SMC NetworksメーカーSMC8612XL3 F 1.0.1.3の使用説明書/サービス説明書
ページ先へ移動 of 846
T igerSwitch 10/100/1000 Gigabit Ether net Switch ◆ 12 1000B ASE-X SFP ports ◆ 4 RJ45 ports shared wit h 4 SFP transcei ver slots ◆ Non-blocking switching architect ure ◆ Support for a redunda.
.
38 T esla Irvine, CA 9261 8 Phone: (9 49) 679-80 00 T igerSwitch 10/100/1000 Manag ement Guide From SM C’ s T iger line of feature-r ich work group LAN so lutions October 2003 Pub.
Infor matio n furn ished by SMC Networks , Inc. (SMC) is believed to be accurate and reliable. Ho wever , no re sponsibili ty is assumed by SMC for its use, nor f or any infring eme nts of p atents or oth er righ ts of thir d par t ies which may result from its use.
v L IMITED W ARRANTY Limited W ar ranty Statement: S MC Ne tworks, Inc. (“SMC” ) warra nts it s produ cts to b e free from defects in wor kmanship and materials , under normal use and service, for the applicable warranty term .
L IMIT ED W AR RANTY vi LIABILITY IN C ONNECTION WITH THE SALE, I NSTALLA TION, MAINTENANCE OR USE OF ITS P RODUCTS . SMC SHALL NOT BE LIABLE UNDER THIS W ARR ANTY IF ITS TESTING AND EXA MINATION DISC.
vii C ONTENTS Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Featu res . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descripti on of Softw are Feat ures . .
C ONTENTS viii Using DHCP/ BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 Managing F irmwa re . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Download ing System Software from a Server . . . . . . . . . . 3-17 Saving or Rest oring Confi guration Sett ings .
C ONTENTS ix Configuri ng a MAC AC L . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55 Configuri ng ACL Mas ks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57 Specifying th e Mask Ty pe . . . . . . . . . . . . . . . . . . . .
C ONTENTS x Enabling or Dis abling GVRP (Globa l Setting) . . . . . . . . . . . 3-111 Displaying Ba sic VLAN In formatio n . . . . . . . . . . . . . . . . . . . 3-111 Displaying C urrent VL ANs . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112 Creating VL ANs .
C ONTENTS xi Configuring Gen eral DNS Server Para meters . . . . . . . . . . . . 3-150 Configuri ng Static DN S Host to A ddress E ntries . . . . . . . . . 3-152 Displaying t he DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154 Dynamic Ho st Configur ation Proto col .
C ONTENTS xii Displaying t he Routin g Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195 Configuri ng the Routin g Informa tion Prot ocol . . . . . . . . . . . 3-196 Configuring Ge neral Proto col Settings . . . . . . . . . . . . . . 3-197 Specifying Ne twork In terfaces for RIP .
C ONTENTS xiii Accessin g the CL I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Console C onnec tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Telnet Co nnection . . . . . . . . . . . . .
C ONTENTS xiv exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 System Man agement C ommands .
C ONTENTS xv SMTP Alert Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46 logging se ndmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47 logging se ndmail leve l . . . . . . . . . . . . . . . . . . . .
C ONTENTS xvi radius-ser ver retrans mit . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 radius-ser ver timeou t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 show radi us-server . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xvii MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 permit, deny (MAC ACL) . . . . . . . . . . . . . . . .
C ONTENTS xviii dns-se rver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121 next-se rver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121 bootfi le . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xix port monito r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147 show por t monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-148 Rate Lim it Command s . . . . . . . . . . . . .
C ONTENTS xx spanni ng-tree po rtfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175 spanni ng-tree link-t ype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176 spanni ng-tree mst cost . . . . . . . . . . . . .
C ONTENTS xxi Priority Comma nds (Laye r 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198 switchport p riority de fault . . . . . . . . . . . . . . . . . . . . . . . . 4-198 queue mod e . . . . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xxii ip igmp query -interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222 ip igmp max-re sp-inter val . . . . . . . . . . . . . . . . . . . . . . . . . 4-222 ip igmp last -memb-quer y-interval . . . . . . . . . . . . . . . .
C ONTENTS xxiii ip rip auth enticatio n mode . . . . . . . . . . . . . . . . . . . . . . . . 4-246 show rip glo bals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-247 show ip ri p . . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xxiv General Mu lticast Routing Commands . . . . . . . . . . . . . . . . . 4-282 ip multicas t-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-282 show ip mrou te . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xxv show vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-305 show vrrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-307 show vrrp router coun ters . . . . . . . . . . . . . . . . .
C ONTENTS xxvi.
1-1 C HAPTER 1 I NTRODUCTION The Tige rSwitch 10/100/1000 provid es a broad range of features for La yer 2 switc hing a nd Laye r 3 routing . It includes a management agent that allows yo u to configure the features listed in this manual. Th e default config urati on can be used fo r most of the feat ure s provided by this swit ch.
I NTR ODU C TI O N 1-2 Rate Limiting Input and outpu t rate limiting per port Port Mirroring One or more ports mirrored to single an alysis port Port Trunking Supports up to 6 trunks using either stat.
D ESCRIPTION OF S OFTWARE F EAT UR ES 1-3 Descri ption of Soft ware Feature s Th e switch pr ovides a wid e rang e of advanced pe rfor mance e nhanc ing featu res . Flo w contro l elimina tes the loss of pack ets due t o bott leneck s caused by por t satur ation.
I NTR ODU C TI O N 1-4 by us ed to im prov e perfor mance b y bloc king un necessary netw ork traffic or to implement s ecurit y controls by res tricting access t o specific netw ork resourc es or protoco ls . DHCP Ser ver and DHCP Relay – A D H C P s er ve r is p r ov i de d t o as s i g n IP address es to host device s .
D ESCRIPTION OF S OFTWARE F EAT UR ES 1-5 redund ancy by t aking over the load if a port in the tr unk sho uld fail. The switch sup por ts up to 6 tr unks. Broadca st Stor m Control – B roadc ast supp ress ion prevent s bro adca st traff ic from o verw helming t he netw ork.
I NTR ODU C TI O N 1-6 paths betw een se gments , this pr otoc ol wil l choo se a sin gle pa th and d isable all oth ers to ensu re that only one ro ute exist s betw een any tw o statio ns on the net work. T his pre vents the c reat ion of network loo ps.
D ESCRIPTION OF S OFTWARE F EAT UR ES 1-7 except where a connecti on is explic itly defi ned via the switc h’s routing servic e. • Use private V LANs to restr ict traffic to pass only b etween dat.
I NTR ODU C TI O N 1-8 OSPF – This a pproa ch uses a link s tate routing prot ocol to g en erate a shor test-p ath tre e, then buil ds up its ro uting ta ble based on this tree.
D ESCRIPTION OF S OFTWARE F EAT UR ES 1-9 Multicas t Routing – Routing for multicast packets is suppor ted by the Distance V ector Multic ast Routing Prot ocol ( D VMRP) and Protoc ol-Ind ependent M ulticast ing - D ense Mod e (PIM- DM). These protocol s work in conjunction with IG MP to filter and route multicast traffi c .
I NTR ODU C TI O N 1-10 System Defaults The swit ch’ s system defaults are provided in the configuration file “Factor y_Defa ult_Con fig.cfg. ” To reset th e swit ch defa ults, this file should be s et as the star tup configur ation file (page 3-27).
S YSTEM D EFAULTS 1-11 SNMP Community String s “public” (rea d only) “pri vate” (re ad/wr ite) Traps Authenticat ion traps: enabled Link-up-down events : enabled IP Fi ltering Disabled Port Co.
I NTR ODU C TI O N 1-12 Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filterin g Disabled Switchport Mode ( Egress Mode) Hybrid: tagged /untagg ed frames GVRP (globa l) Disabled.
S YSTEM D EFAULTS 1-13 Router Redundancy HSRP Disabled VRRP Disa bled Multicast Filt ering IG MP Snooping (Layer 2) Snooping: Enabl ed Querier: Disable d IGMP (La yer 3) Disabled Multicast Routing DVM.
I NTR ODU C TI O N 1-14.
2-1 C HAPTER 2 I NITI AL C ONFIGURATI ON Connect ing to the Switc h Configuration Opt ions The switc h incl udes a b uilt-in ne tw ork managem ent agent. The agent offer s a variety o f manag eme nt opt ions, including SN MP , RM ON and a web-base d inte rfa ce.
I NI TI AL C ONFIGURATION 2-2 The swi tch’ s web in terfac e, CLI configur ation program, and SN MP agent allow you to perf or m th e following ma nage ment fu nctions: • Set user na mes and pas s.
C ONNECTING TO THE S WITCH 2-3 Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or te r minal fo r monit oring an d config uring the sw itch .
I NI TI AL C ONFIGURATION 2-4 Windows 2000 service packs. 2. Refer to “Line Commands” o n page 4-15 for a complete desc riptio n of cons ole co nfigurati on opti ons. 3. Once you have set u p the t erminal correctl y, the co nsole l ogin screen will be disp layed.
B ASIC C ONFIGURATION 2-5 Remote Connections Prior to accessing the swit ch’ s onboard agent vi a a netw ork conn ection, you must first co nfigur e it with a v alid IP addres s , subnet mask, and defaul t g ateway using a c onsol e connec tion, DH CP or BOOTP pr otocol.
I NI TI AL C ONFIGURATION 2-6 those available at the Pri vileg ed Exec leve l and allow you to only display infor mation and use basic utilities. T o fully configure the swi tch parameter s , y ou mus t access t he CLI at the Pri vileged Ex ec level. Acces s to both C LI levels are cont rolle d by user na mes and pa sswords .
B ASIC C ONFIGURATION 2-7 4. T ype “u ser name admin pa ssword 0 passw ord ,” for the Pri vileged Ex ec level, where passwo rd is your n ew pa ssw ord. Pr ess <En ter>. Setting an IP Address Y ou must establish IP addre ss infor mation for the swi tch to obtain manag emen t acc ess thr ough t he network.
I NI TI AL C ONFIGURATION 2-8 • IP addres s for the switch • Default gateway for th e network • Network mask for this networ k T o ass ign an IP address to the switch, complete the following ste ps: 1.
B ASIC C ONFIGURATION 2-9 If the “bo otp” or “dhc p” op tion is saved to th e star tu p-config f ile (ste p 6) , then the switch will st art bro adcasting ser vice requests as soon as it is powered on .
I NI TI AL C ONFIGURATION 2-10 6. Then s av e y our conf igur ation c hanges b y typing “ copy running- config star tup-c onfig. ” Enter t he star tup file na me and press < Enter> .
B ASIC C ONFIGURATION 2-11 Th e de fault stri ngs ar e: • public - wit h read-only access. Au thor ized manag ement stat ions are only able to retrieve MIB ob jects. • private - with re ad-write access. A uthorized management stations ar e abl e to bo th re trie ve an d modif y MI B obj ects.
I NI TI AL C ONFIGURATION 2-12 1. Fr om the Privil eged Ex ec lev el global conf igurati on mode prompt, type “s nmp-ser ver host host-address community-string , ” where “host-ad dress” i s the IP add ress for the trap re ceiv er and “community -string” is the s tring associate d wit h that ho st.
M ANAGING S YSTEM F ILES 2-13 Managing Syst em File s Th e switch’ s f lash memo r y sup por ts three types of sy stem file s that can be managed b y the CLI program, w eb interface , or SN MP . The swi tch’ s file syste m allow s files t o be up loaded and downlo aded, co pied, dele ted, an d set as a start-up file .
I NI TI AL C ONFIGURATION 2-14 Note that configuration files should be downloaded using a file name th at reflects t he conten ts or us age of the fi le sett ings . If you down load dire ctly to the r unn ing-c onfig, the s ystem wi ll reboot, and the setting s will have to be copi ed fro m the r unni ng-conf ig to a pe r ma nent file.
3-1 C HAPTER 3 C ONFIGU RING THE S WITCH Using the We b Interface Th is switch provide s an em bedded HTTP web ag ent . Using a web browser you c an con figure th e switc h and vi ew statis tics to monito r netw ork acti vity . T he web agent can b e accesse d by a ny compute r on th e netw ork using a st andard web browser (Inter n et Explor er 5.
C ONFIGURING THE S WI TC H 3-2 on th e third fail ed atte mpt the curr ent conn ectio n is terminate d. 2. If you log into th e web interface as guest (Normal Exec level), you ca n view t he config uratio n setti ngs or c hange t he gues t password. If you log in as “admin” (Privileged Exec lev el), you can c hange the setting s on any p age.
N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-3 Navigati ng t he We b Brow ser I nterfac e T o access the we b-bro wser interface y ou mus t first enter a us er name and passw o rd. The administra tor has R ead/W rite access to all configurat ion parameter s and statistics .
C ONFIGURING THE S WI TC H 3-4 “ Apply ” or “ Ap ply Chan ge s” butto n to conf ir m t he new s etting. The following table sum marizes the web pag e configuration butt ons. Notes: 1. To ensu re pr oper scree n re fres h, be sure tha t Inter net Explor er 5.
N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-5 The following table brief ly describes the selections available from this prog r am. Menu Des cription Page System 3-14 System In format ion Provid.
C ONFIGURING THE S WI TC H 3-6 SSH 3-5 0 Settings Configures Secure Sh ell server settings 3-55 Host -Ke y Se ttin gs Generate s the host key pair (pu blic and privat e) 3 -53 Port Secu rity Configure s per port security, including sta tus, response for secu rity breach, an d maximum allowed MAC addr esse s 3-5 6 802.
N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-7 Port Inter nal Info rmatio n Displays setti ngs and op erational state fo r the local side 3-106 Port Neighb ors Infor mation Displays settings and.
C ONFIGURING THE S WI TC H 3-8 Trunk Informa tion Displays trunk setting s for a specified MST ins tance 3-146 Port Conf iguratio n Configures port s ettings for a specifie d MST insta nce 3-148 Trun k Co nfi gurat ion Configures trunk settings for a specified MST instance 3-148 VLAN 3-150 802.
N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-9 Queue M ode Sets queue mode to strict priority or Weighted Round-R obin 3-176 Queue Sc heduli ng Configure s Weig hted Round Robin queuein g 3-176 IP Precedenc e/ DSCP Pri ority St atus Globa lly selects IP Precedence or DSCP Priority, or disables bot h.
C ONFIGURING THE S WI TC H 3-10 DNS 3-206 General C onfigu ration Enables DNS; configure s domain na me and domain list; and specif ies IP a ddress of name servers for dynamic look up 3-206 Static Hos.
N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-11 ICMP Shows statistics for ICMP traffic, incl uding the amount of traf fic, protocol errors, and the number of echoes, times tamps, and addre ss m .
C ONFIGURING THE S WI TC H 3-12 Inte rf ace S etti ngs Configures RIP parameters for each interface, including send and receive vers ions, messa ge loopback prevention , and authent ication 3-277 Stat.
N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-13 DVMRP 3- 323 General S ettings Configure global sett ings for prune an d graft message s, and the exc hange of rout ing informatio n 3-324 Inte rf.
C ONFIGURING THE S WI TC H 3-14 Basic Configuratio n Displaying System I nformation Y ou can easil y identi fy the system b y displa ying the devic e name , locatio n and conta ct infor mation. Field Attributes • Sy stem Name – Nam e assign ed to the s witch s ystem.
B ASIC C ONFIGURATION 3-15.
C ONFIGURING THE S WI TC H 3-16 CLI – Specify the h ostname, location and contact info r mation . Displaying Switch Hardware/Software Versions Use the Swi tch I nfor mation page to display hardware/fir mware version numbe rs for the main bo ard and man ag ement s oftware, as well as the pow er st atus of the s ystem.
B ASIC C ONFIGURATION 3-17 supply. • Redundant Power Status* – D isplays the stat us of the re dundant power supply . * CLI only . Management Software • Loader Versio n – Vers ion nu mber of loade r code . • Boot-RO M Vers ion – Version of Power-On Self-Tes t (POST) and boot co de.
C ONFIGURING THE S WI TC H 3-18 CLI – Use the followin g command to display version infor mation. Displaying Bridge Extension Capabilities Th e Bridg e MIB in clude s exte nsions f or manag ed d evices th at sup por t Multicast Filtering , T raffic Class es , and Virtual LANs .
B ASIC C ONFIGURATION 3-19 • Local VLAN Capable – This switch supports multiple lo cal bridges; i.e., multiple spa nning t rees. ( Refer to “ Configuri ng Multi ple Spann ing Trees” on page 3-101.) • GMRP – GARP Mu lticas t Regist rati on Prot ocol (G MRP) allo ws network d evices to r egister endstatio ns wit h multicast groups .
C ONFIGURING THE S WI TC H 3-20 Setting the Switch’s IP Address Th is sectio n desc ribes how to conf ig ure an initial IP interface for manageme nt acc ess o ver t he netw ork.
B ASIC C ONFIGURATION 3-21 as long as that VLAN has b een assigne d an IP address . • IP Address Mode – Specifies whether IP func tionality is enabled via manual c onfigu ration (S tatic), Dy namic H ost C onfigurati on Pr otocol (DHCP ), or Bo ot Prot ocol ( BOOTP).
C ONFIGURING THE S WI TC H 3-22 Click IP , Glob al Setting . If this swit ch and manage ment stations exist on other network seg ments, then spec ify the default gateway , and clic k Apply . CLI – Specify t he management i nterface , IP addres s and defaul t gatewa y .
B ASIC C ONFIGURATION 3-23 BOOTP . Click Apply to save y our changes . Then click Re start DHCP to immediately reque st a new address. Note that the swit ch will also broadcast a request for IP co nfigur ation settings on eac h po wer res et.
C ONFIGURING THE S WI TC H 3-24 We b – If the address assigne d by DHCP is no long er functio ning, you will not be a ble to rene w the IP set tings via th e web inte rface. Y ou can only restart DHCP ser vice via the web interface if the cur rent addres s is still av ailable.
B ASIC C ONFIGURATION 3-25 to o verw rite o r specify a new fil e name , th en clic k T ransfer fro m Ser v er . T o start the ne w fir mware , reboot the s ystem via the System /Re set men u.
C ONFIGURING THE S WI TC H 3-26 CLI – Ente r the IP a ddress o f the TF TP ser ver , sele ct “con fig” or “opcod e” file ty pe, then enter the source and destin ation fil e names, set the new file to star t up th e syste m, and th en rest ar t the swi tch.
B ASIC C ONFIGURATION 3-27 file “Factor y _Defa ult_ Con fig .cfg ” can be co pied to the TFTP ser ver , but cann ot be used as th e destin ation on the s witc h.
C ONFIGURING THE S WI TC H 3-28 If you download the startup configuration file under a new file name, you can set this file as t he st ar tup file a t a la ter time, and then resta r t the s witch.
B ASIC C ONFIGURATION 3-29 flash. (Range: 0-7, Default : 3) • RAM Level – Limits log message s saved to th e switch’s temporar y RAM memory for all levels up to the spe cified level. For example, if level 7 is sp ecified, all mes sages from level 0 t o level 7 will be logged to RAM.
C ONFIGURING THE S WI TC H 3-30 CLI – Specify the h ostname, location and contact info r mation . Remote Log Configuration The Remote Logs pag e allows y ou to configure t he log gin g of message s that are se nt to sy slog s er vers or oth er man age ment statio ns .
B ASIC C ONFIGURATION 3-31 • Host IP Address – Specifies a new server IP add ress to add to th e Host IP List. We b – Click System , Remote Logs. T o add an IP addr ess to th e Host IP List, type the new IP addr ess in t he Host I P Address bo x, and t hen clic k Add IP Host.
C ONFIGURING THE S WI TC H 3-32 set the log ging tr ap . Displaying Log Messages Use the Log s page to scroll through th e log ged system and even t messages . The switch can store up to 2048 log entries in temporar y random access memor y (RAM; i.e., memor y flushed on power reset) and up to 4096 entries in per m anent f lash memor y .
B ASIC C ONFIGURATION 3-33 error . Resetting the System We b – Cli ck S ystem , R eset. Clic k the R eset butt on to r esta rt the swi tch . CLI – Use th e rel oad com mand to rest art the s witc h. Note: When restarting the syste m, it will always run the Power-On Self-Test.
C ONFIGURING THE S WI TC H 3-34 addresses . T he switch will attempt to poll each ser v er in the con figured sequenc e. Broadcas t – Th e switch sets its clock from a time se r ver in the sa me sub net that br oadcas ts time updates.
B ASIC C ONFIGURATION 3-35 We b – Select SNTP , Configurati on. Modify a ny of the re quired parameters , and click Apply . CLI – This example c onfigu res the sw itch to operate as an SNTP broadc ast c lient.
C ONFIGURING THE S WI TC H 3-36 We b – Select SNTP , Cloc k Time Zon e. Set the offs et for y our time z one relativ e to the UTC, and click Apply . CLI - T his ex ample shows how to se t the t ime zone for the sy stem clock.
S IMP LE N ETWORK M ANAGEME NT P RO T O C O L 3-37 Setting Communit y Access Stri ngs Y ou may configure up to fi v e community str ings autho rized for manageme nt acces s . All commu nity str ings used for I P T rap Mana gers should be listed in th is table.
C ONFIGURING THE S WI TC H 3-38 CLI – The followi ng example ad ds the st ring “spi derman” with read/ write access . Console(config)#snmp-server community spiderman rw 3-147 Console(config)#.
S IMP LE N ETWORK M ANAGEME NT P RO T O C O L 3-39 Specifying Trap Managers and Trap Types T r aps indica ting st atus chang es a re issued by the switch to specif ied trap managers .
C ONFIGURING THE S WI TC H 3-40 CLI – This example adds a t rap manager and enab les both au thentication and link-up , link -down traps. Console(config)#snmp-server host 10.
S IMP LE N ETWORK M ANAGEME NT P RO T O C O L 3-41 Filtering Ad dresses for SN MP Client Access The switch al lows y ou to create a list of up to 16 IP addresses or I P address groups t hat are allo wed access to the switch via SNM P mana gement s oftwa re (als o see page 3-69) .
C ONFIGURING THE S WI TC H 3-42 We b – Click SNMP , IP Filtering . T o add a client, enter the new addr ess , the subne t mask f or a no de or an addr ess ra ng e, and t hen c lick “ Add IP Filtering Ent r y .” CLI – This example a llows SNMP ac cess for a specif ic client.
U SER A UTHENTICATION 3-43 • 802.1x – Use IEEE 802.1x port authentication to control access to specific por ts. Configuri ng the Logon P assword Th e gues t only h as read acce ss for mo st co nfigura tion pa ramete rs. Ho wev er, t he administ rator has write access for all parameters governing the onbo ard agent.
C ONFIGURING THE S WI TC H 3-44 CLI – Assign a user nam e to acc ess-lev el 15 (i. e., ad ministra tor), then speci fy the pa ssw ord. Configuring L ocal/Remote Logo n Authentication Use th e A uthentic ation Setting s menu to res trict m anagement ac cess bas ed on specif ied user names and passw o rds .
U SER A UTHENTICATION 3-45 sequenc e and the co rrespon ding parameter s for the re mote authent icat ion prot ocol. Local and remote logon au thenti cation contr ol manag ement a ccess via the cons ole por t, web br owse r, or Telnet.
C ONFIGURING THE S WI TC H 3-46 - Secret Text String – Encryption key used t o authent icate l ogon access for clien t. Do no t use bla nk spaces in the s tring. (Maximum length: 20 ch aracters) - Number of Server Transmits – Number of t imes th e switch tries to auth enti cate logon access via the auth enticatio n serve r.
U SER A UTHENTICATION 3-47 CLI – Sp ecify all the requ ired par ameters to enable log on au thentic ation. Console(config)#authentication login radius 3-93 Console(config)#radius-server host 19 2.
C ONFIGURING THE S WI TC H 3-48 Configuring H TTPS Y ou can confi gure the s witch to enable the Secure H ypertext T ransfer Proto col (HT TPS) over the S ecur e Socket Lay er (SSL ), provid ing secu re access (i.e ., an encrypted con nection ) to th e switc h’ s web in terface .
U SER A UTHENTICATION 3-49 Secure-si te Certif icate” on page 3-49. Command Attributes • HTTPS St atus – Allows you to enable/disable the HTTPS server featu re on th e switch . (Default : Enabled) • Change HTTPS Po rt Nu mber – Specifies the UDP port n umber used for HTTPS/SSL c onnectio n to t he switch’ s web int erface.
C ONFIGURING THE S WI TC H 3-50 Caution: For ma ximum secu rity, we recom mend you obtain a unique Secure Soc kets L ayer certi ficate at the e arliest op portunit y. Thi s is because the default certifi cate for the switch is n ot unique to the hardw are you have pu rcha sed.
U SER A UTHENTICATION 3-51 Note: The switch supports both SSH Version 1.5 and 2.0. Command Usage The SSH se r ver on this s witch supports b oth passw ord and pub lic k ey authen ticatio n.
C ONFIGURING THE S WI TC H 3-52 sho wn in th e follow ing examp le: 1024 35 1341081 6856098 9392104 0944920 1554253 47631641921 8729589 2114317 3880 0555361616 3105177 5940838 6863110 9291232 22682851.
U SER A UTHENTICATION 3-53 Teln et sess ions and SS H sess ions . Generatin g the Host Key Pair A host public/ priv ate key pair is used to provide secure communications between an SSH client and the switch.
C ONFIGURING THE S WI TC H 3-54 We b – Click S ecurity , Host-Key Se ttings . Select the host-k ey type from th e drop -down bo x, sel ect th e opti on to sa v e the host k ey fro m memory to flash (if required ) prior to g enerating the key , and then click Generate .
U SER A UTHENTICATION 3-55 Configur ing the SS H Server The SSH server inc ludes basi c sett ings for aut henticat ion. Field Attributes • SSH Se rver S tat us – Allow s you to enable /disable the SSH server on the switc h. (Default: Enable d) • Versio n – The Secure Sh ell version numbe r.
C ONFIGURING THE S WI TC H 3-56 CLI – T his exam ple en ables S SH, set s the au thentic ation p aramete rs , and disp lays the current config uratio n. It shows th at the adminis trator has made a c onnectio n via SH H, and th en disa bles this connect ion.
U SER A UTHENTICATION 3-57 intr usion w ill be detected and the switch can automatically take action by disabling t he port and sending a trap message.
C ONFIGURING THE S WI TC H 3-58 - Shutdown : Disable t he po rt. - Trap and Shutdown : Send an SNMP trap message and dis able the po rt. • Status – Enables or disables port s ecurity on the por t. (Default : Disabled) • Max MAC Count – The maxi mum numb er of MAC addr esse s tha t can be lea rned on a por t.
U SER A UTHENTICATION 3-59 CLI – This example sets the c ommand mode to P ort 5, sets the port security act ion to send a trap and disable th e port, and specifies a maximum address count.
C ONFIGURING THE S WI TC H 3-60 Configuring 802.1x P ort Authentication Netw ork swit ches can provi de open an d easy acc ess to net w ork resour ces by simply attaching a client PC.
U SER A UTHENTICATION 3-61 certificate . T he RADIUS server v erifie s the client cred entials and respond s with an accept or re ject pa cket . If aut henticati on is su ccessful , the swi tch allows the client to acces s the network. Otherwise, network access is denie d and th e port remains bloc ked.
C ONFIGURING THE S WI TC H 3-62 • dot1x Max Request Count – The maximum numb er of times the switch port will retransm it an EAP re quest packet to the client befo re it times ou t the auth enticatio n session.
U SER A UTHENTICATION 3-63 CLI – This exampl e show s the de fault pr otocol s etting s for dot1 x. F or a descri ption o f the add itional e ntries displa yed in t he CLI, s ee “sho w dot1x” on pag e 3-110.
C ONFIGURING THE S WI TC H 3-64 Configur ing 802.1x Global Setti ngs Th e dot1 x protoc ol incl udes gl obal para meter s that co ntro l the clie nt authen ticati on pro cess th at runs betw een the client and the switc h (i.
U SER A UTHENTICATION 3-65 We b – Select Security , 802.1x, Configuration. Enable dot1x g lobally for the switc h, modify any of the para meters requi red, an d then cl ick App ly . CLI – T his enables re-authent ication and sets all of the glob al parameters for dot1x.
C ONFIGURING THE S WI TC H 3-66 Default: 5) • Mode – Sets the authentica tion mode to one o f the follo wing optio ns: - Auto – Requires a dot1x-a ware client to be aut horized by the authentication server. Clients that are not dot1x-aw are will be denied access.
U SER A UTHENTICATION 3-67 CLI – T his examp le set s the auth entica tion mode to enable 802.1x on por t 2, and allows up to ten clients to conne ct to this por t. Displaying 802.1x S tatistics This sw itch can display statistics for dot1x p rotocol exchanges for any por t.
C ONFIGURING THE S WI TC H 3-68 Tx EAP Req/Id The number of EAP Req/ Id frames tha t have been transmitted by this Authenticator. Tx EAP Req/Oth The number of EAP Reques t frames (other than Rq/Id frames) that have been t ransmitted by this Authentica tor.
U SER A UTHENTICATION 3-69 We b – Select Security , 802.1x , Statistics . Select the r equired port and then click Query . Click R efresh to update the st atistics.
C ONFIGURING THE S WI TC H 3-70 Command Usage • The mana gement interfaces are open to all IP addresses by default . Once you add an entry to a filter list , access to that interface is restri cted to th e speci fied addr esses.
U SER A UTHENTICATION 3-71 We b – Click Security , I P Filter . Enter the addresses that are allowed managem ent access to an interface, and click Add IP Filtering Ent r y . CLI – T his exam ple re str icts mana g ement a ccess for T elnet clients.
C ONFIGURING THE S WI TC H 3-72 Access Control L ists Access Control Lists (A CL) pro vide pac ket filteri ng for I P frames (based on add ress, protoc ol, Layer 4 pr otoc ol por t numb er or TCP contr ol code) or any fr ames (bas ed on MA C address or Ethernet typ e).
A CCES S C ONTROL L ISTS 3-73 1.User -defined r ules in t he Egress MAC A CL for e g ress ports . 2.User -defined r ules in t he Egress IP ACL for egress ports . 3.User -defined r ules in the Ingress MAC ACL for ingre ss ports . 4.User -defined r ules in the Ingr ess IP ACL for in gress p orts.
C ONFIGURING THE S WI TC H 3-74 CLI – This example creates a standard IP A CL na med bill. Configur ing a Standar d IP ACL Command Attributes • Action – An A CL can contain all permit rules or all deny rules. (Default: P ermit rules) • IP – Speci fies the s ource IP a ddress.
A CCES S C ONTROL L ISTS 3-75 select “IP ,” enter a su bnet addre ss and th e mask for a n add ress ra ng e. The n click Add. CLI – This example c onfigu res one permit rule for the sp ecific add ress 10.1.1.21 and another rule for the address range 168.
C ONFIGURING THE S WI TC H 3-76 (See the description for S ubMask on page 3-74.) • Service Type – Packet pr iority s etting s based on t he follo wing crit eria: - Preced ence – IP pre cedence l evel. (Ran ge: 0-7) - TOS – Type of Ser vice level.
A CCES S C ONTROL L ISTS 3-77 We b – Specify the acti on (i.e ., Permit or Deny). Specify th e source an d/or desti nation addresses . Select the address t ype (Any , Host, or IP). If you selec t “Host, ” enter a specifi c address . If y ou select “IP , ” enter a subnet address an d the mask for an addr ess range .
C ONFIGURING THE S WI TC H 3-78 (3)Perm it all TCP pack ets from class C addresses 192.168.1.0 with the TCP co nt rol co de s et to “S YN . ” Configur ing a MAC AC L Command Attributes • Action – An A CL can contain all permit rules or all deny rules.
A CCES S C ONTROL L ISTS 3-79 - Untagge d-eth2 – Unta gged Ether net II pack ets. - Untagge d-802.3 – Untagg ed Ether net 802. 3 packets . - Tagg ed-eth2 – Tagg ed Ethernet II packets .
C ONFIGURING THE S WI TC H 3-80 We b – Specify the acti on (i.e ., Permit or Deny). Specify th e source an d/or desti nation addresse s . Se lect the address type (Any , Host, or MA C). If y ou select “Host,” enter a specific ad dress (e .g ., 11-22-33-44-55-66).
A CCES S C ONTROL L ISTS 3-81 Configuri ng ACL Masks Y ou can specify opt ional masks that c ontrol the order in w hich A CL r ules are c heck ed. The switc h includes two system default masks that pas s/filter pack ets match ing the pe r mit/deny r ules sp ecified in an ingress A CL.
C ONFIGURING THE S WI TC H 3-82 We b – Click Security , ACL, A CL Mask Co nfiguration. Click Edit for one of the basic mas k types to open the con figuration page. CLI – This exam ple crea tes an I P ingre ss mas k, and then add s two r ules. Each rul e is c hecked in order of preced ence t o look f or a match in the ACL entr ies.
A CCES S C ONTROL L ISTS 3-83 match this bitmask. (See the description for SubMask on page 3-74.) • Protocol B itmask – Check th e proto col field.
C ONFIGURING THE S WI TC H 3-84 We b – Configur e the mask to m atch the requir ed r ul es in the IP in g ress o r egress A CLs . Set the m ask to c hec k for any so urce or des tination address , a specifi c host add ress , or an address range.
A CCES S C ONTROL L ISTS 3-85 10.1.1.1 255.255.255.255” r ule has the higher prec edence according the “mask ho st any” entry. Confi guring a MAC ACL Mask This mask defin es the fields to chec k in the pack et header . Command Usage Y ou must configure a mask for an A CL rule before you c an bind it t o a por t.
C ONFIGURING THE S WI TC H 3-86 specific VL AN ID(s ) or Ether ne t type(s). Or check for r ules where a pack et f or mat was specified. Then click Add .
A CCES S C ONTROL L ISTS 3-87 CLI – T his exa mple shows how to crea te an Ing ress MAC A CL and bind it to a po rt. You can then see that the ord er of the rul es have been changed by the ma sk.
C ONFIGURING THE S WI TC H 3-88 • The swi tch does not sup port the explicit “deny a ny any” ru le for the egress IP ACL o r the egre ss MAC ACL s. If t hese rules are in cluded in an ACL, a nd you attempt to bind the ACL to an int erface for egres s checking, the bind operation will fail.
P ORT C ONFIGURATION 3-89 CLI – This examples assign s an IP and MA C ing ress A CL to por t 1, and an IP ing re ss A CL to por t 2. Port Conf iguration Displaying Connection Status Y ou can use the.
C ONFIGURING THE S WI TC H 3-90 • Trunk Member 1 – Shows i f port is a trunk m ember. • Creation 2 – Sho ws if a trunk is manually configured or dynamically set via LACP. 1: Port Information only . 2: T runk Information only We b – Click P or t, Port Infor mation or T r unk Infor mation.
P ORT C ONFIGURATION 3-91 • Capabilities – Specifies the capab ilities to b e advertised fo r a port durin g aut o-neg otiat ion. (To acce ss this item on t he we b, se e “Confi guring Interf ace Co nnec tions ” on page 3-48.) The f ollowing capabilities are supported .
C ONFIGURING THE S WI TC H 3-92 mode. • Flow control type – Indicates th e typ e of flow cont rol cur rently i n use. (IEEE 802.3x, Back-Pressure or none) CLI – This example s hows t he connect ion sta tus for P ort 5.
P ORT C ONFIGURATION 3-93 Configuring I nterface Connections Y ou can use the P o rt Configuration or T r unk Configuration page to enable/disable an int erface, set a uto-n egotiati on and the in terf ace capabilities to advert ise, or manually fix the spe ed, duplex mod e, and flow contr ol.
C ONFIGURING THE S WI TC H 3-94 stat ions or segm ents conn ected dire ctly to the swit ch wh en its buffers f ill. When en abled, ba ck pressure i s used for half-duplex operation and IEEE 802.3x for full-duplex opera tion. (Avoid using flow control on a port connected to a hub unless it is actually requir ed to solv e a prob lem.
P ORT C ONFIGURATION 3-95 We b – Click P or t, P or t Configuration or T r un k Configuration. Modify the required interface settings, and c lick Apply .
C ONFIGURING THE S WI TC H 3-96 Creating Trunk Groups Y ou can create m ultipl e links betw een devices that w ork as on e virtual, ag g regate link. A port tr unk offers a d ramatic increase in b andwidth fo r network segments wher e bottlenecks exist , as well as providing a fault-t olerant lin k betw een tw o devices .
P ORT C ONFIGURATION 3-97 • When conf iguring static trunks on switch es of different t ypes, they must be compat ible wi th the Cisco Eth erChanne l stan dard. • The ports at both ends of a trunk must be c onfigured in a n identical manner, including communication mod e (i.
C ONFIGURING THE S WI TC H 3-98 and cl ick Add. After y ou ha ve c omplete d addin g ports to the me mber lis t, click Apply ..
P ORT C ONFIGURATION 3-99 CLI – This example creates tr unk 2 wit h ports 9 and 10. Just c onnect these ports to tw o sta tic trunk ports on an other s witch to form a tr unk.
C ONFIGURING THE S WI TC H 3-100 assign ed the n ext availab le trunk ID . • If more t han four por ts attach ed to the s ame target s witch ha ve LACP enabled, the addition al ports will be placed in st andby mode, and will only be enabled if one of the active links fails.
P ORT C ONFIGURATION 3-101 CLI – T he fo llowing ex amp le en abl es LACP f or p or ts 1 to 6 . Just conn ect these ports to LA CP-enabled tr unk ports on another s witch to form a tr unk.
C ONFIGURING THE S WI TC H 3-102 Note – If the port channel admin key (lacp admin key, page 3 -26) is not set ( through the CLI) when a channel group is formed (i.
P ORT C ONFIGURATION 3-103 We b – Click P or t, LACP , Ag g reg ation Port. Set the System Priori ty , Admin Key , and P ort Priority for the P ort Actor .
C ONFIGURING THE S WI TC H 3-104 CLI – The followi ng example co nfigures L A CP paramet ers for ports 1-6. P o rts 1-4 are used as active members of the LA G; ports 5 and 6 are set to backup mo de. Displaying LACP Port Counter s Y ou can display stati stics fo r LACP protoc ol mes sag es.
P ORT C ONFIGURATION 3-105 We b – Click P or t, LACP , P o rt Coun ters Infor matio n. Select a member port to dis pla y the correspond ing in for mation.
C ONFIGURING THE S WI TC H 3-106 Displaying LACP Settings and St atus for the Local Sid e Y ou can display configuration set tings and the oper ational state for the local side of an link ag g reg ation. Inte rn al C on fig ura tio n I nf orm at ion Field Description Oper Key Current operatio nal value of the key for the aggre gation port.
P ORT C ONFIGURATION 3-107 We b – Click P or t, LACP , P ort Inter nal Infor mation. Select a port channel to disp lay th e cor respon ding info r mation.
C ONFIGURING THE S WI TC H 3-108 CLI – The follow ing examp le displa ys the LA CP configurati on settin gs and op erational state for the lo cal side of port ch annel 1. Displaying LACP Settings and St atus for the Remote Sid e Y ou can display configuration set tings and the oper ational state for the remote side of an link ag gr eg ation.
P ORT C ONFIGURATION 3-109 Neighbor Co nfiguration Inform ation We b – Click P or t, LACP , P ort Neigh bors Infor mation. Select a por t channel to display the cor resp onding infor mation. Field Description Partner Admin System ID LAG partner’s syst em ID assigned by the user.
C ONFIGURING THE S WI TC H 3-110 CLI – The follow ing examp le displa ys the LA CP configurati on settin gs and op erational state for the rem ote side of port ch annel 1.
P ORT C ONFIGURATION 3-111 Setting Broadcast Storm Thre sholds Broadc ast storms may occu r when a d evice on y our netw ork is malfunctioning, o r if application prog rams are not well designed or proper ly config ured.
C ONFIGURING THE S WI TC H 3-112 CLI – Sp ecify any i nterf ace, and then enter the th reshol d. T he followin g disab les br oadcast storm control fo r port 1, and then s ets broa dcast suppression at 600 pack ets per second for port 2.
P ORT C ONFIGURATION 3-113 Configuri ng Port Mirr oring Y ou can mirror traffi c from any s ource por t to a targ et po r t for r eal -time analysis . Y ou can then attach a logic analyzer o r RMON pr obe to th e target port and stud y the traffic crossing t he source po rt in a completely uno btrusiv e manner .
C ONFIGURING THE S WI TC H 3-114 CLI – U se the inter fac e co mman d to sele ct th e mo nitor por t , the n us e the por t moni tor comm and to sp ecify th e source por t. Not e that d efault mir roring under the CLI is for bot h receiv ed and transmitted packets .
P ORT C ONFIGURATION 3-115 Configuring Rate Lim its This f unctio n allows the ne twork manag er to co ntro l the maximum rate for traffic transmitted or receiv ed on an interface. Rate limiting is config ured on interfa ces at the edg e of a ne twork to limit t raffic int o or ou t of the switch.
C ONFIGURING THE S WI TC H 3-116 We b - Click Rate Limit, Input/ Output Port/Trunk C onfigura tion. S et the Input Rate Limit St atus or Output Ra te Limit Status, then set t he rate limit for the ind ividual interfac es, and clic k Apply . CLI - This example sets the rate limit for inp ut and outp ut traffic passing through por t 1 to 600 Mbps.
P ORT C ONFIGURATION 3-117 sinc e the las t syst em reboot , and are sho wn as co unts p er secon d. Statist ics are refres hed ev er y 60 seconds b y default. Note: RM ON g rou ps 2, 3 and 9 can only be a cce ssed us ing SN MP management software such as HP OpenView.
C ONFIGURING THE S WI TC H 3-118 Transmit Multicas t Packets The total number of packet s tha t highe r-level protocol s requested be transmitted, an d which were addressed to a multicast address at this su b-layer, inc luding those that were discarded or not sent.
P ORT C ONFIGURATION 3-119 Carrier Sense Errors The number of times that the carrier se nse condition was lost or never asserted when a ttempting to transmit a frame. SQE Test Errors A count o f times that the SQE TEST ERROR m essage is generated by the PLS sublayer for a particu lar interfac e.
C ONFIGURING THE S WI TC H 3-120 We b – Click P or t, Po r t Statistics . Select the required interface, and click Quer y . Y ou can als o use th e Refres h button at the bott om of the pag e to update th e screen.
P ORT C ONFIGURATION 3-121.
C ONFIGURING THE S WI TC H 3-122 CLI – This example show s statistics for port 12. Addre ss Ta ble Settin gs Switches sto re t he addre sses f or all known devic es . This info r matio n is used to pass t raffic di rectly betwee n the i nbound and outb ound po rts .
A DDR ES S T ABLE S ETTINGS 3-123 Command Attributes • Static Address Counts * – The num ber of ma nually co nfigured addr esses. • Current Static Addr ess Table – Lists all the static addresses. • Interface – Port or trunk ass ociated with t he device assigne d a static address.
C ONFIGURING THE S WI TC H 3-124 CLI – This example adds an address to the static address table, but sets it to be deleted w hen the switch is rese t. Displaying the Address Table The Dynamic Address T able c ontains the MA C address es learned b y monit oring th e source address f or tra ffic enteri ng the s witch .
A DDR ES S T ABLE S ETTINGS 3-125 CLI – This example a lso dis play s the addre ss table entries fo r port 1. Changing the Agin g Time Y ou can se t the agin g time fo r entries in the dy namic a ddress ta ble. Command Attributes • Aging Time – The time af ter which a learne d entry i s discar ded.
C ONFIGURING THE S WI TC H 3-126 CLI – This example sets the aging time to 400 seconds . Spanni ng Tree Al gorith m Confi gurat ion The Spa nning T ree Algorith m (S TA) can b e used to dete ct and disab le network loops, and to provide ba ckup links betwee n swit ches , bridg e s or routers .
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-127 there fore only for warde d bet ween root por ts and d esigna ted p or ts, eliminating any p ossible network loops . Once a stab le network topolog y has been es tablished, all bridg es list en for Hello BPDUs (Brid ge Protoc ol Data Units) transmit ted from the Root Bridge.
C ONFIGURING THE S WI TC H 3-128 • Max Age – The maximum time (in s econds) a device can wait witho ut receivi ng a conf iguratio n messa ge befor e attempt ing to r econfigure . All devic e ports (except for design ated po rts) shoul d receive configuration messages at regular inter vals.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-129 These additio nal parameter s are only display ed for the CLI: • Spanning tree mode – Specifies t he type of span ning tre e used on this switch: - STP : Spa nning Tree Pr otocol (I EEE 8 02.1D) - RSTP : Rapid Spanning Tree (IEEE 802.
C ONFIGURING THE S WI TC H 3-130 • Root Hold Time – The in terv al (in se conds ) duri ng whic h no more than two bridge con figuration pro tocol dat a units shall b e transm itted by this no de. •M a x h o p s – The m ax numb er of hop counts for the MST reg ion.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-131 CLI – This command displays globa l ST A settings, f ollow ed by settings for each port . Note: The current root po rt and curren t root cost disp lay as z ero when this de vice is n ot connect ed to the network.
C ONFIGURING THE S WI TC H 3-132 - STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a po rt’s migration de lay timer expi res, the sw itch assumes it is connected to an 802. 1D bridge and starts using only 802.1D BPDUs. - RSTP Mode – If RSTP is using 802.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-133 Root Device Configuration • Hello Time – Int erval (in second s) at which th e root device t ransm its a configuration message. •D e f a u l t : 2 • Minimum: 1 • Maximum: The low er of 10 or [(Max.
C ONFIGURING THE S WI TC H 3-134 betwee n devices. Th e path cost me thod is used to determ ine the range of value s that can be assigned to each int erface. • Long: Specifies 32-bit based values that range from 1-200,000,000. ( T h i si st h e d e f a u l t .
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-135 We b – Click Spanning T ree, ST A, Configuration. Modify the required attributes , and click Apply .
C ONFIGURING THE S WI TC H 3-136 CLI – T his examp le en able s Sp annin g T ree P rotoc ol, set s the mode t o MST , and then configure s the ST A and MSTP para meters . Displaying Interface Setti ngs The ST A P or t Infor mation and ST A T r unk Information pages d isplay t he cur rent s tatus o f por ts a nd tr unks in the S pannin g T r ee.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-137 - All po rts are discard ing when the sw itch is bo oted, then som e of them ch ange stat e to le arn ing, and t hen t o f orwa rd ing. • Forward Transitions – T he number o f times t his port has trans itione d from t he Le arnin g st ate t o the Fo rwa rdin g stat e.
C ONFIGURING THE S WI TC H 3-138 (STA Port Information o nly) These additio nal parameter s are only display ed for the CLI: • Admin status – Shows if this inte rface is enabled. • External path cost – The path cost for the IST. This param eter is used by the S TA to determ ine the best pa th betw een devi ces.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-139 an active link in the Span ning Tree. This makes a p ort with higher priority less likely to be blo cked if the Spannin g Tree Algorithm is detect ing networ k loops. Wh ere more th an one p ort is ass igned the highest priority , the port with the lowest n umeric iden tifier will be enabled.
C ONFIGURING THE S WI TC H 3-140 We b – Click Sp anning T ree, ST A, P ort Infor mation or ST A T r unk Infor mation. CLI – This example s hows t he ST A attr ibutes for po rt 5. Configuring I nterface Settings Y ou can confi gure RSTP a ttributes for specifi c interfa ces , incl uding port prior ity , path c ost, li nk type , and edge port.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-141 Command Attributes The followin g attributes are read-only an d cannot be chan ged: • STA S tat e – Displ ays curren t state o f this port withi n the Spann ing Tree. (See Dis playing In terfac e Settings on pa ge 3-136 for addi tional information.
C ONFIGURING THE S WI TC H 3-142 ports attache d to fast er media, and high er values a ssigned to port s with slower m edia. (P ath cost take s precede nce over po rt prior ity.) N ote that wh en the Pa th Cost M ethod is set to sho rt (page 3-63) , the maximum path cost is 65,535.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-143 Configuration or Topology Change Notificatio n BPDUs, it will automatically set the se lected interface to forced STP-comp atible mode.
C ONFIGURING THE S WI TC H 3-144 1-4094) We b – Click Span ning T ree, MST P , VLAN Config urati on. Sele ct an instance iden tifier from the list, se t the instanc e priority , and c lick Apply . T o add the VLAN membe rs to an MSTI in stance, enter t he instanc e ident ifier , the VLAN i dentifie r, and clic k Add.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-145 CLI – T his displays ST A settings for instan ce 1, followed b y settings for eac h port. Console#show spanning-tree mst 2 3-51 Spanning-tree infor.
C ONFIGURING THE S WI TC H 3-146 CLI – This example s ets the p riority fo r MSTI 1, an d adds VLANs 1-5 to this MSTI. Displaying Interface Setti ngs for MSTP The MSTP Port In for ma tion an d MSTP T r un k Infor m ation page s display the current s tatus of p orts and trunks in t he sele cted MST i nstance .
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-147 IST (page 3-127), the settings for other instances only apply to the local spanni ng tre e. Console#show spanning-tree mst 0 3-51 Spanning-tree infor.
C ONFIGURING THE S WI TC H 3-148 Configuring I nterface Settings for MSTP Y ou can confi gure the ST A interface set tings f or an MST I nstance us ing the MSTP P or t Configuration and MSTP T r unk Configuration p ages.
S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-149 the be st path between d evices. Ther efore, l ower values should b e assign ed to po rts at tached to fa ster me dia, and h igher val ues assig ned to po rts with slower m edia. (P ath cost takes pr ecedence over port prio rity .
C ONFIGURING THE S WI TC H 3-150 VLAN C onf igur ation Overview In la rge netw orks , routers ar e used to is olate broadcast t raffic fo r each subnet into se parate domains. This switch provides a similar ser vice at Layer 2 by u sing VLAN s to or g anize an y g ro up of net work nodes into sepa rate br oadc ast domain s .
VLAN C ONFIGURATION 3-151 • Priori ty tag ging Assigning Ports t o VLANs Before enabling VLANs for the switch , you must first assign eac h port to the VLAN g roup (s) in which it will par ticipate. By default all por ts are assigned to VLAN 1 as untagg ed ports .
C ONFIGURING THE S WI TC H 3-152 P or t Overlapping – Por t overlapp ing ca n be used to allo w acce ss to common ly shared ne tw ork reso urces among di fferent VL AN g roup s , such as file ser vers or printers.
VLAN C ONFIGURATION 3-153 GVRP on th e boun dar y po rts to preven t advertis eme nts from be ing propag ated, or forbid those por ts from joining restricted VLAN s .
C ONFIGURING THE S WI TC H 3-154 from a VLAN-una ware device, it fir st decides where to forward the fr ame, and th en inserts a V LAN ta g reflecting t he ingress po rt’ s default VI D .
VLAN C ONFIGURATION 3-155 VLANs t hat can be confi gured on this swi tch. * W eb Only We b – Click VLAN , 802.1Q VLAN, Basic Information. CLI – Enter the following command. Displaying Curre nt VLANs The VLAN Curren t T able sho ws the cur rent p ort members o f eac h VLAN and whethe r or not the po r t supp orts VLAN tagging .
C ONFIGURING THE S WI TC H 3-156 - Permanent : Adde d as a static en try. • Egress Ports – Show s all the VL AN po rt mem bers. • Untagged Ports – Show s the unta gged VL AN port me mbers . We b – Click VLAN , 802.1Q VLAN, Cu r rent T able. Select any ID fro m the scr oll-down list.
VLAN C ONFIGURATION 3-157 CLI – Cur rent VLAN infor mat ion can be disp layed with the following command. Console#show vlan id 1 3-64 VLAN Type Name Status Por ts/Channel groups ---- ------- -------.
C ONFIGURING THE S WI TC H 3-158 Creati ng VLANs Use th e VLAN Stati c List t o create or remov e VLAN groups . T o propagate information about VLAN groups used on this switc h to external netw ork devices , you mus t specify a V LAN ID for eac h of these gro ups .
VLAN C ONFIGURATION 3-159 CLI – T his examp le cr eate s a new V LAN . Adding Stat ic Members t o VLAN s (VLAN Index) Use the V LAN Static T able to confi gure port member s for the s elected VLAN index. Assign por ts as tag g ed if they are connected to 802.
C ONFIGURING THE S WI TC H 3-160 • Name – Name of the VLAN (1 to 32 charac ters). • Status – Enables o r disab les the s pecified VLAN. - Enable : VLAN is oper ational. - Disable : VLA N is sus pended; i.e., do es not pass pac kets. • Port – Port id entifier.
VLAN C ONFIGURATION 3-161 We b – Click VLAN , 802.1Q VLAN , Static T able. Select a VLAN ID from the scrol l-down list. Modify the VLAN name and status if re quired. Select the membe rship ty pe by marking the appropr iate radio butto n in the list of por ts or tr unks.
C ONFIGURING THE S WI TC H 3-162 • Non-Member – VLANs for w hich the se lected interface is not a tagged member ..
VLAN C ONFIGURATION 3-163 We b – Open VLAN , 802. 1Q VLAN , St atic Membership . Select an interfa ce from th e scro ll-down box (P or t or T r unk). Clic k Quer y to displa y membership in for matio n for the interface. Select a VLAN ID , and then click Add t o add the int erface as a tagg ed member , or clic k Re mov e to remov e the interface.
C ONFIGURING THE S WI TC H 3-164 bridged LAN. The de fault values for t he GARP tim ers are indepen dent of t he media access met hod or d ata rate. Th ese values should not be changed u nless you are ex perienci ng diff iculties with GVRP regis tration/ deregist ration.
VLAN C ONFIGURATION 3-165 must be globally enable d for the switch before this setti ng can take effect. (See “Disp laying Bridge Extensio n Capabilities” on page 3-18.) When disabled, any GVRP packets rec eived on this port will be discarded and no GVRP reg istrations will b e propagated from othe r ports.
C ONFIGURING THE S WI TC H 3-166 * Timer settings must follow th is r ule: 2 x (join timer) < le av e timer < leav eAll timer We b – Click VLAN , 802.1Q VLAN, P or t Configuration or VLAN T r unk Configuration. Fill in the required settings for each interface , click Apply .
VLAN C ONFIGURATION 3-167 Configuring P rivate VLANs Pri vate V LANs pro vide port-based se curity and isolat ion betw een p orts withi n the assi gned VLAN . Data traff ic on d ownlink ports can onl y be forw arded to , and from, uplink ports . (Not e that pri vat e VLANs and nor m al VLANs can exis t simultaneously wi thin th e same switch.
C ONFIGURING THE S WI TC H 3-168 Confi guring Upli nk and Downlink Ports Use the Pri v ate VLAN Link Stat us page to set ports as dow nlink or uplin k ports . P orts designa ted as do wnlink p orts can not commun icate wi th any other por ts on th e switch except for the uplink po r ts.
VLAN C ONFIGURATION 3-169 por t, its V LAN me mbersh ip can th en be de ter mined bas ed on the protoc ol t ype be ing u sed by th e in boun d p ackets. Command Usage T o config ure pr otocol- based V LANs , follo w the se steps: 1. Fir st config ure VLAN groups for the protoc ols y ou w ant to use (page 3-158).
C ONFIGURING THE S WI TC H 3-170 CLI – The follo wing creates p rotoc ol group 1, and then sp ecifies E thernet frames with IP and ARP pr otocol type s . Mapping Protocols to VLANs Map a protocol g roup to a VLAN for ea ch interface that will part icipate in the g ro up .
VLAN C ONFIGURATION 3-171 Command Attributes • Interface – Po rt or trunk i denti fier. • Protocol G roup ID – Group identifier of this protocol group. (Range: 1 -21474836 47) • VLAN I D – VLAN to w hich ma tching proto col t raffi c is f orwa rded.
C ONFIGURING THE S WI TC H 3-172 Class o f Service Conf iguration Class of Ser vic e (CoS) allows you to specify wh ich data pack ets have greater pr ecedence whe n traffi c is buff ered in th e switc h due to cong esti on. T his sw itch suppo r ts CoS wit h eigh t prio rity qu eues for each port.
C LASS OF S ER VICE C ONFIGURATION 3-173 * CLI di splays this i nformation as “Priorit y for untagged traffic. ” We b – Click Priority , Default Port Prior ity or Default Trunk P riority . Modify th e default p riority for any inte rface, the n click Apply .
C ONFIGURING THE S WI TC H 3-174 Mappin g CoS Val ues to E gress Queues This sw itch processes Class of Ser vice (Co S) priority tag g ed traffic by using e ight priorit y queues fo r each port, with ser vice sc hedule s based o n strict or W eigh ted Round R obin (W RR).
C LASS OF S ER VICE C ONFIGURATION 3-175 prior ities t o the traf fic clas ses (i. e. , output q ueues) fo r the se lected interface, then click Apply . CLI – The follo wing exam ple sho w s ho w to c hange th e CoS assig nments to a on e-to-one mappi ng .
C ONFIGURING THE S WI TC H 3-176 Selecting the Queue Mode Y ou can se t the s witch to ser vice th e queue s base d on a str ict r u le that require s all tr affic in a higher priorit y queue to be pr.
C LASS OF S ER VICE C ONFIGURATION 3-177 described in “Mapping CoS V alues to Eg ress Queues” o n page 3-174, the traffic classes are mappe d to one o f the ei ght egress queue s pro vided for eac h port. Y ou can a ssign a weig ht to each o f these queues (an d th ereby to the co r respon ding traff ic priori ties).
C ONFIGURING THE S WI TC H 3-178 CLI – The follow ing examp le sho ws ho w to as sign WRR w eights to eac h of the priority qu eues . Console(config)#queue bandwidth 1 3 5 7 9 11 13 15 3-81 Console(.
C LASS OF S ER VICE C ONFIGURATION 3-179 Mapp in g Lay er 3/ 4 Pr ior iti es to C oS V alu es This sw itch suppor ts se veral common methods o f prioritizin g layer 3/4 traffic to meet application re quirements .
C ONFIGURING THE S WI TC H 3-180 CLI – The follow ing examp le enable s IP Preced ence service on the switch. Console(config)#map ip precedence 3-8 8 Console(config)#.
C LASS OF S ER VICE C ONFIGURATION 3-181 Mapping IP Precedence The T ype of Service (T oS) octet i n the IP v4 header inc ludes thr ee preceden ce bit s defini ng eight differe nt prio rity lev els ranging from hi ghest prior ity for netw ork cont rol pac kets to l ow est prio rity fo r routine traffi c.
C ONFIGURING THE S WI TC H 3-182 We b – Clic k Priorit y , IP Preceden ce Priority . Select an entry from the IP Preceden ce Priorit y T able , ente r a va lue in the Clas s of Service V alue field, and then click A pply .
C LASS OF S ER VICE C ONFIGURATION 3-183 Mapping DSCP Priority The DSCP is six bits wide, allo w ing coding fo r up to 64 different forwardi ng behavior s .
C ONFIGURING THE S WI TC H 3-184 CLI – T he following example glo bally enables DSCP Priority se r vice on the switch , maps DS CP value 0 to CoS value 1 (o n por t 1), and then displays the DSCP Priority setting s .
C LASS OF S ER VICE C ONFIGURATION 3-185 Map ping IP Port Pr iorit y Y ou can also map network ap plicatio ns to C lass of Se r v ice values base d on the IP por t number (i.e., TCP/UDP por t number ) in the frame header. Some of the more common TCP s er vice ports inc lude: HTTP : 80, FTP: 21, T elnet: 23 and POP3: 110.
C ONFIGURING THE S WI TC H 3-186 * Mapping s pecific values f or IP Port Priority is implemented as an interface configurat ion command, but any changes will appl y to the all interfaces on the switch.
C LASS OF S ER VICE C ONFIGURATION 3-187 queue; it is not writte n to the packet itself. F or infor mation on mapp ing the CoS valu es to output queues , see page 3-174. Command Usage Y ou must co nfigure an A CL mask before yo u can map CoS value s to the rul e .
C ONFIGURING THE S WI TC H 3-188 CLI – This exampl e assign s a CoS v alue of zero to pack ets m atchi ng rules within the sp ecified ACL on port 1 . Chan ging P rior ities Base d on ACL Rule s Y ou can chan ge traffic prio rities for frames mat ching t he defined A CL r ule.
C LASS OF S ER VICE C ONFIGURATION 3-189 Command Attributes • Port – Port id entifier. •N a m e * – Name of ACL. • Type – Ty pe of ACL (IP or M AC). • Precedence – IP Prece dence va lue. (Range: 0-7) • DSCP – Differen tiated Se rvices Code Point value.
C ONFIGURING THE S WI TC H 3-190 CLI – This example c hang es th e DSCP prio rity fo r pack ets matc hing an IP A CL r ule, and the 802.1p priority for pack ets matching a MA C A CL rul e . Mult ica st F ilt eri ng Multicasting is used to suppor t real-time applications such as videocon ferencing or streaming audio .
M ULTICAST F ILTE RING 3-191 continue to receive the multicast ser vice. This proc edure is called multicast filtering . The pu rpose of IP multicast filtering is to op timize a switched ne twork’ s.
C ONFIGURING THE S WI TC H 3-192 Note that IGMP neit her alters nor routes IP multicast packets . A multicast routing protoco l must be used to deliver IP mu lticast packets across differe nt subn etwo rks . Therefore , when D VMRP or PIM routing is enabled f or a su bnet on t his swit ch, y ou also need to enable IG MP .
M ULTICAST F ILTE RING 3-193 IGMP Query (Lay er 2 or 3) – I GMP Query can only be en abled glo bally a t Layer 2, but ca n be enabled for indi vidual VLAN interfac es at La yer 3 (page 3-200). H owe ver , note that Laye r 2 quer y is disabled if La yer 3 query is enabled.
C ONFIGURING THE S WI TC H 3-194 is also referr ed to as IGM P Snooping. (D efault: Enab led) • Act as I GM P Qu erie r — When enabl ed, the s witch can s erve as t he Querier , which is r espon sible f or askin g host s if they want to recei ve multicast traffic.
M ULTICAST F ILTE RING 3-195 CLI – T his example modifies th e settings for multicast filtering, and then disp lays t he current status . Displaying Inte rfaces Attach ed to a Multicast Ro uter Mult.
C ONFIGURING THE S WI TC H 3-196 Y ou can use the Mult icast R outer P or t Information page t o displ ay the ports on this switch attached to a neighbo ring multicast router/switch for eac h VL AN ID . Command Attributes • VLAN ID – ID of configured VLAN (1-4094).
M ULTICAST F ILTE RING 3-197 interface ( port or tr unk) on yo ur switc h, yo u can man ually configure the interface (and a specified VLAN) t o join all the cur rent multicast gro ups suppor te d by the at tached rout er. This can e nsure th at multicast tr affic is passed to all the appropriate int erfaces within the sw itch.
C ONFIGURING THE S WI TC H 3-198 Displaying Port Members of Multi cast Services Y ou can disp lay th e port members as sociated wi th a spec ified VLA N and multicast ser vi ce. Command Attribute • VLAN I D – Selects th e VLAN for which to display port members.
M ULTICAST F ILTE RING 3-199 The T y pe field sh ows if this entr y was lear ned dyn amically or was statically config ured. Assigning Ports to Multicast Servi ces Multicast filte ring can be dyn amic.
C ONFIGURING THE S WI TC H 3-200 multicast rout er), indicat e the VL AN that wil l propag at e the multic ast ser vice, specify the multicast IP address , and click Add.
M ULTICAST F ILTE RING 3-201 Layer 3 IGMP – T his prot ocol inc ludes a for m of multicast quer y sp ecifically designed to work with multicas t routing .
C ONFIGURING THE S WI TC H 3-202 (Range: 1-4094) • IGMP Proto col Status (Admin Status) – Enables IGM P on a VLAN inte rface . (Defa ult: Dis able d) • Last Member Query Interval – A multicast client sends an IGMP leav e message whe n it lea ves a group.
M ULTICAST F ILTE RING 3-203 specific multicast se rvice. Only the designated multicast route r for a subnet sends host query messages , which are addressed to the multicast address 224.0.0. 1. - For IGM P Version 1, the designated ro uter is electe d accordin g to the mult icast ro utin g protoc ol tha t runs on the LA N.
C ONFIGURING THE S WI TC H 3-204 We b – Clic k IP , IGMP , Interface Set tings . Specify eac h inte rface that w ill suppo r t IGMP ( Layer 3), speci fy the I GMP par ameters for eac h interfac e, then cl ick Appl y . CLI – This example c onfigures the IGMP parameters for VLAN 1.
M ULTICAST F ILTE RING 3-205 Displaying Multicast Gro up Informati on When IGMP ( Layer 3) is enab led on th is switc h the current m ulticas t g roups le ar ned v ia IGMP c an be di splayed in th e IP/I GMP/Gr oup Information page.
C ONFIGURING THE S WI TC H 3-206 CLI – The follo wing s hows t he IGMP groups currently act iv e on VL AN 1. Configu ring Do main Name Servi ce The Domain Naming Syst em (DNS) ser vic e on this switch allows host names t o be mappe d to IP a ddresse s usi ng static table entr ies or by redirec tion to othe r name se r vers on the net work.
C ONFIGURING D OMAIN N AME S ER VICE 3-207 DNS client (i. e., not for ma tted wi th dot ted nota tion), you can sp eci fy a default domain name or a list of domain names to be tried in sequential order . • If ther e is no do main lis t, the d efault d omain name is used.
C ONFIGURING THE S WI TC H 3-208 We b – Select DNS, General Configuration. Set the default domain na me or lis t of domai n names , specify on e or more n ame ser v ers to use to use for addre ss resolution , enable doma in lookup status , and click Apply .
C ONFIGURING D OMAIN N AME S ER VICE 3-209 CLI - T his example se ts a default domain name and a domain list. Howev er, r emember th at if a domain list is specified , the default domain name is not u sed.
C ONFIGURING THE S WI TC H 3-210 • Alias – Displa ys th e host nam es that are mappe d to the s ame address (es) as a previousl y configur ed entry. We b – Select DNS , Static Host T able. Enter a host name and one or more correspondin g addresses , then clic k Apply .
C ONFIGURING D OMAIN N AME S ER VICE 3-211 CLI - T his examp le maps tw o address to a h ost name , and then co nfigures an alias ho st name fo r the same addres ses. Console(config)#ip host rd5 192.168.1.55 10.1.0.55 3-177 Console(config)#ip host rd6 10.
C ONFIGURING THE S WI TC H 3-212 Displaying the DNS Cache Y ou can disp lay e ntries in the DNS c ache t hat hav e been learned via the desi gnated name ser vers . Field Attributes •N o – The entry n umber for eac h resourc e recor d. • Flag – The fl ag is alway s “4” indi cating a c ache entr y and theref ore unreliable.
D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-213 CLI - T his exa mple disp lays al l the resou rce record s learned fro m the desi gnated name ser vers .
C ONFIGURING THE S WI TC H 3-214 Configuring DH CP Relay Service This sw itch suppo rt s DHCP relay ser vice for attac hed ho st devices . If DHCP relay is enabled, and this switch sees a DHCP reque st bro adcast, it inser ts its own IP addres s into th e requ est so that the DHCP ser ver will know the subnet where th e client is loca ted.
D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-215 We b – Click DHCP , Relay Configuration. Enter up to five IP addresses for any VLAN, then click Restar t DHCP Relay to star t the re lay ser vic e. CLI – This example s pecifies one DHCP rel ay server for VLAN 1, and enabl es the r elay ser vice.
C ONFIGURING THE S WI TC H 3-216 be ass igned to hosts based o n the cli ent iden tifier code or MA C address . Command Usage • First configure any exclu ded addres ses, in cluding the addre ss for t his switch. • Then conf igure addres s pools for the netw ork in terfac es.
D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-217 We b – Click DHCP , Ser v er, General. Ent er a single address or an address range , and clic k Add.
C ONFIGURING THE S WI TC H 3-218 address pool mat ching th e gateway where the request or iginat ed (i.e., i f the reques t was forwar ded by a re lay server).
D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-219 • Subnet Mask – Specif ies the netwo rk mask of th e client. • Hardware Address – Specifie s the MAC addr ess and protoco l used on the client.
C ONFIGURING THE S WI TC H 3-220 Examples Crea ting a New A ddr ess Pool We b – Click DHCP , Ser ver , P ool Co nfiguration. Spec ify a pool name, then click Add. CLI – This example a dds an add ress po ol and enters DHCP p ool config urati on mode .
D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-221 Configuring a Network Address Pool We b – Click DHCP , Ser ver , P ool Conf iguration. Clic k th e Configure button for any ent r y . Click the radio button fo r “Net work. ” Enter th e IP address and subnet mask fo r the netw ork pool.
C ONFIGURING THE S WI TC H 3-222 Configuring a Ho st Addr ess Pool We b – Click DHCP , Ser ver , P ool Conf iguration. Clic k th e Configure button for any ent r y . C lick the radio button fo r “Host.” Enter the IP address , subnet mask, and hardw are addres s for the c lient device .
D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-223 CLI – This example configures a host ad dress pool. Displaying Address Binding s Y ou can disp lay th e host devices whic h hav e acquired an IP addr ess fr om this switch’ s DHCP ser v er. Command Attributes • IP Address – IP addre ss ass igned to host.
C ONFIGURING THE S WI TC H 3-224 We b – Click DHCP , Ser ver , IP Bin ding . Y ou may use the Delete button to clear an ad dress fro m the DHCP server’ s databa se. CLI – T his examp le disp lays the cu rr ent bindin g, and th en clea rs all automatic binding .
C ONFIGURING R OUTER R EDUNDA NCY 3-225 Configur ing Router Re dund ancy R outer redu ndancy pr otocols use a virtual IP address to support a primary router a nd mu ltiple ba ckup routers . The backup r outers ca n be confi gured to tak e o ver the w o rkload if the master rou ter fails , or can a lso be confi gured to share th e traffic loa d.
C ONFIGURING THE S WI TC H 3-226 • Several virtual master rou ters using th e same s et of ba ckup route rs. • Several virt ual mast er route rs config ured for mut ual backup an d load sharing. Load sh aring can be accomplishe d by assigning a subset of addres ses t o differ ent hos t addre ss poo ls using th e DHC P serv er.
C ONFIGURING R OUTER R EDUNDA NCY 3-227 Confi guring VRRP Gr oups T o configure VRRP , select an i nterfac e on one rou ter in th e group to ser ve as the ma ster virtual router . This phys ical interfac e is used a s the virtual address fo r the router group .
C ONFIGURING THE S WI TC H 3-228 fails. However, bec ause the pr iority of the virtual I P address Ow ner is the highe st, th e original ma ster rout er wi ll always become the active master ro uter wh en it reco vers.
C ONFIGURING R OUTER R EDUNDA NCY 3-229 • Preemption – Shows if this route r is allowed to preemp t the acting master. •P r i o r i t y – Prior ity of this ro uter in the VRRP gro up. • AuthType – Authenticati on mode used to veri fy VRRP packets from othe r ro uter s.
C ONFIGURING THE S WI TC H 3-230 Command Attributes ( VRRP Group C onfiguration Detail ) • Associated IP Table – IP interfaces associated w ith this virtual router group . • Associated IP – IP address of the virtual router, o r secondary IP addresses assigned t o the current VLAN interfac e that are s upported by this VRRP grou p.
C ONFIGURING R OUTER R EDUNDA NCY 3-231 - The pr iority for th e VRRP gr oup addr ess o wner is aut omati cally set to 255. - The priorit y for bac kup router s is used to determine which ro uter will t ake over as the ac ting mas ter router if the c urrent m aster fai ls.
C ONFIGURING THE S WI TC H 3-232 We b – Click IP , VRR P , Group Config uration. Selec t the VLAN ID , e nter the V RID g ro up numb er, and click Add.
C ONFIGURING R OUTER R EDUNDA NCY 3-233 IP addres s into the Asso ciated IP T able. Then s et any of the other parame ters as re quir ed, a nd cl ick Apply .
C ONFIGURING THE S WI TC H 3-234 VRRP g roup , sets all of the other VRRP parameter s , and then displays the configured settings. Displaying VRRP Global Statistics The VRRP Global Statis tics page dis pla ys counters for errors foun d in VRRP pr otoc ol pa ckets.
C ONFIGURING R OUTER R EDUNDA NCY 3-235 We b – Click IP , VRR P , Global Statis tics . CLI – Thi s example di splays counters fo r protocol er ror s for all the VRRP g roups configured on this switch.
C ONFIGURING THE S WI TC H 3-236 not pass the authentication check. • Error IP T TL Pack ets – Number of V RRP packets receive d by the virtual rou ter with IP TT L (Time-To-Live) not equal to 255 . • Receiv ed Priori ty 0 Pack ets – Number of V RRP packets re ceived by the virtual router with priority set to 0.
C ONFIGURING R OUTER R EDUNDA NCY 3-237 We b – Click IP , VRR P , Group Statistics. Se lect the VLAN and vir tual router group . CLI – This example displays VRRP protocol statistics for gr oup 1, VLAN 1. Hot Standby Router Pro tocol Hot Stan dby R outer Protoc ol (HSRP) allows you to confi gure a group of routers as a single virtual router .
C ONFIGURING THE S WI TC H 3-238 Confi guring HSRP Gr oups T o configure HSRP , assign the s ame virtual router a ddress t o each router in the g roup .
C ONFIGURING R OUTER R EDUNDA NCY 3-239 for HSRP such as authent ication, t racking, or a dvertisement in terval, then fir st conf igure the se parame ters be fore enabli ng HSRP. • HSR P cre ates a virt ual M AC add res s for th e mas ter r outer based on a standar d prefix , with th e last oc tet eq ual to th e group ID.
C ONFIGURING THE S WI TC H 3-240 sends other mes sages i ndicati ng th at it is n o longer acting as the des ignat ed ro ute r. • You c an add a del ay to t he preem pt funct ion to g ive a ddition al time to receive an advertis ement mess age from th e current master b efore taking con trol.
C ONFIGURING R OUTER R EDUNDA NCY 3-241 - HSRP advert isements fro m the ma ster and s tandby virtual router include information about their pr iority, timer values, and current state a s the master or stan dby rout er.
C ONFIGURING THE S WI TC H 3-242 to th e string configur ed on this rout er. If t he str ings mat ch, the message is accept ed. Otherwi se, the packet i s discarde d. - Plain te xt authen ticatio n does n ot provid e any r eal secu rity. It is suppor ted on ly to pr event a misco nfigur ed ro uter f rom participating in HSRP.
C ONFIGURING R OUTER R EDUNDA NCY 3-243 Clic k the E dit butt on for a g roup en tr y to op en the detailed configurat ion window . Se t the values for the a dvertisem ent int er val, pr eemptio n, priori ty , and aut henticat ion as requ ired. E nter the vi rtual IP addr ess for the group .
C ONFIGURING THE S WI TC H 3-244 the cor respo nding value b y which to ad just the pr iority wh en the inte rface state cha ng es. Then c lick App ly .
C ONFIGURING R OUTER R EDUNDA NCY 3-245 CLI – This example crea tes HSRP g roup 1, se ts the vir tual ro uter’ s address, adds a secondar y IP addr ess to the g rou p , speci fies an interf ace fo r tracking , sets all the other HSRP paramete rs, and then displ ays the configured settings .
C ONFIGURING THE S WI TC H 3-246 IP Routing Overview This sw itch suppor ts IP routi ng and routing path manag ement via st atic routing definitions (page 3-269) and dynamic routing such as RIP (page 3-273) or OSPF (pag e 3-285).
IP R OUTING 3-247 IP Switch ing IP Swi tching (or pa cket forward ing) en compa sses tas ks requ ired t o forw ard pack ets for both La yer 2 and Layer 3, as well as tradition al routing .
C ONFIGURING THE S WI TC H 3-248 Howev er, if the MA C addr ess is not yet kn own to the sw itch, an Ad dress Resolution Protoc ol (ARP ) pa cket with the destina tion I P add ress is broadc ast to g et th e dest ination MAC address from th e destin ation no de.
IP R OUTING 3-249 calcul ated onl y during setup . Once the route ha s been de termined, all pack ets in the c urrent f lo w are simpl y switc h ed or forwar ded across the chosen path .
C ONFIGURING THE S WI TC H 3-250 OSPFv2 Dynamic Routin g Pro tocol OSPF ov ercomes all the problems of RIP . It uses a link s tate routing protoc ol to g en erate a shor tes t-pat h tree, then builds u p its rout ing ta ble based o n thi s tree .
IP R OUTING 3-251 - This command affects both static and dyna mic unicas t routing. - If IP routin g is en abled, all IP packets are rout ed usin g eit her stati c routing or dynami c routin g via R IP or OSPF, and other p ackets for all non- IP prot ocols (e.
C ONFIGURING THE S WI TC H 3-252 Configuring I P Routing Interfaces Y ou can spec ify the I P subnet s conne cted to th is rou ter b y man ually assig ning an I P address to each VLA N , or by usin g .
IP R OUTING 3-253 - If DHCP/BOOTP is enabled, IP will not function until a reply has been received from th e address server. Re quests will be broadc ast p eriodic ally by the route r for an IP addr ess. ( DHCP/ BOOTP values in clude the IP address an d subnet mas k.
C ONFIGURING THE S WI TC H 3-254 We b - Click IP , General, Routing Interface. Specif y an IP i nter fac e for ea ch VLAN that will supp or t routing to oth er subnets.
IP R OUTING 3-255 Address Resolution Protocol If IP routing is enabled (page 3-250), th e router uses its routing tables to make rout ing deci sions, and us es Addr ess Resolutio n Prot ocol ( ARP) to forw ard traffi c from one hop to the next . ARP is us ed to map an IP address t o a phy sical layer (i.
C ONFIGURING THE S WI TC H 3-256 Proxy ARP When a no de in the attac hed subnet work d oes not h av e routin g or a default g ate way configured, Pro xy ARP can be used to forw ard ARP requests to a re mote subnetw ork.
IP R OUTING 3-257 Command Attributes • Timeout – Sets the aging tim e for dynami c entries i n the ARP cache. (Range: 300 - 86400 seconds; Default: 1200 seconds o r 20 minutes) • Proxy ARP – Enables or disabl es Prox y ARP for s pecified VLAN interfaces.
C ONFIGURING THE S WI TC H 3-258 can onl y remo ve a static ent r y via th e configur ation i nterface . Command Attributes • IP Address – IP ad dre ss st at ical ly ma pped to a ph ysi cal MA C add res s. (Valid IP addresses consist of four numbers, 0 to 255, separated by period s.
IP R OUTING 3-259 Command Attributes • IP Address – I P address of a dynami c entry in t he cache. • MAC Address – MAC a ddress ma pped to th e corresp onding I P address. • Interface – VLA N interface as sociated with th e address en try.
C ONFIGURING THE S WI TC H 3-260 CLI - This example shows all entries in t he ARP cache. Displaying Local ARP Entries The ARP ca che als o contai ns entri es for local i nterfaces , includin g subnet , host , and broadcas t addr esses . Command Attributes • IP Address – I P address of a loca l entry i n the c ache.
IP R OUTING 3-261 We b - Clic k IP , ARP , Other Addresses . CLI - This router uses the T y pe specification “ other” to indicate local cac he entr ies in th e ARP cac he. Displaying ARP Statisti cs Y ou can disp lay s tatisti cs for ARP messages cro ssing all interfac es on th is router .
C ONFIGURING THE S WI TC H 3-262 We b - Cl ic k IP , A RP , Sta tist ics . CLI - This exampl e pro vides detai led sta tistic s on commo n IP-relat ed protoc ols. Sent Request Number of ARP Reques t packets sent by the rou ter. Sent Reply Number of ARP Reply pa ckets sent by the route r.
IP R OUTING 3-263 Displaying Statistics for IP Protocols IP Statis tics The I nter ne t Protoc ol (IP) pr ovides a me chanism for tr ansmittin g blocks of da ta (often called pack ets or f rames) f rom a so urce to a destinat ion, where t hese netw ork devices (i .
C ONFIGURING THE S WI TC H 3-264 Datagra ms Faili ng Fragmentat ion The number of datag rams that hav e been discarded because they needed to be fragmented at this entity but could not be, e.
IP R OUTING 3-265 We b - Cl ic k IP , St atis tic s , I P . CLI - See the example o n pag e 3-261. ICMP Sta tistics Inter n et Con trol Messag e Proto col ( ICMP) is a network laye r prot ocol that transm its me ssage pac kets to report errors in p rocess ing IP pac kets .
C ONFIGURING THE S WI TC H 3-266 Destinat ion Unreachable The num ber of ICMP Des tination Unreachable messages received/sen t. Time Exceeded The num ber of ICMP Time Exceed ed messag es received / sent. Parameter Problem s The number of IC MP Parameter Probl em messages received/sen t.
IP R OUTING 3-267 We b - Cl ic k IP , St atis tic s , I CMP . CLI - See the example o n pag e 3-261. UDP Statistics User Da tagram Protoc ol (UD P) pro vides a datagram mode o f packet- switche d co mmunic atio ns. It uses IP as the und erl ying tr ans por t mechanism, providing access to IP -like serv ices .
C ONFIGURING THE S WI TC H 3-268 We b - Cl ic k IP , St atis tic s , UD P . CLI - See the example o n pag e 3-261. TCP Statistics The T ransmission Control Protocol (T CP) provides highly reliable hos.
IP R OUTING 3-269 We b - Cl ic k IP , St atis tic s , T CP . CLI - See the example o n pag e 3-261. Configuring Stat ic Routes This router c an dynam ically con figure routes to other netw ork segm ents using d ynami c routi ng pr otocols (i.e ., RIP or OSP F).
C ONFIGURING THE S WI TC H 3-270 require d to acces s netw ork segmen ts where d ynamic routing is not suppor te d, or ca n be se t to force th e use of a specific route to a subne t, rather than using dynamic routing .
IP R OUTING 3-271 We b - Click IP , Routing, Static Ro utes . CLI - This example forwards all tra ffic for subnet 192.168.1.0 to the router 192.168.5.254, using the default metric of 1.
C ONFIGURING THE S WI TC H 3-272 • Netmask – Network mask fo r the asso ciated IP s ubnet. This mask ident ifies the host ad dress bit s used for r outing t o specifi c subn ets. • Next Hop – The IP addres s of th e next hop (or gate way) in t his r oute.
IP R OUTING 3-273 Configuring th e Routing Infor mation Protocol Th e RIP pr otoc ol is the mos t wi dely us ed rou ting p rotoco l. Th e RIP protoc ol us es a d istan ce-vect or-base d appr oach to routin g .
C ONFIGURING THE S WI TC H 3-274 • Th ere a re several ser ious pr oblems w ith RIP that you sh ould co nside r . First of all, RIP ( vers ion 1) has no kno wledge of subn ets , both RIP versions ca.
IP R OUTING 3-275 - The tim ers must be set to th e same valu es for all rou ters in th e networ k. Command Attributes Global Settings • RIP Routing Process – Enables RIP routing for all IP interface s on the rout er . (Defaul t: Disabl ed) • Glo bal R IP V ersio n – Specifie s a RIP version used globally by the router .
C ONFIGURING THE S WI TC H 3-276 We b - Click Routing Prot ocol , RIP , Gene ral Sett ings. Enable or di sable RIP , set the RIP version used on p reviously unset inte rfaces to R IPv1 or RIPv2, se t the bas ic update timer, a nd then click A pply. CLI - T his exampl e sets the rout er to use RIP V ersion 2, and sets the basic timer to 15 seco nds.
IP R OUTING 3-277 0 - 127 is class A, an d only the first field in the network address is used. 128 - 19 is class B, and the first two fields in the network address are used. 192 - 223 is class C, and th e first three fields in th e network address are used.
C ONFIGURING THE S WI TC H 3-278 messag e type sent (i.e., RIP version o r comp atibility mode), the m ethod fo r preventing loopba ck of pro toco l messa ges, and w heth er or no t auth entica tion i s used (i.e ., authe nticat ion on ly app lies i f RIPv 2 mess ages are being sent or r eceiv ed).
IP R OUTING 3-279 retr ansmissi on of data tr affic . When protocol pack ets are caught in a loop , links will be co nges ted, and protocol packets may be los t.
C ONFIGURING THE S WI TC H 3-280 • Send Version – The RIP versio n to send on an interf ace. - RIPv1 : Sends on ly RIPv1 pack ets . - RIPv2 : Sends onl y RIPv2 packet s. - RIPv1 Compati ble : Route infor mation is broad cast to othe r routers w ith RIPv2.
IP R OUTING 3-281 We b - Clic k R outing Protocol, RIP , Inter face Settin gs . Select the RIP protocol messag e types that will be receiv ed and sent, t he method used to provide faster convergence and p revent loopback (i.e., prevent instability in the net work topolog y), and th e auth entica tion op tion and c or res ponding passw o rd.
C ONFIGURING THE S WI TC H 3-282 RIP Informati on and St atistics Parameter Description Globals RIP Routing Proc ess Indicates if R IP has been enabl ed or disabl ed. Update Time in Second s The interval at which RIP advertises known route information.
IP R OUTING 3-283 We b - Click Routing Prot ocol , RIP , S tatistic s ..
C ONFIGURING THE S WI TC H 3-284 CLI - The infor mation dis played by the RI P Statistics screen via the web inte rface can b e accessed fro m the C LI using the foll owing command s.
IP R OUTING 3-285 Configuring th e Open Shortest Path F irst Protocol Open Sho r test P ath Firs t (OSPF) is more s uited for large area netw orks which experience frequent changes in th e links .
C ONFIGURING THE S WI TC H 3-286 Command Usage • OSPF looks at more than just the simp le hop count. When adding the shor test p ath to any nod e into the tree, the o ptimal path is chose n on the basis of delay , throughp ut and connec tivity .
IP R OUTING 3-287 - And fin ally, you m ust specify a virtual link to any OSPF area that is not p hysically attache d to the OSPF backbone. V irtual links c an also be use d to pr ovide a redun dant lin k between co ntiguou s areas to pre vent ar eas from being partiti oned, or to me rge backb one areas.
C ONFIGURING THE S WI TC H 3-288 systems t o which it may be att ached. If a router is en abled as an ASBR, then e very othe r router in the auton omous sys tem can lear n abo ut exter nal routes fro m this devic e.
IP R OUTING 3-289 or static configurat ion, and s uch a route i s known. (See “Redistributing External Routes” on page 3-310.) • External Metric Type 2 – The external link t ype used to adver tise the default ro ute. Ty pe 1 route a dvertis emen ts add th e interna l cost to the exter nal rou te metric.
C ONFIGURING THE S WI TC H 3-290 We b - Click Routing Prot ocol , OSPF , Ge nera l Configu ration . Ena ble OSPF , specify t he R outer ID , configur e the oth er global p arameters a s required, and click Apply . CLI - This exampl e confi gures the router w ith the same s ettings as sho wn in the s creen capt ure for th e web interface.
IP R OUTING 3-291 Configur ing OSPF Ar eas An auto nomous syste m must be config ured with a backbon e area, design ated b y area ident ifier 0.0.0. 0. By default , all oth er areas are cre ated as nor mal transit areas . R outers in a n or mal area may impo r t or expor t routing infor mation about indi vidual no des .
C ONFIGURING THE S WI TC H 3-292 • By defau lt, a stub can only pa ss traffic to ot her areas in the auto nomous system via the defau lt exter nal route. However, you also ca n confi gure an area b order route r to send Type 3 summ ary link adver tisements into the stub.
IP R OUTING 3-293 Command Usa ge • Before you cre ate a stub o r NSSA, firs t specify the addr ess range fo r an area us ing the Net work A rea Addres s Config uration scre en (page 3-305). • Stubs and NSSAs canno t be used as a transit area, and should therefore be placed at the edg e of the ro uting do main.
C ONFIGURING THE S WI TC H 3-294 We b - Click R outing Protocol, OSPF , Area Configuration. Set any area to a stub or N SSA as required , specify the cost for the defau lt summary route sent into a stub , and click Apply . CLI - T his example conf igures area 0.
IP R OUTING 3-295 Configur ing Area Ran ges (Route Summarization for ABRs) An OSPF are a can incl ude a large n umber of node s . If th e Area Border R outer (ABR ) has to adv er tise route in fo r m ati on f or each o f these nodes , this w aste s a lot o f bandw idth and pro cessor ti me.
C ONFIGURING THE S WI TC H 3-296 Command Attributes • Area ID – I denti fie s an ar ea for whic h the r out es ar e sum mar ized . (The area ID mus t be in the form of a n IP addre ss.) • Range Network – Base add ress f or the r out es to s umma rize .
IP R OUTING 3-297 The conf igured summar y route is shown in the list of infor mation displ ayed fo r area 1. Configur ing OSPF In terfaces Y ou should sp ecify a ro uting inter face for any loca l subnet that needs to communicat e with other ne twork segmen ts loc ated o n this rout er or elsewhere in the network.
C ONFIGURING THE S WI TC H 3-298 • Designated Router – Desi gnated rout er for this ar ea. • Backup Designated Router – Des ignated backup r outer for this area. • Entry Count – The number o f IP interfa ces assigned to this VLAN. Note: Thi s r outer su pports up 64 OSPF in terfa ces .
IP R OUTING 3-299 - The transmit d elay must be th e same for all router s in an auton omous sy stem . - On sl ow lin ks, th e router m ay se nd pack ets more q uickl y than devices can re ceive them. T o avoid this pro blem, you can use the transmit delay to force the router to wait a sp ecified interval betwe en transm issi ons.
C ONFIGURING THE S WI TC H 3-300 - Rout es are s ubsequent ly assi gned a me tric equal to th e sum of all metrics for each interface link in the route.
IP R OUTING 3-301 - Normally, only on e key is used per interface to generate authen ticati on info rmation for outboun d packets and to authen ticate incomi ng packets .
C ONFIGURING THE S WI TC H 3-302 Change any of t he inter face-specific p rotocol parameters , and then click Apply . CLI - This example confi gures the int erface parameter s for VLAN 1.
IP R OUTING 3-303 Configur ing Virtu al Links All OSPF a reas must conne ct to the backbon e. If an area d oes not ha ve a direct p hys ical co nnection to the ba ckbo ne, you can configure a virtual lin k that pro vides a logical path to t he backbo ne.
C ONFIGURING THE S WI TC H 3-304 Note: Thi s router s upports up 64 vi rtual lin ks. We b - Click R o uting Protocol, OSPF , Virt ual Link Configuration. T o create a new virtual li nk, specify t he Area I D and Neig hbor R outer ID , configure the link attribut es , and click Add.
IP R OUTING 3-305 CLI - This ex ample configures a vir tual link from the ABR adjacent to area 0.0.0.4, through a transit area to the neighbor ro uter 10.1.1.252 at the other end of t he link w hich is adja cent to the backbo ne. Confi guring Netwo rk Area Addr esses OSPF pro tocol b roadcast messages (i .
C ONFIGURING THE S WI TC H 3-306 • An a rea mu st be as sign ed a ran ge of sub networ k add resses. This a rea and th e corresp onding address r ange forms a routing inte rface, and can be confi gured to ag gregate LSA s from all o f its subn etwork add resses and exchange th is information wi t h othe r rou ters in th e netwo rk (page 3-29 5).
IP R OUTING 3-307 other areas in you r network, c onfi gure an a rea f or all of th e oth er OSP F interfaces , then click Apply ..
C ONFIGURING THE S WI TC H 3-308 CLI - This example c onfigures the bac kbone area and one t ransit ar ea. Confi guring Sum mary Address es (for Exter nal AS Routes) An Autonom ous S ystem B ounda r y Router (ASBR) can redistri bute r outes learned f rom other prot ocols i nto all attac hed auto nomous s ystems .
IP R OUTING 3-309 • Netmask – Netwo rk mask for the summary route. Note: This router supports up 16 Type-5 summary routes. We b - Clic k R outing Protoc ol, OSPF , Summary Address Co nfigura tion. Specify t he base ad dress and n etwo rk mask, then clic k Add.
C ONFIGURING THE S WI TC H 3-310 Redist ribut ing Ext erna l Rout es Y ou can confi gure this ro uter to i mpor t exte rnal routin g infor m ation from other rout ing p rotoc ols in to the a utonom ous sy ste m. Command Usage • Thi s route r su pports redi strib ution for bot h RI P and st atic rout es.
IP R OUTING 3-311 • Redistribute Metric Type – Indicates t he metho d used to ca lculate extern al rou te co sts. (Op tions : Type 1, Ty pe 2; De fault : Type 1) • Redistribute Metric – Metric assi gned to all e xterna l routes for th e specified protocol.
C ONFIGURING THE S WI TC H 3-312 ABR. (For a detaile d desc riptio n of NSSA area s , refe r to “Con figu ring OSPF Areas” on page 3-291.) Command Attributes • Area ID – Identifi er for an not-so-st ubby area ( NSSA).
IP R OUTING 3-313 We b - Click R outing Proto col, OSPF , NSSA Settings. Cr eate a new NSSA or modi fy the rout ing beha v ior fo r an existing NSSA, and click Apply . CLI - T his exam ple conf igur es a rea 0.0. 0. 1 as a stub and sets t he cost for the de fault sum mar y rout e to 10.
C ONFIGURING THE S WI TC H 3-314 The full database is e xc hanged b etween neighboring routers as soon as a new rou ter is disco vere d. Af terwar ds , any c h anges tha t occur in the rout ing tables are synchr oniz ed with n eighb oring route rs thro ugh a proce ss calle d reliable f loodi ng .
IP R OUTING 3-315 - A Router I D for Router, Netw ork, and Type 4 AS S ummary LSAs . • Self-O riginate – Sho ws LSAs originated by this rout er. • LS Type – LSA Ty pe (Op tions: Type 1- 5, 7). Se e the pre cedin g desc riptio n. • Adv R ou ter – IP add ress of t he advertisin g route r.
C ONFIGURING THE S WI TC H 3-316 We b - Clic k R o uting Pr otocol , OSPF , Link S tate Dat abase I nfor mation. Specify p aramete rs for the L SAs you want to display , th en click Que r y . CLI - The CLI pro vides a w ider sele ction of displa y optio ns for view ing the Link State Database.
IP R OUTING 3-317 • Type – Router type of the de stination; either A BR, ASBR or both. • Rte Type – Route t ype; eit her intr a-area or interarea route (IN TRA or INTER) . • Area – The a rea from w hich this route was learned. • SPF No – The number o f time s the sho rtest pa th first algo rithm has been exec uted for t his route.
C ONFIGURING THE S WI TC H 3-318 • Priority – Neighbor ’s rout er priori ty. • State – OSPF state and identifi cation flag. States inc lude: - Down – Connect ion dow n - Atte mpt – Con n.
M ULTICAST R OUTING 3-319 neig hbors. Multic ast Ro uting This router c an route multi cast traffi c to d ifferent su bnetw orks using either D istance V ector Mu lticast R outing Pro tocol (D VMRP) or Protoc ol-Ind ependent M ulticast ing - D ense Mod e (PIM- DM).
C ONFIGURING THE S WI TC H 3-320 (page 3-324) or PIM (pag e 3-335), and specify the interfaces that will participate (pag e 3-329 or 3-336). Note that you can only en able one multicast routing proto col on any giv en interface. We b – Click IP , Multicast Routing, General Setting .
M ULTICAST R OUTING 3-321 Displaying the Mult icast Routing Table Y ou can display infor m ation on each multicast route this router has learne d via D VMRP or PIM. T he router learns multicast routes from neighborin g routers , and also adv ertises these routes to its ne ighbors .
C ONFIGURING THE S WI TC H 3-322 We b – Click IP , Multicast Routing, Multicast Routing T able. Click Detail to displa y additional inf or mation for any e ntry .
M ULTICAST R OUTING 3-323 CLI – T his example shows that multic ast fo rwar ding is en abl ed . T he mult icast ro uting ta ble disp lays one entry for a m ulticast sour ce routed b y D VMRP , and an othe r sour ce rou ted v ia PIM.
C ONFIGURING THE S WI TC H 3-324 looping and dete r min e the shor test pat h to the source of this multicast traffic. When this route r receives the m ulticast mess age, it checks its unicast routing ta ble to loc ate the po r t that p rovides the shor test path ba ck to the source .
M ULTICAST R OUTING 3-325 Command Usage.
C ONFIGURING THE S WI TC H 3-326 Broadca sting period icall y f loods the source flooding potential hosts pruning source grafting source.
M ULTICAST R OUTING 3-327 network with traffic fr om a ny active multicas t ser ver. If IGMP sn oopin g is disabled, multicast t raffic is floode d to all por ts on the router . Howeve r, if IGMP s noopin g is enable d, then the firs t pack et for any so urce group pair is f looded to all D VMRP downstream neighbors.
C ONFIGURING THE S WI TC H 3-328 neighbors are st ill active members of the multicast tree. (R ange: 1-65535 seconds; Default: 10 seconds) • Neighbor Timeo ut Interval – Sets th e interva l to wait for mes sages from a DVMRP neighbor befo re declaring it dead.
M ULTICAST R OUTING 3-329 We b – Click R outing Protocol, D VMRP , General Settings. Enable or disable D VMRP . Set th e glob al parame ters t hat contr ol neighb or timeo ut, the exch ang e of routing infor mation, or the pr une lifetime, and click Apply .
C ONFIGURING THE S WI TC H 3-330 (page 3-324), and also enable D VMR P for each interface that will part icipate in multicast routing . Command Attributes D VMRP Interface Infor mation • Interface – VLAN interface on this rou ter that has enabled DVMRP.
M ULTICAST R OUTING 3-331 We b – Click R outing Proto col, DVMRP , I nterface Settings. Select a VLAN from the d rop-down box under DVMRP Inter face S ettings, modify th e Metric if required, set the Status to Enabled or Disabled , and click Apply .
C ONFIGURING THE S WI TC H 3-332 upstr eam neighb or. • Up time – The time sin ce this device l ast became a DVMRP neighb or to this route r. • Expire – The time remainin g before this e ntry will be aged out. • Capabilities – A hexadecimal value that indicates the neighb or’s capabilities.
M ULTICAST R OUTING 3-333 CLI – T his example displays the only neighbor ing DV MRP router . Displaying th e Routing Table Th e rout er lear ns sourc e-ro uted in for mation fr om nei ghborin g D VMRP routers an d also advertises learned routes t o its neigh bors .
C ONFIGURING THE S WI TC H 3-334 • Expire – The time remainin g before this e ntry will be aged out. We b – Click R outing Protocol, D VMRP , D VMRP Routing T able.
M ULTICAST R OUTING 3-335 same interface used for routing unic ast packets to the multicast source network. If it is not, t he ro uter d rops th e packet a nd send s a pr une message bac k out the source i nterface .
C ONFIGURING THE S WI TC H 3-336 CLI – T his example enables PIM-DM globally and displays the cur rent status . Configur ing PIM-D M Interface Sett ings T o fully enable PIM -DM, you need to enable .
M ULTICAST R OUTING 3-337 transmitted. He llo mess ages are sent to neighboring PI M routers from which this de vice has rec eiv ed prob es , and are u sed to v erify whether or not these neighbors are still acti ve members of the multicast tree.
C ONFIGURING THE S WI TC H 3-338 ackno w ledgement message is lost, the router that sent the graft messag e will resend it a m aximum number of t imes as defined by Max Graft Retries . (Range: 1-65535 seconds; Default: 3) • Max Graft Retries – Configures the maximum numb er of times to resend a graft message if it has not b een acknowledged .
M ULTICAST R OUTING 3-339 CLI – This exam ple sets the PIM -DM p rotocol parame ters f or VLAN 2, and dis plays the cu r rent se ttings . Displaying Inte rface Info rmation Y ou can disp lay a summa.
C ONFIGURING THE S WI TC H 3-340 We b – Click Routing Prot ocol, PIM-D M, Inter face Infor mation. CLI – This example s hows t he PIM-DM i nterface summ ar y for VLAN 1. Displaying Neighbor Information Y ou can di spla y all th e neig hboring PIM-DM routers .
M ULTICAST R OUTING 3-341 We b – Click R outing Protocol, PIM-DM, Neigh bor Infor mation . CLI – T his example displays the only neighbor ing PIM-DM router . Console#show ip pim neighbor 3-210 Address VLAN Interface Uptime Expi re Mode --------------- ---------------- -------- ----- --- ------- 10.
C ONFIGURING THE S WI TC H 3-342.
4-1 C HAPTER 4 C OMMAND L INE I NTERF ACE This ch apter de scribes how t o use th e Command Line In terface (CLI ). Using the Com mand Line Inte rface Accessing the CLI When acces sing th e management.
C OMMAND L IN E I NTE RF AC E 4-2 After c onnecti ng to the sy stem thr ough th e conso le port, th e login sc reen displ ays: Telnet Connection T elnet op erates o ver the IP tran sport protocol . In thi s enviro nment, y our management station and any netw ork device yo u want to manage o ver t he network must hav e a valid IP address .
U SIN G THE C OMMAND L INE I NTE RF AC E 4-3 After y ou con figure the s witch with an IP address , you can open a T elnet session by perfo r ming these st e ps: 1. Fr om the rem ote ho st, ente r the T elnet comma nd and t he IP addr ess of the device yo u want to access .
C OMMAND L IN E I NTE RF AC E 4-4 Enteri ng Commands Th is sectio n desc ribes how to ente r CLI command s . Keywords and Arguments A CLI comm and is a serie s of keyw ords and argumen ts . Keyw ords identi fy a command, an d arguments specify configurat ion parameter s .
E NTERING C OMMANDS 4-5 Command Com pletion If you ter minate input w ith a T ab key , the CLI will p rint the remaining characters of a par tia l keyword up to the poin t of amb iguity . In the “logging his tory” example , typi ng log followed b y a tab will result in printing the comm an d up to “ logg ing .
C OMMAND L IN E I NTE RF AC E 4-6 Sho win g Com man ds I f you en ter a “?” at the comma nd prompt, the syste m will displa y the first lev el of ke ywo rds for the current comman d class ( Nor mal Ex ec or Pri vileged Exec ) or config urati on class (Globa l, A CL, DHCP , Inter face, Li ne, VLAN Database, or MSTP).
E NTERING C OMMANDS 4-7 The co mman d “ show interfaces ? ” will display the following infor mation: Partial Keyword Lookup If yo u ter minate a partial keyw ord with a question mark, alt ernatives that match the initial letters are provided. ( Re membe r not to leave a space betw een the comma nd and questi on mark.
C OMMAND L IN E I NTE RF AC E 4-8 Understanding Command Modes The command s et is di vided in to Ex ec and Configurat ion class es . Ex ec commands ge nerally display infor matio n on system stat us or clear statisti cal cou nters.
E NTERING C OMMANDS 4-9 console session with th e user name a nd pass word “admin.” T he syst em will now d ispl ay th e “Conso le#” command p rompt. Y ou can al so ente r Pri vileged Ex ec mode from within No r mal Exec mode , by entering the enab le command, followed by the pri vileg ed level passwo rd “super” (page 3-37).
C OMMAND L IN E I NTE RF AC E 4-10 packet filt ering. • DHCP Confi guration - These com mands are us ed to co nfigure t he DHCP server. • Interf ace Confi guration - T hese comman ds modify the port config urati on s uch as speed-duplex and negotiation .
E NTERING C OMMANDS 4-11 T o enter t he othe r modes , at the conf iguratio n prom pt type on e of the follo wing com mands . Use the exit or end comma nd to r eturn to the Pri vileged Ex ec mode .
C OMMAND L IN E I NTE RF AC E 4-12 Command Line Pr ocessing Commands are not ca se sens itiv e. Y ou can abb reviate com mands and para mete rs as long as th ey con tai n eno ugh lett ers to d iffer ent iat e the m from an y other currentl y av ailab le comma nds or p aramete rs .
C OMMAND G RO U P S 4-13 Comman d Groups The syst em command s can be b rok en do wn into the funct ional groups shown below . Command Group Description Page Line Sets communication parameters for the.
C OMMAND L IN E I NTE RF AC E 4-14 Address Table Conf igures the address table for filterin g specified address es, displ ays curren t entries, clears the ta ble, or se ts the aging time 3-3 3 Spannin.
L INE C OMMANDS 4-15 The access m ode sho wn in th e follo wing tab les is in dicated b y these abbr eviation s: NE (Nor mal Exec) VC ( VLAN Database Config uration) PE (Privilege d Exec) MST (Multipl.
C OMMAND L IN E I NTE RF AC E 4-16 line This command identifie s a specifi c line for config uration, an d to proces s subse quent line config uratio n com mands. Syntax line { console | vty } • console - Consol e terminal line. • vty - Virtual termin al for remote cons ole access ( i.
L INE C OMMANDS 4-17 Related Commands show line (3-26) show users (3-83) login This command enables p assw ord c heckin g at log in. Use the no for m to disable password che cking an d allow con nection s wi thout a password. Syntax login [ local ] no login local - Sele cts local password checking .
C OMMAND L IN E I NTE RF AC E 4-18 • This co mmand con trols lo gin authe nticati on via th e switch i tself. To configure user na mes and pas swords for remote au then ticatio n servers, you must use the RADIUS or TACACS softw are installed on those serve rs.
L INE C OMMANDS 4-19 passwo rd before the sys tem termi nates the line conn ection an d retu rns the terminal to the idle st ate. • The encrypted pass word is required for compatibility w ith legacy passw ord set tings (i .
C OMMAND L IN E I NTE RF AC E 4-20 • This co mmand app lies to both the local conso le and Teln et connect ions. • The t imeou t for Telne t cann ot be disabl ed.
L INE C OMMANDS 4-21 Example T o se t the pa ssword thresho ld to five attempts, enter this comman d: Related Commands silent-time ( 3-21) silent-time This c ommand sets the amount of time the man ag ement console is inacce ssible aft er the n umber of unsuccess ful logon atte mpts ex ceeds the threshold set by th e pass word- thresh co mmand .
C OMMAND L IN E I NTE RF AC E 4-22 databi ts This c ommand sets the number of dat a bits per char acter th at are inter prete d and g e nera ted by th e con sole por t. Us e the no fo r m to r est ore the de fault value. Syntax databi ts { 7 | 8 } no databits • 7 - Seve n data bits per chara cter .
L INE C OMMANDS 4-23 parity Th is comman d def ines t he ge nera tion of a pa rity bit . Use t he no for m to restore the defaul t settin g . Syntax parity { none | even | odd } no parity • none - N.
C OMMAND L IN E I NTE RF AC E 4-24 speed This command sets th e ter minal line’ s baud rate. This c ommand sets b oth the tr ansmit (t o terminal) and r eceiv e (from ter minal) s peeds . Use the no for m to restore the default se tting. Syntax speed bps no speed bps - Ba ud rate in bits per se cond.
L INE C OMMANDS 4-25 Syntax stopbits { 1 | 2 } • 1 - On e stop bit • 2 - T wo stop bits Default Setting 1 stop bit Command Mode Line Configuration Example T o specify 2 s top bits , enter t his comma nd: disconnect Use this command to terminate an SSH, T elnet, or console c onnectio n.
C OMMAND L IN E I NTE RF AC E 4-26 Related Commands show ssh (3-55) show users (3-83) show line This comm and displays the ter min al line’ s p arameters . Syntax show li ne [ console | vty ] • console - Consol e terminal line. • vty - Virtual termin al for remote cons ole access ( i.
G ENERAL C OMMANDS 4-27 General Comman ds enable This c ommand activates Privileged Exec mode. In privileged mode, addition al commands are a v ailable, an d certain commands displa y additiona l infor mation. Se e “Unde rstanding Comman d Modes” on pag e 4-8.
C OMMAND L IN E I NTE RF AC E 4-28 Command Mode Nor m al Exec Command Usage • “super ” is the de fault passwo rd require d to change t he command m ode from Norma l Exec to Pr ivileged Exe c. (To set th is passw ord, see th e enable password command on page 3-37.
G ENERAL C OMMANDS 4-29 Example Related Commands enable (3-27) configure This comm and activates Global Configuration mode. Y ou must enter this mode to m odify a ny sett ings on the switch.
C OMMAND L IN E I NTE RF AC E 4-30 Command Mode Nor m al Exec , Privileg ed Exec Command Usage The history buffer si ze is fix ed at 10 Execu tion com mands and 10 Conf igur ation c ommands .
G ENERAL C OMMANDS 4-31 command. Default Setting None Command Mode Pri vileged Ex ec Command Usage This comman d resets the ent ire syste m. Example Th is example shows how to r eset th e switch : end This command returns to Pri vileged Ex ec mode.
C OMMAND L IN E I NTE RF AC E 4-32 exit This comm and return s to the previous config uration mode or exit t he config uration p rog ra m. Default Setting None Command Mode Any Example This examp le s.
S YSTE M M ANAGEME NT C OMMANDS 4-33 Example This e xample sh ows how to qui t a CLI sessio n: System Mana gemen t Comman ds These comman ds are use d to con trol sys tem logs , passw ords, user names , browser config uratio n opti ons, and di splay or c onfigu re a varie ty of ot her system inf or ma tion.
C OMMAND L IN E I NTE RF AC E 4-34 Device Designation Commands prom pt This comma nd customi zes the CLI prompt . Use the no fo r m to rest or e the def ault pr ompt. Syntax prompt string no prompt string - Any a lphan umer ic strin g to u se for th e CLI pr ompt.
S YSTE M M ANAGEME NT C OMMANDS 4-35 Syntax hostname name no hostname name - T he name of this host. (Maximum length: 255 c haracters) Default Setting None Command Mode Global Configura tion Example User Access Commands The basic c ommands required f or managem ent access are list ed in this secti on.
C OMMAND L IN E I NTE RF AC E 4-36 Syntax user name nam e { access-level le vel | no passw ord | password { 0 | 7 } password } no user name name • name - The name of the use r. (Maximum length: 8 ch aracters, case sens itive. Maximum users: 16) • access-level leve l - Speci fies the user l evel.
S YSTE M M ANAGEME NT C OMMANDS 4-37 Example This examp le sho ws how the set the access lev el and pa ssw ord for a user . enable password After initially log g ing onto the s ystem, you should set the Privilege d Exec password. R e member to record it in a safe place.
C OMMAND L IN E I NTE RF AC E 4-38 config uration file from a TF TP server . There is no need for y ou to manuall y configur e encrypt ed passwo rds. Example Related Commands enable (3-27) IP Filt er .
S YSTE M M ANAGEME NT C OMMANDS 4-39 Default Setting All addresses Command Mode Global Configura tion Command Usage • If anyon e trie s to ac cess a ma nagement interfac e on th e switch fro m an invalid address, the switch will rejec t the connec tion, ente r an event message in the system log, and send a tr ap message to the trap manager.
C OMMAND L IN E I NTE RF AC E 4-40 • all-client - Ad ds IP add ress(es ) to t he SNMP , web an d T elnet gro ups . • http-client - Adds IP addres s(es) to the web group . • snmp-client - Adds IP a ddre ss(e s) to th e SNM P g roup. • telnet-client - Adds IP a ddre ss(es ) to the Telnet gr oup.
S YSTE M M ANAGEME NT C OMMANDS 4-41 Web Server Commands ip http port This command specifies t he TCP port num ber used b y the web bro wser interface. Use the no form to use the defa ult port. Syntax ip http por t port-number no ip http por t por t-n umbe r - Th e T C P p or t t o b e u s e d b y t h e b r o w s e r i n t e r f a c e .
C OMMAND L IN E I NTE RF AC E 4-42 ip http s erver This comm and allows this device to be monit ored or configured from a bro wser . Use th e no fo r m to d isabl e this f uncti on.
S YSTE M M ANAGEME NT C OMMANDS 4-43 Command Usage • Both HT TP and HTT PS service can be ena bled ind ependent ly on the switch. However, you cann ot confi gure the HTTP and HTTP S servers to use the same UDP p ort.
C OMMAND L IN E I NTE RF AC E 4-44 copy t ftp https-c er tifi cate (3- 85) ip http secure-por t This command specifies t he UDP port num ber used for HTTPS/SSL connec tion to the switc h’ s web inte rface . Use th e no for m to restore the defau lt por t .
S YSTE M M ANAGEME NT C OMMANDS 4-45 Secure Shell Commands The Berkley-stan dard includes remote access tools origin ally designed for Unix sys tems. Some of th ese t ools have also bee n implem ente d for Micros oft Wind ows and ot her env ironm ents.
C OMMAND L IN E I NTE RF AC E 4-46 The SSH se r ver on this s witch supports b oth passw ord and pub lic k ey authen ticatio n. If p assw ord authe nticati on is sp ecified b y the SSH client, then th.
S YSTE M M ANAGEME NT C OMMANDS 4-47 known hos ts file on th e manag eme nt stat ion an d place t he host pu blic key in it. An entr y for a public key in the known hosts fi le wo uld appear similar to the following example: 10.
C OMMAND L IN E I NTE RF AC E 4-48 c . If a mat ch is found, th e switc h uses the publi c key t o encrypt a ran dom sequenc e of b ytes , and se nds thi s string to th e client . d. The client use s its pri v ate ke y to decrypt the b ytes, and sen ds the decrypted b ytes back to the s witc h.
S YSTE M M ANAGEME NT C OMMANDS 4-49 Example Related Commands ip ssh cr y pto hos t-key ge nerate (3-52) show ssh (3-55) ip ssh timeout Use this co mmand to confi gure the ti meout for the SSH ser ve r . Use the no for m to restore the default se tting.
C OMMAND L IN E I NTE RF AC E 4-50 Example Related Commands ex ec-timeout (3 -19) show ip ssh (3-54) ip ssh auth entication- retries Use th is command to conf igure the number of times the SS H ser ver attemp ts to reau thentic ate a user. Use the no for m to restore the default setting.
S YSTE M M ANAGEME NT C OMMANDS 4-51 ip ssh server-key size Use this command to set the SSH server k ey size . Use the no for m to restore the defaul t settin g . Syntax ip ssh ser ver -key siz e ke y - s i z e no ip ssh ser ver-k ey size key -s i z e – The size of ser ver key .
C OMMAND L IN E I NTE RF AC E 4-52 Command Mode Pri vileged Ex ec Example ip ssh crypt o host-key generate Use th is comm and to gene rate the host k ey pa ir (i.e ., p ublic and pri vat e). Syntax ip ssh cr ypto host-key generate [ dsa | rs a ] • dsa – DSA key ty pe.
S YSTE M M ANAGEME NT C OMMANDS 4-53 Related Commands ip ssh cr yp to zeroize (3-53) ip ssh save host-key (3- 54) ip ssh crypt o zeroize Use this command to cle ar the ho st ke y from memory (i.e . RAM). Syntax ip ssh cr ypto zeroize [ dsa | rsa ] • dsa – DSA key ty pe.
C OMMAND L IN E I NTE RF AC E 4-54 ip ssh save host-k ey Use this command to sav e host key fr om RAM to flash memory . Syntax ip ssh sa ve host-k ey [ dsa | rs a ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Saves both the DSA and RS A key .
S YSTE M M ANAGEME NT C OMMANDS 4-55 show ssh Use this command to disp lay t he current S SH ser ver connect ions . Command Mode Pri vileged Ex ec Example Console#show ssh Connection Version State U sername Encryption 0 2.
C OMMAND L IN E I NTE RF AC E 4-56 show publ ic-key Use this co mmand to sho w the public key for the sp ecified use r or for the host. Syntax show public-k ey [ user [ user name ]| host ] user na me – Name of an SSH user . (Range: 1-8 chara cters) Default Setting Shows all public keys.
S YSTE M M ANAGEME NT C OMMANDS 4-57 Command Mode Pri vileged Ex ec Command Usage • If no pa rameters are entered, all keys a re disp layed. If the user keyw ord is entered, but no user name is specified, then the public keys for all users ar e displa yed.
C OMMAND L IN E I NTE RF AC E 4-58 Event Logging Commands loggi ng on This c ommand cont rols log gi ng of er ror mess age s, sending debug or er ror messag es to switch memor y .
S YSTE M M ANAGEME NT C OMMANDS 4-59 Example Related Commands log gin g histor y (3-59) clear log gin g (3-62) loggi ng history This c ommand limits syslo g messag es saved to swit ch memor y ba sed on severity . T he no for m retur n s the log ging of syslo g messag es to the defa ult level.
C OMMAND L IN E I NTE RF AC E 4-60 • level - One of the leve l argument s listed b elow. Messages sent inclu de the se lected l evel down to level 0.
S YSTE M M ANAGEME NT C OMMANDS 4-61 Syntax [ no ] lo gging hos t ho st_ip_ addr ess host_ip_ address - T he IP ad dress of a syslog se r ver . Default Setting None Command Mode Global Configura tion Command Usage • By using t his command m ore than once you can build up a list of h ost IP add resse s.
C OMMAND L IN E I NTE RF AC E 4-62 Command Usage The co mmand spe cifies the fac ility type tag s ent in sysl og mes sages. (See RFC 3164.) T his type has no effect on the kind of messag es reported by th e switc h. Ho wev er, it may be used by the sy slog se r ver to sort mess ages or to s tore m essages in t he correspo nding dat abase .
S YSTE M M ANAGEME NT C OMMANDS 4-63 Syntax clear lo g ging [ fl a sh | ram ] • flash - Even t histo ry stor ed in fl ash memo ry (i. e., per manent memory).
C OMMAND L IN E I NTE RF AC E 4-64 Default Setting None Command Mode Pri vileged Ex ec Example The following example shows that s ystem log ging is enabled, the messag e level for flash memor y is “errors ” (i.e., default lev el 3 - 0), the messag e level for RAM is “deb ug gin g” (i.
S YSTE M M ANAGEME NT C OMMANDS 4-65 The follo wing example di spla ys settin gs for th e trap funct ion. Related Commands show log gin g sendmail ( 3-70) SMTP Alert Com mands Configur es SMTP ev ent handling , and forw ardin g of alert messages to the specif ied SMTP s er vers and emai l recipien ts .
C OMMAND L IN E I NTE RF AC E 4-66 loggi ng sendmai l host This c ommand specifie s SMTP ser vers that will be sent aler t messag es. Use the no form to remov e an SMTP server .
S YSTE M M ANAGEME NT C OMMANDS 4-67 trigge red if the swit ch cann ot succe ssfully o pen a con nection .) Example logging sendmail level This c ommand sets the severity thresh old use d to trig ge r aler t messa g es. Syntax loggin g s end mai l le vel le vel leve l - One of the system messa ge levels (page 3-59).
C OMMAND L IN E I NTE RF AC E 4-68 logging sendmail s ource-email This command sets the email add ress use d for the “ From” fiel d in alert messag es. Syntax lo gging sendmail source-email email -addr ess email-address - The sour ce email a ddress u sed in al ert messages .
S YSTE M M ANAGEME NT C OMMANDS 4-69 Default Setting None Command Mode Global Configura tion Command Usage Y ou can speci fy up to fi v e recipi ents for al ert messages . How ev er , you mus t enter a separate co mmand to sp ecify eac h recip ient. Example loggi ng sendmai l This comma nd enables SMTP ev ent handling .
C OMMAND L IN E I NTE RF AC E 4-70 show lo gging sen dmail Th is co mman d di splay s the s ett ings f or th e SM TP even t han dler. Command Mode Nor m al Exec , Privileg ed Exec Example Time Command.
S YSTE M M ANAGEME NT C OMMANDS 4-71 sntp client This comm and enables SNTP client re quests for time synchronization from N TP or SN TP time se r ver s specif ied wit h the sntp servers comma nd.
C OMMAND L IN E I NTE RF AC E 4-72 Example Related Commands sntp ser ver (3-72) sntp poll (3-73) sntp br oadcast c lient (3 -74) show sntp (3-75) sntp server This comma nd sets the IP a ddress of the servers t o whic h SNTP time request s are is sued.
S YSTE M M ANAGEME NT C OMMANDS 4-73 Command Usage This c ommand sp ecifies time ser vers from which the switch will poll for time update s when set to SNTP client mode. T he client will p oll the time ser vers in th e order specified until a respon se is received.
C OMMAND L IN E I NTE RF AC E 4-74 Example Related Commands sntp clien t (3-71) sntp broadcast client This co mmand syn ch ronize s the s witch ’ s cloc k based on time broad cast from time ser vers (using the mu lticast address 224. 0.1 .1). Use the no for m to disa ble SNTP broa dcast clie nt mode .
S YSTE M M ANAGEME NT C OMMANDS 4-75 show sntp This comman d displa ys the current t ime and co nfiguratio n settin gs for th e SNTP client, a nd ind icates w hether or not the lo cal time has been p roperly updated .
C OMMAND L IN E I NTE RF AC E 4-76 Command Mode Global Configura tion Command Usage Th is comma nd sets the loca l time zone rela tive to the Coo rdinate d Unive rsal Time (UTC, form erly Greenwich Mean Time o r GMT), based on the earth’ s prime meri dian, z ero degrees lo ngitude .
S YSTE M M ANAGEME NT C OMMANDS 4-77 Command Mode Pri vileged Ex ec Example This exampl e shows how to set the system clock to 15:12:34, F ebr uary 1st , 2002.
C OMMAND L IN E I NTE RF AC E 4-78 System Status Commands show startup-config This c ommand displays the configuration file stored in non-volatile memor y th at is used to sta rt up the syst em.
S YSTE M M ANAGEME NT C OMMANDS 4-79 - VLAN databa se (VL AN ID, name a nd state) - VLAN configuration sett ings for each interface - Mul tiple s panning tree ins tances (name and i nterfac es) - IP a.
C OMMAND L IN E I NTE RF AC E 4-80 Default Setting None Command Mode Pri vileged Ex ec Command Usage • Use this command in conju nction w ith the show startup-config command to compar e the info rmation i n running memory to the information store d in non-volatile memory.
S YSTE M M ANAGEME NT C OMMANDS 4-81 Example Related Commands show star tup-con fig (3-78) Console#show running-config building running-config, please wait.
C OMMAND L IN E I NTE RF AC E 4-82 show system This c ommand displays syst em infor mat ion. Default Setting None Command Mode Nor m al Exec , Privileg ed Exec Command Usage • For a desc ript ion of th e items show n by this c omman d, re fer t o “Disp laying Syst em Info rmation” on page 3-14 .
S YSTE M M ANAGEME NT C OMMANDS 4-83 show us ers Shows all activ e console and T elnet sess ions , including use r name, idle time, and IP address of T elnet client . Default Setting None Command Mode Nor m al Exec , Privileg ed Exec Command Usage The session us ed to ex ecute this comman d is indica ted by a “ *” symbol next to t he Li ne (i.
C OMMAND L IN E I NTE RF AC E 4-84 Command Usage See “D isp laying Swi tch Hardware /Softwa re V ersio ns” on pag e 3-16 f or detailed infor mation on the items d isplayed by this comm and. Example Frame Size Commands jumbo frame This comma nd enables support for jumbo fra mes .
F LASH /F ILE C OMMANDS 4-85 to stand ard Etherne t frames that ru n only up to 1.5 KB, using jumbo frames si gnificant ly reduces t he per-p acket overhead required to proce ss prot ocol enca psul ation f ields . • To use jumbo frames, bot h the source an d destinati on end nodes (such as a compu ter or server) mus t supp ort this feature.
C OMMAND L IN E I NTE RF AC E 4-86 success of the fi le transf er depends on the acces sibility o f the TF TP ser ver and the qua lity of t he netw ork connection.
F LASH /F ILE C OMMANDS 4-87 the fact ory de fault co nfigurati on fi le, but you cann ot use it as the destination . • To rep lace the s tartup c onfigu ration, you must use startup-config as the d estinatio n. • The B oot ROM an d Loader c annot b e uploa ded or do wnloade d from the TFTP se rver.
C OMMAND L IN E I NTE RF AC E 4-88 Th e following examp le shows how to download a configuratio n file: This examp le sho ws how to copy a secure-s ite certifica te from an TFTP ser v er. It then re boots the switch t o activate the c er tifi cate: delete This comm and deletes a file or imag e.
F LASH /F ILE C OMMANDS 4-89 • “Factor y_Defa ult_Con fig.c fg” cann ot be d eleted. Example This e xample shows how to delete the test2.cfg configuration file from flas h memor y . Related Commands dir (3-89) dir This comm and displays a list of files in flash memor y .
C OMMAND L IN E I NTE RF AC E 4-90 • File info rmation is show n below: Example The following example shows how to display all file infor m ation: whichboot This command display s whic h files we re booted wh en the system pow ered up .
F LASH /F ILE C OMMANDS 4-91 Example This examp le sho ws the info r mation di splaye d by t he whichboot comma nd. See t he table under th e dir command fo r a description o f the file infor mati on displayed by this command. boot system This comma nd specifies the fil e or image used to start up th e system .
C OMMAND L IN E I NTE RF AC E 4-92 Example Related Commands dir (3-89) whichboot (3-90) Authen ticat ion Comma nds Y ou can conf igure t his switc h to authentic ate user s logging in to th e system for manag emen t access using local or R ADIUS authen ticatio n methods.
A UTHE NTI CA TI ON C OMMANDS 4-93 Authentication Sequence authenti cation l ogin This comma nd defin es the lo gin au thentica tion met hod and prece dence . Use the no for m to restore the defau lt. Syntax authentication login {[ loca l ] [ radius ] [ tacacs ]} no authentication login • loca l - Use l ocal pass word .
C OMMAND L IN E I NTE RF AC E 4-94 password on the RADIUS server is ver ified first. If the RADI US server is not availa ble, then auth entica tion is att empted on the TAC ACS+ serve r. If the TA CACS + server is not available, the local user name and passw ord is ch ecke d.
A UTHE NTI CA TI ON C OMMANDS 4-95 radi us-serve r host This command specifies t he RADIUS s er ver . Use the no form to restore the de fault. Syntax radius-server host host_ip_address no radius-server host host_ip_ address - IP a ddress of ser ver . Default Setting 10.
C OMMAND L IN E I NTE RF AC E 4-96 Example radi us-serve r key This comma nd sets t he RADIUS enc ryption ke y . Use the no form to restore the defau lt. Syntax radius-server key key_ s tr in g no radius-server key key _s t r i n g - En cr yption key used to a uthenticate log on acce ss for client.
A UTHE NTI CA TI ON C OMMANDS 4-97 Default Setting 2 Command Mode Global Configura tion Example radi us-serve r timeout This c ommand sets the inte r val between tra nsmitt ing authe ntication request s to the RA DIUS server . Use th e no for m to res tore the d efault.
C OMMAND L IN E I NTE RF AC E 4-98 Command Mode Pri vileged Ex ec Example TACACS+ C lient T er min al Access Controlle r Access Co ntrol System (TA CA C S+) is a log on authent icat ion pr otocol th at use s soft ware r u nning on a cen tral ser ver to control access to T A CA CS-awar e devices o n the ne tw ork.
A UTHE NTI CA TI ON C OMMANDS 4-99 Default Setting 10.11.12.13 Command Mode Global Configura tion Example tacacs-server p ort This comma nd specifi es the T AC A CS+ server n etwo rk port.
C OMMAND L IN E I NTE RF AC E 4-100 Syntax tacacs-ser ver k ey ke y _ s t r i n g no tacacs-ser ver k ey key _s t r i n g - En cr yption key used to a uthenticate log on acce ss for the client.
A UTHE NTI CA TI ON C OMMANDS 4-101 Port Securi ty Comm ands Th ese co mmands c an be u sed to dis able th e lear n ing func tion o r manually specif y secure add resses for a po rt. Y ou may want to lea ve port security off for an initial training pe riod (i.
C OMMAND L IN E I NTE RF AC E 4-102 Default Setting Status: Disabled Act ion: None Maximum Addr esses: 0 Command Mode Interf ace Conf igurati on (Eth ernet) Command Usage • If you enable port secu rity, the switc h will stop dynamically learning new addre sses on the specif ied port.
A UTHE NTI CA TI ON C OMMANDS 4-103 Example The follo wing example ena bles p ort security for p ort 5, and se ts the respons e to a security viol ation to issue a trap message: Related Commands shutd.
C OMMAND L IN E I NTE RF AC E 4-104 802.1x Port Authentication The switch suppor ts IEEE 802.1x (dot1x) por t-based access control that prev ents un authorize d access to the net w ork by requiri ng users to f irst submit credent ials for authenti cation.
A UTHE NTI CA TI ON C OMMANDS 4-105 Syntax authentication dot1x default radius no authentication dot1x Default Setting RADIUS Command Mode Global Configura tion Example dot1x defa ult This comma nd se ts all c onfigurab le dot1x global a nd por t setti ngs to their defau lt values.
C OMMAND L IN E I NTE RF AC E 4-106 count – T he maximum n umber of requests (Range: 1-10) Default 2 Command Mode Global Configura tion Example dot1x port -con tro l This c ommand sets the do t1x mode on a por t interf ace. Use the no for m to restore th e default.
A UTHE NTI CA TI ON C OMMANDS 4-107 dot1x oper ation-mode This c ommand allows single or multiple hosts (clie nts) to c onnect to an 802.1X-authorized port. Us e the no for m with no keyw ords to resto re the default to single hos t. Use the no for m wi th the m ulti-host max-count ke ywo rds to res tore the d efault max imum count.
C OMMAND L IN E I NTE RF AC E 4-108 - unit - This is device 1. - port - Port number. Command Mode Pri vileged Ex ec Example dot1x re-a uthenticat ion This c ommand enables pe riodic re-authenticatio n globally for all por ts. Use the no for m t o disab le re -authe ntica tion .
A UTHE NTI CA TI ON C OMMANDS 4-109 Command Mode Global Configura tion Example dot1x time out re-a uthpe riod This com mand s ets the time period after w hich a co nnected client must be re-aut henticat ed. Syntax dot1x timeout re-authperiod second s no dot1x timeout r e-authperiod second s - T he number of seconds .
C OMMAND L IN E I NTE RF AC E 4-110 Default 30 seconds Command Mode Global Configura tion Example show dot 1x This c ommand shows ge neral por t a uthen tication rela ted se ttings on t he switch or a specific interface. Syntax show do t1x [ stat is tics ] [ interface interface ] interface • ethernet unit / port - unit - This is device 1.
A UTHE NTI CA TI ON C OMMANDS 4-111 following glob al parameters whic h are set to a fixed value, in cluding the following items: - supp-timeo ut – Supplic ant time out. - serve r-timeout– Server timeo ut. - reauth-max – M aximum number of reauthentication attempt s.
C OMMAND L IN E I NTE RF AC E 4-112 - State – Current st ate (including initialize, reauthenticate). Example Console#show dot1x Global 802.1X Parameters reauth-enabled: no reauth-period: 3600 quiet-period: 60 tx-period: 30 supp-timeout: 30 server-timeout: 10 reauth-max: 2 max-req: 2 802.
A CCES S C ONTROL L IST C OMMANDS 4-113 Access Co ntrol List Co mmands Access Control Lists (A CL) pro vide pac ket filteri ng for IP frames (b ased on add ress, protoc ol, Layer 4 pr otoc ol por t numb er or TCP contr ol code) or any fra mes (based on MA C address or Et hernet type).
C OMMAND L IN E I NTE RF AC E 4-114 to an interf ace – Ing res s IP A CL, Egre ss I P ACL , Ingr ess MAC A CL and Egres s MAC ACL. • When an ACL is bound to an in terface as an egress filter, all entries in the ACL must be deny rules. Otherwise, th e bind operation w ill fail.
A CCES S C ONTROL L IST C OMMANDS 4-115 IP ACL, Egre ss IP ACL, In gress MAC ACL or Egress MAC ACL) , but a mask can b e bound to up to four ACLs of the same typ e.
C OMMAND L IN E I NTE RF AC E 4-116 access-list i p This command adds an IP access list and enters con figuration mod e for stand ard or ex tended I P A CLs.
A CCES S C ONTROL L IST C OMMANDS 4-117 •T o r e m o v e a r u l e , u s e t h e no permit or no deny command followed by the ex act text of a previousl y configured rule.
C OMMAND L IN E I NTE RF AC E 4-118 to indi cate “m atch” and 0 bits t o indica te “igno re.” The bitmas k is bitwi se ANDed with the s pecified s ource IP address , and the n compar ed with t he addres s for each IP packet entering the po rt(s) t o which this AC L has b een ass igned.
A CCES S C ONTROL L IST C OMMANDS 4-119 • protoc ol-numbe r – A specific protocol number . (Range : 0-255) • source – Source IP ad dress. • destination – Destination I P address. • address-bitmask – D ecimal number repr esenti ng the ad dress bit s to match.
C OMMAND L IN E I NTE RF AC E 4-120 • The co ntrol-c ode bitm ask is a decima l number ( represe nting an equivalent bit mask) that is applie d to the cont rol code. Enter a dec imal number , where the equival ent binar y bit “1” me ans to match a bi t and “0” mean s to igno re a bit.
A CCES S C ONTROL L IST C OMMANDS 4-121 This per mits all TCP pack ets from class C addresses 192.168.1.0 with the TCP co nt rol co de s et to “S YN . ” Related Commands access-list ip (3-116) show ip access-list This comm and displays the r ules for configured IP A CL s .
C OMMAND L IN E I NTE RF AC E 4-122 Syntax [ no ] access-list ip mask-precedence { in | out } • in – Ing ress mask f or ingr ess ACL s. • out – Egress mas k for egress ACLs. Default Setting Defaul t system mask: Filte r inbound pac kets ac cordin g to specifi ed IP AC L s.
A CCES S C ONTROL L IST C OMMANDS 4-123 Syntax [ no ] ma sk [ protoc ol ] { any | host | sourc e-bitmask } { any | host | dest in atio n-b it mas k } [ precedence ] [ tos ] [ dscp ] [ source-por t [ por t-bitmask ]] [ destination-por t [ por t-bitmask] ] [ control-f la g [ flag-bi tmask ]] • proto col – Check t he prot ocol f ield .
C OMMAND L IN E I NTE RF AC E 4-124 • First cre ate the required A CLs and in gress or e gress mas ks before mapping an ACL to an interface. •I f y o u e n t e r dscp , you c annot e nter tos or precedence . You can enter both tos and precedence with out dscp .
A CCES S C ONTROL L IST C OMMANDS 4-125 This shows ho w to cr eate a standard A CL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others . This sho ws how to cr eate an exten ded A CL with an egress mask t o drop packe ts leaving netw ork 171.
C OMMAND L IN E I NTE RF AC E 4-126 This is a mor e compre hensi ve ex ample . It d enies any TCP pac kets i n which the S YN bit is ON , and p er mi ts all ot her packets. It then set s the ing res s mask to che ck the deny r ule f irst, an d finally bind s por t 1 t o this A CL.
A CCES S C ONTROL L IST C OMMANDS 4-127 Command Mode Pri vileged Ex ec Example Related Commands mask (IP A CL) (3-122) ip access-gro up This command bind s a port to an IP A CL. Use the no fo r m t o r e mo ve t he por t. Syntax [ no ] ip access-group acl_name { in | out } • acl_na me – Name of the ACL.
C OMMAND L IN E I NTE RF AC E 4-128 Example Related Commands show ip access-list (3-121 ) show ip access-grou p This co mmand shows th e ports assign ed to IP ACLs. Command Mode Pri vileged Ex ec Example Related Commands ip access-group (3-127) map access-list ip This comma nd sets the outpu t queue for pac kets matc hing a n A CL r ule.
A CCES S C ONTROL L IST C OMMANDS 4-129 Default Setting None Command Mode Inter face Con figurat ion (E ther net) Command Usage Command Usage • You must co nfigur e an ACL mask be fore you ca n map Co S value s to the ru le.
C OMMAND L IN E I NTE RF AC E 4-130 • ethernet unit / port - unit - This is device 1. - port - Port number. Command Mode Pri vileged Ex ec Example Related Commands map access-list ip (3-128) match access-list ip This command cha nges the IEEE 802.1p prior ity , IP Preceden ce, or DSCP Pri ority of a frame matc hing the defi ned A CL r ule .
A CCES S C ONTROL L IST C OMMANDS 4-131 Command Mode Inter face Con figurat ion (E ther net) Command Usage • You must con figure an A CL mask b efore you can change fram e priori ties ba sed on an AC L rule . • Traffic priorities may be included in the IEEE 802.
C OMMAND L IN E I NTE RF AC E 4-132 Example Related Commands match access-list ip (3-130) Console#show marking Interface ethernet 1/12 match access-list IP bill set DSCP 0 match access-list MAC a set .
A CCES S C ONTROL L IST C OMMANDS 4-133 MAC AC Ls access-list mac This command adds a MA C access list and ente rs MA C A CL configur ation mode. Use the no for m to remov e the specified A CL.
C OMMAND L IN E I NTE RF AC E 4-134 acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configura tion Command Usage • An egr ess ACL mus t cont ain all den y rules .
A CCES S C ONTROL L IST C OMMANDS 4-135 [ vid vid vid-bitmask ] [ ether type pr otocol [ pr otocol - bitmask ]] Note: - The default is for Ethern et II packet s.
C OMMAND L IN E I NTE RF AC E 4-136 Default Setting None Command Mode MA C A CL Command Usage • New rules are added to the en d of the lis t. •T h e ethertype option can on ly be used to filter Ethe rnet II f ormatted packets. • A detailed listing of Ethernet protocol types can be found in RFC 1060.
A CCES S C ONTROL L IST C OMMANDS 4-137 Example Related Commands per mit, den y 3-134 mac access-group (3-142) access-list mac mask -precedence This comma nd cha nges to M AC Mask m ode used t o configur e access control m asks . Use th e no form to del ete the mask tabl e.
C OMMAND L IN E I NTE RF AC E 4-138 Example Related Commands mask (MA C A CL) (3-138) mac access-group (3-142) mask (MAC ACL) Th is comman d define s a mask fo r MAC ACLs . This ma sk defin es the fiel ds to che ck in th e packe t head er. Use the no for m to remove a mask.
A CCES S C ONTROL L IST C OMMANDS 4-139 Command Usage • Up t o seven mas ks can be assig ned to an in gress o r egre ss ACL. • Packets cross ing a port are checked agains t all the rules in the A CL until a match is found.
C OMMAND L IN E I NTE RF AC E 4-140 Example This examp le sho ws how to cr eate an Ingress MA C A CL and bin d it to a port. You can then see th at the o rder of the rules have been changed by the mas k.
A CCES S C ONTROL L IST C OMMANDS 4-141 This exampl e creates an Egress MA C AC L. show access-list mac mask-pr ecedence This c ommand shows the ing ress or e g ress r ule masks f or MA C A CLs. Syntax show access-li st mac mask-precedence [ in | out ] • in – Ingr ess mask preceden ce for in gress A CLs.
C OMMAND L IN E I NTE RF AC E 4-142 Related Commands mask (MA C A CL) (3-138) mac access-group Th is comm and bi nds a po rt to a MAC A C L. Use the no for m to remove the po rt . Syntax mac access-group ac l_na me { in | out } • acl_na me – Name of the ACL.
A CCES S C ONTROL L IST C OMMANDS 4-143 show mac access-gro up This co mmand shows th e ports assign ed to MA C ACLs. Command Mode Pri vileged Ex ec Example Related Commands mac access-group (3-142) map access-list mac This comma nd sets the outpu t queue for pac kets matc hing a n A CL r ule.
C OMMAND L IN E I NTE RF AC E 4-144 the out put queues a s show n below. Example Related Commands queue cos -map (3-81) show map access-list mac (3-144) show map access-list mac This command show s the Co S val ue mapped t o a MA C ACL for the current inter face.
A CCES S C ONTROL L IST C OMMANDS 4-145 Related Commands map access-list mac (3-143) match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching th e def ined ACL ru le. (Th is featu re is com monly refer re d to as A CL pack et marking .
C OMMAND L IN E I NTE RF AC E 4-146 ACL Informatio n show access-list This command shows all ACLs and associated r ules, as well as all the user -defined m asks . Command Mode Pri vileged Ex ec Command Usage Once th e A CL is bo und t o an inter face (i.
SNMP C OMMANDS 4-147 Command Mode Pri vileged Ex ecuti ve Example SNMP Commands Controls access to this switch from manag ement stations using the Simple Netw ork Management Pr otoc ol (SNM P), as we ll as th e er ror typ es sent t o trap manag e rs .
C OMMAND L IN E I NTE RF AC E 4-148 Syntax snmp-ser ver community str ing [ ro | rw ] no snmp-ser ver community string • string - Co mmuni ty stri ng th at acts like a p asswor d and p erm its acc ess to th e SNMP p rotocol . (Max imum le ngth: 32 charac ters, c ase sensitive ; Maximu m number of stri ngs: 5) • ro - Specifie s read-only access.
SNMP C OMMANDS 4-149 Syntax snmp-ser ver contact str ing no snmp-ser ver contact string - String that describe s the syste m contact in for mation . (Maximum length: 255 char acters) Default Setting N.
C OMMAND L IN E I NTE RF AC E 4-150 Example Related Commands snmp-ser ver contact (3-148) snmp-server host This co mmand sp ecifies the rec ipient of a Si mple Ne tw ork Ma nagement Protoc ol noti fication operat ion. Use the no form to remov e the specified host.
SNMP C OMMANDS 4-151 are se nt. In orde r to co nfigure the sw itch to send SNMP notifica tions, you mus t enter at least on e snmp-serve r host com mand. In or der to enable multiple ho sts, you must issue a sep arate snmp-s erver host command for each host.
C OMMAND L IN E I NTE RF AC E 4-152 Default Setting Issue aut hent icati on an d li nk-up- down tr aps. Command Mode Global Configura tion Command Usage • If you do not ente r an snmp-server enable traps command , no notificat ions controlled by this command a re sent.
SNMP C OMMANDS 4-153 are allo wed SNMP access t o the swit ch. • subnet_m ask - An ad dress bitmask of d ecimal numbe rs tha t repr esent the a ddre ss b its t o matc h.
C OMMAND L IN E I NTE RF AC E 4-154 show snmp This comma nd che cks th e status of SNMP com munica tions . Default Setting None Command Mode Nor m al Exec , Privileg ed Exec Command Usage This c omman.
DHCP C OMMANDS 4-155 DHCP Commands These commands are used to configure Dynami c Host Configura tion Protoc ol (DHCP) client , relay , and server fun ctions . Y ou can confi gure any VLAN int erface to be automatical ly assig ned an IP addr ess via DHCP .
C OMMAND L IN E I NTE RF AC E 4-156 • hex - The hexa decimal value . Default Setting None Command Mode Interf ace Conf igurati on (VLA N) Command Usage This c ommand is used to include a client id entifier in all comm unicati ons wit h the DH CP server .
DHCP C OMMANDS 4-157 • I f t h e B O O T P o r D H C P s e r v e r h a s b e e n m o v e d t o a d i f f e r e n t d o m a i n , the netw ork portion o f the add ress pro vided to th e client w ill be base d on this ne w domain. Example In the fo llow ing examp le, th e device i s reassigne d the sa me address .
C OMMAND L IN E I NTE RF AC E 4-158 Command Mode Interf ace Conf igurati on (VLA N) Command Usage This c ommand is used to configure DHCP re lay functions for host devices attached to the switch.
DHCP C OMMANDS 4-159 Syntax ip dhcp relay ser ver address1 [ address2 [ addr ess3 ... ]] no ip dhcp relay ser v er address - IP addres s of DHCP server . (Range : 1-3 addresses) Default Setting None Command Mode Interf ace Conf igurati on (VLA N) Usage Guidelines • You must sp ecify the I P address for at least one DHCP serve r.
C OMMAND L IN E I NTE RF AC E 4-160 DHCP Server Command Funct ion Mod e Page service dh cp En ables the DHCP serve r feature on this swi tch GC 3-16 1 ip dhcp excluded -addre ss Specifie s IP addre ss.
DHCP C OMMANDS 4-161 service dhcp Use this command to enabl e the DHCP server on this sw itch. Use the no for m to disable the DHCP s er ver. Syntax ser vice dhcp no ser vice dhcp Default Setting Enab.
C OMMAND L IN E I NTE RF AC E 4-162 • high-address - The last I P address in a n excluded address range . Default Setting All IP po ol addr ess es may be assig ned. Command Mode Global Configura tion Example ip dh cp p ool Use this command to confi gure a DHCP a ddress poo l and enter D HCP P o ol Co nfigura tion mo de.
DHCP C OMMANDS 4-163 within the ra nge of a c onfi gured ne twor k addr ess pool . Example Related Commands network (3-163) host (3-170) netw ork Use this command to co nfigur e the subnet n umber and mask for a DHCP addres s pool. Use the no for m to remov e the subnet number a nd mask.
C OMMAND L IN E I NTE RF AC E 4-164 • This co mmand is valid for DHCP netw ork addr ess pool s onl y. If th e mask is no t specifie d, the class A , B, or C natural mask is used (see page 3-276). The DHCP server assume s that all host addresses are availabl e.
DHCP C OMMANDS 4-165 domain-name Use this c ommand t o specify th e domain name for a D HCP client. Use the no form t o remo ve the domain name . Syntax domain-name dom ai n no domain-name domain - S pecifies the domain name of the client.
C OMMAND L IN E I NTE RF AC E 4-166 Command Mode DHCP P ool Configur ation Usage Guidelines • If DNS IP s ervers are not con figured fo r a DHCP clie nt, th e client canno t corre late h ost name s to IP a ddre sses . • Servers are listed in order o f preferenc e (star ting wit h address1 as the most pr eferred server).
DHCP C OMMANDS 4-167 bootfile Use this command to speci fy the na me of the d efault boo t image for a DH CP cl ien t. This file should placed on the T rivial File T ransfer Protoc ol (TFTP) ser ver s pecifie d with th e next -ser ver c ommand. Use the no form to dele te th e boot i mage name .
C OMMAND L IN E I NTE RF AC E 4-168 • address2 - Speci fies IP add ress of a lternate NetBIOS WI NS name serv er. Default Setting None Command Mode DHCP P ool Configur ation Usage Guidelines Servers are l isted i n order of preferen ce (st ar ting w ith address1 as the most pr eferred server).
DHCP C OMMANDS 4-169 Command Mode DHCP P ool Configur ation Example Related Commands netbios-name-ser ver (3-167) Console(config-dhcp)#netbios-node-type hy brid Console(config-dhcp)#.
C OMMAND L IN E I NTE RF AC E 4-170 lease Use this co mmand to confi gure the durat ion that an IP address is assigned to a DHCP cl ient. Use th e no for m to restore the defa ult value . Syntax leas e { days [ hours ][ minutes ] | infinite } no lease • days - Specifies the duration of the lease in num bers of days.
DHCP C OMMANDS 4-171 Syntax host address [ mask ] no host • address - Specifies the IP addr ess of a c lient. • mask - Specifies the network mask of the cl ient.
C OMMAND L IN E I NTE RF AC E 4-172 Usage Guidelines • Host addresses must fall within the range specified for an existing network po ol. • When a cl ient requ est is r eceived, the switch fi rst checks for a n etwork address pool mat ching the gate way where t he request origin ated (i.
DHCP C OMMANDS 4-173 Syntax client-identifier { text te xt | hex he x } no client-identifier • text - A text s tri ng. ( Range: 1-15 chara cters) • hex - The hexa decimal value .
C OMMAND L IN E I NTE RF AC E 4-174 Syntax hardware-address ha rdware-address type no hardware-address • hardware-address - Speci fies the M AC address o f the clien t device.
DHCP C OMMANDS 4-175 • address - The add ress of t he bindi ng to clear. • * - Clears all automatic binding s. Default Setting None Command Mode Pri vileged Ex ec Usage Guidelines •A n address specifies the client’s IP address. I f an asterisk (*) is used as the add ress para meter, th e DHCP serve r clears all auto matic bin dings.
C OMMAND L IN E I NTE RF AC E 4-176 Command Mode Nor m al Exec , Privileg ed Exec Example. DNS Commands These commands are used to configure Dom ain Naming System (DN S) ser vices.
DNS C OMMANDS 4-177 ip host This comma nd creates a stat ic entry in the D NS table that ma ps a host name to an I P address . Use the no form to remov e an entry . Syntax [ no ] ip ho st name address1 [ a ddr ess2 … address8 ] •n a m e - Name of the hos t.
C OMMAND L IN E I NTE RF AC E 4-178 Example This example maps tw o addre ss to a host n ame. clear host This c ommand delete s entries from the DNS table. Syntax clear host { name | * } •n a m e - Name of the hos t. (Range: 1-64 charact ers) • * - Rem oves a ll entrie s.
DNS C OMMANDS 4-179 with dott ed nota tion). Use the no for m to remo ve th e current domain name. Syntax ip doma in-nam e name no ip doma in-name name - Name of th e host. Do not include the initial dot that separates the hos t name fr om the domain name.
C OMMAND L IN E I NTE RF AC E 4-180 Syntax [ no ] ip do main- list name name - Name of th e host. Do not include the initial dot that separates the hos t name fr om the domain name. (Range: 1-64 c haracters) Default Setting None Command Mode Global Configura tion Command Usage • Doma in nam es are add ed to the e nd of the lis t one at a time.
DNS C OMMANDS 4-181 Related Commands ip domain-name (3-178) ip name-server This comman d specifies the addres s of one or mor e domain nam e ser ve rs to us e fo r na me- to-a dd ress res olu tio n. Us e th e no for m t o rem ove a nam e ser ver from this list .
C OMMAND L IN E I NTE RF AC E 4-182 Example This examp le adds tw o domain -name se r vers t o the li st and t hen disp lays the list. Related Commands ip domain-name (3-178) ip domain-lookup (3-182) ip domain- lookup This command enables DNS host name-to-ad dress translat ion.
DNS C OMMANDS 4-183 Example This examp le enable s DNS and then dis play s the confi guratio n. Related Commands ip domain-name (3-178) ip name-ser ver (3-181) show host s This c ommand displays the static host name-to-ad dress mapping t able.
C OMMAND L IN E I NTE RF AC E 4-184 show dn s This comm and displays the configuration of th e DNS ser ver . Command Mode Pri vileged Ex ec Example show dns cache This comma nd displ ays en tries i n the DN S cache . Command Mode Pri vileged Ex ec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
DNS C OMMANDS 4-185 clear dns cache This comm and clears all entries in t he DNS cache. Command Mode Pri vileged Ex ec Example FLAG The flag is alwa ys “4” indicatin g a cache entry and theref ore unreliable.
C OMMAND L IN E I NTE RF AC E 4-186.
I NTERFACE C OMMANDS -1 Interface Commands These comman ds are us ed to d ispla y or set co mmuni cation paramet ers for an Ethernet port, a g g reg ated li nk, or VLAN . interface This comma nd config ures an int erface ty pe and enter inte rface config urati on mod e.
-2 Syntax interf ace interface no interface port-channel chann el-i d interface • ethernet unit / port - unit - This is device 1. - port - Port number.
I NTERFACE C OMMANDS -3 Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Example The follo wing exam ple adds a descrip tion to port 4. speed-du plex This command co nfigur es the speed an d duplex mod e of a gi v en interfa ce when a utone g otiat ion i s disa bled.
-4 Default Setting • Auto-ne got iation is enab led by d efau lt. • When aut o-negot iation is disa bled, the defaul t spe ed-duplex setti ng is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports.
I NTERFACE C OMMANDS -5 Default Setting Enabl ed Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Command Usage • When auto-n egotiat ion is ena bled t he switch w ill negotiat e the b est setting s for a li nk based on the capabilities command.
-6 • 10full - Supports 10 Mbp s full-dup lex op erat ion • 10half - Suppo rts 10 M bps ha lf-d uple x opera tion • flowcontrol - Su pports f low con trol • symmetric (Gigabit o nly) - W hen sp.
I NTERFACE C OMMANDS -7 flo wc ont rol (3 -7 ) flowc ontr ol This command enables flo w control . Use th e no for m to disable flow contr ol. Syntax [ no ] fl o w c o n t ro l Default Setting Flow con.
-8 Example The follo wing example ena bles flow cont rol on port 5. Related Commands negotiati on (3-4) capabilities (f lowcontrol, symmetri c) (3-5) combo-forced-mode This command forces t he port type selected for comb ination p orts 8 - 12. Use the no form to restore the defaul t mode.
I NTERFACE C OMMANDS -9 Example This forces t he switc h to use the bu ilt-in RJ-45 por t for the combination por t 8. shutdown This comman d disabl es an inter face . T o restart a disa bled in terface , use the no for m. Syntax [ no ] shutdown Default Setting All interfaces are enabled.
-10 Syntax swi tchpor t br oadcast packet-rate rate no switchpor t broadcast rate - Threshol d level as a rate; i.e., pac kets per sec ond. (Range: 500 - 262143) Default Setting Enabled for all por ts.
I NTERFACE C OMMANDS -11 - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting None Command Mode Pri vileged Ex ec Command Usage Statistics are only initializ ed for a power reset. This co mmand sets the base value for d isplayed statistic s to z ero for th e cur r ent man age ment session.
-12 Default Setting Shows the status for all in terfaces . Command Mode Nor m al Exec , Privileg ed Exec Command Usage If no interface is specified, in for mation o n all interfaces is d isplayed. F or a d escription o f the item s displa yed b y this co mmand, see “Displaying Conn ection Statu s” on pag e 3 -89.
I NTERFACE C OMMANDS -13 show interfaces counters This comm and displays interface statistics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting Shows the counters for all interfaces.
-14 Example show interfaces switch port This comm and displays the administrative and operational status of the specified in terfaces . Syntax show interfaces s witchpor t [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number.
I NTERFACE C OMMANDS -15 Default Setting Shows all inte rfaces. Command Mode Nor m al Exec , Privileg ed Exec Command Usage If no interface is specified, in for mation o n all interfaces is d isplayed. Example This exampl e shows the confi guration s etting for port 4.
-16 Mirror Port Commands Th is sectio n desc ribe s how to mir r or traff ic fr om a sour ce por t to a targ et por t. port monitor This command con figures a mirror sessi on.
M IR R OR P ORT C OMMANDS -17 Default Setting No mirror ses sion is de fined. When enabled, the defa ult mirroring is for both r eceiv ed and trans mitted pac kets .
-18 Default Setting Sho ws all session s . Command Mode Pri vileged Ex ec Command Usage This comman d displ ays th e currently confi gured so urce port, destinat ion po rt, and mir ror mode (i.
R ATE L IMIT C OMMANDS -19 by the hard ware to verify confo r mi ty . No n-conf or min g traff ic is dr opped , confo r ming traff ic is fo rwarde d with out any cha ng es. rate-limit This comm and defines the rate limit for a specific interface. Use this command without specifyi ng a rate t o restore the defaul t rate .
-20 Link Aggregation Comman ds P o rt s can be st atically gr ouped into an ag g reg ate link (i.e., tr unk) to incre ase the bandw idth of a network c onnec tion or to ensur e faul t recover y .
L INK A GG RE G AT I O N C OMMANDS -21 • A trunk can have up to eight ports. • The po rts at both ends of a co nnectio n must be configured as trun k ports. • All ports in a trunk must be configure d in an identical manner, including communicatio n mode (i.
-22 Default Setting Th e cur r ent por t will be a dded to th is tr unk. Command Mode Interf ace Conf igurati on (Eth ernet) Command Usage • When con figuring static trunks , the switches must c omply with th e Cisco Ether Chann el standard. •U s e no channel-group to remove a po rt group from a trunk.
L INK A GG RE G AT I O N C OMMANDS -23 Command Usage • Th e p or t s o n b ot h e n d s o f a n L A C P t ru n k m u s t b e co n f i g u re d f o r f u ll duple x, either by for ced mo de or aut o-negot iation . • A trunk formed with another sw itch using LACP wil l automatically be assign ed the n ext avail able po rt-chann el ID.
-24 lacp system -priority This comman d configure s a port's LA CP system priori ty . Use the no form to rest ore t he defaul t sett ing . Syntax lacp { actor | par tner } system-priority priority no lacp { actor | par tner } system-priority • actor - The local side an a ggregate link.
L INK A GG RE G AT I O N C OMMANDS -25 state, and will only take effect the next time an aggre gate link is establish ed w ith the pa rtner. Example lacp admin-key (Ethernet Interface) Th is comman d conf igure s a por t's L A CP admi nistrat ion key .
-26 • Once th e remote sid e of a link ha s been estab lished, LACP opera tional settings are already in use on t hat side. Config uring LACP settings for the partn er only appl ys to its admin istrat ive state , not its oper ationa l state, and will only take effect the next time an aggre gate link is establish ed w ith the pa rtner.
L INK A GG RE G AT I O N C OMMANDS -27 that when the LAG is n o longer us ed, the po rt channel admin ke y is reset to 0. Example lacp p ort -prio rity This command c onfigu res LA CP port priority . Use the no for m t o r est ore the de fault set ting .
-28 state, and will only take effect the next time an aggre gate link is establish ed w ith the pa rtner. Example show lacp This c ommand displays LA CP infor mati on. Syntax show lacp [ port-channel ] { counter s | internal | neighbors | sys-id } • port-channe l - Local identifier for a link aggregation group.
L INK A GG RE G AT I O N C OMMANDS -29 Example Console#show 1 lacp counters Channel group : 1 ----------------------------------------- -------------------------------- Eth 1/ 1 ----------------------.
-30 Console#show 1 lacp internal Channel group : 1 ----------------------------------------- -------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ---------------------------------------.
L INK A GG RE G AT I O N C OMMANDS -31 LACP Port Priority LACP port priority assigned to this interface within the channel group. Adm in S tat e, Oper S tate Administrative or opera tional values of t.
-32 Console#show 1 lacp neighbors Channel group 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 ----------------------------------------- ---------------.
A DDRESS T ABL E C OMMANDS -33 Addre ss T able Comma nds These comma nds are use d to con figure th e addre ss table for filte ring speci fied add resses , displa ying current entri es , clearing t he tabl e, o r sett ing the agin g time.
-34 mac-address-table stat ic This c ommand maps a s tatic address to a de stination por t in a VLAN . Use the no for m to remo ve an address . Syntax mac-address-tabl e static mac-address interface interface vlan vlan-i d [ action ] no mac-address-table sta tic mac-address vlan vlan-id • mac-address - MAC a ddress.
A DDRESS T ABL E C OMMANDS -35 • Static ad dresses are bound to the assigned inte rface and will not be mov ed. When a stat ic address is seen on an other in terface, the address will be ignored and will not be writte n to the address table.
-36 - port - Port number. • port-channel chann el-id (Range: 1-6) • vlan -i d - VLAN ID (Range: 1-4094) • sort - Sort by address , vlan or interface. Default Setting None Command Mode Pri vileged Ex ec Command Usage • The MA C Addres s Table contai ns the MAC addr esses a ssoci ated with each int erface.
A DDRESS T ABL E C OMMANDS -37 Syntax mac-address-tabl e a ging-time second s no mac-address-ta ble aging-time seconds - Aging time. (Range: 10-1000000 seconds; 0 to disable aging) Default Setting 300 seconds Command Mode Global Configura tion Command Usage The aging t ime is used to age out d ynamically lear ned forwarding infor mation .
-38 Spanni ng Tree Com man ds This secti on incl udes comma nds that config ure the Sp anning T ree Alg orith m (STA) globally for the switch, and com mands tha t configur e ST A for the selected in terface .
S PANNING T REE C OMMANDS -39 spanning- tree This comma nd enabl es the Span ning T ree Algorithm glo bally for the switch. U se t he no for m to disable it.
-40 • stp - Spanning Tree Protocol (IEEE 802.1D) • rstp - Rapid Sp anning T ree Protoco l (IEEE 802.1w) Default Setting rstp Command Mode Global Configura tion Command Usage • Span ning Tre e Protocol Uses RSTP for the i nternal state machine, but sends only 802.
S PANNING T REE C OMMANDS -41 spanning- tree forwar d-time This comm and configures the spann ing tree bridge forward time globally for this switch. Use the no for m to restore the default. Syntax spanning-tree for w ard- time sec onds no span ning-t ree forw ard-t ime seconds - T ime in seconds.
-42 spanning-tr ee hello-time This comm and configures the spanning tree bridge hello time globally for this sw itch. Use t he no for m to restore the defa ult. Syntax spanning-tree hello-ti me tim e no spanning-tree hello-time time - Time in seconds .
S PANNING T REE C OMMANDS -43 Default Setting 20 seconds Command Mode Global Configura tion Command Usage This command s ets the m aximu m time (in s econds) a device can w ait without receiving a co nfigura tion mess ag e befo re atte mpting to reconfi gure.
-44 Command Mode Global Configura tion Command Usage Bridge prio rity is used in sele cting the root d evice, root por t, and designa ted por t. T he d evice wi th the h ighes t priorit y beco mes th e STA root devi ce.
S PANNING T REE C OMMANDS -45 Example spanning-tree tr ansmission-limi t This comman d configur es the min imum i nter val betw een the tr ansmissi on of cons ecuti ve RST P BPDUs . Use the no fo r m to restore the defaul t. Syntax spanning-tree transmi ssion-limit count no spanning-tree transmission-limit count - The transmission limit in seconds.
-46 Th is example disa bles the spa nning t ree alg orith m for por t 5. spanning-tree cost This comma nd config ures the sp anning tre e path co st for th e specifi ed interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port.
S PANNING T REE C OMMANDS -47 the maximum value for path cost is 65,535. Example spanning- tree port-pr iority This command configures the priori ty for th e specified i nterface . Use th e no for m t o restor e the d efault. Syntax spanning-tree por t-priority priority no spanning-tree por t-priority priority - The priority for a por t.
-48 spanning-tree edge-po rt This command specifies an inter face as an edge port. Use the no fo r m to restore the defau lt. Syntax [ no ] spanning-tree edge-por t Default Setting Disabled Command Mo.
S PANNING T REE C OMMANDS -49 spanning- tree portfa st This comma nd sets an interface t o fast forw arding . Use the no for m to disable fas t forwa rding .
-50 spanning- tree link -type This command configures t he link type fo r Rapid Span ning T ree. Use the no for m t o restor e the d efault. Syntax spanning-tree link-type { auto | point-to-point | shar ed } no spanning-tree link-type • auto - Automatica lly derived from the du plex mode set ting.
S PANNING T REE C OMMANDS -51 spanning-tree protocol-migration This com mand re-c hec ks the ap propri ate BPDU f or mat to se nd on t he sele cted inte rfac e. Syntax spanning-tree protocol -mig ration interfac e interface • ethernet unit / port - unit - This is device 1.
-52 • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting None Command Mode Pri vileged Ex ec Command Usage •U s e t h e.
S PANNING T REE C OMMANDS -53 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning-tree information ------------------.
-54 VLAN Commands A VLAN is a g rou p of por t s that ca n be locat ed any where in the network, but co mmunicat e as th ough they belong t o the s ame ph ysical s egment.
VLAN C OMMANDS -55 Command Mode Global Configura tion Command Usage • Use the VLAN d atabase command mod e to add, chan ge, and delete VLANs. After finis hing config uration c hanges, you c an disp lay th e VLAN settin gs by ente ring th e show v lan co mmand.
-56 - suspend - VLAN is susp ended . Suspen ded VL ANs do not pa ss packets. Default Setting By default only VL AN 1 exists and is active . Command Mode VLAN Da tabase C onfigur ation Command Usage • no vlan vlan -id deletes t he VL AN. • no vlan vlan -id name removes the VLAN name.
VLAN C OMMANDS -57 Configuring V LAN Interfaces interface vlan This comma nd enters i nterfac e config ura tion mod e for VLANs , which is used to configur e VLAN par ameters for a ph ysical i nterface . Syntax interface vlan vlan- id vlan-id - ID of the configured VLAN .
-58 Example Th e following exampl e shows how to set the in terfa ce co nfigura tion mode to VLAN 1, an d then ass ign an IP add ress to the VLAN: Related Commands shutdown (3-9) switc hport mode This comma nd config ures the VL AN memb ership mode for a port.
VLAN C OMMANDS -59 Example Th e following shows how to set the con figurat ion mod e to p or t 1, an d then se t the s witchpor t mod e to hybrid: Related Commands switchport acce ptable-frame-types (3-5 9) switchport accep table-frame-typ es This comma nd config ures the accept able fra me type s for a po r t.
-60 Example Th e followin g exa mple s hows how t o re strict the t raff ic rec eived on po rt 1 to t ag ged f ram es: Related Commands switchpor t mo de (3-58 ) switchpor t ingress-filter ing This c ommand enable s ing ress filt ering for an interfac e.
VLAN C OMMANDS -61 Example The follo wing example show s how t o set t he inter face to p ort 1 and then enable ing res s filtering: switch port na tive vlan This c ommand configure s the PV ID (i.e., default V LAN ID ) for a por t. Use the no for m to restore the defau lt.
-62 Example Th e followin g exa mple s hows how t o set the P VID for po rt 1 to VLAN 3 : switc hpo rt al lowe d vla n This comma nd config ures VLAN groups on the selec ted inter face .
VLAN C OMMANDS -63 whethe r to keep or remove t he tag fr om a frame o n egress. • If none of the in termedia te netwo rk devices n or the h ost at the o ther end of th e connect ion suppo rts VLANs, the inter face sho uld be added to these VLANs as an untagg ed member.
-64 Command Usage • This comman d preve nts a VLAN from being automa tically a dded to the speci fied inter face via G VRP. • If a VLAN has been added to the set of allowed VLANs fo r an interface, then you cannot add it to t he set of fo rbidden V LANs for that same interface .
VLAN C OMMANDS -65 Default Setting Shows all VL ANs . Command Mode Nor m al Exec , Privileg ed Exec Example Th e following exam ple s hows how to di splay inf or m ati on for V LAN 1 : Configuring Protocol-based VLANs The ne tw ork devi ces r equired t o supp ort mult iple pr otoc ols canno t be easily g rouped into a common VLAN .
-66 T o config ure pr otocol- based V LANs , follo w the se steps: 1. Fir st config ure VLAN groups for the protoc ols y ou w ant to use (pa ge 3-55). Al thoug h not manda tory , we suggest config urin g a sepa rate VLAN fo r each major protoc ol r unning on you r network.
VLAN C OMMANDS -67 rarp. Default Setting No proto col g ro ups ar e conf igu red. Command Mode Global Configura tion Example Th e following creat es prot ocol g roup 1, a nd spe cifies E ther net f ra.
-68 Command Usage • When c reating a pr otocol -base d VLAN, on ly assi gn inter faces vi a this command. If you a ssign inter faces usi ng any of t he other V LAN commands (such as vlan on page 3-55), these in terfaces will admit traffic of any protocol type int o the a ssociate d VLAN.
VLAN C OMMANDS -69 Command Mode Pri vileged Ex ec Example This s hows pr otocol group 1 conf igured f or IP o ver Ethernet: show inter faces protoco l-vlan p rotocol-g roup Th is comman d shows the mapp ing fro m prot ocol g ro ups t o VLANs f or the se lected i nterfaces .
-70 Example This sh ows that traffic entering P ort 1 that matches the sp ecifications for protocol g roup 1 will be mapp ed to VLAN 2: Configuring P rivate VLANs Pri vate V LANs pro vide port-based se curity and isolat ion betw een ports with in the as signed V LAN .
GVRP AND B RIDGE E XTENSION C OMMANDS -71 Command Usage • A pri vate VLAN provides port-bas ed securit y and i solation betw een ports within the VLAN. Data traffi c on the down link port s can only be forwarde d to, and from, th e uplink p ort. • Priva te VLANs and norm al VLANs can exi st simu ltaneous ly within the same sw itch.
-72 as how to dis play defa ult conf igurati on s ettings f or the Bridg e Exte nsion MIB . bridge-e xt gvrp This c ommand enables GV RP globally for the switch.
GVRP AND B RIDGE E XTENSION C OMMANDS -73 Example show bridg e-ext This command sh ows th e configur ation for bridge extensi on commands . Default Setting None Command Mode Pri vileged Ex ec Command .
-74 Default Setting Disabled Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Channel ) Example show gv rp configu ration This comm and shows if GVRP is enabl ed. Syntax show gvr p configuration [ interface ] interface • ethernet unit / port - unit - This is device 1.
GVRP AND B RIDGE E XTENSION C OMMANDS -75 garp t ime r This comm and sets the values for the join, leav e and leaveall timers . Us e the no for m to re store the timers’ defau lt values .
-76 success fully. Example Related Commands show gar p timer (3-76) show ga rp timer This comma nd sho ws th e GARP timer s for the selec ted inter face . Syntax show garp timer [ inte rfa ce ] interface • ethernet unit / port - unit - This is device 1.
P RIORITY C OMMANDS -77 Related Commands garp timer (3-75) Priority Commands The com mands describe d in this section all ow yo u to specify which data pack ets h ave g reater p recedence when traffi c is buffer ed in the sw itch d ue to co ng estion.
-78 for ea ch inte rface, th e re lative weight of ea ch queu e, and t he mapp ing of frame prio rity tags to the s witch’ s priorit y queue s . Priority Comm ands (Layer 2) switc hpo rt pri ori ty de fault This comma nd sets a p riority for inc oming un tag ged frames .
P RIORITY C OMMANDS -79 def ault- pr ior ity -id - The prior ity numb er fo r untag g ed ing ress tr affic. The p riority is a number f rom 0 t o 7. Seven is t he high est prior ity . Default Setting The p riority is not se t, and t he defau lt value for unta g g ed frame s recei v ed on the i nterface is zero .
-80 queue mode This c ommand sets the que ue mode to strict prio rity or W e ighted R ound-R obin (WRR) for the class of service (CoS) prio rity queues .
P RIORITY C OMMANDS -81 queue ban dwidth This c ommand assigns weig hted round-r obin (W RR) weights to the eigh t class of service (CoS) priorit y queues . Use the no fo r m to restore the defau lt weigh ts. Syntax queue bandwidth weigh t1. ..wei ght4 no queue bandwidth weight1.
-82 Syntax queue cos-map queue_ id [ cos1 ... co sn ] no queue cos-map • queue_ id - The ID of the p riority queu e. Ranges are 0 to 7, wh ere 7 is the high est prio rity queue. • cos1 .. cosn - The CoS values that are mapped to the queue ID. It is a space-s eparated l ist of n umbers.
P RIORITY C OMMANDS -83 Example Th e following examp le shows how to chan ge the Co S as signment s to a one- to-one ma pping: Related Commands show q ueue cos-m ap (3-84) show queue mode This comma nd sho ws th e current queue m ode.
-84 show queue ban dwidth This comma nd displa ys the weigh ted round- robin (WRR) bandwidt h allocatio n for the ei ght prio rity queu es. Default Setting None Command Mode Pri vileged Ex ec Example show queue cos-map This com mand sh ows the cla ss of se r vice pri ority map .
P RIORITY C OMMANDS -85 Default Setting None Command Mode Pri vileged Ex ec Example Priority Commands (Layer 3 and 4) map ip port (Global Configuration) Use this command to enab le IP port map ping (i .e ., class o f service mapping for TC P/UDP sockets).
-86 Default Setting Disabled Command Mode Global Configura tion Command Usage Th e pr ece den ce fo r pri ori ty ma pping is I P Port, IP P rec eden ce o r IP DSCP , and default sw itchport prio rity .
P RIORITY C OMMANDS -87 map ip port (Int erface Conf iguration) Use this comma nd to set I P por t priorit y (i.e., TCP/UDP po rt priority). Use the no for m to remove a specific setting . Syntax map ip por t port-number cos cos-value no map ip por t port-number • port-number - 16-bit TCP/UDP port number.
-88 map ip pre cedence (Global Configuration) This comma nd enabl es IP pr ecedence map ping (i.e ., IP T ype of Ser vice). Use the no form to disa ble IP precedenc e mappin g .
P RIORITY C OMMANDS -89 Default Setting The l ist below shows th e default priority mappin g . Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Command Usage • The pr ecedence fo r prio rity mapp ing is IP Port, I P Precedenc e or IP DSCP, an d default s witchpo rt prio rity.
-90 Command Mode Global Configura tion Command Usage • The pr ecedence fo r priori ty mapp ing is IP Port, IP Precedenc e or IP DSCP, an d default s witchpo rt prio rity. • IP Preced ence and IP DSCP cannot bo th be enabled. Enabli ng one o f these priority types will autom atically d isable the oth er type.
P RIORITY C OMMANDS -91 Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Command Usage • The pr ecedence fo r prio rity mapp ing is IP Port, I P Precedenc e or IP DSCP, an d default s witchpo rt prio rity. • DSCP priority values are mapped to default Class of Service values according t o recommendations in the I EEE 802.
-92 Default Setting None Command Mode Pri vileged Ex ec Example Th e following shows tha t HTTP tr affic h as been mappe d to Co S value 0: Related Commands map ip por t ( Global Configuration ) (3-85) map i p port (Interf ace Conf iguratio n) ( 3-87) show map ip preceden ce This comma nd sho ws th e IP prece dence pri ority m ap .
P RIORITY C OMMANDS -93 Command Mode Pri vileged Ex ec Example Related Commands map ip precedenc e (Global Configurat ion) (3-88) map ip p recedence (I nterface Co nfigurati on) (3-88) show map ip dscp This comm and shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - This is device 1.
-94 Command Mode Pri vileged Ex ec Example Related Commands map ip dscp (G lobal Config uration) (3-89) map ip ds cp (Int erfac e Configu ratio n) ( 3-90) Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --- Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 .
M ULTICAST F ILTERING C OMMANDS -95 Mult icast Fi lteri ng Co mman ds Th is switch us es IGM P (In ter net Group Ma nag ement P rot ocol) to q uer y for any a ttac hed hosts that w ant to rece iv e a spec ific m ulticast ser vice . It ident ifies the ports cont aining ho sts requ esting a service and sends data out to those po rts only .
-96 IGMP Snooping Commands ip igmp snoopi ng This c ommand en ables IGMP sn ooping on this switch. Us e the no form to dis able i t. Syntax [ no ] ip igmp snooping Default Setting Enabl ed Command Mode Global Configura tion Example The follo wing example enables IGMP sno oping .
M ULTICAST F ILTERING C OMMANDS -97 Syntax [ no ] ip igmp snooping vlan vlan -id static ip-address interfac e • vlan -i d - VLAN ID (Range: 1-4094) • ip-address - IP address for multicast group • interface • ethernet unit / port - unit - This is device 1.
-98 Default Setting IGMP V e rsion 2 Command Mode Global Configura tion Command Usage • All sy stems on the su bnet mus t support the sa me version . If t here are legacy devices in your network that only suppo rt Version 1, you will also have to configure this swit ch to use Version 1.
M ULTICAST F ILTERING C OMMANDS -99 Example Th e following shows the cur re nt IGMP s noopin g con figurat ion: show mac-address- table multicast This c ommand shows known multicast addresses.
-100 Example The following shows the multicast entries lear ned through IG MP snoopin g for VL AN 1: IGMP Query Co mmands (Layer 2) ip igmp snooping querier This command enables the switc h as an IGMP queri er .
M ULTICAST F ILTERING C OMMANDS -101 Command Usa ge If enabled, the switch will ser ve as querier if elected. The querier is respon sible fo r asking hosts i f they w ant to recei ve m ulticast traffi c . Example ip igmp s nooping query-coun t This comm and con figures t he query count .
-102 Example The follo wing show s ho w to confi gure th e query count to 10: Related Commands ip igm p snoo ping query-max -respon se-tim e (3-102) ip igmp s nooping query-int erval This comma nd confi gures the quer y interval. Use th e no for m to restore the de fault.
M ULTICAST F ILTERING C OMMANDS -103 Syntax ip igmp snooping quer y-max-r esponse-time seconds no ip igmp snooping quer y -max-response-time seconds - Th e report dela y adv ertised in I GMP quer ies .
-104 ip igmp s nooping router-p ort-expir e-time This comma nd confi gures the query timeout. Use the no for m to restore the de fault. Syntax ip igm p snoo ping rout er- port-expire- time seconds no .
M ULTICAST F ILTERING C OMMANDS -105 Static Multicast Routing Commands ip igmp sno oping vlan mrouter This comm and statically configures a multicast router po rt .
-106 Example Th e fo llowi ng s hows how to conf igu re p or t 1 1 a s a multi cas t ro ute r po r t withi n VLAN 1: show ip ig mp snoopi ng mrouter This comm and displays infor mation on statically config ured and dynamically lear ned multicast rout er port s .
M ULTICAST F ILTERING C OMMANDS -107 IGMP Commands (Layer 3) ip igmp Use this command to enabl e IGMP on a VLAN in terface . Use th e no form of this comm and to di sable IGMP on the specifie d inter face .
-108 Command Usage IGMP qu er y can be enable d globall y at Lay er 2 via the ip ig mp snooping com mand, or enabled fo r specifi c VLAN i nterface s at La yer 3 via the ip igmp command.
M ULTICAST F ILTERING C OMMANDS -109 Command Mode Interf ace Conf igurati on (VLA N) Command Usage The robust ness value is used in ca lculating the app ropriate rang e for other IGMP vari ables, such.
-110 multicast routing prot ocol tha t runs o n the LAN . But for IG MP Version 2, the d esignat ed querie r is the lo west IP -addressed multicast router o n the sub net.
M ULTICAST F ILTERING C OMMANDS -111 • The num ber of s econds r eprese nted by the max imum respo nse in terval must be less tha n the Quer y Interva l (page 3-1 09).
-112 reduced val ue result s in reduc ed time to detect the loss of th e last member of a group. Example Th e following shows how to co nfigure the maximum re spons e time to 10 second s: ip i gmp vers ion Use this command to confi gure the IG MP ve rsion us ed on an in terface.
M ULTICAST F ILTERING C OMMANDS -113 Example The following configures the switch to use IG MP V e rsion 1 on the sele cted inte rfac e: show ip igmp in terface Use this command t o show the IGMP configuratio n for a specific VLAN interface or for all interfaces .
-114 Syntax clear ip igmp group [ gr oup-address | int erf ace vlan vlan-i d ] • group-address - IP address of the multicast g roup . • vlan -i d - VLAN ID (Range: 1-4094) Default Setting Deletes all e ntries in the cache if no options are selected.
M ULTICAST F ILTERING C OMMANDS -115 Command Mode Nor m al Exec , Privileg ed Exec Command Usage • This comm and displays information for multicast g roups learned via IGMP, no t stat ic groups .
-116 IP Inte rface Commands There are no IP ad dresses assigne d to this router by def ault. Y ou must man ually con figure a n ew addres s to m anage the router o ver y our netw ork or to connect th e router to exis ting IP subnets .
IP I NTERFACE C OMMANDS -117 Syntax ip address { ip-address netmask | bootp | dhcp } [ secondar y ] no ip address • ip-address - IP address • netm as k - Network mask fo r the associ ated IP subnet. This mask identi fies the host addre ss bits used for r outing t o specific subn ets.
-118 Anything o utside th is format will no t be accepte d by the configuration progra m. • An int erf ace can ha ve on ly on e prima ry IP addr ess, but ca n have many secondary IP addresse s. In other words, you will need to spe cify second ary addres ses if more than one IP s ubnet c an be acce ssed vi a this interface.
IP I NTERFACE C OMMANDS -119 Syntax ip default-gatew ay ga tewa y no ip default-gateway gat e wa y - IP add ress of the defa ult ga teway Default Setting No static route is established . Command Mode Global Configura tion Command Usage • The gateway specified in t his command is only valid if routing is disab led with the no ip routing com mand .
-120 Example Related Commands show ip redirects (3-120) show ip re directs This comma nd sho ws the d efault gatew ay c onfigured for thi s device . Default Setting None Command Mode Pri vileged Ex ec Example Related Commands ip default-gateway (3-118) ping Th is comm and s ends IC MP echo requ est pa ckets to ano ther node on the network.
IP I NTERFACE C OMMANDS -121 • size - Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the size specified because the rout er adds head er infor mation. Default Setting This command h as no defa ult for t he host.
-122 Address Resolution Protocol (ARP) arp Use this command t o add a stat ic ent r y in the A ddress R esolution Pr otocol (ARP) ca che. Use the no for m to remov e an entr y from the cac he. Syntax ar p ip-address hardware-address no ar p ip-addr ess • ip-address - IP address t o map to a specified h ardware addres s.
IP I NTERFACE C OMMANDS -123 128. • You may need to ente r a stati c entry in the cac he if t here is no resp onse to an ARP broa dcast messag e. For example, some applications may not resp ond to ARP reque sts or the r espons e arri ves to o late , caus ing networ k opera tions to time o ut.
-124 clear arp- cache Use th is command to del ete all d ynamic entries from th e Address Resolution Pro toco l (ARP ) c ache. Command Mode Pri vileged Ex ec Example This examp le clears all dynami c entries in the A RP cac he. show arp Use th is command to dis pla y entries in the A ddress R esolut ion Proto col (ARP) cache.
IP I NTERFACE C OMMANDS -125 Example This examp le displa ys all entr ies in the ARP cach e. ip prox y-arp Use this command to enab le pro xy Addr ess R esol ution Pro tocol (ARP) .
-126 IP Routi ng Commands After you configu re network inter faces for this rout er, you must set the paths u sed to s end t raffic betwee n diff erent inter faces. If you enab le routing on this devic e, traffic will automatically be forwarded between all of the local subn etw orks .
IP R OUTING C OMMANDS -127 Global Routing Configurati on ip rout ing Use this co mmand to enable I P routing . Use the no for m to disable IP routing . Syntax ip r outing no ip routing Default Setting Enabl ed Command Mode Global Configura tion Command Usage • The co mmand affects both s tatic and dynamic u nicast ro uting.
-128 Example ip ro ute Use th is command to conf igure sta tic route s . Use the no for m to remo ve static r out es. Syntax ip r oute { destin ation-ip netmask | default } { gat e wa y } [ metric metric ] no ip route { de stination-ip netmask | def aul t | * } • destination-ip – IP addr ess of th e destin ation ne twork, su bnetw ork, or host.
IP R OUTING C OMMANDS -129 clear i p route Use this command to remo v e dynamica lly learned en tries fro m the IP routing t able. Syntax clear ip route { network [ ne tm ask ] | * } • netw ork – Ne twork or subne t addr ess. • netm as k - Network mask fo r the associ ated IP subnet.
-130 Command Usage If the address is specifie d without the netmask parameter, the route r disp lays all route s for the correspo nding natural class a ddress (page 3-134). Example show ip traff ic Use th is command to disp lay s tatistic s for IP , ICMP , UDP , TCP and ARP protoc ols.
IP R OUTING C OMMANDS -131 Example Routing Informatio n Protocol (RIP) Console#show ip traffic IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gate way .
-132 route r r ip Use th is com mand to enabl e R outing Information P rotocol (RIP ) routin g for all IP inte rfaces on the rout er . Use the no form to disable it.
IP R OUTING C OMMANDS -133 Related Commands network (3-134) timer s ba sic Use this comma nd to con figure th e RIP updat e timer, timeou t timer, and garbage- collecti on timer .
-134 netwo rk. Example This e xample se ts the u pdate time r to 40 seco nds . Th e timeou t timer is subsequently set to 240 seconds , and the garbage-collection tim er to 160 second s . netw ork Use this command t o specify the network interfaces that will be include d in the RIP r outing pro cess .
IP R OUTING C OMMANDS -135 Example This exampl e includes n etwo rk inte rface 10.1.0.0 in the RIP routing proce ss. Related Commands router rip (3-132) neig hbor Use this command to defin e a neighboring router w ith which this router will exc hange routing infor m ation.
-136 Syntax ver si o n { 1 | 2 } no version • 1 - RIP V ersion 1 • 2 - RIP V ersion 2 Command Mode R outer Configura tion Default Setting RIP V ersion 1 Command Usage • Whe n this co mmand is us.
IP R OUTING C OMMANDS -137 ip rip receive version Use this command to sp ecify a RIP v ersion to recei ve on an int erface. Us e the no for m to re store the default value. Syntax ip rip receiv e v ersi on { none | 1 | 2 | 1 2 } no ip rip receiv e version • none - Does not a ccept incoming RIP pac kets .
-138 Example This example s ets the interface ver sion for VLAN 1 t o receiv e RIPv1 packet s . Related Commands version (3-13 5) ip rip send v ersio n Use this command to speci fy a RIP v ersio n to send o n an int erface . Use the no for m to restor e the default value.
IP R OUTING C OMMANDS -139 - Use “none ” to pas sively monitor r oute in forma tion adve rtised by other router s atta ched to the net work. - Use “1” or “2” if all ro uters in the lo cal ne twork a re ba sed on RIPv 1 or RIPv2, respectively.
-140 Command Usage • Split horiz on nev er prop aga tes rou tes b ack t o an inte rface from wh ich they ha ve been acqu ired. • Poiso n reverse pr opagate s routes back to an interface po rt from which they h ave been a cquired, b ut sets the di stance-vec tor metric s to i nfinity.
IP R OUTING C OMMANDS -141 Example This exampl e sets an au thentica tion pas sw ord of “smal l” to v erify incoming ro uting m essages and t o tag o utg oing ro uting m essages.
-142 Example Th is example sets th e auth entica tion mode to plain te xt. Related Commands ip rip authentication key (3-140) show ri p globals Use th is command to disp lay g lobal co nfigur ation se ttings for RIP .
IP R OUTING C OMMANDS -143 show ip rip Use this command to displa y infor mation abou t interfac es config ured for RIP . Syntax show ip rip { co nfiguration | status | pee r } • configuration - Sho ws RIP co nfigur ation setti ngs for each interface.
-144 Open Shortest Path Fir st (OSPF) SendMod e RIP version sen t on this interface ( none, RIPv1, RIPv2, or RIPv2-broadca st) ReceiveM ode RIP version rece ived on this interfa ce (none, RIPv1, RIPv2, RIPv1 or RIPv2) Poison Shows if split -horizon, poison -r eve rse, or no proto col message loopback pre vention metho d is in use.
IP R OUTING C OMMANDS -145 Route Metr ics and Summa ries area range Summarizes routes advertised by an ABR RC 3-15 1 area def ault-co st Sets the cost for a default summ ary route sent int o a stub or.
-146 rout er ospf Use this co mmand to enable Ope n Shor test Path First (OS PF) routin g for all I P inte rface s on the rou ter . Use th e no form to disable it.
IP R OUTING C OMMANDS -147 Command Usage • OSPF is used to spe cify how ro uters exch ange rou ting tab le information. • This com mand is als o used to enter rout er configur ation mode . Example Related Commands network area (3-155) route r-i d Use this command to assign a unique router ID for this device within the autonomo us syst em.
-148 • If the prio rity values of the rou ters bid ding to be the de signa ted ro uter or backup designated router fo r an area ar e equal, th e router with the highes t ID is elected. Example Related Commands router ospf (3-146) compatible rfc1583 Use this command to calculate summary route costs using RFC 1583 (OSPFv1).
IP R OUTING C OMMANDS -149 default- informa tion origi nate Use this comman d to gene rate a default exte rn al route into a n autonomou s system . Use the no for m to disable this feature .
-150 used to impo rt external rout es via RIP or stat ic routing, an d such a route is k nown. • Type 1 route adve rtisement s add the intern al cost to the extern al route metric.
IP R OUTING C OMMANDS -151 • Using a low value all ows the ro uter to swi tch to a n ew path fas ter, but uses more CPU proces sing tim e. Example area rang e Use this command to summarize the rout es adv ertised b y an Area Borde r Router (ABR). Use the no fo r m to dis ab le thi s fu nct i on.
-152 Example This example cre ates a summ ary address for all area rou tes in the ran ge of 10.2.x.x. area def ault-c ost Use this command to specify a cost fo r the defa ult summary route sen t into a s tub or not-so-st ubby ar ea (NSSA) f rom an Area Border R outer (ABR).
IP R OUTING C OMMANDS -153 summary-address Use this command to ag g regate routes l earned from oth er protoco ls . Use the no for m to remove a summar y address . Syntax summar y-address summar y-address netmask no summar y-addr ess summar y-addr ess netm ask • summar y-addr ess - Summary address co v ering a range of add resses .
-154 redis tri bute Use th is comm and to i mport external routing information fro m other routing do mains (i.e., pr otoco ls) into the auton omous syst em .
IP R OUTING C OMMANDS -155 • Metric t ype speci fies th e way to adver tise ro utes to de stinati ons ou tside the AS via Extern al LSAs. Specify Typ e 1 to add the int ernal cost metric to th e exter nal route metric.
-156 Command Usage • An area I D uniquely defin es an OSPF broa dcast are a. The area ID 0.0.0.0 indicates the OSPF backbone for an autonomous system.
IP R OUTING C OMMANDS -157 • area-id - Identifies the stub area. (The area ID must be in the form of an IP addre ss.) • summar y - Makes an Area Border R outer (ABR) send a summary link adv er tisement into the stub area. (Def ault: no s ummar y) Command Mode R outer Configura tion Default Setting No stub is co nfigured.
-158 area nssa Use this c ommand to de fine a not-s o-stubby a rea (N SSA). T o remove an NSSA, use t he no form without a ny optio nal ke yw ords . T o remo ve an optiona l attrib ute, use the no for m wi thout th e relevant keyword.
IP R OUTING C OMMANDS -159 import a default ex ternal A S route (fo r routing protoc ol domain s adjacent to the N SSA but n ot within th e OSPF AS ) into the NS SA using the default-infor mation-originate keyw ord.
-160 area virtu al-link Use this command to define a virtual link. T o remove a vir tual link, use the no form with no op tional keyw ords . T o resto re the de fault va lue for an attribut e, use the no for m wi th the requi red keyword.
IP R OUTING C OMMANDS -161 • retransmit-inter v al seconds - Specifies the inte r val at wh ich the ABR retransmits link-state advertisements (LSA) ov er the vir tual link.
-162 Default Setting area-id : Non e ro ut er -id : No ne hello-inter val : 10 seconds retransmit-inter v al : 5 se cond s transmit-delay : 1 se con d dead-inter val : 40 seconds authentication-key : None message-digest-key : None Command Usage • All area s must be connect ed to a b ackbone ar ea (0.
IP R OUTING C OMMANDS -163 ip ospf au thenticatio n Use this co mmand to speci fy the auth entica tion type used for an interf ace . Enter this command w ithou t any op tion al paramet ers to specify plain t ext (or simple password) auth entica tion. Use the no for m to restore the default of n o authen tication .
-164 ip ospf au thenticatio n-key Use this command to assign a simple p assw ord to be use d by neighborin g routers . Use the no form to remove the passw ord. Syntax ip ospf authentication-key key no ip ospf authentication-key key - Sets a p lain tex t passw ord.
IP R OUTING C OMMANDS -165 ip ospf message-digest-k ey Use this command to enab le mes sage-digest (MD 5) auth entic ation on the specified int erface and to assign a ke y-id and ke y to be used by neigh boring routers . Use the no for m to remove an existin g key .
-166 Related Commands ip ospf authentication (3-163) ip o spf c ost Use th is command to exp licitly set th e cost of s ending a pac ket on an interface. Use the no form to restore the default v alue. Syntax ip ospf cos t cost no ip ospf cost cost - Link m etric for th is interfac e.
IP R OUTING C OMMANDS -167 secon ds - The max imum tim e that ne ighbor rout ers can w ait for a hello packet before declaring the tran smitting router do wn.
-168 Example ip o spf pr iori ty Use th is command to set the router priorit y used wh en dete r mining the design ated rout er (DR) an d backup designa ted router ( BDR) for a n area. Use the no form to restore the defaul t value . Syntax ip ospf priority priority no ip ospf priority priority - Sets the in terface prio rity for this router.
IP R OUTING C OMMANDS -169 ip ospf retr ansmit-interv al Use this comma nd to sp ecify the tim e between r esending link-sta te adver ti sem ents (LS As).
-170 Command Mode Interf ace Conf igurati on (VLA N) Default Setting 1 second Command Usage LSAs hav e th eir age increm ented b y this dela y befor e transm ission . Whe n estim ating the transm it delay , cons ider bo th the tr ansm ission and propagation delays for an inter face.
IP R OUTING C OMMANDS -171 show ip os pf bord er-routers Use this command t o show entri es in the r outing t able t hat lead to an Area Border Router (A BR) or Autono mous Syst em Boundar y Router (ASBR).
-172 show ip os pf databa se Use thi s comman d to sh ow infor m ation about d iffere nt OSPF Link S tate Advertisement s (LSAs) stored in t his router’ s database.
IP R OUTING C OMMANDS -173 - An IP netw ork numb er fo r Type 3 S ummary a nd Exte rnal LS As - A R o u t e r I D f o r R o u t e r , N e t w o r k , a n d T y p e 4 A S S u m m a r y L S A s Also , note th at whe n an T yp e 5 ASBR Ext er nal LS A is des cribing a default route , its link-sta te-id is set to the defau lt destina tion (0.
-174 Th e followi ng shows output when using the asbr-summar y keyw ord. Console#show ip ospf database asbr-summar y OSPF Router with id(10.1.1.253) Displaying Summary ASB Link Sta tes(Area 0.0.0.0) LS age: 433 Options: (No TOS-capability) LS Type: Summary Links (AS Boundary Route r) Link State ID: 192.
IP R OUTING C OMMANDS -175 Th e followi ng shows output when using the database-s ummar y keyword . Console#show ip ospf database database-su mmary Area ID (10.
-176 Th e followi ng shows output when using the exter nal keyw ord. Console#show ip ospf database external OSPF Router with id(192.168.5.1) (Autonom ous system 5) Displaying AS External Link Sta tes LS age: 433 Options: (No TOS-capability) LS Type: AS External Link Link State ID: 10.
IP R OUTING C OMMANDS -177 Th e followi ng shows output when using the network keyw ord. Forward Address Forwardin g addres s for data to be pas sed to the advertised destination (If set to 0.
-178 Th e followi ng shows output when using the router keyw ord. LS Sequence Number Sequence number of LSA (used to detect older du plicate LSAs) LS Checksum Checksu m of the complete contents of the LSA Length The length of the LSA in bytes Netw ork M ask Ad dress mask for t he n etwo rk Attached Router List of routers attached to the network; i.
IP R OUTING C OMMANDS -179 Link State ID Router ID of the router that originated the LSA Advertising Router Advertising router ID LS Sequence Number Sequence number of LSA (used to detect older du pli.
-180 Th e followi ng shows output when using the summar y keyw ord. Console#show ip ospf database summary OSPF Router with id(10.1.1.253) Displaying Summary Net Link Sta tes(Area 10.
IP R OUTING C OMMANDS -181 show ip ospf in terface Use this co mmand to displa y summary infor mation for OSPF interfaces . Syntax show ip os pf inter face [ vla n vlan -id ] vlan-i d - VLAN I D (Range : 1-4094) Command Mode Pri vileged Ex ec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.
-182 show ip os pf neigh bor Use th is com mand to displ ay inf or mation ab out nei ghbor ing rout ers on each interface w ithin an OS PF area. Syntax show ip ospf neighbor Command Mode Pri vileged E.
IP R OUTING C OMMANDS -183 show ip osp f summary-address Use this command t o display all summar y address infor mation. Syntax show ip ospf s ummar y-address Command Mode Pri vileged Ex ec Example This e xample sh ows a summar y addres s and asso ciate d network mask.
-184 show ip os pf virtual-l inks Use th is command to disp lay d etaile d infor mation about virtual links. Syntax show ip ospf virtual-links Command Mode Pri vileged Ex ec Example Related Commands a.
M ULTICAST R OUTING C OMMANDS -185 Multicast routers use snoop ing and quer y messag es , along with a multicast routing protoco l to deliv er IP multicast packets across different subnetw orks . This rou ter supports b oth the Dis tance-V ector Multica st R outing Protocol (D VMRP) an d Protoc ol Independ ent Mult icastin g (PIM).
-186 • interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting No stat ic mul ticast ro uter ports are co nfigur ed.
M ULTICAST R OUTING C OMMANDS -187 Default Setting Displays multicast router por ts for all configured V LANs . Command Mode Pri vileged Ex ec Command Usage Multicast router por t types di splayed include Static or Dynamic.
-188 Command Mode Global Configura tion Command Usage This c ommand is used to enable multicast routing globally for th e router . Y ou also need t o globall y enable a specific multicast routin g pro.
M ULTICAST R OUTING C OMMANDS -189 and source pair, detailed info r mation is displayed only for the speci fied entr y . If th e summar y option is selected, an abbreviated li st of infor mation for each entr y is displayed on a single line.
-190 This example lists all entries in the multicast table in sum mar y for m: Console#show ip mroute summary IP Multicast Forwarding is enabled. IP Multicast Routing Table (Summary) Flags: P - Prune UP Group Source Source Mask Interface Owner Flags --------------- --------------- --------- ------ ---------- ------- ------ 224.
M ULTICAST R OUTING C OMMANDS -191 DVMRP Multicast Routing Commands rout er dvmrp Use this co mmand to en able Distanc e-V ector Multicast Routing (DVMRP) global ly for the r outer and to enter router co nfiguratio n mode . Use the no for m to disa ble D VMRP multicast routing.
-192 Syntax router dvmr p no router dvmr p Command Mode Global Configura tion Command Usage This com mand enables DVMRP globally for the router and enters router con figuration mode .
M ULTICAST R OUTING C OMMANDS -193 second s - Inter val between sending ne ighbor p robe messag es. (Range: 1-65535) Default Setting 10 seconds Command Mode R outer Configura tion Command Usage Probe .
-194 Example repor t-int erva l Use this c ommand t o specify how oft en to pr opag ate th e comple te set o f routin g tables to othe r neigh bor DVMRP rout ers. Use the no form t o restore the defa ult value. Syntax repor t-inter val seco nds second s - Inter val between sending the co mplete set of r outing tables .
M ULTICAST R OUTING C OMMANDS -195 Default Setting 5 second s Command Mode R outer Configura tion Example prun e-life ti me Use this command t o specify how long a pr une state will remain in effect for a multicast tre e. Use the no for m to restor e the de fault value.
-196 defa ult-g atew ay Use th is com mand t o speci fy the default D V MRP gatew ay for IP mult icast traffic. Use the no for m to remove the default g ateway . Syntax default-gateway ip-addr ess no default-gateway ip-address - I P addr ess of the de fault D VMRP gatew a y .
M ULTICAST R OUTING C OMMANDS -197 ip dvmrp Use this command to enable D VMRP on the specifie d interface . Use the no form t o disable D VMRP on this inter face.
-198 ip dvm rp metr ic Use th is command to conf igure t he metr ic used i n selectin g the r eve rse path t o ne tworks co nne cted d ire ctly to a n int erfa ce on this rou ter.
M ULTICAST R OUTING C OMMANDS -199 As sh own bel ow , this command clears ev erything from th e route t able ex cept for th e default rout e. show rou ter dvmrp Use this comman d to display the global DVMRP configuration se ttings.
-200 The defa ult set tings are sho wn in t he foll owin g exampl e: show ip dvmrp r oute Use th is command to disp lay all e n tries in the DVMRP routing table.
M ULTICAST R OUTING C OMMANDS -201 show ip dvmrp ne ighbor Use this command to displa y all of the D VMRP neighbo r routers . Command Mode Nor m al Exec , Privileg ed Exec Example UpTime The time elapsed since this entry was created. Expire The time remaining before this entry will be aged out.
-202 show ip dv mrp inter face Use this command to displ ay the DV MRP confi guration fo r interface s which have enab led DVMRP . Command Mode Nor m al Exec , Privileg ed Exec Example PIM-DM Multicas.
M ULTICAST R OUTING C OMMANDS -203 router pim Use this c ommand to e nable Pr otocol-I nde pendent M ulticas t - Dens e Mode (PIM -DM) glob ally for t he router a nd to en ter router configurat ion mode. Use the no for m to disa ble PIM-DM multicast routing .
-204 ip pim de nse- mo de Use this command to enable PI M-DM on t he specifie d inter face. Use the no form t o disable PI M-DM on this inter face. Syntax ip pim dense-mode no pim dense-mode Default S.
M ULTICAST R OUTING C OMMANDS -205 Example ip pim hell o-interval Use this command to conf igure the frequency at whic h PIM hel lo messages ar e transmit ted. Us e the no form to restore the default va lue. Syntax ip pim hello-inter val seconds no pim hello-inter val second s - Inter val between sending PIM he llo messag es .
-206 ip pim he llo- holdt ime Use this command to conf igure the i nter val to wai t for he llo messages from a n eighbor ing PI M router before dec laring i t dead. U se the no form to restore th e default v alue . Syntax ip pim hello-holdtime second s no ip pim hello-inter val second s - The hold time for PIM hello messages .
M ULTICAST R OUTING C OMMANDS -207 Default Setting 5 second s Command Mode Interf ace Conf igurati on (VLA N) Command Usage • When a router first starts or P IM is enabled on an inter face, the hello-int erval is s et to ra ndom value betw een 0 and the trigger-hello-in terval.
-208 Command Usage The multicast in terface that fi rst receiv es a multicast stream from a particular source forw ards this traffic to all other PIM interface s on the router . If there ar e no request ing g roups on that inter face, the leaf node sends a prune message upstream and enters a prune state for t his multicast stream.
M ULTICAST R OUTING C OMMANDS -209 Example ip pim max-g raft-retries Use this comm and to configure the maximum number of time s to resend a Graft m essage if it has not been ackno wledged.
-210 show ip pi m interface Use this command to displ ay information abou t int erfaces confi gured for PIM. Syntax show ip pi m interf ace vlan-id vlan-id - VLAN ID (Range : 1-4094) Command Mode Nor .
R OUTER R EDUND ANC Y C OMMANDS -211 Command Mode Nor m al Exec , Privileg ed Exec Example Router Re dund ancy Com man ds R outer redu ndancy pr otocols use a virtual IP address to support a primary router a nd mu ltiple ba ckup routers .
-212 Virtual Router Redundancy Pr otocol Commands T o configure VRRP , select an i nterfac e on one rou ter in th e group to ser ve as the ma ster virtual router .
R OUTER R EDUND ANC Y C OMMANDS -213 Use the no form to di sable VRRP on an i nterface a nd remo ve the IP address fro m the virtual router . Syntax vr r p gr oup ip ip-addr ess [ secondar y ] no vr r p gr oup ip ip-addr ess [ secondar y ] • group - Identifies the vir tual router group.
-214 This example cre ates VRRP group 1 us ing the prim ar y interface fo r VLAN 1 as the V RRP group Owner , and also adds a secondary interfa ce as a memb er of the group . vrrp aut hentication Use this command to specify t he key used to authenticat e VRRP pac kets recei ved from other routers .
R OUTER R EDUND ANC Y C OMMANDS -215 Example vrrp prior ity Use this comma nd to set th e priority of this rout er in a VRRP g ro up . Use the no for m to re store th e default se tting. Syntax vr r p gr oup priority level no vr r p gr oup priority • group - Identifies the VRRP g roup.
-216 Example Related Commands vr rp preempt (3-217) vrrp timers advertise Use this command to set the inter va l at whic h the m aster virtual ro uter sends advertis ements co mmunic ating its state as the m aster . Use the no for m to restore the default in ter val.
R OUTER R EDUND ANC Y C OMMANDS -217 before atte mpting to take over as the m aster is thre e times the hello interval plus half a second Example vrrp preempt Use this command to conf igure the router t o take ov er as the maste r virtual rout er for a VRRP group if it has a higher priority than the cur rent actin g master route r .
-218 Example Related Commands vr rp priority (3-215) show vrrp Use this co mmand to displa y statu s inform ation fo r VRRP . Syntax show vr r p [ brief | group ] • brief - Displays summar y infor matio n for all VRR P g roup s on this router . • group - Identifies a VRRP g roup .
R OUTER R EDUND ANC Y C OMMANDS -219 This examp le displa ys the full lis ting of status infor mation for all g roup s . Console#show vrrp Vlan 1 - Group 1, state Master Virtual IP address 192.
-220 This example disp lays the brief listin g of status infor m ation for all g ro ups . show vrrp interf ace Use this command to displ ay statu s information for th e specified V RRP interface. Syntax show vrr p interface vlan vl an- id [ brief ] • vlan -i d - Identifier of configured VLAN interface .
R OUTER R EDUND ANC Y C OMMANDS -221 Defaults None Command Mode Pri vileged Ex ec Example This examp le displa ys the full lis tin g of stat us infor mation for V LAN 1. * Refer to “s how vrrp” on p age 3-218 for a description of the display items.
-222 show vr rp router cou nters Use th is com mand to d isp lay co unt ers for er ro rs f oun d in VRR P pr otoc ol packet s . Command Mode Pri vileged Ex ec Example Note that unkno wn errors indi cate VRRP pac ke ts recei ved w ith an unknown or u nsuppor t ed version number.
R OUTER R EDUND ANC Y C OMMANDS -223 Example * Refer to “Displaying VRRP Group S tatistics” on page 3-235 for a description of the display items. clear vr rp rout er counters Use this co mmand to clear VRRP s ystem statis tics .
-224 Command Mode Pri vileged Ex ec Example Console#clear vrrp 1 interface 1 counters Console#.
R OUTER R EDUND ANC Y C OMMANDS -225 Hot Standby Router Pro tocol Commands T o configure HSRP , add the interface fo r each router that will par ticipate in the vi rtual router group , set t he prior ities , and confi gure an authentication string .
-226 for m to disable HSRP o n an interfac e and remov e the IP address f or the virtual router . Syntax standby [ gr oup ] ip [ ip-address [ secondar y ]] no standby [ gr oup ] ip [ ip-addr ess ] • group - Identifies the vir tual router group. (Range: 0-255) • ip-address - The designated IP address o f the virtual router .
R OUTER R EDUND ANC Y C OMMANDS -227 • HSRP is en abled once the des ignated a ddress an d prio rity are configure d, and t he master and sta ndby router s are e lected b ased on highes t priorit y.
-228 become the active master r outer agai n if the co nfigured p rioriti es have not be en chang ed. • If two o r more route rs are c onfigur ed with th e same HS RP priori ty, the router wit h the hig her IP addre ss is electe d as the new master rout er if the curr ent master fa ils.
R OUTER R EDUND ANC Y C OMMANDS -229 Default Setting Group nu mber : 0 Preempt : Disabl ed Delay: 0 seco nds Command Mode Interfac e (VLA N) Command Usage • If preem pt is enabl ed, and t his router h as a prio rity hig her than t he current acting mast er, it will take over as the new master.
-230 standb y authenti cation Use this co mmand to specify t he key used to authenticat e HSRP pack ets recei ved from other routers . Use the no f orm to dele te an auth entic atio n string . Syntax standby [ gr oup ] authentication string no standby [ gr oup ] authentication • group - Identifies the HSRP g roup.
R OUTER R EDUND ANC Y C OMMANDS -231 Example Related Commands standby priority (3-227) standb y timers Use this c ommand t o set the time betwee n the ma ster a nd stan dby rout er sending hello pack ets , and the tim e before other rout ers decl are the a ctiv e master ro uter or standby router d own.
-232 • Route rs on whi ch the tim er settin gs have not been co nfigure d can learn the curr ent timer va lues fro m the mas ter or s tandby rout er. Tim ers configure d on th e master ro uter always overrid e any other timer setting s. All routers in an HSRP gr oup shoul d be con figured with th e same tim er values.
R OUTER R EDUND ANC Y C OMMANDS -233 Default Setting Group nu mber : 0 Interface prio rity: 10 Command Mode Interfac e (VLA N) Command Usage • This co mmand adju sts th e HSRP router p riority based on the availability of its IP interfaces.
-234 show stand by Use this co mmand to displa y statu s information for HSRP . Syntax show standby [ active | init | listen | standby ] [ brie f ] •a c t i v e - Displ ays HSRP g ro ups in th e active state. •i n i t - Displays HSRP g rou ps in the initial st ate.
R OUTER R EDUND ANC Y C OMMANDS -235 Field Description Local state State of the local router: • Active - Curre nt master router. • Standby - De signated backup route r next in line to tak e over as the ma ster router. • Speak - Rou ter is send ing pac kets to claim the ma ster or standby ro le.
-236 This example disp lays the brief listin g of status infor m ation for all g ro ups . Authenticatio n text Key used to authenticate HSRP packets received from ot her routers. Tracking interface states List of interfaces that are being t racked and their corresponding states.
R OUTER R EDUND ANC Y C OMMANDS -237 show standby in terface Use this command to displa y HSRP status information fo r the spec ified interface. Syntax show standby interface vlan vlan-i d [ group group ] [ active | init | lis ten | standby ] [ brief ] • vlan -i d - Identifier of configured VLAN interface.
-238 Example This examp le displa ys the full lis tin g of stat us infor mation for V LAN 1. For a description of the displayed information, see the preeeding “show standby” command.
-1 A PPENDIX A S OFT WARE S PECIFICATI ONS Softwa re Feat ures Au then ticati on Local, RADIUS , TA CA CS , P or t (802.1x), HTT PS , SSH, P o rt Security Access Control Lists IP , MA C (up to 32 lis .
-2 Rapid Spanning T ree Protocol (RSTP , IEEE 802.1w) Multiple Spanning T ree Protocol (MSTP , IEEE 802.1 s) VLAN Supp or t Up to 255 gr oups; port-based, protocol-based, or tag ged (802.
S TAND ARDS -3 SNMP Manag eme nt acce ss via MIB datab ase T rap management to sp ecified hos ts RMON Groups 1, 2, 3, 9 (Statistics, Histor y , Alar m, Event) Standards IEEE 802.3 Ether net, IEEE 802.3u F ast Ether net IEEE 802.3x Full-duplex flow control (ISO/I EC 8802-3) IEEE 802.
-4 SNTP (RFC 2030) SSH (V ersion 2.0) VRRP (RFC 2338) Management Information B ases Bridge MIB (RFC 1 493) D VMRP MIB Entity MIB (RFC 2737) Ethernet MI B (RFC 2665) Ether-lik e MIB (RFC 2665) Extended.
M ANAG EMENT I NFORMATI ON B ASES -5 TCP MIB (RFC 2013) T rap (RFC 1215) UDP MIB (RFC 2012) VRRP MIB (RFC 2787).
-6.
B-1 A PPENDIX B T ROUBLESHOOTING Troubl eshooting Ch art Symptom Action Cannot con nect using Telnet, web browse r, or SNMP software • Be s ure yo u have configure d the V LAN in terface through which t he manage ment s tation is conne cted wit h a valid IP a ddress , subne t mask and def aul t gat eway.
T R OUBLESHOOTING B-2.
Glossary-1 G LOSSA RY Acc ess Co ntro l Li st (AC L) A CLs can limit network traffic and restrict access to cer tain users or devices by checking each pack et for cer tain IP or MAC (i.e., La yer 2) infor mation. Address Re soluti on Proto col (ARP) ARP converts between IP addresse s and MAC (i.
G LOSSAR Y Glossary-2 Distance Vector Multicast Routin g Protocol (DVMRP) A distance- vector-style routing protocol used for routing multicas t datag ram s through the Internet. DV MRP combines many of the features of RIP with R e verse P ath F orwarding (RPF).
G LOSSAR Y Glossary-3 Group Attribute Regi strati on Protocol (GAR P) See Generic Attribute Registr ation Protocol. Hot Stand by Rout er Pr otoc ol (HSRP) This pr otocol allows hosts to conne ct to a single vir tual router and to maintain connectivity even if the actual first hop ga tewa y they are using fails .
G LOSSAR Y Glossary-4 IGMP Snooping Listening to IGM P Quer y and IGMP Repor t packets transfer red between IP Multicast Routers and IP Multicast host g roups to identify IP Multicast g roup members .
G LOSSAR Y Glossary-5 Layer 2 Data Link layer in the ISO 7- Layer Data Communications Protocol. This i s related directly to the hardware interface for ne twork devices and passes on traffic based on MA C address es . Layer 3 Network la yer in the ISO 7- Layer Data Communications Protoco l.
G LOSSAR Y Glossary-6 Out-of-Band Management Manag ement of the net work from a station not atta ched to the network. Port Authentication See IEEE 802.1 x. Port Mirror ing A method whereby data on a targe t port is mir rored to a monitor por t f or troublesh ooting with a logi c analyzer or RMON probe.
G LOSSAR Y Glossary-7 Remote Monitoring (RMON ) RMON provides comprehensive netw ork moni toring capabilities. It eliminate s the polling requ ired in standard SN MP , and can set alar ms on a variety of traffic conditions, including specifi c er ror types .
G LOSSAR Y Glossary-8 data along the sho rtes t available path, maximizing the perfor m ance and effici ency of the network. Terminal Access Controller Access Control System Plus (TACACS+) TACACS+ is a logon authentica tion protocol th at uses sof tware ru nning on a central ser ver to control access to TA C A CS-complia nt devices on the net work.
G LOSSAR Y Glossary-9 host device which has been con figured with a fixed gateway to maintain netw ork connectivity in case the primar y g ateway goe s down. XModem A protocol used to transfer file s between devices. Data is groupe d in 128-byte blocks and er ror-corr ected.
G LOSSAR Y Glossary-10.
Index-1 Symbols 3-31 Numerics 802.1x, port authen tication 3- 42 , 4-74 A acceptab le frame type 3-11 8 , 4-184 Access Control List See ACL ACL Extended IP 3-51 , 4-82 , 4-83 , 4-86 MAC 3-51 , 4- 82 ,.
I NDE X Index-2 DVMR P configuring 3-23 4 , 4- 285 global setti ngs 3- 234 , 4- 285 – 4-289 interface settin gs 3-237 , 4-289 – 4-29 0 neighbor routers 3- 239 , 4-292 routing table 3-240 , 4-292 d.
I NDEX Index-3 IP routing 3- 176 , 4-235 configuring interfa ces 3-180 , 4- 227 enabling or disabling 3-179 , 4-23 5 status 3-179 , 4- 235 unicast p rotocols 3-178 IP, stat isti cs 3-189 , 4-238 J jum.
I NDE X Index-4 P password, line 4- 13 passwords 2-4 administrator setting 3-30 , 4-25 path cost 3- 90 , 3-98 method 3-94 , 4- 167 STA 3-90 , 3-98 , 4-167 PIM-DM 3-24 1 , 4-293 configuring 3-24 1 , 4-.
I NDEX Index-5 specifications , software A-1 SSH, configuring 3-35 , 4- 35 , 4-36 STA 3-88 , 4-162 edge port 3-98 , 3-100 , 4-17 4 global se tti ngs, conf iguring 3-92 , 4-163 – 4-168 global se tti .
I NDE X Index-6 W Web interface access requirements 3-1 configurat ion b uttons 3- 2 home page 3-2 menu list 3-3 panel display 3-3.
.
38 T esla Irvine, CA 92618 Phone: (9 49) 679-8000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Cana da (24 hours a day , 7 days a wee k) (800) SMC-4-YOU; (94 9) 679-800 0; Fax: (949) 679- 1481 From Europ e : Contact de tails can be found on www .smc-europ e.
デバイスSMC Networks SMC8612XL3 F 1.0.1.3の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
SMC Networks SMC8612XL3 F 1.0.1.3をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはSMC Networks SMC8612XL3 F 1.0.1.3の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。SMC Networks SMC8612XL3 F 1.0.1.3の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。SMC Networks SMC8612XL3 F 1.0.1.3で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
SMC Networks SMC8612XL3 F 1.0.1.3を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はSMC Networks SMC8612XL3 F 1.0.1.3の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、SMC Networks SMC8612XL3 F 1.0.1.3に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちSMC Networks SMC8612XL3 F 1.0.1.3デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。