SMC NetworksメーカーSMC7816VSWの使用説明書/サービス説明書
ページ先へ移動 of 962
T igerAccess ™ EE 6-Band VDSL2 Switch ◆ 16 VDSL Downlink Ports (1 RJ-21 Co nnector) ◆ 2 Gigabit Ethernet Com bination Ports (RJ-45/SFP) ◆ 1 Fast Ethernet Managemen t Port (RJ-45) ◆ Non-block.
.
20 Maso n Irvine, CA 9261 8 Phone: (9 49) 67 9-8000 T igerAccess ™ EE Manag ement Guide From SMC’ s T i ger line of f eature-ri ch work group LA N solutio ns Janu ary 2 007 Pub.
Information fu rnished by SMC Netw orks , Inc. (SMC) i s believ ed to be acc urate a nd reliab le. How ever , no respon sibility is assumed by SMC for its use, nor for an y infring ements o f patents or ot her rights o f third par ties which may res ult fr om i ts use.
v L IMITED W ARRANTY Limited W arranty Statement: SM C Networks, Inc. (“SMC” ) warran ts its pr oducts to b e free from defect s in w orkmanship and materials , under normal use and ser vice, for the applicable wa rr anty term.
vi WARRA NTIES EXCLUSIV E: IF AN SMC PR ODUCT DOES NOT OPE RATE AS W ARRANTED ABO VE, CUSTOMER’ S SOLE REM ED Y SHALL BE REP AIR OR REPLA CEMENT OF THE PRODUCT I N QUES TION , AT SMC’S OPTION .
vii T ABLE OF C ONTENTS Section I Getting Started 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Featu res . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descripti on of Software Features .
T ABLE OF C ONTENTS viii Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 4 Basic Management Tasks . . . . . . . . . . . . . . . . . . . . . . 4-1 Displaying Sy stem Inform ation . . . . . . . . . . . .
T ABLE OF C ONTENTS ix Setting SNMP v3 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24 6 User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Configuri ng User Account s . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS x 9 Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Displaying C onnectio n Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Configuri ng Interface C onnections . . . . . .
T ABLE OF C ONTENTS xi Configuri ng Interface Settin gs for MSTP . . . . . . . . . . . . . . . . . . . . . . 12-27 13 VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Selecting th e VLAN Oper ation Mode . . . . . . . . . . .
T ABLE OF C ONTENTS xii 15 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Configuring Qu ality of Service P arameters . . . . . . . . . . . . . . . . . . . . . 15-2 Configuri ng a Class Map . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xiii Console C onnectio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1 Telnet Co nnection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2 Entering Commands . . . . . . . . . . .
T ABLE OF C ONTENTS xiv show bme version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-10 show cp u utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-11 show mem ory status . . . . . . . . . . .
T ABLE OF C ONTENTS xv SMTP Alert Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48 logging se ndmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48 logging se ndmail level . . . . . . .
T ABLE OF C ONTENTS xvi Authentic ation Sequen ce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 authenti cation login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 authenti cation ena ble . . .
T ABLE OF C ONTENTS xvii dot1x max- req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36 dot1x port-c ontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36 dot1x oper ation-mode . . . . . . .
T ABLE OF C ONTENTS xviii 24 Access Control List Commands . . . . . . . . . . . . . . . . . 24-1 IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 access-list ip . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xix show inte rfaces counte rs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14 show inte rfaces swit chport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-16 26 Link Aggregation Commands .
T ABLE OF C ONTENTS xx lre interl eave-max-de lay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-25 lre datarat e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-26 lre rate-se t . . . . . . . . . .
T ABLE OF C ONTENTS xxi Displaying V DSL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-61 show lre ban d-plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-62 show lre op tion-band . . . . . . . . .
T ABLE OF C ONTENTS xxii 31 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . 31-1 spanning-t ree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-3 spanning-t ree mode . . . . . . . . . . . . .
T ABLE OF C ONTENTS xxiii vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-8 Configuri ng VLAN Inte rfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-9 interfac e vlan . . . .
T ABLE OF C ONTENTS xxiv show que ue bandwid th . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-9 show que ue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-10 Priority C ommands (Layer 3 and 4) . . . . .
T ABLE OF C ONTENTS xxv ip igmp snoo ping query-in terval . . . . . . . . . . . . . . . . . . . . . . . . 35-9 ip igmp snoo ping query-max-r esponse-time . . . . . . . . . . . . . . 35-10 ip igmp snoo ping router-po rt-expire-tim e . . . . . . . . . .
T ABLE OF C ONTENTS xxvi 37 DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 DHCP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 ip dhcp rest art client . . . . . . . . . . .
T ABLE OF C ONTENTS xxvi i Section IV Appendices A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . A-1 Software Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A -1 Managem ent Features .
T ABLE OF C ONTENTS xxviii.
xxix T ABLES Table 1-1 Key Fea tures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Table 3-1 Web Page Configuration Buttons .
T ABLES xxx Table 20-4 show bme ve rsion - display d escription . . . . . . . . . . . . . 20-11 Table 20-5 show cpu utilization - display description . . . . . . . . . . . 20-12 Table 20-7 System Mode Commands . . . . . . . . . . . . . . . . . . . . .
T ABL ES xxxi Table 24-1 Access Cont rol List Com mands . . . . . . . . . . . . . . . . . . . . 24-1 Table 24-2 IP ACL Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 Table 24-3 MAC ACL Comman ds . . . . . . . . . . . . . . . .
T ABLES xxxii Table 32-5 Commands for Display ing VLAN Information . . . . . . 32-16 Table 32-6 Private VLAN Co mmands . . . . . . . . . . . . . . . . . . . . . . . 32-17 Table 32-7 Protocol-base d VLAN Comma nds . . . . . . . . . . . . . . . . 32-20 Table 32-8 IEEE 802.
xxxiii F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Front Pane l Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 4-1 System Infor mation . . . . . . . .
F IGU RES xxxiv Figure 6-5 SSH Server Setting s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17 Figure 6-6 802.1X Global Inform ation . . . . . . . . . . . . . . . . . . . . . . 6-21 Figure 6-7 802.1X Global Configuration . . . . . . . .
F IGU R ES xxxv Figure 10-5 VDSL Perform ance Statistics . . . . . . . . . . . . . . . . . . . . 10-28 Figure 10-6 Alarm Profile Config uration . . . . . . . . . . . . . . . . . . . . . 10-35 Figure 10-7 CPE Informati on . . . . . . . . . . . . . . . .
F IGU RES xxxvi Figure 14-10 IP Port Prior ity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17 Figure 15-1 Configuri ng Class Maps . . . . . . . . . . . . . . . . . . . . . . . . . 15-5 Figure 15-2 Configuri ng Policy Map s . . . .
S ECTION I G ETTING S TARTED This secti on pro vid es an o v er view of t he swit ch , and i ntroduce s some bas ic concept s abo ut n etw ork swit che s . It also desc ribe s the b asic sett ings required t o access t he management interfac e. Introdu ction .
G ETTING S TAR TED.
1-1 C HAPTER 1 I NTRODUCTION This sw itch provides a broad range of features for La yer 2 switc hing. It include s a managem ent agent that allo ws yo u to con figure the featu res listed in this man ual. T he default configuration can be used for most of the featu res pro vided by this switc h.
K EY F EATURES 1-2 User Authentication Console, Tel net, web – Us er name / pass word, RADIUS, TACA CS+ Web – HTTP S Telnet – SSH SNMP v1/2c - Comm unity strings SNMP version 3 – MD5 or SHA password Port – IEEE 802.1X Client Security Private VLANs, I EEE 802.
I NTROD UCTION 1-3 Descri ption of Softwa re Featu res Th e switch provide s a wide rang e of a dvanced per for mance enhanc ing featu res . Flow co ntrol el imina tes the l oss of pack ets due to bo ttlenec ks caused by port saturation .
D ESCRIPTION OF S OF TWAR E F EATURES 1-4 server to v erify the clien t’ s righ t to a ccess t he netw ork via an authen ticati on ser ver (i.e., RADIUS ser v e r).
I NTROD UCTION 1-5 P or t T r unking – P or ts can be combi ned into an ag gregate connection . T r unks can be manually set up or dynamic ally configured using IEEE 802.
D ESCRIPTION OF S OF TWAR E F EATURES 1-6 Spanning T ree Algorithm – The switch suppo rts these span ning tree protoc ols: Spanning T ree Protocol (STP , IEEE 802.
I NTROD UCTION 1-7 • Simplif y networ k management for no de chang es/move s by remotely confi guring VLA N membershi p for any p ort, ra ther than havin g to manua lly cha nge the network connecti on. • P rovide data security by restricting all traffic to the originating VLAN .
D ESCRIPTION OF S OF TWAR E F EATURES 1-8 Multicast Filteri ng – Specific multicast traffic can be assigned to its own VLAN to ensure th at it does not in terfer e with normal netw ork tr affic and to guarantee real-time delivery by setting the required priority leve l for the desig nated V LAN .
I NTROD UCTION 1-9 System Defaults The swit c h’ s sys tem defaults are provided in the configuration file “Factor y_Default_ Config.cfg. ” To reset th e switch defaults, this file should be s et as the star t up conf iguration file (page 4-20).
S YSTEM D EFAULTS 1-10 Web Managemen t HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP SNMP Agent Enabled Community St rings “public” (rea d onl.
I NTROD UCTION 1-11 Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filterin g Disabled Switchport Mode (Egress Mo de) Hybrid: tagged /untagged fra mes GVRP (globa l) Disabled GVR.
S YSTEM D EFAULTS 1-12 Multicast Filt ering IGMP Snooping Snooping: Enabled Querier: Disable d IGMP Filtering /Throttling Disabled Multicast VLAN Registration Disabled System Log Status Enabled Messag.
2-1 C HAPTER 2 I NITI AL C ONFIGURATI ON Connect ing to the Swi tch Configuration Opt ions The switc h includes a b uilt-in netw ork management agent. The agent offer s a variety of m anage ment opt ions, including SNM P , RM ON and a web-base d inter face.
C ONNECTING TO THE S WITCH 2-2 The swi tch’ s web interfac e, CLI confi gurati on pro gram, and SN MP agent allow you to perf or m the following manage ment func tions: • Set user n ames and pa ss.
I NITIAL C ONFIGURATION 2-3 T o connect a terminal to th e con sole port, com plete the foll owi ng steps: 1. Connect t he cons ole cab le to the s erial port on a terminal, or a PC r unning ter minal em ulation software, and tighte n the captive retaining screw s on the D B-9 co nnect or .
B ASIC C ONFIGURATION 2-4 Remote Connections Prior to accessi ng the s witch ’ s onboard a gent via a net wo rk connect ion, you mu st first conf igure it with a valid IP address , subn et mask , and de fault g ateway using a con sole con nection, DH CP or BOO TP protoc ol.
I NITIAL C ONFIGURATION 2-5 Acces s to both CL I levels are co ntrolle d by user name s and pass w ords. The switch has a default user name and password for each lev el. T o log into the CLI at the Privileg ed Exec lev el using the default user nam e and passw ord, pe rform th ese steps: 1.
B ASIC C ONFIGURATION 2-6 4. T ype “u ser name admi n password 0 passw ord , ” for the Privi leged Exec level, where passwo rd is yo ur new passw ord. Pres s <Ente r>. Setting an IP Address Y ou must est ablish IP address infor mation for the switch to obtain manageme nt access th rough t he net w ork.
I NITIAL C ONFIGURATION 2-7 Using t he ded icated managemen t port pro vides a bac k ch annel for troub leshoot ing when t he switch c annot b e reached th rough t he data network. T o provide addition al secur ity ag ains t eavesdropping o n manag ement traffic, leave the IP address for the data ne tw o rk (i.
B ASIC C ONFIGURATION 2-8 9. Th en follow the ste ps indicated in t he next section t o assign an IP address to this VL AN using manual configuration or automati c config uration via DHCP o r BOOTP . Note: If you put the uplink ports (Ports 17 and 18) in a separate management VLAN, do not change their default VLAN ID.
I NITIAL C ONFIGURATION 2-9 Before you can assig n an IP a ddress to th e switc h, you m ust obtain the following info r matio n from your ne twork administ rator : • IP address for the sw itch • Network mask for this network • Default gateway f o r the n etwork T o ass ign an IP add ress to the switch, comple te the following steps: 1.
B ASIC C ONFIGURATION 2-10 T o automati cally co nfigure the swit ch b y communica ting with BOOTP o r DHCP addr ess alloca tion ser vers on the network, complete the following step s: 1. Fro m the Glo bal Co nfigura tion mod e pro mpt, typ e “inter face vlan 1” to acce ss the interface-co nfigura tion mo de .
I NITIAL C ONFIGURATION 2-11 Enabling SNMP Management Access The swi tc h can be conf igured to accept managem ent com mands from Simple Ne twork Manage ment Prot ocol (SNMP ) application s such as HP OpenView . Y ou can c onfigur e the switc h to (1) respond to SNMP req uests or (2) generate SNMP traps .
B ASIC C ONFIGURATION 2-12 T o prev ent unauthoriz ed access to the switc h from SNM P v ersion 1 o r 2c clients, it is recommend ed that you ch ange th e default community strings. T o configure a comm unity string, co mplete th e follo wing s teps: 1.
I NITIAL C ONFIGURATION 2-13 Then press <E nter>. F or a more det ailed de scription o f these parame ters , see “s nmp-server host” on page 21-6.
M ANAG ING S YSTEM F ILES 2-14 Managing System Files Th e switch’ s flash me mor y suppor ts three types of syste m files that can be managed b y the CLI pr ogram, web i nterfac e, or SNMP . The switc h ’ s file syste m allow s file s to be uploade d and do wnloade d, copied, dele ted, and set as a start-up file .
I NITIAL C ONFIGURATION 2-15 In the s ystem flash memory , on e file of eac h type must be s et as the start-up file. Durin g a system boot, the diagnostic and o peration co de files set as the start-up file are run, and then the start-up configur ation file is loaded.
M ANAG ING S YSTEM F ILES 2-16 T o sa ve the cu rrent configura t ion s etti ngs , enter the follo wing comman d: 1. Fro m the Privileg ed Exec mo de prom pt, type “c opy r unni ng-confi g startup- config ” and press <Enter >. 2. Enter th e name of the start-up fil e.
S ECTION II S WITCH M ANAGEMENT This secti on descr ibes the basi c swit ch fe atures , along w ith a d etail ed desc riptio n of ho w to con figure ea ch fe ature v ia a we b bro wser , and a brief exampl e for the Co mmand Li ne Inter face . Configuri ng the Switch .
S WITCH M ANAG EMENT.
3-1 C HAPTER 3 C ONFIGU RING THE S WITCH Using the We b Interfac e Th is switch provides a n embed ded HTTP web ag ent. U sing a web browse r you c an con figure the swit ch and view st atis tics to monito r netw ork acti vity .
C ONFIGURING THE S WI TCH 3-2 Notes: 1. Yo u are allow ed three at tempts to enter the c orrect pas sword; on th e third fai led atte mpt the current connec tion is terminate d. 2. If you log into th e web interface as guest (Normal Exec level), you ca n view t he conf igura tion set ting s or chan ge the gues t password.
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-3 Navigati ng the Web Br owser I nterface T o access the w eb-bro w ser inte rface yo u must first enter a us er name a nd passw ord. T he ad ministrator has R ead/W rite access to all configurat ion paramete rs and statis tics .
C ONFIGURING THE S WI TCH 3-4 Configuration Opt ions Configur able parameters ha ve a dialog box o r a dro p-dow n list . Once a config uration cha nge has been made on a pag e, be sure to c lick on the Apply bu tton to con fir m the new setting. The fol lowing table summa rizes the w eb p age config uratio n butt ons .
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-5 Main Menu Using t he onbo ard w eb agent, y ou can defin e syst em paramet ers , manage and control the switch, and all its por ts, or monitor network condition s . The following table briefly des cribes the selection s av ailab le from this prog ram .
C ONFIGURING THE S WI TCH 3-6 Reset Restarts the switch 4-36 SNTP 4-37 Configuration Configures SNTP client settings, including a s pecified list of servers 4-3 7 Clock Time Zone Sets the local time z.
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-7 802.1X Port au thentication 6-19 Information Displays gl obal configuration s ettings 6-21 Configura tion Configures glob al configurati on parameter.
C ONFIGURING THE S WI TCH 3-8 Trunk Configu ration Configure s trunk connectio n settings 9-4 Trunk Membership Specifies po rts to group into static trunks 9-9 LACP 9-11 Configuration A llows ports to.
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-9 VDSL 1 0-1 Global Confi guration Configures global VDSL vari ables which can be applied to all ports 10- 1 VDSL Port Configura tion Configure s commu.
C ONFIGURING THE S WI TCH 3-10 Spanning Tree 12-1 STA Information Displays STA values used for the bridg e 12-4 Configura tion Co nfigures glob al bridge set tings for STP, RST P and MSTP 12- 8 Port I.
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-11 Static Membership by Port Configures membership type for interfaces, including tagged, un tagged or forbidden 13-14 Port Configuration S pecifies de.
C ONFIGURING THE S WI TCH 3-12 IPv6 Mapping Assigns IPv6 tr affic classes to one of the Class-of-S ervice values 14-15 IP Port Priority Status Globally enables or disables IP Port Priority 14-16 IP Po.
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-13 IGM P Filter/ Thrott l in g Trunk Configuration Assigns IG MP filter profiles to tru nk interfaces and sets throttle mode 16-18 MVR 16-20 Configurat.
C ONFIGURING THE S WI TCH 3-14.
4-1 C HAPTER 4 B ASIC M ANAGEMENT T ASKS This c hapte r descr ibes t he ba sic func tions required to set up mana g ement access to the switc h, displa y or upg rade operati ng so ftw are, or reset the system .
B ASIC M ANAG EMENT T ASKS 4-2 • Web Secure Serv er Port – Shows the TCP port used by the HTTPS interface. • Telnet Server – Shows if management access via Telne t is enabled. • Telnet Server Port – Shows the T CP port used b y the Telne t inter face.
D ISPLAY ING S YSTEM I NFOR MATION 4-3 CLI – Specify the h ostname, location and contact infor m ation. Console(config)#hostname R&D 5 20-2 Console(config)#snmp-server location WC 9 21-5 Console.
B ASIC M ANAG EMENT T ASKS 4-4 Display ing System Health Use the Sy stem Health Infor matio n page to display the status of the fa ns , internal temperature, main board, CPU , and system memory . Field Attribut es General Status • Fan Status – The fan’s fun ctioning status.
D IS PLAYING S YSTEM H EALTH 4-5 • Free Amount – Amou nt of memo ry curr ently fr ee for u se. • Freed / Total – Percent age of free m emory com pared to total me mory. • Utiliza tion Raising Alarm Thre shold 1 – Rising thre shold f or memory utilization alarm.
B ASIC M ANAG EMENT T ASKS 4-6 CLI – Use the fo llo wing co mmands t o dis play the stat us of th e CPU and system mem or y . Console#show cpu utilization 20-11 CPU current utilization : 73% Max uti.
D ISPLAY IN G H ARDW AR E /S OFTWARE V ERSIONS 4-7 Displaying Hardware/Software Versions Use the Switch Infor matio n page to d isplay hardware/fir mware v ersion numbe rs for the main board an d management softwa re, as well as t he pow er status of th e system.
B ASIC M ANAG EMENT T ASKS 4-8 These additi onal param eters are disp laye d for the CLI. • Unit ID – Unit number in st ack. • BME firmware version – Version num ber of Bu rst Mode Engine.
D ISPLA YIN G B RIDGE E XTEN SIO N C APABILITIES 4-9 CLI – Use the followin g command to display version infor mation. Display ing Bridge Extens ion Capabil ities Th e Bridg e MIB includ es extens ions for ma naged devices th at suppor t Multicast Filtering , T raffic Classes, and V irtual LANs .
B ASIC M ANAG EMENT T ASKS 4-10 • Configurable PVID Tagging – This sw itch allows you to o verride the def ault Port VLAN ID (P VID use d in f rame tags ) and egr ess stat us (VLAN- Tagged o r Unta gged) o n each p ort. ( Refer to “VLAN Configuration” on page 13-1.
S ETTING THE S WITCH ’ S IP A DDRESS 4-11 CLI – Enter the following command. Setting th e Switch’ s IP Address Th is section d escribe s how to config ure an IP interfa ce for m anage ment access ov er the netw ork. The IP addres s for t his switc h is obtained via DHCP b y default .
B ASIC M ANAG EMENT T ASKS 4-12 will not func tion u ntil a re ply has been received from th e server. Requests will be broadc ast periodically by the switch for an IP addres s. (DHCP/BOOTP values can include the IP ad dress, subnet mask, and default ga teway.
S ETTING THE S WITCH ’ S IP A DDRESS 4-13 CLI – Specify t he mana gement interface , IP ad dress an d default gatew ay . This examp le first sets up a dedica ted VLA N for ma nagement acces s . It adds P or t 19 (t he management port) to that VLAN and also remov es this port from th e VLAN 1, whic h is left for u se by the d ata netw ork.
B ASIC M ANAG EMENT T ASKS 4-14 Using DHCP/BOO TP If you r network p rovide s DHCP /BOO TP ser vices, you can conf igure the switc h to b e dynamic ally co nfigur ed by t hese se r vices . We b – Click System, IP Configuratio n. Specify the VLAN to whic h the manag ement st ation is attache d, set the IP Address Mode to DH CP or BOOTP .
S ETTING THE S WITCH ’ S IP A DDRESS 4-15 This examp le first sets up a dedica ted VLA N for ma nagement acces s . It adds P or t 19 (t he management port) to that VLAN and also remov es this port from th e VLAN 1, whic h is left for u se by the d ata netw ork.
B ASIC M ANAG EMENT T ASKS 4-16 Configu ring Suppo rt for Jumb o Frames The switc h pro vides more effic ient th roughput fo r large seq uential d ata transfer s by suppor ting jumb o frames up to 9216 bytes . Compar ed to standard Ethernet frames that r un only up to 1.
M ANAGIN G F IR MW ARE 4-17 Managing Firmwa re Y ou can uploa d/downloa d fir mware to or from a TF TP ser ver. By savi ng r untime code to a file on a TFTP ser v er, that file can later be downloaded to the sw itch to restor e opera tion. Y ou can a lso set th e switch to us e new fir mware without overwriting the previous version.
B ASIC M ANAG EMENT T ASKS 4-18 Downloading System Software from a Server When do wnlo ading runtime code , yo u can s pecify t he dest inati on fi le name to replace the cu rrent image, or fi rst do wnload the fil e using a differe nt name from the c ur rent r unt ime code file , and the n set t he new file as the star tup file.
M ANAGIN G F IR MW ARE 4-19 If you download to a new destinatio n file, go to t he File Manageme nt, Set Start-Up me nu, mark the operation code file used at startup , and click Apply . T o start the new fi r mwa re, reboot th e system via the Sys tem/R eset menu.
B ASIC M ANAG EMENT T ASKS 4-20 T o start the new fir mwa re, en ter th e “reload” command or reb oot the system . Saving or Resto ring Conf iguratio n Settings Y ou can upload /downloa d configur ation sett ings to/fr om a TFTP s er ver , or copy files to and from switch units in a stack.
S AVING OR R ESTORING C ONFIGURATION S ETTINGS 4-21 - run ning-c onfig to file – Copies the running configuration to a file. - runni ng-c onfi g to startup -conf ig – Copies th e runn ing co nfig to the startup c onfig. - run ning- conf ig to tftp – Copies the ru nning config urati on to a TFTP server.
B ASIC M ANAG EMENT T ASKS 4-22 Downloading Configuration Setting s from a Server Y ou can do wnlo ad the co nfig uratio n fi le under a new f ile na me an d then set it as the s tartup file , or y ou can speci fy the c urrent startup configuration file as the desti nation file to directly re place it.
S AVING OR R ESTORING C ONFIGURATION S ETTINGS 4-23 If you downloa d to a new f ile name us ing “tftp to star tup-co nfig” or “tf tp to file, ” t he file is automatica lly set as the start-up c onfiguration file. T o use the ne w sett ings , reboot th e syst em via the System/R eset men u.
B ASIC M ANAG EMENT T ASKS 4-24 Console Port Settings Y ou can access the onboard configuration program by attaching a VT100 compa tible de vice to the swit ch’ s serial co nsole port. Managemen t acce ss throu gh the co nsole po rt is contro lled by various parame ters, includin g a password, time outs, and basic com munication se ttings.
C ONSOLE P ORT S ETTINGS 4-25 device connected to the serial por t. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Au to; Default: Auto) • Stop Bits – Sets the numb er of the stop b its transmit ted per byte. ( R a n g e :1 - 2 ;D e f a u l t : 1 s t o p b i t ) • Password 2 – Specifi es a pas sw ord for th e line co nnection .
B ASIC M ANAG EMENT T ASKS 4-26 CLI – Enter Li ne Confi guratio n mode for the c onsole , then specif y the connec tion p aramete rs as required. T o displa y the current conso le port settings, use th e show line command from the Nor mal Ex ec level.
T ELNET S ETTINGS 4-27 • Login Timeout – Sets th e interval that the sys tem wai ts for a user t o log into the CLI. If a login att empt i s n ot dete cted withi n the t imeou t inte rval, the connect ion is t erminat ed for th e sessi on.
B ASIC M ANAG EMENT T ASKS 4-28 We b – Click Sys tem, Line , T elnet. Speci fy the co nnection paramete rs for T elnet access , then c lick Appl y . Figure 4-14 Configuring the Telnet Interface CLI – Enter Line Conf iguration mode fo r a virtual ter minal, the n specify the co nnection p arameters as require d.
C ONFIGURING E VENT L OG GING 4-29 Conf igurin g Even t Logging The switch allows you to control the log ging of er ror messages, including the ty pe of ev ents that are record ed in sw itc h memory , log ging to a rem ote System Log (sys log) server , and di spla ys a list of re cent eve nt messages .
B ASIC M ANAG EMENT T ASKS 4-30 • RAM Level – Limits l og messages saved to th e switch ’s tem pora ry RAM memory for all levels up to the specifi ed level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM.
C ONFIGURING E VENT L OG GING 4-31 CLI – Enable system log gin g and t hen spe cify th e lev el of mess ages to be logg ed to RAM and flash m emory .
B ASIC M ANAG EMENT T ASKS 4-32 • Host IP Address – Specifie s a new se r ver IP add ress to add to the Hos t IP List. We b – Click System, Logs , Remo te Logs . T o add an IP add ress to the Hos t I P L i st , t y p e t h e n e w I P a d d r e s s i n t h e H o s t I P Ad dr e s s b ox , a n d t h e n c l i c k Add.
C ONFIGURING E VENT L OG GING 4-33 CLI – Enter the syslo g ser ver host IP address , choose the facility type and set the log ging trap . Displaying L og Messa ges Use the Log s page to scrol l throug h the logged system and ev ent messages . The switch can store up to 2048 log entries in temporar y random access memor y (RAM; i.
B ASIC M ANAG EMENT T ASKS 4-34 CLI – This exampl e sho ws th e ev ent mes sage sto red in RAM. Sending Simple Mail Transfer Protocol Alerts T o alert syst em admini strato rs of problems , the switc h can us e SMTP (Simple Mail T r ansfer P rotocol ) to se nd email messag es when trig g ered by log ging ev ents of a specif ied lev el.
C ONFIGURING E VENT L OG GING 4-35 We b – Clic k System, Log, SMTP . Enable SMTP , specify a source email address , and select the minimum sev erity leve l. T o add an IP address to the SMTP Ser v er List, typ e the new I P address in t he SMTP Server field and click Add.
B ASIC M ANAG EMENT T ASKS 4-36 CLI – Enter the IP addr ess of at least one SMTP s er v er, set the sysl og severity lev el to trig g er an email messag e, and specify the switch (source) and up to five recipie nt (desti nation) em ail address es . Enable SM TP with the logging sendmai l command to com plete th e con figuratio n.
S ETTING THE S YSTEM C LOCK 4-37 CLI – Use th e rel oad co mmand to restart th e switch . Note: When restarting th e system, it will always run the Power-On Self-Test. Setting th e System Cl ock Simple Network Time Protocol (SNTP) allows the switch to set its int ernal cloc k based on periodic up dates fro m a tim e server (SNTP or NTP) .
B ASIC M ANAG EMENT T ASKS 4-38 • SNTP Ser ver – Sets the I P addres s for up to thr ee time s ervers. Th e switch att empts to up date the time from the first serv er, if this fails it attempts a n update fr om the next ser ver in the se quence. We b – Select SNTP , Conf iguration .
S ETTING THE S YSTEM C LOCK 4-39 Setting the Time Zone SNTP uses Co ordinat ed Univ ersal Time (o r UTC , formerly Greenwic h Mean T ime , or GMT) bas ed on the ti me at the Ea rth’ s prime m eridi an, zero deg rees long itude.
B ASIC M ANAG EMENT T ASKS 4-40.
5-1 C HAPTER 5 S IMPLE N ETWORK M ANAGEME NT P ROTOCOL Simple Ne twork Manage ment Prot ocol (SNMP) is a communica tion protoc ol desig ned spec ifically f or managi ng device s on a network. Equipmen t commo nly managed with SNMP include s switc hes , routers and h ost compu ters.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-2 Access to the switch using from c lients using SNMPv3 provides additional securi ty featur es that co ver message in tegrity , auth entica tion, and encr yption; as well as controlling use r access to specific areas of th e MIB tree.
5-3 Note: The predef ined defaul t grou ps and vi ew can be delete d from t he system . You ca n then def ine customized grou ps and views f or the SNMP clients that require access.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-4 Enabling t he SNMP Agen t Enables SNMPv3 ser vice for all m anageme nt clients ( i.e., v ersions 1, 2c , 3). Command Att ribut es SNMP Age nt Status – Enables SNMP on the switch. We b – Click SNMP , Ag ent Status .
S ETTING C OMMUNITY A CCESS S TRINGS 5-5 • Community String – A community s tring that ac ts like a password and permits access t o the SNM P proto col.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-6 Specifyi ng T rap Man agers a nd Tra p Types T rap s indicatin g status chang es are iss ued by the switch to specifie d trap managers .
S PECIFYING T RAP M ANAG ERS AND T RAP T YPES 5-7 To se nd an in form to a SNMPv3 host , comp lete thes e steps : 1. Enable the SN MP ag ent (pag e 5-4). 2. E nable trap inf or ms as desc ribed in the following p ages. 3. Cr eate a view with the requ ired notific ation messages (page 5-24 ).
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-8 • Trap Inform – Notific ations are se nt as inform mes sages. N ote that th is option is only available for v ersion 2c and 3 hosts . (Default: traps are used) - Timeout – The number of seconds to wai t for an acknowl edgment before resending an inform message.
S PECIFYING T RAP M ANAG ERS AND T RAP T YPES 5-9 We b – Click SNMP , Con figuration. En ter the IP addres s and co mmuni ty string for each manage ment station t hat will receiv e trap messag es , specify the UDP port , SNMP trap ve rsion, trap security level (for v3 clients), trap infor m settin gs (for v2c/v3 clients), and then click Add.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-10 Configu ring SN MPv3 Manage ment Acc ess T o configure SNMPv3 man agement a ccess to t he swi tch, fo llow these step s: 1. I f you want to chang e the defau lt engine ID , do so be fore co nfigurin g other SNMP p arameters .
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-11 We b – Click SNMP , SNMPv3 , Engine ID . Enter an ID of up to 26 hexadecimal ch aracters and then clic k Sav e.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-12 We b – Click SNMP , SNMPv3, Remote En gine ID . Enter an ID of up to 26 hexadecimal ch aracters and then clic k Sav e. Figure 5-5 Setting an Engine ID CLI – This example sp ecifies a r emote SNMPv3 eng ine ID .
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-13 - AuthP riv – SNMP c ommunicat ions use bo th authenti cation a nd encrypt ion (on ly availa ble for the SNM Pv3 security m odel). • Authentication Proto col – Th e method u sed for user a uthentic ation.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-14 We b – Click SNMP , SNMPv3, Use rs . Click New to configure a user name. In the New Use r page, define a name and assi gn it to a group , then clic k Add to save the configuration and retur n to the User Nam e list.
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-15 CLI – Use the snm p-ser ver use r command to co nfigur e a new user name and assi gn it to a group . Configuring Remote SN MPv3 Users Each S NMPv3 user is define d by a unique name. User s must be conf igure d with a specific security level and assigned to a g roup .
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-16 • Security Model – The user securi ty model; SNMP v1, v2c or v3. (Default: v1) • Security Level – The secu rity l evel used fo r the use r: - noAuthNoPri v – There is no authenti cation or encryption us ed in SNMP communic ations.
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-17 We b – Click SNMP , SNM Pv3, Re mote User s . Click New to config ure a user name . In the New User page, define a name and a ssign it to a group , then click Add to save the c onfiguration and retur n to t he User Name lis t.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-18 CLI – Use the snm p-ser ver use r command to c onfigur e a new user name and assi gn it to a g r oup. Configuri ng SNMPv3 Groups An SNMPv3 g roup set s the access po licy f or its as signed us ers, re stricting them to spec ific read, w rite, a nd not ify views .
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-19 • Notify View – The confi gured view f or noti ficatio ns. (Rang e: 1-64 charact ers) Table 5-2 Supported Notification Messages Object La bel Object ID Description RFC 1493 Traps newRoot 1.3.6.1.2. 1.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-20 linkDown * 1.3.6. 1.6.3.1.1.5.3 A linkDown trap signifi es that the SNMP entity, acting in an agent role, has detected that the ifOperStatus object for o ne of its communication links is about to enter the down state from some other state (b ut not from the notPresent state).
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-21 RMON Ev ents (V2) ris ing Alar m 1.3. 6.1. 2.1 .16 .0.1 The SNM P tra p that i s g ener ated when an alarm entry crosses its rising threshold and generates an event that is configu red for sending SNM P traps.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-22 swThermalRising Notification 1.3.6.1.4. 1.202.40.2.6. 2.1.0.58 Th is trap is sent when the temperature exceed s the switchThermalAction RisingThre shold. swThermalFalling Notification 1.3.6.1.4. 1.202.40.
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-23 We b – Click SNMP , SNM Pv3, Groups. Clic k New to configure a new g roup . In the Ne w Group pag e, define a na me, assign a security model and level, and then select read, write, and notify views. Clic k Add to save the new group a nd ret urn to the Gr oups list.
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-24 CLI – Use th e snm p-se r ver g ro up command to c onfigu re a new group , specif ying th e securi ty mode l and lev el, and rest rictin g MIB a ccess t o defi ned r ead an d wri te vi ews .
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-25 We b – Click SNMP , SNMPv3, Views . Click New to configure a new view . In the N ew Vie w page, define a nam e and sp ecify OID subtr ees in th e switc h MIB to b e includ ed or ex cluded in the vi ew .
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-26 CLI – Us e the snmp-ser ver view comma nd to co nfigur e a new view . Th is exampl e view inc ludes the MIB-2 int erfaces t able , and t he wildca rd mask selects all inde x entries . Console(config)#snmp-server view ifEntry.
6-1 C HAPTER 6 U SER A UTHE NTICA TION Y ou can co nfigur e thi s swi tch to authentic ate u sers l og ging into the s ystem for manag ement a ccess using local or remote authentica tion met hods .
U SER A UTH ENTIC ATION 6-2 The default gue st name is “gue st” with the passw ord “guest. ” The default administ rator name is “a dmin” wit h the password “adm in. ” Command Att ribut es • Account List – D isplays the curr ent lis t of use r accounts and asso ciated access levels .
C ONFIGURING L OCAL /R EMOT E L OGON A UTHENTICATION 6-3 CLI – Assign a user name to acc ess-level 15 ( i.e ., ad ministra tor), then speci fy the p assw ord . Conf igurin g Local/ Remote Logon Authen ticat ion Use the Authen tication Settings men u to restrict managem ent access based o n specifi ed user names an d passwords.
U SER A UTH ENTIC ATION 6-4 Command Usage • By default, manage ment acces s is alw ays checke d against the authen tication d ataba se stor ed on the lo cal swit ch. If a remote authen ticati on ser ver is us ed, you m ust sp ecify t he authent ication sequenc e and the corresp onding paramet ers for the remot e authen tication pro toco l.
C ONFIGURING L OCAL /R EMOT E L OGON A UTHENTICATION 6-5 - ServerIndex – Spe cifies one o f five R ADIUS server s tha t may be conf igured. The s witch att empts authentica tion u sing the li ste d sequenc e of servers . The proces s ends when a server eith er appro ves or de nies ac cess to a user .
U SER A UTH ENTIC ATION 6-6 We b – Click Se curity , Authen tication S ettings . T o configure loc al or remot e authen tica tion p referen ces , specify the au thenti catio n seq uence (i.e., one to thr ee methods), fill in the parame ters for RAD IUS or T A CA CS+ authen tication if sel ected, and clic k Apply .
C ONFIGURING HT TPS 6-7 Conf igurin g HTTPS Y ou can con figure the switc h to en able the Secure Hyp ertext T ransfer Proto col (HTT PS) over the Sec ure Socket Laye r (SSL), providing se cure access (i.e ., an encrypted connect ion) t o the s witc h’ s web in terface .
U SER A UTH ENTIC ATION 6-8 • The follow ing web bro wsers an d operating s ystems c urrent ly suppor t HTTPS: • To specify a secure-s ite certif icate, see “Replacing the Defau l t Secure-s ite Cer tif ica te” on pa ge 6 -9. Command Att ribut es • HTTPS St atus – Allows you to enable/disable the HTTPS server featu re on th e swit ch.
C ONFIGURING HT TPS 6-9 Replacing the Default Secure-site Certificate When you log onto the web interface using HTT PS (for secure access) , a Secure Soc kets La yer (SSL) certificate a ppears for t he switc h .
U SER A UTH ENTIC ATION 6-10 Conf iguring th e Secu re Shell The Berkley-stan dard includes remote access tools originally design ed for Unix sys tems . Some of thes e tools have also been imp lemente d for Micros oft Windows a nd other environm ents .
C ONFIGURING THE S ECURE S HELL 6-11 T o u se the SS H ser ver, comple te thes e ste ps: 1. Generate a Host Key P air – On the SSH Ho st K ey Settin gs page, create a host pu blic/pr iva te key pa ir .
U SER A UTH ENTIC ATION 6-12 6. Authentication – One of the following a uthentic ation method s is emplo yed: P asswo rd Authe ntication (for SS H v1.5 or V2 Clients) a. Th e client se nds its pa ssword to the ser ver . b . T he swi tch compa res th e clie nt's pa ssword to tho se stor ed in memo r y .
C ONFIGURING THE S ECURE S HELL 6-13 Authenticating SS H v2 Clients a. The client first querie s the switch to deter mine if DSA pub lic key authe ntication u sing a pref err ed alg orithm is acce ptable. b . If the s pecified a lgo rithm is su ppor ted by the switch, it not ifies the client to procee d with the a uthentic ation pro cess .
U SER A UTH ENTIC ATION 6-14 • Host-Key Type – The key type used to gene rate the ho st key pair (i.e., public and p rivate keys). (Rang e: RSA, DSA, Both: Defa ult: Both) The SSH server us es RSA.
C ONFIGURING THE S ECURE S HELL 6-15 We b – Click Security , SSH, Host-Key Settings . Select the host-key type from th e drop-down box, select the option t o save the ho st key from memor y to flash (i f required) prio r to generating the k ey , and then click Generate.
U SER A UTH ENTIC ATION 6-16 CLI – This example gen erates a h ost-k ey pair using both t he RSA a nd DSA algor ithms , stores the keys to flash memor y , and then displays the host’ s p ublic keys . Configuring th e SSH Server The SSH server inc ludes b asic se ttings for auth enticatio n.
C ONFIGURING THE S ECURE S HELL 6-17 • SSH Authentication Retri es – Spec ifies the number of auth entic ation attempts that a clie nt is allowed before authenticat ion fails and the client has to res tart the auth enticatio n process. (Ra nge: 1-5 times; Default: 3) • SSH Server-Key Size – Sp ecifies t he SSH se rver key si ze.
U SER A UTH ENTIC ATION 6-18 CLI – T his examp le enable s SSH, set s the auth enticatio n paramete rs , and disp lays the cur rent configur ation. It sh ows th at the adminis trator has made a c onnecti on via SHH, and t hen di sables this co nnecti on.
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-19 Configuri ng 802.1X Port Authent ication Netw ork swit ches can pro vide o pen and e asy access to net w ork resour ces by simply attaching a client PC.
U SER A UTH ENTIC ATION 6-20 releases . The clien t responds to the approp riate method with its credent ials , such as a p assw ord or certificate . T he RADIUS s er v er v erifies the cli ent cred entials and r esponds with an accept or reject pa cket.
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-21 Displaying 802.1X Global Settings The 802.1X protocol provides port authenticatio n. Command Att ribut es 802.1X System Authentication Control – The global s etting for 802.1X. We b – Click Security , 802.
U SER A UTH ENTIC ATION 6-22 Configuring 802.1X Global Settin gs The 802.1X protocol provides port authentication. T he 802.1X protocol mus t be ena b led global ly for t he swi tch s ystem be fore po rt setting s are activ e. Command Att ribut es 802.
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-23 Configuring P ort Settings for 802.1X When 802.1X is enabled, you need to configure the p arameters for the authen tication pr ocess that runs betw een the cl ient and the switc h (i.
U SER A UTH ENTIC ATION 6-24 • Re-authentication Period – S ets t he ti me per iod after w hich a connected clien t must be re-authenticated. (Range: 1-65535 seconds; Default: 3600 secon ds) • TX Period – Sets the time perio d during an a uthen tic ation s essi on tha t the s witch waits before re-transm itting an EAP packet.
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-25 CLI – This example sets the 802.1X parameters on port 2. For a description of th e additional fields disp layed in this example, see “show dot1x” on page 22-41.
U SER A UTH ENTIC ATION 6-26 Displaying 802.1X Statistics This sw itch can display statistics for dot1x proto col ex changes for any por t. Reauthentication State Machine State Initialize . . . . 802.1X is disabled on port 1/19 Console# Table 6-2 802.
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-27 We b – Sele ct Security , 802.1X, Statistics . Select the require d port and then click Query . Click R efresh to update the statist ics . Figure 6-9 802.1X Port Statistics CLI – This example displays the dot1x statistics for por t 4.
U SER A UTH ENTIC ATION 6-28 Filteri ng IP Addresses for Manageme nt Access Y ou can create a list of up to 16 IP addres ses or IP addr ess g roups that are allowed management access to t he switch through the web interface, SNMP , or T elnet. Command Usage • The management in terfaces are open t o all IP ad dresses by default.
F ILTERING IP A DDR ES SES FOR M ANAG EMENT A CCES S 6-29 We b – Clic k Security , IP Filter . Enter the IP addresses or rang e of addresses t hat are allo wed mana gement access to an int erface, an d clic k Add IP Fil tering Entr y . Figure 6-10 IP Filter CLI – T his examp le rest ricts mana gem ent acce ss for T e lnet client s.
U SER A UTH ENTIC ATION 6-30.
7-1 C HAPTER 7 C LIEN T S ECURITY This sw itch suppor ts many method s of seg regatin g traffic for clients attached to each of the d ata por ts, and for ensur ing that only autho rized clie nts gain a ccess to the netw ork. Pri vate VL ANs and port-bas ed authentication using IEEE 802.
C LIENT S ECURITY 7-2 This sw itch provides client security usi ng the following optio ns: • Private VLANs – Provi de port -based s ecurity and iso lation betw een ports w ithin th e assigne d VLAN. (S ee “Configu ring Pr ivate VLAN s” on page 13-18.
C ONFIGURING P ORT S ECUR ITY 7-3 T o use port se curity , specify a max imum num ber of addresse s to al low o n the po rt and then let the s witc h dynam icall y learn the < source M A C addr ess, VLAN> pair for fram es rece ived on the po rt.
C LIENT S ECURITY 7-4 • Max MA C Coun t – The maximum number of MAC addresses th at can be learned on a port. (Range: 0 - 1024, where 0 means disabled) • Trunk – Trunk number if port is a member (page 9-9 and 9-11). We b – Click Se curity , Port Se curity .
C ONFIGURING IP S OUR CE G UARD 7-5 Configu ring IP So urce Guard IP Source Guard is a securit y feature that fil ters IP traffic o n unsecure network inter faces ba sed on s tatic en tries conf igured in the IP Source Guard tabl e, or dynamic e ntries in the DHC P Snooping table.
C LIENT S ECURITY 7-6 • If the IP so urce gu ard is e nabled, an i nbound packet’ s IP addre ss (sip option) or bo th its I P addr ess an d cor respond ing MAC addre ss (sip- mac opti on) will be chec ked agai nst the bi ndin g table. If no mat ching entry is found, the packet will be dropped.
C ONFIGURING IP S OUR CE G UARD 7-7 IP Source Guard Filter • Port – Port for which to filter static entries. • Source IP – Filter s traffic b ased on IP addre sses store d in the b inding table. • Source IP and MAC – Filt ers traf fic based on IP ad dresses and cor respo nding M A C a ddresse s stored in the bind ing table.
C LIENT S ECURITY 7-8 CLI – T his example configures a static source-guard binding on por t 1. Configu ring DHCP Snoopi ng The addres ses a ssign ed to D HCP clien ts on unsecu re ports ca n be carefully controlled usi ng the dy namic bi ndings register ed with DHCP Snoopi ng (o r usin g the sta t ic binding s confi gured w ith IP Source Gu ard).
C ONFIGURING DHCP S NOOPING 7-9 • Wh en DHCP s noopi ng is enable d, DHCP messages enterin g an untrusted interface are filtered based upon d ynamic entries learned via DHCP snoo ping. • Filter ing rules are implemented as follows: - If the DHCP snoo ping is disab led glo bally, all DHCP packe ts are forwarde d.
C LIENT S ECURITY 7-10 • Additional considerations when the s witch itself is a DHCP client – The p ort(s ) through which the sw itch submits a client request to the DHCP server must be configured as trusted. No te that the switch w ill not add a dynamic entry for itself to the binding table when it receives an ACK messa ge from a DHCP ser ver.
C ONFIGURING DHCP S NOOPING 7-11 • DHCP Snooping Service Provider Mode – Once an IP add ress is assi gned to the hos t by a D HCP server , the sw itc h sets thi s entry to st atic mode in the MAC address ta ble, and re gisters the host as a valid en try in the D HCP snoo ping tabl e.
C LIENT S ECURITY 7-12 We b – Click DHCP Snooping, DHCP Sno oping Configuration. Enable DHCP snooping st atus globally , enable it for the required VLANs, select whethe r or not to verify the clie nt’ s MAC addre ss , conf igure thos e por ts that will receive messages only from wi thin the local network as tr usted, and then click Apply .
D IS PLAYING DHCP S NOOPING I NFOR MATION 7-13 Displaying DHCP Sn oopi ng Informa tion The con figuration settings and binding table entries can b e displayed on the DHC P Snoopin g Infor mat ion pag e. Command Att ribut es DHCP Snoop ing Conf igura tion Se tting s • DHCP Snooping Status – DHC P snoopi ng globa l configur ation status .
C LIENT S ECURITY 7-14 We b – Click DHCP Snoo ping, DH CP Snoopin g Information. Figure 7-4 DHCP Snooping Information.
C ONFIGURING P ACKET F ILTE RING 7-15 CLI – T hese e xamples show the DHCP snooping config uration se ttings and bi nding table entr ies . Configu ring Packet Filteri ng P acket filteri ng prov ides.
C LIENT S ECURITY 7-16 • Blocking NetB IOS traffic commonly used for resource sharing in a peer-to -peer en vironmen t to en sure tha t no priv ileged client dat a is passe d to othe r data po rts. Command Att ribut es • DHCP Request – Blocks DHC P re ques t packet s .
C ONFIGURING P ACKET F ILTE RING 7-17 • NetBIOS – Block s NetB IOS packet s . (D efau lt: Disa bled) - NetBIOS is commonly used in loca l area networks to facilitate sharing resourc es such as printe rs or file s between com puters .
C LIENT S ECURITY 7-18 We b – Click Security , Pac ket Filter , Base Filter Configuration. Sele ct the type of ser vic e packets to filter , and click Apply . Figure 7-5 Packet Filtering – Base Filter CLI – This exampl e bloc ks DHCP ser vice r equests, DHCP reply pac kets , and a ll NetB IOS pa ck ets on port 1.
C ONFIGURING P ACKET F ILTE RING 7-19 • Thi s switch provid es a total of 7 masks for filtering functions, including IP-MAC address packet filte ring, NetBIOS packet filtering, DH CP packet fil tering, a nd ACLs. On e mask is allocate d to IP-MAC p acket filtering if any entries are defined.
C LIENT S ECURITY 7-20.
8-1 C HAPTER 8 A CCESS C ONTROL L ISTS Access Contro l Lists ( A CL) provi de pac ket filterin g for I P frames (based on addres s , protocol , Layer 4 prot ocol po rt numb er or TCP control cod e), or any fr ames (b ased on MA C address or E t hernet type) .
A CCESS C ONTR OL L ISTS 8-2 The following filtering modes are supp orted: • Standar d IP ACL m ode (S TD-ACL) filte rs pac kets bas ed on th e source IP addr ess. • Extended I P ACL m ode (EXT-A CL) filters packets based on sou rce or desti natio n IP addr ess, as well as prot ocol t ype and p roto col po rt number .
C ONFIGURING A CCES S C ONTROL L ISTS 8-3 • Eg ress MA C ACLs only wor k for dest ination -mac-k nown pack ets, no t for multica st, broadcas t, or destin ation-mac- unknown pa ckets. The order in wh ich acti ve A CLs are check ed is as follows: 1. User -defined rules in the E gress M AC ACL for eg ress ports .
A CCESS C ONTR OL L ISTS 8-4 We b – Clic k Security , A CL, Configuration. Ent er an A CL name in the Name field , select th e list type (I P Standa rd, IP Extend ed, or MAC), and click Add to open the config uration page for the new list. Figure 8-1 Selecting ACL Type CLI – This example creates a standard IP A CL named bill.
C ONFIGURING A CCES S C ONTROL L ISTS 8-5 We b – Specify t he acti on (i. e., P er mit or Deny ). Sele ct the address t ype (Any , Host, or I P). If y ou select “ Host, ” enter a s pecific a ddress . If y ou select “IP ,” enter a subn et addre ss and th e mask fo r an add ress ran ge.
A CCESS C ONTR OL L ISTS 8-6 • Source/Destination Subnet Mask – Sub net mask fo r source or desti natio n addr ess. (S ee the d escript ion f or SubM ask on page 8-4.) • Service Type – Packet priority se ttings based on the following c riteria: - Precedence – IP precede nce level.
C ONFIGURING A CCES S C ONTROL L ISTS 8-7 We b – Specify the action (i.e ., Permit or Deny) . Speci fy the sour ce and/or desti nation addresses . Select t he addres s type ( Any , Host, or I P). If y ou selec t “Host, ” enter a spec ific ad dress .
A CCESS C ONTR OL L ISTS 8-8 3. Pe r mit all TCP packets from class C addre sses 192.168.1.0 w ith the TCP contro l code s et to “SYN .” Configuring a M AC ACL Command Att ribut es • Action – An ACL ca n cont ain any combi natio n of permit or d eny ru les.
C ONFIGURING A CCES S C ONTROL L ISTS 8-9 Command Usage Egress MA C ACL s only w ork for destina t ion- mac-kn own pa ck ets, not for multicast, br oadcast, or destina tion-mac- unknown packets. We b – Specify the action (i.e ., Permit or Deny) . Speci fy the sour ce and/or desti natio n addres ses .
A CCESS C ONTR OL L ISTS 8-10 Configuri ng ACL Masks Y ou must spec ify masks that control the orde r in which A CL r ules are chec ked. A CL r ule s matc hing t he first entr y in the mask are c heck ed first. R ules ma tch ing sub sequent e ntries i n the ma sk are t hen ch ec ked in the specified o rder .
C ONFIGURING A CCES S C ONTROL L ISTS 8-11 We b – Clic k Security , A CL, Mask Configuration. Click Edit for one of the bas ic mask types to op en th e conf igurati on page. Figure 8-5 Selecting ACL Mask Types CLI – This exam ple crea tes a n IP ing ress mask, and th en adds two r ules.
A CCESS C ONTR OL L ISTS 8-12 • Source/Destination Subnet Mask – Source or de stina tion addr ess of rule must match this bi tmask. (See the d escriptio n for Su bMask on page 8-4.) • Protocol Mask – Ch eck the pr otocol fiel d. • Service Type Mask – Check the rule for the specified priority type.
C ONFIGURING A CCES S C ONTROL L ISTS 8-13 We b – Configure the mask t o match the required r ules in the I P ing ress o r egress A CLs . Set th e mask t o chec k for any source or dest ination address , a specif ic host add ress, or an address ran ge.
A CCESS C ONTR OL L ISTS 8-14 CLI – This sho ws th at the e n tri es in th e mask ov er ride th e prece dence in which th e r ules ar e ente red int o the A CL. I n the fo llowing exa mple, pac ke ts with the so urce add ress 10. 1.1.1 are dropp ed bec ause the “deny 10.
C ONFIGURING A CCES S C ONTROL L ISTS 8-15 We b – Conf igure the mask to match the required r ules in the MAC ingr ess or egress A CLs . Set the mask to chec k for a ny source or dest ination address , a host addre ss , or a n address ran ge. Use a bitmask to searc h for specific VL AN ID(s) or E thern et type(s).
A CCESS C ONTR OL L ISTS 8-16 CLI – T his examp le shows how to crea te an Ing res s MA C AC L and bind it to a po rt. You can then see that th e order of the rules have b een chang ed by the ma sk.
B IND ING A P ORT TO AN A CCESS C ONTR OL L IST 8-17 • When an AC L is bound to a n inte rface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind operation will fail. • The swit ch does not sup port t he expli cit “den y any any” rule fo r the egress IP ACL or the eg ress MAC ACLs .
A CCESS C ONTR OL L ISTS 8-18 CLI – This examples assign s an IP and M A C ing ress A CL to port 1, and an IP ing ress ACL to por t 2. Console(config)#interface ethernet 1/1 25-2 Console(config-if)#.
9-1 C HAPTER 9 P ORT C ONFIGURATI ON Displayi ng Co nnection Status Y ou can us e the P or t Info r mation or T r un k Infor m ation pag es to display the current c onne ction st atus , includin g lin k state , speed/dupl ex mode , flow co ntrol, and auto-negotiat ion.
P ORT C ONFIGURATION 9-2 We b – Click P ort, Port Infor mation or T r unk Infor matio n. Figure 9-1 Port - Port Information Field Attribut es (CLI) Basic infor mation: • Port type – Indicates the port type. (100BASE-TX, 1000BASE -T, SFP) • MAC address – The ph ysical layer addr ess for this po rt.
D ISPLA YIN G C ONNECTION S TATUS 9-3 “Confi guring Int erfac e Connec tions” on page 3-48 .) The follo wing capabilities are supported. - 10half - Supports 10 Mbps half -duplex op eration - 10ful.
P ORT C ONFIGURATION 9-4 CLI – This example s how s the conn ection s tatus fo r P or t 5. Conf igurin g Interfa ce Conn ectio ns Y ou can use the Port Configuration o r T r u nk Configuration pag e.
C ONFIGURING I NTE RFA CE C ONNECTIONS 9-5 required operation modes mus t be specified in th e capabilities list fo r an interface. • Au to-nego tiation m ust be d isabled before you can configur e or for ce the inte rface to us e the Sp eed/Duple x Mode or Flow Control opti ons.
P ORT C ONFIGURATION 9-6 and IEEE 802.3x for full-duplex operat ion. (Avoid usin g flow control on a po rt conn ected to a hub un less it is actually required to solve a proble m. Otherw ise back pre ssure jammin g signals ma y degrad e overall perform ance for the segment att ached to the hub.
C ONFIGURING I NTE RFA CE C ONNECTIONS 9-7 We b – Click P or t, P ort Config uration or T r unk Configuration. Modify the required interface settings, and c lick Apply . Figure 9-2 Port - Port Configur ation CLI – Sele ct the in terface, and t hen enter th e require d settings.
P ORT C ONFIGURATION 9-8 Creating Trun k Groups Y ou can create m ultiple links b etween d evices that w ork as one vi rtual, ag g regate link. A port trunk offers a dramatic in crease in b andwidth fo r network segments wher e bottlenecks exist , as well as providing a fault-tole rant lin k betw een tw o de vices .
C RE AT IN G T RUN K G RO U P S 9-9 • The ports at both ends o f a trunk must be c onfigured in a n identical manner , inclu ding co mmunica tion mo de (i.
P ORT C ONFIGURATION 9-10 We b – Click P or t, T r unk Membership . Enter a trunk ID of 1-12 in the T r unk fiel d, select any of the sw itch ports from the scro ll-do wn port list, and cl ick Add. After y ou hav e completed ad ding ports t o the me mber list , click Apply .
C RE AT IN G T RUN K G RO U P S 9-11 CLI – This example creates tr unk 1 with por ts 9 and 10. J us t connect these ports to tw o static trunk po r ts on anot her swit ch to form a tr unk.
P ORT C ONFIGURATION 9-12 • A trunk formed wit h another switch using LACP will automatic ally be assign ed th e next avai lable t runk ID. • If more than eight po rts attache d to the sa me target sw itch have LAC P enabled, the addit ional ports will be placed in st andby mode, and will only be enabled if one of the active links fails.
C RE AT IN G T RUN K G RO U P S 9-13 CLI – T he foll owing e xamp le ena bles LA CP fo r por ts 1 to 6. Just co nnect these ports to LA CP-enabled tr unk ports on an other s witch to form a tr unk.
P ORT C ONFIGURATION 9-14 Note: If the po rt chann el admin key (la cp admin key, page 26-8) is not set (through the CL I) when a channe l group is formed (i.
C RE AT IN G T RUN K G RO U P S 9-15 We b – Click P or t, LA CP , Ag greg ation P o rt. Set the Sys tem Priority , Admin Key , and P or t Priority for the P ort Actor .
P ORT C ONFIGURATION 9-16 CLI – The followin g exampl e confi gures LA CP parameters for ports 1-10. P or ts 1-8 are used as active membe rs of t he LA G , ports 9 and 10 are set to backup mo de.
C RE AT IN G T RUN K G RO U P S 9-17 Displaying LACP Port Count ers Y ou can dis play stati stics for L A C P prot ocol mes sage s . We b – Click P ort, LACP , P or t Counters Infor matio n. Select a member port to dis pla y the co rresponding information.
P ORT C ONFIGURATION 9-18 CLI – The follow ing examp le displ ays LACP co unters for po rt channel 1. Displaying LACP Setti ngs and Status for the Lo cal Side Y ou can dis play configuration settings and th e operational state for th e local side of an link ag greg ation.
C RE AT IN G T RUN K G RO U P S 9-19 LACPDUs Inter nal Number of seconds before inva lidating received LACPDU information. Adm in Sta te, Oper S tate Administrative or opera tional values of the actor.
P ORT C ONFIGURATION 9-20 We b – Click P ort, LACP , P o rt Inter nal Infor mation. Sele ct a port channel to disp lay th e correspondin g information. Figure 9-7 LACP - Po rt Internal Informatio n CLI – The follow ing examp le displ ays the LA CP confi guration setting s and op erational state for the l ocal s ide of port chan nel 1.
C RE AT IN G T RUN K G RO U P S 9-21 Displaying LACP Settings and Status for the Remote Side Y ou can dis play configuration settings and th e operational state for th e remote side of an link agg reg ation. Table 9-3 LACP Neighbor Configurati on Information Field Description Partner Admin System ID LAG partner’s syst em ID assigned by the user.
P ORT C ONFIGURATION 9-22 We b – Click P ort, LACP , P o rt Neighbor s Infor mation. Selec t a port channel to display the cor respondin g infor mation. Figure 9-8 LACP - Po rt Neighbors Informatio n CLI – The follow ing examp le displ ays the LA CP confi guration setting s and op erational state for the r emote side of port chan nel 1.
S ETTING B RO A D CA ST S TORM T HR ESHOLDS 9-23 Setting Broad cast Storm Thresholds Broadc ast storms may o ccur when a device on your n etw ork is malfunctioning, o r if application prog rams are not well design ed or proper ly confi gured.
P ORT C ONFIGURATION 9-24 We b – C l i ck Po r t, Po r t B r o a d c a s t C o n t r ol or T r unk Br oadcast Con trol. Check the Enab led bo x for any interfac e, set the t hresho ld, and cli ck Apply . Figure 9-9 Port B roadcast Control CLI – Sp ecify a ny inter face, and then en ter the th reshol d.
C ONFIGURING P ORT M IR R ORING 9-25 Configu ring Po rt Mirrori ng Y ou can mirror tra ffic from an y source por t to a ta rge t por t for re al-time analysis . Y ou can then attach a logic analyzer o r RMON pr obe to the target port and stud y the traffic crossing the source po rt in a complet ely unobtrusiv e manner .
P ORT C ONFIGURATION 9-26 We b – Click P ort, Mir ror Po r t Configuration. Specify the source por t, the traffi c type to be mirr ored, and th e monitor port , then click Ad d.
C ONFIGURING R ATE L IMITS 9-27 Note: You can also set an SNMP tra p if traffi c exceeds t he confi gured rate limit using the CLI (s ee the “rate-limit trap-input” command on page 28-3).
P ORT C ONFIGURATION 9-28 CLI - This example sets the rat e limit for input and outp ut traffic passing through por t 1 to 64 Kbps. Configuring the Rate Limit for a VL AN Port Member We b - Clic k P o rt, Rat e Limit, Input VLAN Con figuration. Select the port, and the VL AN to which th e por t belongs.
S HOWING P ORT S TATI STI CS 9-29 Showing Port Statistics Y ou can disp lay s tandard statist ics on n etw ork traffic from th e Inter faces Group and Ether net-like MIBs , as well as a detailed breakdown of traffic based o n the RMON MIB . Interfaces an d Ethernet-lik e stat istics dis play errors on th e traf fic pass ing thr ough eac h port.
P ORT C ONFIGURATION 9-30 Received Unknown Packets The number of packets rece ived via the interface which were discarde d because of an unknown or unsupported protocol. Received Errors The number of inbou nd packets tha t contained e rrors preventing them from being delivera ble to a higher-laye r protocol.
S HOWING P ORT S TATI STI CS 9-31 FCS Errors A count of frames received on a particular interface that are an integra l number of octets in length but do not pass the FCS check. This count does not include frames receive d with frame-too-long or frame-too-s hort error.
P ORT C ONFIGURATION 9-32 RMON St atistics Drop Events The total number of events in which packets were dropped due to lack of resources. Jabbers The total num ber of frames received that were long er than 1518 octets (excluding framing bits, but including FCS octets), and had either an FCS or alignment error.
S HOWING P ORT S TATI STI CS 9-33 64 Bytes Frames The total number of frame s (including ba d packets) received and trans mitted that were 64 octets in length (excluding framing bi ts bu t including FCS octets).
P ORT C ONFIGURATION 9-34 We b – Click P or t, P ort Statis tics . Select the required interface, and click Quer y . Y ou ca n also u se the Refres h button at the b ottom of the pag e to update th e screen.
S HOWING P ORT S TATI STI CS 9-35 CLI – This example show s statistics for port 12. Console#show interfaces counters ethernet 1/12 25-14 Ethernet 1/12 Iftable stats: Octets input: 868453, Octets out.
P ORT C ONFIGURATION 9-36.
10-1 C HAPTER 10 VDSL C ONFIGURATI ON VDSL com muni catio n para meters can be set f or indi vid ual ports , or multiple parameters can be defined in a profile and applied glob ally to the switc h or to a group of ports . Alar m thr eshold s can b e defi ned in a profi le and then applied globally t o the sw itch or to s elected por ts .
VDSL C ONFIGURATION 10-2 - Power Value – A power level for each of th e PSD bre akpoint s . (Range: An in teger from 0 t o 255, which is used to calculate a power level in terms of -140 + ( pow er-valu e ) * 0.5 dBm/Hz; Default: 255, which is equivalent to -12.
C ONFIGURING G LOBAL S ETTINGS FOR VDSL P OR TS 10-3 the optimal t ransmission rate for the c urre nt condition s , se tting the rate with in th e boun ds de fined by the Da ta Rate .
VDSL C ONFIGURATION 10-4 Upstre am po wer b ack-off ( UPBO) is us ed to m itigate far -end crosstal k caused by upstrea m transmiss ions fr om shor ter to long er lo ops . The boundin g po wer l ev els sp ecified in this table a re used t o reshap e the PSD , en suring that the sign als on sh ort to long loop s are com patible.
C ONFIGURING G LOBAL S ETTINGS FOR VDSL P OR TS 10-5 We b – Click VDSL, Global Configuratio n. Configure the required items , and click Ap ply . ( Note tha t the para me ters in the followin g screen are all set to thei r default values.
VDSL C ONFIGURATION 10-6 Figure 10-1 VDSL Gl obal Configuration CLI – T his example displays sample settings for so me of the VDSL global config uration co mmands .
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-7 Configu ring Interface Se ttings for V DSL Ports This se ction describes how to configure communication paramet ers for VDSL ports s uch as sp.
VDSL C ONFIGURATION 10-8 Configur ation Table s • Channel Mode – Sets th e channel mod e to fast or interleaved . (Default: In terleav ed) Inter leaving pr otect s data ag ains t burst s of er ror s by using the R eed-Sol omon error co r recti on al g orit hm to spread the errors ov er a num ber of co de w ords .
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-9 • Region Ham Band – Sets th e ham rad io band that w ill be block ed to VDSL sig nals base d on defin ed usage ty pes. (Opti ons: See Table 2 9-5, “HAM Band Not ches f or Usage Types, ” on page 2 9-10.
VDSL C ONFIGURATION 10-10 • PSD Break points – See “Configuring Global Se ttings for VDSL Ports” o n page 10-1. • PSD Ma sk Level – See “Configuring Global Se ttings for VDSL Ports” o n page 10-1. • UPBO – See “Configuring Global Se ttings for VDSL Ports” o n page 10-1.
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-11 This m inimum margin ind icates the amoun t of increase in impulse noi se that the syst em can tolerate under operational c onditions while stil l ensuring require d transmissio n quality .
VDSL C ONFIGURATION 10-12 We b – Click VDSL, VDSL P ort Con figuration. Select one of the VDSL ports from the scroll-down list, set th e required parameters , and click Apply . ( Note t hat the par ameters in th e following sc reen are al l set to their defau lt values .
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-13.
VDSL C ONFIGURATION 10-14.
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-15 Figure 10-2 VDSL Port Configuration.
VDSL C ONFIGURATION 10-16 CLI – This exa mple d ispla ys sample setti ngs for some of the V DSL p ort config uration co mmands . Conf igurin g Line Prof ile s This se ction describe s how to configu.
C ONFIGURING L INE P RO F I LE S 10-17 We b – Click VDSL, Line Profile Configuration . Select a line profile from the dr op-down li st above the Line P rofile table of connec tion para meters, configure the required it ems in this table, and then click the Appl y button beneat h the tab le to store the profil e setti ngs .
VDSL C ONFIGURATION 10-18.
C ONFIGURING L INE P RO F I LE S 10-19.
VDSL C ONFIGURATION 10-20 Figure 10-3 Line Profile Configuration CLI – T his example displays sample settings for a line profile. Console(config)#line-profile southport 29-36 Console(config-line-pro.
D ISPLA YIN G VDSL S TATUS I NFOR MATION 10-21 Displaying VDSL Status Information This se ction describes th e infor mation disp layed for VDSL configuration settings , signal status , and communicat ion statistics .
VDSL C ONFIGURATION 10-22 LRE Rate Information – Data Rates for the VD SL line Avg SNR Margin Average signal -to-noise margin ab ove the SNR. Avg SNR Avera ge si gnal- to-no ise ratio. Table 10-2 R ate Sta tus Parameter Description Port Stat us Indicates if the po rt is administratively enabled or disa bled.
D ISPLA YIN G VDSL S TATUS I NFOR MATION 10-23 We b – Click VDSL, VDSL Statu s Infor mation. Selec t a VDSL port from the dr op-down list, an d click Qu er y .
VDSL C ONFIGURATION 10-24 CLI – This exampl e displ ays connecti on st atus and data ra tes for t he sele cted VD SL por t . Console#show lre 1/1 29-79 port 1 status : port enable(provisioned) port 1 status : port activating Downstream Training Margin: 8.
D IS PLAYING VDSL P ERFORMANCE S TATI STI CS 10-25 Displaying VDSL Pe rformance Sta tistics This se ction describes th e perfor mance infor matio n displayed for VDSL lines, including common er ror conditions over predefine d inter vals .
VDSL C ONFIGURATION 10-26 Ether net Transmit Perfor mance Counter s Alignment Errors Number of alignment errors (missynchronized data packets) . Oversize Number of frames received that were longer than 1518 octets (excluding framin g bits, but including FCS octets) and were otherwise well formed.
D IS PLAYING VDSL P ERFORMANCE S TATI STI CS 10-27 High-Le vel Data-Link Contr ol (H .D .L.C.) Performanc e Counters Table 10-6 H.D.L.C. Performance Counters Parameter Description CRC Errors Number of CRC errors (FCS or alignment errors).
VDSL C ONFIGURATION 10-28 We b – Click VDSL, VDSL P erfor mance Stat istics . Select a VDSL po rt from the drop-down list, and click Quer y . Figure 10-5 VDSL Performance Statistics.
D IS PLAYING VDSL P ERFORMANCE S TATI STI CS 10-29 CLI – This example d ispl ays p erformance infor mati on for the select ed VDSL por t. Console#show lre perf 1/1 29-82 port 1 performance counters .
VDSL C ONFIGURATION 10-30 Conf igurin g an Alar m Profile This s ection desc ribes how to con figur e a lis t of threshold v alues for er ror state s whic h can be appl ied to a s elected group of ports . Command Att ribut es • Alarm Profile – Name of the profile.
C ONFIGURING AN A LAR M P RO F I LE 10-31 This parameter sets the threshold fo r the n umber of sev erely errored second s wi thin any 15 minut e coll ectio n in terval for perfor mance data.
VDSL C ONFIGURATION 10-32 inte r val r eaches or ex ceeds th is v alue , a v dslP erfLossThres hNotificat ion notification will be generated. (Refer to RFC 3728 fo r infor mation on this notifica tion messag e .) No more than on e notification will be sent per inte r val.
C ONFIGURING AN A LAR M P RO F I LE 10-33 • init -fai lure – T hreshold for initialization failures that can occur wi thin any giv en 15 minutes . (Rang e: 0-900 seconds , where 0 disabl es the th.
VDSL C ONFIGURATION 10-34 We b – Click VDSL, Alar m Profile Config uration. Select a profile from the drop-do wn list abo ve the A lar m Pro file tab le of t hresh olds , config ure the require d items in this table , and then cli ck the Appl y butto n beneat h the table to sto re the pr ofile settings.
C ONFIGURING AN A LAR M P RO F I LE 10-35 Figure 10-6 Alarm Profile Configura tion CLI – T his example displays sample settings for an alarm pro file.
VDSL C ONFIGURATION 10-36 Displaying CP E Info rmation This se ction describes th e infor mation displayed for an attached CPE, including fir mware module vers ions , and per for mance counter s .
D ISPLA YIN G CPE I NFOR MATION 10-37 CPE Performance Counters Table 10-9 CPE Performance Co unters Parameter Description cpe perf ermance counters FeFEC_F Fa r end Forward Error Correction on fast pa.
VDSL C ONFIGURATION 10-38 We b – Click VDSL, CPE Infor matio n. Select a VDSL port from th e drop-down list, and click Quer y ..
D ISPLA YIN G CPE I NFOR MATION 10-39 Figure 10-7 CPE Information.
VDSL C ONFIGURATION 10-40 CLI – T his example displays infor mation about the CPE att ached to the sele cted VD SL por t . Console#show cpe-info 1/1 Protocol ID: Ikanos EOC Protocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffffffff (HEX), -1 (DECIMAL) Host Application Version: 7.
C ONFIGURING OA M F UNCTIONS AND U PGRADING CPE F IR MW ARE 10-41 Conf iguring O AM Function s and Upgradin g CPE Firmware Th is section d escribes op eration a nd mainte nance (O A M) funct ions for remote cu stomer premi ses equi pment ( CPE), su ch as clearing counters , enabling loop bac k testing, and upg rading fir mware.
VDSL C ONFIGURATION 10-42 CPE, and v erifyi ng th at the sig nal is re turned f rom the CP E with out any errors . Upgrading CPE Firmware • Upgrade Firmware – Transfers firmwar e from reserved buffer s pace in the switc h to a remo te CPE. • Firmware A ctive – Activates t he alter nate ( inactive) BME fir mware version on th e CPE.
C ONFIGURING OA M F UNCTIONS AND U PGRADING CPE F IR MW ARE 10-43 We b – Click VDSL, VDSL O AM. Select a VDSL port from the drop-down lis t, and per for m any of th e local or re mote O AM functions liste d under the Act ion fie ld .
VDSL C ONFIGURATION 10-44 CLI – T his exam ple shows how t o perfor m c ommon O AM func tions, and how t o download f i rm w are to a CPE. Console(config)#interface ethernet 1/1 25-13 Console(config.
11-1 C HAPTER 11 A DDRESS T ABLE S ETTINGS Switches sto re the addresse s for all known devices. This infor mation is used to pass traffi c direct ly bet wee n the inb ound and outb ound ports . All the add resses learned by monito ring tra ffic ar e stored i n the dy namic address t able .
A DDR ES S T ABL E S ETTINGS 11-2 We b – Click Address T able, Static Addresses. Specify the interface, the MA C address and V LAN , then click Ad d Static Addr ess . Figure 11-1 Static Addr esses CLI – This example adds an address to t he static addre ss table , but set s it to be deleted w hen the switch is reset.
D ISPLA YIN G THE A DDRESS T ABLE 11-3 Command Att ribut es • Interface – Indic ates a port o r trunk. • MAC Address – Physical add ress associat ed with this inte rface.
A DDR ES S T ABL E S ETTINGS 11-4 CLI – This example a lso display s the ad dress ta ble entri es for p ort 1. Changing the Aging Time Y ou can set the a ging time fo r entries i n the dynamic address ta ble. Command Att ribut es • Aging Status – Enable s/disable s the aging f unction .
12-1 C HAPTER 12 S PANNING T REE A LGORI THM Th e Span ning T r ee Alg o rithm (STA) ca n be used to detec t and d isable network loops, and to provide backup links be tween switche s , bridg es or routers .
S PANNING T RE E A LGORITHM 12-2 Once a stab le network topolog y ha s been es tablished, all brid ges list en for Hello BPDUs (Brid ge Protocol Data Unit s) transmitted from the Root Bridge. If a bridge does not g et a Hello BPDU after a predefined inter v al (Maximum Age) , the bridge ass umes that the link to th e R o ot Bridge is down.
12-3 mainta i n co nnecti vity am ong eac h of the assig ned VLA N groups . MSTP then bu ilds a Inte rnal S pannin g T re e (IST) fo r the Region conta ining all common ly configure d MSTP bridges .
S PANNING T RE E A LGORITHM 12-4 MSTP con nects al l bri dges and LAN segmen ts wit h a sing le Commo n and Internal Spanni ng T ree (CIST). The CI ST is formed as a result of the r unning spanning tr ee alg orith m between switches th at suppor t the S TP , RSTP , MSTP protoc ols .
D ISPLA YIN G G LOBAL S ETTINGS 12-5 make it return to a discardin g state; o therwise, tempor ary data loops might result. • Designated Root – The priorit y an d MAC addre ss of the devic e in th e Spannin g Tree tha t thi s switch ha s accepted as th e root de vice.
S PANNING T RE E A LGORITHM 12-6 configurat ion messages at regular intervals . If the ro ot port ages out STA information (provided in the last conf igurat ion mes sage), a new ro ot port is sel ected fro m among th e device p orts att ached to the net work.
D ISPLA YIN G G LOBAL S ETTINGS 12-7 CLI – This command displays globa l ST A settings , follo wed b y settings for each port . Note: The current root po rt and cu rrent ro ot cost displ ay as zero when this de vice is n ot conn ected to the ne twork.
S PANNING T RE E A LGORITHM 12-8 Conf igurin g Global Settings Global sett ings apply to the enti re switch. Command Usage • Spanni ng Tre e Protocol 13 Uses RSTP fo r the internal state mach ine, but se nds only 802.1D BPDUs. Thi s create s one spann ing tree instanc e for the enti re network.
C ONFIGURING G LOBAL S ETTINGS 12-9 - Be ca reful when s witch ing be tween span ning tr ee mode s. Ch anging modes st ops all span ning-tree instance s for the prev ious mode and restarts th e system in the new mode, temporarily dis rupting u ser traffi c.
S PANNING T RE E A LGORITHM 12-10 reconfi gure. All de vice ports ( except for designat ed ports) should receive configurat ion messages at regular intervals. Any port that ages out STA information (pro vided in the last conf igurat ion mess age) be comes t he design ated port for the at tached LAN.
C ONFIGURING G LOBAL S ETTINGS 12-11 Config uration Se ttings for MST P • Max Instance Numbe rs – T he maxi mum numb er of MST P instan ces to whic h this s witch can b e assign ed. (Defaul t: 33) • Configuration Digest – An MD 5 signa ture key th at cont ains th e VLAN ID to MST ID ma pping table .
S PANNING T RE E A LGORITHM 12-12 We b – Click Spanning T ree, STA, Configuration. Modify the required attributes , and click Apply . Figure 12-2 STA Global Configuration.
D ISPLAY IN G I NTERFACE S ETTINGS 12-13 CLI – T his ex ample enable s Span ning T ree P rotocol , sets th e mode t o MST , and th en config ures th e ST A and MS TP paramet ers .
S PANNING T RE E A LGORITHM 12-14 - If two ports of a switch are conne cted to the same segm ent and there is no other ST A device a t tach ed to t his s egment, the po rt with the smaller I D forwards packe ts and the ot her is discar ding.
D ISPLAY IN G I NTERFACE S ETTINGS 12-15 • Trunk Member – Indicates if a port is a member of a t runk. (STA Port Information o nly) These additio nal parameter s are only displa yed for the CLI: • Admin status – Shows if this inte rface is enabled.
S PANNING T RE E A LGORITHM 12-16 loop s. Wher e more t han one po rt is a ssigned the highest pr iority, the port with th e lowest nume ric id entifi er wil l be en abled. • Designated root – The priority and MAC ad dress o f the device in the Spannin g Tree tha t thi s switch ha s accepted as th e root de vice.
D ISPLAY IN G I NTERFACE S ETTINGS 12-17 CLI – This example s how s the ST A attributes for port 5. Console#show spanning-tree ethernet 1/5 3 1-25 Eth 1/ 5 information ------------------------------.
S PANNING T RE E A LGORITHM 12-18 Configurin g Interfa ce Settings Y ou can con figure RSTP a nd MSTP a t trib utes for specific interfa ces , including por t priority , path cost, link ty pe, and edge por t.
C ONFIGURING I NTERFACE S ETTINGS 12-19 loop s. Wher e more t han one po rt is a ssigned the highest pr iority, the port with lowe st numeric identifier will be enabled. - Default: 128 - Range: 0-240, in steps of 16 • Admin Path Co st – This para meter i s used by the STA to dete rmine the best pa th betw een devi ces.
S PANNING T RE E A LGORITHM 12-20 • Admin Link Type – The link type a ttached to th is interface . - Point-to -Point – A co nnecti on to exac tly one othe r bridge. - Shared – A conn ection to two or mo re bri dges. - Auto – The switch automatically determines if the int erface is attached to a point- to-point lin k or to shared media.
C ONFIGURING I NTERFACE S ETTINGS 12-21 We b – Click S panning T ree, STA, P ort C onfigura tion or T r unk Configuration. Modify the requir ed attri butes , th en clic k Apply . Figu re 12 -4 STA Port Con figu rati on CLI – T his example sets STA attributes for por t 7.
S PANNING T RE E A LGORITHM 12-22 Configu ring Mul tiple Span ning Trees MSTP generat es a uni que spann ing tree for eac h instance . T his pro vides multiple pathways across the n etwork, thereby ba.
C ONFIGURING M ULTIPLE S PANNING T REES 12-23 • VLANs in MST Instance – VLANs assig ned th is inst ance. • MST ID – Instance identifier to configure.
S PANNING T RE E A LGORITHM 12-24 CLI – T his displays ST A s ettings for instance 1, followed by settings for eac h port. Console#show spanning-tree mst 1 31-25 Spanning-tree information ----------.
D ISPLA YIN G I NTERFACE S ETTINGS FOR MSTP 12-25 CLI – This example s ets the p riorit y for MSTI 1, and adds VLANs 1-5 to this MSTI. Displayin g Inter face Settings for MSTP The MSTP Port Infor mation and MSTP T r unk In for mation pages display the current s tatus of ports and trunks in the sel ected M ST inst ance .
S PANNING T RE E A LGORITHM 12-26 CLI – T his displays ST A s ettings for instance 0, followed by settings for each por t. T he se ttings for inst ance 0 ar e glob al setti ngs that a pply t o the IST (p age 12-4), the s ettings for oth er insta nces onl y apply t o the lo cal spanning tr ee.
C ONFIGURING I NTERFACE S ETTINGS FOR MSTP 12-27 Configurin g Inte rface Setti ngs for MST P Y ou can con figure the ST A interfa ce sett ings for an MST I nstance us ing the MSTP P ort Con figuration and MSTP T r unk Configuratio n pages .
S PANNING T RE E A LGORITHM 12-28 • Admin MST Path Cost – This pa rameter is used by the MS TP to determ ine the best path between device s. Therefor e, lowe r values shoul d be ass igned to port s atta ched to faster media, and hig her va lues as signed to ports wi th slower media.
C ONFIGURING I NTERFACE S ETTINGS FOR MSTP 12-29 We b – Click Spanning T r ee, MSTP , Port Configuration or T r unk Configuration. Enter the priority and pa th cost for an interface, and click Apply . Figure 12-7 MSTP Port Configuration CLI – This example sets the MSTP att ributes for port 4.
S PANNING T RE E A LGORITHM 12-30.
13-1 C HAPTER 13 VLAN C ONFIGURATI ON Selecti ng the VLA N Operati on Mode The system can b e confi gured to op erate in normal mode or one of the tunneli ng modes used for pass ing Lay er 2 traffic acro ss a service provide r’ s metropolitan area netw ork, including IEEE 802.
VLAN C ONFIGURATION 13-2 We b – Click V LAN , System Mo de. Select the requi red mo de, c lick Ap ply . Figure 13-1 Selecting the System Mode CLI – This example sets the switc h to operate in QinQ mode . IEEE 80 2.1Q V LANs In la rge netw orks , routers a re used to isola t e bro adcast t raffic fo r eac h subnet into se parate domains .
IEEE 80 2.1Q VLAN S 13-3 VLANs p rov ide greater net wo rk effici ency b y reducin g broad cast tra ffic, and a llo w yo u to mak e netw ork changes witho ut ha ving to upda te IP addres ses or IP subn ets.
VLAN C ONFIGURATION 13-4 VLAN Cla ssification – When the switc h receiv es a frame, it classif ies the frame in one of tw o wa ys . If th e frame i s untagg ed, t he swit ch as signs t he frame to a n associa ted VLA N (based on t he defaul t VLAN ID of the recei ving po rt).
IEEE 80 2.1Q VLAN S 13-5 forw ard the messa ge to all other ports . When the message arriv es at another switch that supp orts G VRP , it will als o place the receiving por t in the sp ecif ied VLANs , and pa ss the mess age on to all ot her p orts . VL AN require ments are pro pagated in t his wa y throughout the net w ork.
VLAN C ONFIGURATION 13-6 switch es , yo u should crea te a VLAN for that group and e nable tagg ing on all por ts . P or ts ca n be assi gned to m ultiple tagg ed or untagg ed VLANs . Eac h port on the s witch is theref ore capab le of pas sing tagg ed or u ntag ged frames .
IEEE 80 2.1Q VLAN S 13-7 CLI – T his example enables GVRP for the switch. Displaying Ba sic VLAN Info rmation The VLAN B asic I nfor mati on page di spla ys basi c info r mation on the VLAN typ e suppor te d by the switch.
VLAN C ONFIGURATION 13-8 CLI – Enter the following command. Displaying Current VLANs The VLAN Curren t T able sho ws the current port m embers o f eac h VLAN and whether or n ot the port supports VLA N tagging . P orts assi gned to a lar ge VLAN group tha t cross es sev eral swit ches should use VLAN tag ging.
IEEE 80 2.1Q VLAN S 13-9 We b – Click VLAN , 802.1Q VLAN, Current T able. Select any I D from the scr oll-down list. Figure 13-4 VLA N Current Table Command Att ribut es (CLI) • VLAN – ID of co nfigured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLA N was a dded to the s witch.
VLAN C ONFIGURATION 13-10 CLI – Cur rent VLAN infor mation can be displayed with th e following command. Creati ng VLANs Use th e VLAN Stat ic List to creat e or rem ov e VLAN g roup s . T o propagate information about VLAN groups used on this s witch to external netw ork devices , you m ust specify a VLAN ID for eac h of these gro ups .
IEEE 80 2.1Q VLAN S 13-11 • Remove – Removes a VLAN group from the curr ent list. If any port is assigned to th is group as un tagged, it will be reassigned t o VLAN group 1 as untagged.
VLAN C ONFIGURATION 13-12 Adding Stat ic Members t o VLANs (VLAN Index) Use the V LAN Stati c T able to con figure p ort members for t he select ed VLAN index. Assign por ts as tag ged if they are connected to 802.1Q VLAN com pliant devices , or unt ag ged they a re not c onnecte d to any VLAN-a ware devices .
IEEE 80 2.1Q VLAN S 13-13 - Forbidden : Interface is forbid den from automatically joining the VLAN via GVRP . For more informat ion, see “Automa tic VLAN Regist ration ” on page 13 -4. - None : Interface is not a member of t he VLAN. Pa ckets ass ociated with this VLA N will not be transmitted by the int erface.
VLAN C ONFIGURATION 13-14 Adding Stat ic Members t o VLANs (Port I ndex) Use the VLAN S tatic Membership b y P or t men u to assign VLAN g roups to the select ed int erfa ce as a tag g ed m ember. Command Att ribut es • Interface – Po rt or trunk iden tifier .
IEEE 80 2.1Q VLAN S 13-15 Configuring V LAN Behavior for Interfaces Y ou can config ure VLAN behavior for specific interfaces, including the default V LAN identi fier (PVI D), accepted fr ame types , ingress filteri ng, GVRP status , and GARP timers .
VLAN C ONFIGURATION 13-16 - If ingress fil tering is disab led and a port r eceives fr ames ta gged for VLANs for which it is not a member, th ese frames will be flooded to all o ther po rts (except for t hose V L ANs explicitly forb idden on this port ).
IEEE 80 2.1Q VLAN S 13-17 belongin g to the port’s de fault VLAN (i .e., associ ated with the PVI D) are also transmitted as tagged frames . - Hybrid – Specifies a hy brid VLAN interface. The po rt may transmit tagged or untag ged frames . • Trunk Member – Indicates if a port is a member of a t runk.
VLAN C ONFIGURATION 13-18 Conf iguring Pri vate VLA Ns Pri vat e VLANs p ro vide po rt-based securi ty and isolat ion be tween ports withi n the assi gned V LAN . Data t raffic on dow nlink po rts can only b e forw arded to , and from, uplink p orts. (Note t hat pri vat e VLANs and nor mal VLANs can exist simultane ously within the sam e switch.
C ONFIGURING P RI VATE VLAN S 13-19 Configuring Uplink and Downlink Ports Use the Pri v ate VLAN Link Status page to set ports as downlin k or uplink ports . P orts designa t ed as down link po rts can not commun icate w ith any other ports o n the swit ch ex cept for the u plink por ts.
VLAN C ONFIGURATION 13-20 Configuri ng Protocol-Bas ed VLANs The ne tw ork devices r equired to support m ulti ple pr otoc ols can not be easily g rouped into a common VLAN . Th is may require non-standard devices to pass traffic betw een diff erent VL ANs in order to enco mpass all the devices par ticipating in a specific protocol.
C ONFIGURING P RO T OC OL -B ASED VLAN S 13-21 Configuring P rotocol Groups Create a protoco l group for o ne or more pr otocol s . Command Att ribut es • Protocol G roup ID – Group identifier of this protocol group. (Range: 1 -21474 83647) • Frame Type 20 – Frame typ e used by this prot ocol.
VLAN C ONFIGURATION 13-22 Mapping Protocols to VLANs Map a protocol g roup to a VLAN for ea ch interface that will par ticipate in the g rou p . Command Usage • When creat ing a pr otocol -base d VLAN, onl y assi gn interf aces usi ng this confi guration screen.
C ONFIGURING P RO T OC OL -B ASED VLAN S 13-23 We b – Click VLAN, Protocol VLAN , Port Configuration . Select a a port or trunk, ent er a prot ocol group I D , the correspondin g VLAN ID , and click Apply .
VLAN C ONFIGURATION 13-24 Conf igur ing IEE E 802. 1Q Tunnel ing IEEE 802.1Q T unneling (QinQ) is designed for serv ice provider s car r ying traffic for multiple customers ac ross their networks .
C ONFIGURING IEE E 802. 1Q T UNNELING 13-25 be added to this SPVL AN . The up link port can be added to multiple SPVLANs t o carr y inboun d tra ffic for di fferent cus tomer s onto th e service prov ider’ s netw ork.
VLAN C ONFIGURATION 13-26 The ing ress p rocess does s ource and destination lo okups . If b oth lookups are succe ssful, the ingress process writes t he pa ck et to me mory . Then the egress proc ess tran smit s the p ack et. P ackets enterin g a Qi nQ tunn el port are pr ocessed in th e follo wing manner: 1.
C ONFIGURING IEE E 802. 1Q T UNNELING 13-27 The ing ress process does source and dest ination lookups. If both lookups are succe ssful, the ingress process writes t he pa ck et to me mory . T hen the eg ress pr oces s trans mits the packet. Packets ente ring a QinQ u plink po rt are pr ocessed in th e follo wing manner: 1.
VLAN C ONFIGURATION 13-28 8. If the egress po r t is an untagged member of t he SPVLAN , the outer tag will be stripp ed. If it is a tag ged me mber, the outgo ing pack et will ha ve tw o tags . Configur ation Limitations for QinQ • The native VLAN of upli nk por ts should no t be used as the SP VLAN.
C ONFIGURING IEE E 802. 1Q T UNNELING 13-29 4. Set the T ag Protocol Identifi er (TPI D) v alue of the tun nel po rt. This step is required is the attached client is using a nonstand ard 2-b yte ethertype to id entify 802.1Q tagg ed fram es . T he st andard et hertype value is 0x8100.
VLAN C ONFIGURATION 13-30 Adding an Interf ace to a QinQ Tunnel F ollow t he gui delines in the preced ing sect ion to s et up a Qi nQ tun nel on the swi tch.
C ONFIGURING IEE E 802. 1Q T UNNELING 13-31 necess ary to s uppor t real-t ime servi ces acros s the b ackbone n etwork, then yo u may have to enable prio rity bit mapp ing from the inner to o uter VLAN tag to ensure tim ely service. We b – Click VLAN , 802.
VLAN C ONFIGURATION 13-32 CLI – This exampl e confi gures t he switc h to copy th e prior ity bit s from the inner to ou ter VLA N tag, it th en s ets p ort 2 to t unnel mo de, a nd indicates that the TPID used fo r 802.1Q tag ged frames will be 9100 hexadecimal.
C ONFIGURING VLAN S WAPP IN G 13-33 Configu ring VLAN Swapping QinQ t unnel ing uses double tagging to pre s erve t he custo mer’s VL AN tags on traffi c cross ing the service p rovider’ s netw ork.
VLAN C ONFIGURATION 13-34 Field Attribut es • Entry Counts – The numb er of ent ries i n the VLA N swapp ing tabl e. • VLAN Swa p Table – Contains e ach entry in the V LAN s wapping tabl e. • InPort – Port through w hich traffic is enter ing the switc h.
C ONFIGURING VLAN S WAPP IN G 13-35 CLI – This example configures V LAN swapp ing for up stream traffic between port 1 and port 18, exc hanging VLAN ID 1 for VLAN ID 3. It then sets VLAN swapp ing for do w nstre am traffic to ex change VLAN ID 3 for VLAN ID 1.
VLAN C ONFIGURATION 13-36.
14-1 C HAPTER 14 C LASS OF S ERVICE Class of Ser vice (CoS) allows you to sp ecify which data packets ha ve greater pr ecedence w hen traf fic is buf fered in the swi tch due to cong estion . Th is switch suppo rts CoS with e ight priorit y queue s for ea ch port.
C LASS OF S ER VICE 14-2 Command Att ribut es • Default Priority 21 – The priority that is assigne d to unta gged frames received on the specifie d interface. (Range: 0 - 7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffe rs provided for each port.
L AYER 2 Q UEUE S ETTINGS 14-3 CLI – T his example as signs a default prio rity of 5 to por t 3. Mappin g CoS Values to Egre ss Queues This sw itch processes Class of Ser v ice (CoS) priority tag ge d traffic by using e ight priori ty queues for ea ch po rt, with service sc hedule s based on strict or W eighte d R ound Robin (WRR).
C LASS OF S ER VICE 14-4 The priority levels recommended in the IEE E 802.1p standard for various network applications are shown in th e follow ing tabl e. How ever , you can map the priority levels to the switch’ s out put queues in any way that benefi ts app licatio n traf fic for y our own netw ork.
L AYER 2 Q UEUE S ETTINGS 14-5 We b – Click Prior ity , T raffic C lasses. Assign priorit ies to th e traffic c lasses (i.e. , output que ues), then click Appl y . Figure 14-2 Traffic Classes CLI – The follo wing ex ample s hows how to c hange th e CoS assig nment s to a on e-to-o ne mapp ing .
C LASS OF S ER VICE 14-6 Selecting the Queue Mode Y ou can set th e switch to ser vice the queu es based o n a strict r u le that require s all traffic i n a high er prio rity qu eue to be proce ssed .
L AYER 2 Q UEUE S ETTINGS 14-7 We b – Click Priority , Queue Mode . Select Strict or WRR, then click Apply . Figure 14-3 Queue Mode CLI – The follow ing set s the que ue mode to strict p riori ty service mode .
C LASS OF S ER VICE 14-8 Command Att ribut es • WRR Setting Table 23 – D ispla ys a list o f weights fo r each tr affic class (i.e., queue ). • Weigh t Value – Set a n ew weigh t for the s elected t raffic clas s. (Range: 0-15) Use queue weights 1-15 for queues allocated service time bas ed on WRR.
L AY ER 3/4 P RIORI TY S ETTINGS 14-9 CLI – The follow ing exam ple s hows ho w to assig n WRR w eight s to prior ity queu es 0- 5, a nd stri ct p rior ity to queu es 6 an d 7.
C LASS OF S ER VICE 14-10 Selecting IP Precedence/DSCP Priority The swi tch all ows you to choo se be tween us ing IP Prec edence or DSCP priorit y. Select one of the methods or disable th is feature . Command Att ribut es • Disabled – Disable s both priority services .
L AY ER 3/4 P RIORI TY S ETTINGS 14-11 Mapping IP Precedence The T ype of Service (T oS) oct et in th e IPv4 heade r includes thr ee preceden ce bit s defi ning ei ght d ifferent p riori ty lev els rangi ng from h ighest prior ity f or ne tw ork co ntro l pac ket s to l ow est pri orit y for ro utine traffi c.
C LASS OF S ER VICE 14-12 We b – Click Pri ority , IP Preceden ce Priori ty . Select an entry from th e IP Preceden ce Priorit y T able, en ter a v alue in the Class o f Ser vice V alue field, and then click Apply .
L AY ER 3/4 P RIORI TY S ETTINGS 14-13 Mapping DSCP Priority The DSCP is six bits wide, allo w ing cod ing for up to 64 d ifferent forwardi ng behaviors.
C LASS OF S ER VICE 14-14 We b – Click Priority , IP DSCP Priority . Selec t an entr y from the DSCP table , ente r a v alue i n the Class o f Service V alue field, then click A pply .
L AY ER 3/4 P RIORI TY S ETTINGS 14-15 Mapping IPv6 Traffic Classes The Tr affic C lass field i n the IP v6 head er may be used by orig inati ng nodes and/or f orward ing ro uters to id entify a nd distin guish betw een different classes or prio rities for IPv6 packets.
C LASS OF S ER VICE 14-16 CLI – The follow ing examp le maps t he T raffic Clas s v alue of 1 to CoS va lu e 0. Map ping IP Port Prio rity Y ou can also ma p network applica tions to Cla ss of Ser v ice values based on the IP port number (i.e., TCP/UDP por t number ) in the frame hea der .
L AY ER 3/4 P RIORI TY S ETTINGS 14-17 Click Priority , IP P ort Priority . Enter the por t number for a network application in the IP Port Number bo x and the new CoS value in t he Class of Service bo x, and th en clic k Apply .
C LASS OF S ER VICE 14-18.
15-1 C HAPTER 15 Q UALITY OF S ERVICE The command s described in this section are used to configure Quality of Servi ce ( QoS) cla ssificat ion criter ia and ser vice po licies .
Q UALITY OF S ER VI CE 15-2 Notes: 1. You can config ure up to 16 rules per C lass Map. Y ou can also include multiple classe s in a Policy Map. 2. You sh ould cre ate a Clas s Map b efore cr eating a Policy M ap. Othe rwise, yo u will not be a ble to select a Class Map from th e Policy Ru le Setti ngs scr een (see page 15-9).
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-3 Configuring a Class Map A class map is us ed for matc hing pack ets to a speci fied cl ass . Command Usage • To config ure a Clas s Map, follow t hese s teps: - Open the Class Map pa ge, and click A dd Class.
Q UALITY OF S ER VI CE 15-4 Setti ngs” pag e. Enter t he cr iteria us ed to cl assify i ngress t raffic on this web page. • Remove Class – Removes the se lected class.
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-5 We b – Cl ick QoS, Diff Ser v , then cl ick Add Class to crea te a new class, or Edit Rules to change the r ules of an exis ting class .
Q UALITY OF S ER VI CE 15-6 Creating QoS Policies This fun ction creat es a pol icy ma p that can be attached t o mul tiple interfaces . Command Usage • To confi gure a Po licy Map, follow these steps: - Create a Class Map as described on page 15-3.
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-7 Command Att ribut es Pol ic y M ap • Modify Name and Description – Co nfigures t he na me and a b rief descr iption of a policy map.
Q UALITY OF S ER VI CE 15-8 • Remove Class – Deletes a class. - Poli c y Op tion s - • Class Name – Name of class map. • Action – Configures the se r vice provided to ing ress traffic by setting a CoS , DSCP , or IP Preced ence v alue in a matc hing pac ket (as sp ecified i n Match Class Setting s on pag e 15-3) .
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-9 We b – Click QoS , DiffSer v , P olicy Map to disp la y the list of existin g policy maps . T o add a new policy map click Add P olicy . T o configure the poli cy r ule settings click Edit Classes.
Q UALITY OF S ER VI CE 15-10 CLI – T his example create s a policy map called “rd- policy ,” sets the av erage bandwidth the 1 Mbps, the burst rate to 1522 bps , and the respo nse to re duce the DSC P value for violati ng packet s to 0.
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-11 We b – Click QoS , DiffSer v , Se r vice P olicy Set tings . Check Enabled and choose a P olicy Map for a por t from the sc roll-down box, then click App ly . Figure 15-3 Serv ice Po licy Set tings CLI - Th is example applies a ser vice policy to an ingress in terface.
Q UALITY OF S ER VI CE 15-12.
16-1 C HAPTER 16 M ULTICAST F ILTERING Multicasting is used to suppor t real-time applications such as videocon ferencing or streaming audio . A multicast ser ver does no t have to establish a separate conne ction wit h each client .
M ULTICAST F ILTERING 16-2 those p orts only . It then pro pagates th e ser vice request up to any neighboring mult icast switch/router to ensu re that it will continue to receiv e the multicast ser vic e.
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-3 is forwarde d to the host s from each of th ese sour ces . IGMPv 3 hosts may also requ est tha t ser vic e be forw arded from all s ources ex cept for those specified. In this case, traffic is filtered from so urces in the Ex clude list, and forw arded from a ll othe r avai lable so urces .
M ULTICAST F ILTERING 16-4 Configuring I GMP Snooping and Query P arameters Y ou can config ure the switch to forward multicast traffic intellig ently . Based on the IGMP query and report mes sages , the s witc h forw ards traffic only to the por ts that request multicast traffic.
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-5 Command Att ribut es • IGMP Status — Wh en ena bled, the swi tch wi ll mon itor n etwo rk traf fic to determine wh ich hosts want to receive multicast traffic. This is also referred t o as IGMP Sn ooping.
M ULTICAST F ILTERING 16-6 We b – Click IGMP Sn ooping , IGMP Co nfiguration. Adjust the I GMP settings as required , and then click Apply . (T he default settings ar e shown below .) Figure 16-1 IGMP Configuration CLI – T his example modifies the settin gs for multicast filtering, and then disp lays the current sta tus .
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-7 Displaying Interfaces At tached to a Multicast Router Multi cast rout ers th at are attac h ed t o ports on the swit ch us e information obtained from IGM P , along with a m ulticast routing pro tocol such as D VMRP or PIM, to suppor t IP multica sting ac ross the In ter net.
M ULTICAST F ILTERING 16-8 CLI – T his example shows that P ort 11 h as been statically config ured as a port attached to a multicast r o uter . Specifying Static Interfaces for a Multicast Router Depe nding on your network connect ions , I GMP snoop ing may n ot always be able t o loca te the I GMP querie r .
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-9 CLI – T his example configures port 11 as a m ulticast router por t within VLAN 1. Displaying Port Members of Mult icast Services Y ou can disp la y the port members associat ed wit h a spec ified VLA N and multicast ser vice.
M ULTICAST F ILTERING 16-10 We b – Click IGMP Snooping, IP Multicast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from the scroll-down lists . The swit c h will display all the interfaces that are propag ating this multicast ser vice.
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-11 Assi gning Port s to Mu ltic ast Ser vices Multicast filte ring can be dynamic ally configured using IGM P Snooping and IG MP Quer y messag es a s descri bed in “Configu ring IGM P Snoop ing and Quer y P arameters” on page 16-4.
M ULTICAST F ILTERING 16-12 We b – Click I GMP Snoo ping, I GMP Me m ber P or t T able . Spec ify the interface atta ched to a m ulticast ser v ice (via an IGMP-enabled switch or multicast rout er), ind icate the VLAN that wil l propag ate the multicast ser vice, specify the multicast IP address, and click Add.
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-13 Configuring I mmediate Leave from Multicast Gr oups Th e swit ch can be conf igur ed t o imme diate ly de lete a memb er por t of a multicast ser vice if a leave pack et is re ceiv ed at that po rt and the immediate-leave function is enabled for the parent VLAN .
M ULTICAST F ILTERING 16-14 We b – Click I GMP Snoopi ng, I GMP Imm ediate Leav e T able. Sel ect the VLAN interface to con figure, set the status for immediate leave , and click Apply . Figure 16-6 IGMP Immediate Leave Table CLI – This example enables i mmediate l eav e on VLAN 1.
IGMP F ILTERING AND T HROTTLING 16-15 IGMP thro ttling sets a maximum number of multicast grou ps that a por t can join at the same time. Wh en the maximum number of gr oups is reach ed on a port, the swit ch can take o ne of tw o acti ons; eit her “deny” or “replace.
M ULTICAST F ILTERING 16-16 CLI – T his example enables IGMP filter ing and creates a profile number . It th en displ ay s the cu rrent status and the existing p rofi le n umbers .
IGMP F ILTERING AND T HROTTLING 16-17 • Current Multicast Address Range List – Lists multicast groups currently included in the profile. Select an entry and click th e Remove but ton to delete i t fr om th e lis t. We b – Click IGMP Sn ooping, IGM P Profile Group Configuration .
M ULTICAST F ILTERING 16-18 Configuring I GMP Filtering and Thr ottling for Interfaces Once y ou ha v e conf igured IGMP pr ofiles , you can assig n them to interf aces on the switch. Also , you can set th e IGMP thr ottlin g number to lim it the n umber of multicast groups an interface can join at the same time.
IGMP F ILTERING AND T HROTTLING 16-19 We b – Click IGMP Snooping, IG MP Filt er/Th rottling Port Configuration or IGMP Filter/T hrottlin g T r unk Co nfig uration. Select a profile to assign to an inter face, then set th e throttlin g number and action .
M ULTICAST F ILTERING 16-20 Multicas t VLAN Registrati on Multicast VLAN R egistration (MVR) is a protocol that controls acce ss to a single ne twork-wide VL AN most co mmonly use d for tran smitting multicas t traffic (such as television c hannels or video-on-demand ) across a ser vice provider’ s netw ork.
M ULTICAST VLAN R EGISTRATION 16-21 General Configuration Guidelines for MVR 1. Enable MVR globally on the s witch, select the MVR VLAN, and add the multicas t gro ups that wi ll stream traffic to attached hosts (s ee “Configu ring G lobal M VR Set tings ” on p age 16-21) .
M ULTICAST F ILTERING 16-22 Field Attribut es •M V R D o m a i n – An independent m ulticast domain . (Range: 1-3; Default: 1) • MVR Status – When MVR is enabled on both the s witch , any mul .
M ULTICAST VLAN R EGISTRATION 16-23 We b – Click MVR, Configuration . Select the MVR domain, enable MVR glob ally on the switch , select the MVR VLAN , add the m ultica st groups that will stream traffic to attached hosts, and then clic k Apply .
M ULTICAST F ILTERING 16-24 Displaying MVR Interface Status You can display informat ion about the i nterfaces at tache d to th e MVR VLAN. Field Attribut es •M V R D o m a i n – An independent m ulticast domain . • Type – Shows th e MVR port ty pe.
M ULTICAST VLAN R EGISTRATION 16-25 CLI – This example sh ows in formati on abo ut interf aces attached to the MVR VL AN . Console#show mvr interface 35-29 ========================================= .
M ULTICAST F ILTERING 16-26 Configuring M VR Interfaces Each interface that particip ates in the MVR VLAN m ust be config ured as an MVR source po rt or receiver po rt . If only o ne subs criber attached to an interface is receiving multicast ser vices, y ou can enable the immediate leave funct ion.
M ULTICAST VLAN R EGISTRATION 16-27 - Using immedia te leave can spee d up lea ve laten cy, but s hould on ly be enabled o n a port attached t o one mu lticast subscri ber to avoi d disrup ting servic es to oth er group mem bers atta ched to the same interface.
M ULTICAST F ILTERING 16-28 We b – Click MVR, Po rt Configuration or T r unk Con figuration. Figure 16-12 MVR Port Configur ation CLI – This examp le config ures an MVR s ource port and rec eiv er port, and then e nables im mediate lea ve on t he rece iv er po r t.
M ULTICAST VLAN R EGISTRATION 16-29 We b – Click MVR, Group IP Infor mation. Figure 16-13 MVR Group IP Information CLI – This examp le following shows information about the interfaces associa t ed wi th m ultic ast groups assi gned t o the M VR VLAN .
M ULTICAST F ILTERING 16-30 Assigning Stat ic Multicas t Groups to Interfaces F or mult icast streams that will r un for a lo ng ter m and be associate d with a stable set of host s , you can st atically b ind the multi cast g rou p to the part icipating interfaces.
M ULTICAST VLAN R EGISTRATION 16-31 We b – Click MVR, Group Member Config uration. Select a port or trunk from t he “Int erface” fie ld, and click Qu ery to di splay t he assi gned multicast groups . Select a multicast address from the disp layed lists, and click the Add or Remo ve button to modify the Member list.
M ULTICAST F ILTERING 16-32.
17-1 C HAPTER 17 D OMAIN N AME S ERVICE The Domain Naming System (DNS) s er vice on this sw itch allo ws host names t o be mapped to IP addres ses using s tatic table entries o r by redirec tion to ot her name ser vers on the network.
D OMAIN N AME S ER VICE 17-2 • When mo re than one n ame serve r is sp ecified , the s ervers are queri ed in the sp ecifie d sequenc e until a respo nse is re ceived, or the en d of t he list is reache d with no resp onse. • If all name servers are deleted, DN S will automatically be disab led.
C ONFIGURING G ENERAL DNS S ER VICE P ARAM ETERS 17-3 We b – Select DNS , Ge neral Configuration. Set the default domain na me or lis t of doma in name s , specify one or more name s er v ers to use t o use for addre ss resolution, e n able doma in lookup status , and click Apply .
D OMAIN N AME S ER VICE 17-4 CLI - T his example sets a default domain name and a domain list. Howev er, r emember that if a domain list is specified, the default domain name is not u sed.
C ONFIGURING S TATI C DNS H OST TO A DDR ESS E NTRIES 17-5 Field Attribut es • Host Name – Name of a ho st devic e that is mapp ed to one or more IP addresses . (Range: 1-127 characters) • IP Address – I nternet ad dress(es) as sociated wit h a host n ame.
D OMAIN N AME S ER VICE 17-6 CLI - T his ex ample ma ps tw o address to a host nam e, and then config ures an alias ho st name for the same addr esses. Displaying the DNS Cache Y ou can disp lay e n tries in th e DNS cac he that hav e been learned via t he desi gnated name ser v e rs .
D ISPLAY IN G THE DNS C ACHE 17-7 We b – Se le c t D NS, C ach e. Figure 17-3 DNS Cache CLI - T his e xample d ispla ys all t he resou rce record s learned fro m the designated name servers . Console#show dns cache 36-9 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.
D OMAIN N AME S ER VICE 17-8.
S ECTION III C OMMAND L INE I NTERF ACE This se ction provides a detailed descriptio n of the Command Line Interface , along wi th examples for all of the c ommands . Overview of th e Command Li ne Interfa ce . . . . . . . . . . . . . . . . . . . . . .
C OMMAND L IN E I NTE RFA CE IP Inter face Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38-1.
18-1 C HAPTER 18 O VERVIE W OF THE C OMMAND L INE I NTERFA CE This ch apter de scribes how to use the Com mand Li ne Int erface (CLI ). Using the Com mand Line Inte rface Accessing the CLI When acces .
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-2 After c o nnec ting to the syst em thr ough th e conso le port, th e login screen displ ays: Telnet Connection T elnet operates o ver the I P trans port protocol.
E NTERING C OMMANDS 18-3 2. At the prompt , enter the user name and system password. The CL I will disp lay t he “Vty- n #” pr ompt fo r the ad minist rator to sho w that you are using privileg ed access mode (i.e., Privileged Exec), or “Vty - n >” f or the guest to s how th at you are using normal access mode (i.
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-4 • To enter multiple commands, e nter each c ommand in the required orde r. For examp le, to enable Pri vileged Exec command mod e, and di splay th.
E NTERING C OMMANDS 18-5 Sho wing C omm ands If you enter a “?” at the command prompt , the system will display the first lev el of key wo rds for t he current com mand clas s (No r mal Ex ec or Pri vileged Ex ec) or configur ation class ( Global, A CL, Interface , Lin e, or VLAN Database, or MSTP ).
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-6 The co mmand “ show i nterfaces ? ” will disp la y the following infor mation: Partial Keyword Lookup If yo u ter minate a partial ke yw ord with a que stion mark, alternativ es that match the initial letters are provided.
E NTERING C OMMANDS 18-7 Using Co mmand History The CLI maint ains a history of comma nds tha t hav e been ente red. Y ou can sc roll bac k through t he his tory of comman ds by press ing t he up arro w ke y . Any co mmand di spla yed in the hi story list c an be ex ecuted again, or first m odified a nd th en exe cuted.
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-8 Exec Commands When y ou ope n a new co nsol e sessi on on th e swit ch wi th th e user nam e and pas sw ord “g uest, ” the sy stem en ters the Nor mal Ex ec command mode ( or gues t mo de), dis pla ying the “ Conso le>” c ommand promp t.
E NTERING C OMMANDS 18-9 The conf igurati on comm ands a re organized into differen t modes : • Global Con figuration - These commands modify the system level config urati on, and in clude commands such a s hostname and snmp-server community . • Access Co ntrol Lis t Confi guration - T hese comma nds are used for packet filt ering.
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-10 T o enter t he othe r modes, at the config uratio n prom pt type one of t he follo wing co mmands .
E NTERING C OMMANDS 18-11 For exa mple, yo u can use the fol lowing co mmands t o enter interfa ce configuration m ode, and then return to Privileged Exec mode Command Line Pr ocessing Commands are not case sen siti v e .
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-12 Comman d Groups The syst em comma nds can b e bro ken do wn into th e functi onal groups shown below . Esc-F Move s the cursor forward one word. Del ete ke y or bac ks pac e key Eras es a mis ta ke w hen ent eri ng a comma nd.
C OMMAND G RO U P S 18-13 Interface Co nfigures the conne ction parameters for a ll Eth ern et p ort s, a ggr egat ed link s, a nd V LANs 25-1 Link Aggrega tion Statically groups multipl e ports into .
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-14 The access m ode sho w n in the fol lowi ng tab les is in dicated b y thes e abbr eviati ons: ACL (Access Cont rol Li st Conf igurat ion) CM (Class.
19-1 C HAPTER 19 G ENERAL C OMMANDS These comm ands are used to control the co mmand access m ode, config uration m ode, and othe r basic f unctions. Table 1 9-1 Ge neral Commands Command Funct ion Mo.
G ENERA L C OMMANDS 19-2 enable This c ommand activates Pri vilege d Ex ec mode. In privileged mo de, addition al commands are a vailable , and certain commands display additiona l infor matio n. See “Und erstanding Command Mod es” on pag e 18-7. Syntax enab le [ level ] leve l - Privil ege level to log into the device .
DIS ABLE 19-3 disable This comm and returns to Nor mal Exec mode from privileged mod e . In nor mal access mode , yo u can onl y dis play basic in formation on th e switch's configuration or Ethe rnet stat istics . T o gain access to all comma nds, you must us e the privi lege d mod e.
G ENERA L C OMMANDS 19-4 Example Related Commands end (19-6) show h ist ory This comma nd sho ws the cont ents of the co mmand hi story buffer . Default Setting None Command Mode Nor mal Exec, Pri v ileged Exec Command Usage The history buffer si ze is fix ed at 10 Ex ecutio n command s and 10 Configur ation c ommands .
RE L O AD 19-5 The ! com mand repeat s comma nds from the Ex ecution command hi story buffer wh en y ou are i n Normal Exec or Pri vileged E xec Mode , and command s from the Con figurat ion comma nd history buffer when y ou are in any of the config uration modes .
G ENERA L C OMMANDS 19-6 prompt This comma nd custom izes the CLI pr ompt. Us e the no for m to re sto re the def ault prompt . Syntax prompt string no prompt string - Any a lpha num eric st ring t o use fo r the C LI pr ompt.
EXIT 19-7 exit This comm and returns to the previous configuration mo de or exits the config uration pr ogr am. Default Setting None Command Mode Any Example This examp le sho ws ho w to return to t h.
G ENERA L C OMMANDS 19-8 Example This e xample sh ows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username:.
20-1 C HAPTER 20 S YSTEM M ANAGEMENT C OMMANDS These comman ds are used to control system l ogs , passw ords, user names , manageme nt opt ions , and displ ay o r confi gure a v ariety of o ther system infor mation.
S YSTEM M ANAGEM ENT C OMMANDS 20-2 Device Design ati on Com mands This se ction describe s commands used to config ure infor mation th at unique ly ident ifies th e switc h. hostname This command s pecifies or modifi es the hos t name for t his device .
S YSTEM S TATUS C OMMANDS 20-3 System Status Commands This secti on descr ibes co mmands u s ed t o disp lay s ystem i nfor mation . show startup- config This c ommand displays the configuration file store d in non-volatile memor y tha t is used to s tart up the syst em.
S YSTEM M ANAGEM ENT C OMMANDS 20-4 This com mand dis plays set tings for key command m odes. Each mode group is separate d by “!” symb ols, and includes the config uration mode command, and correspondin g commands.
S YSTEM S TATUS C OMMANDS 20-5 Example Related Commands show r unning-config (20-6) Console#show startup-config building startup-config, please wait..... !<stackingDB>00</stackingDB> !<stackingMac>01_00-20-1a-df-9c-a0_00</st ackingMac> ! phymap 00-20-1a-df-9c-a0 ! SNTP server 0.
S YSTEM M ANAGEM ENT C OMMANDS 20-6 show runnin g-config This comma nd displ ays t he confi gur ation infor mation curren tly in use. Command Mode Pri vileged Ex ec Command Usage Use this command in conjunction with th e show startup-config command to compare the informatio n in running memory to t he infor matio n store d in no n-volatile memory.
S YSTEM S TATUS C OMMANDS 20-7 Example Console#show running-config building running-config, please wait..... !<stackingDB>00</stackingDB> !<stackingMac>01_00-30-f1-d4-73-a0_00</st ackingMac> ! phymap 00-30-f1-d4-73-a0 ! SNTP server 0.
S YSTEM M ANAGEM ENT C OMMANDS 20-8 Related Commands show star tup-config (20-3) show system This c ommand displays system infor m ation. Default Setting None Command Mode Nor mal Exec, Pri v ileged Exec Command Usage • For a descr ipti on of th e items show n by th is command, refer t o “Displaying Sy stem Information ” on page 4-1.
S YSTEM S TATUS C OMMANDS 20-9 show u ser s Shows all activ e console and T elnet session s , inc luding user name, idle time, and IP address of T e lnet client. Default Setting None Command Mode Nor mal Exec, Pri v ileged Exec Command Usage The session us ed to ex ecute this co mmand is in dicated by a “*” symbol next to t he Line (i.
S YSTEM M ANAGEM ENT C OMMANDS 20-10 show ve rsion This co mmand displays hardware and software version in for mation for the system . Command Mode Nor mal Exec, Pri v ileged Exec Command Usage See “Displaying Hardware/Software V ersion s” on page 4-7 for detailed infor mation on the items d isplayed by this comman d.
S YSTEM S TATUS C OMMANDS 20-11 Example show cpu utilization This command shows the CPU utilizati on parameters . Command Mode Nor mal Exec, Pri v ileged Exec Example Console#show bme version Firmware Firmware-VTU-O:1.0.5r 11IK004010 Time May 19 2006 18:16:42, RTOS Nucleus BME R:96 AFE<num, ver> <0:b10> <1:b10> IFE<num:Dev.
S YSTEM M ANAGEM ENT C OMMANDS 20-12 show me mory status This c ommand shows memor y utilization parameters . Command Mode Nor mal Exec, Pri v ileged Exec Example Table 20-5 show cpu util ization - di.
S YSTEM M ODE C OMMANDS 20-13 System Mode Commands This secti on des cribes command used t o config ure the switc h to operat e in normal mo de or Qi nQ mode . system mode This comman d sets t he switc h to operate in QinQ mode . Use th e no for m to restor e the defau lt setting of nor mal oper ating mode.
S YSTEM M ANAGEM ENT C OMMANDS 20-14 Default Setting Nor mal ope rating mode Command Mode Global Configura t ion Command Usage Make sure that no dot1q-tunnel port is config ured before exiting QinQ mode (s ee “ switchpor t mo de dot 1q- tunnel ” on pa g e 32-27 ).
F RAME S IZE C OMMANDS 20-15 Frame Size Commands This secti on descr ibes commands u sed to configu re the Et hernet fra me size on th e switch. jumbo frame This comm and enables suppor t for jumbo frames for Gig abit Ether net ports . Use th e no for m to disable it.
S YSTEM M ANAGEM ENT C OMMANDS 20-16 Example File Manage ment Comm ands Managing Fir mw are Fir mware can be uploaded an d downloade d to or from a TFTP ser ver . By saving ru ntime code to a file on a TFTP ser ver, that file can later be dow nloaded to the s witch to re store o peration.
F ILE M ANAGEME NT C OMMANDS 20-17 copy Th is comman d moves (upload/ download) a code imag e or c onfigura tion file b etwee n the sw itc h’ s flash memory and a TFTP server .
S YSTEM M ANAGEM ENT C OMMANDS 20-18 settings will be set to default values whe n the system is reboot ed using this file. • fir mware - Keyword that all ows you t o copy BME fi rmware used for upgradin g CPEs to reserved bu ffer sp ace in the sw itch.
F ILE M ANAGEME NT C OMMANDS 20-19 •U s e t h e partial-running-config keyword to copy basic setting s for the IP config uration, SNMP community strings, and CL I user names and pa sswords t o a star tup con figurati on fil e.
S YSTEM M ANAGEM ENT C OMMANDS 20-20 Th e following exa mple sh ows how to copy the r unning co nfigur ation to a star tup file . Th e following example shows how to download a configur ation file: This examp le sho ws ho w to co py a s ecure-site certificate from an TFTP ser ver.
F ILE M ANAGEME NT C OMMANDS 20-21 This exampl e shows ho w to copy a public-key used b y SSH fro m an TFT P server . Note that publ ic k ey au then ticati on vi a SS H is o nly su pported for users configured locally on the switch.
S YSTEM M ANAGEM ENT C OMMANDS 20-22 delete This comm and deletes a file or image. Syntax delete filename filename - Name of configuration file or code image. Default Setting None Command Mode Pri vileged Ex ec Command Usage • If the file type is used for system startup, then this file cannot be delete d.
F ILE M ANAGEME NT C OMMANDS 20-23 dir This comm and displays a list of files in flash memor y . Syntax dir {{ boot-r om: | config: | opcode: } [ fil ename ]} The ty pe of file or image t o display includes: • boot-rom - Boot RO M (or diagnostic) image file.
S YSTEM M ANAGEM ENT C OMMANDS 20-24 Example The following example shows how to display all file infor mation: whichboot This command displa ys whi ch files were bo oted when th e system po wered up . Default Setting None Command Mode Pri vileged Ex ec Example This examp le sho ws the information displ aye d by t he whichboot comma nd.
F ILE M ANAGEME NT C OMMANDS 20-25 boot system This comma nd specifi es the fi le or im age used to start up the s ystem. Syntax boot system { boot-rom | config | opcode }: filename The ty pe of file or imag e to set as a de fault includes : • boot-rom * - Boot RO M.
S YSTEM M ANAGEM ENT C OMMANDS 20-26 Line Co mmand s Y ou can access the onboard configuration program by attaching a VT100 compa tible devic e to th e ser v er’ s serial p ort. These comman ds are us ed to set com municat ion pa rameter s for th e serial port or T elnet ( i.
L INE C OMMANDS 20-27 line This comma nd identifi es a sp ecific line for configurat ion, an d to pro cess subse quent line co nfigu ration com mands . Syntax line { console | vty } • console - Consol e termi nal line. • vty - Virtual terminal fo r remote cons ole access (i.
S YSTEM M ANAGEM ENT C OMMANDS 20-28 login This command enables passw ord chec king at login. Use the no for m to disable password checking and allow con nection s witho ut a pass w ord. Syntax login [ local ] no login local - Selec ts local password checking .
L INE C OMMANDS 20-29 Example Related Commands username ( 22-2) password (20-29) password This comma nd specifi es the pa ssword for a line . Use the no for m to remove the password .
S YSTEM M ANAGEM ENT C OMMANDS 20-30 configuration file from a TFTP server. Th ere is no need for you to manual ly con figure e n cr ypted p asswo rds. Example Related Commands login (20-28) password-thresh (20-32) timeout login re sponse This c ommand sets t he inter val that the syst em waits for a user to lo g into the CL I.
L INE C OMMANDS 20-31 Example T o set the timeou t to tw o minu tes , ent er th is c omman d: exec-timeout This c ommand sets the inter v al that the system waits until user input is detected. Use th e no for m to res tore t he defa ult. Syntax exec-timeout [ second s ] no exec-timeout seconds - In teger that sp ecifies the timeou t inter val.
S YSTEM M ANAGEM ENT C OMMANDS 20-32 password-thr esh This c ommand sets the password intr usion threshold which lim its the number of failed lo go n attempts. Use the no for m to remove the thresh old val u e. Syntax passw ord-thresh [ thr esh old ] no passw ord-thr esh thr eshold - The num ber of all ow ed passw ord at tempts .
L INE C OMMANDS 20-33 silen t-time This c ommand se ts the amount of time the man ageme nt console is inacce ssible after the n umber of unsucc essful logon attempt s ex ceeds the threshold set by the pa ssw ord-thresh command . Use the no for m to remov e the silent ti me value .
S YSTEM M ANAGEM ENT C OMMANDS 20-34 Default Setting 8 data bits per c haracter Command Mode Line Configuration Command Usage The databits co mmand can be u sed to m ask th e high bit on i nput from dev ices that g ene rate 7 da ta bits with parity . I f parity is being generated, speci fy 7 data bits per char acter .
L INE C OMMANDS 20-35 Command Usage Communic ation pr otocol s provided by de vices s uch as ter minals and modems o ften req uire a spec ific parity b it setting. Example T o specif y no parit y , ente r this co mmand: spee d This command s ets the ter minal line’ s baud rate.
S YSTEM M ANAGEM ENT C OMMANDS 20-36 Example T o specify 57600 bps , enter this command: stopbit s This c ommand se ts the number of th e stop bit s transmitte d per byte.
L INE C OMMANDS 20-37 Command Usage Specifying s ession identifier “0” will disconn ect the consol e connecti on. Specifying an y other identifiers for an act iv e session will disco nnect an SSH or T elnet connect ion.
S YSTEM M ANAGEM ENT C OMMANDS 20-38 Example T o show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: D.
E VENT L OG GING C OMMANDS 20-39 Event Loggin g Commands This sect ion de scribes comma nds used to c onfigu re ev ent l og ging on the switch. logging on This c ommand controls lo g ging of er ror messag es, sending debug or er ror messag es to a log ging proces s .
S YSTEM M ANAGEM ENT C OMMANDS 20-40 comma nd to co ntrol the typ e of error messages that are stored i n memor y . Y ou can use the logging trap comma nd to con trol th e type of er ror messag es that a re sent to specifie d syslog se r vers .
E VENT L OG GING C OMMANDS 20-41 Default Setting Flash: errors (lev el 3 - 0) RAM: warnings ( level 7 - 0) Command Mode Global Configura t ion Command Usage The message lev el specified for flash memor y must be a hi gher priority (i.e. , n umerically low er) than that sp ecified for RA M.
S YSTEM M ANAGEM ENT C OMMANDS 20-42 Command Mode Global Configura t ion Command Usage • Use this c ommand more than o nce to build u p a list of host IP addres ses. • The maximum number of ho st IP addresses allowed is five . Example logging facility This c ommand sets the facility type for remote log ging of syslog mess ages.
E VENT L OG GING C OMMANDS 20-43 logging trap This command en ables t he logging of system me ssages to a remote server , or li mits the sy slog mess ages sa ved to a r emot e server based on se ve rity . Use this comm and without a specified level to enable remote log gi ng .
S YSTEM M ANAGEM ENT C OMMANDS 20-44 clear log This command clears mes sages from t he log bu ffer . Syntax clear lo g [ fl as h | ram ] • flash - Even t history st ored in fla sh memory (i.e., per manent memory). • ram - Even t hist ory sto red in te m porary RAM (i.
E VENT L OG GING C OMMANDS 20-45 show logging This command displays the co nfiguration settings for log ging messages to local switch memor y , to an SMTP ev ent handler, or to a remote syslog ser ver. Syntax show log ging { fl as h | ram | sendmail | trap } • flash - Disp lays settings for storing event messages in flash memory (i.
S YSTEM M ANAGEM ENT C OMMANDS 20-46 Example The following example shows that syste m log ging is enable d, the messag e level for flash m emory is “err ors” (i.e., default level 3 - 0), and the messag e level for RAM is “debug ging” (i.e., default level 7 - 0).
E VENT L OG GING C OMMANDS 20-47 Related Commands show log ging se ndmail (20-52) show l og This comma nd displ ays t he log mes sages stored in local memory . Syntax show log { fl as h | ram } • flash - Even t history stored in flash memo ry (i.e. , permane nt memory).
S YSTEM M ANAGEM ENT C OMMANDS 20-48 SMTP Alert Commands These commands con figure SMTP ev ent handling, and forwa rding of alert messa ges to the s pecifie d SMTP s er v ers and e mail reci pien ts . logging sendmail hos t This c ommand specifies SMTP ser v ers that will be sent alert messag es .
SMTP A LERT C OMMANDS 20-49 • To s end em ail ale rts, th e switch fir st opens a c onnecti on, sen ds all the email alerts wait ing in the queue on e by one , and fi nally cl oses the conn ection .
S YSTEM M ANAGEM ENT C OMMANDS 20-50 logging sendmail so urce-email This command sets t he email add ress used for t he “F rom” field in alert messag es . Syntax lo gging sendmail source-email e mail-address email-address - The sour ce email a ddress used in alert mes sages .
SMTP A LERT C OMMANDS 20-51 Command Usage Y ou can spec ify up to fiv e recipients for alert mess ages . How ev er , you mus t enter a separate command t o specify e ach recipien t. Example logging sendmail This comma nd enabl es SMTP ev ent handl ing .
S YSTEM M ANAGEM ENT C OMMANDS 20-52 show logging se ndmail Th is comm and display s the set ting s for th e SMTP event han dler. Command Mode Nor mal Exec, Pri v ileged Exec Example Console#show logging sendmail SMTP servers ----------------------------------------- ------ 192.
T IME C OMMANDS 20-53 Time Co mmands The sys tem clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP). Main taining an acc urate time o n the switch enables the sys tem log to reco rd meanin gful dat es and t imes for ev ent entries .
S YSTEM M ANAGEM ENT C OMMANDS 20-54 Command Usage • The t ime acqui red from time ser vers is used to record accu rate dates and times fo r log e vents . Wit hout SN TP, th e switch only record s the time s tarti ng fro m the f actory defaul t set at th e last bootup (i.
T IME C OMMANDS 20-55 Command Mode Global Configura t ion Command Usage This c ommand specifie s time ser vers from which the switch will poll for time update s when set to SNTP c lient mode. T he client will poll the time ser vers in the order specified until a resp onse is received.
S YSTEM M ANAGEM ENT C OMMANDS 20-56 Related Commands sntp client (20-53) show s ntp This comman d displa ys the current time and configurat ion s ettings for the SNTP client, and i ndicate s whe ther or not t he lo cal time has been p roperly updated .
T IME C OMMANDS 20-57 clock timezone This command sets t he time z one for th e switc h’ s inte rnal clock. Syntax clock timezone name hour ho urs minute minu tes { bef ore-utc | after-utc } • name - Name of timezone, usually an acronym. (Range: 1-29 charact ers) • hours - Number of hours bef ore/afte r UTC.
S YSTEM M ANAGEM ENT C OMMANDS 20-58 calendar set This comma nd sets t he syst em cloc k. It ma y be used if t here i s no time ser ver on your network, or if you have not config ured th e switch to rece ive signals f rom a time s er ver . Syntax calendar set hour min se c { day month ye ar | month da y year } • hour - Hour in 24-hour format.
T IME C OMMANDS 20-59 Example Console#show calendar 15:12:34 February 1 2002 Console#.
S YSTEM M ANAGEM ENT C OMMANDS 20-60.
21-1 C HAPTER 21 SNMP C OMMANDS Controls access to this switch from manage ment stations using t he Simple Netw ork Managemen t Protoc ol (SNMP), as wel l as the error typ es sent t o trap manag ers.
SNMP C OMMANDS 21-2 snmp-se rver This comm and enables the SNMPv3 engin e and ser vices for all manag ement clien ts (i.e., v ersions 1, 2c , 3). Use the no for m to disable th e ser ver.
SHOW SNMP 21-3 show s nmp Th is co mmand c an be u sed to check th e statu s of S NMP communic atio ns . Default Setting None Command Mode Nor mal Exec, Pri v ileged Exec Command Usage This c ommand p.
SNMP C OMMANDS 21-4 snmp-serv er community This command defines the SNMP v1 an d v2c co mmuni ty acces s string . Use the no form to remo ve the sp ecified commun ity str ing .
SNMP - SER VER CONT ACT 21-5 snmp-serve r contact This comma nd sets the sys tem co ntact s tring . Use the no for m to remo v e the syst em con t ac t in formation. Syntax snmp-ser ver contact st rin g no snmp-ser ver contact string - String that describes the system conta ct infor mation.
SNMP C OMMANDS 21-6 Command Mode Global Configura t ion Example Related Commands snmp-ser ver cont act (21-5) snmp-serv er host This co mmand specifi es the recipi ent of a Sim ple Ne tw ork Management Protoc ol not ificati on oper ation . Use th e no form t o re mov e the specified host.
SNMP - SER VER HOST 21-7 community com mand prior to using the snm p-ser ver host command. (Maximum leng th: 32 charact ers) • version - Specif ies whet her to send n otificat ions as SNMP V ersion 1, 2c or 3 traps.
SNMP C OMMANDS 21-8 • Notification s are issued by the switc h as trap messages by default. The recip ient o f a tra p message does no t sen d a resp onse to the switch. Traps ar e therefore not as relia ble as i nform m essages, w hich in clude a req uest for a cknowle dgement o f receip t.
SNM P - SER VER ENAB LE TRAPS 21-9 user comma nd. Oth erwise, t he authent icatio n password and/or privacy password will not e xist, and the switc h will not authorize SNMP a ccess fo r the hos t.
SNMP C OMMANDS 21-10 notifi catio ns are en abled. If you enter the command w ith a ke yword, only the not ification type relate d to that keyword is e nabled. •T h e snmp-server enabl e traps comma nd is used in conju ncti on with the snmp-server host com mand.
SNMP - SER VER ENGINE - ID 21-11 Command Mode Global Configura t ion Command Usage • An SN MP engine is an independen t SNMP agent t hat resi des ei ther on this switch or on a r emote de vice. Th is engine protects ag ainst message repla y , del ay , and redirec tion.
SNMP C OMMANDS 21-12 show snmp engine-id This comma nd sh ows the SNM P engin e ID . Command Mode Pri vileged Ex ec Example This examp le sho ws the default e ngine ID .
SNMP - SER VER VIEW 21-13 snmp-serv er view This com man d adds an SNMP view wh ich co ntr ols us er acce ss to t he MIB . Use t he no for m to r emove an SN MP v iew . Syntax snmp-ser ver vi ew view -name o id-tr ee { included | excluded } no snmp-ser ver view view-na me •v i e w - n a m e - Name o f an SNMP view.
SNMP C OMMANDS 21-14 This view incl udes t he MIB-2 interfaces table , and the mas k selects all index entries. show s nmp v iew This comma nd sho ws in formation on th e SNMP view s . Command Mode Pri vileged Ex ec Example Console(config)#snmp-server view ifEntry.
SNMP - SER VER GR OUP 21-15 snmp-serv er group This command adds an SNM P group , mapping SNMP users to SNMP views . Use the no for m to remo v e an SNMP group .
SNMP C OMMANDS 21-16 • For addit ional inform ation on the no tificatio n messages supported b y this s witch, see Table 5-2, “Supported Notifi cation M essages, ” on page 5-19.
SHOW SNMP GR OUP 21-17 Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1.
SNMP C OMMANDS 21-18 snmp-serv er user This command adds a user to an SNMP group , restricting the us er to a specific S N MP R ead, W rite, or Notify Vi ew .
SNMP - SER VER USER 21-19 Command Usage • The SNMP e ngine I D is used to co mpute the authentic ation/pr ivacy dige sts fr om th e pass word. You should therefo re co nfigure t he e ngine ID with the snmp-server engine-id command before using this configuration c ommand.
SNMP C OMMANDS 21-20 show sn mp user This command shows infor mation o n SNMP us ers . Command Mode Pri vileged Ex ec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Name: ste.
22-1 C HAPTER 22 U SER A UTHE NTICA TION C OMMANDS Y ou can co nfigur e thi s swi tch to authentic ate u sers l og ging into the s ystem for manag ement a ccess using local or remote authentica tion met hods . P ort-based authentication using IEEE 802.
U SER A UTH ENTIC ATION C OMMANDS 22-2 User Acco unt Co mmands The basic c ommand s requir ed for management a ccess are listed in this section. T his switch also includes other options for password c.
U SER A CCOUNT C OMMANDS 22-3 • password password - The authent icatio n passwor d for the user. (Maximum length: 8 characters plain text, 32 encryp ted, case sensitive ) Default Setting The default access level is Normal Exec.
U SER A UTH ENTIC ATION C OMMANDS 22-4 enable password After initially log g ing onto the system, you should set th e Privileged Exec password. R eme mber to record it in a safe place. This command controls access t o the Pr iv ileged Ex ec lev el from the Normal Ex ec lev el.
A UTHENTICATION S EQUENC E 22-5 Related Commands enable (19-2) auth entica tion enab le (2 2-7) Authen ticat ion Seque nce Three auth entica tion method s can be sp ecified t o auth entic ate us ers log ging int o the system for manag ement access. The commands in this section can be us ed to d efine t he authent ication method an d sequenc e.
U SER A UTH ENTIC ATION C OMMANDS 22-6 Command Usage • R A D I U S u s e s U D P w h i l e TA C A C S + u s e s T C P . U D P o n l y o f f e r s b e s t effort delivery , wh ile TCP offers a connection-oriented transport .
A UTHENTICATION S EQUENC E 22-7 authentication enable This comma nd defin es the a uthenticat ion meth od an d prec edence to use when c hanging from Exe c command mode to Pri vileged Ex ec command mode with th e ena ble command (s ee page 19-2). Us e the no form to restore the default.
U SER A UTH ENTIC ATION C OMMANDS 22-8 Example Related Commands enabl e passw ord - sets the pa ssw ord for cha nging co mmand m odes (22-4) RADIUS Client Re mote Authen tication Dial-in User Ser vice.
RADIU S C LIENT 22-9 radius-server h ost This command specifies primary and backu p RADIUS servers an d authen tica tion para m ete rs that apply t o eac h server .
U SER A UTH ENTIC ATION C OMMANDS 22-10 radius-serve r port This command set s the RA DIUS ser v er netw ork port. Use the no form to restore the default. Syntax radius-ser ve r por t port_number no radius-server por t por t_nu mber - RADIUS ser ver UDP por t used for authe ntication messages .
RADIU S C LIENT 22-11 Example radius-server re transmit This comma nd sets the n umber of retr ies . Use the no fo r m to restore t he defau lt. Syntax radius-server retransmit number_of _retries no radius-server retransmit number_ of_r etries - Number of times the switch w ill try to authentica te logon a ccess via the RADIUS ser ver .
U SER A UTH ENTIC ATION C OMMANDS 22-12 Command Mode Global Configura t ion Example show radius-s erver This comma nd disp lays the current s etting s for the RADIUS s er v er .
TACACS+ C LIENT 22-13 TACACS+ Clie nt T er minal Access Controller Access Co ntrol System (T A CACS+) is a logon authent icati on protoc ol that use s software r unning on a centra l ser ver to control access t o T ACA CS-aw are d evices o n the netw ork.
U SER A UTH ENTIC ATION C OMMANDS 22-14 tacacs-server port This comma nd specifi es the T A CACS + ser v er netwo rk port. Use the no for m to res tore the defau lt. Syntax tacacs-ser ver port port_number no tacacs-ser ver port por t_nu mber - TA CACS+ ser ver TCP p ort u sed for a uthentica tion messages .
W EB S ER V ER C OMMANDS 22-15 Example show t acac s-se rver This comma nd disp lays the curren t setti ngs for the T A CA CS+ ser v er . Default Setting None Command Mode Pri vileged Ex ec Example Web Server Commands This sect ion descr ibes command s used t o conf igure w eb browser manag ement access to the switch.
U SER A UTH ENTIC ATION C OMMANDS 22-16 ip http port This command specifies the TCP p ort number u sed b y the w eb bro w ser interface. Use the no form to use the default port. Syntax ip http por t port-number no ip http por t por t-nu mber - Th e T C P p or t t o be u s ed b y t h e b r o w s e r i n t e r f a c e .
W EB S ER V ER C OMMANDS 22-17 Example Related Commands ip http por t (22-16) ip http secure-server This comma nd ena bles the secure hyp ertext tran sfer pr otocol (HTTPS) over the Sec ure So cket Laye r (SSL), providing secu re acc ess (i. e., an encrypted con nectio n) to th e switc h’ s web in terface .
U SER A UTH ENTIC ATION C OMMANDS 22-18 • The cl ient an d serve r establ ish a secure encrypt ed connec tion. A padloc k icon sh ould appe ar in the st atus bar f or Intern et Explo rer 5.
W EB S ER V ER C OMMANDS 22-19 Default Setting 443 Command Mode Global Configura t ion Command Usage • You cannot con figure the HT TP and HT TPS server s to us e the s ame port .
U SER A UTH ENTIC ATION C OMMANDS 22-20 Telnet Server Comm ands This sect ion de scribes command s used to con figure T elnet management access to the switc h. ip telnet server This comm and allows this device to be monitored or configured from T eln et.
S ECURE S HELL C OMMANDS 22-21 Secure Shell Commands This secti on descr ibes t he comman ds used to config ure the SSH server . Note that you also need to install a SSH client on the manage ment station when us ing thi s prot ocol to co nfigure the sw itch .
U SER A UTH ENTIC ATION C OMMANDS 22-22 Configur ation Guide lines The SSH se r ver on this swit ch su pports both passw ord and pub lic k ey authen ticati on.
S ECURE S HELL C OMMANDS 22-23 1024 35 1341081 68560989392 1040944 9201554253 47631641921 8729589211 43173880 0555361616 31051775940 8386863 1109291232 22682851925 43746031009 3718772119 96963178 1366.
U SER A UTH ENTIC ATION C OMMANDS 22-24 c. If a matc h is found, th e switc h uses its secre t key t o generate a random 256-bit string as a challenge, encryp ts this string with the user’ s publ ic key , and se nds it to th e client.
S ECURE S HELL C OMMANDS 22-25 ip ssh server This comma nd enables the Secu re Shell ( SSH) server on this switc h. Use the no f o rm to di s ab l e th i s s e rvi c e . Syntax [ no ] ip ssh server Default Setting Disabled Command Mode Global Configura t ion Command Usage • The SS H server sup ports up to four client sessions.
U SER A UTH ENTIC ATION C OMMANDS 22-26 ip ssh timeout This comma nd config ures the timeout for the SSH server . Use the no for m to res tore the defau lt setting. Syntax ip ssh timeout seconds no ip ssh tim eout seconds – T he timeo ut for client respon se during SSH neg otiation.
S ECURE S HELL C OMMANDS 22-27 ip ssh authentication-retries This command c o nfi gures the numb er of ti mes th e SSH server attem pts to reauth enticate a user.
U SER A UTH ENTIC ATION C OMMANDS 22-28 Command Usage The se rver key is a pr ivate ke y that is never s hared o utside th e switch . The host key is shared with the SSH client, and is fixed at 1024 bits. Example delete public-key This command deletes the speci fied user’ s public key .
S ECURE S HELL C OMMANDS 22-29 Default Setting Generat es both the DSA an d RSA key p airs. Command Mode Pri vileged Ex ec Command Usage • The switch uses only RSA Version 1 for SSHv1.5 clients and DSA Version 2 for SSHv2 clients. • This c ommand stores th e host key pa ir in memory (i.
U SER A UTH ENTIC ATION C OMMANDS 22-30 Command Mode Pri vileged Ex ec Command Usage • This co mmand clears the host key fr om volatil e memory ( RAM). Use the no ip ss h save host- key command to cl ear the host key from fla sh memory. • The SSH s erver must be d isabled before you can exe cute this command.
S ECURE S HELL C OMMANDS 22-31 show i p ssh This comma nd disp lays the co nnection settin gs used when aut henti cating client access t o the SS H ser v er . Command Mode Pri vileged Ex ec Example show ssh This comma nd disp lays the curren t SSH server connect ions .
U SER A UTH ENTIC ATION C OMMANDS 22-32 show public-key This comma nd sho ws the publi c k ey for th e spe cified user or fo r the ho st. Syntax show public-k ey [ user [ u ser name ]| host ] user name – Name of an SSH user . (Range: 1-8 c haracters) Default Setting Shows all public keys.
S ECURE S HELL C OMMANDS 22-33 Command Mode Pri vileged Ex ec Command Usage • If no p arameters are entered, al l keys are displayed. If the us er keyword is ent ered, but no user name is specified , then the publ ic keys for a ll user s are displayed .
U SER A UTH ENTIC ATION C OMMANDS 22-34 802.1X Port Authentica tion The switch suppor ts IEEE 802.1X (dot1x) port -based access co ntrol that prev ents unauthori zed acces s to t he netw ork by requ i ring users t o first submit crede ntials for authen ticati on.
802.1X P ORT A UTHENTICATION 22-35 dot1x system-auth- control This command enables IEEE 802.1X por t authentication globally on the switch. Us e the no for m to res tore the defau lt.
U SER A UTH ENTIC ATION C OMMANDS 22-36 dot1x max-req This c ommand se ts the maximum number of times the sw itch por t will retransmit an EAP request/identity pack et to the client b efore it times out the au thentica tion session . Use the no for m to rest ore the default.
802.1X P ORT A UTHENTICATION 22-37 Default forc e-auth orized Command Mode Interf ace Configur ation Example dot1x operation-mo de This c ommand allows single or multiple h osts (clients) t o connect to an 802.1X-authorized port. Us e the no form with no k eyw ords to re stor e the default to single host.
U SER A UTH ENTIC ATION C OMMANDS 22-38 • In “mult i-host” mode, only one ho st conne cted to a port needs to pass auth entic atio n for all oth er hos ts to be gr anted networ k access. Simil arly , a port c an become unauth orized for all hosts if one att ached host fails re-authent ication or sends an E APOL logoff message.
802.1X P ORT A UTHENTICATION 22-39 dot1x re-authentication This c ommand enables periodic re -authentication for a specified po rt. Use the no for m to di sable re -authe nticat ion.
U SER A UTH ENTIC ATION C OMMANDS 22-40 Default 60 seconds Command Mode Interf ace Configur ation Example dot1x timeout re-au thperiod This com mand s ets th e tim e pe riod afte r whi ch a co nnected clien t mus t be re-authe nticated. Use the no for m of this co mmand to res et the default.
802.1X P ORT A UTHENTICATION 22-41 dot1x timeout tx-p eriod This c ommand sets the time that an inter face on the switch waits during an authen ticati on sess ion bef ore re-tran smitti ng an EAP p acket. Use the no form to rese t to the defaul t v alue .
U SER A UTH ENTIC ATION C OMMANDS 22-42 Command Usage This c ommand displays the followin g infor mation: • Global 802.1X Parameters – Shows whether or not 802.1X port authentication is glo bally enabled on the switc h. • 802.1X Port Summary – Display s the port ac cess con trol para meters for each interface th at has enabled 802.
802.1X P ORT A UTHENTICATION 22-43 - Port-con trol – Shows the dot1x mod e on a por t as auto, force-aut horized, or force-un authoriz ed (page 22-3 6). - Supplicant – MAC address of authorized client . - Current Id entifier – The integer (0-255) used by the Authentic ator to iden tify the cu rrent auth entica tion ses sion.
U SER A UTH ENTIC ATION C OMMANDS 22-44 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 disabled Single-Host ForceAuthorized n/a .
M ANAGEM ENT IP F ILTE R C OMMANDS 22-45 Manageme nt IP Fil ter Comman ds This secti on descr ibes commands u sed to configu re IP man agement access to the switc h. management This comma nd specifi es the cl ient IP a ddress es that a re allo wed manageme nt acc ess to the swit ch throug h v arious proto cols .
U SER A UTH ENTIC ATION C OMMANDS 22-46 Command Usage • If anyo ne tr ies to access a managem ent int erface on the swit ch from an invalid address, the switc h will reject the connection, en ter an event message in the system log, and sen d a trap mess age to the trap manager.
M ANAGEM ENT IP F ILTE R C OMMANDS 22-47 Command Mode Pri vileged Ex ec Example Console#show management all-client Management Ip Filter HTTP-Client: Start IP address End IP address ----------------------------------------- ------ 1. 192.168.1.19 192.168.
U SER A UTH ENTIC ATION C OMMANDS 22-48.
23-1 C HAPTER 23 C LIEN T S ECURITY C OMMANDS This sw itch suppor ts many method s of seg regatin g traffic for clients attached to each of the d ata por ts, and for ensur ing that only autho rized clie nts gain a ccess to the netw ork. Pri vate VL ANs and port-bas ed authentication using IEEE 802.
C LIENT S ECURITY C OMMANDS 23-2 Port Security Commands These comman ds can be used to enable port security on a port. When using po rt s ecurity , th e switch sto ps lear ning ne w MA C add resses on th e specified por t when it has reached a configured maximum number .
P ORT S ECURITY C OMMANDS 23-3 port security This comma nd enables or co nfigures port security . Use th e no for m with out a ny k eyw ords to dis able po rt securit y . Use the no fo r m with the approp riate k eywor d to re stor e the defa ult setting s for a respon se to securit y violatio n or for th e maximum number of allowed addres ses .
C LIENT S ECURITY C OMMANDS 23-4 Command Usage • If you enable po rt secur ity, the switch st ops learni ng new MA C addres ses on the specified port wh en it has r eache d a config ured maxim um number . Only i ncomin g traffi c with source a ddres ses already stored in the dynamic or static address table will be accepted.
P ACKET F ILTERING C OMMANDS 23-5 Packet Filt ering Co mmand s This secti on descr ibes co mmands u sed to c onfigu re pack et filteri ng for inbound traffic .
C LIENT S ECURITY C OMMANDS 23-6 Default Setting Disabled Command Mode Global Configura t ion Command Usage • Both the spe cified sou rce MAC address an d sourc e IP address for an entry m ust be match ed to satisfy th e filterin g rule. Any pac ket match ing a sp ecified entry i s dropp ed at t he inpu t port.
P ACKET F ILTERING C OMMANDS 23-7 filter netbios This command filt ers NetBIO S 30 p ack ets enterin g the spec ified i nput por t. Syntax filter netbios { add | del } interface • add - Enable s NetBIOS filtering . • del - Disables NetB IOS filtering .
C LIENT S ECURITY C OMMANDS 23-8 • This switc h provides a total of 7 masks for filtering functions, including IP-MA C address packet filt ering, NetBIOS packet filtering, DHCP packet filteri ng, and ACLs. T hree ma sks are al locate d to NetBIOS packet fi ltering if enabled on any inte rface.
P ACKET F ILTERING C OMMANDS 23-9 packet filtering if enabled on any in terface. This mask w ill be released for use by ot her filtering functio ns if DHCP pa cket filtering is disabled on all in terfaces. Example filter dhcp This comma nd filter s DHCP r eply pac kets .
C LIENT S ECURITY C OMMANDS 23-10 for use by ot her filtering functio ns if DHCP packe t filtering is disabled on all in terfaces. Example show f ilte r This comma nd disp lays the pa ck et filt er setti ngs .
IP S OURCE G UARD C OMMANDS 23-11 IP Source Gua rd Commands IP Source Guard is a security f eature that filte rs IP traffic o n netwo rk interfaces based on manually configur ed entries in th e IP Source Guard tabl e, or stati c and dyn amic entr ies in the DHC P Snoopi ng tab le when enabled ( see “DH CP Snoopin g Command s” on p age 23-17).
C LIENT S ECURITY C OMMANDS 23-12 Default Setting Disabled Command Mode Interf ace Configurati on (E thernet) Command Usage • Sourc e guard i s used to filter traffic on an un secure port whi ch rec.
IP S OURCE G UARD C OMMANDS 23-13 found in the bind ing tab le and th e entr y type is static I P source guard binding, the packe t will be forwarded. - If the DHCP sn ooping is enabl ed, IP sour ce guar d will che ck the VLAN ID , source IP addre ss, port nu mber, and sou rce MAC addre ss (for the sip-mac option).
C LIENT S ECURITY C OMMANDS 23-14 ip source-guard bin ding This comman d adds a static add ress to the source -guard b inding table . Use the no for m to remo ve a static entry .
IP S OURCE G UARD C OMMANDS 23-15 - If there i s an entry with s ame VLAN ID and M AC addr ess, and the type o f entr y is stat ic IP s ource gu ard bi nding, then th e new en try will rep lace th e old one.
C LIENT S ECURITY C OMMANDS 23-16 show ip sou rce-guard binding This com mand sh ows the s ource gua rd binding t able . Command Mode Pri vileged Ex ec Example Console #show i p sou rce-gua rd bind in.
DHCP S NOOPING C OMMANDS 23-17 DHCP Snoopi ng Commands DHCP snoo ping allows a sw itch to prot ect a network fr om rogue DH CP ser v ers or other devi ces whic h send port-related in form ation t o a DHCP ser v er . Th is inf or mation ca n be usefu l in trac king an IP address bac k to a ph ysical port.
C LIENT S ECURITY C OMMANDS 23-18 ip dhcp snooping This c ommand enables DHCP snoo ping globally . Use the no for m to restore the default s etting . Syntax [ no ] ip dhcp snooping Default Setting Dis.
DHCP S NOOPING C OMMANDS 23-19 forwarde d for a trus ted port. If the re ceive d pack et is a DHC P ACK message , a dynam ic DHCP s nooping e n try is also added to the bind ing table.
C LIENT S ECURITY C OMMANDS 23-20 from a DHCP ser ver, any p ackets rec eived from u n trust ed ports are droppe d. Example This example enables DHCP snoopin g globally for the switch. Related Commands ip dhcp snooping vlan (23-20) ip dhcp snooping tr ust (23- 24) ip dhcp snooping vlan This comma nd enables DHCP sno oping on the sp ecified V LAN .
DHCP S NOOPING C OMMANDS 23-21 • When D HCP sn ooping i s glob ally en abled, c onfigur ation cha nges fo r specifi c VLANs have th e followi ng effect s: - If DHCP snoo ping is dis abled on a VL AN, all dynamic bindings learned for this VLAN are removed from the bindin g table.
C LIENT S ECURITY C OMMANDS 23-22 Related Commands ip dhcp snooping (23-18) ip dhcp snooping vlan (23-20) ip dhcp snooping tr ust (23- 24) ip dhcp snooping database write This c ommand writes all dynamicall y learned snoo ping entries to f lash memor y .
DHCP S NOOPING C OMMANDS 23-23 Command Usage • This command applie s to all VDSL ports. When set, it will autom atically c o nvert an addres s assi gned to a n attach ed CPE by a DHCP server to a sta tic entr y in the M AC add ress ta ble.
C LIENT S ECURITY C OMMANDS 23-24 acknowledg emen t packets sent by the DHCP ser ver in re sponse t o host requests will be blo c ked by the switch. Example This e xample sets the client lim it to its maximum value on port 5. ip dhcp snooping tr ust This comma nd confi gures the specifie d inte rface as tr uste d.
DHCP S NOOPING C OMMANDS 23-25 • Additional considerations when the switch itself is a DHCP client – The port(s ) throug h which i t submits a client reques t to the D HCP serv er must be confi gure d as tru sted. Example This e xample sets port 5 to untr usted .
C LIENT S ECURITY C OMMANDS 23-26 show ip dhcp snooping binding Th is command shows the DHCP snoopin g binding table en tries . Command Mode Pri vileged Ex ec Example Console #show ip dhc p snoop ing .
24-1 C HAPTER 24 A CCESS C ONTROL L IST C OMMANDS Access Contro l Lists ( A CL) provi de pac ket filterin g for I P frames (based on addres s , protocol , Layer 4 prot ocol po rt numb er or TCP control cod e), or any fra mes (based on MA C addr ess or Ethe rnet type).
A CCESS C ONTR OL L IST C OMMANDS 24-2 IP ACLs The com mands in this sect ion configure ACLs based on IP addresse s , TCP/UDP port num ber , pr otocol t ype , and TCP c ontrol code .
IP AC L S 24-3 access-list ip This command adds an IP access list and enters configuration mode for stand ard or extende d IP A CLs . Use the no for m to remove the specified AC L . Syntax [ no ] access-lis t ip { standard | extended } acl_name • standard – Specifies an A CL that filter s packets bas ed on the source IP addr ess.
A CCESS C ONTR OL L IST C OMMANDS 24-4 permit , deny (Standar d IP ACL) This command adds a r ule to a Standa rd IP A CL. The r ule sets a filter condi tion for packets emanating from the s pecifi ed source .
IP AC L S 24-5 permit , deny (Extended IP ACL) This command adds a r ule to an Exten ded IP A CL. The r ule sets a filter condition for pack ets with sp ecific source or dest ination IP address es , pro tocol type s, sou rce or de stin ation pr otoc ol ports , or TCP control codes .
A CCESS C ONTR OL L IST C OMMANDS 24-6 • control-fla gs – Decima l number ( represen ting a bi t strin g) that sp ecifies flag bits in byte 14 of the TCP head er. (Range: 0-63) • flag-bitmask – Decimal n umber rep resenti ng the c o de b its to ma tch.
IP AC L S 24-7 Example This exampl e accepts any i ncomin g pack ets i f the s ource addre ss is wi thin subnet 10.7.1.x. Fo r example, if the rule is matched; i.e., the r ule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.
A CCESS C ONTR OL L IST C OMMANDS 24-8 Example Related Commands per mit, deny 24 -4 ip access -g roup ( 24-14) access-list ip mask-preceden ce This comma nd cha n ges to the IP M ask mod e used to config ure acce ss control m asks . Use the no form to de lete the ma sk table .
IP AC L S 24-9 Example Related Commands mask (IP A C L) (24-9) ip access -g roup ( 24-14) mask (IP ACL) This command defines a mask fo r IP A CLs. T his mask defines the fields to chec k in the IP header .
A CCESS C ONTR OL L IST C OMMANDS 24-10 Default Setting None Command Mode IP Mas k Command Usage • Packets crossing a port are checked ag ainst all the r ules in th e ACL until a matc h is fou nd. Th e orde r in wh ich th ese pa ckets are ch ecked is determined by the mask, and no t the order in which the ACL rules were en tered.
IP AC L S 24-11 This sho ws that t he entr ies in the mask o verride the pre cedence in whi ch the rules are ente red into the A CL. In the fol lowin g exampl e, pac kets wit h the source address 10.1.1.1 are dr opped be cause th e “deny 10.1. 1.1 255.
A CCESS C ONTR OL L IST C OMMANDS 24-12 This sho ws ho w to cr eate an ex tended A CL with an egress mask to drop packe ts leaving netw ork 171.69.198.0 when the Layer 4 source port is 23. Console(config)#access-list ip extended A 3 Console(config-ext-acl)#deny host 171.
IP AC L S 24-13 This is a mor e compre hensi ve example . It denie s any TCP pac kets i n which the S YN bit is ON, and per mi ts all othe r packets . It then s ets the ing ress mask to check the de ny r ule firs t, and fina lly bind s port 1 to this A CL.
A CCESS C ONTR OL L IST C OMMANDS 24-14 show access-list ip mask-precedence This c ommand shows the ing res s or eg ress r ule masks for IP ACLs . Syntax show access-li st ip mask-precedence [ in | out ] • in – Ingr ess mas k preced ence for i ngr ess ACLs .
IP AC L S 24-15 Command Usage • A por t ca n only be bo und to one AC L. • If a po rt is alread y bound to an ACL and you bind it to a d ifferent ACL, the switc h will replace the old bindin g with the new one. • You must co nfigure a mask fo r an A CL rule be fore yo u can bin d it to a por t.
A CCESS C ONTR OL L IST C OMMANDS 24-16 MAC AC Ls The com mands in this section configure ACLs based on hardware addr esses, packet fo r mat, a nd Ethe r net type.
MAC ACL S 24-17 access-list m ac This command adds a MA C access lis t and enters MA C ACL conf iguration mode. Use the no form to remov e the spec ified A CL.
A CCESS C ONTR OL L IST C OMMANDS 24-18 permit , deny (MAC ACL) This comm and adds a rule to a MA C A C L. The r ule filters packets matching a specified MAC source or destination address ( i.e., ph ysical layer addres s), or Ether net pr otocol ty pe.
MAC ACL S 24-19 • source – Source MAC add ress. • destination – Destinat ion MAC address r ange wi th bi tmask. • address- bitmask 33 – Bitmask for MAC a ddress (in hex ideci mal format). • vid – VLAN ID. (Range: 1-4093) • vid-bitmas k 33 – VLAN bitmask.
A CCESS C ONTR OL L IST C OMMANDS 24-20 show mac access -list This comm and displays the rules for configured MAC ACLs . Syntax show mac access-lis t [ acl_name ] acl_n ame – Name of th e A CL .
MAC ACL S 24-21 Command Usage • You must co nfigure a mask fo r an A CL rule be fore yo u can bin d it to a port or s et the qu eue or frame prio ritie s associa ted with the rule. • A mask ca n only be us ed by all ing ress ACLs or all egress ACL s.
A CCESS C ONTR OL L IST C OMMANDS 24-22 • ether type – Check t he Ethern et type field. • ether type-bi tmask – Ethern et type of rule mus t matc h this bitm ask. Default Setting None Command Mode MA C Mask Command Usage • Up t o seve n mask s can be ass igned to an i ngr ess or e g ress ACL.
MAC ACL S 24-23 Example This examp le sho ws ho w to create an Ingress MA C A CL and bin d it to a port. You can then see t hat th e orde r of the rules ha ve been ch anged by the mas k.
A CCESS C ONTR OL L IST C OMMANDS 24-24 This exampl e creates an Egress MA C A CL. show access-list mac mask-precedence This c ommand shows the ing ress or eg ress r ule masks for MA C A CLs . Syntax show access-li st mac mask-precedence [ in | out ] • in – Ingr ess mas k preced ence for i ngr ess ACLs .
MAC ACL S 24-25 mac access- group Th is comman d binds a port to a MAC A CL . Use the no for m to remo ve the po rt. Syntax mac access-group ac l_na me in • acl_na me – Name of th e ACL. (Ma ximum length : 16 character s) • in – Indicate s that this list applie s to ingress packets .
A CCESS C ONTR OL L IST C OMMANDS 24-26 show mac access -group This com mand sh ows the p orts assign ed to MA C AC Ls. Command Mode Pri vileged Ex ec Example Related Commands mac access-group (24-25) ACL Informatio n This se ction describe s commands used to dis play A CL infor matio n.
ACL I NFOR MATION 24-27 Example show access-group Th is comman d shows the po rt assignment s of IP ACLs . Command Mode Pri vileged Ex ecutive Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255.
A CCESS C ONTR OL L IST C OMMANDS 24-28.
25-1 C HAPTER 25 I NTERFACE C OMMANDS These comman ds are used to displa y or set comm unication paramet ers for an Ethernet port, a g greg ated link, or VLAN .
I NTE RFA CE C OMMANDS 25-2 interface This comma nd confi gures an i nterface type and ente r inter face config uration m ode. Use the no for m to remove a tr unk. Syntax interf ace interface no interface port-channel ch annel -id • interface • ethernet unit / port - unit - Stack un it.
DESC RIPT ION 25-3 description This command adds a des criptio n to an interf ace. Use the no for m to remove the desc riptio n. Syntax description stri ng no description string - Comment or a description t o help you rememb er what is attached to this int erface.
I NTE RFA CE C OMMANDS 25-4 Default Setting • Auto-negotiation is pe rmanently disabled on Ports 1-16, and enabled by default on Ports 17-19. • When auto-nego tia tion is di sabled , the defau lt .
NEGOTIATION 25-5 negotiation This comm and enables autoneg otiation for a given interface. Use the no form to di sable a utonegotiati on. Syntax [ no ] negotiation Default Setting P orts 1-16: Perm an.
I NTE RFA CE C OMMANDS 25-6 capabilities This comm and adv er tises the po rt capabi lities of a giv en interface during auto negotia tion. Use the no for m with parameters to remove an advertise d capability , or the no for m with out paramete rs to restore the default values .
FLOWCONTR OL 25-7 manually specify the link attributes with the speed-duplex and flowc on tro l commands. Example The following examp le configures Ether net por t 5 capabilities to inc lude 100half and 100full. Related Commands nego tiation (25-5) speed-duplex (25-3) flowcontro l (25-7) flowcontrol This command enables flow cont rol.
I NTE RFA CE C OMMANDS 25-8 • To force f low co ntrol on or of f (with the flowcontrol or no flowc on tro l c ommand ), u se the no negotiati on command to di sable auto-negot iation on the selected i nterfac e.
SWITCHPOR T MDIX 25-9 • copper-forced - Always uses the bu ilt-in RJ-45 port. • sfp-forced - Alw ays uses the SFP port (even if modul e not installed). • sfp-preferred-auto - Uses SFP port if both comb ination types are functioning and the SFP port has a valid link.
I NTE RFA CE C OMMANDS 25-10 Command Mode Interf ace Configurati on (E thernet - P ort 17-18) Command Usage Auto-nego tiation must be enabled to use the “auto” opt ion for this comma nd. It must be disabled to force th e pinout set ting to one o f the fixed modes of “no rmal” (MDI) or “cross over” (MDI-X).
SW ITCH PORT PACK ET - RATE 25-11 Example The follo wing exampl e disables port 5. switchport pack et-rate This comma nd config ures broa dcast and multicas t and unkno wn unicast storm control.
I NTE RFA CE C OMMANDS 25-12 Example The following shows ho w to configure broadcast storm control at 600 packets pe r sec ond: clear counters This comma nd clears s tatist ics on an interfa ce . Syntax clear counters interf ace interface • ethernet unit / port - unit - Stack un it.
SHO W IN TER FA CE S STATUS 25-13 show i nterfaces status This comm and displays the status for an interface. Syntax show i nterfaces status [ interfac e ] interface • ethernet unit / port - unit - Stack un it.
I NTE RFA CE C OMMANDS 25-14 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack un it.
SHOW IN TER FA CE S COUNT ERS 25-15 Command Mode Nor mal Exec, Pri v ileged Exec Command Usage If no interface is specified, infor matio n on all interfaces is d isplayed. F or a descriptio n of the it ems dis play ed by t his comman d, see “Showing Port Sta tistics” on pag e 9- 29.
I NTE RFA CE C OMMANDS 25-16 show i nterface s swit chport This comm and displays the administrative and operational status of the specified in terfaces . Syntax show interfaces s witchpor t [ interface ] interface • ethernet unit / port - unit - Stack un it.
SHOW INTERFACES SWITCHPORT 25-17 Table 25-2 show interfaces switchport - display description Field Description Broadcast threshold Shows if broadcast st orm suppression is enabled or disabled; if enabl ed it also shows the threshold level (page 25-11).
I NTE RFA CE C OMMANDS 25-18.
26-1 C HAPTER 26 L INK A GGREGATI ON C OMMANDS P orts can be statically g rouped into an ag g reg ate link (i.e., tr unk) to incre ase the band widt h of a network con nection or to ensu re faul t recover y .
L IN K A GG RE G A T I O N C OMMANDS 26-2 Guidelines for Creating Trunks General Guidelines – • Finish conf i gur ing port trunks before you connect the co rrespon ding network c ables betwe en swit ches to avoi d creat ing a loop. • A trunk can have up to 8 ports.
CHANNEL - GR OUP 26-3 • If the port channel admin key (lac p admin key - Port Channel ) is not set whe n a channel grou p is formed (i.e., it has the null v alue of 0), this key is set to the sam e value a s the port admin key (lacp admin key - Etherne t Inter face) used by the in terfac es that j oined the gro up.
L IN K A GG RE G A T I O N C OMMANDS 26-4 Example The follo wing example creates t runk 1 and then add s port 11: lacp This command enables 802.3ad Link Ag g regation Control Protocol (LA CP) for th e cur rent int erface. Use the no fo rm to disab le it.
LACP 26-5 Example Th e following shows LA CP e nabled on por ts 10-1 2. Becaus e LACP has also bee n enab led on the ports at the oth er end o f the li nks , the show interfaces status por t-channel 1 command sh ows that T r un k1 has been established.
L IN K A GG RE G A T I O N C OMMANDS 26-6 lacp system-priority This comman d configure s a port's LA CP system prio rity . Use the no for m to rest ore t he defau lt sett ing . Syntax lacp { actor | partner } system-priorit y priority no lacp { actor | par tner } system-priori ty • actor - The local side an a ggregate lin k.
LACP ADMI N - KE Y (E THER NET I NTERFACE ) 26-7 lacp admin-key (Ethernet In terfa ce) Th is command configur es a por t's LACP administ ration key . Us e the no for m to res tore the defau lt setting. Syntax lacp { actor | partner } admin-key ke y [ no ] lacp { actor | par tner } admin-k ey • actor - The local side an a ggregate lin k.
L IN K A GG RE G A T I O N C OMMANDS 26-8 lacp admin-key (Port Channel) This command config ures a port ch annel's L A CP administrat ion k ey stri ng .
LACP PORT - PRIO RITY 26-9 lacp port-priority This command c o nfi gures LA CP port priority . Use the no for m to res tor e the de fault settin g . Syntax lacp { actor | partner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The local side an a ggregate lin k.
L IN K A GG RE G A T I O N C OMMANDS 26-10 show l acp This c ommand displays LA CP infor mation. Syntax show lacp [ port-channel ] { counters | inter nal | neighbors | sys-id } • port-channe l - Local identifier for a link aggregation group. (Range: 1-12) • counters - Sta tistics for L ACP protocol me ssages.
SHOW LACP 26-11 Table 26-2 show lacp counters - display descriptio n Field Description LACPDUs Sent Number of valid LACP DUs transmitted from this channel group. LACPDUs Received Number of valid LACPDUs received on this channe l group. Marker S ent Nu mber of vali d Marke r PDUs tran smitted from this channel grou p.
L IN K A GG RE G A T I O N C OMMANDS 26-12 LACPDUs Inter nal Number of seconds before inva lidating received LACPDU information. LACP System Priority LACP system pr iority assigned to this port chan nel. LACP Port Priority LACP port priority assigned to this interface within the channel group.
SHOW LACP 26-13 Console#show lacp 1 neighbors Port channel 1 neighbors ---------------------------------------------------------- --------- Eth 1/1 ----------------------------------------------------.
L IN K A GG RE G A T I O N C OMMANDS 26-14 Console#show lacp sysid Port Channel System Priority Syste m MAC Address ----------------------------------------- -------------------------- 1 32768 00-3 0-.
27-1 C HAPTER 27 M IRROR P ORT C OMMANDS Th is section d escrib es how to mir ror tr affic f rom a sourc e por t to a tar get por t. port monitor This command con figures a mir ror sess ion.
M IR R OR P ORT C OMMANDS 27-2 Command Usage • You can mirror traffic from any so urce port to a destination po rt for real-time analysis. Y ou can then attach a logi c analyzer or RMON prob e to the des tination port and s tudy the tr affic crossin g the sou rce port in a completely unobtrusive manner.
SHOW PORT MONITOR 27-3 Command Usage This comman d disp lays the currently configure d sourc e port, destinat ion por t, and m ir ror mode (i.e., RX, TX , RX/TX).
M IR R OR P ORT C OMMANDS 27-4.
28-1 C HAPTER 28 R ATE L IMIT C OMMANDS This f unction allows t he network manag er to co ntrol the ma ximum rate for traffic transmitted or receiv ed on an interface. Rate limiting is config ured on inte rfaces at the edg e of a network to limit traffic into or out of the network.
R ATE L IMIT C OMMANDS 28-2 rate-limit This c ommand defines the rate limit for a specific interface. Use this command withou t speci fying a rate to res tore th e default rate .
RATE - LIMIT TRAP - INPUT 28-3 rate-limit trap-in put This comma nd sets an SNMP trap if traffic e xc eeds the config ured r ate limit. Use the no for m to restore th e default se tting .
R ATE L IMIT C OMMANDS 28-4 • For fu rther in formatio n on t he type of no tificatio n message s that can be sent by the system, refer to the information about trap and inform messages desc ribed un der the snmp-server ho st comm and on page 21-6.
29-1 C HAPTER 29 VDSL C OMMANDS VDSL com muni catio n para meters can be set f or indi vid ual ports , or multiple parameters can be defined in a profile and applied glob ally to the switc h or to a group of ports . Alar m thr eshold s can b e defi ned in a profi le and then applied globally t o the sw itch or to s elected por ts .
VDSL C OMMANDS 29-2 Long-Reach Ethernet Commands This se ction describes how to configure communication paramet ers for VDSL ports s uch as speci fying d ata ba nd usage plan s , setting n otch es wit.
L ONG -R EACH E THER NET C OMMANDS 29-3 lre max-power Sets the maximum aggreg ate downstream or upstream power GC/IC 2 9-22 lre min-protection Configure s the minimum level of impulse noise protectio .
VDSL C OMMANDS 29-4 lre band-plan This command s ets the frequency ba nds used for VDSL si gnals b ased o n a set of predef i ned plans . Use th e no for m to restor e the default s tatus . Syntax lre band-plan value no lre band-plan val ue – In dex fo r a predef ined b and plan.
L ONG -R EACH E THER NET C OMMANDS 29-5 Example This example sets th e band plan to 998-640-30000. Related Commands show lre (29-79) Ta ble 29- 3 VD SL2 Band Pl ans Index Desig nator Number of Bands Reference Docu ment 3 998-138-8500 Long Reach 3 4 998-138-12000 High Data Rate 4 5 998-640-30000 100/100 6 (US1-3, DS1- 3) G.
VDSL C OMMANDS 29-6 lre option-band This comma nd sets the frequ encies to be us ed for the opt ional Up stream Band 0 (US0). Us e the no for m to rest ore the d efault status. Syntax lre opti on-band va lu e no lre op tion -ban d val ue – Index of pr edefin ed frequ ency bo unds for US0.
L ONG -R EACH E THER NET C OMMANDS 29-7 lre ham-band This c ommand sets t he Handheld Amateur Radio ( HAM) band th at will be blocked to VD SL sign als based on define d freq uencies. Use the no form to restore th e default status . Syntax lre ham-band va lu e no lre ham-band val ue – HAM ba nd mas k.
VDSL C OMMANDS 29-8 4 RFI-BAND04 3.500 - 3.575 MHz ANNEX F 5 RFI-BAND05 3.500 - 3.800 MHz ETSI 6 RFI-BAND06 3.500 - 4.000 MHz T1E1 7 RFI-BAND07 3.747 - 3.754 MHz ANNEX F 8 RFI-BAND08 3.791 - 3.805 MHz ANNEX F 9 RFI-BAND09 7.000 - 7.100 MHz ANNEX F , ETSI 10 RFI-BAND10 7.
L ONG -R EACH E THER NET C OMMANDS 29-9 Example This exam ple s ets a HA M band notc h in the tra nsmitt ed po we r spectrum in the 10.000 - 10.150 MHz transmission band (also called the 30 meter band) .
VDSL C OMMANDS 29-10 • Using a HAM band ma sk preve nts interfe rence with oth er syst ems (e.g., am ateur r adio) that use narrow band tra nsmission in the VDS L frequency band. The selecte d frequency range will not be used to transmit data on the VDSL line.
L ONG -R EACH E THER NET C OMMANDS 29-11 18 RFI-BAND18 10.0 05 - 10.100 MHz Aeronautic al Communications 19 RFI- BAND19 10.1 00 - 10.150 MHz Amateur Radio 20 RFI-BAND20 11.1 75 - 11.400 MHz Aeronautic al Communications 21 RFI-BAND21 11.6 00 - 12.100 MHz DRM Radio 22 RFI- BAND22 12.
VDSL C OMMANDS 29-12 Example This exam ple s ets a HA M band notc h in the tra nsmitt ed po we r spectrum to a vo id inte rference with CB radios . Related Commands show lre region-ham-band (29-65) lre ham-band (29-7) lre psd-breakpoints This command sets t he numb er of fr equency bre akpoints in the PSD mask.
L ONG -R EACH E THER NET C OMMANDS 29-13 PSD Mask required for compliance wit h local regulatio ns, or set mask limit s for ups tream pow er backoff. The meth ods used to cal culate these various PSD masks, and loc al regulations governing the power spectrum used on VDSL lines are all described in I TU-T G.
VDSL C OMMANDS 29-14 Command Mode Global Configura t ion Interf ace Conf igur ation (V DSL P ort) Command Usage • Enter this comman d in gl oba l configurat ion mo de to co nfigure freque ncy break points for all V DSL ports , or in in terfac e mode to configure them for a specific VDSL port.
L ONG -R EACH E THER NET C OMMANDS 29-15 lre psd-value This comm and defi nes a po wer lev el for eac h of the PSD brea kpoints . Use the no for m to restor e the default se tting .
VDSL C OMMANDS 29-16 Example The foll owi ng set s a PSD v alue for th e freque ncy band bo unded by breakpoints 1 and 2 to -20 dBm/Hz on VDSL port 1. Related Commands lre psd-breakpoints (29-12) lre psd-frequencies (29-13) show lre psd (29-67) lre p sd-ma sk-l evel (29- 16) lre psd-mask- level This command sets a pred efined PSD ma sk.
L ONG -R EACH E THER NET C OMMANDS 29-17 • The fo llowi ng table lists the pred efined b and p lans. Example The followi ng specifi es a predefined ma sk based on Anne x F of ITU-T G .
VDSL C OMMANDS 29-18 lre pbo-config Th is command se ts a mask to red uce the p ower spectral d ensity (PSD ) of transm itte d signa ls a t specif ied fr equency breakp oints for upstream power backoff. Us e t he no for m to restore th e default sta tus .
L ONG -R EACH E THER NET C OMMANDS 29-19 • The transceiver will adjust its transmitted signal to con form to the power limitations se t by the lre pbo-config command.
VDSL C OMMANDS 29-20 Command Usage • Enter this command in global con figuration mode to enable upstream power backo ff for all VDSL ports, o r in interface mo de to enable i t for a VD SL po rt. • Upstr eam power backo ff (UPBO) sho uld be config ured when ther e are VDSL conne ctions of differ ent len gths att ached to this swi tch.
L ONG -R EACH E THER NET C OMMANDS 29-21 lre tone This c ommand dis ables VDSL sig nals at fre quencies less than or eq ual to 640 KHz, 1.1 MHz or 2.2 MHz. Use the no for m to res tore th e default setting. Syntax lre tone { tx | rx } va lu e no lre tone { tx | rx } • tx – Do wnstre am band plan.
VDSL C OMMANDS 29-22 Example Th e following disable s all tone be neath 640 kHz on th e upstr eam band plan. Related Commands show lre tone (29-71) lre max-power This command sets the maximum aggreg ate dow nstream o r upstream pow er . Use the no for m to restore th e default s etting .
L ONG -R EACH E THER NET C OMMANDS 29-23 Example The following sets the maximum downstream power on port 1 to 14.5 dBm. lre min-protection This command config ures the minim um level of impulse noise pro tection for all b earer c h ann els . Use the no f orm to rest ore t he def ault sett ing .
VDSL C OMMANDS 29-24 • Note that this p arameter only applies to interleaved channe ls. Refer to ITU-T G.993.2 for a full descrip tion of the methods used to calculate the m inimum leve l of i mpul se no ise pr otecti on. Example lre channel This comma nd sets t he cha nnel mod e to fa st or in terlea v ed.
L ONG -R EACH E THER NET C OMMANDS 29-25 Related Commands lre interleav e-max-delay (29-25) lre interleave-max-delay This comma nd sets t he maxim um in terlea v e dela y .
VDSL C OMMANDS 29-26 Related Commands lre channel (29-24) show lre interleav e-m ax-delay (29-72) lre datarate This comm and specifies the minimum and maximum data rate for dow nstream and ups tream fast or slow (i nterleav ed) channe ls . Use t he no for m to res tore the defau lt setting.
L ONG -R EACH E THER NET C OMMANDS 29-27 Example The fo llowing sets the minimum and maximum data rates for the downstre am fast cha nnel on por t 1. Related Commands show lre rate-adaption (29-75) show lre datarate (29-73) lre rate-set (29-27) lre rate-set This c ommand se ts the maximum inp ut and output data rates for the VDSL po rts.
VDSL C OMMANDS 29-28 Related Commands lre datarate (29-26) lre noise-mgn target This comma nd confi gures the targeted s ignal-to -nois e margin t hat VDSL ports must achieve to successfully c omplete initializ ation. Use the no for m to rest ore t he defau lt sett ing .
L ONG -R EACH E THER NET C OMMANDS 29-29 lre noise-mgn min This comm and con figures the mi nimum acceptab le sign al-to-n oise mar gin. Use the no for m to re store the defa ult setting. Syntax lre noise-mgn min { down | up } value no lre noise-mgn min { down | up } • down – Down stream ba nds.
VDSL C OMMANDS 29-30 lre shutdown Th is comma nd shut s down a V DSL por t. Us e the no f o r m t o r e- e na b le d a por t. Syntax [ no ] lre shutdown Default Setting All VDSL por ts are op erationa.
L ONG -R EACH E THER NET C OMMANDS 29-31 Command Mode Interf ace Conf igur ation (V DSL P ort) Command Usage Use th is command to trouble shoot V DSL conn ection o r perf or mance problems.
VDSL C OMMANDS 29-32 Related Commands lre datarate (29-26) lre retraining This c ommand manually initiates the rate adaptatio n method to find the optimal transmiss ion rate based on e xisting line cond itions . Use the no for m to dis able this fea ture.
L ONG -R EACH E THER NET C OMMANDS 29-33 lre rate-adaption This com mand ena bles aut omati c line r ate adaptati on, wh ich can se t the optimal transmis sion rate based on ex isting line conditio ns .
VDSL C OMMANDS 29-34 Related Commands lre datarate (29-26) show lre rate-adaption (29-75) lre apply This c ommand applies all glo bal VDSL settin gs to each VDSL por t on t he switch or to a specified por t, ove rwriting any previo us settings config ured for specific interfaces .
L INE P RO F I LE C OMMANDS 29-35 Line Profile Commands This se ction describe s how to configure a list o f communication parame ters su c h as da ta rate s and acce ptab le noise margins which can be applie d to all VDSL ports or to a sele cted group of ports .
VDSL C OMMANDS 29-36 line-profile This comm and enters VDSL Line Profile configuration mode. Syntax line -pr ofil e profile-name pr ofile-na me – Name of the profile.
L INE P RO F I LE C OMMANDS 29-37 Example Th e following creates a VDSL line profile name d sout hpor t. Related Commands show lre line-profile (29- 77) lre line-profile This comm and applies a line profile to selected VDSL por ts . Use the no form to restore t he defaul t setti ngs fo r the se lected ports .
VDSL C OMMANDS 29-38 Example The following applies the line profile n amed southpor t to all VDSL por ts . band-plan This command s ets the frequency ba nds used for VDSL si gnals b ased o n a set of predef i ned plans . Use th e no for m to restor e the default s tatus .
L INE P RO F I LE C OMMANDS 29-39 option-band This comma nd sets the frequ encies to be used for optio nal Ups tream Band 0 (US0). Us e the no for m to rest ore the d efault status. Syntax option-band valu e no option-band val ue – Index of pr edefin ed frequ e ncy bound s for US0.
VDSL C OMMANDS 29-40 ham -ba nd This c ommand sets t he Handheld Amateur Radio ( HAM) band th at will be blocked to VD SL sign als based on define d freq uencies. Use the no form to restore th e default status . Syntax ham-band valu e no ham-band val ue – HAM ba nd mas k.
L INE P RO F I LE C OMMANDS 29-41 region-ham-band This c ommand sets the ham radio band that will be bl ocke d to VDSL sign als ba sed on d efine d usage type s . Use the no fo r m to restor e the default status . Syntax region-ham-band va lu e no r egi on-h am -band val ue – HAM band mask f or des ignat ed usage t ype .
VDSL C OMMANDS 29-42 tone This c ommand dis ables VDSL sig nals at fre quencies less than or eq ual to 640 KHz, 1.1 MHz or 2.2 MHz. Use the no for m to res tore th e default setting. Syntax lre tone { tx | rx } va lu e no lre tone { tx | rx } • tx – Do wnstre am band plan.
L INE P RO F I LE C OMMANDS 29-43 Example Th e following disable s all tone be neath 640 kHz on th e upstr eam band plan. Related Commands lre tone (29-21) max-power This command sets the maximum aggreg ate dow nstream o r upstream pow er . Use the no for m to restore th e default s etting .
VDSL C OMMANDS 29-44 min-protect ion This command config ures the minim um level of impulse noise pro tection for all bearer c hannels . Use the no f orm to rest ore t he def ault sett ing . Syntax min-protection { dow n | up } va l ue no max-pow er { down | up } • down – Down stream ba nds.
L INE P RO F I LE C OMMANDS 29-45 Related Commands lre min- protect io n (29- 23) channel This comma nd sets t he cha nnel mod e to fa st or in terlea v ed.
VDSL C OMMANDS 29-46 down/up-max-inter-delay These comm ands se t the maxim um interle av e delay o n a do wnstream/ upstream c hannel. Use t he no for m to resto re the de fault setti ngs to the profil e. Syntax { down | up } - max-inter-delay val u e no { down | up } -m ax-i nte r-del ay • down – Down stream ba nds.
L INE P RO F I LE C OMMANDS 29-47 Related Commands lre interleav e-max-delay (29-25) down/up-fast/s low-max/min-datarate These commands set the maximum/minimum data rate on a fast/slow downs tream/upstream c hannel. Us e the no for m to re store the default settings to the profile.
VDSL C OMMANDS 29-48 Example The fo llowing sets the minimum and maximum data rates for the downstre am fast cha nnel on por t 1. Related Commands lre datarate (29-26) down/up-target-nois e-mgn These .
L INE P RO F I LE C OMMANDS 29-49 Example The following sets an SNR o f 12 dB for the downstream c hannels and 18 dB for the upstream chann els . Related Commands lre noise-mgn targ et (29-28) down/up-min-nois e-mgn These comm ands se t the mini mum acceptable sign al-to-no ise m argin o n a downs tream/upstream c hannel.
VDSL C OMMANDS 29-50 • When ra te adaptation is enabled (see Command Usage, page 29-32), the signal-to -noise ra tio (SNR) is an ind icator of link quality. The switch itself has n o internal functions t o ensure link quality. To ens ure a stable link, you should add a margin to the theoretica l minimum signal-to -noise rat io (SNR) .
A LARM P RO F I LE C OMMANDS 29-51 Alarm Profile Co mmands This s ection desc ribes how to con figur e a lis t of threshold v alues for er ror states which c an be applied all VDS L por ts or to a selected g roup of por ts.
VDSL C OMMANDS 29-52 alarm-profile This comm and enters VDSL Alar m Profile configuration mode. Use the no for m to delete an alarm profile. Syntax [ no ] alar m-profile profile-name pr ofile-na me – Name of the profile.
A LARM P RO F I LE C OMMANDS 29-53 Command Usage First create a profile of VD SL alar m thresholds u sing the other commands described in t his section, then ent er Global Configuration mode to apply th e profile t o all VDSL por ts on the sw itch using the lr e alar m-profile comm and.
VDSL C OMMANDS 29-54 the sta tus of remo te tr ansceivers is obtai ned vi a the embed ded operation channe l (EOC), this information may be unavailable for units that are unreachable via the EOC durin g a line error c ondition. There fore, no t all conditi ons ma y always be included in its curren t status .
A LARM P RO F I LE C OMMANDS 29-55 Command Usage • An Er rored S econd is a one-seco nd inter val cont aining on e or mor e CRC a nomalies, or one or more L oss of Si gnal (L OS) or Lo ss of Framing (LOF) d efects.
VDSL C OMMANDS 29-56 Command Usage This command s ets th e thresh old for th e n umber of s econds d uring which there is l oss of framing within any 15 minute collecti on inter val for perf or mance d ata.
A LARM P RO F I LE C OMMANDS 29-57 notification will be g enerated. (R efer to RFC 3728 for infor mation on this notifica tion messag e.) No more th an one no tification wi ll be sent per int er val. Example The fo llowing sets the LOLs threshold to 15.
VDSL C OMMANDS 29-58 Example The fo llowing sets the LOSs thresh old to 15. thresh-15mi n-lprs This comma nd sets the thres hold fo r Loss of P ower Seconds (LPRs) that can occu r within any gi v en 15 min utes . Use the no for m to rest ore the default se tting .
A LARM P RO F I LE C OMMANDS 29-59 thresh-15min-sess This command sets the thresho ld for S everely E rrored Seconds (SESs) that can occur w ithin any gi ven 15 min utes. Use th e no for m to restore the default se tting . Syntax thresh-15min-sess val u e val ue – Threshold for Severely Er rored Seconds .
VDSL C OMMANDS 29-60 thresh-15min-uas s This comman d sets the thre shold for Unav ailable Sec onds (U AS s) that can occur wi thin an y gi ve n 15 min utes . Use the no for m to restor e the default setting. Syntax thresh-15min- uass val ue val ue – Thre shold for Unav ailable S econds .
D ISPLA YIN G VDSL I NFOR MATION 29-61 Displaying VDSL Inform ation This se ction desc ribes the command s used to display infor matio n on VDSL configuration settin gs , signal status , and communication st atistics .
VDSL C OMMANDS 29-62 show lre band-pl an This command displa ys the frequency b ands us ed for VDSL s ignals . Syntax show lre band-plan [ unit / port ] • unit - Stack un it.
D ISPLA YIN G VDSL I NFOR MATION 29-63 Command Usage • Use t his comm and with out the i nterface pa rameter to displ ay the ba nd plans use d for all VDSL po rts on the s witch, or wi th an inte rface to disp lay the b and plan used for a speci fic port.
VDSL C OMMANDS 29-64 Command Usage • Use this command w ithout the in terface parameter to display the optiona l US0 ba nd used for all VDSL ports on the sw itch, or with an interfac e to di splay th e option al band used for a specific port.
D ISPLA YIN G VDSL I NFOR MATION 29-65 Example This example shows that the HAM band in the 1.810 - 1.825 MHz range is bloc ked to VDSL si gna ls for P ort 1. Related Commands lre ham-band (29-7) show lre region-ham-band This c ommand displays the HAM radio band th at is blocked to VDSL sign als ba sed on define d usage ty pes .
VDSL C OMMANDS 29-66 Command Usage • Use this command w ithout the in terface parameter to display the HAM band usage filter used for al l VDSL port s on the switc h, or with an interface to display the filter used for a specific po rt.
D ISPLA YIN G VDSL I NFOR MATION 29-67 Related Commands lre region-ham-band (29-9) show lr e psd This comm and displays the pow er level set for each of the PSD break points. Syntax show lre psd [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber.
VDSL C OMMANDS 29-68 Related Commands lre psd-breakpoints (29-12) lre psd-frequencies (29-13) lre psd-v alue (29-15) show lre psd-mask-level This command displa ys the prede fined PSD mas k config ured for an interface. Syntax show lre psd-mask-lev el [ unit / port ] • unit - Stack un it.
D ISPLA YIN G VDSL I NFOR MATION 29-69 Command Usage • Use this command w ithout the in terface parameter to display the predefi ned PSD mask use d for a ll VDSL ports on the switc h, or w ith an interface to display it used for a specific port.
VDSL C OMMANDS 29-70 Example This example shows that t he UPBO mask used for all u pstream traffic . Related Commands lre pbo-config (29-18) show lre upbo This co mmand sh ow s if upstream p o wer bac koff is enabl ed or disabl ed. Syntax show lre upbo [ uni t / port ] • unit - Stack un it.
D ISPLA YIN G VDSL I NFOR MATION 29-71 transceiver will automatically control upstre am power backoff based on def aul t va lues se t by the DSP engi ne.
VDSL C OMMANDS 29-72 Related Commands lre tone (29-21) show lre interleave-max-delay This comm and d ispla ys th e maxim um interlea ve-dela y that can be use d for downs tream and upstr eam channels . Syntax show lre interleave-max- delay [ unit / port ] • unit - Stack un it.
D ISPLA YIN G VDSL I NFOR MATION 29-73 show lre datarate This comm and displays the minimum and maximum data rate for dow nstream and ups tream fast or slow (in terleav ed) channe ls . Syntax show lre interleave-delay [ unit / por t ] • unit - Stack un it.
VDSL C OMMANDS 29-74 show lre noise-mgn This comm and displays the targeted signal-to- noise margin that VDSL ports must achiev e to successfully complete initialization. Syntax show lre noise-mgn [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber.
D ISPLA YIN G VDSL I NFOR MATION 29-75 show lre rate-adaption This c ommand shows if line rate adap tation which sets the optim al transmission rate based on existing line condi tions is enabled or disabled. Syntax show lre rate-ad aption [ unit / port ] • unit - Stack un it.
VDSL C OMMANDS 29-76 show lre config This comma nd sh ows the VD SL config uratio n sett ings for an interface . Syntax show lre config [ unit / po rt ] • unit - Stack un it.
D ISPLA YIN G VDSL I NFOR MATION 29-77 Related Commands lre apply (29-34) show lre line-profile This comm and displays a specified line profile which may be applied sele cted VD SL por t s . Syntax show lre li ne-profile [ profile-name ] pr ofile-na me – Name of the profile.
VDSL C OMMANDS 29-78 Related Commands line-profile (29-36) lre line-profile (29-37) show lre alarm-profile This comm and displays a specified alar m profile which may be applied sele cted VD SL por t s . Syntax show lre alarm-profile [ pro fil e-na me ] pr ofile-na me – Name of the profile.
D ISPLA YIN G VDSL I NFOR MATION 29-79 show l re This comm and displays the communication status of th e VDSL line. Syntax show lre un it / port • unit - Stack un it.
VDSL C OMMANDS 29-80 show lre phys-info This comm and displays ph ysical layer infor mation about the VDSL line. Syntax show lre phys- info unit / port • unit - Stack un it.
D ISPLA YIN G VDSL I NFOR MATION 29-81 Example show lr e rate-in fo This comm and displays rate infor mation for the VDSL line. Syntax show lre rate-inf o [ unit / port ] • unit - Stack un it.
VDSL C OMMANDS 29-82 Example show lr e perf Th is command displays pe rfor man c e infor mation inc luding common error condit ions o ver pr edefined intervals for the V DSL line . Syntax show lre perf [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber.
D ISPLA YIN G VDSL I NFOR MATION 29-83 Command Usage Use this com mand wit hout the in terface par ameter to s how perfor mance infor m ation for a ll VDSL po rt s on the sw itch, or wi th an interface to display this infor mation for a specific port.
VDSL C OMMANDS 29-84 Loss of power Number of s econds during which there was loss of power Errored seconds Number of seconds during which there was one or more CRC anom alies, o r one or more Loss of .
D ISPLA YIN G VDSL I NFOR MATION 29-85 Ethernet Tr ansmit Performa nce Counters Frames Number of frames (unicast, broadcast and multicast) transmitted. Bytes Number of bytes of data tr ansmitted onto the net work. This statist ic can be used as a reasonabl e indicat ion of E thernet utilization.
VDSL C OMMANDS 29-86 CPE Co nfig urat ion This sec tion de scri bes operat ion and maint enance (O AM) functi ons for rem ote customer premises equipment (CPE), in cluding upg rading fir mware. oam local clear counter Th is comma nd clea rs stat istical da ta (in VDSL chip) for a specified VDSL por t.
CPE C ONFIGURATION 29-87 Example efm remo te e epr om-w rite This command enables fi r mw are upgrade on the CPE. Syntax efm remote eepro m-write { ena ble | disable } Default Setting Disabled Command.
VDSL C OMMANDS 29-88 Example This examp le sho ws ho w to co py BME fir mwar e for CPEs to a r eserved buffer on th e switch, copy th is fir mware to a rem ote CPE, and then activate the new fir mw are.
CPE C ONFIGURATION 29-89 Console#configure Console(config)#interface ethernet 1/16 Console(config-if)#oam remote upgrade firmware Console(config)#end Console#show cpe-info 1/16 Protocol ID: Ikanos EO C Protocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffffffff (HEX), -1 (DECIMAL) Host Application Version: 7.
VDSL C OMMANDS 29-90 Related Commands oam remote upgrade fir mware (page 29-90) oam remote firmware active (page 2 9-90) oam remote upgrade firm ware This comma nd copies BME firmware to the CPE. Command Mode Interf ace Configur ation Command Usage • BME in dicates the B urst Mo de Eng ine used for digital si gnal proce ssing.
CPE C ONFIGURATION 29-91 Command Usage • BME in dicates the B urst Mo de Eng ine used for digital si gnal proce ssing. • This command activates th e firmware version currently in inactive state. It can ther efore be us ed to activate t he firmware vers ion copi ed to the CP E by the o am remote upgrade firmware command (page 29-90).
VDSL C OMMANDS 29-92 Example Console#show c pe-info 1/1 Protocol ID: Ikanos EOC P rotocol Protocol Versi on - Major: 01 Protocol Versi on - Minor: 01 Vendor ID (Val ue): ffff ffff (HEX) , -1 (DECIMAL) Host Applicati on Version: 7.2.5r7I K104012 BME Firmware V ersion: Firmwa re-VTU-R:7.
30-1 C HAPTER 30 A DDRESS T ABLE C OMMANDS These comma nds are used to config ure the ad dress t able for filter ing speci fied add resse s , display ing current entrie s, clear ing the ta ble, or set ting the agin g time.
A DDR ES S T ABL E C OMMANDS 30-2 mac-add ress-ta ble static This c ommand maps a static address to a destination port in a VLAN . Use the no for m to remov e an address . Syntax mac-address-tabl e static mac-address interface interface vlan vlan-i d [ action ] no mac-address-table sta tic mac-address vlan vlan-id • mac-address - MAC a ddress .
CLEAR MAC - ADDR E SS - TAB LE DYNAMI C 30-3 • A stat ic addres s cann ot be le arned on anot her por t until th e addr ess is removed with the no form o f this command.
A DDR ES S T ABL E C OMMANDS 30-4 show mac-address -table This c ommand shows classes of e ntries in the bridg e-forwarding database. Syntax show mac-address-ta ble [ addr ess mac-address [ mask ]] [ interf ace interface ] [ vlan vl an-i d ] [ sort { addr ess | vl an | interfa ce }] • mac-address - MAC a ddress .
MAC - ADDRESS - TABL E AGING - TIME 30-5 • T he maximum number of addr ess entries is 8191. Example mac -ad dres s-ta ble agin g-ti me This co mmand sets the aging time for en tries in the add ress table. Use the no for m to res tore the d efault aging tim e.
A DDR ES S T ABL E C OMMANDS 30-6 show mac-address -table aging-time This c ommand shows the aging time for en tries in the address table. Default Setting None Command Mode Pri vileged Ex ec Example Console#show mac-address-table aging-time Aging time: 300 sec.
31-1 C HAPTER 31 S PANNING T REE C OMMANDS This secti on inc ludes com mands t hat con figure the Spann ing T ree Alg orithm (STA) globa lly for the switch, and comm ands that co nfigure ST A for the selected i nterface .
S PANNING T RE E C OMMANDS 31-2 revision C onfigures the revis ion number for the multiple spanning tree MST 31-14 max-hops C onfigures the m aximum number of hops al lowed in t he region before a BPD.
S PANNING - TR EE 31-3 spanning- tree This comma nd ena bles the Spanning T ree Algorith m globa lly fo r the switch. U se the no form to disable it. Syntax [ no ] spanning-tree Default Setting Spanning tree is enabled.
S PANNING T RE E C OMMANDS 31-4 spanning- tree mode This comma nd sele cts th e spannin g tree m ode f or this s witch . Use t he no for m to res tore the defau lt. Syntax spanning-tree mode { stp | rst p | mstp } no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.
S PANNING - TREE FO RW AR D - TIME 31-5 restarts th e migration de lay timer and begins using RSTP BPDUs on th at port . • M ultipl e Spannin g Tree Pr otocol - To allow multiple s panning trees to .
S PANNING T RE E C OMMANDS 31-6 Command Usa ge This c ommand sets the maximum time (in second s) the root device will wai t befo re cha n ging states (i.e ., discard ing to l earning to forw ardin g). This dela y is requir e d becau se ev er y devi ce m ust recei v e information about to pology changes before it s tarts to forwa rd frames .
S PANNING - TR EE MAX - AGE 31-7 Related Commands spanni ng-tree forward-time (31-5) spanning-tree max-age (31-7) spanning-tree max-age This comman d confi gures t he spanni ng tree bridge maxim um age globally for this switch. Use the no for m to res tore the defau lt.
S PANNING T RE E C OMMANDS 31-8 Related Commands spanni ng-tree forward-time (31-5) spanni ng-tree hello-time (31 -6) spanning- tree priority This comm and configures the spanning tree priority globally for this switch. U se the no form to restore the default.
S PANNING - TR EE PATHCOST METHOD 31-9 spanning-tree pathcos t method This command config ures the pat h cost method u sed for Rapi d Spanning T ree and Multip le Spanning T re e .
S PANNING T RE E C OMMANDS 31-10 spanning-tree transm ission-limit This comman d configur es the m inim um interval bet ween the tran smissi on of cons ecuti v e RSTP/MSTP BP DUs . Use the no for m to rest ore the defau lt. Syntax spanning-tree transmi ssion-limit count no spanning-tree transmission-limit count - T he transmission limit in seconds.
MST VLAN 31-11 Related Commands mst vlan (31-11) mst priority ( 31-12) name (31-13) revision (31-14) max-hops (31-14) mst vlan This command a dds VLANs to a sp anning t ree ins tance . Use t he no for m to remove the sp ecified VLANs. Using the no for m with out any VLA N paramete rs to remove all VLANs .
S PANNING T RE E C OMMANDS 31-12 instan ce (on eac h bridge) with the s ame set of VLA Ns. Also, n ote that RSTP treat s each MSTI re gion as a si ngle node, connect ing a ll regi ons to the Common Span ning Tree. Example mst priorit y This comma nd config ures the p riori ty of a s panning tree i nstance .
NAME 31-13 Example name This comm and configures the name for the multiple spann ing tree region in which this switch is loca ted. Use the no form to clear t he name .
S PANNING T RE E C OMMANDS 31-14 revision This comm and configures the revision number for this m ultiple spann ing tree configuration of th is switch. Use the no for m to rest ore the d efault. Syntax revision number number - R evision number o f the spanning tree.
SP AN N IN G - TR EE S PANNING - DISAB LED 31-15 Default Setting 20 Command Mode MST Configuration Command Usage A n M S T I r e g i o n i s t re a te d a s a si n g le n o d e b y t h e ST P an d R S T P protoc ols . Th erefore, the messag e ag e for BP DUs inside an MSTI region is nev er changed.
S PANNING T RE E C OMMANDS 31-16 Example Th is example d isables the spa nning tre e alg orith m for por t 5. spanning-tree cos t This comma nd config ures the spannin g tree p ath cos t for th e specifi ed interface. Use the no form to res tore the defaul t auto -configur ati on mo de .
S PANNING - TR EE COST 31-17 Default Setting By defa ult, the sy stem aut omati cally dete cts th e speed and d uplex mode used o n eac h port, and configures th e path cost ac cording to the v alues s h o w n b e l o w . P a t h c o st “ 0 ” i s u s e d t o i n di c a t e a u t o - c o n f i g u r a t i o n mode.
S PANNING T RE E C OMMANDS 31-18 spanning- tree port-priority This command configures the pr iority for t he spec ified int erface. Use th e no for m to r estore th e default. Syntax spanning-tree por t-priority priority no spanning-tree por t-priority prior ity - The priority for a port.
SP AN N IN G - TR EE PORTFAST 31-19 Default Setting Disabled Command Mode Interfac e Confi guration (E thern et, P or t Channel) Command Usage • You can enable t his option if an int erface is at tached to a LAN segment t hat is at the en d of a brid ged LA N or to an en d node.
S PANNING T RE E C OMMANDS 31-20 Command Mode Interf ace Conf igur ation (E thernet, P ort Channel) Command Usage • This command is used to en able/dis able the fast sp anning-t ree mode for the sele cted port. In this mo de, ports skip th e Discarding and Learnin g states, and pro ceed st raight t o Forward ing.
S PANNING - TR EE LINK - TYPE 31-21 spanning-tree link- type This command configures the link t ype for Rapi d Spannin g T ree and Multiple Spanning T ree.
S PANNING T RE E C OMMANDS 31-22 spanning- tree mst cost This comma nd confi gures the path co st on a spanni ng inst ance in t he Multiple Spanning T ree.
S PANNING - TR EE MST PORT - PRIO RITY 31-23 should be assig ned to interfa ces atta ched to faster m edia, and h igher values assi gned to interfa ces with slower m edia. •U s e t h e no spanning-tre e mst cost command to specify auto -configu ration mode.
S PANNING T RE E C OMMANDS 31-24 Where m ore than one i nterface i s assig ned the high est prio rity, the interface with lowes t numeric identifier will be enabled . Example Related Commands spanning-tree mst cost (31-22) spanning-tree protocol-m igration This com mand re-c hecks the appropr iate BPDU format to send on the sele cted in terfa ce.
SHOW S PANNING - TR EE 31-25 Example show spa nning-t ree This com mand sh ows the co nfigur ation for th e comm on span ning tr ee (CST) or for an instance with in the multiple spanning t ree (MST). Syntax show spanning-tree [ interfac e | mst instance_id ] • interface • ethernet unit / port - unit - Stack un it.
S PANNING T RE E C OMMANDS 31-26 descripti on of the items displayed for sp ecific interfaces, see “Dis playin g Int erface Set tings” o n page 1 2-13.
SHOW S PANNING - TR EE MST CONFIGURATION 31-27 show spanning-t ree mst configuration This comm and shows the configuration of the multiple spanning tree.
S PANNING T RE E C OMMANDS 31-28.
32-1 C HAPTER 32 VLAN C OMMANDS A VLAN is a g roup of port s that ca n be locate d anywhe re in the network, but co mmuni cate as th ough th ey belo ng to the sam e ph ysical s egment.
VLAN C OMMANDS 32-2 GVRP and Bridge Extens ion Commands GARP VLA N Registration P rotocol d efines a wa y for swit ches to exc h ange VLAN info rm ation in order to automat ically register VLAN members on in terface s across the net w ork.
GVRP AND B RIDGE E XTENSION C OMMANDS 32-3 Command Usage GVRP defines a way for switches to exchange VLAN infor mation in order to register VL AN membe rs on por ts ac ross the n etwork. This function sh ould be enab led to per mit automatic VLA N registra tion, and to suppor t VLAN s which exten d beyond the local s witch.
VLAN C OMMANDS 32-4 swit chport gvrp This command enables G VRP for a p ort. Use the no form to disab le it. Syntax [ no ] s w i t ch po rt gv rp Default Setting Disabled Command Mode Interf ace Conf igur ation (E thernet, P ort Channel) Example show gvrp configuration This comm and shows if GVRP is enabled.
GVRP AND B RIDGE E XTENSION C OMMANDS 32-5 garp timer This comm and sets the values for the join, leave and leav e all timers . Us e the no for m to restore th e timers’ defau lt values . Syntax gar p timer { jo in | leave | le aveall } timer_value no gar p timer { join | leav e | lea vea ll } •{ join | leave | lea veal l } - Timer to se t.
VLAN C OMMANDS 32-6 Example Related Commands show gar p timer (32-6) show garp timer This comma nd sho ws the GARP ti mers f or th e selec ted inter face . Syntax show garp timer [ inte rfa ce ] interface • ethernet unit / port - unit - Stack un it.
E DIT ING VLAN G RO U P S 32-7 Editing VLAN Groups vlan database This c ommand enters VLAN d atabase mode. All commands in this mode will take effect immediately . Default Setting None Command Mode Global Configura t ion Command Usage • Use the VLA N databa se command m ode to add, change, an d delet e VLANs.
VLAN C OMMANDS 32-8 vlan This command configures a VLAN . Use the no for m to restore the default settings or de lete a VLAN . Syntax vlan vlan-id [ name vlan-name ] media ether net [ state { act ive | susp end }] no vlan vla n-id [ name | state ] • vlan -id - ID of co nfigured VLAN.
C ONFIGURING VLAN I NTERFACES 32-9 Related Commands show vlan (32-16) Configuring V LAN Interfaces interface vlan This comma nd enter s interfac e config uration mode for VLANs, which is used to confi gure VLAN paramete rs for a ph ysical in terface .
VLAN C OMMANDS 32-10 Default Setting None Command Mode Global Configura t ion Example Th e following exa mple shows how to set the in terfac e configur ation mode to VLAN 1, an d then a ssign an IP address to the VLAN: Related Commands shutdown (25-10) switchport mode This comma nd confi gures the VLAN m embership mode fo r a port.
C ONFIGURING VLAN I NTERFACES 32-11 Example Th e following shows how to se t the con figurat ion mode t o port 1, and then se t the swit chport mo de to hybrid: Related Commands switchport accept able-frame-types (32-11) switch port acceptable-frame- types This comma nd confi gures the acceptabl e frame ty pes fo r a port.
VLAN C OMMANDS 32-12 Related Commands switchpor t mode (32-10) switchport ingres s-filtering This c ommand enables in gress filt ering for an i nterface .
C ONFIGURING VLAN I NTERFACES 32-13 switchport native vlan This c ommand configu res the PV ID (i.e., default V LAN ID) for a p ort. Use the no for m to restore the default. Syntax swi tchpor t nativ e vlan vlan- id no switchpor t nativ e vlan vlan-id - Default VLAN ID fo r a port.
VLAN C OMMANDS 32-14 switchport allowed vlan This comma nd config ures VLA N g roup s on the s electe d inter face . Use the no for m to resto re the default . Syntax swi tchpor t allo wed vlan { add vl an- list [ tagged | untagged ] | rem o ve vlan- list } no switchpor t allo wed vlan • add vlan-lis t - Li st of VLAN identifier s to add.
C ONFIGURING VLAN I NTERFACES 32-15 • If a VLAN on the forbidden list for an interface is manually added to that inte rface, the VL AN is autom atically removed from the forbidden list for that int erface.
VLAN C OMMANDS 32-16 Example Th e following example shows how to pr event por t 1 fro m being ad ded to VLAN 3: Displaying VLAN Inform ation This se ction describe s commands used to dis play VLAN infor mation. show v lan This command s hows VLAN infor mation.
C ONFIGURING P RI VATE VLAN S 32-17 Example Th e following example shows how to di splay infor mation fo r VLAN 1 : Configuring P rivate VLANs Pri vat e VLANs p rov ide po rt-based securit y and isolati on betw een ports with in the as sign ed VLAN . This section descr ibes co mmands u sed to config ure private V lANs.
VLAN C OMMANDS 32-18 Default Setting No priv ate VLANs are defin ed. No default g roup exists. Command Mode Global Configura t ion Command Usage • A private VLA N provide s por t-based s ecurity an d is olatio n betw een ports wit hin the VLAN. Data traffic on the d ownlin k port s can only be forw arded to , and f rom, t he upli nk po rt.
C ONFIGURING P RI VATE VLAN S 32-19 show p vlan This comma nd disp lays the co nfigure d pri va t e VL AN . Command Mode Pri vileged Ex ec Example This exampl e sho ws the info r matio n displ aye d when no group i s defined. This exampl e sho ws the in for matio n disp laye d a group is defin ed.
VLAN C OMMANDS 32-20 Configuring Protocol-based VLANs The ne tw ork devices r equired to support m ulti ple pr otoc ols can not be easily g rouped into a common VLAN . Th is may require non-standard devices to pass traffic betw een diff erent VL ANs in order to enco mpass all the devices par ticipating in a specific protocol.
C ONFIGURING P RO T OC OL - BASE D VLAN S 32-21 3. Then map the protoco l for eac h interface to the appr opriate V LAN using th e protocol-vlan protocol-gr oup comma nd (Int erface Configuration m ode). protocol-vlan protocol-gr oup (Configuring Groups) This com mand crea tes a protoco l group , or to add speci fic pro tocol s to a gro up .
VLAN C OMMANDS 32-22 protocol-vlan protocol-gr oup (Configuring Interfac es) Th is comman d maps a pr otoco l gr oup to a VL AN for the c ur rent interface.
C ONFIGURING P RO T OC OL - BASE D VLAN S 32-23 Example Th e following exam ple maps the tr affic ente ring Port 1 which matche s the protoc ol type specif ied in proto col g roup 1 to VLAN 2. show protocol-vlan protocol-group Th is comman d shows t he fram e and pro tocol type as sociat ed with protoc ol g r oups.
VLAN C OMMANDS 32-24 show interfaces protoc ol-vlan protocol-gro up Th is comman d shows the ma pping fro m protoc ol g roups to VL ANs for the se lected interfaces . Syntax sho w int erfaces protoc ol-v lan prot ocol -group [ interface ] interface • ethernet unit / port - unit - Stack un it.
C ONFIGURING IEE E 802. 1Q T UNNELING 32-25 Configuring I EEE 802.1Q Tunneling QinQ tunneling uses a single Se rv ice Pro vider VLAN (SPVLAN) for custom ers w ho hav e mult iple VLA Ns .
VLAN C OMMANDS 32-26 5. Configur e the QinQ tunn el port to j oin the SPVLAN a s an unta g ged member ( switchport allowed vlan , page 32-14). 6. Configu re the SPVLA N ID as the na tive VID on th e QinQ tun nel por t ( switchport native vlan , pag e 32-13).
C ONFIGURING IEE E 802. 1Q T UNNELING 32-27 • T he packe t must have a standard ethertype value of 0x8100 for this command to take effect. Otherwi se, the priority bits in the ou ter tag are s et to z ero.
VLAN C OMMANDS 32-28 to the servi ce pr ovider ’s out er ta g. The T ag Prot ocol I dentif ier ( TPID) of the tu nnel por t is us ed for the o uter tag . Th e default is for the standard ethertype v alue 0x8100, but ma y be chan ged to a non-s tandard v alue using the s witchpor t dot1q-etherty pe comma nd (pag e 32-29).
C ONFIGURING IEE E 802. 1Q T UNNELING 32-29 switchport dot1q-ethertype This command sets t he T ag Protocol Identifi er (TPID ) val ue of a t unnel port. U se the no for m to res tore the d efault set ting . Syntax swi tchpor t dot1q-ether type tpi d no switchpor t dot1q-etherty pe tpi d – Set s the et hertype v alue for 802.
VLAN C OMMANDS 32-30 Example Related Commands show int erfaces switchpor t (page 25-16) Configuring V LAN Swapping QinQ t unnel ing uses double tagging to pre s erve t he custo mer’s VL AN tags on traffi c cross ing the service p rovider’ s netw ork.
C ONFIGURING VLAN S WAPP IN G 32-31 uplink po rt (us ing the comma nd paramete rs – input VLA N ID , output VLAN ID , and uplink interface). 3. Enter I nterface C onfiguratio n mode for th e uplink .
VLAN C OMMANDS 32-32 • VLAN swappi ng on ly supp orts one-to -one mapping of VLA N IDs between a V DSL port and a n uplink port. • V LAN IDs must be ma pped for both the u pstre am and do wnst ream directio n. • T he maximum number of VLAN swap e ntries is 64 per port groups 1-8, 9-16, 17, and 18.
C ONFIGURING VLAN S WAPP IN G 32-33 Example Console#show vlan swap vlan-swap enable ethernet 1/1 invlan outvlan outport 1 100 1/18 ethernet 1/18 invlan outvlan outport 100 1 1/1 Console#.
VLAN C OMMANDS 32-34.
33-1 C HAPTER 33 C LASS OF S ERVICE C OMMANDS The com mands described in this se ction allow you to specify which data pack ets hav e greater precede n ce wh en traffic is buffer ed in the switc h due to co nges tion. T his s witch supp orts CoS w ith eig ht pr iority q ueues for each port.
C LASS OF S ER VICE C OMMANDS 33-2 priority bits This command sets the priority bi ts in the VLAN tag of pack ets sent by the CPU . Use the no for m to restore th e default v alue .
P RIORITY C OMMANDS (L AYER 2) 33-3 Levels,” on page 33-8 for information on how CoS values are mapped to the ou t put queues. Example queue mode This c ommand sets th e queue mod e to strict prior ity , W eight ed R ound- R obin (WR R), or a combin ation of bo th for t he clas s of service (CoS) pr iority qu eues .
C LASS OF S ER VICE C OMMANDS 33-4 • Weighted Round-Ro bin (WRR) specifies a relat ive weight of each queue that de termines the pe rcentag e of servi ce time t he swit ch services each queue before moving on to the next que ue. This prevents the head -of-line b locking that can o ccur wit h strict p riority queuing.
P RIORITY C OMMANDS (L AYER 2) 33-5 Related Commands priority bits (33-2) priority ipv6 (33-17) show q ueue mode This comma nd sho ws the current queu e mode . Default Setting None Command Mode Pri vileged Ex ec Example switchport prior ity default This comma nd sets a prior ity for incomi ng untagged frames .
C LASS OF S ER VICE C OMMANDS 33-6 Command Usage • The precedence fo r priorit y mapping i s IP Port, IP Prece dence or IP DSCP , and def ault swit chport priorit y. • T he defaul t priority a pplies for an untagged frame rec eived on a port set to ac cept all frame ty pes (i.
P RIORITY C OMMANDS (L AYER 2) 33-7 queue bandwidth This c ommand as signs weight ed round-r obin (WRR) weight s to the e ight class of service (CoS) priori ty queues , or spe cifies a h igh-pr iorit y queue when the queue m ode is se t to hyb rid. Use t he no fo r m to restore the defau lt weights.
C LASS OF S ER VICE C OMMANDS 33-8 Example This exampl e assig n WRR w eights to pri ority queues 0-5, and s trict p riority to queues 6 and 7: Related Commands queue mode (33-3) sho w queue bandwid th (33- 9) queue cos-map This c ommand assign s class of ser vice (Co S) values to the prio rity queu es (i.
P RIORITY C OMMANDS (L AYER 2) 33-9 Command Mode Interfac e Confi guration (E thern et, P or t Channel) Command Usage CoS values as signed at the ingre ss port are al so used at the egress p ort. This comman d sets the Co S priority for all interfaces.
C LASS OF S ER VICE C OMMANDS 33-10 Example show queue cos-map This com mand sh ows the class of service prior ity map . Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber.
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-11 Priority Commands (Layer 3 and 4) This section descr ibes com mands u sed to con figure L ayer 3 and La yer 4 traffi c priority on the switch.
C LASS OF S ER VICE C OMMANDS 33-12 map ip port (Global Configuration) This comman d enables IP port mapp ing (i.e., class of ser vice mapping for TCP/UDP so ck ets).
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-13 Command Mode Interfac e Confi guration (E thern et, P or t Channel) Command Usage • The precedence fo r priorit y mapping i s IP Port, IP Prece dence or IP DSCP , and def ault swit chport priorit y. • Up to 8 entr ies can be speci fied fo r IP Port priorit y mappin g.
C LASS OF S ER VICE C OMMANDS 33-14 Example The follo wing example sho ws ho w to enable I P prec edence ma pping globally: map ip precedence (Interface Configuration) This command sets IP precedenc e priority (i.e., IP T ype of Ser vice prio rity ). Use the no for m to restore the default table .
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-15 Example Th e following example shows how to map IP prec edence v alue 1 to CoS va lu e 0: map ip dscp (Global Configuration) This comm and enables IP DSCP mapping (i.e., Differentiated Ser vic es Code Point mapping).
C LASS OF S ER VICE C OMMANDS 33-16 map ip dscp (Interface Configuration) This comm and sets IP DSCP priority (i.e., Differentiated Ser vices Code P o int priority). Use the no form to re stor e the def aul t tab le . Syntax map ip dscp dscp-v alue cos cos-value no map ip dscp • dscp-va lue - DSCP value.
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-17 Example The follo wing example show s ho w to ma p IP DSCP v alue 1 to Co S v alue 0: priority ipv6 This command assigns IPv6 traffic classes t o one of the Class -of-Service v alues . Use the no for m to restor e the defa ult setting.
C LASS OF S ER VICE C OMMANDS 33-18 Example The follo wing ex ample map s the T raffic Class v alue of 1 to CoS v alue 0: show map ip por t Th is command shows the IP p ort priority ma p . Syntax show map ip port [ in terface ] interface • ethernet unit / port - unit - Stack un it.
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-19 show map ip precedence This comma nd sho ws the IP pr ecedence prio rity map . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber.
C LASS OF S ER VICE C OMMANDS 33-20 show map ip dscp This comm and shows the IP DSCP priority map . Syntax show map ip dscp [ inte rface ] interface • ethernet unit / port - unit - Stack un it.
34-1 C HAPTER 34 Q UALITY OF S ERVICE C OMMANDS The com mands described in this section are used to configure Different iated Services (DiffServ) classification criter ia and service policie s . Y ou can c lassify t raffic b ased on a ccess lists , IP Precedence or DSCP value s , or VLANs .
Q UALITY OF S ER VI CE C OMMANDS 34-2 T o create a s er vice po licy for a specifi c categor y of ingress traffic , follow thes e ste ps: 1. Use the class-map comman d to desi gnat e a cl ass n ame fo r a sp ecif ic cate g ory of traffic , and ent er the C l ass Map con figurat ion mod e .
CLASS - MAP 34-3 Notes: 1. You can config ure up to 16 rules per C lass Map. Y ou can also include multiple classe s in a Policy Map. 2. You should create a Class Map (page 34-3) befo re creatin g a Policy Map (page 34-6).
Q UALITY OF S ER VI CE C OMMANDS 34-4 • The class map is used wit h a policy ma p (page 34-6) to create a service policy ( page 34-10) for a specific interf ace that defines pa cket class ificati on, servic e tagging , and bandw idth po licing.
MATC H 34-5 comman d to speci fy the fiel ds wit hin ingr ess pa ckets tha t must ma tch to qualify fo r this class map. • O nly one match comman d can be entered per cl ass map.
Q UALITY OF S ER VI CE C OMMANDS 34-6 policy-map This comma nd crea tes a po licy map that ca n be attach ed to m ultiple inte rfaces , and enters P olicy Map co nfigur ation mod e . Use the no for m to delete a policy map an d return to Global conf i guration m ode .
CLASS 34-7 class This command defines a traffic classifi ca tion upo n whic h a policy c an act, and ent ers P olicy Map Class con figurat ion mod e. Use th e no for m to delete a class map and re turn to P o licy Map co nfigur ation mode . Syntax [ no ] class class-map-name class-map- name - N ame of th e class map .
Q UALITY OF S ER VI CE C OMMANDS 34-8 Example This examp le creat es a pol icy call ed “r d_polic y , ” uses the class com mand to sp ecify th e previous ly defi ned “rd_ class , ” use s the s.
POLICE 34-9 police command to limit the av erage bandwidth to 100,000 Kbps, the burst rate to 15 22 bytes, and conf igure the respo nse to drop any vi olating packet s . police Th is command defi nes an po licer fo r clas sified traffi c . Use the no for m to remove a policer.
Q UALITY OF S ER VI CE C OMMANDS 34-10 Example This examp le creat es a pol icy call ed “r d_polic y , ” uses the class com mand to sp ecify th e previous ly defi ned “rd_ class , ” use s the .
SHOW CLASS - MAP 34-11 Example This e xample applies a ser vic e policy to an ingr ess interface. show class-map This comman d displays the QoS class maps which define matching crite ria used for classify ing traffic . Syntax show class-map [ class-map- name ] class-map- name - N ame of th e class map .
Q UALITY OF S ER VI CE C OMMANDS 34-12 show p olicy -map This c ommand displays the QoS policy maps which define classification criteria for incoming traffic , and may include policers for bandw idth limitations. Syntax show policy-map [ polic y-map-name [ class class -map-name ]] • policy-map-name - Na me of the p olicy map.
SHOW POLIC Y - MAP IN TER FA CE 34-13 Command Mode Pri vileged Ex ec Example Console#show policy-map interface etherne t 1/5 Service-policy rd_policy input Console#.
Q UALITY OF S ER VI CE C OMMANDS 34-14.
35-1 C HAPTER 35 M ULTICAST F ILTERING C OMMANDS Th is switch uses IGMP ( Inter net Gro up Manag ement P rotocol) to que ry for any a ttac hed host s that w ant to recei ve a speci fic mul ticast ser vic e. I t ident ifies t he ports con tainin g host s reques ting a service and sends data out to those ports only .
M ULTICAST F ILTERING C OMMANDS 35-2 IGMP Snooping Commands This sect ion descr ibes command s used t o conf igure I GMP sn ooping o n the s witch. ip igmp snooping This c ommand enables IG MP snoopin g on this switch. Use th e no fo r m to dis able it.
IGMP S NOOPING C OMMANDS 35-3 Example The follo wing example enable s IGMP s noopi ng . ip igmp snooping vlan static This comm and adds a port to a multicast g roup .
M ULTICAST F ILTERING C OMMANDS 35-4 ip igmp snooping version This comma nd confi gures the IGMP s nooping ve rsion. U se the no fo r m to restore th e default.
IGMP S NOOPING C OMMANDS 35-5 ip igmp snooping immediate- leave This command immediately deletes a member por t of a m ulticast ser v ice if a leav e packet is receiv ed at that por t and immediate-leave is enabled for the pare nt VLAN . Use the no for m to restore the defa ult.
M ULTICAST F ILTERING C OMMANDS 35-6 show ip igmp snooping Th is comman d shows the IG MP snoop ing config uratio n. Default Setting None Command Mode Pri vileged Ex ec Command Usage See “Conf iguring IGMP Sn oopin g and Que ry Parame ters ” on pag e 16-4 fo r a desc ription o f the d isplayed ite ms .
IGMP Q UER Y C OMMANDS 35-7 Command Mode Pri vileged Ex ec Command Usage Membe r type s displa yed inc l ud e IGMP o r USE R, depend ing on selec ted op tion s .
M ULTICAST F ILTERING C OMMANDS 35-8 ip igmp snooping querier This command enables the sw itch as an IGMP qu erier . Use th e no form to disa ble it. Syntax [ no ] ip igmp snooping querier Default Setting Enabl ed Command Mode Global Configura t ion Command Usa ge If enabled, the switch will ser v e as querier if elected.
IGMP Q UER Y C OMMANDS 35-9 Command Usage Th e quer y co unt def ines how lon g the q uerier waits f or a resp onse from a multicast clie nt bef ore tak ing ac tion.
M ULTICAST F ILTERING C OMMANDS 35-10 ip igmp snooping query-max- response-time This comma nd config ures the query repor t dela y . Use the no form to restore the default. Syntax ip igmp snooping quer y-max-response-time seco nds no ip igmp snooping quer y-max-response-time seconds - Th e repo rt delay a dvertis ed in IGMP qu eries .
IGMP Q UER Y C OMMANDS 35-11 ip i gmp s noopi ng ro uter- por t-exp ire-t ime This comma nd conf igures t he query timeout . Use th e no form to restore the de fault.
M ULTICAST F ILTERING C OMMANDS 35-12 Static Multicast Routing Commands This se ction describes c ommands used to configure stat ic multicast routing on the sw itch. ip igmp snooping vlan mrouter This comm and statically configures a multicast router por t.
S TATI C M ULTICAST R OUTING C OMMANDS 35-13 Example Th e fol lowing shows how to co nfig ure p or t 11 a s a multic ast r oute r por t withi n VLAN 1: show ip igmp snooping mr outer This comm and displays infor mation on statically configured and dynamically lear ned multicast router por ts .
M ULTICAST F ILTERING C OMMANDS 35-14 IGMP Filtering and Throt tling Commands In certain switch applications , the administrat or may w ant to control th e multicas t ser vices that are av ailable to end users . F or example, an IP/TV ser vice base d on a specific subscription plan.
IGMP F ILTERING AND T HR OTTL ING C OMMANDS 35-15 ip igmp filter (Global Configuration) This c ommand globally en ables IGMP filtering and throttling on the switch.
M ULTICAST F ILTERING C OMMANDS 35-16 ip igmp profile This command create s an IGMP fi lter pro file n umber and enters IGMP profile configuration mode. Use the no for m to delete a profile number . Syntax [ no ] ip igmp prof ile profil e-number pr ofile- number - An I GMP filter profile n umber .
IGMP F ILTERING AND T HR OTTL ING C OMMANDS 35-17 Command Usage • Each prof ile ha s only one ac cess mode; e ither permit or de ny. • W hen the a ccess mod e is set to pe rmit, IGMP jo in report s are processe d when a multicast group fa lls wit hin the controlled rang e.
M ULTICAST F ILTERING C OMMANDS 35-18 ip igmp filter (Interface Configuration) This c ommand assigns an IGMP filter ing profile to an interface on the switch. U se the no form to remov e a profile fr om an inter face. Syntax [ no ] ip igmp fi lter pr ofile- number pr ofile- number - An I GMP filter profile n umber .
IGMP F ILTERING AND T HR OTTL ING C OMMANDS 35-19 Default Setting 64 Command Mode Interf ace Configur ation Command Usage • I GMP throttling sets a maximum nu mb er o f multicast group s that a p o r t c a n j o i n a t t h e s a m e t i m e .
M ULTICAST F ILTERING C OMMANDS 35-20 Command Usage When the maximum number of g roups is reached on a port , the switch can ta ke on e of tw o actions; eithe r “deny ” or “repla ce. ” If th e actio n is set to den y , any new IGMP join re por ts will be drop ped.
IGMP F ILTERING AND T HR OTTL ING C OMMANDS 35-21 Example show ip igmp profile This comma nd disp lays IGMP f ilter ing profi les cr eated on the sw itc h. Syntax show ip igmp pr ofile [ pr ofile-n umber ] pr ofile- number - An e xisting IGMP filter profile number .
M ULTICAST F ILTERING C OMMANDS 35-22 show ip igmp throttle inter face This c ommand displays th e interface se ttings for IGMP th rottling . Syntax show ip igmp throttle interface [ interface ] interface • ethernet unit / port - unit - Stack un it.
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-23 Multi cast VL AN Reg istra tion Com mands This se ction describe s commands used to config ure Multicast VLAN Registrati on (MVR). A single network-w ide VLAN c an be used t o transmit multicast traffic (such as television c hannels) acros s a ser vice provider’ s network.
M ULTICAST F ILTERING C OMMANDS 35-24 mvr (Global Configuration) This c ommand enables Multicas t VLAN R egistration (M VR) globally on the switch, enables a sp ecific MVR domain using the domain ke y.
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-25 •U s e t h e mvr group command to statically config ure all multicast group addre sses that will join an MV R VLAN. Any multicast data associated with an MVR group is sent from all source po rts, and to all receiver p orts t hat have regi stered to rece ive d ata from that multicast group .
M ULTICAST F ILTERING C OMMANDS 35-26 mvr (Interface Configuration) This command configures an interf ace as a s tatic member of an MVR domain using the group ke ywo rd, or con figures an i nterface a s an MVR recei v er or source po rt using t he type k eyw ord.
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-27 groups within an MVR V LAN. Multicast groups can also be statically assigned to a rece iver por t usin g the group keyword. However, if a receiver port is statically configured as a member of an MVR VLAN, its status will be inactive.
M ULTICAST F ILTERING C OMMANDS 35-28 mvr immediate This command causes the s witch to immediate ly removes an interface from a multicast stream as soon as it receives a lea ve message for that group . Use the no f or m to restore the default se ttings.
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-29 show m vr This command show s information about the global M VR configuratio n settin gs when en tered wit hout a ny keyw ords , th e interfac es atta che d to the MVR VLAN usin g the interface k eyw ord, or the multi cast groups assi gned to the MV R VLAN u sing the members keyw ord.
M ULTICAST F ILTERING C OMMANDS 35-30 Example Th e following shows the global MV R settin gs: Console#show mvr ================================ MVR domain : 1 MVR Status:enable MVR running status:TRUE.
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-31 The following dis plays information ab out t he in terfaces a t tach ed to t he MVR VL AN: Console#show mvr interface ====================================.
M ULTICAST F ILTERING C OMMANDS 35-32 The following shows info rmation about the interfaces associated with multicast g roups assigned to th e MVR VLAN: Console#show mvr members =================================== MVR domain : 1 MVR Group IP Status Members ---------------- -------- ------- 225.
36-1 C HAPTER 36 D OMAIN N AME S ERVICE C OMMANDS These commands are used to configure Do main Naming Syst em (DNS) ser vices. Y ou can manually configure entries in the DNS domain nam e to IP ad dress m apping table, co nfigure default domain names, or s pecify one or more name s er v ers to use for domain name to ad dress tran slation.
D OMAIN N AME S ER VICE C OMMANDS 36-2 ip host This comma nd crea tes a static en try in the DN S table that m aps a ho st name to an I P address . Use the no for m to remo ve a n entry . Syntax [ no ] ip ho st name addr ess1 [ addr ess2 … addr ess8 ] •n a m e - Name of the host.
CLEA R HOST 36-3 Example This example maps tw o address to a ho st name . clear host This c ommand deletes e ntries from the DNS table. Syntax clear host { name | * } •n a m e - Name of the host. (Range: 1-127 character s) • * - Rem oves a ll entri es.
D OMAIN N AME S ER VICE C OMMANDS 36-4 ip domain-name This command defines the defau lt domain name app ended t o incomp lete host na mes (i.e., host na mes passe d from a clie nt that are no t for mat ted with dott ed notatio n). Use the no form to remo ve the current domain name.
IP DOMA IN - LIST 36-5 ip domain-list Th is comman d define s a list of do main name s that can be append ed to incomple te host na mes (i.e., host na mes passe d from a clie nt that are n ot for ma tted wi th dott ed not ation ). Use th e no for m to remo ve a name f rom this list.
D OMAIN N AME S ER VICE C OMMANDS 36-6 Example Th is example adds two domain names to the cu rr ent list an d then d isplays the list. Related Commands ip domain-name (36-4) ip name-server This comman d specifies the add ress of on e or more domai n name s er ve rs to us e for n ame- to-a ddre ss res olut ion.
IP DOMA IN - LOOKUP 36-7 Example This examp le adds tw o doma in-name servers to the li st and then dis pla ys the list. Related Commands ip domain-name (36-4) ip domain-lookup (36-7) ip domain-lookup This command enables DNS host name-t o-address tr anslation.
D OMAIN N AME S ER VICE C OMMANDS 36-8 Example This examp le enable s DNS an d then displa ys the configura t io n. Related Commands ip domain-name (36-4) ip name-ser ver (36-6) show h ost s This c ommand displays the static host n ame-to-address mapp ing table.
SHOW DNS 36-9 show d ns This comm and displays the configuration of the DN S serv ice. Command Mode Pri vileged Ex ec Example show d ns ca che This comma nd disp lays entri es in th e DNS cac he. Command Mode Pri vileged Ex ec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
D OMAIN N AME S ER VICE C OMMANDS 36-10 clear dns cache This comm and clears all entries in the DNS cache. Command Mode Pri vileged Ex ec Example Table 36-2 show dns cache - display description Field Description NO The entry number for each resource record.
37-1 C HAPTER 37 DHCP C OMMANDS These commands are used to configure Dynam ic Host Config uration Protoc ol (DHCP) clien t and rel ay functio ns . Y ou can confi gure any V LAN interface to be au tomatically assigned a n IP address via DHCP .
DHCP C OMMANDS 37-2 Command Usage • This comm and iss ues a BOO TP or DH CP cl ient r equest f or an y IP interface th at has been set to BOOTP or DHC P mode via the ip address command. • DHCP r equires t he server to reas sign th e client ’s last address if available.
DHCP R ELAY 37-3 ip dhcp relay server This command enables DHCP rela y ser vice, a nd speci fies the address of the ser v er to us e. Use the no for m to clear a server addre ss . Syntax ip dhcp relay ser ver address no ip dhcp relay ser ver address - IP address of a DHC P ser ver .
DHCP C OMMANDS 37-4 Example ip dhcp information opt ion This c ommand enables DHCP Op tion 82 infor mation relay , and sp ecifies the frame for mat to use whe n Option 82 infor mation is gene rated by the switch. U se the no form of this command to disable this feature .
DHCP R ELAY 37-5 • If Option 82 is enabl ed on the sw itch, clien t information will be include d in any re l ayed request p acket recei ved thr ough th e management interface according to this criteria.
DHCP C OMMANDS 37-6 the rep ly packet w as recei ved. If t he DHCP packe t’s br oadcast flag is off, th e switch uses the Option 82 informatio n to identify the inte rface conn ected to t he reques ting clien t and unica sts the reply pac ket to the client.
DHCP R ELAY 37-7 address (when DHCP snoop ing or relay is e nabled), and unicast the packet to the DHCP s erver. Default Setting replace Command Mode Global Configura t ion Usage Guidelines • Refer .
DHCP C OMMANDS 37-8 Example Related Commands ip dhcp r elay s er ver ( 37-3) Console#show ip dhcp relay server Ip Dhcp Relay Status: Enable Ip Dhcp Relay Server: 192.
38-1 C HAPTER 38 IP I NTERFACE C OMMANDS An IP address may be used for management access t o the switc h o ve r y our network. An IP addre ss is obtai ned via DH CP by defaul t for VLA N 1.
IP I NTERFACE C OMMANDS 38-2 ip address This comma nd sets t he IP a ddress for t he currently select ed VLAN interface. Use the no form to res tore the defau lt IP address . Syntax ip address { ip-address netmask | bootp | dhcp } no ip address • ip-address - IP address • netm ask - Network ma sk for the associated I P subnet.
B ASI C IP C ONFIGURATION 38-3 Notes: 1. Only one VLAN int erface can be as signe d an IP add ress (the defa ult i s VL AN 1) . This defines t he ma nagem ent VL AN, the only VL AN through w hich you ca n gain man agement ac cess to the switc h.
IP I NTERFACE C OMMANDS 38-4 Example The follo wing ex ample defin es a defaul t gatewa y for th is device: Related Commands show ip redirects (38-4) show ip interface This comm and displays the settings of an IP interface.
B ASI C IP C ONFIGURATION 38-5 ping Th is comman d send s ICMP echo reques t packets to a nother node on the network. Syntax ping host [ count coun t ][ size size ] • host - IP address o r IP alias of th e host. • coun t - Number of packets to send.
IP I NTERFACE C OMMANDS 38-6 Example Related Commands interface (25-2) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload IC MP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.
S ECTION IV A PPENDICES This se ction provides addition al infor mation on the following topic s . Software Spec ifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troubles hooting . . . . . . . . . . . . . . . .
A PPENDICES.
A-1 A PPENDIX A S OFTWARE S PECIFI CATIO NS Software Features Authentication Local, RADIUS , T A CACS+, P or t (802.1X), HTTPS , SSH, P or t Security Acc ess Con tro l Lists IP , MA C F ast Et her net.
S OFTWARE S PECIFICATIONS A-2 Rate Limits Input/out put limit Range (c onfigured per po rt) P or t T r unking Static tr u nks (Cis co Ethe rChanne l complian t) Dynam ic trunks (Link Ag gregation Con trol Pr otocol ) Spanning T ree Algorithm Spanning T ree Protocol (STP , IEEE 802.
M ANAGEM ENT F EAT UR ES A-3 3 O AM channels (IB , eoc, V OC) between VTU-C and VTU-R HDLC or 802.3ah EFM framing Upstre am pow er bac k off CPE firmware-upgrade via eoc c hannel Remote CPE m anage me.
S OFTWARE S PECIFICATIONS A-4 IEEE 802.1Q VLAN IEEE 802.1v Protocol-based VLANs IEEE 802.1s Multiple Spanning T r ee Proto col IEEE 802.1w Rapid Span ning T ree Protocol IEEE 802.
M ANAG EMENT I NFORMATI ON B ASES A-5 Entity MIB (RFC 2737) Ether-lik e MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) F orw arding T able MIB (RFC 2096) IGMP MIB .
S OFTWARE S PECIFICATIONS A-6.
B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubl eshooting Chart Symptom Action Cannot con nect using Telnet, web browse r, or SNMP software • Be sure th e switc h is pow e red up. • Chec k network cabling between the manage ment station and t he switc h.
T R OUBLESHOOTING B-2 Cannot con nect using Secure Shell • If you cannot connect using SSH, you may have exce eded the maximu m number of concurrent Telnet/ SSH sessions permitte d.
U SIN G S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installa tion Guide to e nsure that the probl em you en count ered is actual ly cau sed by the switch. If the pro blem appea rs to be ca used by the switch, follow these s teps : 1.
T R OUBLESHOOTING B-4.
Glossary-1 G LOSSA RY Acc ess Con trol L ist (AC L) A CLs can lim it netw ork tr affic and restrict access to certain users or devices b y chec king eac h pack et for certain IP o r MA C (i.
G LOSSAR Y Glossary-2 marke d for differe nt kinds of forw arding . The DSCP bits are mapp ed to the Clas s of Se r vice cate g ories , and then i nto th e output qu eues . Domain Name Service (DNS) A syste m used for transl ating host n ames for network node s into IP addresses .
G LOSSAR Y Glossary-3 Gener ic Mu ltica st Reg istra tion Protocol (GMRP) GMRP al lows netw ork device s to reg i ster end st ations with m ulticast g roups. GMRP requi res that a ny par ticipatin g network dev ices or en d stations comply with the IEEE 802.
G LOSSAR Y Glossary-4 IEEE 802.3ac Defines frame extensions for VLAN tag ging . IEEE 802.3x Defin es Et hernet fram e st art/sto p reques ts and timers use d for flo w control on full -duplex links .
G LOSSAR Y Glossary-5 IP Precedence The T ype of Service (T oS) oct et in th e IPv4 heade r includes thr ee preceden ce bit s defi ning ei ght d ifferent p riori ty lev els rangi ng from h ighest prior ity f or ne tw ork co ntro l pac ket s to l ow est pri orit y for ro utine traffi c.
G LOSSAR Y Glossary-6 Multicas t Switchin g A proc ess wher eb y the sw itch fi lters i ncomin g m ulticast frames for ser vices fo r which no attached host has registered, o r forwards them to all por ts cont ained w ithin the designate d multicas t VLAN g roup.
G LOSSAR Y Glossary-7 Private Branch Exchange (PBX ) A tele phone e x chang e local to a par ticular orga nizatio n who us e, rather than pr ovide, tele phone s er vices. Private VLANs Pri vat e VLANs p rov ide po rt-based securit y and isolati on betw een ports withi n the assi gned V LAN .
G LOSSAR Y Glossary-8 Secure Shell (SSH) A secur e replacement for rem ote acces s functi ons , including T elnet. SSH can a uthenti cate users wit h a cryptographic k ey , and encrypt data conne ctions be tween manag emen t clients and the sw itch.
G LOSSAR Y Glossary-9 Terminal Access Controller Access Control System Plus (TACACS+) T A CA CS+ is a logon authenti cation p rotocol that uses so ftwa re running on a central ser v er to contro l access to T ACA CS-compliant devices on the network.
G LOSSAR Y Glossary-10 Very high data ra te Digital Subscriber Line 2 (VDSL2) VDSL2 as defined in ITU-T R ecommendation G .993.2 is an enhancement to the first VDSL standard (G .
Index-1 Numerics 802.1Q tunnel 1 3-24 , 32- 25 description 13-2 4 interface configu ration 13-30 , 32-27 – 32-2 9 mode selectio n 13-3 0 , 32-10 , 32-27 TPID 13-30 , 32-29 802.
I NDE X Index-2 verifying M AC address es 7-10 , 23-21 VLAN configu ration 7-10 , 23-20 Differentiated Code Point Service See DSCP Differentiated Serv ices See Diff Serv DiffServ 15-2 , 34-1 binding p.
I NDEX Index-3 Layer 2 16 -2 , 35-2 query 16-2 , 35-8 query, Layer 2 16-4 , 35-7 snooping 16-2 , 35-2 snooping, con figuring 16- 4 , 35-2 snooping, se tting immedia te leave 16-13 , 35-5 ingress fi lt.
I NDE X Index-4 MVR assigning static multic ast groups 16-30 , 35-26 setting interface type 16-26 , 35-26 , 35-28 setting multicast groups 16- 21 , 35-24 specifying a VLAN 16-21 , 35-24 using immediat.
I NDEX Index-5 groups 5-18 , 21-15 user configuratio n 5-12 , 5-1 5 , 21-18 views 5-24 , 21-13 software displaying version 4 -7 , 20-10 downloading 4-18 , 20- 17 Spanning Tre e Protocol See STA specif.
I NDE X Index-6 ham band notch 10 -8 , 29-7 ham band region/ usage notch 10- 9 , 29-9 impulse noise prot ection 10-10 , 29- 23 interface settin gs 10-7 , 29-2 line profiles 10-16 , 29-35 maximum data .
.
20 Mason Irvine, CA 92618 Phone: (9 49) 679-8000 Model Numbers: SMC7800A/VCP Pub. Number: 149 100012100 H E01200 7/ST -R 01 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Canada (2 4 hours a day , 7 da ys a week) (800) SMC-4-YOU; (94 9) 679-8000; F ax: (949 ) 679-1481 Fro m Euro pe: Cont act deta ils can be fo und on www .
デバイスSMC Networks SMC7816VSWの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
SMC Networks SMC7816VSWをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはSMC Networks SMC7816VSWの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。SMC Networks SMC7816VSWの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。SMC Networks SMC7816VSWで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
SMC Networks SMC7816VSWを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はSMC Networks SMC7816VSWの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、SMC Networks SMC7816VSWに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちSMC Networks SMC7816VSWデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。