. Address Table Settings Switche s store the ad dresse s for all known devic es. This i nformat ion is used to pass traffic directly between th e inboun d and outbo und por ts.
Configuring the Switch 3-114 3 We b – Cl ick Address T able , S tatic Addresse s. S pecify t he interf ace, the MAC addr ess and V LAN, t hen clic k Add S tatic Addr ess . Figure 3 -64 S tatic A ddress es CLI – This exam ple add s an addres s to the stati c address table, but sets it to be deleted when t he switch is re set.
Address T abl e Settings 3-115 3 We b – Click Ad dress T a ble, Dy namic Addresse s. Specify the sea rch type (i.e., mark the Inte rfac e, M AC Add res s, or VLAN chec kbox) , s elec t th e meth od of sort in g th e displaye d addre sses, an d then c lick Q uery .
Configuring the Switch 3-116 3 Changing the Aging Time Y o u can set the a ging time for entr ies in the dy namic address tab le. Command Attributes • Aging Status – Enab les/di sables the aging funct ion. • Aging Time – The time afte r which a lear ned entr y is disca rded.
Spanning Tree Algorithm Configurati on 3-117 3 Once a stable network t opology has bee n establishe d, all bridge s listen fo r Hello BPDUs (Bri dge Protoco l Data Units) transmi tted from the Root Brid ge.
Configuring the Switch 3-118 3 new root po rt is sele cted from amon g the device ports attac hed to the netwo rk. (Refer ences to “p orts” in thi s section m ean “int erface s,” which i ncludes both po rts and trun ks.) • Hello Time – Interval (in seco nds) at w hich th e root dev ice transm its a configur ation mes sage.
Spanning Tree Algorithm Configurati on 3-119 3 • Root Forward Delay – The maximum time (in seconds) th is device will wait bef ore changin g states (i.e., discar ding to learning to fo rwardin g). This dela y is requi red because every de vice mu st receiv e inform ation abo ut topol ogy ch anges before it starts t o forward frame s.
Configuring the Switch 3-120 3 Note: The current root por t and current root cost display as zero when this device is not connected to the network. Configuring Globa l Settings Global s ettings ap ply to the en tire swit ch. Command Usage • Spannin g Tree Protoc ol 15 Uses RSTP for the inter nal state m achine , but sends on ly 802 .
Spanning Tree Algorithm Configurati on 3-121 3 • Multiple S panni ng T ree Pr otocol - To a llow mul tiple spa nning tree s to op erate ov er the ne twork, y ou must configur e a related se t of bridge s with the sam e M STP confi guration , allowing them to participat e in a spec ific set of sp annin g tree inst ances .
Configuring the Switch 3-122 3 • Forward Delay – The maximum time (in s econds) this d evice will wai t before changin g states (i.e., discar ding to learning to fo rwardin g). This dela y is requi red because e very de vice mu st receiv e informa tion abo ut topol ogy ch anges before it starts to forward frames.
Spanning Tree Algorithm Configurati on 3-123 3 We b – Clic k S panning Tree, ST A, Configu ration. Modify th e required attributes , and click Apply .
Configuring the Switch 3-124 3 CLI – Th is e xampl e en able s S panni ng T ree Prot ocol , se ts the m ode t o MST , and then configu res the ST A and MSTP parameters. Displaying Int erface Settings The S T A Por t Inform ation and ST A Trunk Info rmation pages di splay the c urrent status of ports and tru nks in th e S panning Tree.
Spanning Tree Algorithm Configurati on 3-125 3 • Oper Path Cost – The contribu tion of this port to the pa th cos t of paths tow ards the sp anning tree root w hich inclu de thi s por t. • Oper Link Type – Th e operat ional poin t-to-po int status of the LAN segm ent atta che d to t his i nter fac e.
Configuring the Switch 3-126 3 • Intern al p ath cost – Th e path cost fo r the MST . See the prec eding item . • Priority – Def ines the pr iority used for this por t in the S panni ng Tree A lgori thm. If the path cost for all ports on a switch is the same, the po rt wit h the h ighest priority (i.
Spanning Tree Algorithm Configurati on 3-127 3 CLI – This examp le show s the ST A attributes for port 5. Configuring I nterface Settings Y ou ca n conf igure RSTP a nd MSTP attributes for sp ecific int erface s, including port priority , path cost, link typ e, and edge port.
Configuring the Switch 3-128 3 The follow ing interfa ce attribu tes can be configu red: • Spanning Tree – Enables/dis ables STA on this interfac e. (De fault: Enabled ) • Priority – Defines th e priority us ed for this p ort in the Spanning Tre e Protocol.
Spanning Tree Algorithm Configurati on 3-129 3 Migratio n button to man ually re- check the appropr iate BPDU f ormat (RST P or STP- comp atib le) to s end o n th e sele cted int erf aces. (De fault : Di sabl ed) We b – Click Sp anning T ree, ST A, Port Configuration or T runk Configuration.
Configuring the Switch 3-130 3 Note: All VLANs are automatically added to t he IST (Ins tance 0). T o ensure that the MSTI maintains connectiv ity across the networ k, you mus t configure a relat ed set of bri dges with th e same MSTI settin gs. Command Attributes • MST Instan ce – Ins tance id entifier of th is spanni ng tree .
Spanning Tree Algorithm Configurati on 3-131 3 CLI – This displays ST A settings for ins tance 1, follo wed by settings for each port. CLI – Th is ex ampl e se ts the pr io rity for MSTI 1 , an d ad ds VL ANs 1 -5 t o th is MST I.
Configuring the Switch 3-132 3 Displaying Int erface Settings for MSTP The MSTP Po rt Informa tion and MSTP Trunk Informatio n pages displa y the curren t status of por ts and trunks in th e select ed MST instance. Field Attributes MST Instan ce ID – In stance ide ntifier to configu re.
Spanning Tree Algorithm Configurati on 3-133 3 Configuring I nterface Settings for MSTP Y ou ca n conf igure the ST A interface settings for an MST Ins tance using th e MSTP Port Confi guration and MST P T run k Configu ration pages .
Configuring the Switch 3-134 3 • Admin MST Path Cost – This parameter is used by the MST P to determine the best path betwee n devi ces. Theref ore, lower value s shou ld be ass igne d to port s attached t o faster m edia, an d higher values as signed t o ports wi th slower m edia.
VLAN Configurati on 3-135 3 VLAN Configuration IEEE 802.1Q VLANs In large netw orks, routers are used t o isolate broa dcast traffic for each su bnet into separate doma ins. This sw itch provide s a similar ser vice at Layer 2 by using VLANs to organ ize any group of netw ork nodes into separ ate broad cast dom ains.
Configuring the Switch 3-136 3 Note: VLAN-tagged frames c an pass through VLAN-awa re or V LAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host that does not support VLAN tagging.
VLAN Configurati on 3-137 3 these hos ts, and core sw itches i n the netwo rk, enab le GVR P on the link s betwe en these dev ices. Y ou sho uld also determ ine secu rity bou ndarie s in the netwo rk .
Configuring the Switch 3-138 3 Enabling or Di sabling GVRP (Gl obal Settin g) GARP VLAN Regist ration Proto col (GVRP) defines a w ay for switche s to excha nge VLAN infor mat ion i n order to reg ist er VLAN member s on por ts acros s the ne twor k.
VLAN Configurati on 3-139 3 CLI – Enter the fo llowing co mman d. Displaying Current VLANs The VLAN Cu rrent T a ble shows the curr ent port mem bers of ea ch VLAN an d whether or not the port su pports VLAN tag ging. Ports assign ed to a larg e VLAN group th at crosses s evera l switches shoul d use VLAN tagging.
Configuring the Switch 3-140 3 Command Attributes (CLI) • VLAN – ID of con figured VL AN (1-4094 , no leadin g zeroes) . • Type – Show s how this VLAN was ad ded to the switch. - Dynamic : Automa tically le arned via GVRP. - Static : Added as a s tatic e ntry.
VLAN Configurati on 3-141 3 We b – Clic k VLAN, 802.1Q VLAN, St atic List. T o c reate a ne w VLAN, en ter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lic k Add . Figure 3 -77 V LAN St atic Li st - Cre ating VLANs CLI – Th is ex ampl e cr eate s a ne w VLAN .
Configuring the Switch 3-142 3 Command Attributes • VLAN – ID of config ured VL AN (1-4094 ). • Name – Name of t he VLAN (1 to 32 characters). • Status – Enabl es or disab les the speci fied VLAN . - Enable : VLAN is oper ationa l. - Disable : VLAN is sus pende d; i.
VLAN Configurati on 3-143 3 CLI – The followin g exam ple adds tag ged and untag ged ports to VLAN 2. Adding Static Members to VLANs (Po rt Index) Use the VLAN S tatic Membershi p by Port men u to assign VL AN groups to th e selected interface as a tagged membe r .
Configuring the Switch 3-144 3 Configuring VLAN Be havior for Interfac es Y ou can confi gur e VLAN beh avi or fo r spec ifi c inte rfac es, i ncl udin g the de fau lt VLA N identifier ( PVID), acce pted fra me type s, ingress filtering , GVRP status , and GAR P time rs .
VLAN Configurati on 3-145 3 Leave or Leave All m essag e has been issu ed, the appli cants ca n rejoin b efore t he port actua lly leave s the grou p. (Range : 60-3000 centis econds ; Defaul t: 60) .
Configuring the Switch 3-146 3 CLI – Th is examp le s ets port 3 to acce pt o nly tagged f rames , assi gns P VID 3 as the nati ve VL AN ID , ena ble s G V RP , s ets the GA R P t im ers , a nd the n s ets th e swi tch por t mode to hybri d.
VLAN Configurati on 3-147 3 Configuring Upli nk and Downl ink Ports Use the P riva te V LAN Li nk S t atus pag e to set port s as down lin k or u pli nk po rt s. Ports design ated as d own link ports can not c ommun icate w ith any other po rts on the swi tch ex cept f or th e upli nk por ts .
Configuring the Switch 3-148 3 Command Usage T o conf igure proto col-based VLAN s, fol low t hese steps: 1. First con figure VLAN groups for the pr otocols yo u wan t to use (page 3-140 ). Although not m and atory , we s ugges t conf iguring a s eparate VLA N for eac h major pr otocol run ning on yo ur net work.
VLAN Configurati on 3-149 3 Mapping Protocols to VLANs Map a protocol group to a VLAN for e ach interface that will p articip ate in the gr oup. Command Usage • When c reating a p rotocol- based VLAN, only ass ign inte rfaces u sing t his configur ation s creen.
Configuring the Switch 3-150 3 CLI – The following maps the traffic ente ring Port 1 which matc hes the protoco l type specified i n protoc ol group 1 to VL AN 3. Class of Service Config uration Class of Service (C oS) allows you to sp ecify whic h data packets have greater precede nce when traffic is buffered in the s witch due to cong estion.
Class of Servi ce Configur ation 3-151 3 We b – Click Priority , De fault Port Pri ority or Default T runk Prior ity . Modify the default priority for any inte rface, then clic k Apply . Figure 3-8 5 De fault P ort Pri ority CLI – Th is ex ampl e as signs a de faul t pri ori ty o f 5 t o por t 3.
Configuring the Switch 3-152 3 Mapping CoS Values to Egress Queues This switc h process es Clas s of Service (CoS) p riority tagged traffic by using eigh t priority qu eues fo r each por t, with ser vice sch edules b ased on strict or Weigh ted Round Ro bin (WRR ).
Class of Servi ce Configur ation 3-153 3 We b – Click Priority , T raffic Classes. Assign priorities to the traff ic classes (i .e., output que ues), th en click App ly . Figure 3- 86 Traffic Clas ses CLI – Th e fo llow ing e xamp le s hows ho w to chan ge t he Co S assi gnme nt s to a one-to -one map ping.
Configuring the Switch 3-154 3 Selecting th e Queue M ode Y o u can set the s witc h to service the queues based o n a strict ru le that req uires all traffic in a higher pr iority qu eue to be pr ocessed b efore lo wer prio rity queue s are serviced, or use Weigh ted Rou nd-Ro bin (WRR ) queuin g that spe cifies a re lative weight o f each queu e.
Class of Servi ce Configur ation 3-155 3 We b – Clic k Priority , Queue Sc heduli ng. Select the interfac e, highligh t a traffic class (i.e., output queue ), enter a weigh t, then click Appl y . Figure 3- 88 Q ueue S chedu ling CLI – The followi ng exa mple sh ows how t o assign W RR weig hts to each of the priority qu eues.
Configuring the Switch 3-156 3 Layer 3/4 Priori ty Settings Mapping Layer 3/4 Pr iorities to CoS Va lues This swi tch suppo rts severa l common method s of prio ritizing laye r 3/4 traffic to meet applicat ion requ irements.
Class of Servi ce Configur ation 3-157 3 Mapping IP Preceden ce The T ype of Servi ce (T oS) oct et in t he IPv4 header incl udes t hree preced enc e bit s defining eight different priority le vels ran ging from highes t priority for netwo rk control pac ket s to lo west pri orit y fo r ro uti ne tr af fic .
Configuring the Switch 3-158 3 CLI – The followi ng exam ple glob ally enabl es IP Prece dence service on the switch , maps IP Prec edence va lue 1 to C oS value 0 (on port 1), and t hen disp lays the IP Pre ceden ce set ting s.
Class of Servi ce Configur ation 3-159 3 We b – Cl ick Pri or ity , IP DS CP Pr io rit y . Sel ec t an en tr y fr om the DS C P tab le , en ter a value in th e Class of Service V alu e field, t hen click App ly .
Configuring the Switch 3-160 3 Mapping IP Port Priority Y o u can also map netwo rk app lications t o Clas s of Service values bas ed on th e IP port numb er (i.e., TCP/U DP port nu mber) in the frame head er . Some of the m ore common TC P service ports include: HTTP: 80, FTP : 21, T elnet : 23 and POP3 : 1 10.
Quality of Service 3-161 3 CLI – The followin g exam ple global ly enables IP Port Prio rity servic e on the switc h, maps HTTP traf fic (on port 1) to CoS value 0, and then displays th e IP Port Priorit y settings .
Configuring the Switch 3-162 3 Configuring Quality of Service Par ameters T o creat e a s ervice pol icy fo r a spec ific cat egory or ingre ss traffic , follow these st eps: 1. Use the “C lass Map” to desi gnate a cl ass na me for a spec ific cat egory of tra ffic.
Quality of Service 3-163 3 Command Attributes Class Map • Modify Name and Des cription – Conf igu res th e name an d a brie f desc ript ion of a class map . (Ran ge: 1-32 ch aracte rs for the na me; 1-2 56 charac ters fo r the descri ption) • Edit Rules – Opens the “Mat ch Clas s Settings ” page fo r the selec ted clas s entry.
Configuring the Switch 3-164 3 We b – C lick QoS , DiffServ , then click Ad d Clas s to cre ate a new class, or Edit R ules to change the rules of an exist ing class. Figure 3 -94 C onfigu ring Cl ass Ma ps CLI - This exampl e create s a class m ap call “rd -class,” and sets it to match packets marked for DSCP service value 3.
Quality of Service 3-165 3 Creating QoS Policies This funct ion crea tes a polic y map tha t can be attache d to mul tiple interf aces. Command Usage • To configur e a Policy M ap, follow these st eps: - Cre ate a Clas s Map as de scribed on page 3 -162.
Configuring the Switch 3-166 3 Policy Rule Settings - Class Setting s - • Class N ame – Na me of class map. • Action – Show s the ser vice prov ided t o ingre ss traffic by setting a CoS, D SCP , or IP Prece dence value in a m atching pack et (as s pecified in Mat ch Class S etting s on page 3-162) .
Quality of Service 3-167 3 We b – Click QoS, Dif fServ , Policy Map t o display the list of existing po licy maps. T o add a new policy ma p click A dd Policy .
Configuring the Switch 3-168 3 CLI – This ex ample creat es a p olicy map called “rd-p olicy ,” sets t he aver age bandwidth the 1 Mbps, the burst rate to 15 22 bps, and the respo nse to red uce the DSCP value for vi olating pack ets to 0.
Mult ic ast Fi lte rin g 3-169 3 Multicast Filtering Multicast ing is used to suppor t real- time applicat ions s uch as vid eocon ferencin g or streaming audi o. A mult icast ser ver does n ot have to establish a se parate conn ection with each client.
Configuring the Switch 3-170 3 Based on t he group m ember ship in formation learned from IG MP , a router /switch ca n determi ne which ( if any) mu lticast traffic needs to be forwar ded to each of its ports.
Mult ic ast Fi lte rin g 3-171 3 Configuring IG MP Snooping and Query Parame ters Y ou ca n conf igure the sw itch to for ward m ulticas t traffic intellige ntly . Base d on the IGMP quer y and repo rt me ssa ges, t he sw itch for wards traf fic on ly t o the por ts that request multicast traffic.
Configuring the Switch 3-172 3 We b – Click IGMP Snooping, IGMP Confi guration. Adjust the IGMP s ettings as required , and then click Apply . (The defaul t settings are sho wn below.) Figure 3 -97 I GMP C onfigu ration CLI – Th is examp le mo difies t he s ettings for m ulticas t filterin g, and then di splays the current status .
Mult ic ast Fi lte rin g 3-173 3 Displaying Interfaces Attac hed to a Mu lticast Router Multicast routers t hat are attach ed to ports o n the switch use infor mation ob tained fro m IGM P , alo ng w ith a mult ica st ro uti ng pr otoc ol s uch as DV MRP or PIM, to supp ort IP m ulti casti ng acros s th e Int ern et.
Configuring the Switch 3-174 3 Specifying Static Inter faces for a M ulticast Route r Depend ing on you r netw ork conn ection s, IGMP snoopi ng may n ot alw ays be ab le to locate the IGMP quer ier .
Mult ic ast Fi lte rin g 3-175 3 Displaying Port Members o f Multicast Se rvices Y o u can disp lay the po rt memb ers assoc iated w ith a speci fied VLA N and mu lticast serv ice. Command Attribute • VLAN ID – Sele cts the VLAN for which to display por t member s.
Configuring the Switch 3-176 3 Assigning Po rts to Multica st Services Multicast filtering ca n be dyna mically co nfigur ed using IG MP Snoop ing and IGM P Query me ssage s as describ ed in “C onfigur ing IGM P Snoop ing and Que ry Parame ters” on page 3 -171.
Mult ic ast Fi lte rin g 3-177 3 CLI – T his e xample assig ns a multicas t ad dress to VLA N 1, and the n display s al l the kno wn mul tic ast serv ices supp orte d on VLAN 1.
Configuring the Switch 3-178 3 it will continu e to receive the m ulticas t service. The follow ing paramet ers are used to control La yer 3 IGM P and que ry functions . Command Attributes • VLAN (Inter face) – VLA N interfac e bound to a primar y IP addre ss.
Mult ic ast Fi lte rin g 3-179 3 • Last Memb er Quer y In ter val – A mult icast client sen ds an IGM P leave messa ge when it l eave s a group . Th e rout er t hen c hec ks to s ee if t his was th e la st ho st i n the grou p by sendi ng an IGMP query and starti ng a timer based on th is comma nd.
Configuring the Switch 3-180 3 We b – Click IP , IGMP , Interface Setti ngs. S pecif y each interface th at will support IGMP ( Laye r 3), s pecify the IGMP paramet ers f or eac h int erface, then click Apply . Figure 3- 102 I GMP In terfac e Setti ngs CLI – This example configures the IGMP p arameters for VLAN 1.
Mult ic ast Fi lte rin g 3-181 3 Displaying Multicast G roup Informatio n When I GMP (La yer 3 ) is e nabled on this s witch t he cu rrent m ulticast groups lea rned via IGMP ca n be displ ayed in th e IP/IGMP/ Grou p Informa tion page.
Configuring the Switch 3-182 3 Configuring Domain Name Service The Domain Naming System ( DNS) service on thi s switch allows host n ames to be mapped to IP addre sses u sing static table ent ries or by re directi on to othe r name server s on the net work.
Configuring Doma in Name Serv ice 3-183 3 We b – Sele ct DNS, Ge neral Con figurat ion. Set the def ault dom ain nam e or list of domain nam es, spe cify on e or more name s ervers to us e to use for address resolution , enab le doma in looku p status, and cli ck Apply .
Configuring the Switch 3-184 3 Configuring Sta tic DNS Host to Address Entries Y o u can man ually co nfigure stati c entries i n the DNS table that are used to ma p domai n names t o IP addres ses.
Configuring Doma in Name Serv ice 3-185 3 We b – Sele ct DNS, S tatic Host T a ble. Enter a host name an d one or more corres ponding addres ses, then click Apply . Figu re 3 -105 DN S Stat ic Ho st T able CLI - Th is ex ample map s t wo ad dress to a host nam e, and the n conf ig ures a n al ias host nam e for th e same add resse s.
Configuring the Switch 3-186 3 Displaying the DNS Cache Y o u can disp lay entri es in the DNS cache t hat have b een lea rned via th e designa ted name ser vers. Field Attributes • No – The entry nu mber fo r each res ource rec ord. • Flag – Th e flag is alway s “4” indic ating a ca che entr y and ther efore unrel iable.
Dynamic Ho st Configura tion Proto col 3-187 3 CLI - This exam ple displa ys all the re source r ecords l earned f rom the designated name se rvers. Dynamic Host Configurati on Protocol Dynami c Host .
Configuring the Switch 3-188 3 Command Usage Y ou must specify th e IP address f or at least o ne DHCP server . Otherwise, the switch’ s DHCP relay agent wi ll not forwar d client request s to a DHCP server . Command Attributes • VLAN ID – ID of confi gured VLAN .
Dynamic Ho st Configura tion Proto col 3-189 3 Configuring the DHCP Server This switch includes a Dynamic Host Configuration Protocol ( DHCP) server that can assign temp orary IP a ddresse s to any attache d host reques ting servic e.
Configuring the Switch 3-190 3 We b – Click DHCP , Server , General. Enter a si ngle address or an a ddress range, and click Ad d. Figure 3-1 08 DH CP Se rver G enera l Confi guration CLI – This examp le ena bles the DH CP and sets an exclude d addre ss range.
Dynamic Ho st Configura tion Proto col 3-191 3 Configuring Addre ss Pools Y ou m ust conf igure IP ad dress pools for eac h IP inte rface that w ill provid e address es to attached clients via the DH CP ser ver . Command Usage • First conf igure addr ess po ols for the network i nterface s.
Configuring the Switch 3-192 3 • Client-Identifier – A unique desi gnation f or the cli ent device, either a te xt string (1-15 ch aracter s) or hex adecim al value. Setting the Optional Parameter s • Default R outer – The IP address of the p rimary and alter nate g atewa y rout er.
Dynamic Ho st Configura tion Proto col 3-193 3 Configurin g a Networ k Address Pool We b – Click DHCP , Server , Pool Configuration. Click th e Configure button for any entry . Click the r adio but ton for “ Networ k.” Enter the IP ad dress and sub net ma sk for the netwo rk pool.
Configuring the Switch 3-194 3 Configurin g a Hos t Address P ool We b – Click DHCP , Server , Pool Configuration. Click th e Configure button for any entry . Click the radio b utton for “ Host.” Enter the IP a ddress, subnet mask, and hardwar e addre ss for the cl ient devi ce.
Dynamic Ho st Configura tion Proto col 3-195 3 Displaying Addres s Bindings Y o u can disp lay the ho st devices which h ave acq uired an I P address from thi s switch’ s DHCP server . Command Attributes • IP A d dre ss – IP addres s assigne d to hos t.
Configuring the Switch 3-196 3 Configuring Router Redund ancy Router r edund ancy prot ocols us e a virtual IP addres s to suppor t a primar y route r and multipl e backu p routers. The backup routers can be co nfigur ed to take over the work load if the m aster rout er fails , or can also be co nfig ured to s hare t he tr af fi c loa d.
Configuring Rout er Redundan cy 3-197 3 • Severa l vir tual master rout ers conf igured f or mutua l back up and l oad sha ring . Load shar ing can b e acco mplishe d by as signin g a subset of addr esses to diffe rent host address pools using the DHCP server.
Configuring the Switch 3-198 3 • VRRP creates a virtual MAC address for the mas ter rou ter based on a stan dard prefix, wit h the last oc tet equa l to the grou p ID. Whe n a backu p router ta kes ove r as the maste r, it c ontinu es to f orward traffi c add ressed to thi s virtua l MAC addr ess.
Configuring Rout er Redundan cy 3-199 3 Command Attributes ( VRRP Group C onfiguration Detail ) • Associat ed IP Table – IP interfac es asso ciated with this vir tual route r group.
Configuring the Switch 3-200 3 We b – Clic k IP , VRR P , Group Confi guration . Select the VLA N ID, en ter the VRID group num ber , and click Add. Figure 3 -1 13 V RRP G roup Config uration.
Configuring Rout er Redundan cy 3-201 3 Click the Ed it button for a gr oup entr y to open th e detailed con figurat ion windo w . Enter the IP address o f a real interf ace on th is router to m ake it the m aster v irtual router fo r the group. Otherw ise, enter the virtu al addre ss for an ex isting group to make it a b ackup router .
Configuring the Switch 3-202 3 CLI – This example creates VR RP group 1, set s this switch as t he master virtual router by assigning the primary i nterface address for the selected VLAN to the virtual IP address.
Configuring Rout er Redundan cy 3-203 3 CLI – This example displays count ers for protocol er rors for al l the VRRP groups configured on this switch. Displaying VRRP Group Statisti cs The VRRP Group S tati stics page dis plays co unters for VRRP prot ocol eve nts and errors t hat h ave o ccurre d on a spec ific VR RP in terfac e.
Configuring the Switch 3-204 3 We b – Clic k IP , VRR P , Group S tatistics. Se lect the VLAN and virtual ro uter group . Figure 3-116 VRRP Grou p Stati stics CLI – This example displays VRRP protocol statistics for gr oup 1, VLAN 1.
IP Routing 3-205 3 IP Routing Overview This switc h suppo rts IP routing an d routin g path mana gement via static routin g definitions (page 3-223) and dyn amic rout ing such as RIP (page 3-2 25) or OSPF (page 3-235 ).
Configuring the Switch 3-206 3 IP Swit chin g IP Switchi ng (or pac ket for warding ) encom passes tasks requir ed to fo rward packe ts for both Lay er 2 and Layer 3, as w ell as trad itional rou ting.
IP Routing 3-207 3 the high throug hput and low laten cy of s witc hing b y ena bling th e traffic to bypass the routing en gine once the path calcu lation has been per form ed.
Configuring the Switch 3-208 3 Basic IP Interf ace Configuration T o allow rou ting betwee n differen t IP subne ts, you m ust e nabl e IP R outi ng as described in this section. Y ou a lso need to yo u define a VLAN for each IP subnet that will b e connected dir ectly to this switch.
IP Routing 3-209 3 Configuring I P Routing Interfaces Y o u can speci fy the IP subne ts connected t o this rout er by man ually as signing an IP addr ess to eac h V LAN, or by usi ng the RIP or O SPF.
Configuring the Switch 3-210 3 We b - Click IP , General, Rou ting Interface. S pecify a n IP interface for each VLAN that will sup port rou ting to other subne ts.
IP Routing 3-211 3 Address Resolut ion Protocol If IP routin g is enabled (page 3-208) , the rou ter uses its routing tables to ma ke routing de cision s, and use s Addre ss Resolu tion P rotoco l (ARP) to forward tra ffic from one hop to the n ext. ARP is used to ma p an I P addres s to a phys ical layer (i.
Configuring the Switch 3-212 3 Basic ARP Config uration Y ou ca n use th e ARP Gener al conf iguration m enu to spe cify the tim eout for ARP cac he en tri es, or to enab le P roxy ARP f or speci fic VLAN inte rf aces. Command Usage • The aging time de termine s how long dy nam ic entrie s remain t he cach e.
IP Routing 3-213 3 Configuring Stat ic ARP Address es For devices that do not re spond to ARP requests, tr affic will be dropped because the IP addres s cann ot be map ped to a physical ad dress . If this occu rs, you ca n manuall y map an IP addres s to the co rrespon ding phy sical ad dress in the ARP .
Configuring the Switch 3-214 3 Displaying Dyna mically Learned ARP Entries The ARP c ache cont ains ent rie s th at ma p IP a ddre sse s to t he co rres pondi ng physica l address. Mo st of these entries will be dynamically lea rned through re plies to broadcast messa ges.
IP Routing 3-215 3 CLI - This exampl e shows all ent ries in the AR P cache. Displaying Local ARP Entries The A RP cac he al so cont ains en tri es for loca l int erfa ces, incl udin g sub net, host , and broadca st a ddresse s. Command Attributes • IP A d dre ss – IP addres s of a loca l entry in t he cach e.
Configuring the Switch 3-216 3 CLI - This router uses the T ype sp ecificati on “other” to indicate local cache entries in the ARP cach e. Displaying ARP Statistics Y ou ca n disp lay statistics f or ARP mes sages crossing al l interface s on this rou ter .
IP Routing 3-217 3 CLI - This exampl e provid es detailed statist ics on com mon IP -related protoco ls. Displaying Stat istics for IP Protocols IP Statistics The Intern et Proto col (IP) provid es a .
Configuring the Switch 3-218 3 Datagram s Forw arded The number of inpu t datag rams f or which th is entit y was n ot the ir final IP destinatio n, as a result of whic h an a ttempt was made to find a rou te to forwar d them to that fin al dest ination .
IP Routing 3-219 3 We b - Click IP , S tatistics, I P . Figure 3-1 24 IP Statis tics CLI - See the exam ple on page 3-216 . ICMP Statistic s Internet C ontrol M essage Pro tocol (IC MP) is a ne twork laye r protoc ol that trans mits mess age p acket s to repor t e rrors in proces sing IP pac ket s.
Configuring the Switch 3-220 3 We b - Click IP , S tatistics, I CMP . Figure 3 -125 ICMP S tatisti cs CLI - See the exam ple on page 3-216 . Timestamps The n umber of ICMP Timestam p (requ est) m essage s rece ived/se nt. Timestamp Re plies The number of ICM P Timestam p Rep ly mes sages receive d/sent .
IP Routing 3-221 3 UDP Statistics User Datagr am Protoco l (UDP) provide s a datagram m ode of packet- switche d commu nic ation s. I t u ses IP as t he un derl ying tran spo rt me chani sm, prov idin g access to I P-like services.
Configuring the Switch 3-222 3 TCP Statistics The Transmission C ontrol Pro tocol (TCP ) provide s highl y reliable hos t-to-ho st connect ions i n packe t-switc hed netwo rks, a nd is used in c onjunct ion w ith IP to support a wide varie ty of Inter net prot ocols.
IP Routing 3-223 3 Configuring Sta tic Routes Thi s ro uter can d ynam icall y co nfig ure rout es to oth er net wor k segm ent s us ing dynamic r outing pro tocols (i.e ., RIP or OS PF). Howev er , you can also manua lly enter static ro utes in the routing table.
Configuring the Switch 3-224 3 Displaying the Rout ing Table Y o u can di splay all the rou tes tha t can be a ccess ed via t he local networ k inter faces, via static routes , or via a d ynamical ly learne d route.
IP Routing 3-225 3 CLI - This exampl e shows r outes obtain ed from various me thods. Configuring t he Routing Information Protocol The RIP pro tocol is the m ost wide ly used rout ing protoc ol. The RI P protoc ol uses a distance-v ector- based appr oach to r outing.
Configuring the Switch 3-226 3 routing loops may occu r , a nd its sm all h op cou nt limitation of 15 restric ts its use to smaller net work s. Moreov er , RIP (versi on 1) wa stes valuab le netwo rk.
IP Routing 3-227 3 We b - Click Ro uting Prot ocol, RIP , Gene ral Settings . Enab le or disable RI P , set the RIP version used on previous ly unset inte rfaces to RIPv1 or RIPv 2, set the ba sic update time r, and th en click App ly.
Configuring the Switch 3-228 3 Specifying Network I nterfaces for R IP Y ou mu st spe cif y net work inte rfac es t hat will be i nclud ed in th e RIP rou ting proc ess. Command Usage • RIP only s ends up dates to interface s spec ified by this comma nd.
IP Routing 3-229 3 Configuring Netw ork Interfaces for RIP For each inte rface that participates in the RIP routing pro cess, you must spec ify the protocol messag e type ac cept ed (i.
Configuring the Switch 3-230 3 Protocol Messa ge A uthen tication RIPv1 is n ot a secure pr otocol . Any devi ce sendin g protoc ol message s from UDP por t 520 will be cons ider ed a ro uter by its n eigh bors . Mali cio us or u nwant ed pr otocol messag es can be easily pro pagated througho ut the ne twork if no authen ticatio n is required .
IP Routing 3-231 3 • Authen tication Key – Specifies the ke y to use for authe nticat ing RIPv 2 packets. For auth entication to functio n proper ly, both th e sending and recei ving inte rface must use t he same passw ord. (Ran ge: 1-16 charact ers, cas e sensit ive) We b - Click Ro uting Prot ocol, RIP , Interfac e Settings .
Configuring the Switch 3-232 3 Displaying RIP Information a nd Statistics Y o u can disp lay basi c inform ation ab out the cu rrent glo bal config uration se tting s for RIP , statistics abou t rou t.
IP Routing 3-233 3 We b - Click Ro uting Prot ocol, RIP , S tatistics. Figure 3 -133 R IP Sta tistics.
Configuring the Switch 3-234 3 CLI - The informa tion displa yed by the R IP St atistics scr een via t he web int erface can be acce ssed from the C LI u sing t he fo llow ing com mand s.
IP Routing 3-235 3 Configuring t he Open Shortest Path First Protocol Open Sho rtest Path Firs t (OSPF) is mo re suited for large area ne tworks wh ich experienc e freque nt cha nges in th e links.
Configuring the Switch 3-236 3 • OSPFv2 is a co mpatible u pgrade to O SPF . It invol ves enhanc eme nts to protocol messag e authent ication , and the a ddition of a poi nt-to- multipo int interfac e which allows OSPF to run ove r non-br oadca st networ ks, as w ell as suppo rt for overlappi ng area r anges .
IP Routing 3-237 3 • AS Boundary Router 29 – Allo ws this router to exchang e rout ing inform ation wit h bou ndary ro uters in other auto nomo us system s to which it may be attached. I f a router is enab led as an ASBR, the n eve ry ot her rout er i n the autonom ous s yste m can lea rn about exte rnal rou tes from t his device .
Configuring the Switch 3-238 3 We b - Click Ro uting Protoc ol, OSP F , Gene ral Configur ation. Ena ble OSPF , specify the Route r ID, con figure the ot her globa l parameters a s requir ed, and cl ick Apply .
IP Routing 3-239 3 Configuring O SPF Areas An autono mous sys tem m ust be conf igured with a back bone area , design ated by area ident ifier 0.0. 0.0. By def ault, al l other are as are cr eated as n ormal transit are as. Rout ers i n a norma l area may imp ort or ex port routi ng in forma tio n about indi vidu al nodes.
Configuring the Switch 3-240 3 • Routes t hat can be ad vertised with NSS A externa l LSAs include net work destinat ions outside the AS learne d via OSPF , the defaul t route, static routes, routes der ived from other ro uting prot ocols su ch as RI P, or directl y connect ed network s that are not ru nning O SPF.
IP Routing 3-241 3 We b - Click Ro uting Prot ocol, OSP F , Are a Configu ration. S et any are a to a stub or NSSA as required, specify the cos t for the defa ult summary ro ute sent into a stub, and click Ap ply . Figur e 3- 135 OSP F Area Conf igur atio n CLI - This exampl e config ures area 0.
Configuring the Switch 3-242 3 Configuring Area Ranges (Ro ute Summariz ation for ABRs ) An OSPF area can inc lude a large numb er of node s. If the Area B order Router (ABR) has to advert ise route inform ation f or e ach of these node s, th is wastes a l ot of bandw idth and proce ssor time.
IP Routing 3-243 3 We b - Click Ro uting Prot ocol, OSP F , Are a Range Co nfigur ation. S pec ify the area identifie r , the base addre ss and network mas k, select whet her or n ot to ad vertise t he summ ary route to other areas , and then click Appl y .
Configuring the Switch 3-244 3 Configuring O SPF Interfaces Y ou sh ould specify a rou ting inte rface for any local sub net that needs to comm unicate with othe r netw ork segm ents loc ated on thi s rout er or elsew here i n the network.
IP Routing 3-245 3 - On sl ow link s, the rout er may sen d pack ets mor e quickly t han dev ices can receive t hem. To avoid t his prob lem, yo u can u se the tran smit delay to f orce the router to wait a spec ified inter val betw een tran smiss ions.
Configuring the Switch 3-246 3 - You can ass ign a unique pa ssw ord to each ne twork (i.e., auto nomous system ) to impro ve the secu rity of the ro uting da tabase. However , the pas sword must be used cons istent ly on all neig hboring routers th roughou t a netw ork.
IP Routing 3-247 3 Chan ge any of the in terf ace- spec ifi c prot ocol par amete rs, an d then click Ap ply . Figure 3-138 OS PF In terface Config uratio n - Det ailed CLI - Th is ex ampl e co nfi gures the int erfa ce p ara met ers f or VL AN 1.
Configuring the Switch 3-248 3 Configuring Virtua l Links All OSPF areas mus t connect to th e backbone . If an area does not have a direct phy sical c onnection to the backbone , you c an confi gure a vir tual link t hat provid es a log ical path to the back bone.
IP Routing 3-249 3 We b - Click R outin g Protoc ol, OSPF , Virtual Link Conf igurati on. T o creat e a new virtual l ink, sp ecify th e Are a ID and Neigh bor Ro uter I D, conf igure th e link attribute s, and click Ad d.
Configuring the Switch 3-250 3 Configuring Netw ork Area Address es OSPF pro tocol broa dcast mess ages ( i.e., Link St ate Adver tisemen ts or LSAs) are restricte d by area to limit their impact on netw ork perfor man ce.
IP Routing 3-251 3 We b - Click Ro uting Prot ocol, OSP F , Networ k Area Ad dress Con figuration . Conf igur e a b ackbo ne area t hat is conti guous wit h al l the oth er a reas in you r network , configure a n area for all of the othe r OSPF inte rfaces, t hen click App ly .
Configuring the Switch 3-252 3 CLI - This exampl e config ures the backbo ne area and one trans it area. Console(config-router)#network 10.0.0.0 2 55.0.0.0 area 0.0.0.0 4-273 Console(config-router)#network 10.1.1.0 2 55.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf 4-284 Routing Process with ID 10.
IP Routing 3-253 3 Configuring Sum mary Addresse s (for Extern al AS Routes) An Autono mous Syst em Boun dary Ro uter (ASB R) can redi stribute r outes lear ned from oth er protocol s into a ll attached aut onomous syste ms.
Configuring the Switch 3-254 3 CLI - Th is ex ample Th is ex ampl e cre ates a su mmary addr ess f or al l route s contained in 192.168. x.x. Redistributing External Routes Y o u can conf igure thi s router to im port exter nal rou ting info rmation from othe r routing pr otocols i nto the au tonom ous syste m.
IP Routing 3-255 3 We b - Click R outin g Protoc ol, OSPF , Redistrib ute. Specify the protoco l type to import, the m etric ty pe and path cos t, then clic k Add. Figure 3-1 42 O SPF Re distrib ute Co nfigur ation CLI - This exampl e redistrib utes rout es learned from RI P as T ype 1 externa l routes .
Configuring the Switch 3-256 3 Note: This router supports up 16 areas , either normal transit areas, stubs, or NSSAs. We b - Click Routing P rotocol, OSPF , NSSA Settings. Create a new NSSA or modify the routing b ehavi or for an exist ing NSS A, and c lick Apply .
IP Routing 3-257 3 Displaying Link State Data base Informati on OSPF route rs advertise routes usi ng Link S tate Advertisem ents (LSAs). Th e full col lect ion of L SAs c ollec ted by a rout er in terf ace f ro m the att ach ed are a is k nown as a link st ate dat abase.
Configuring the Switch 3-258 3 We b - Cli ck Routin g Protoc ol, OSPF , Link S tate Database Informa tion. Specify parameter s for the LSAs y ou want to dis play , th en click Q uery . Figure 3 -144 OSPF Link S tate Da tabase Inform ation CLI - The CLI provide s a wide r select ion of disp lay opt ions for vi ewing the Link S tate Database.
IP Routing 3-259 3 Displaying Inform ation on Border Routers Y ou c an di splay e ntries in t he local r outing table for A rea Bord er Route rs (ABR) and Autonomo us Syst em Bound ary Rou ters (ASBR ) known by t his device . Field Attributes • Dest inat ion – Identifier for t he destinat ion rou ter.
Configuring the Switch 3-260 3 Displaying Inform ation on Neighbor Routers Y o u can disp lay about neighbo ring ro uters on e ach inte rface with in an OSP F area. Field Attributes • ID – Ne ighbor’s rout er ID. • Priority – N eigh bor’s ro uter p riority.
Multic ast Rou ting 3-261 3 Multicast Routing This route r can rout e multicas t traffic to different su bnetwo rks usin g either Di stance V ec tor Mu lticast Rout ing Protoc ol (DVM RP) or Prot ocol-Ind epend ent Multic asting - Dense Mo de (PI M-DM).
Configuring the Switch 3-262 3 Displaying the Mult icast Routing Table Y o u can disp lay infor mation on each m ulticast route thi s router has learned via DVMRP or PIM. The r outer lear ns multicas t route s from nei ghboring r outers, and also adv ertises thes e routes to its neighbo rs.
Multic ast Rou ting 3-263 3 We b – Click IP , Multicast Routing, Multicas t Routing T ab le. Click Detail to d isplay addition al informa tion for an y entry .
Configuring the Switch 3-264 3 CLI – This examp le show s that mul ticast forw arding i s enable d. The mult icast routing table displays on e entry fo r a multicas t source routed by DVMR P , and another sou rce rout ed via PIM . Console#show ip mroute 4-299 IP Multicast Forwarding is enabled.
Multic ast Rou ting 3-265 3 Configuring DVMRP The Distance- V ector Multicas t Routing Pr otocol (DVMRP ) behaves somew hat similarly to RIP . A router su ppor ting DVM RP p eriodicall y floods its attached netw orks to pass inform ation ab out suppo rted mu lticast ser vices alon g to new routers and hosts.
Configuring the Switch 3-266 3 Command Usage Broadca sting pe riodicall y floods the network wi th traf fic from a ny active mul ticast serv er . If IGMP snoopin g is disabl ed, mult icast tra ffic is flooded to all ports on the router.
Multic ast Rou ting 3-267 3 which th is device ha s receiv ed prob es, and is use d to veri fy whethe r or not thes e neighbo rs are s till active membe rs of t he multi cast tree .
Configuring the Switch 3-268 3 We b – Click Routing Protoc ol, DVMRP , General Settings. Enable o r disable DVMRP . Set the gl obal parame ters th at control nei ghbo r timeout, the excha nge of routing inf ormati on, or the prune lifetime , and click Apply .
Multic ast Rou ting 3-269 3 DVMRP Interface Settings • VLAN – Selec ts a VLA N inte rf ace on t his rou ter. • Metric – Sets the metric f or this inte rface us ed to calc ulate dista nce vec tors.
Configuring the Switch 3-270 3 Displaying Neigh bor Information Y ou ca n disp lay all the nei ghbo ring DVM RP router s. Command Attributes • Neighbor Addres s – The IP add ress o f the ne twork de vice i mmediat ely ups tream for this multicast deli very tree.
Multic ast Rou ting 3-271 3 Displaying the Routing Tab le The router lea rns so urce-ro uted info rmation from neig hboring DVMRP r outers an d also adv ertises lear ned rout es to its neighbo rs. The ro uter mere ly records path inf orma tion it h as l earn ed on its own or f rom other rout er s.
Configuring the Switch 3-272 3 CLI – This examp le display s known DVMR P routes. Configuring PI M-DM Protocol -Indepe ndent M ulticasti ng (PIM ) provides two different m odes of ope ration: sparse mod e and den se mode.
Multic ast Rou ting 3-273 3 We b – Click Rou ting Pro tocol, PIM -DM, Gen eral Sett ings. Enabl e or disabl e PIM-DM glo bally for the router, and click Ap ply . Figure 3-1 53 P IM-DM Gener al Sett ings CLI – Th is ex ampl e en ables PIM- DM glo ball y an d di spla ys t he cur rent st atus .
Configuring the Switch 3-274 3 • Trigger Hello Int erval – Configure s the maximum ti me before transmitting a triggered PI M hello mes sage after the router is rebo oted or PIM is enabl ed on an interface.
Multic ast Rou ting 3-275 3 We b – Click Routing Protocol, PIM-DM, Interfa ce Settings. Select a VLAN, enable or disable PI M-DM for the se lected interface , modi fy any of the pro tocol param eters as required , and click Ap ply .
Configuring the Switch 3-276 3 Displaying Interfa ce Information Y ou ca n dis play a sum mary of the curre nt interfac e status for PIM -DM, including the number of neighbor ing PIM ro uters, and the add ress of the de signat ed PIM ro uter. Command Attributes • Inte rfa ce – A VLA N inte rface on this r outer.
Multic ast Rou ting 3-277 3 We b – Click Routing Pr otocol, PIM-DM, Neig hbor Information. Figure 3 -156 PIM-DM Neigh bor In format ion CLI – This examp le display s the onl y neighbo ring PIM-D M router . Console#show ip pim neighbor 4-316 Address VLAN Interface Uptime Expire Mode --------------- ---------------- -------- -------- ------- 10.
Configuring the Switch 3-278 3.
4-1 Chapter 4: Command Line Interface This chap ter desc ribes ho w to use the Comman d Line Interface (CLI). Using the Command Line Interface Accessing the CLI When acc essi ng the ma nagemen t inter.
Command Line I nterface 4-2 4 T o acce ss the swi tch throug h a T eln et sessio n, you m ust firs t set the IP ad dress fo r the switch , and se t the defaul t gatewa y if you are m anag ing the swi tch from a different IP su bnet.
Entering Co mmands 4-3 4 Entering Commands Thi s sect ion desc ri bes how t o ente r CLI com mands. Keywords and Argument s A CLI comma nd is a ser ies of keyw ords and ar gumen ts. Keyword s identify a comm and, and ar guments specify con figuration paramete rs.
Command Line I nterface 4-4 4 Showing Com mands If you ente r a “?” at the co mman d prompt , the sys tem will display th e first leve l of keywords for the cu rrent com man d class (N ormal Exec or Privil eged Exec) or configuration c lass (Global, ACL, DHCP , Interface, Lin e, Router , VLAN Dat abase, or MSTP).
Entering Co mmands 4-5 4 The comman d “ show interf aces ? ” will display the following informati on: Partial Keyword Lookup If you termi nate a partial keywor d with a ques tion mar k, altern atives tha t match th e initial lette rs are pro vided.
Command Line I nterface 4-6 4 Understanding Command Modes The comm and set is divided into Exec and C onfig uration clas ses. Exec comm and s general ly displa y inform ation on system status or clea r statistical co unters. Configu ration co mman ds, on the oth er hand, modify in terfac e paramet ers or e nable certain switch ing func tions.
Entering Co mmands 4-7 4 Configurati on Commands Configu ration com mand s are pr ivileged level co mmand s used to m odify sw itch settings . These com mands m odify the run ning conf igurati on only and are not saved when the sw itch is rebooted .
Command Line I nterface 4-8 4 T o enter the other m odes, at the configu ration pr ompt type one of the f ollowing comm ands. U se t he exit or end command to r eturn to the Privileged Exec mo de.
Entering Co mmands 4-9 4 Command Line Processi ng Comma nds ar e not case se nsitive . Y ou can abbr eviate comma nds and parameters as long as they contain en ough let ters to different iate them from any ot her cur rently availabl e comm ands or param eters .
Command Line I nterface 4-10 4 Command Groups The syst em com mands can b e brok en do wn into the fun ctiona l groups show n be low . T able 4-4 C omm and G roup In dex Comman d Grou p De scripti on .
Line Commands 4-11 4 The access mode shown in th e followi ng tables is indi cated by t hese abbr eviation s: NE (Nor ma l Exe c) MST (Multiple Spanning T ree) PE (Privileg ed Exec) ACL (Access Contro.
Command Line I nterface 4-12 4 line This comm and id entifie s a spe cific line for con figuration , and to process subse quent line conf iguratio n comm ands. Syntax line { console | vty } • console - Consol e termin al line. • vty - Vi rtua l ter min al fo r re mote c onso le ac ces s (i.
Line Commands 4-13 4 Command Usage • There are three authe nticati on modes provide d by the switch itsel f at login: - log in sel ects aut henticat ion by a si ngle globa l pass word as specified by the password li ne configur ation c omman d. When using thi s meth od, the management in terface st arts in No rmal Exec (NE) mode.
Command Line I nterface 4-14 4 • The enc rypted passwor d is requ ired for comp atibi lity with legac y pass word settings (i.e., plain text or encr ypted) wh en read ing the c onfigurat ion file during sys tem bo otup o r when dow nload ing the configur ation fi le from a TFTP server .
Line Commands 4-15 4 exec-time out This comm and se ts the interval that the sys tem wai ts until user in put is dete cted. Use t he no form to re store the d efault . Syntax exec-tim eout [ seconds ] no exec-time out seconds - Integer that specifies the ti meout interval.
Command Line I nterface 4-16 4 Command Usage • When th e logon at temp t threshold i s reache d, the sy stem int erface become s silent for a specified amount of time befor e allowing the next logon attem pt. (Use the silent-time com ma nd to se t th is inte rv al .
Line Commands 4-17 4 databits This comm and se ts the number of data bits per chara cter that are interp reted and generat ed by the co nsole po rt. Use the no for m to resto re th e defau lt va lue. Syntax da ta b its { 7 | 8 } no databit s • 7 - Seven data b its per ch aracte r.
Command Line I nterface 4-18 4 Command Usage Commu nication protoco ls provid ed by dev ices suc h as te rminals and mode ms often require a sp ecific parit y bit setting . Example T o specify no parity , enter this command: speed This command set s the ter minal line’ s baud rate.
Line Commands 4-19 4 Default Sett ing 1 stop bit Command Mode Line Co nfigur ation Example T o speci fy 2 stop bits, enter this comm and : disco nnect Thi s comm and t ermi nate s an S SH, T elne t, o r co nsol e conn ect ion. Syntax disconnect session -id sessio n-i d – The session ide ntifier for an SSH, T elnet or con sole connection.
Command Line I nterface 4-20 4 Example T o show all lines, en ter this co mmand : General Commands enab le Thi s com mand a cti vates Priv il eged E xec m ode. In pr ivi leg ed mode , ad dit ional comm ands a re avai lable, an d certain c omman ds di splay a dditiona l inform ation.
General Co mmands 4-21 4 Default Sett ing Level 15 Command Mode Normal Exec Command Usage • “super ” is the d efault p asswor d re quired to chan ge the c omma nd m ode fro m Normal Exec to Pr ivileged Exec. (To s et this password, s ee the enable password c omman d on page 4-28.
Command Line I nterface 4-22 4 configure This c omman d ac tivates Glob al Conf iguration mo de. Y ou mus t ent er this mode to modify an y setting s on the switch.
General Co mmands 4-23 4 The ! comman d re peat s co mmand s fro m the Exec utio n com mand hi st ory bu ff er when yo u are in Norm al Exec or Pri vileged Exe c Mod e, and comm ands from the Configu ration com mand history buffer when you ar e in any of the config uratio n mode s.
Command Line I nterface 4-24 4 exit Thi s comma nd retu rns to the pre viou s conf igur atio n mode or exit s the co nfi gurat ion program. Default Sett ing None Command Mode Any Example This examp le.
System Management Commands 4-25 4 System Management Co mmands Thes e co mmands a re u sed t o con trol sys tem l ogs, pa sswor ds, u ser names, brow ser configur ation op tions, and display or configur e a variety of other sy stem inf ormat ion. Device Designation Commands prompt This comm and cu stomize s the CLI pr omp t.
Command Line I nterface 4-26 4 Example hostname This comm and sp ecifies or mod ifies the host nam e for this de vice. Us e the no form to restor e the defa ult host name .
System Management Commands 4-27 4 User Access Commands The bas ic c omma nds required for m ana gement access ar e liste d in t his s ection . This switc h also inc ludes othe r option s for passwor d.
Command Line I nterface 4-28 4 Command Usage The encry pted passw ord is requi red for com patibility w ith legacy password settings (i.e. , plain text or encr ypt ed) when rea ding t he c onfigu ration f ile dur ing system bo otup or when download ing the config uration f ile from a T FTP ser ver .
System Management Commands 4-29 4 Related Commands enable (4-20) aut hent icat ion en able (4-71 ) IP Filt er Commands managem ent This comm and sp ecifies t he client IP address es that a re allowed m anage ment access t o the swit ch throu gh vario us protoc ols.
Command Line I nterface 4-30 4 • You can delete an address r ange just by speci fying the st art add ress, or b y specifyi ng both t he start add ress an d end ad dress . Example Thi s exam ple res tri cts m anage ment ac cess to the in dica ted ad dres ses.
System Management Commands 4-31 4 Web Server Commands ip http port This comm and sp ecifies the TCP port number u sed by the w eb brow ser inter face. Use t he no form to us e the defa ult port. Syntax ip http port port -numb er no ip http port port-number - The TCP p ort to be u sed by the browse r interface.
Command Line I nterface 4-32 4 Example Related Commands ip htt p port (4 -31) ip http sec ure-server This comm and en ables the se cure hy pertext tra nsfer prot ocol (HTT PS) ove r the Secure Socket Layer ( SSL), p roviding sec ure acc ess (i.e ., an encrypt ed conn ection ) to the swit ch’s web interfac e.
System Management Commands 4-33 4 Example Related Commands ip http secu re-por t (4-33) copy tftp https-certif icate (4-6 4) ip http sec ure-port This comm and speci fies the UDP port num ber used for HTTPS con nection to the switch’ s web interface.
Command Line I nterface 4-34 4 Telnet Ser ver Commands ip telnet s erver This command allows this device to be monitored or configured from T elnet. It also specifie s the TCP port num ber used by the T e lnet interfac e. Use the no form w itho ut the “port ” keywo rd to disabl e this func tion.
System Management Commands 4-35 4 Thi s sect ion de scri bes th e comma nds use d to con figur e the SS H serve r . Howev er , note that y ou also nee d to install a SS H client on t he manag eme nt station whe n using thi s protoco l to configur e the sw itch.
Command Line I nterface 4-36 4 10.1.0 .54 1024 35 156 84995401867 6692593339 4677505 46173253136 7489083654 7254 15020245 5931998 68544358361 6519999233 2978176 6065830956 10 82591321289 0233 76546801.
System Management Commands 4-37 4 ip ssh se rver This comm and enabl es the Sec ure Shell (SSH ) server on this switch. Use the no form to disa ble this se rvice. Syntax [ no ] i p ssh server Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • The SSH server su pports up to four client session s.
Command Line I nterface 4-38 4 Command Usage The timeo ut specifies the i nterval the switch will wait for a re sponse from the client duri ng the SSH neg otiat ion phase . Once an SS H session has been establishe d, the timeo ut for use r input is cont rolled by t he exec -timeout comm and for vt y sessio ns.
System Management Commands 4-39 4 Default Sett ing 768 bits Command Mode Global Co nfigurat ion Command Usage • The serve r key is a pr ivate ke y that is nev er share d outsid e the swit ch. • The host ke y is shar ed with the SSH client, an d is fixed at 1024 bits.
Command Line I nterface 4-40 4 Command Usage • This co mmand stores the host ke y pair in mem ory (i. e., RAM ). Use the ip ssh save ho st-key co mm and to sav e th e ho st key pai r to fla sh m emo ry . • Some S SH client pr ograms automa tically add the pub lic key to t he known hosts file as part of the con figura tion proce ss.
System Management Commands 4-41 4 ip ssh sa ve host- key This comm and sa ves the hos t key fro m RAM to flash mem ory . Syntax ip ssh save host-k ey [ dsa | rsa ] • dsa – DSA ke y type. • rsa – RSA key type. Default Sett ing Saves both the DSA an d RSA key .
Command Line I nterface 4-42 4 show pub lic-key Thi s com mand s hows the publ ic ke y for the s pec ifi ed use r or for the host . Syntax show p ublic-key [ us er [ userna me ]| host ] username – Name of an SSH user . (Range: 1-8 ch aracters) Default Sett ing Shows all public keys .
System Management Commands 4-43 4 • When a n RS A key is displ ayed , the fir st field indica tes the size of the host key (e.g., 10 24), the sec ond field i s the enco ded pub lic expone nt (e.
Command Line I nterface 4-44 4 Default Sett ing None Command Mode Global Co nfigurat ion Command Usage The logging proce ss contro ls error m essages saved to switch mem ory . Y o u can use the logging histor y command to contro l the type of error mess ages that are st ored.
System Management Commands 4-45 4 Default Sett ing • Flash: errors (level 3 - 0) • RAM: war nings (level 7 - 0) Command Mode Global Co nfigurat ion Command Usage The messa ge l evel spec ifi ed f or fl ash memor y mus t be a hi gher pri orit y ( i.
Command Line I nterface 4-46 4 Default Sett ing 23 Command Mode Global Co nfigurat ion Command Usage The comm and sp ecifies the facility type tag sent in sys log messag es. (S ee RFC 3164. ) This type has no effect on the kind of m essag es repor ted by the switch .
System Management Commands 4-47 4 clear log This c omman d clea rs me ssage s f rom the lo g buffer . Syntax clear lo g [ flash | ram ] • flas h - Event hi story s tored in flas h memo ry (i.e., perm anen t memo ry). • ram - Event hist ory stored in temp orary RAM (i.
Command Line I nterface 4-48 4 Example The f ollo win g exampl e shows th at sys tem lo ggin g is en able d, th e mess age le vel fo r flash mem ory is “er rors” (i.e ., defaul t level 3 - 0), an d the mes sage leve l for RAM is “debugg ing” (i.
System Management Commands 4-49 4 show log This comm and disp lays the log mes sages s tored in lo cal memo ry . Syntax show log { fl ash | ram } • flas h - Event hi story s tored in flas h memo ry (i.e., perm anen t memo ry). • ram - Event hist ory stored in temp orary RAM (i.
Command Line I nterface 4-50 4 logging se ndmail h ost This co mmand spec ifies SMTP serv ers tha t will b e sent a lert me ssage s. Us e the no form to r emove an SMTP serv er . Syntax [ no ] logging sendmail host ip_addres s ip_address - IP address of an SMTP server that will be sent alert messages for event handling.
System Management Commands 4-51 4 Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to t he configured email recipient s. (For examp le, using Level 7 wil l report all even ts from le vel 7 to level 0.
Command Line I nterface 4-52 4 Command Usage Y o u can speci fy up to fiv e recipien ts for alert mes sages . Howev er , you must enter a se parate com mand to specify eac h recipi ent. Example logging se ndmail This comm and enabl es SMTP ev ent hand ling.
System Management Commands 4-53 4 Time Commands The syste m clock can be dy namical ly set by p olling a set of specifie d time ser vers (NTP or SNTP) . Mai nt ain ing a n ac cura te ti me on the swi tch enabl es t he sy stem log to record meaningful d ates and times f or event ent ries.
Command Line I nterface 4-54 4 Example Related Commands sntp se rver (4 -54 ) sntp poll (4-55) show sn tp (4-55 ) sntp serv er This comm and se ts the IP addres s of the serv ers to whi ch SNTP time reques ts are issued. U se the this comma nd with no argumen ts to clear all time serve rs from the current l ist.
System Management Commands 4-55 4 sntp poll This comm and se ts the interval between se ndin g time req uests when th e switch is set to SNTP client mode. U se the no form to restore to the def ault. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
Command Line I nterface 4-56 4 cloc k ti mez one This command set s the t ime zone for t he switch’ s internal clock. Syntax clock timezone name hou r hour s minut e minutes { before-u tc | after-utc } • name - Nam e of tim ezone , usually an acron ym.
System Management Commands 4-57 4 Default Sett ing None Command Mode Privileged Exec Example This examp le sho ws how to set the sy stem cloc k to 15:12 :34, Feb ruary 1st , 2002.
Command Line I nterface 4-58 4 Command Usage • Use this comm and in co njunc tion wit h the show runn ing-config command to compar e the infor mation in r unning m emory to the inform ation stored in non-volatile memory. • This co mmand displa ys se ttings for key c omman d mo des.
System Management Commands 4-59 4 Related Commands show runni ng-con fig ( 4-59) show runn ing-config This comm and disp lays the config uration in format ion current ly in use.
Command Line I nterface 4-60 4 Example Related Commands show startu p-conf ig (4-57) show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Console#show running-config building running-config, please wait.
System Management Commands 4-61 4 Command Usage • For a descr iption of the item s shown b y this comm and, re fer to “D isplay ing System In formatio n” on pag e 3-12. • The POST result s sh ould all disp lay “P ASS.” If a ny POS T test indi cat es “FAIL,” co ntact yo ur distribu tor for ass istanc e.
Command Line I nterface 4-62 4 Example show ve rsion Thi s comma nd dis play s hardw are an d soft war e vers ion inf orm atio n for th e syst em. Default Sett ing None Command Mode Normal Exec, Priv .
System Management Commands 4-63 4 Frame Size Commands jumbo frame This comm and en ables sup port for jum bo fram es. Use t he no form to di sabl e it.
Command Line I nterface 4-64 4 Flash/File Commands These c omm ands a re u sed to ma nage the s ystem code or configur ation files. copy This comm and mov es (up load/do wnload) a code im age or co nfigurati on file between t he switc h’s flash memo ry and a T FTP server.
Flash/File Commands 4-65 4 Command Usage • The system prompts fo r data requi red to comple te the copy co mmand. • The de stination f ile na me shou ld not c ontain slashe s ( or /) , the lead ing lett er of the file na me shoul d not be a pe riod (.
Command Line I nterface 4-66 4 The follow ing exam ple show s how to do wnloa d a config uration file: This examp le show s how to copy a secur e-site ce rtificate from an T FTP server. It then r eboots t he sw itch to act ivate t he c ertificat e: This examp le show s how to cop y a public-k ey used by SSH from an TF TP serv er .
Flash/File Commands 4-67 4 Command Usage • If the file type i s used for sys tem startup, then t his file c annot be delete d. • “Fact ory_ Defa ult_C onf ig.c fg” cann ot be del eted . Example This exa mple s hows h ow to d elete the test2 .cfg co nfigurat ion file f rom fla sh mem ory .
Command Line I nterface 4-68 4 Example The follow ing exam ple show s how to di splay all file informa tion: whichboo t This c omman d disp lays w hich files were booted wh en the sys tem p owere d up. Default Sett ing None Command Mode Privileged Exec Example This examp le sho ws the infor mation d isplay ed by the whichb oot comm and.
Authentication Co mmands 4-69 4 Command Mode Global Co nfigurat ion Command Usage • A colon (:) is required after the s pecified file type. • If the file cont ains an err or, it cann ot be set as the defa ult file.
Command Line I nterface 4-70 4 Authenticat ion Sequence authentica tion login This co mmand defin es the login authenti cation metho d and pr ecede nce. U se the no form to rest ore the d efault. Syntax aut henti cation l ogi n {[ local ] [ radius ] [ tacacs ]} no authenticat ion login • loc al - Use local password.
Authentication Co mmands 4-71 4 authentica tion enable This comm and de fines the au then tication m ethod and prece dence to use when changin g from Exec comma nd mode t o Privileged Exec comma nd mod e with the enable co mmand (see page 4-20 ). Use the no form to res tore the defa ult.
Command Line I nterface 4-72 4 RADIUS Client Remote Authent ication Dial -in User Ser vice (RADI US) is a logo n authe ntication protoc ol that uses software runn ing on a central ser ver to co ntrol acce ss to RADIUS- aware devices on the netwo rk.
Authentication Co mmands 4-73 4 Example radius- server por t This comm and s ets the RAD IUS se rver netwo rk por t. Use the no form to re stor e the default. Syntax radius-server po rt por t_num ber no radius-server port port_number - RADIUS server UDP port used for authentication messages.
Command Line I nterface 4-74 4 radius- server r etransmit This c omman d se ts the number of r etries. Use the no form to restore th e default. Syntax radi us-s erver re trans mit numb er_o f_re tri es no radius-server retransmit number_of_retries - Numbe r of times the switch will try to aut henticate logon access via t he RADIUS server .
Authentication Co mmands 4-75 4 Example TACACS+ Client T erminal Acce ss Controller Acces s Control System (T ACACS+) is a logon authenti cation protoco l that uses s oftware runni ng on a ce ntral ser ver to contr ol access t o T ACAC S-a ware de vices on the networ k.
Command Line I nterface 4-76 4 Example tacacs-se rver por t This command specifies the T ACACS+ s erver network port. Use the no form to restore t he defaul t. Syntax t aca cs-se rver po rt port_n umbe r no tacacs-serv er port port_number - T AC ACS+ server TCP port used for au thentication messages.
Authentication Co mmands 4-77 4 show taca cs- ser ver This comm and disp lays the current settings for the T AC ACS + server. Default Sett ing None Command Mode Privileged Exec Example Port Security Commands These com mands can be use d to ena ble port se curity on a po rt.
Command Line I nterface 4-78 4 port se curity This comm and en ables or conf igure s port secur ity . Use the no f orm w itho ut a ny keywords to disab le p ort s ecurity . Use the no form wit h the ap prop riat e keyw ord t o restore th e default settings fo r a respons e to security violatio n or for the maximum number of allowed a ddres ses.
Authentication Co mmands 4-79 4 Example The follow ing exam ple enab les po rt security for port 5, an d sets the respo nse to a security violation t o issue a trap mess age: Related Commands shutdown (4 -148) mac-a ddress- table static (4-167 ) show mac -addr ess-table (4 -168) 802.
Command Line I nterface 4-80 4 dot1x system -auth-contro l This comm and enabl es IEEE 802 .1X port aut henti cation globa lly on the sw itch. Use the no form to rest ore the d efault.
Authentication Co mmands 4-81 4 dot1x port-control This comm and se ts the dot1x m ode on a po rt interface. Use the no f orm to resto re the defaul t.
Command Line I nterface 4-82 4 Command Usage • The “max -count ” param eter spec ified by thi s comma nd is only effe ctive if th e dot1x m ode is set to “auto” by th e dot1x por t-contr ol comma nd (pag e 4-105) .
Authentication Co mmands 4-83 4 dot1x timeout quiet- period This comm and se ts the time tha t a switch port waits after the M ax Requ est Cou nt has been ex ceede d before a ttemp ting to acqu ire a new client. U se the no form to reset the de fault.
Command Line I nterface 4-84 4 dot1x timeout tx-perio d This comm and se ts the time t hat an inte rface on the switch w aits du ring an authenti cation ses sion bef ore re-trans mitting an EAP packe t. Use th e no form to reset to th e default v alue.
Authentication Co mmands 4-85 4 - Mod e – D ot1x port c ontrol m ode (page 4-81 ). - Autho rized – Authoriz ation sta tus (y es or n/ a - not author ized).
Command Line I nterface 4-86 4 • Reauthe ntication Stat e Machine - Stat e – Current sta te (inc luding init ialize, re authent icate). Example Console#show dot1x Global 802.
Access Contr ol List Commands 4-87 4 Access Control List Com mands Access C ontr ol Lists (A CL) prov ide packe t filtering for I P fram es (bas ed on address , protocol , Layer 4 prot ocol por t numbe r or TCP contr ol code) or any frame s (based on MAC address or Etherne t type).
Command Line I nterface 4-88 4 The order in which act ive ACLs ar e checked i s as follows : 1. User-defined rules in the Egress MAC ACL for e gress ports. 2. Use r-define d rules in t he Egress I P ACL f or egres s ports. 3. Use r-define d rules i n the Ingres s MAC AC L for ingr ess ports.
Access Contr ol List Commands 4-89 4 access-l ist ip This co mmand adds an IP a ccess list an d ent ers con figura tion mo de fo r standard or extende d IP ACLs .
Command Line I nterface 4-90 4 Default Sett ing None Command Mode S tandard A CL Command Usage • New rules are appe nded to the en d of the lis t. • Address bitma sks are s imilar to a subn et mask , conta ining fou r integer s from 0 to 25 5, each sepa rated by a p eriod.
Access Contr ol List Commands 4-91 4 • precede nce – IP preceden ce level . (Range: 0-7) • tos – Type of Ser vice lev el. (Ran ge: 0-15) • dscp – DSCP p rior ity lev el. ( Range : 0- 63) • sport – Prot ocol 37 source por t numb er. (Rang e: 0-655 35) • dport – Prot oco l 37 destinati on port nu mber.
Command Line I nterface 4-92 4 Example This e xampl e accep ts any incom ing pac kets if t he sou rce address is within subne t 10.7.1.x . For example, if the rule is match ed; i.e., the rule (10.7.1.0 & 255.255 .255.0 ) equals the maske d address (10.
Access Contr ol List Commands 4-93 4 access-l ist ip ma sk-prece dence This comm and ch anges to the IP Mas k mode use d to con figure acc ess con trol mask s. Us e th e no form to de lete the m ask table. Syntax [ no ] access-list ip mask-p reced ence { in | ou t } • in – Ingr ess ma sk f or in gress ACLs.
Command Line I nterface 4-94 4 • destinat ion-bit mask – D estina tion ad dress of rule m ust m atch t his bitm ask. • preceden ce – Check th e IP prece dence fi eld. • tos – Check the TOS f iel d. • dscp – Chec k th e DSCP fiel d. • source-por t – Check the protoco l source port field.
Access Contr ol List Commands 4-95 4 This show s that the ent ries in th e mask ov erride the prece dence in whi ch the ru les are ente red into the AC L. In the fo llowing exa mple, packe ts with the sour ce addres s 10.1.1.1 are dropp ed beca use the “d eny 10.
Command Line I nterface 4-96 4 This show s how to crea te an ex tended ACL with a n egress m ask to dro p packets leaving ne twork 171 .69.19 8.0 whe n the La yer 4 sourc e port is 23. Console(config)#access-list ip extended A 3 Console(config-ext-acl)#deny host 171.
Access Contr ol List Commands 4-97 4 This is a mo re compreh ensive ex amp le. It denies any TCP packe ts in which the SYN bit is ON , and perm its all other packets. I t then sets the ing ress ma sk to check the deny rul e first, and finally bind s port 1 to th is ACL.
Command Line I nterface 4-98 4 Related Commands mas k (IP ACL ) (4 -93) ip acces s-group This comm and bind s a port to an IP ACL. U se the no form to r emove the po rt. Syntax [ no ] ip access-group acl _name { in | out } • acl_name – Name o f the ACL.
Access Contr ol List Commands 4-99 4 MAC ACLs access-l ist mac This comm and ad ds a MAC access list and enter s MAC ACL configu ration m ode. Use t he no form to re move the sp ecified AC L. Syntax [ no ] access-list mac acl_n ame acl_name – Name of the ACL.
Command Line I nterface 4-100 4 Related Commands permit , deny (4-100 ) mac acce ss-g ro up ( 4-105 ) show mac acce ss-li st (4- 101) permit , deny (MAC ACL) This comm and adds a rule to a MAC ACL. The ru le filters packets ma tching a specifie d MAC so urce or destinat ion addr ess (i.
Access Contr ol List Commands 4-101 4 • vid-bi tmask 38 – VLAN bitm ask. (Ran ge: 1-40 94) • protocol – A spe cific Eth ernet protoc ol num ber. (Rang e: 600 -fff he x.) • protoc ol - bitmas k 38 – Protoc ol bitmask . ( Range : 600-fff hex .
Command Line I nterface 4-102 4 access-l ist mac mas k-preced ence This comm and ch anges to MAC Ma sk mod e used to co nfigur e access co ntrol mask s. Us e th e no form to de lete the m ask table. Syntax [ no ] access-list ip mask-p reced ence { in | ou t } • in – Ingr ess ma sk f or in gress ACLs.
Access Contr ol List Commands 4-103 4 • vid-bitm ask – VLAN ID of rule must match this b itmask. • ethertype – Ch eck the Ethernet type field. • ethertyp e-bitma sk – Ethernet typ e of rule mu st match thi s bitmask.
Command Line I nterface 4-104 4 This examp le creates an Egre ss MAC AC L. show ac cess-list m ac mask-prec edence This comma nd shows the ingress or egress rule masks fo r MAC ACLs. Syntax show a ccess -list m ac mask-p reced ence [ in | out ] • in – In gress m ask preced ence for in gress AC Ls.
Access Contr ol List Commands 4-105 4 mac access -group This comm and bind s a port to a MA C ACL. Use the no for m to remove the p ort. Syntax mac a ccess-gr oup acl_na me { in | out } • acl_name – Name o f the ACL. (Maximu m length: 16 c harac ters) • in – In dicates that t his li st app lies to in gress p ackets .
Command Line I nterface 4-106 4 ACL Information show ac cess-list This co mmand show s all ACLs an d ass ociated rules, as we ll as all the user-d efined masks.
SNMP Commands 4-107 4 SNMP Command s Controls a ccess to this switch fr om management st ations using the Simple Netwo rk Manage ment Pr otocol (SNM P), as w ell as the error types sent to trap manager s.
Command Line I nterface 4-108 4 Example show sn mp This comm and ca n be used to check t he status of SN MP co mmunica tions. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command U.
SNMP Commands 4-109 4 snmp- server com munity This comm and de fines the SNM P v1 an d v2c comm unit y access st ring. U se the no form to rem ove th e specifi ed comm unity s tring.
Command Line I nterface 4-110 4 Related Commands snmp -serve r loca tio n (4-1 10) snmp- server loc ation This comm and se ts the system location string. Us e the no form to remove th e location string . Syntax snmp-s erver locat ion te xt no snmp-s erve r locatio n text - St ring that describes the system location.
SNMP Commands 4-111 4 to us ing th e snmp -serv er h ost command. (Maximu m length: 32 charac ters) • version - Spec ifies whethe r to sen d notificati ons as SNM P Versio n 1, 2c or 3 tr aps .
Command Line I nterface 4-112 4 To send an info rm to a SNMPv3 hos t, complete thes e steps: 1. En able t he S NMP ag ent (pag e 4- 107) . 2. Allo w the swit ch to send SNMP traps; i.
SNMP Commands 4-113 4 SNMP notifications, you must enter at least one snmp-s erver en able t raps comm and. If you en ter the comman d with no ke ywo rds, both au then tication and link-u p-dow n notificat ions are enabled. I f you ente r the com mand wi th a keywo rd, only th e notificat ion type related to that keyw ord is ena bled.
Command Line I nterface 4-114 4 • A remote en gine ID is required whe n using SN MPv3 i nforms. (See snmp-s erver ho st on page 4-110. ) The r emo te engine ID is used to co mpute the secu rity dig est for aut henti cating and encry pting p ackets s ent to a user on the remot e host.
SNMP Commands 4-115 4 snmp- server vie w This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emov e an SNMP view. Syntax snmp-s erver vi ew view-na me oid- tree { included | excl uded } no snmp-s erve r view view -nam e • view-name - Name of an SNMP view .
Command Line I nterface 4-116 4 show sn mp view This comma nd shows informa tion on the SNMP views. Command Mode Privileged Exec Example snmp- server group This comm and ad ds an SNMP group, ma pping SN MP user s to SNMP vi ews. U se the no form to remove an SNMP gro up.
SNMP Commands 4-117 4 Default Sett ing • Default gr oups: pu blic 39 (rea d only ), pri vat e 40 (r ead/w rite) • readvi ew - Every object b elonging to the Internet OID space (1.3 .6.1). • writevie w - Nothin g is defined . • notifyvie w - Nothin g is def ine d.
Command Line I nterface 4-118 4 snmp- server use r Thi s com mand a dds a use r to an SN MP grou p, r estr ic ting the user t o a s pec ifi c SNMP Re ad, Write, or No tify View .
SNMP Commands 4-119 4 • ip-a ddre ss - The Inter net addr ess of the remote dev ice. • v1 | v2c | v3 - Use SNMP ve rsion 1, 2c o r 3. • encr ypte d - Accepts the pa ssw ord as encr ypted inpu t. • auth - Uses SNM Pv3 w ith authen ticatio n. • md5 | sha - Use s MD5 or SHA authen tica tio n.
Command Line I nterface 4-120 4 show sn mp user This comma nd shows informatio n on SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Na.
DHCP Co mmands 4-121 4 DHCP Commands Thes e comma nds ar e used t o confi gur e Dynami c Host Confi gura tion Proto col (DHCP) client, r elay , and se rver fun ctions. Y o u can co nfigur e any VL AN in terface t o be automaticall y assigned an IP address via DHCP .
Command Line I nterface 4-122 4 Related Commands ip dhcp restar t client ( 4-122) ip dhcp res tart client This command submit s a BOOTP or DHCP client request.
DHCP Co mmands 4-123 4 DHCP Relay ip dhcp res tart relay This command enables DHCP re lay for the s pecified VLAN. Use the no form to disable i t. Syntax [ no ] ip dhcp relay Default Sett ing Disabled.
Command Line I nterface 4-124 4 ip dhcp rela y server This comm and sp ecifies t he addres ses of DHCP se rvers to be used by the switch’s DHCP relay agent. Us e the no form to clear all a ddresses. Syntax ip dhcp rel ay s erver addres s1 [ addres s2 [ ad dress 3 .
DHCP Co mmands 4-125 4 servic e dhcp This command enable s the DHCP server on this s witch. Use the no form to disable the DHCP server . Syntax [ no ] service dhcp Default Sett ing Enabled Command Mode Global Co nfigurat ion Command Usage If the DHCP server is running, you mus t resta rt it to imp lement any configur ation ch anges .
Command Line I nterface 4-126 4 Default Sett ing All IP pool addr esses may be ass igned. Command Mode Global Co nfigurat ion Example ip dhcp po ol This command configures a DHCP address pool and enter DHCP Pool Configu ration m ode. Use t he no for m to remo ve t he a ddress pool.
DHCP Co mmands 4-127 4 network This command confi gures the subnet n umber and mask fo r a DHCP address pool. Use t he no form to re move th e subne t numbe r and mas k. Syntax network netw ork-numb er [ ma sk ] no network • net work- numb er - The IP ad dress of the DHCP add ress pool.
Command Line I nterface 4-128 4 Command Mode DHCP Pool Configuration Usage Guidelines The IP addr ess of th e router sho uld be on the sam e subne t as the clien t. Y o u can speci fy up to tw o routers. Routers ar e listed i n order of pre ference (st arting with ad dress1 as the m ost pr efer red ro uter ).
DHCP Co mmands 4-129 4 Usage Guidelines • If DNS IP se rvers are not confi gured for a DHCP client, the clien t cannot correlat e host nam es to IP a ddresse s. • Servers are listed in o rder o f pref erence (star ting with addres s1 as the mo st preferre d server ).
Command Line I nterface 4-130 4 Example Related Commands next-s erver (4-1 29) netbios-na me-serve r This com mand conf igures Ne tBIO S Wind ows In ternet N ami ng Serv ice (WI NS) name serv ers tha t are av aila ble t o Micro sof t DHCP clien ts . Use th e no for m to remove the NetBIOS n ame server list.
DHCP Co mmands 4-131 4 netbios-nod e-type This command confi gures the NetBIOS node typ e for Microsof t DHCP client s. Use the no f or m to rem o ve th e Ne tB IOS n ode typ e.
Command Line I nterface 4-132 4 Command Modes DHCP Pool Configuration Example The follow ing exam ple lea ses an addr ess to clie nts using this pool for 7 day s. host Use this comm and to spe cify t he IP addr ess a nd netw ork ma sk to ma nually bind to a DHCP client.
DHCP Co mmands 4-133 4 Example Related Commands client-id entifier (4-133 ) hardwar e-add ress ( 4-134) client-iden tifier This command specifies the client identifier of a DHCP client. Use the no form to remov e the client id entifier. Syntax client-identifier { text text | hex hex } no client-identifier • text - A text strin g.
Command Line I nterface 4-134 4 hardware-addres s This command specifie s the hardware address of a DHCP client . This command is valid for ma nual bin dings on ly .
DHCP Co mmands 4-135 4 Usage Guidelines •A n ad dres s specifie s the clien t’s IP ad dress. If an asterisk (*) is use d as the address paramet er, the DHCP server clears all auto matic bindings. •U s e t h e no host command to delet e a m anual bind ing .
Command Line I nterface 4-136 4 DNS Commands Thes e comma nds ar e used t o confi gur e Domain Naming Syste m (DNS) servic es. Y ou can m anual ly confi gure entr ies in the D NS doma in na me to IP addr ess mapp ing table, config ure defa ult domai n names , or speci fy one or mo re nam e server s to use for domain name to addr ess translati on.
DNS Commands 4-137 4 Command Usage Servers or other net work dev ices ma y support one or more co nnect ions vi a multiple IP address es. If mor e than one IP addr ess is asso ciated with a host name usi ng this com man d, a DNS cli ent can try ea ch addr ess in succ ession , until it establish es a connec tion w ith t he targe t devi ce.
Command Line I nterface 4-138 4 Default Sett ing None Command Mode Global Co nfigurat ion Example Related Commands ip d omai n-l ist ( 4-1 38) ip name-s erver (4 -139) ip d omai n-l ookup (4- 140) ip domain- list This comm and de fines a list of domain na mes th at can be append ed to inco mplete host nam es (i.
DNS Commands 4-139 4 Example This examp le add s two dom ain name s to the cu rrent list and then di splays the list. Related Commands ip d omai n-na me (4-1 37) ip name-s erver Thi s com mand sp ecif ies the ad dres s of o ne or more domai n name s erv ers to use for name-to -addres s reso lution.
Command Line I nterface 4-140 4 Example Thi s exam ple adds two doma in-n ame se rver s to the l ist an d then displ ays th e lis t. Related Commands ip d omai n-na me (4-1 37) ip d omai n-l ookup (4- 140) ip domain- lookup This comm and en ables DN S host nam e-to- address translat ion.
DNS Commands 4-141 4 Related Commands ip d omai n-na me (4-1 37) ip name-s erver (4 -139) show hos ts This comm and disp lays the static host n ame-to- addre ss mappi ng table. Command Mode Privileged Exec Example Note that a host name will be displayed as an a lias if it is mapped to th e same address (es) as a pr evious ly configu red entry .
Command Line I nterface 4-142 4 show dns cache This comm and disp lays entries in the DNS ca che. Command Mode Privileged Exec Example clear dns cac he This comm and clea rs all entri es in the DNS cache. Command Mode Privileged Exec Example Console#show dns cache NO FLAG TYPE IP TTL DOMAIN 2 4 CNAME 66.
Interface Co mmands 4-143 4 Interface Commands Thes e comma nds ar e used t o displ ay or set commun ica tion p ara mete rs for an Ethernet p ort, aggregat ed link, or VL AN. interface This comm and co nfigures an inte rface type and ente r interface configu ration mo de.
Command Line I nterface 4-144 4 Command Mode Global Co nfigurat ion Example T o speci fy port 4, en ter the follow ing comm and: descri ption This comm and ad ds a description to an inte rface.
Interface Co mmands 4-145 4 Default Sett ing • Auto-ne gotiation is enab led by defaul t. • When aut o-negot iation is di sabled , the defaul t speed- duplex setting is : - Fas t Ethernet por ts .
Command Line I nterface 4-146 4 • If aut onegotiation is di sabled, auto-MDI/MDI- X pin signal c onfiguration will also be disa bled for the RJ-45 ports.
Interface Co mmands 4-147 4 Example The follo wing exa mple c onfigu res Ethern et port 5 c apabilities to 100ha lf, 10 0full and fl ow cont rol. Related Commands negotiat ion (4-145 ) speed-d uplex (4 -144) flo wco ntro l (4 -147 ) flowcontrol This comm and en ables flow control.
Command Line I nterface 4-148 4 Related Commands negotiat ion (4-145 ) capa bilities (f lowcontrol, sy mmetric) (4-1 46) shutdown This comm and disa bles an i nterface. T o restart a disa bled interface, use the no form . Syntax [ no ] shut down Default Sett ing All interface s are enabl ed.
Interface Co mmands 4-149 4 Command Usage • When bro adcas t traffic ex ceeds the specif ied thresh old, pac kets abov e that thresh old are drop ped. • Broadcast control does n ot effect IP mu lticast tra ffic. • The resol ution is 1 packet per secon d (pps); i.
Command Line I nterface 4-150 4 show inte rfaces st atus This comm and disp lays the status for an int erface . Syntax show in terface s status [ inte rfac e ] interfa ce • etherne t unit / port - unit - Stack un it 43 . ( Range: 1-1) - port - Port num ber.
Interface Co mmands 4-151 4 show inte rfaces counte rs This c omman d disp lays i nterfac e stati stics. Syntax show i nterf aces counte rs [ inte rface ] inte rface • etherne t unit / port - unit - Stack un it 44 . ( Range: 1-1) - port - Port num ber.
Command Line I nterface 4-152 4 show inte rfaces swi tchport This comm and disp lays t he adm inistrat ive and op erationa l status of th e specifie d int er fa ces . Syntax show i nterface s sw itchpo rt [ in terface ] interfa ce • etherne t unit / port - unit - Stack un it 45 .
Interface Co mmands 4-153 4 T able 4-49 show in terfaces switch port - d isplay d escripti on Field Descr iption Broadcas t thresh old Shows if broa dcast st orm su ppressi on is en abled o r disab led; if en abled it also show s th e thre shol d leve l (p age 4- 148) .
Command Line I nterface 4-154 4 Mirror Port Commands This secti on des cribes how to mirro r traffic from a sour ce por t to a target port. port monitor This c omman d co nfigures a m irror sess ion.
Mirror Por t Commands 4-155 4 Example The follow ing exam ple conf igures the switch t o mirror all packets from port 6 t o 1 1: show port monitor This c omman d disp lays m irro r infor mation. Syntax sh ow port moni tor [ in terf a ce ] inte rface - ethernet unit / port (source port) • unit - Stack un it 47 .
Command Line I nterface 4-156 4 Rate Limit Commands This funct ion allows the netwo rk manag er to cont rol the m aximum r ate for traffic transmi tted or rec eived on an interfa ce. Rate l imiting is co nfigur ed on inte rfaces at the edge of a network to limit tr affic into or out of the network.
Link Aggregati on Commands 4-157 4 Link Aggregation Comma nds Ports can be statica lly groupe d into an aggregat e link (i.e. , trunk) to incr ease the bandwidth of a networ k conne ction or to ensure fa ult recove ry .
Command Line I nterface 4-158 4 Dynami cally Crea ting a Por t Chann el – Ports assi gned to a co mmon po rt ch annel mu st meet th e followi ng criter ia: • Ports must have the same LACP system priori ty. • Ports must have the same p ort admin key (Ethernet In terface).
Link Aggregati on Commands 4-159 4 lacp Thi s com mand enab les 8 02. 3ad Li nk A ggr egati on Co ntro l Pr ot ocol (LAC P) f or th e cur ren t inte rf ace.
Command Line I nterface 4-160 4 lacp system- priority This c omman d co nfigures a p ort's LAC P s ystem p riority . Use the no form to r estore the defaul t setting. Syntax lacp { actor | par tn e r } sy stem- priori ty pri orit y no lacp { actor | pa r t n e r } system- priority • actor - Th e local side an aggrega te link.
Link Aggregati on Commands 4-161 4 lacp admin-ke y (Ethernet Inter face) This c omman d co nfigures a p ort's LA CP adm inistration key . Use the no f orm to restore t he defaul t setting. Syntax lacp { actor | par tn e r } ad min -key key [ no ] lacp { acto r | par t n e r } admin-key • actor - Th e local side an aggrega te link.
Command Line I nterface 4-162 4 Default Sett ing 0 Command Mode Interface C onfig uration (P ort Chann el) Command Usage • Ports are on ly allow ed to join the sa me LA G if (1) the LAC P system priority matches, ( 2) the LACP port a dmin key matches, and (3) th e LACP port channel key matc hes (if con figure d).
Link Aggregati on Commands 4-163 4 Example show la cp This c omman d disp lays L ACP infor mation. Syntax show la cp [ port-c hannel ] { count ers | internal | n eighbors | sys-id } • port-cha nnel - Local ide ntifier for a li nk aggreg ation gr oup.
Command Line I nterface 4-164 4 Console#show lacp 1 internal Port channel: 1 ----------------------------------------- -------------------------------- Oper Key: 3 Admin Key: 0 Eth 1/ 2 --------------.
Link Aggregati on Commands 4-165 4 Console#show lacp 1 neighbors Port channel 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 ---------------------------.
Command Line I nterface 4-166 4 Address Table Command s Thes e comma nds ar e used t o confi gur e the addr ess tabl e for filte ring spec ifi ed addr esse s, dis play ing cu rren t entr ies , clea ring the t able , or set tin g the agi ng tim e.
Address T able Commands 4-167 4 mac-addr ess-table stati c This comm and maps a stati c address to a destina tion port in a VLAN. Use the no form to rem ove an a ddress.
Command Line I nterface 4-168 4 clear mac -address- table dynamic This comm and rem oves a ny learne d entries f rom the fo rward ing database an d clears the transm it and rece ive counts for any static or s ystem c onfigured entrie s.
Address T able Commands 4-169 4 means t o match a bi t and “1” mea ns to igno re a bit. For exa mple, a mask of 00-00-0 0-00-0 0-00 mea ns an exa ct match , and a mas k of FF-FF-FF -FF-FF-F F means “any .” • The maxi mum nu mber of address entries is 8191.
Command Line I nterface 4-170 4 Spanning Tree Command s This secti on include s com mands t hat config ure the Sp anning T ree Algo rithm (S T A) globally fo r the switch , and co mman ds that co nfigure ST A for the sele cted inter face.
Spanning Tree Commands 4-171 4 span nin g- tree Thi s com mand en able s the S p anni ng T ree Algo rit hm glo bal ly for th e swit ch. Use th e no form to disab le it.
Command Line I nterface 4-172 4 memb ers may be inadver tently disa bled to preven t network loops, thu s isolating group memb ers. W hen oper ating m ultiple V LANs , we r ecomm end selecti ng the MST P option.
Spanning Tree Commands 4-173 4 Command Usage This command set s the maximum time (in s econds) the r oot device wil l wait before changin g states (i.e. , discar ding to learning to forwa rding) . This del ay is required becaus e every device m ust rece ive informa tion abo ut topolog y changes before i t starts to forw ard fram es.
Command Line I nterface 4-174 4 Default Sett ing 20 seco nds Command Mode Global Co nfigurat ion Command Usage This comm and sets the m axim um tim e (in s econd s) a devi ce ca n wait wi thout receivin g a co nfigurat ion me ssage be fore attempt ing to r econfi gure.
Spanning Tree Commands 4-175 4 spanning-tre e pathcost m ethod This comm and co nfigures the path cost method used for Ra pid Sp anning T ree an d Multiple S panning Tree.
Command Line I nterface 4-176 4 spanning-tre e mst-configura tion This comm and ch anges to M ultiple Sp anning T ree (M ST) configu ration m ode. Default Sett ing • No VLANs ar e mappe d to any MS T instan ce. • The regi on name i s set the sw itch’s M AC addre ss.
Spanning Tree Commands 4-177 4 and the sa me instan ce (on ea ch bridge) with the sam e set of VL ANs. Also , note that RS TP treats each MSTI region as a single nod e, connec ting all regions to the Comm on Spa nning Tree. Example mst priority This c omman d co nfigures the p riorit y of a spannin g tree ins tance.
Command Line I nterface 4-178 4 Default Sett ing Switch’s MAC ad dress Command Mode MST Conf iguration Command Usage The MST re gion nam e and revi sion numbe r (page 4-178 ) are used to designa te a uniq ue MST reg ion. A brid ge (i.e., spann ing-tree complia nt devic e suc h as th is sw itch ) can only belo ng to one MST regi on.
Spanning Tree Commands 4-179 4 max-hops This comm and co nfigures the maxi mum nu mber of hops i n the region before a BPDU is discar ded. U se t he no form to rest ore the de fault. Syntax max-h op s hop-numb er hop-number - M aximum hop num ber for multiple spanning tree.
Command Line I nterface 4-180 4 span nin g- tree cos t This comm and co nfigures the spanning tree path co st for the sp ecified int erface . Use t he no form to re store the d efault . Syntax spanning-tree cost co st no spanning-tree co st cost - T he pa th co st fo r the po rt.
Spanning Tree Commands 4-181 4 Default Sett ing 128 Command Mode Interface C onfig uration (E thernet, Port Chann el) Command Usage • This comm and de fines the pri ority for the us e of a port in t he Spanni ng Tree Alg orith m.
Command Line I nterface 4-182 4 Example Related Commands spanning-tr ee p ortfast (4- 182) spanning-tre e portfast This command set s an interf ace to fas t forwarding.
Spanning Tree Commands 4-183 4 spanning-tre e link-type This c omman d co nfigures the l ink typ e f or Ra pid Sp anning Tree and Multi ple S panning Tree.
Command Line I nterface 4-184 4 Default Sett ing By default , the system autom atica lly detects the speed an d duplex m ode use d on eac h port , and co nfi gures the p ath co st accor di ng to th e valu es show n below . Path cos t “0” is used to indicate aut o-conf iguration mode.
Spanning Tree Commands 4-185 4 Command Usage • This comm and de fines the pr iority for the use of an interfa ce in the mult iple spannin g-tree . If the p ath c ost fo r all inte rfaces on a switch are the sam e, the interface with the highest priority (t hat is, lo west value) will be configured as an active l ink in the sp anning t ree.
Command Line I nterface 4-186 4 show sp anning-tree This c omman d show s the con figuratio n for the c ommon spanning tree (CST) or f or an instance withi n the multiple spa nning tree (MST). Syntax show s panning-tree [ in terface | mst instance_i d ] • int er fa ce • etherne t unit / port - unit - Stack un it 51 .
Spanning Tree Commands 4-187 4 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode: MSTP Spanning tree enable/disable: enable Instance: 0 Vlans configuration: 1-4094 Priority: 32768 Bridge Hello Time (sec.
Command Line I nterface 4-188 4 show sp anning-tree ms t configuration This c omman d sh ows the con figura tion of the multiple spanni ng tr ee. Command Mode Privileged Exec Example VLAN Commands A VLAN is a gro up of ports that ca n be loc ated anyw here in th e network , but comm unicat e as though they belo ng to the s ame phys ical seg ment.
VLAN Commands 4-189 4 vlan databas e This comm and en ters VLAN da tabase mo de. All comm ands in thi s mode wi ll take effect imm ediatel y . Default Sett ing None Command Mode Global Co nfigurat ion Command Usage • Use the VLAN data base comm and mo de t o add, chan ge, an d dele te VLAN s.
Command Line I nterface 4-190 4 Command Usage • no vlan v lan-id delete s the VLAN. • no vlan v lan-id name remove s the VLA N name. • no vlan v lan-id state re turns the VL AN to th e default stat e (i.e., acti ve). • You can con figure up to 255 VLANs on the s witch.
VLAN Commands 4-191 4 Example The follow ing exam ple show s how to se t the inter face con figura tion mode to VLAN 1, and t hen ass ign an IP addr ess to th e VLAN: Related Commands shutdown (4 -148) switchpo rt mode This comm and co nfigures the VLAN me mber ship mode for a port.
Command Line I nterface 4-192 4 switchpo rt accepta ble-frame-type s This co mmand config ures t he accepta ble fram e types for a p ort. Us e the no fo rm to restore t he defaul t. Syntax switchpo rt acc eptable-frame- types { all | ta g g e d } no switchp ort acc eptable-frame- types • all - The por t accepts al l frames , tagged or untagg ed.
VLAN Commands 4-193 4 • If ingress filtering is enab led and a port r eceives frame s tagged for VLA Ns for whi ch i t is not a memb er, t hese fra mes wi ll b e di scar ded. • Ingress filt ering does no t affect VL AN indepen dent BPDU frame s, such as GVRP or STA.
Command Line I nterface 4-194 4 switchpo rt allowed v lan This c omman d co nfigures VLAN grou ps on the se lected interf ace. Us e t he no form to restor e the defaul t.
VLAN Commands 4-195 4 switchpo rt forbidden vlan This c omman d conf igures forbidd en V LANs. U se the no form to remov e the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan-l ist | remove vlan-list } no switchp ort fo rbidden vl an • add vlan-l ist - Lis t of VLAN ide ntifi ers to ad d.
Command Line I nterface 4-196 4 show vl an This comma nd shows VLAN information . Syntax show v lan [ id vlan-id | name vlan-name ] • id - Key word to be foll owed by the VLAN ID . vlan-i d - ID of the conf igur ed VLA N. (R ange: 1-40 94, n o lea ding zeroes ) • name - Keyw ord to be foll owed by the VLAN na me.
VLAN Commands 4-197 4 Configuring Pri vate VLANs Private VLA Ns prov ide port- based s ecurity an d isolation betwee n ports within th e assigne d VLA N. Th is sec tion describes com mands use d to c onfigu re p rivate V lANs. pvlan This comm and en ables or con figur es a private VLAN.
Command Line I nterface 4-198 4 show pv lan This comm and disp lays the con figured pr ivate VL AN. Command Mode Privileged Exec Example Configuring Prot ocol-based VLANs The net work d evices requ ired to support multi ple pro tocols c annot be e asily gr ouped into a common VLAN.
VLAN Commands 4-199 4 3. Then map the protoco l for eac h interface t o the appr opriate VLA N using the protocol-vlan protoco l-group comma nd (Interfac e Config uratio n mode). protocol-vla n protocol-group ( Confi guring Gr oups) Thi s comman d creat es a pr otocol group , or to add sp ecif ic protoc ols to a gr oup.
Command Line I nterface 4-200 4 Command Mode Interface C onfig uration (E thernet, Port Chann el) Command Usage • When cre ating a pro tocol-bas ed VLAN, only ass ign interfa ces via this comm and.
VLAN Commands 4-201 4 show inte rfaces protoco l-vlan protocol -group This comm and sh ows the ma pping from proto col groups to VLA Ns for t he selec ted int er fa ces . Syntax show interface s protocol-vlan pr otocol-group [ interface ] inte rface • etherne t unit / port - unit - Stack un it 53 .
Command Line I nterface 4-202 4 GVRP and Bridge Extens ion Commands GARP VL AN Regi stration Protoco l defines a wa y for sw itches to ex change VLA N informat ion in order to automa tically reg ister VLAN memb ers on inter faces ac ross the netwo rk.
GVRP and Bridge Extens ion Commands 4-203 4 show bridg e-ext This comm and sh ows the con figura tion for bri dge exten sion com mands . Default Sett ing None Command Mode Privileged Exec Command Usag.
Command Line I nterface 4-204 4 show gv rp configuration This c omman d sh ows if GVR P is enabled . Syntax show g vrp configur ation [ interface ] interfa ce • etherne t unit / port - unit - Stack un it 54 .
GVRP and Bridge Extens ion Commands 4-205 4 Command Usage • Group Ad dres s Reg istration Protoc ol is u sed by GV RP a nd GM RP t o regi ster or deregi st er cl ient att rib utes for clien t se rvic es wi thi n a b ridg ed LA N. Th e default v alues for t he GARP timers are i ndepe ndent of the media ac cess metho d or data rat e.
Command Line I nterface 4-206 4 Related Commands garp time r (4-20 4) Priority Commands The comm ands describ ed in this se ction allo w you to sp ecify w hich data packets have grea ter prec edenc e when traffic is buffered in the swi tch due to congest ion.
Priority Co mmands 4-207 4 queue mod e This comm and se ts the queue mode to str ict priority or Weighted Roun d-Rob in (WR R) for the c lass of se rvic e (C oS) pr ior ity q ueues .
Command Line I nterface 4-208 4 Command Mode Interface C onfig uration (E thernet, Port Chann el) Command Usage • The prece dence for priorit y mapping i s IP Port, IP Preceden ce or IP D SCP, and defau lt switch port prior ity. • The defau lt priority ap plies for an unta gged fra me receiv ed on a por t set to accept a ll frame t ypes (i.
Priority Co mmands 4-209 4 Example Thi s exa mple s hows how t o as sign WRR we ight s to eac h of the prio rit y queu es: Related Commands show que ue band width (4-210) queue cos -map This comm and as signs cl ass of servi ce (Co S) values to the priori ty queues (i.
Command Line I nterface 4-210 4 Example The follow ing exam ple shows how to ch ange the C oS ass ignments to a one -to-on e mapping: Related Commands show queue cos-m ap ( 4-21 1) show que ue mode This c omman d sh ows the cur rent queue mode.
Priority Co mmands 4-211 4 Example show que ue cos-map This co mmand sho ws the cla ss of se rvice pr iori ty map. Syntax show q ueue cos-ma p [ interface ] inte rface • etherne t unit / port - unit - Stack un it 56 . ( Range: 1-1) - port - Port num ber.
Command Line I nterface 4-212 4 Priorit y Commands (Layer 3 and 4) map ip port (Gl obal Co nfiguratio n) This co mmand enable s IP por t mapp ing (i. e., class of ser vice map ping f or TCP/UD P socke ts). Use the no form to disable I P port mapp ing.
Priority Co mmands 4-213 4 Default Sett ing None Command Mode Interface C onfig uration (E thernet, Port Chann el) Command Usage • The prece dence for priority m apping i s IP Port, IP Preceden ce or IP D SCP, and defau lt switch port prior ity. • This command sets the I P port p riority fo r all inte rfaces.
Command Line I nterface 4-214 4 map ip pr ecedence (Interface Configu ration) This co mmand sets IP prec edenc e prior ity (i.e., IP T ype of Se rvice p riority). U se the no form to restore the default t able. Syntax map ip preceden ce ip-pr ecede nce-val ue cos cos-valu e no map ip preceden ce • precede nce-val ue - 3-bit p recedenc e valu e.
Priority Co mmands 4-215 4 Command Usage • The prece dence for priority m apping i s IP Port, IP Preceden ce or IP D SCP, and defau lt switch port prior ity. • IP Prece dence and IP DS CP cann ot both be enab led. Enabl ing one of thes e priority types will a utomatically dis able the other type.
Command Line I nterface 4-216 4 • DSCP pr iority va lues are ma pped to defaul t Clas s of Se rvice val ues acc ording to recomme ndations in the IEEE 802.1p stand ard, and then su bsequ ently mapp ed to the eigh t hard ware pr io rity queues . • This comm and se ts the IP DSCP prio rity for all int erfaces .
Priority Co mmands 4-217 4 show ma p ip precede nce This comm and sh ows the IP pr eced ence priorit y map. Syntax show m ap ip preced ence [ interface ] inte rface • etherne t unit / port - unit - Stack un it 58 . ( Range: 1-1) - port - Port num ber.
Command Line I nterface 4-218 4 show ma p ip dscp This command shows the IP DSCP priority map . Syntax show m ap ip dscp [ interface ] interfa ce • etherne t unit / port - unit - Stack un it 59 .
Quality of Servic e Commands 4-219 4 Quality of Service Comm ands The comm ands des cribed in this sect ion are us ed to conf igure Differen tiated Services ( DiffServ) cl assifica tion criter ia and se rvice po licies. Y ou can class ify traffic base d on acces s li sts, IP Pr ece dence or D SCP val ues, or VL ANs.
Command Line I nterface 4-220 4 Notes: 1. You can only configure one rule per Class Map. However, you can include multiple classes in a Policy Map. 2. You must create a Class Map before creating a Policy Map.
Quality of Servic e Commands 4-221 4 matc h This c omman d de fines the cr iteria u sed t o c lassify traffic. U se the no form to delete the matc hing crit er ia. Syntax [ no ] match { access- list acl-nam e | ip dscp dscp | ip pre cedenc e ip-p rece den ce | vlan vlan } • acl-nam e - Name of the access control lis t.
Command Line I nterface 4-222 4 This examp le creat es a clas s map c all “rd_clas s#3,” an d sets it to matc h packets marked for VLAN 1: policy- map This c omman d creat es a policy map that can be attache d to multipl e inter faces, and ent ers Poli cy Ma p conf ig urat ion mo de.
Quality of Servic e Commands 4-223 4 class This comm and d efines a traffic classi fication u pon w hich a po licy ca n act, an d enter s Policy Ma p Class con figur ation mod e. Use the no form to delete a cla ss map and ret urn to P olicy Map con figur at ion mod e.
Command Line I nterface 4-224 4 set This comm and service s IP traffic by setting a CoS, DSCP , or IP Preced ence value in a matc hing pack et (a s specif ie d by the match com mand on pag e 4- 221). Use t he no form to re move the tr affic c lassificati on.
Quality of Servic e Commands 4-225 4 Command Usage • You ca n conf igur e up to 6 3 poli cers (i .e., cl ass map s) f or F ast Ether net and Gigabit Ethern et ingre ss por ts.
Command Line I nterface 4-226 4 show cl ass-map Thi s com mand dis play s th e QoS clas s ma ps whic h def ine matc hing cri ter ia u sed f or classifyin g traf fic. Syntax show c lass- map [ class- map-nam e ] class-map-name - Name o f the cla ss ma p.
Quality of Servic e Commands 4-227 4 Example show pol icy-map inte rface This c omman d disp lays t he service policy assi gned to the spe cified interfac e. Syntax show po licy-m ap interfa ce interface input inte rface • etherne t unit / port - unit - Stack un it 60 .
Command Line I nterface 4-228 4 Multicast Filtering Comma nds This switc h uses IGM P (Interne t Group M anage ment Prot ocol) to que ry for an y attached ho sts that want to re ceive a spe cific m ulticas t serv ice. It ident ifies the ports containing hosts req uestin g a serv ice and sends data ou t to thos e ports on ly .
Multicast Filte ring Commands 4-229 4 The follow ing exam ple enab les IGM P snoopi ng. ip igmp sn ooping vl an static This comm and ad ds a p ort to a multic ast group .
Command Line I nterface 4-230 4 Command Usage • All syst ems on the s ubnet m ust sup port t he sa me vers ion. If there a re lega cy devices in your network that only support Version 1, you will also h ave to configur e this swit ch to use Ver sion 1.
Multicast Filte ring Commands 4-231 4 Command Mode Privileged Exec Command Usage Memb er types dis played incl ude IG MP or USER , dependin g on sel ected options.
Command Line I nterface 4-232 4 Example ip igmp sn ooping qu ery-count This c omman d co nfigures the q uery coun t. Use the no form to res tore the defa ult.
Multicast Filte ring Commands 4-233 4 Command Mode Global Co nfigurat ion Example The fo llowing show s h ow to c onfigu re th e que ry in terval to 1 00 se conds : ip igmp sn ooping qu ery-max-respo nse-time This c omman d co nfigures the q uery repor t dela y .
Command Line I nterface 4-234 4 ip igmp sn ooping router-port-e xpire-time This c omman d co nfigures the q uery timeou t. Use th e no form to resto re the defaul t.
Multicast Filte ring Commands 4-235 4 ip igmp sn ooping vlan mrouter This comm and statica lly configur es a m ulticast ro uter port. U se the no form to remov e the conf iguration.
Command Line I nterface 4-236 4 Command Usage Multicast router port types di splaye d includ e S tatic or Dynam ic. Example The fol lowi ng sho ws t hat port 1 1 in VL AN 1 is at ta ched to a m ult icas t r outer : IGMP Com man ds (Layer 3) ip igmp This comm and en ables IGMP on a VLAN interface.
Multicast Filte ring Commands 4-237 4 Example Related Commands ip i gmp s noo ping (4- 228) show ip igmp s noo ping ( 4- 230) ip igmp robu stval This c omman d sp ecifies the robust ness (i.e., expec ted pack et los s) fo r this int erf ace. Use the no for m of this command to restore the default v alue.
Command Line I nterface 4-238 4 ip igmp qu ery-interval This comm and co nfigures the frequ ency a t which hos t query m essages are sen t. Use t he no form to re store the d efault . Syntax ip igm p qu ery-in terval seco nds no ip igmp query- interv al seconds - The frequency at which the switch sends IGM P host-query messages.
Multicast Filte ring Commands 4-239 4 Command Usage • The switch must be us ing IGMPv2 for this command to t ake effect. • This command defines how long any responder (i.e., client or router) still in th e group h as to resp ond to a que ry me ssage bef ore th e rout er del etes the grou p.
Command Line I nterface 4-240 4 ip igmp ve rsion This c omman d conf igures the IG MP v ersion used on an inter face. Use the no form of this comm and to re store the de fault .
Multicast Filte ring Commands 4-241 4 The follow ing exam ple shows the IGMP configura tion for VL AN 1, as well as the device curr ently servin g as the IGMP qu erier for th is multicast service. clear ip ig mp group This comm and de letes en tries from the IGMP cache.
Command Line I nterface 4-242 4 Command Usage • This comm and disp lays informa tion for mult icast grou ps learn ed via IGM P, not static gr oups. • If the switch receive s an IGMP Ve rsion 1 Mem.
IP Interface Co mmands 4-243 4 IP Interface Commands There are no IP addre sses as signed t o this rout er by defa ult. Y ou mu st manu ally configur e a new add ress to m anage the rout er over yo ur networ k or to conn ect the router t o existi ng IP subne ts.
Command Line I nterface 4-244 4 Default Sett ing DHCP Command Mode Interface C onfigur ation (VLAN ) Command Usage • If this router is directly connec ted to end nod e devic es (or con nected to en .
IP Interface Co mmands 4-245 4 Related Commands ip dhcp restar t client ( 4-122) ip default-g ateway This command specifies t he default gateway for dest inations not found in t he local routing table s. Use the no form t o remov e a defa ult ga tewa y .
Command Line I nterface 4-246 4 Related Commands show ip red irec ts (4 -246 ) show ip redirects Thi s comm and s hows the defaul t g atewa y con figur ed f or t his d evic e.
IP Interface Co mmands 4-247 4 - Net work or hos t unr eac habl e - The gate way fou nd no co rrespo nding entr y in the route t able. • Press < Esc> to s top pingi ng. Example Related Commands int erf ace (4- 143) Address Resolut ion Protocol (ARP) arp This comm and ad ds a static entry in the Addres s Resol ution Prot ocol (AR P) cach e.
Command Line I nterface 4-248 4 Command Usage • The ARP cac he is used to map 32- bit IP addre sses into 48 -bit hardw are (i.e ., Media Access Contro l) addre sses. Thi s cach e includ es entries f or hosts and other rout ers on lo cal netwo rk interfac es def ined on th is router .
IP Interface Co mmands 4-249 4 clear arp-ca che This comm and de letes all dyn amic en tries fro m the Add ress Re solution Protocol (ARP ) c ache. Command Mode Privileged Exec Example This examp le clea rs all dynami c entries in the ARP cac he. show arp Use this com mand t o displa y entries in t he Address Resol ution Prot ocol (ARP) cache .
Command Line I nterface 4-250 4 ip proxy-arp This comm and en ables pr oxy Addres s Resol ution Protocol (A RP). Use the no form to disabl e proxy AR P .
IP Routing Co mmands 4-251 4 Global Routing Confi guration ip routing This comm and en ables IP routing. Us e the no form t o disa ble IP ro utin g. Syntax [ no ] ip routing Default Sett ing Enabled Command Mode Global Co nfigurat ion Command Usage • The comm and a ffects bot h static an d dynami c unica st routing .
Command Line I nterface 4-252 4 • gateway – IP addr ess of the gat eway us ed for th is route. • metric – Select ed RIP cos t for this interf ace. ( Range: 1-5, defau lt: 1) • * – Remove s all st atic routin g table en tries. Default Sett ing No static routes are confi gured.
IP Routing Co mmands 4-253 4 show ip route This command displays information in the IP routing table. Syntax show ip route [ config | addre ss [ netmask ]] • config – Disp lays all st atic rout ing entries .
Command Line I nterface 4-254 4 show ip host-route This comm and disp lays the interfac e assoc iated wit h known r outes. Command Mode Privileged Exec Example Console#show ip host-route Total count: 0 IP address Mac address VLAN Port -------------------- -------------------- ------ ------ 192.
IP Routing Co mmands 4-255 4 show ip traffic This comm and disp lays statistic s for IP , ICMP , UDP , TCP and A RP protoc ols. Command Mode Privileged Exec Command Usage For a descr iption of th e informa tion sho wn by this co mman d, see “Di splaying S tatistics for IP Proto cols” on page 3-217.
Command Line I nterface 4-256 4 Routing Infor mation Protocol (RIP) router rip Thi s com mand e nab les Ro uti ng I nfor mati on Pr otoc ol ( RIP) rou ting for all IP int erf aces on th e ro uter .
IP Routing Co mmands 4-257 4 timers basic This c omman d co nfigures the R IP u pdate timer, timeout t imer , and garb age- coll ec tio n ti me r . Us e th e no form to rest ore the de faults.
Command Line I nterface 4-258 4 network This command specifie s the network inte rfaces that will be included in the RIP routing pr ocess. Use the no form to remove an entry . Syntax [ no ] ne two rk subnet-add ress subnet- addres s – IP addres s of a networ k directl y conn ected to thi s router .
IP Routing Co mmands 4-259 4 Command Usage This comm and ca n be used to configur e a static neighbo r with whi ch this router w ill exchange i nformat ion, rath er than rel ying on bro adcast mes sages generated by the RIP pr otocol. Example vers ion This comm and sp ecifies a RI P versio n used glo bally by th e router .
Command Line I nterface 4-260 4 ip rip receive v ersion This command specif ies a RIP version to receiv e on an interface. Use the no form to restore t he defaul t value. Syntax ip rip receiv e versio n { none | 1 | 2 | 1 2 } no ip rip receive version • none - Does no t acce pt incomi ng RIP packets.
IP Routing Co mmands 4-261 4 ip rip send version This comm and sp ecifies a RI P versio n to send on an interfa ce. Use the no form to restore t he defaul t value. Syntax ip rip send ver sion { non e | 1 | 2 | v2-broa dcast } no ip rip send version • none - Do es not tr ansmi t RI P up dates .
Command Line I nterface 4-262 4 ip split-horiz on This comm and en ables spli t-horizo n or poiso n-reve rse (a var iation) on an i nterface . Use t he no form to dis able split- horizon. Syntax ip split-horizon [ poison-reverse ] no ip split-horizon poison-reverse - E nables pois on-rev erse on the curre nt in terface.
IP Routing Co mmands 4-263 4 • For auth entication to funct ion prop erly, both th e sending and rec eiving interfa ce must b e configur ed with th e same pa sswo rd. Example This examp le sets an aut henticat ion passwor d of “sm all” to verif y incom ing routin g messag es and to tag ou tgoing routing m essages.
Command Line I nterface 4-264 4 show rip g lobals This c omman d disp lays g loba l conf iguration set tings for R IP . Command Mode Privileged Exec Example show ip rip This c omman d disp lays i nform ation a bout interf aces configur ed fo r RI P .
IP Routing Co mmands 4-265 4 Example Console #show i p rip con figur ation Interfa ce Sen dMode R eceiv eMod e P oison Aut hent icati on ------- ----- --- ------- ----- --- - ---- ----- --- - ---- ----- ---- -- ----- ----- ---- -- 10.1.0. 253 ri p1Co mpati ble RIPv1O rv2 Spl itHorizo n noAut henti cation 10.
Command Line I nterface 4-266 4 Open Shortest Path First (OS PF ) T a ble 4-8 9 Open Sho rtest Pa th First Com mands Comman d Function M ode Page General C onfigu ration router ospf Enables or disable.
IP Routing Co mmands 4-267 4 router ospf This c omman d enabl es Op en Sh ortest Pa th First (OS PF) rou ting for all I P interfac es on th e rout er .
Command Line I nterface 4-268 4 Command Usage • The rout er ID mus t be uniqu e for every ro uter in the autonom ous sy stem. Usi ng th e de faul t se tti ng bas ed on the low est i nte rfac e add ress ensu res that each rou ter ID is uniq ue. Als o, note t hat you canno t set t he rout er ID to 0.
IP Routing Co mmands 4-269 4 default-inform ation originate This comm and ge nerates a default ex ternal ro ute into an au tonom ous sys tem. Use the no form to di sabl e th is feat ure.
Command Line I nterface 4-270 4 Related Commands ip route (4-251) redistribute (4-272) timers spf Thi s comm and c onfi gure s th e hol d ti me be tween maki ng two con secut ive shor test path first (SPF) ca lculations . Use the no form to restore the default value.
IP Routing Co mmands 4-271 4 Default Sett ing Disabled Command Usage • This com mand can be use d to adver tis e rout es bet ween ar eas . • If routes a re se t to be advertis ed, the router will issue a Type 3 sum mary LSA for each address r ange sp ecified wi th this com mand.
Command Line I nterface 4-272 4 summar y-address This comm and ag gregate s routes learned from othe r protocol s. Use the no f orm to rem ove a su mma ry a ddre ss. Syntax [ no ] su mmary-ad dress summar y-addr ess n etmas k • summary-a ddress - Summar y addres s cover ing a ran ge of addre sses.
IP Routing Co mmands 4-273 4 Default Sett ing redistr ibution - none protocol - R IP and static metric-v alue - 0 type -me tri c - 2 Command Usage • This route r support s redistri bution for both RIP an d static rout es.
Command Line I nterface 4-274 4 Command Usage • An area ID un iquely defines an O SPF br oadcas t area. T he area ID 0.0. 0.0 indicate s the OSP F backb one fo r an autono mou s system . Each rou ter mu st be connec ted to th e backb one via a dire ct conne ction or a virtual link.
IP Routing Co mmands 4-275 4 Command Usage • All ro uter s in a st ub mus t be conf igur ed wi th t he sa me ar ea I D. • Routing table spac e is saved in a stub b y blocki ng Type -4 AS sum mary LSA s and Type 5 ex ternal LSAs .
Command Line I nterface 4-276 4 Command Usage • All ro uter s in a NSS A mus t be confi gur ed wit h th e sa me ar ea ID. • An NSSA i s simi lar t o a stub , beca use whe n the ro uter is an ABR , it ca n send a de fault rout e for o ther are as in t he AS i nto the N SSA using the default- info rm ati on- or igin at e keywor d.
IP Routing Co mmands 4-277 4 • authenti cation - S pec ifies the aut henticat ion mo de. If no opt ional parameter s follow this keywor d, then plai n text aut hentic ation is use d along with the passwor d sp ecified by t he au thentica tion-key .
Command Line I nterface 4-278 4 Default Sett ing area-id : None router-id : None hel lo-i nter val : 10 second s ret ran smit-i nter val : 5 seco nds transm it-dela y : 1 second dead -int erva l : 40 seconds aut henti cat ion- key : None messag e-diges t-key : No ne Command Usage • All area s must be conn ecte d to a backb one ar ea (0.
IP Routing Co mmands 4-279 4 Command Mode Interface C onfigur ation (VLAN ) Default Sett ing No au th en tica ti on Command Usage • Before s pecifyin g plain-t ext passwo rd authe nticat ion for an int erface , configur e a passwor d with the ip ospf authentication -key comman d.
Command Line I nterface 4-280 4 Example This e xampl e sets a passwor d for the specif ied int erface. Related Commands ip ospf authentication (4-278) ip ospf message-d igest-key This comm and en ables m essag e-digest (MD5) aut henticat ion on th e specifi ed interface an d to ass ign a key- id and key t o be used by ne ighbo ring rout ers.
IP Routing Co mmands 4-281 4 Related Commands ip ospf authentication (4-278) ip ospf cost This comm and ex plicitly s ets the cost of send ing a pack et on an inte rface. Us e the no form to restore the default value. Syntax ip o spf cos t co st no ip ospf cost cost - Link m etric fo r this interfac e.
Command Line I nterface 4-282 4 Example Related Commands ip ospf hello-interval (4-282) ip ospf hel lo-interva l This co mman d spe cifies th e in terval b etwee n sen ding he llo pack ets on an inter face. Use t he no form to re store the d efault value.
IP Routing Co mmands 4-283 4 Default Sett ing 1 Command Usage • Set the priority to zero to prev ent a ro uter from being elect ed as a D R or BDR. If set to any value othe r than zero, the router with th e highest p riority will become the DR and the rout er with the ne xt highe st priorit y become s the BDR.
Command Line I nterface 4-284 4 ip ospf trans mit-delay This command set s the es timated time to s end a link-s tate u pdate packet o ver an int erf ace. Use the no form to restor e the def ault value . Syntax ip ospf trans mit-del ay s econd s no ip ospf transmit-del ay secon ds - S ets the estim ated time required to send a link- state u pdate.
IP Routing Co mmands 4-285 4 show ip ospf border-routers This c omman d show s e ntries in the r outing table th at le ad to an Area Bor der Router (ABR) or Autonomo us System Bo undary Rou ter (ASBR).
Command Line I nterface 4-286 4 show ip ospf databas e This c omman d sh ows inf ormation abou t d ifferent OSPF Lin k St ate A dvertise ments (LSAs) st ored i n this route r ’s database .
IP Routing Co mmands 4-287 4 Command Mode Privileged Exec Examples The follow ing show s output for the show ip ospf database c ommand. Consol e#sh ow ip os pf dat abas e Displa ying R outer Li nk State s(Area 1 0.1. 0.0) Link ID ADV Router Age Seq# Checks um ----- ---- ------ - ------ ------ -- --- --- ---- ----- -- --- ------ -- 10.
Command Line I nterface 4-288 4 The follow ing show s output when usin g the asbr-summary keyword. Consol e#sh ow ip os pf dat abas e asbr -sum mary OSPF Ro uter w ith id(1 0.
IP Routing Co mmands 4-289 4 The follow ing show s output when usin g the data base-summa ry keyw ord . Console#show ip ospf database database-summary Area ID (10.
Command Line I nterface 4-290 4 The follow ing show s output when usin g the ex terna l keywor d. Consol e#sh ow ip os pf dat abas e exte rnal OSPF Rou ter wi th id( 192. 168. 5.1) ( Auto nomo us syst em 5) Displa ying A S Exte rnal L ink St ates LS age: 43 3 Option s: (No T OS-c apab ilit y) LS Type : AS Ext ernal Li nk Link Sta te ID: 1 0.
IP Routing Co mmands 4-291 4 The follow ing show s output when usin g the netw ork ke ywo rd. Consol e#sh ow ip os pf dat abas e netw ork OSPF Ro uter w ith id(1 0.
Command Line I nterface 4-292 4 The follow ing show s output when usin g the ro uter keywor d. Consol e#sh ow ip os pf dat abas e rout er OSPF Ro uter w ith id(1 0.
IP Routing Co mmands 4-293 4 The follow ing show s output when usin g the summary keyw ord. Number o f TOS me trics T ype of Service metric – This rou ter on ly supp orts TOS 0 (or no rmal s ervice) Metrics Cost of the link Consol e#sh ow ip os pf dat abas e summ ary OSPF Ro uter w ith id(1 0.
Command Line I nterface 4-294 4 show ip ospf interface This comma nd displays summary in formation for OSPF interfa ces. Syntax show ip ospf inter face [ vlan vlan-i d ] vlan-i d - VLAN ID (Range : 1-4094) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.
IP Routing Co mmands 4-295 4 show ip ospf neighbor This c omman d disp lays i nforma tion a bout neigh boring route rs on each inter face wit hin an OS PF ar ea. Syntax show ip ospf neighbor Command Mode Privileged Exec Example Console#show ip ospf neighbor ID Pri State Address --------------- ------ ---------------- - -------------- 10.
Command Line I nterface 4-296 4 show ip ospf summary- address This co mmand dis plays all s ummary addre ss infor mation. Syntax show ip osp f summary -address Command Mode Privileged Exec Example This examp le sho ws a sum mary ad dress and associa ted netw ork ma sk.
Multicast Routi ng Commands 4-297 4 Multicast Routing Comman ds This route r uses IGM P snoo ping and qu ery to deter mine the ports connec ted to downstr eam mu lticast hosts, and to pr opagate this .
Command Line I nterface 4-298 4 Default Sett ing No static mult icast router ports are con figured. Command Mode Global Co nfigurat ion Command Usage Depend ing on your network connec tions, IGM P snoo ping ma y not alway s be able to loca te the IGMP querier.
Multicast Routi ng Commands 4-299 4 General Multicas t Routing Commands ip multica st-routing This comm and enables IP mul ticast rou ting. U se the no form to disa ble IP mu ltica st routing.
Command Line I nterface 4-300 4 Command Usage This c omman d disp lays i nformat ion f or mu lticast routin g. If n o op tional parameter s are selec ted, detailed informati on for eac h entry in th e multicast address table is display ed.
Multicast Routi ng Commands 4-301 4 DVMRP Multicast Routing Commands router dvmrp This comm and ena bles Distance -V ector Mult icast Rou ting (DVMR P) global ly for the router and to enter rou ter conf igurati on mode. Use the no f orm to di sable D VMRP multicast routing.
Command Line I nterface 4-302 4 Example Related Commands ip dvmrp (4 -305) show rout er dvmr p (4-307) probe-interva l This comm and se ts the interval fo r sendin g neighbo r probe m essag es to the multicast group add ress for all DVM RP routers. Use the no form to re store the default va lue.
Multicast Routi ng Commands 4-303 4 nbr-timeout This comm and se ts the interval to wait for me ssages from a DV MRP neig hbor bef ore de clar ing it dead. Use the no for m to rest ore the defa ult value. Syntax nbr-timeout secon ds no nbr-timeo ut secon ds - Interval before declaring a neighbor dead .
Command Line I nterface 4-304 4 flash-upda te-interval This co mmand specif ies how often to send tr igger u pdat es, whi ch reflec t cha nges in the netwo rk topolo gy .
Multicast Routi ng Commands 4-305 4 default-gate way This comm and sp ecifies the de fault DVMRP gat eway for IP multicas t traffic. Use the no form to remove the default gateway . Syntax defaul t-gateway ip-address no default-gateway ip-address - IP address of the default DVMRP gateway .
Command Line I nterface 4-306 4 Command Usage T o fully en able DVMR P , you need t o enable mul ticast r outing glo bally for the router w ith t he ip multicast-routing comma nd (p age 4-299), enabl .
Multicast Routi ng Commands 4-307 4 clear ip dv mrp route This comm and clea rs all dyna mic rou tes learne d by DV MRP . Command Mode Privileged Exec Example As show n belo w , this com ma nd clea rs ever ything from the ro ute table e xcept f or the default rout e.
Command Line I nterface 4-308 4 show ip dvmrp route This comm and disp lays al l entries in the D VMR P routing table. Command Mode Normal Exec, Priv ileged Exec Example DMVRP routes are sh own in the.
Multicast Routi ng Commands 4-309 4 show ip dvmrp neighbo r This comm and disp lays al l of the DVMR P neigh bor ro uters. Command Mode Normal Exec, Privileged Exec Example show ip dvmrp interface This comm and displays the DV MRP c onfigu ration f or interfa ces whi ch have enabl ed DVMRP .
Command Line I nterface 4-310 4 PIM-DM Multicast Routing Commands router pim This comm and en ables Prot ocol-Inde pende nt Multica st - Dense Mode (PI M-DM) globally fo r the router and to ent er router c onfigurat ion mode. Use th e no form to disable PI M-DM mu lticast rou ting.
Multicast Routi ng Commands 4-311 4 ip pim den se-mode This comm and en ables PIM -DM on the specified in terface. U se the no form to disable PI M-DM on this interfac e.
Command Line I nterface 4-312 4 ip pim hel lo-interval This comm and co nfigures the frequ ency at whi ch PIM hello mess ages are transmi tted. U se t he no form to re store the de fault val ue. Syntax ip p im he llo -i nte rva l seconds no pim hello-interval secon ds - Interval betw een sending PIM he llo messages.
Multicast Routi ng Commands 4-313 4 ip pim trigge r-hello-interval This comm and co nfigures the maxim um time before tra nsmitt ing a trigg ered PIM Hello mes sage after the router is rebo oted or PIM is enabled on an inter face. Use the no f orm to restore the default va lue.
Command Line I nterface 4-314 4 Command Usage The multica st interfac e that fir st receive s a multic ast stream from a particu lar sour ce f orwar ds th is t raf fic t o all othe r PIM i nte rfac es on t he rou ter .
Multicast Routi ng Commands 4-315 4 Default Sett ing 2 Command Mode Interface C onfigur ation (VLAN ) Example show route r pim This comm and disp lays the global PIM configur ation se ttings. Command Mode Normal Exec, Privileged Exec Example show ip pim interface This c omman d disp lays i nforma tion a bout i nterfac es co nfigured fo r PIM.
Command Line I nterface 4-316 4 show ip pim neighbor Thi s comma nd dis play s inf ormat ion ab out PI M nei ghbor s. Syntax show ip pim neighbor [ ip-address ] ip-address - IP address of a PIM neighbor . Default Sett ing Displays i nformat ion for all kno wn PIM nei ghbo rs.
Router Redundan cy Commands 4-317 4 Virtual Router Redundancy Protocol Commands T o configu re VRR P , select an in terface on o ne router in the group to serve as the mast er v irt ual r oute r . Thi s phys ical int erf ace i s use d as the v irt ual a ddr ess fo r t he router gr oup.
Command Line I nterface 4-318 4 Command Usage • The interf aces of all routers par ticipat ing in a virtu al router group mus t be within th e same IP s ubnet. • The IP addr ess as signed t o the virtu al router mus t alrea dy be con figured on the router that will be t he Owner .
Router Redundan cy Commands 4-319 4 • When a VR RP pack et is recei ved from an other ro uter in the group, its aut hent icat ion key i s comp ared to t he st rin g conf igu red o n th is ro uter . I f the keys m atch, the m ess age is acc epted. Othe rwise, the p acket is discar ded.
Command Line I nterface 4-320 4 vrrp time rs adverti se This comm and se ts the interval at which the master virtual rout er sends advert isements com munica ting its state as t he mast er .
Router Redundan cy Commands 4-321 4 Default Sett ing • Preempt : En able d • Delay: 0 se conds Command Mode Interf ace (VLAN) Command Usage • If preem pt is enable d, and this backup router ha s a priority h igher than the curren t acting master , it will t ake ov er as t he new mas ter.
Command Line I nterface 4-322 4 Example This examp le disp lays the full listing of status informa tion fo r all groups. This examp le disp lays the brief listing of status infor mation f or all groups. Console#show vrrp Vlan 1 - Group 1, state Master Virtual IP address 192.
Router Redundan cy Commands 4-323 4 show vrrp interface This comm and disp lays status i nformat ion for th e specifie d VRRP interface. Syntax show v rrp interf ace vl an vla n-id [ brief ] • vlan-i d - Ide ntifier of con figure d VLAN inte rface.
Command Line I nterface 4-324 4 show vrrp ro uter counters This comm and disp lays cou nters fo r errors fo und in VR RP protoc ol packets. Command Mode Privileged Exec Example Note that un know n error s indicate VRRP packe ts received w ith an un known or unsuppor ted v ersion num ber .
Router Redundan cy Commands 4-325 4 clear vrrp router counters This com mand cl ears VRRP sy stem stati stics. Command Mode Privileged Exec Example clear vrrp inter face counte rs This comm and clea rs VRR P system statistics for the spe cified grou p and in terface.
Command Line I nterface 4-326 4.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS +, Port (802 .1X), HTTPS, SSH, Port Security Acce ss Cont rol L ist s IP , MA C ( Fast Etherne t ports -.
Software Specifi cations A-2 A Quality of Se rvice DiffServ supp orts class ma ps, policy m aps, and serv ice polic ies Multicast Filt ering IGMP S noopi ng (La yer 2) IGMP (Layer 3) Multicast Ro utin.
Management Infor mation Bases A-3 A IEEE 802.3- 2002 Ethernet, Fast Ethernet, G igabit Ethe rnet Link Ag greg atio n Cont rol Pr otoc ol ( LACP) Full-duplex flow contro l (ISO/IEC 8 802-3) IEEE 802.
Software Specifi cations A-4 A Port Access Entity MIB (IEEE 802 .1X) Port Access Entity Equipment MIB Private MIB Quality of Se rvice MIB RADIUS Authentication Client MIB (RFC 2621) RIP1 MIB (RFC 1058.
B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Interface T able B -1 T rou bles hooti ng Cha rt Sympt om Act io n Cannot co nnect using T e lnet, web brow ser, or SNMP software • Be su re the s witch i s powe red up. • Check netwo rk cabl ing bet ween t he man agement station and th e switc h.
T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer to the I nstallati on Guide to ens ure that the problem you encount ered is actually ca used by the switch. If the prob lem app ears to be c aused by th e swit ch, fol low t hese st ep s: 1.
Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it netw ork traf fi c and rest ric t acce ss to cer tai n users or dev ices by checkin g each packet for certain I P or MAC (i.e., Laye r 2) inform ation . Address Reso lution Protocol (ARP) ARP conv erts between I P addresse s and M AC (i.
Glossary Glossar y-2 Distance Ve ctor Multicast Routi ng Protocol (DVMRP) A distance-ve ctor-st yle routing pr otocol used for routing mu lticast datagra ms through th e Internet . DVMRP co mbines many of the feature s of RIP with Re verse Path Forward ing (RPF).
Glos sary -3 Glossary IEEE 802.1Q VLAN T agging—Defines Ethernet f rame tags which c arry VLAN informatio n. It allows switches to assign end stations to different virtua l LANs, and define s a standard wa y for VL ANs to co mmunic ate ac ross sw itched networ ks.
Glossary Glossar y-4 In-Band Manage ment Manage ment of the netwo rk from a stati on attached di rectly to the networ k. IP Multicast Filtering A process whereb y this swit ch can pass multica st traffic along to part icipating hosts.
Glos sary -5 Glossary Network Time Prot ocol (NTP) NTP prov ides the m echan isms to syn chro nize time acr oss the ne twor k. The tim e server s operate in a hierarc hical-m aster-sl ave co nfigurat ion in orde r to synch ronize local clo cks within the sub net and to nationa l time standar ds via wire or radio.
Glossary Glossar y-6 Dense Mo de is de signed for networks where t he probab ility of a mu lticast cl ient is high a nd fre quent flooding of multi cast tr affic can be j ustified.
Glos sary -7 Glossary Telnet Defines a r emote communicati on facility fo r interfaci ng to a ter minal device over TCP/IP . Termin al Access Con troller Ac cess Cont rol System Plus (TACACS+) TACACS+.
Glossary Glossar y-8.
Index-1 Numerics 802.1X, po rt authenticatio n 3-67, 4-79 A accepta ble fram e type 3-144 , 4-192 Acce ss Cont rol L ist Se e ACL ACL Extende d IP 3- 77, 4- 87, 4- 88, 4- 90 MAC 3-77, 4- 87, 4- 99, 4-.
Index-2 Index Dynami c Host Co nfigurati on Protoc ol See DHC P E edge port , STA 3-12 6, 3-128 , 4-181 event logg ing 4-43 F firmware displayi ng v ersion 3- 13, 4- 62 upgrading 3-21, 4- 64 G GARP VL.
Index-3 Index MSTP 4- 171 global s ettings 3-129, 4- 170 interface s ettings 3 -127, 4- 170 multicast filtering 3 -169, 4- 228 multicast groups 3-175, 3-18 1, 4-2 30 displayi ng 3-181 , 4-230 static 3.
Index-4 Index specifyi ng int erfac es 3-2 28, 4-25 8 sta tist ics 3-23 2, 4-2 65 router r edun dancy protocol s 3-196, 4- 316 VRRP 3-197 , 4-317 routing tabl e, disp laying 3- 224, 4-2 53, 4-254 RSTP.
Index-5 Index private 3-1 46, 4- 197 protocol 3- 147, 4-1 98 VRRP 3-197 , 4-317 authenti cation 3- 199, 4 -318 configur ation se ttings 3-19 7, 4 -317 group st atistics 3-20 3, 4-321 preemp tion 3-19 .
Index-6 Index.
.
ES3628C E032005-R 01 14910000 5100H.
デバイスAccton Technology ES3628Cの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Accton Technology ES3628Cをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはAccton Technology ES3628Cの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Accton Technology ES3628Cの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Accton Technology ES3628Cで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Accton Technology ES3628Cを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はAccton Technology ES3628Cの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Accton Technology ES3628Cに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちAccton Technology ES3628Cデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。