SMC NetworksメーカーTIGERSWITCH 10/100の使用説明書/サービス説明書
ページ先へ移動 of 318
T igerSwitch 10/100 24-P ort F ast Ether net Switch ◆ 24 10B ASE-T/100B ASE-T X auto M DI/MDI-X ports ◆ Optional 1000B ASE-X or 100 B ASE-FX modules ◆ 8.
.
38 T esla Irvi ne, CA 9 2618 Phone: (949) 67 9-8000 T igerSwitch 10/100 Ma nageme nt Guide From S MC’ s T iger li ne of feat ure-rich w orkgroup LAN solut ions May 2003 Pub.
Inform ation furni shed by SMC Net works, Inc. (SMC) is believ ed to be ac curate an d reliable . However , no re spons ibility i s assumed b y SMC f or it s use, no r fo r any inf ringe ment s of pat ents or oth er rig hts of t hird pa rties w hic h ma y resul t fr om its use.
v L IMITED W ARRA NTY Limite d W arranty St atemen t: SMC Networks, Inc. (“SMC”) warran ts its prod ucts to be fr ee from defects in work manship and ma terials, under nor mal use and service, for the applicable warranty term.
L IMITED W ARRA NTY vi FOREG OING W ARR ANTIE S AND REMEDIES ARE EXCLUSIV E AND A RE IN LI EU OF AL L OTH ER W ARR ANTIES OR CONDIT IONS, E XPRE SS OR IMPLIED , EIT HER IN F ACT OR BY OPERA TION OF LA W , ST A TUTORY OR OT HER WISE, I NCLUDING W AR RANT IES O R COND ITION S OF ME RCH ANT AB ILITY A ND FIT NESS FOR A P AR TIC ULAR PUR POSE.
i C ONTENTS 1 Switch Management . . . . . . . . . . . . . . . . . . . . . . 1-1 Conn ecting to the Swi tch . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Confi guration O ptions . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Requir ed Conne ctions .
C ONTENTS ii Port Configur ation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30 Displ aying Con nectio n Status . . . . . . . . . . . . . . . . . . . 2-30 Confi guring In ter face Conne ctio ns . . . . . . . . . . . . . . . 2-32 Sett ing Broad cast St orm Thres holds .
C ONTENTS iii Int erfaces Attach ed to a Multicas t Route r . . . . . . . . . . . 2-89 Specify ing Int erfaces Attached to a Mu lticast Route r . . . 2-91 Disp layi ng Po rt Memb ers o f Mult icas t Ser vices . . . . . . . 2- 92 Adding Multic ast Addr esses t o VLANs .
C ONTENTS iv exi t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Flash/ File Co mmands . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS v sho w dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 SNMP Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 4 snmp -server c ommunity . . . . . . . . . . . . . . . . . . . . . . . 3-54 snmp -server c ontact .
C ONTENTS vi show queue ho l-prev ention . . . . . . . . . . . . . . . . . . . . 3-87 Int erface Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88 int erface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89 descr iption .
C ONTENTS vii switc hport acc eptable-fr ame-types . . . . . . . . . . . . . . 3-126 switc hport ing ress-fil tering . . . . . . . . . . . . . . . . . . . . 3-12 7 switc hport nat ive vlan . . . . . . . . . . . . . . . . . . . . . . . 3-128 switc hport allo wed vlan .
C ONTENTS viii A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troub leshoot ing Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 B Upgrading Firmware via the Serial Port . . . . . . . B-1 Rest oring Switc h Default s .
1-1 C HAPTER 1 S WITCH M ANAGEMENT Connecting to the Switch Configuration Options This switch includes a bu ilt-in netwo rk managem ent agent . The agent of fers a variety of manage ment optio ns, i ncluding SNMP , RMON an d a W eb-bas ed interfac e.
S WI TC H M ANAGEMENT 1-2 The s witch ’s CLI configu ratio n pr ogram , W eb inte rfac e, and SNMP agen t allow you to perf orm the follo wing manage ment fu nctions : • Set user names and pas swo.
C ONNECTIN G TO THE S WI TC H 1-3 • RADIU S client supp ort • MA C filt erin g secu rity Required Connections The switc h prov ides an RS-2 32 serial port that enables a con nection to a PC or te rminal fo r mo nitori ng and c onfigur ing the swit ch.
S WI TC H M ANAGEMENT 1-4 Note: W hen usin g Hy perTer minal wit h Mi crosoft ® Windows ® 2000 , make su re that you have W indows 2 000 Servi ce Pack 2 or late r install ed. Windo ws 2000 Servic e Pack 2 fixes the probl em of arrow key s not fu nction ing in H yperTe rminal’s VT100 emul ation.
B ASI C C ONFIGURATIO N 1-5 bro wser (I nternet Exp lorer 5. 0 or above, or Net scape Na vigator 6.2 or above), or from a net work comp uter u sing netwo rk manageme nt software. Note: Th e onboar d pro gram on ly prov ides access to bas ic con figurati on fun ctions.
S WI TC H M ANAGEMENT 1-6 Setting Passwords Note: If this is your first time to log int o the C LI prog ram, you shou ld defi ne new passw ords fo r both defau lt use r names usi ng the “ username” comman d, reco rd th em and p ut them in a safe place.
B ASI C C ONFIGURATIO N 1-7 Setting an IP Address Y ou mu st esta blish IP address informat ion for the sw itch to obtai n managem ent acce ss through the net work. This can be do ne in eit her of the followi ng ways: Man ual — Y ou have to inpu t the in for mati on, incl uding IP addre ss and su bnet mas k.
S WI TC H M ANAGEMENT 1-8 • Defaul t gateway for the net work • Net work ma sk fo r th is netwo rk T o assign an IP addres s to the swit ch, comple te the followin g steps : 1. From the Privileg ed Exec lev el global con figurati on mode pr ompt, ty pe “interf ace vlan 1” to acces s the int erface-c onfigur ation mode.
B ASI C C ONFIGURATIO N 1-9 If the “bo otp” o r “dhcp ” opti on is s aved t o the s tartu p-co nfig fi le (step 6), th en the s witch wil l start broadc asting serv ice reques ts as soon as it is po wer ed on.
S WI TC H M ANAGEMENT 1-10 6. The n save yo ur con figurati on ch anges b y typing “copy run ning-co nfig st artup -confi g.” Enter the star tup fil e name and pres s <En ter>. Enabling SNMP Management Access The switch can be config ured t o accep t manag ement com mands from Si mple N etwork M anagement P rotocol (SNMP) applic ations .
B ASI C C ONFIGURATIO N 1-11 The default stri ngs are : • public - wit h read- only ac cess. A uthorize d manageme nt stati ons are only able to ret rieve M IB objec ts. • privat e - with read-w rit e acces s. Auth ori zed man ageme nt stati ons are able t o both retrie ve and m odify M IB obj ects.
S WI TC H M ANAGEMENT 1-12 Trap Rec eivers Y ou can al so spe cify SNM P stati ons that are to re ceiv e traps from the swi tch. T o config ure a t rap recei ver , com plete the follo wing st eps: 1.
M ANAGING S YST EM F ILES 1-13 2. Enter the nam e of the start-up file . Press <E nter>. Managi ng System Files The swi tch’s flas h memor y sup port s three type s of system fil es th at can be ma naged by the CLI pro gram, W eb interfac e, or SNMP .
S WI TC H M ANAGEMENT 1-14 also pro vides a facilit y to upload firmwar e files to the sys tem direct ly th rough t he co nsole port. Se e “Upgrad ing F irmware via the Serial Port” on page B-1. Due to the size limit of the flas h memor y, the switch support s only one oper ation code file, and two diag nostic code fi les.
S YST EM D EFAULTS 1-15 SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabled Link-up-down events: enabled Security Privileged Exec Level Usern.
S WI TC H M ANAGEMENT 1-16 Port Status Admin Status Enabled Auto-negotiation Enabled Flow Control D isabled 10/100 Mbps Port Capability 10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100.
S YST EM D EFAULTS 1-17 Virtual LANs Default VLAN 1 PVID 1 Acce pta ble Fra me Ty pe All Ingress Filtering Disabled Switchport Mode (Egress Mode) Untagged frames Private VLAN No Private VLAN GVRP (glo.
S WI TC H M ANAGEMENT 1-18.
2-1 C HAPTER 2 C ONFI GURING THE S WI TC H Using the Web Inter face Thi s switch pr ovides an em bedded HT TP W eb agent. Using a W eb bro wser you can c onfigur e the s witch an d view statist ics to monit or netwo rk acti vity.
C ONFIGURI NG THE S WI TC H 2-2 Notes: 1. You are allowed t hree att empts to en ter th e corr ect passw ord; on the third fai led atte mpt the cur rent conn ectio n is termi nated. 2. If yo u log i nto th e Web interfac e as gues t (Norm al Exec leve l), you c an vie w page informa tion but only change the guest pa ssword.
N AVIGATI NG THE W EB B RO WS E R I NTER FAC E 2-3 Home Page When your W eb browser connec ts with the sw itch’s W eb agent, the home p age i s displaye d as sh own bel ow. The h ome pag e dis plays t he Main M enu on t he lef t side of the screen an d System Inform ation on the r ight side.
C ONFIGURI NG THE S WI TC H 2-4 new sett ing. The foll owing table s ummarizes the W eb page con figurati on butt ons. Notes: 1. To ensure pr oper scr een refres h, be sure that Int ernet Expl orer 5.
M AIN M ENU 2-5 Main Menu Using the onboard W eb age nt, you can d efine s ystem para meters , manag e and contro l the switc h, and all its ports, or monitor net work cond itions . The fol lowing t able b riefly de scrib es the sel ections av ailable from this program.
C ONFIGURI NG THE S WI TC H 2-6 Trunk Broadcast Control Sets the broadcas t storm threshold for each trunk 2-34 Mirror Sets th e source and target ports for mirroring 2-37 Addr ess Table Static Addres.
M AIN M ENU 2-7 VLAN Trunk Configuration Specifies default trunk VID and VL AN attributes 2-65 Privat e VLAN Private VLAN Information Shows private VLANs and associated por ts 2-69 Private VLAN Config.
C ONFIGURI NG THE S WI TC H 2-8 IGMP IGMP Configuration Enables multicast filtering; configures parameters for multicast query 2-87 Multicast Router Port Information Displays the ports that are attach.
B ASI C C ONFIGURATIO N 2-9 Basic Configurati on Displaying System Information Y ou ca n easi ly ident ify th e syst em by p rovidin g a d escript ive name , loc ation and contac t info r mat ion. Comman d Attr ibutes • System Name – Name ass igned to the switc h syst em.
C ONFIGURI NG THE S WI TC H 2-10 We b – Click System , System Info r mation . Specify the sys tem name, location, and contact information for the sy s tem ad m inistrato r , then clic k A pply. (This page also includes a T elnet button th a t allows access to the Command Line Interface via Teln et.
B ASI C C ONFIGURATIO N 2-11 CLI – Sp ecify t he host name, lo cation and co ntact i nformation . Setting the IP Address The IP addre ss for th is swit ch i s unassig ned by d efault. T o manu ally confi gure an address , you nee d to c hange th e switc h’s defaul t settin gs (IP addr ess 0.
C ONFIGURI NG THE S WI TC H 2-12 Comma nd Att ributes • Management VLAN – Thi s is t he only VLAN thr ough whi ch you c an manage th e swit ch. By def ault , all ports on the swi tch are me mbers of VLA N 1, so a managem ent stati on can be con nected to any p ort on the swi tch.
B ASI C C ONFIGURATIO N 2-13 Manu al C onfigu rat ion We b – Click System, I P . Spec ify the m anagement i nterface, IP addre ss and default g ateway, then clic k Appl y.
C ONFIGURI NG THE S WI TC H 2-14 We b – Click System, I P . Specify t he Manage ment VL AN, and set the IP A ddr ess Mo de t o DH CP or BOOT P . Cl ick A pply to s ave y our chan ges. Then click Rest art DHCP to immediate ly reque st a new addr ess.
C ONFIGURING U SER A UTHENT ICATION 2-15 Renewing DCHP – D HCP may l ease addr esses to cli ents inde finite ly or f or a s pecific period o f time. If the address expires or th e switch is moved to anot her netwo rk segment , you will lo se manag ement access to t he swit ch.
C ONFIGURI NG THE S WI TC H 2-16 The default guest name i s “guest ” with t he pass word “g uest.” The defa ult adm inistr ator name is “admi n” with t he pas sword “ad min.” Note th at user na mes can only be assi gned via th e CLI. Comma nd Att ributes • User Na me* – The name of the user.
C ONFIGURING U SER A UTHENT ICATION 2-17 Configuring RADIUS Logon Authentication Rem ote Au then ticat ion Di al-i n Us er Service (RADIUS) is a logon auth enticat ion pro tocol that us es soft ware runn ing on a centra l ser ver to cont rol acce ss to RADI US-co mpliant devi ces on the netwo rk.
C ONFIGURI NG THE S WI TC H 2-18 Comma nd Att ributes • Aut henti cati on – Select the authe nticati on, or au thenti cation seq uence r equired : - Radius – U ser aut henti cation is per forme d using a RADI US serve r only. - Local – Use r authen ticatio n is per formed only l ocally by the switch .
C ONFIGURING U SER A UTHENT ICATION 2-19 We b – Click System, R adius. T o confi gure local or rem ote authen ticatio n pr eferen ces, s pecif y the authen ticatio n seq uence (i.e. , one to two methods), fill in the pa rameters for RADI US authen ticatio n if selec ted, and cl ick Appl y.
C ONFIGURI NG THE S WI TC H 2-20 Managing Firm ware Y ou can u pload/do wnload firmware to or from a TFTP server . By savi ng runtim e code to a file o n a TF TP serve r , that fi le can lat er be downl oaded to the swi tch to restore operation . Comma nd Att ributes • TFTP Server IP Address – The I P addres s of a TFTP serv er.
M ANAGING F IR MWAR E 2-21 We b – Cli ck System, Firmware. Enter the IP addr ess of the TFT P server , ente r the file name o f the softw are to down load, enter the Des tination F ile Nam e to ove rwrite t he curr ent file on the switch then clic k Transfer from Server .
C ONFIGURI NG THE S WI TC H 2-22 Saving or Restoring Configuration Settings Y ou ca n upload/do wnloa d config uration sett ings t o/from a TFT P serve r . The configurat ion fil e can be later d ownloaded to res tore the swi tch’ s setting s. Comma nd Att ributes • TFTP Server IP Address – The I P addres s of a TFTP serv er.
M ANAGING F IR MWAR E 2-23 We b – Click System, C onfigu ration. Enter the I P addres s of the TFT P serv er , en ter the nam e of the file t o download , selec t a file on t he swit ch to overwrite or spe cify a ne w file n ame, and then clic k Transfe r from Server .
C ONFIGURI NG THE S WI TC H 2-24 If yo u downl oad the startu p confi guratio n file under a new file name, you can se t this fil e as the startup fi le at a later ti me, and then restart th e switc h. Resetting the System We b – Cl ick Sy stem, Reset.
D ISPLAY ING B RIDG E E XTENSION C APABIL ITIES 2-25 Comma nd Att ributes • Extended M ulticas t Filteri ng Servic es – This swi tch does not supp ort the fil tering of individual multicas t address es based on GMRP (G ARP Mu lticast Regist ration Protocol).
C ONFIGURI NG THE S WI TC H 2-26 We b – Cli ck System, Bridge Ex tensio n. CLI – E nter t he followi ng com mand. Console#show bridge-ext 3-145 Max support vlan numbe rs: 127 Max support vlan ID: .
E NABL ING OR D ISABL ING GVRP (G LOBAL S ETTIN G ) 2-27 Enabling or Disabl ing GVRP (Global S etting) GARP VLAN Regi strati on Pr otoc ol (GVR P) defi nes a way for swit ches to exchange VLAN in formation i n order to regi ster V LAN mem bers on ports a cros s the n etwor k.
C ONFIGURI NG THE S WI TC H 2-28 Displaying Switch Hardwa re/Soft ware Versions Use the Switch Infor mation page to disp lay hard war e/f irm ware vers ion numb ers fo r the main board an d mana gem ent s oftw are, a s well as the power status of the system.
D ISP LAYI NG S WI TCH H AR DWAR E /S OFTWAR E V ERSIONS 2-29 We b – Click System, Switch Information. CLI – U se the fo llowing c ommand t o display v ersion information.
C ONFIGURI NG THE S WI TC H 2-30 Port Configuration Displaying Connection Status Y ou can u se the Port In formatio n or T runk In formation p ages t o dis play the current connecti on s tatus, inc luding link st ate, speed / dupl ex mo de, fl ow co ntrol , and a uto -negot iat ion .
P ORT C ONFIGURATIO N 2-31 • MAC Address – The physic al layer address fo r this port. - CLI on ly; to access th is on the Web, see “S etti ng the IP Add ress” on page -1 1. • Trunk Member – Shows if port is a tru nk member. (Port Infor mation onl y) • Creation – Shows i f a trunk is manu ally confi gured.
C ONFIGURI NG THE S WI TC H 2-32 CLI – T his ex ample s hows the co nnectio n statu s for P ort 13. Configuring Interface Connections Y ou ca n use the Port Configu ration or T runk C onfigurat ion .
P ORT C ONFIGURATIO N 2-33 • Flow Control* – Allows yo u to m anually enab le or d isable flow contro l. • Autonegotiation (Port Cap abil ities) – Allows auto -negoti ation to be e nabled/di sable d. When aut o-neg ot iatio n is enab led, you n eed to sp ecif y the capa bili ties to be advert ised.
C ONFIGURI NG THE S WI TC H 2-34 We b – Cli ck Port, Port Conf iguratio n or T runk Config uration . Modi fy the r equire d interfac e sett ings, and clic k Apply.
P ORT C ONFIGURATIO N 2-35 Y ou can prot ect your net work fro m broadcast st orms by sett ing a port o r trunk thres hold for br oadcast traffic. Any broadcast p ackets exc eeding the s pecifi ed th reshold will t hen b e drop ped. Comma nd Usage • Broadcast Storm Control is e nabled by default .
C ONFIGURI NG THE S WI TC H 2-36 We b – Click Port, Port Bro adcast C ontrol or T runk Broadc ast Cont rol. Set the t hreshol d for each po rt or trunk, an d th en clic k Apply . CLI – Specify an interface, and the n enter the threshold . The fo llowing s ets broadc ast s uppre ssion a t twe nty per cen t of the por t bandwi dth fo r Po rt 3.
P ORT C ONFIGURATIO N 2-37 Configuring Port Mirroring Y o u can mirror tr affic fr om any sou rce port to a target port fo r real-time analysis. Y ou can then at tach a logic analyzer or RMON probe to t he tar get por t and st udy th e traffic cros sing t he sour ce port in a com plete ly uno btrusi ve manne r .
C ONFIGURI NG THE S WI TC H 2-38 We b – C lick Po rt, Mir ror . Spe cify the sou rce por t, the t raffic type to be mirror ed, and the moni tor po rt, the n click Add . CLI – Use the in ter face co mmand to se lect th e monito r port, th en use the po rt mo nitor comma nd to s pecify the sou rce port.
A DDR ES S T ABLE S ETTINGS 2-39 Setting Static Addresses A static address can be assign ed to a spec ific inte rfac e on this switc h. Static addres se s are bo und to the assigned interface and will not be m oved.
C ONFIGURI NG THE S WI TC H 2-40 We b – Click Ad dress T able, Static Addr esses. Sp ecify the mode, th e interface, the MAC add ress and duration, then cli ck Add Static Addr ess. CLI – This ex ample adds an address t o the static address t able, and sets it to per manent b y default.
A DDR ES S T ABLE S ETTINGS 2-41 Comma nd Att ributes • Interface – Indi cates a port o r tru nk. • MAC Address – Physic al address associ ated with thi s interfac e. • Address Ta ble Sort Key – You ca n sort the infor mation displ ayed based on int erface (p ort or t runk) or MAC addre ss.
C ONFIGURI NG THE S WI TC H 2-42 Changing the Aging Time Y ou can se t the agi ng time for e ntries in the dynam ic address table. Comma nd Att ributes • Aging Time – The time after which a learned entry is disc arded . (Range: 2-172 800 sec onds; D efault: 3 00 seco nds) We b – Click Addres s T ab le, A ddress Agin g.
S PANN ING T RE E A LGOR ITHM C ONFIGURATIO N 2-43 devi ce (exc ept for the r oot devi ce) whic h incur s the l owest path cost when forwarding a packet from t hat devi ce to the root device.
C ONFIGURI NG THE S WI TC H 2-44 The f ollowing global att ribute s display statis tical val ues and c annot be ch anged : • Configuration Changes – The n umber o f times the Sp anning Tree has be en reconfi gured. • Last Topology Change – Ti me sin ce the Spanning T ree was las t reconf igur ed.
S PANN ING T RE E A LGOR ITHM C ONFIGURATIO N 2-45 the n etwor k. (Re feren ces to “p or ts” in thi s sectio n mea ns “int erfac es,” which incl udes bot h ports and trunks .) - D e f a u l t : 2 0 - Mi nimum: The hig her of 6 or [2 x (Hell o Ti me + 1)] .
C ONFIGURI NG THE S WI TC H 2-46 CLI – Thi s command displa ys global S T A settings, followed b y settings for each port. Note: The curre nt roo t port and cur rent root cos t disp lay as z ero when this de vice is not c onnecte d to t he netw ork.
S PANN ING T RE E A LGOR ITHM C ONFIGURATIO N 2-47 Configuring the Global Settings for STA We b – Click Spanning T ree, ST A Configu ration. Modify the requir ed attr ibutes, and click Apply. CLI – This ex ample enabl es Spanning T ree Protoc ol, and th en sets the indicat ed attr ibutes.
C ONFIGURI NG THE S WI TC H 2-48 Comma nd Att ributes The f ollowing attribut es are r ead-only and canno t be changed : • Port Status – Displays cu rren t state of thi s port with in the Spanning Tree: - Disa bled - The p ort has been d isable d by th e user or has fail ed dia gno stics .
S PANN ING T RE E A LGOR ITHM C ONFIGURATIO N 2-49 • Designated Cost – The cost fo r a pack et to travel fr om thi s port to t he root i n t he c urre nt Sp anni ng Tr ee config urat ion.
C ONFIGURI NG THE S WI TC H 2-50 • Path Cost – This paramete r is used by the STP to d etermi ne the bes t path be tween d evices. Ther efore, lowe r value s should be assign ed to po rts att ached to faster medi a, and h igher va lues assigne d to ports wi th slowe r media.
S PANN ING T RE E A LGOR ITHM C ONFIGURATIO N 2-51 Displaying the Interface Settings for STA We b – Click Spanning T ree, ST A Port Information or ST A T runk Inf ormation.
C ONFIGURI NG THE S WI TC H 2-52 Configuring the Interface Settings for STA We b – Click Spanning T ree, ST A Port Configur ation or ST A T runk Confi guration. Mo dify the requi red attrib utes, th en click Appl y. CLI – T his ex ample set s ST A att ributes for po rt 5.
VLAN C ONFIGURATIO N 2-53 VLA Ns help t o simpl ify net work man ageme nt by all owing you to move d evice s to a new VLAN without having to chan ge any phy sical c onnect ions.
C ONFIGURI NG THE S WI TC H 2-54 traffic t o the s ame VLA N(s), ei ther manual ly or dynamicall y using GVRP . Howeve r , if you want a port on th is switch to par ticipate in one or more VLA Ns, but.
VLAN C ONFIGURATIO N 2-55 Automatic VLAN Registrat ion – GVRP (GAR P VLAN Re gistra tion Prot ocol ) def ines a syste m whe reb y the sw itch can aut oma tical ly learn t he VLAN s to whic h eac h endst ation should be assig ned. If an endst ation (or its net work adapte r) suppor ts the IEE E 802.
C ONFIGURI NG THE S WI TC H 2-56 Forwarding Tagged/Untagged Frames If you want to create a small port-base d V LAN for devices attached dir ectly to a sin gle switc h, you can assign po rts to the sam e unt agged V LAN.
VLAN C ONFIGURATIO N 2-57 *W eb On ly We b – Cli ck VL AN, VLA N Base In format ion. CLI – E nter t he followi ng com mand. Displaying Current VLANs The VLAN Curre nt T able s hows the cu rren t port memb ers of each VLAN an d wh ether or not the p ort s upports VL AN tagg ing.
C ONFIGURI NG THE S WI TC H 2-58 • Status – Shows how th is VLAN was adde d to the swi tch. - Dynamic GVRP : Automat ically lear ned via GVRP. - Permanent : Added as a static entry. • Egress Ports – Sh ows all the VLAN port members . • Untagged Por ts – Shows the unta gged VLAN por t mem bers.
VLAN C ONFIGURATIO N 2-59 • Ports / Channel groups – Shows the VLA N interface member s. CLI – C urrent VLAN i nformation can b e displ ayed with the follo wing comm and. Creating VLANs Use t he VLAN Static List t o create or re move VL AN groups .
C ONFIGURI NG THE S WI TC H 2-60 • State (CLI) – Shows if thi s VLAN is enabled or disabled. - Active : VLAN is operat ional. - Suspend : VLAN is su spended ; i.e., doe s not pass p ackets. • Add – Adds a new VLAN group to th e curren t list. • Remove – Re moves a VLAN gr oup fro m the cu rrent l ist.
VLAN C ONFIGURATIO N 2-61 Adding Static Members to VLANs (VLAN Index) Use t he VLAN Static T able to confi gure por t member s for the select ed VLAN in dex. A ssign ports as ta gged i f th ey are conn ected to 802 .1Q VLAN complian t devices , or untagged th ey are not con nected to any VLA N-aware devices .
C ONFIGURI NG THE S WI TC H 2-62 • Member ship T ype – Select VLAN m embership fo r each int erface by marking t he approp riate rad io button for a port or trunk: - Tagged : Interface is a member o f the VLA N. All p ackets transm itted by the po rt will be tag ged, t hat is, carry a tag an d the refore ca rry VLA N or Co S informati on.
VLAN C ONFIGURATIO N 2-63 We b – Cli ck VLAN , VLAN Stati c T abl e. Select a VLAN ID fr om the scro ll-down list. Modify the VLA N name and status i f requ ired. Selec t the member ship type by m arking the app ropri ate radi o butt on in th e list of ports or trun ks.
C ONFIGURI NG THE S WI TC H 2-64 Adding Static Members to VLANs (Port Index) Use t he VLAN Static Members hip by Port m enu to a ssign VLAN grou ps to the se lected inter fac e add an int erf ace to the se lecte d VLAN as a tag ged me mber . Comma nd Att ributes • Interface – Por t or t runk iden tifie r.
VLAN C ONFIGURATIO N 2-65 CLI – T his ex ample ad ds Port 3 to VLAN 1 as a tagg ed port. Configuring VLAN Behavior for Interfaces Y o u ca n confi gur e VLA N behav ior for spec ifi c int erfa ces , inc ludin g the de fault VLA N identifi er (PVID ), accept ed frame types, i ngress filt ering, GVRP st atus, and GARP timers .
C ONFIGURI NG THE S WI TC H 2-66 - If ingress filtering is enabled , the in terface will discar d inco ming fram es tagg ed f or VLA Ns wh ich do not includ e th is ingr ess po rt in their m embe r set. - Ingress f iltering does no t affect VLAN ind epende nt BPDU frames, such as GVRP or STP .
VLAN C ONFIGURATIO N 2-67 • GARP Leave Timer * – The interval a p ort wait s before leav ing a VL A N gr o up . T h is t im e s h o ul d b e s e t to m o re t h a n t w ic e t he join time. T his en sures th at af ter a Leave or Leave All message has b een is sued , the a ppl icant s can rejo in b efore the port actuall y leave s the group.
C ONFIGURI NG THE S WI TC H 2-68 We b – Cli ck VLAN, VLAN Port Conf igurati on or VLAN T runk Confi guration. Fill in the req uired s etting s for ea ch inte rface, cli ck Apply.
C ONFIGURI NG P RIVA TE VLAN S 2-69 por ts in their o wn co mmunit y VLAN , and wi th thei r de signate d prom iscuous port s. (Not e that private VLA Ns and normal VLAN s can exist simult aneously within t he sam e switc h.) Eac h privat e VLAN con sists of two com pone nts: a pri mar y VLAN and one or more c ommunity VLANs.
C ONFIGURI NG THE S WI TC H 2-70 Comma nd Att ributes • VLAN ID – ID of config ured VLAN (1-4 094, no lead ing zero es). • Primary VLAN – The primar y VL AN with which t he sele cted VLAN is associated . (N ote that th is disp lays as VLAN 0 if the select ed VLAN is itse lf a primary VLAN .
C ONFIGURI NG P RIVA TE VLAN S 2-71 CLI – This example shows the sw itch c onfigure d with primary VLAN 5 and sec ondary VLAN 6. P ort 3 h as bee n config ured as a prom iscuous p ort an d mapped t o VLAN 5 , while p orts 4 an d 5 have bee n configur ed as a hos t p orts and are a sso ciated w ith VLA N 6.
C ONFIGURI NG THE S WI TC H 2-72 We b – Click P rivate VLAN , Private VLAN Configurati on. En ter the VLA N ID number , select Prim ary or Commun ity type , then cli ck Add. T o rem ove a pri vate VLA N from the swi tch, h ighlight an entry in t he Curr ent lis t box and th en click R emove.
C ONFIGURI NG P RIVA TE VLAN S 2-73 We b – Click Private VLAN, Private VLAN Ass ociation. Sel ect the req uired primar y VLAN from t he scroll-d own box, hig hlight one or more co mmunit y VLANs in the No n-Asso ciation li st box, and cl ick Add t o assoc iate th ese entri es with the se lected primary VLAN.
C ONFIGURI NG THE S WI TC H 2-74 Comma nd Att ributes • Port/Trunk – The switch inter face. • PVLAN Port Type – Display s private VLA N port type s.
C ONFIGURI NG P RIVA TE VLAN S 2-75 CLI – This example shows the sw itch c onfigure d with primary VLAN 5 and sec ondary VLAN 6. P ort 3 h as bee n config ured as a prom iscuous p ort an d mapped t o VLAN 5 , while p orts 4 an d 5 have be en config ured as a host por ts and ass ociated wit h VLAN 6.
C ONFIGURI NG THE S WI TC H 2-76 • Primary VLAN – Co nveys t raffic betwee n prom iscuou s port s, and b etween promis cuous p orts and commu nity po rts wi thin the associated secondary VLANs . I f PVLAN type is “Pr omiscuous ,” then s pecif y the associ ated pr imary VLAN .
C LASS OF S ERVI CE C ONFIGURATIO N 2-77 CLI – This example shows the sw itch c onfigure d with primary VLAN 5 and sec ondary VLAN 6. P ort 3 h as bee n config ured as a prom iscuous p ort an d mapped t o VLAN 5 , while p orts 4 an d 5 have be en config ured as a host por ts and ass ociated wit h VLAN 6.
C ONFIGURI NG THE S WI TC H 2-78 Thi s switc h uses W eighte d Round -Robin as the de faul t mode for each port. Up t o 8 sep arate traffic classes are defined in IEEE 802. 1p. The defaul t prio rity levels are assi gned accord ing to recom mendati ons i n the IE EE 802.
P ORT T RUNK C ONFIGURATIO N 2-79 Comma nd Att ributes • WRR – Weighted Ro und-R obin share s bandwidth at th e egress port s by using sche duling weig hts of 1, 3, 12 and 48 for queue 0, 1, 2 and 3 respec tive ly.
C ONFIGURI NG THE S WI TC H 2-80 Comma nd Usage Besi des bala ncing the loa d across each por t in the trunk, th e othe r port s provide redundan cy by taking ove r the load if a port in the trunk fails.
P ORT T RUNK C ONFIGURATIO N 2-81 • New – Select s a predef ined port gro up to a dd to the spec ifie d trunk. We b – Clic k T runk, T r unk Configur ation. Enter a trunk ID of 1 -4 in the Trunk fi eld, se lect an y of th e pred efin ed port gr oups from the scro ll-down list, and click A dd.
C ONFIGURI NG THE S WI TC H 2-82 CLI – T his ex ample c reates trunk 1 with ports 5 and 17 . Jus t con nect thes e por ts to two static trun k ports o n anothe r switc h to form a trunk.
C ONFIGURI NG SNMP 2-83 sub mit a vali d communit y str ing for aut hentic ation. T he opti ons for con figuring commun ity st rings and re lated trap func tions ar e des cribed in th e followin g sectio ns. Setting Community Access Strings Y ou ma y config ure u p to fi ve com munit y stri ngs aut hori zed fo r manageme nt acces s.
C ONFIGURI NG THE S WI TC H 2-84 We b – Click SN MP , SNMP Config uration. Add ne w commu nity strings as requir ed, se lect the access righ ts from the Access M ode drop -do wn lis t, the n clic k Add. CLI – T he follo wing e xample add s the s tring “spiderman” with read/w rite ac cess.
C ONFIGURI NG SNMP 2-85 Comma nd Usage • You c an enable o r disabl e authent icati on messa ges via t he Web inte rfac e. • You c an enable or dis able authe nticat ion messages or link- up-down me ssages via the CLI. Comma nd Att ributes • Trap Manage r Capability – Indi cates that the s witch su pports up to f ive tra p mana gers .
C ONFIGURI NG THE S WI TC H 2-86 We b – Clic k S NMP , SNMP Config uration. Fi ll in the IP addr ess and comm unity s tring f or each T rap M anager t hat will r eceive these mess ages, mark Enable Authen tica tion T raps i f requ ired, and then clic k Add.
M ULT ICA ST C ONFIGURATIO N 2-87 Thi s switch uses I GMP (Inte r net Group Managemen t Prot ocol) to quer y for any attached hos ts that want to rec eive a specific mul ticast ser vice. It ident ifies t he ports co ntaini ng host s request ing to join th e serv ice and s ends dat a out t o th ose port s only.
C ONFIGURI NG THE S WI TC H 2-88 adjac ent mul ticast swi tch/r outer t o ensur e that it will cont inue to re ceive the m ulticas t servic e. Note: M ulticast router s use this in formation, along wit h a mul ticast r outing p rotocol such as DVMRP or PIM, to supp ort IP multicas ting ac ross t he Int ernet.
M ULT ICA ST C ONFIGURATIO N 2-89 We b – Cli ck IGMP , IGMP Conf igurati on. Adjust the IGM P set tings as re quired, an d then clic k Apply. (T he defau lt setti ngs are shown bel ow.) CLI – Th is exa mpl e mo difies the settin gs f or mu ltica st fi lter ing, a nd then display s the curr ent status.
C ONFIGURI NG THE S WI TC H 2-90 Y ou can use the Mul ticast Ro uter Port I nformati on page to display the por ts on this swi tch attac hed to a neig hbori ng multica st route r/ switch for each V LAN I D. Displ aying Interf aces Attached to a M ulticast Router Command Attributes • VLAN ID – ID of confi gured VLA N (1-409 4).
M ULT ICA ST C ONFIGURATIO N 2-91 Specifying Interfaces Attached to a Multicast Router Dep ending o n your n etwork c onnecti ons, IGM P snoop ing may not always be able to lo cate th e IGMP q uerier .
C ONFIGURI NG THE S WI TC H 2-92 CLI – T his exam ple con figures port 11 as a mul ticast r outer por t within VLAN 1. Displaying Port Members of Multicast Services Y ou can d isplay t he por t member s associ ated with a spec ified VLA N and multicas t IP address.
M ULT ICA ST C ONFIGURATIO N 2-93 We b – Click IG MP , I P Mu ltic ast R egist ratio n Table. S elec t the VLAN ID a nd mult ic ast IP a ddres s. The swit ch wil l disp lay a ll the po rts that are propagating th is mult ica st servic e.
C ONFIGURI NG THE S WI TC H 2-94 Adding Multicast Addresses to VLANs Mult icast filt ering can be d ynamical ly co nfigured using IGMP Snoo ping and IGMP Que ry me ssag es as desc ribe d in “ Con figu ring IGM P Paramete rs” on page 2-8 7 .
M ULT ICA ST C ONFIGURATIO N 2-95 We b – Clic k IGMP , IGMP Member Por t T able. Spec ify the interface attached to a mu lticast service (via an IG MP -enab led switch or mult icast rou ter), indi cate the VLA N that wil l propagate the multi cast ser vice, sp ecify th e mult icast IP ad dress, and then click Add .
C ONFIGURI NG THE S WI TC H 2-96 Showing Port Statistics Y ou can displ ay standard statis tics on netw ork traffic f rom the Int erfaces Grou p and Ethernet- like MIBs, as wel l as a detailed breakd own of tr affic based on th e RMOM M IB. Interf aces and Eth er net -like s tatisti cs display errors o n the traffi c passin g throug h each port.
S HO WING P ORT S TAT IST ICS 2-97 We b – Click Statist ics, P ort Statis tics. Se lect t he requi red inte rface, and cli ck Query. Y ou can also use th e Ref resh butt on at the bott om of th e page to u pdate the scre en.
C ONFIGURI NG THE S WI TC H 2-98 CLI – This exam ple shows st atisti cs for port 1. Rate Limit Configu ration This funct ion all ows th e netw ork m anager to co ntrol the m aximum rat e fo r traff ic tr ansm itted o r rec eive d on an inte r fa ce.
R ATE L IMI T C ONFIGURATIO N 2-99 Rat e limit ing can b e appl ied to in dividual p orts or trunks . When an int erface is configur ed with this featur e, the traffic rat e will be mon itore d by the hard ware to veri fy confo rmity. No n-conf orming traffic is dr opped, conforming traffic is for warded wit hout any chang es.
C ONFIGURI NG THE S WI TC H 2-100 We b - Click R ate Limit, Inpu t/Outpu t Rate Limit Po rt/T run k Confi guration. Enable the Rate Limit Stat us for t he require d inter fac es, set th e Rate Limi t to one of the options shown i n the prec edi ng tabl e, and cl ick A pply.
C ONFIGU RING 802.1 X P ORT A UTHENT ICATION 2-101 The IEEE 802 .1x (dot 1x) st andard de fines a p ort-based acce ss cont rol proc edure tha t pr even ts una uthor iz ed ac cess to a netwo rk by r equirin g user s to first enter a user I D and p asswor d for authen ticatio n.
C ONFIGURI NG THE S WI TC H 2-102 Displaying 802.1x Global Settings The dot1x prot ocol i nclud es glob al para meter s that contro l th e cli ent auth entica tion p roces s that runs b etween the cl ient and the swit ch (i.
C ONFIGU RING 802.1 X P ORT A UTHENT ICATION 2-103 We b – Click d ot1x, dot1 X Infor mation . CLI - This e xample shows t he defa ult pr otocol setti ngs for dot1x . Configuring 802.1x Global Settings The dot1x protocol includes g lobal parameters that control the client authentication proce ss that runs be tween the client and the s w i tch (i.
C ONFIGURI NG THE S WI TC H 2-104 identity look up process t hat runs between the switch and authentic ation server. The configuration opt ions for parameters are d escribed in t his section.
C ONFIGU RING 802.1 X P ORT A UTHENT ICATION 2-105 We b – Se lect d ot1x, dot 1X Conf iguratio n. Enab le dot1 x gl obally f or the swit ch, modify any of t he parame ters req uired, and t hen click Apply. CLI – Th is exam ple enab les re-a uthenti cation a nd sets all of the global parameters fo r dot1x.
C ONFIGURI NG THE S WI TC H 2-106 • Mode – Se ts the authent ication mode t o one of th e foll owing opti ons: - For ce-Au thoriz ed – Confi gures th e port to grant access to all cli ents, eit her dot 1x-aware or other wise. - F orce-Unauthori zed – Configu res the port to deny ac cess t o all c lients, e ither dot1x-aware or oth erwise.
C ONFIGU RING 802.1 X P ORT A UTHENT ICATION 2-107 CLI – This e xample sets the au thenti cation mod e to enable do t1x on po rt 2. Displaying 802.1x Statistics Thi s switc h can d ispla y stati stics for dot1x pr otocol exchang es fo r any port.
C ONFIGURI NG THE S WI TC H 2-108 We b – Sel ect dot1 x foll owed by dot1X s tatistic s. Selec t the requ ired po rt and t hen cl ick Query . Click R efresh to upd ate statis tics. Tx EAPOL Total The number of EAPO L frames of any type that have been transmitted by this Auth enticator.
C ONFIGU RING 802.1 X P ORT A UTHENT ICATION 2-109 CLI – Th is examp le disp lays the d ot1x stat istics for port 1. Console#show dot1x stat istics Eth 1/1 Rx: E XPOL EAPOL EAPOL EAPOL EAP EAP EAP S.
C ONFIGURI NG THE S WI TC H 2-110.
U SING THE C OMMAND L INE I NTER FAC E 3-1 C HAPTER 3 C OMMAND L IN E I NTERF ACE Thi s chapt er desc ribes h ow to us e th e Command Li ne In terface (CLI).
C OMMAND L INE I NTER FAC E 3-2 2. Enter th e nece ssary c ommands to comple te your desi red tasks. 3. When fi nishe d, exit th e sessi on with th e “qui t” or “exi t” command .
U SING THE C OMMAND L INE I NTER FAC E 3-3 If y our corpo rate netwo rk is conn ected t o another ne twor k o utside your office or t o the Int ernet, you need to ap ply fo r a regist ered IP addr ess.
C OMMAND L INE I NTER FAC E 3-4 Entering Commands This sec tion descr ibe s how to enter CL I com man ds. Keywords and Arguments A CLI co mmand is a seri es of keyw ords and ar gumen ts. Keyword s iden tify a comman d, and arg uments spe cify config uration par amete rs.
E NTE RING C OMMANDS 3-5 Command Completion If you te rmin ate inpu t with a T ab key , the CLI wil l print th e remaini ng charac ters o f a part ial keyword up to t he point of ambi guity. In th e “loggin g history” example, ty ping log followed by a t ab will resu lt in p rintin g the co mma nd up to “ logging .
C OMMAND L INE I NTER FAC E 3-6 The comm and “ show inter fac es ? ” will d isplay the follo wing inf or mat ion : Partial Keyword Lookup If yo u terminat e a part ial keywor d with a questi on mar k, alte r nativ es that ma tch the initial letters are provid ed.
E NTE RING C OMMANDS 3-7 Understanding Command Modes The com mand set is divid ed into Exec an d Conf igur ation class es. Exe c commands ge nerall y display inf ormation on sys tem st atus or cle ar stat istical count ers. Co nfigurat ion com mands, on the other hand, modif y interfac e param eters or enable c ertain switchi ng func tions.
C OMMAND L INE I NTER FAC E 3-8 enable comma nd, followe d by th e privi leged le vel pa ssword “sup er ” (pag e 3-2 9). T o ente r Privile ged Exec mode, ente r the fol lowing com mand s and passwor ds: Configuration Commands Confi guratio n command s are p rivileg ed level commands used t o modi fy sw itch settin gs.
E NTE RING C OMMANDS 3-9 • Int erface Configu ration - These commands modif y the por t con figurati on such as speed-duplex and negotiation . • Line Con figurat ion - These com mands modify th e console port and T elnet conf iguratio n, and incl ude co mmand suc h as par ity and databits .
C OMMAND L INE I NTER FAC E 3-10 Command Line Processing Commands are not case sensi tive. Y ou can abbrev iate commands and par amete rs as long as th ey contain enough lett ers to differen tiate them fr om any other current ly availa ble comman ds or par amete rs.
C OMMAND G RO UP S 3-11 RADIUS Client Configures RADIUS client-server authe ntication for logon access 3-38 Port Authentication Configures IEEE 802.1x port access c ontrol 3 -44 SNMP Activates authent.
C OMMAND L INE I NTER FAC E 3-12 Note: Note th at the acc ess mo de sho wn in th e foll owing tables i s ind icate d by th ese ab brev iati ons: NE (Nor mal Exec) PE (Pri vile ged Exec ) GC (Global Co.
G ENERAL C OMMANDS 3-13 General Commands enable Use thi s command to act ivate Priv ileg ed Exec mode. In priv ilege d mode, additi onal comm ands are av ailable, and certain commands displ ay additio nal inf or matio n. See “U nderstand ing Comman d Mode s” on page 3 -7.
C OMMAND L INE I NTER FAC E 3-14 Default Settin g Level 15 Command Mode Norm al Exec Command Us age • “su per” is the def ault passwor d requi red t o ch ange th e comm and mode fro m Nor mal Exec to Pr ivi lege d Ex ec. ( To s et thi s passwor d, see the enable password com mand on page 3-2 9.
G ENERAL C OMMANDS 3-15 Command Us age The “> ” char acter is app ended to the e nd of th e prompt to indic ate th at the sys tem is i n nor mal access mode. Example Related Commands enabl e (3-13) configure Use t his co mman d to act ivate Global C onfigu ration mode.
C OMMAND L INE I NTER FAC E 3-16 show history Use t his comman d to sh ow the c ontent s of t he com mand his tory buf fe r . Default Settin g None Command Mode Norma l Exec, Pri vileg ed Exec Command Us age The history bu ffer si ze is fi xed at 10 Execution comman ds and 10 Confi guration c ommands.
G ENERAL C OMMANDS 3-17 example, the !2 com mand re peats t he s econd c ommand in the Exe cution his tory buffe r ( config ). reload Use this c ommand to restar t the syste m. Note: W hen the system is res tarted, it will always ru n the Power-On Self-Test .
C OMMAND L INE I NTER FAC E 3-18 Command Mode Glob al Configu ration, I nterface Conf iguration , Line Confi guration, VLAN Data base Confi guration Example Thi s example shows how to return to t he P.
F LASH /F ILE C OMMANDS 3-19 quit Use t his co mmand t o exit the co nfigu ration p rogram. Default Settin g None Command Mode Norma l Exec, Pri vileg ed Exec Command Us age The quit and e xit comma nds can b oth exit t he config uration progra m.
C OMMAND L INE I NTER FAC E 3-20 copy Use t his co mmand t o mo ve (uplo ad/download ) a co de image or con figurati on fil e bet ween t he swit ch’s F lash memor y and a TF TP serve r .
F LASH /F ILE C OMMANDS 3-21 Command Us age • Th e system prom pts for da ta requir ed to c ompl ete the co py command . • The destin ation file n ame s hould no t co ntain sl ashes ( or /), the le ading letter o f the file name s hould not be a p eriod (.
C OMMAND L INE I NTER FAC E 3-22 The followi ng examp le sh ows how t o copy the running configuration to a startup file. The f ollowing example shows ho w to down load a co nfigurat ion file: delete Use th is com mand to de lete a file or image. Syntax delete filename file name - Name of t he confi gurati on file o r image name.
F LASH /F ILE C OMMANDS 3-23 Command Us age • If t he file t ype is us ed for s ystem s tartup, then th is file cannot be de let ed. • “Fac tory_D efault_Co nfig.c fg” cann ot b e delete d. Example Thi s exampl e sho ws how to delet e the test 2.
C OMMAND L INE I NTER FAC E 3-24 Command Us age • If you enter th e command dir without an y parame ters, t he system displ ays all file s. • Fi le in forma tio n is sh own be low: Example The f oll owin g ex ampl e sho ws how to di splay all f ile in fo rm atio n: whichboot Use t his co mmand t o disp lay whi ch files booted.
F LASH /F ILE C OMMANDS 3-25 Example Thi s example s hows the i nformati on displa yed by t he whichboot comm and. See the table un der the dir c ommand for a desc ription of t he file in formation d isplayed b y this command. boot system Use t his com mand to specify the file o r image used to start up the system .
C OMMAND L INE I NTER FAC E 3-26 Example Related Commands dir (3 -23) whichbo ot (3-24) System Management Commands The se commands are us ed to contr ol system lo gs, pass words, user name s, br owser con figurat ion opt ions, an d displ ay or confi gure a vari ety of other s ystem info r mat ion.
S YSTEM M ANA GE MEN T C OMMANDS 3-27 hostname Use t his co mman d to spec ify or modify the host name for t his devi ce. Us e the no form to rest ore the def ault hos t name .
C OMMAND L INE I NTER FAC E 3-28 Syntax user name name { access- level level | nopasswor d | passwor d { 0 | 7 } password } no user name name • name - The name of th e user. (Maxi mum leng th: 8 character s, cas e sens itive. M aximum use rs: 16) • acce ss-level level - Sp ecifies t he user level.
S YSTEM M ANA GE MEN T C OMMANDS 3-29 Example This example sh ows how the set th e access l evel and pas sword for a user . enable password Aft er init ially l ogging o nto the syst em, you shoul d set the Pri vileged Exec pas sword. R emember to recor d it in a safe pl ace.
C OMMAND L INE I NTER FAC E 3-30 p a s s w o r d t o c h a n g e t h e c o m m a n d m o d e f r o m N o r m a l E x e c t o Pri vileged Exec wi th the ena ble command (page 3-13 ). • The encrypt ed pa ssword is requir ed for c ompatibil ity with leg acy pa ssword s etting s (i.
S YSTEM M ANA GE MEN T C OMMANDS 3-31 Related Commands ip h ttp se rver (3- 31) ip http server Use th is com mand to al low th is devi ce to be moni tored o r con figured from a br owser .
C OMMAND L INE I NTER FAC E 3-32 show startup-config Use thi s comman d to display th e configur ation fil e stored in non- volati le mem ory that i s used to st art up the syst em.
S YSTEM M ANA GE MEN T C OMMANDS 3-33 Example Related Commands sho w runni ng-con fig (3-34) Console#show startup-co nfig building startup-config , please wait.
C OMMAND L INE I NTER FAC E 3-34 show running-config Use thi s command to disp lay the config uration in formation curre ntly in use. Default Settin g None Command Mode Pri vileged E xec Command Us ag.
S YSTEM M ANA GE MEN T C OMMANDS 3-35 Example Related Commands show s tart up-con fig (3- 32) Console#show running-co nfig building running-config , please wait.
C OMMAND L INE I NTER FAC E 3-36 show system Use thi s command to disp lay syste m infor mati on. Default Settin g None Command Mode Norma l Exec, Pri vileg ed Exec Command Us age • For a d escri ption o f the i tems s hown by t his co mmand, refer to “Displaying System Information” o n page -9.
S YSTEM M ANA GE MEN T C OMMANDS 3-37 show users Shows all acti ve cons ole and T elnet ses sions, inc luding user name , idle time, and IP add ress of T elnet client .
C OMMAND L INE I NTER FAC E 3-38 Command Us age See “Displayin g Switch Hardware/Software V ers ions” o n pag e -28 fo r deta iled inform ation on s oftware it ems. Th e meaning of hardware items are as follows: • Seria l Number – Serial numbe r of the main bo ard.
A UTH ENT ICAT ION C OMMANDS 3-39 authentication login Use t his comman d to defi ne th e login authe nticati on met hod and pre cedence . Use th e no for m t o re stor e the de fault. Syntax authen tication lo gin {[ local ] [ radius ]} no authe ntication lo gin • loc al - Use lo cal p assword only.
C OMMAND L INE I NTER FAC E 3-40 Command Us age • RADI US uses UDP wh ich o nly off ers be st-ef fort de live ry. Al so, note that RADI US e ncrypt s only th e passwo rd in the access -requ est packe t from the cl ient to the serv er. • RADIUS logon authentication ass i gns a s pecific p rivile ge level for eac h user name and pa sswor d pair.
A UTH ENT ICAT ION C OMMANDS 3-41 Command Mode Glob al Configu ration Example radius-server port Use th is command to set the RA DIUS se rver n etwor k port. Us e the no form to re store th e defaul t. Syntax radius-serve r port port_number no radius-server port port_numb er - R ADIUS server U DP port u sed for authenticati on mes sages.
C OMMAND L INE I NTER FAC E 3-42 radius-server key Use thi s comman d to set the RA DIUS encr yption key . Use the no form t o rest ore the defa ult. Syntax radius-serve r key key_string no radius-server key key_string - Encryption key use d to authen ticate logon acces s for client.
A UTH ENT ICAT ION C OMMANDS 3-43 Command Mode Glob al Configu ration Example radius-server timeout Use th is com mand to set the inte rval bet ween transmitti ng auth entica tion r equests to the RA DIUS se rver . Use t he no form to rest ore th e defa ult.
C OMMAND L INE I NTER FAC E 3-44 Command Mode Pri vileged E xec Example Port Authentication Commands The swit ch supports IEEE 802.1x (dot1x) port- based acces s control that p revent s unauth orized access t o th e networ k by requ iring user s to first en ter a user I D and passwor d for authe nticati on.
P ORT A UTH ENT ICAT ION C OMMANDS 3-45 authentication dot1x Sets th e default auth entic ation se rver type . Use the no form to rest ore th e defa ult.
C OMMAND L INE I NTER FAC E 3-46 dot1x default Sets all configurabl e dot 1x gl obal and p ort s etti ngs to their defa ult val ues . Syntax dot1x default Command Mode Glob al Configu ration Example d.
P ORT A UTH ENT ICAT ION C OMMANDS 3-47 dot1x port-control Sets the do t1x mode on a port in terface . Use t he no form to re set to th e defaul t. Syntax dot1x port-contr ol { auto | force- aut hori .
C OMMAND L INE I NTER FAC E 3-48 dot1x re-authenticate Forc es re-auth entication on all por ts or a specifi c interface. Syntax dot1x re-a uthenticate [ inter fac e ] inter face • ethernet un it / port - unit - This is de vice 1. - port - Por t num ber .
P ORT A UTH ENT ICAT ION C OMMANDS 3-49 dot1x timeout quiet-period Sets th e time that a switch port waits after th e Max Requ est Coun t has been exce ede d bef ore a ttemp ting to ac quir e a ne w c lient . Us e the no form of this comman d to rese t the defaul t.
C OMMAND L INE I NTER FAC E 3-50 Example dot1x timeout tx-period Sets th e time per iod dur ing an authe ntica tion se ssion th at the swit ch waits befo re re-t ransmi tting an EAP p acket . Use th e no for m to rese t to the d efault valu e. Syntax dot1x timeout tx-period secon ds no dot1x timeout tx-period seco nds - Numb er of seco nds.
P ORT A UTH ENT ICAT ION C OMMANDS 3-51 show dot1x Use th is com mand to sho w gene ral port aut henti cation re late d settin gs on the switc h or a speci fic inter face. Syntax show dot1x [ stati stics ] [ inter face inter face ] inter face • ethernet un it / port - unit - This is de vice 1.
C OMMAND L INE I NTER FAC E 3-52 • 802.1 X Port Details – Displ ays de tailed p ort ac cess con trol set tings for each i nterf ace as d escrib ed in t he prec eedi ng page s, including ad m instr.
P ORT A UTH ENT ICAT ION C OMMANDS 3-53 Example Console#show dot1x Global 802.1X Parameter s reauth-enabled: yes reauth-period: 3600 quiet-period: 350 tx-period: 300 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.1X Port Summary Port Name Status Mode Authorized 1 disabled ForceAuthorized n/a 2 enabled A uto n/a .
C OMMAND L INE I NTER FAC E 3-54 SNMP Commands Cont rols acces s to this swit ch from manag ement stat ions usi ng the Simp le Netw ork Managemen t Prot ocol (SNMP), as well as t he error types se nt to trap manager s.
SNMP C OMMANDS 3-55 • rw - Specifies read-write ac ce ss. A uth orized manage ment stati ons are able t o both retrie ve and m odify M IB obj ects. Default Settin g • public - Re ad-only acc ess. Auth orized m anagemen t stations are only able t o retr ieve MIB obj ects.
C OMMAND L INE I NTER FAC E 3-56 Example Related Commands snmp -server locati on snmp-server location Use t his comman d to se t th e syst em loc ation string . U se the no fo r m t o remov e the loca tion st ring. Syntax snmp-ser ver locati on te xt no snmp-ser ver locati on text - String that describe s the syste m locatio n.
SNMP C OMMANDS 3-57 snmp-server host Use this command to spe cify the recipie nt of a Simple Network Manag ement Pro tocol notificatio n oper ation. Use the no for m to remo ve th e spec ifie d hos t.
C OMMAND L INE I NTER FAC E 3-58 The snmp- serv er hos t co mmand is us ed in con junction with the snmp-server enabl e traps command . Use the snmp-ser ver enable traps command to s pecify wh ich SNMP noti ficati ons a re se nt glob ally .
SNMP C OMMANDS 3-59 Default Settin g Issue authen tica tion and li nk-up- down traps . Command Mode Glob al Configu ration Command Us age If yo u do not e nter an s nmp-server enable trap s comman d, no no tific ations control led by t his comm and are s ent.
C OMMAND L INE I NTER FAC E 3-60 Command Mode Norma l Exec, Pri vileg ed Exec Command Us age Thi s comma nd prov ides i nformation o n the c ommun ity acce ss st rings, counter informat ion fo r SNMP inp ut an d output prot ocol data units, an d whether o r not SNMP lo gging h as been ena bled wi th th e snmp-ser ver enable traps co mmand.
IGMP S NOOPI NG C OMMANDS 3-61 IGMP Snooping Commands Thi s switch uses I GMP (Inte r net Group Managemen t Prot ocol) to quer y for any attached hos ts that want to rec eive a specific mul ticast ser vice. It ident ifies t he ports co ntaini ng host s request ing a servi ce and sends data out to t hose p orts only.
C OMMAND L INE I NTER FAC E 3-62 Default Settin g Ena ble d Command Mode Glob al Configu ration Example The fo llowing ex ample e nable s IGMP sn oopin g. ip igmp snooping query-count Use t his command t o co nfigure the quer y co unt. U se the no form to restore t he de fault.
IGMP S NOOPI NG C OMMANDS 3-63 re sp on se -t im e . If the co untdown f inishe s, and the clie nt stil l has not r espond ed, then t hat c lient is co nsid ere d to ha ve lef t the multicast g roup.
C OMMAND L INE I NTER FAC E 3-64 query-count , bu t a clie nt has n ot res ponded, a countdo wn timer is start ed usin g an in itial valu e set b y this comm and. If the coun tdow n fini shes, a nd the cl ient still has not re spon ded, th en that c lient i s co nsider ed to hav e left the m ulticast group .
IGMP S NOOPI NG C OMMANDS 3-65 Command Us age T h e s w i t c h m u s t b e u s i n g I G M P v 2 f o r t h i s c o m m a n d t o t a k e eff ect . Example The followi ng sho ws how to conf igure t he.
C OMMAND L INE I NTER FAC E 3-66 • Some commands ar e only e nabled for IGMP v2, incl uding ip igmp query -max-response -time and ip i gmp query-timeout . Example The fol lowing con figure s the switc h to use IGMP V ersion 1: show ip igmp snooping Use t his comman d to sh ow the IG MP s nooping conf igurati on.
IGMP S NOOPI NG C OMMANDS 3-67 show mac-address-table multicast Use t his co mmand t o show kn own mult icast addresses . Syntax show mac-addr ess-table multicast [ vlan vla n-id ] [ user | igmp-snooping ] • vlan-id - VL AN ID (1 to 4094) • user - Dis play onl y the us er-con figured multicas t entr ies.
C OMMAND L INE I NTER FAC E 3-68 Line Commands Y ou can access t he onboard co nfigurat ion program by att aching a VT100 compat ible de vice to the server’ s seri al port . Th ese command s are use d to se t commun ication p arameters fo r the s erial port o r T eln et ( i.
L INE C OMMANDS 3-69 line Use th is command t o identify a spec ific line for configur ation, and to process subseq uent li ne co nfigurat ion com mands. Syntax lin e { console | vt y } • cons ole - Consol e termin al line . • vty - Virtu al termin al for remo te conso le acces s.
C OMMAND L INE I NTER FAC E 3-70 login Use thi s comman d to enab le passwor d checking at log in. Use the no form to di sable pass word chec king and allow conn ection s with out a pas sword. Syntax logi n [ local ] no login loc al - Sele cts local password checking .
L INE C OMMANDS 3-71 • Th is comman d contro ls logi n authen ticatio n via the switc h itse lf. To confi gure u ser nam es an d passw ord s for remo te auth enticat ion ser vers, you must use th e RADIU S softwar e inst alled o n thos e serve rs.
C OMMAND L INE I NTER FAC E 3-72 Command Us age • Wh en a co nne ction is start ed on a line with pa ssword prot ecti on, the sys tem promp ts for the pas sword.
L INE C OMMANDS 3-73 Command Mode Line C onfigurati on Command Us age • If user input i s detec ted with in the t imeout interval , the sessio n is ke pt ope n; ot herwi se the se ssio n is te rmin ated. • Thi s comm and app lies to both the local c onsole an d Te lnet conn ectio ns.
C OMMAND L INE I NTER FAC E 3-74 Command Us age • Whe n the l ogon atte mpt thre shold i s reached , the sys tem inte rfac e be come s sile nt f or a s peci fied amo unt of tim e be fore allowi ng the next l ogon att empt. (U se the silent-ti me comman d to set th is inte rval.
L INE C OMMANDS 3-75 Command Mode Line C onfigurati on Example T o set th e silen t time to 6 0 se conds , enter thi s comman d: Related Commands pas sword-thr esh (3-73) databits Use this command t o set the n umber of da ta b its per charact er that are in terp rete d and ge nerat ed by th e consol e por t.
C OMMAND L INE I NTER FAC E 3-76 Example T o speci fy 7 data bi ts, e nter thi s command : Related Commands parit y (3-76) parity Use t his com mand to define gener atio n of a parit y bit .
L INE C OMMANDS 3-77 speed Use th is com mand to set the ter min al line 's baud rate. Thi s comm and se ts both the t ransmit (to termi nal) and receiv e (from terminal ) speeds. Us e the no for m to re stor e the de fault sett ing. Syntax speed bps no speed bps - B a u d r a t e i n b i t s p e r s e c o n d .
C OMMAND L INE I NTER FAC E 3-78 stopbits Use th is com mand to s et the nu mber of the st op bits tran smit ted per b yte. Use th e no form to restor e the default setti ng.
IP C OMMANDS 3-79 Example T o show a ll lin es, ent er this c ommand: IP Commands The re are no IP addre sses ass igned t o this switch by de fault. Y ou must m anually configu re a n ew addre ss to mana ge the switch ov er your networ k.
C OMMAND L INE I NTER FAC E 3-80 ip address Use thi s comm and to se t the IP addres s for th is devic e. Use t he no form t o restore the default IP addr ess. Syntax ip addr ess { ip-addr e ss netmask | bootp | dhcp } no ip addr ess • ip-address - IP address • netmask - Netwo rk mask for the associ ated IP sub net.
IP C OMMANDS 3-81 • You can star t broadcast ing BOOTP or DHCP re quests by ente ring a n ip dhcp restar t comman d, or by reboot ing th e switc h. Note: Only one VLA N inter face can be ass igned an IP addr ess (the default is V LAN 1) .
C OMMAND L INE I NTER FAC E 3-82 • If t he BOOTP or DHCP s erver h as been moved t o a differ ent doma in, th e ne twork porti on of th e addr ess pro vid ed to t he cli ent will be based on this n ew domain . Example In t he followi ng exam ple, t he devic e is re assign ed the s ame address.
IP C OMMANDS 3-83 Command Us age A gat eway must be def ined if t he manag ement s tation is located in a di fferent IP segment . Example The f ollowing e xample def ines a default g ateway for this device: Related Commands sho w ip redir ects (3-84) show ip interface Use thi s comman d to dis play the se ttings o f an IP interface.
C OMMAND L INE I NTER FAC E 3-84 show ip redirects Use th is comma nd to show th e defaul t gateway conf igure d for thi s devi ce. Default Settin g None Command Mode Pri vileged E xec Example Related Commands ip d efault-gat eway (3- 82) ping Use thi s comman d to send ICM P echo reques t pack ets to anoth er node on the network.
IP C OMMANDS 3-85 Command Mode Norma l Exec, Pri vileg ed Exec Command Us age • Use the pin g comm and to see if an othe r site on the ne twork can be re ached. • Fo llowing are some re sults of the pin g comm and: - Normal response -The nor mal res ponse o ccurs in one to ten secon ds, depen ding on networ k tr affic.
C OMMAND L INE I NTER FAC E 3-86 HOL Blocki ng Prevention Commands If head-o f-line (HOL) Bl ocking Pre vention is en abled it preven ts the f orwardin g of dat a to a po rt trans mit queue that i s blocke d. Thi s allows for a more efficient transfer of pa ckets acr oss the net work.
HOL B LOC KING P RE V E N T I O N C OMMANDS 3-87 Syntax queue hol-pr evention no queue hol-pr evention Default Settin g Ena ble d Command Mode Glob al Configu ration Command Us age • If HOL Blocking Prevent ion is disabl ed on this swit ch.The trans mit queue may be completel y filled with frames awaiting serv ice.
C OMMAND L INE I NTER FAC E 3-88 Example Thi s example dis plays the cu rren t status. Interface Comm ands The se commands are use d to di splay or set com munica tion par amete rs fo r an Ethernet p ort , aggre gate d link, or VL AN.
I NTER FAC E C OMMANDS 3-89 interface Use this c ommand to confi gure an in terface ty pe and ente r int erface c onfigur ation mode. U se the no for m to rem ove a trunk . Syntax int er fa ce inter face no interfa ce port-channel channel-id inter face • ethernet un it / port - unit - This is de vice 1.
C OMMAND L INE I NTER FAC E 3-90 description Use this command to add a de scription to an interface. Use the no for m to re move th e desc riptio n. Syntax descript ion string no descript ion stri ng - Co mment o r a des crip tion t o he lp you rememb er what is at tached to thi s inte rface.
I NTER FAC E C OMMANDS 3-91 • 10f ull - Forces 10 Mbps full-d uplex op eration • 10h alf - Force s 10 Mb ps half-d uplex operati on Default Settin g • Auto- negotiatio n is enabled b y defau lt.
C OMMAND L INE I NTER FAC E 3-92 negotiation Use this command to enable autone gotiation for a given interface. Use th e no fo r m t o disab le aut onegoti ation .
I NTER FAC E C OMMANDS 3-93 capabilities Use thi s comman d to adve rtise th e port ca pabilit ies of a given inte rfac e duri ng auto nego tiation. Use the no fo r m with p arameters to remov e an advertis ed capabili ty, or th e no form wi thout par amete rs to restor e the d efault values.
C OMMAND L INE I NTER FAC E 3-94 Command Us age When auto-negot iation is enabled wi th th e negotiation comm and, th e switch wil l nego tiate t he best set tings for a link ba sed on th e capa bilites command. When auto-n egotiation is dis abled, y ou must manual ly spec ify th e link att ributes with the speed-duplex and flowcontrol co mmands.
I NTER FAC E C OMMANDS 3-95 Command Us age • Flow cont rol can el iminate fr ame loss by “blocking ” traffic f rom end station s or se gme nts co nnected dire ctly to the swit ch when its b uffers fil l. When enabled , back p ressure is used fo r half -duplex o perati on and IEEE 802 .
C OMMAND L INE I NTER FAC E 3-96 shutdown Use this comman d to disable an interface. T o restart a disabled inte rfac e, use th e no form. Syntax shut down no shut down Default Settin g All interfaces are enable d.
I NTER FAC E C OMMANDS 3-97 switchport broadcast percent Use t his comman d to co nfigure broadcas t storm contr ol. Use the no form to di sable broadc ast storm control . Syntax switchport broa dcast per cent level no switchport broa dcast lev el - T hresh old leve l as a pe rcenta ge of band widt h.
C OMMAND L INE I NTER FAC E 3-98 clear counters Use this command to clear st atisti cs on an inte rface. Syntax clear counter s inter face inter face • ethernet un it / port - unit - This is de vice 1.
I NTER FAC E C OMMANDS 3-99 show interfaces status Use th is com mand to di splay the status for an interface. Syntax show inte rf aces sta tus inter face inter face • ethernet un it / port - unit - This is de vice 1.
C OMMAND L INE I NTER FAC E 3-100 Example show interfaces counters Use this c ommand to d isplay statisti cs fo r an i nter face. Syntax show inter faces counte rs in ter face inter face • ethernet un it / port - unit - This is de vice 1. - port - Por t num ber .
I NTER FAC E C OMMANDS 3-101 Command Us age If no i nterface is s pecified , information o n all interfac es is dis played. F or a desc ripti on of th e items di splay ed by thi s comm and, se e “Showing Por t Stati stics” on page -96.
C OMMAND L INE I NTER FAC E 3-102 show interfaces switchport Use thi s comman d to dis play advanc ed interface co nfigur ation settin gs. Syntax show inte rf aces switc hport [ inter fac e ] inter face • ethernet un it / port - unit - This is de vice 1.
I NTER FAC E C OMMANDS 3-103 • Gvrp status – Show s if G ARP VL AN Re gistra tion P rotoc ol i s enabl ed or di sabled (pag e 3-140). • Allowed Vlan – Shows t he VLANs th is inter face has jo ined, wher e “( u)” indica tes untagg ed and “(t)” indi cates ta gged (page 3 -129).
C OMMAND L INE I NTER FAC E 3-104 This exampl e shows the co nfigu ratio n for po rt 3 when se t to prom iscuous mode for pri vate VLANs . Rate Limit Commands This funct ion all ows th e netw ork m anager to co ntrol the m aximum rat e fo r traff ic tr ansm itted o r rec eive d on an inte r fa ce.
R ATE L IMI T C OMMANDS 3-105 rate-limit Use t his co mmand to set the rate limit. Use th e no form to re move the rate limi t. Syntax rat e-limit {input | output } percen t per cent no ra te- lim it in put • inp ut - Se ts the rate lim it for inboun d traffic.
C OMMAND L INE I NTER FAC E 3-106 Example This example se ts th e rate li mit for i nput an d outp ut traf fic on port 2 t o 312K when operat ing at 10 Mb ps or 3.
A DDR ES S T ABLE C OMMANDS 3-107 mac-address-table static Use this command to map a static address to a destination port. Use th e no form to remove an addres s. Syntax mac-addr ess-table s tatic mac-addr ess { inter face | discar d } [ action ] no mac-addr ess-tabl e static mac-addr ess [ discar d ] • mac-address - MAC ad dress.
C OMMAND L INE I NTER FAC E 3-108 • Sta tic add resses will no t be re move d from t he add ress table when a given i nterface l ink is do wn. • Static address es are bound to th e assigned interface and will no t be moved.
A DDR ES S T ABLE C OMMANDS 3-109 show mac-address-table Use th is com mand to vi ew class es of en tries in the brid ge- forw ardin g data base. Syntax show mac-addr ess-table [ addr ess mac- addr ess [ mask ]] [ int er fa ce inter face ] [ vlan vl an-i d ] [ sort { addr ess | vlan | int er fa ce }] • mac-address - MAC ad dress.
C OMMAND L INE I NTER FAC E 3-110 Example mac-address-table aging-time Use this c ommand to set t he agi ng time for entri es in the addr ess tabl e. Use th e no for m to rest ore th e de fault agi ng tim e. Syntax mac-addr ess-table ag ing-time seconds no mac-addr ess-table aging-t ime seco nds - Time i n second s (2-1 72800) .
S PANNI NG T RE E C OMMANDS 3-111 show mac-address-table aging-time Use th is com mand to s how the agi ng tim e for entr ies in the address table. Default Settin g None Command Mode Pri vileged E xec.
C OMMAND L INE I NTER FAC E 3-112 spanning-tree Use thi s command to enab le the Sp a nni ng Tree Alg orit hm gl obal ly for th e sw itch. Use the no form to dis able i t. Syntax spanning-tre e no spanning-tre e Default Settin g Spanning tree is enable d.
S PANNI NG T RE E C OMMANDS 3-113 Example The f ollowing example shows ho w to enable the Spanning T r ee Algori thm for the s witch : spanning-tree forward-time Use t his comman d to co nfigur e the s panning tree b ridge f orw ard time glo ball y fo r th is s wit ch.
C OMMAND L INE I NTER FAC E 3-114 Example spanning-tree hello-time Use th is co mmand to config ure the s panni ng tree brid ge hel lo time glo bally for this swit ch. Use th e no form to restore t he default. Syntax spanning-tre e hello-time time no spanning-tre e hello-time tim e - Time i n seconds.
S PANNI NG T RE E C OMMANDS 3-115 spanning-tree max-age Use t his comman d to confi gure th e spannin g tree brid ge maxim um age gl obally for th is switch. Use the no form to resto re the default. Syntax spanning-tr ee max-age se con ds no spanning-tre e max-age seco nds - Time in seco nds.
C OMMAND L INE I NTER FAC E 3-116 spanning-tree priority Us e this co mmand to con figure th e span ning t ree prio rity global ly for th is switch . Use the no for m to rest ore t he defa ult. Syntax spanning-tre e priority priority no spanning-tre e priority priorit y - Pri ority of th e brid ge.
S PANNI NG T RE E C OMMANDS 3-117 The re commen ded rang e is: - Eth ernet: 50- 600 - Fast Et hernet: 10 -60 - Gigabit Ether net: 3- 10 Default Settin g • Eth ernet – half dup lex: 100 ; full dupl.
C OMMAND L INE I NTER FAC E 3-118 Default Settin g 128 Command Mode Int erface Co nfigurat ion (Ethe r net, Port Ch annel) Command Us age • Thi s comm and d efines the p riorit y for the use of a p ort i n the spanni ng-tre e alg orithm .
S PANNI NG T RE E C OMMANDS 3-119 Command Mode Int erface Co nfigurat ion (Ethe r net, Port Cha nnel) Command Us age • This com mand is u sed to en able/dis able th e fast sp anning-t ree mod e for th e select ed port. In th is mode, po rts skip the Blocked, Li stening and Learning states and proceed straight to Forwardi ng.
C OMMAND L INE I NTER FAC E 3-120 Command Mode Pri vileged E xec Command Us age For a descr iption of the i tems di splayed under “Bridg e-grou p information, see “Managing Global Settin gs” on page -43. For a descr iption of t he item s displa yed for spe cific int erfaces, see “Managing ST A Interface Settings” on page -47.
VLAN C OMMANDS 3-121 VLAN Commands A VL AN is a g roup of ports that can be l ocate d anywhere in the netwo rk, bu t commun icate as though th ey bel ong to th e same phy sical se gment .
C OMMAND L INE I NTER FAC E 3-122 vlan database Use t his com mand to enter V LAN datab ase mo de. All com mand s in this mod e wil l take ef fect im medi ately. Default Settin g None Command Mode Glob al Configu ration Command Us age • Use t he VLAN data base comma nd mode to add, change, and dele te VL ANs.
VLAN C OMMANDS 3-123 Related Commands show vlan (3-131) vlan Use thi s comman d to co nfigure a VLAN . Use the no form to rest ore the default se ttings o r delet e a VLAN. Syntax vlan vl an-i d [ name vlan-name ] m edia ether net [ sta te { active | susp end }] no vlan vlan-id [ name | state ] • vlan-id - ID o f confi gured VLA N.
C OMMAND L INE I NTER FAC E 3-124 • VLAN 1 cann ot be sus pended, but any othe r VLAN wi ll be suspe nded . • You c an co nfigu re up to 127 V LANs on t he s witch. Example The followi ng example adds a VLAN, using v lan-id 10 5 and n ame RD5 . The VL AN is activat ed by de fault.
VLAN C OMMANDS 3-125 Example The followi ng examp le sh ows how t o set the i nterface con figurati on mode to VLAN 1, and then assign an IP add ress to the VLA N: Related Commands shut down (3-9 6) switchport mode Use t his com mand to configur e the VLA N mem bership m ode for a port.
C OMMAND L INE I NTER FAC E 3-126 Example The fo llowing sh ows how to se t the confi guratio n mode to po rt 1, and th en set the switchpo rt mod e to trun k: switchport acceptable-frame-types Use thi s comm and to conf igure th e acce ptable fr ame types for a port.
VLAN C OMMANDS 3-127 switchport ingress-filtering Use thi s command to enable ing ress filt ering for an inte r fac e. Use the no fo r m t o rest ore the default .
C OMMAND L INE I NTER FAC E 3-128 switchport native vlan Use t his co mman d to co nfigure the P VID (i.e. , defau lt VL AN ID) for a po rt. Us e the no form to restor e the de fault. Syntax switchport native vlan vla n-id no switchport native vlan vlan-id - Def ault VLAN ID for a po rt.
VLAN C OMMANDS 3-129 switchport allowed vlan Use thi s comman d to config ure VLAN gro ups on the se lected int erface. Us e the no f orm t o r estor e t he defa ult. Syntax switchpor t allowed vlan { add vlan | re mo v e vl an } no switchpor t allowed vlan • add vlan - VLA N iden tifi er to a dd.
C OMMAND L INE I NTER FAC E 3-130 Example The following example shows ho w to add VLANs 1, 2, 5 and 6 t o the all owed list as ta gge d VLANs for port 1 : switchport forbidden vlan Use th is com mand to confi gure f orbid den VL ANs. Use th e no form to rem ove th e l ist of forb idden VLANs .
VLAN C OMMANDS 3-131 Example The followi ng examp le shows how to prevent port 1 from bei ng added to VLAN 3: show vlan Use t his co mmand t o sh ow VLAN in formation. Syntax show vlan [ id vlan- id | name vlan-name ] • id - Keywo rd to be foll owed by t he VLAN ID.
C OMMAND L INE I NTER FAC E 3-132 Example The f ollowing example shows ho w to dis play info r mation for VLAN 1: Private VLAN Commands Private VLANs pro vide port -based securi ty and is ola tion be twee n ports within th e assigne d VLAN. This switch su pports tw o types of private VLAN ports : promis cuous, and commu nity po rts.
P RIVAT E VLAN C OMMANDS 3-133 T o configu re private VLA Ns, follow these steps: 1. Use th e private-vl an com mand to desig nate one or more comm unity V LANs an d the pri m ary VLAN that will chann el traffi c outsid e the co mmunity groups. 2. Use th e private-vl an associ ation comman d to map the secon dary (i.
C OMMAND L INE I NTER FAC E 3-134 private-vlan Use this c ommand to crea te a primary or secondary (i .e., comm unity) p rivate VLA N. Use t he no form to remove t he spec ified privat e VLAN. Syntax privat e-vlan vlan-id { community | prima ry } no private-vlan vlan -id • vlan-id - ID of privat e VLAN.
P RIVAT E VLAN C OMMANDS 3-135 Example private vlan association Use this command to associate a primary VLAN with a secondary (i.e. , community) VLAN. Use the no fo r m to remove all associ atio ns for th e spec ifi ed prim ary VL AN.
C OMMAND L INE I NTER FAC E 3-136 Example switchport mode private-vlan Use this c ommand to set t he pri vat e VLAN mode for an interface. Use th e no fo r m t o re store t he de faul t sett ing.
P RIVAT E VLAN C OMMANDS 3-137 Example switchport private-vlan host-association Use this command to associate an interface with a seco ndary VLAN. Us e the no for m to remo ve this ass ociat ion.
C OMMAND L INE I NTER FAC E 3-138 switchport private-vlan mapping Use this comman d to map an inte rface to a primary VLAN. Use the no form to re move this mappi ng. Syntax switchpor t private-vlan ma pping primary-vlan-id no switchpor t private-vlan map ping primary-v la n- id - ID of primary VLAN.
P RIVAT E VLAN C OMMANDS 3-139 show vlan private-vlan Use th is command to show the pr ivate VLA N configu ration s ettings on th is sw itch . Syntax show vlan priva te-vlan [ communi ty | prima ry ] • com mun ity - Displ ays all community VLAN s, along with th eir assoc iate pr imary VLA N a nd assi gned ho st i nterf aces.
C OMMAND L INE I NTER FAC E 3-140 GVRP an d Bridge Extension Commands GARP VLAN Regi strati on Pr otoc ol def ines a wa y for s witche s to exchan ge VL AN information in orde r to automati cally r egister VLAN m embers on i nter faces ac ross th e netw ork.
GVRP AND B RID GE E XTENSION C OMMANDS 3-141 Default Settin g Disab led Command Mode Int erface Co nfigurat ion (Ethe r net, Port Cha nnel) Command Us age GVRP can only be enab led for tagg ed port s. Y ou mus t set switchport mode to “tru nk” to co nfigure a ta gged por t.
C OMMAND L INE I NTER FAC E 3-142 Example garp timer Use t his command t o set the val ues for th e join, le ave and leave all timers. Use the no for m to re store the tim ers' d efault val ues.
GVRP AND B RID GE E XTENSION C OMMANDS 3-143 expe rienci ng diffic ultie s with G MRP or GVR P regist ration / deregi stratio n. • Timer val ues are applied to GVRP for all the po rts on al l VLANs.
C OMMAND L INE I NTER FAC E 3-144 Command Mode Norma l Exec, Pri vileg ed Exec Example Related Commands garp ti mer (3-1 42) bridge-ext gvrp Use t his co mmand to enable GVRP .
GVRP AND B RID GE E XTENSION C OMMANDS 3-145 Example show bridge-ext Use t his co mmand t o show the con figur ation for bridg e exte nsion command s. Default Settin g None Command Mode Pri vileged E .
C OMMAND L INE I NTER FAC E 3-146 Priority Commands Clas s of Service (CoS) allo ws data pack ets that have gre ater prece dence to rec eive high er servic e prior ity when traffic is buffered in t he switc h due t o conge stion. This swit ch sup ports CoS wi th fou r pr iori ty q ueues for each por t.
P RIORI TY C OMMANDS 3-147 queue mode Use thi s comman d to set th e queu e mode to str ict prior ity or W eighte d Round-R obin (WRR ) for t he four c lass of service (CoS) prior ity que ues.
C OMMAND L INE I NTER FAC E 3-148 Command Mode Pri vileged E xec Example Mirror Port Commands Thi s section des cribes how t o mirror t raf fi c from a sour ce port to a target port. port monitor Use t his comman d to co nfigur e a mir ror se ssion. Use t he no form to clear a mi rror sessi on.
M IRR OR P ORT C OMMANDS 3-149 Default Settin g No mir ror se ssio n is def ined. When enabl ed, th e defa ult mirr oring is for bo th rece ived an d transmit ted pac kets.
C OMMAND L INE I NTER FAC E 3-150 Default Settin g Shows al l sessi ons. Command Mode Pri vileged E xec Command Us age Thi s command displays the cur rently configur ed so urce p ort, desti nation por t, and mirror mode (i.
P ORT T RUNKI NG C OMMANDS 3-151 Guidelines for Creat ing Trunks • Fin ish con figurin g po rt tr unks befo re yo u connec t the corr espondi ng network cable s between swi tches to av oid creati ng a loop . • A trun k can contain up to eight 10/100 Mbps ports or u p to two 1000 Mbps ports .
C OMMAND L INE I NTER FAC E 3-152 port-group Use th is comm and to add a pr edefined p ort group to a trunk. Use the no for m to re move a port g roup from a trunk.
P ORT T RUNKI NG C OMMANDS 3-153 Example The f ollowing example creates t runk 1 an d then adds port 1 and 13: Console(config)#interfa ce port-channel 1 Console(config-if)#port -group 1 Console(config.
C OMMAND L INE I NTER FAC E 3-154.
A-1 A PPENDIX A T ROUBLESHOOTING Troubleshooting Chart Troubleshooting Chart Symptom Action Cannot connect using Telnet, Web browser, or SNMP software • Be sur e to have configured the agent with a valid IP address, subnet mask and default gate way.
T R OUBL ESHOOTING A-2 Cannot access the on-board configuration program via a serial port connection • Be sur e to have set the terminal e mulator program to VT100 compatible, 8 data bits, 1 stop bit, no parity and 9600 bps. • Check that the null-modem serial cable conforms to the pin-out connections provided in Ap pendix B.
B-1 A PPENDIX B U PGRADING F IRMW ARE VIA THE S ERIAL P OR T The switch contai ns thre e firmware com ponent s that can b e upgra ded; the dia gnosti cs (or Bo ot-ROM ) co de, run time o perati on cod e a nd the loader cod e.
U PGR ADIN G F IR MWAR E VIA THE S ERIAL P ORT B-2 4. When the swi tch init ializatio n screen appears, e nter fi r mware -downloa d mode by pre ssing <Esc > immedi ately aft er the d iagnost ic test r esult s. Scre en text si milar to th at show n belo w display s: 5.
B-3 9. If using Windo ws Hyper T erminal, c lick the “T ransfer ” butto n, and t hen click “Send Fi le.... ” Select the XMod em Protoc ol and the n use the “Brows e” button to sele ct the requ ired firmware cod e fi le from your PC sys tem.
U PGR ADIN G F IR MWAR E VIA THE S ERIAL P ORT B-4 For ex ample , the fo llow ing sc reen te xt show s the dow nloa d proc edure for a runt ime code fi le: 13. Set your PC’ s terminal emul ation so ftware baud ra te back to 9600 baud. Press <Enter> to res et com munic ations wi th t he switch .
R ESTORING S WITCH D EFAULTS B-5 2. Ent er <0> to acce ss the F ile Mana ger menu . The fol lowing screen will appear: 3. Enter < S> and se t the Facto ry_De fault_ config. cfg file as th e startup configuration file. 4. Ent er <q > and th en <x> t o re turn to t he ma in me nu.
U PGR ADIN G F IR MWAR E VIA THE S ERIAL P ORT B-6 5. Ent er <G> t o bo ot the system . [0]FileManager: [1]Test Mode Set: [x] Exit ! Enter Selection:x [1]Image Update [2]System Parameters [3]Cha.
Glossary-1 G LOSSARY 10BAS E-T IEEE 802.3 specification for 1 0 Mbps Ethernet over two pairs of Category 3, 4, or 5 UTP cabl e. 100BASE-TX IEEE 802.3u specification for 1 00 Mbps Fast Etherne t o ver two pairs of Category 5 UTP cable. 1000 BASE-T IEEE 802.
G LOS SARY Glossary-2 Collision D omain Single CSMA/CD LAN segmen t. CSMA/CD Carrier Sense Multiple Access /Collision Detect is the communication method employed by Ethernet and Fast Ethernet. Dynamic Host Control Protocol (DHCP) Provides a framework f or passing configuration information to hosts o n a TCP/IP network.
G LOSSAR Y Glossary-3 Full D uplex T ransmission method that allows switc h and network card to transmit and receive concurrently, effectively doubling the bandwidth of that link.
G LOS SARY Glossary-4 LANs, and defines a standard w ay for VLANs to communicate across switched networks. IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses p acket tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged prior ity v alue .
G LOSSAR Y Glossary-5 IGMP Snooping Listening to IGMP Query and IGMP R eport packets transferred between IP Multicast Routers and IP Multi cast host groups to identify IP Multicast group members. Internet Control Message Protocol (ICMP) Commonly used to send echo m essages (i.
G LOS SARY Glossary-6 Management Infor mat ion Base (MIB ) An acronym for Management Inf or mation Base. It is a set of database objects that contains information about a specific devi ce.
G LOSSAR Y Glossary-7 into or o ut of th e net work . Traffic t hat fal ls with in the r ate l imit is trans mitted, wh ile p ackets that ex ceed t he accept able amou nt of traf fic are drop ped.
G LOS SARY Glossary-8 Virtual LAN (VLAN) A Virtu al LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network.
C-1 A PPENDIX C P IN A SSIGN MENTS Console Port Pin Assignments The DB-9 s erial p ort on the s witch ’s fron t pa nel is used to con nect to the swit ch fo r out- of-band consol e conf igurati on. The onboard men u-driven con figurati on prog ram can be accesse d from a termi nal, or a PC runn ing a t er min al emulat ion prog ram.
P IN A SSIGN MENTS C-2 DB-9 Port Pin Assignments Console Port to 9-Pin DTE Port on PC Console Port to 25-Pin DTE Port on PC EIA Circuit CCITT Signal Description Switch’s DB9 DTE Pin # PC DB9 DTE Pin # BB 104 RxD (Received Data) 2 2 BA 103 TxD (Transmitted Data) 3 3 AB 102 SGND (Signal Ground) 5 5 No other pins are used.
Index-1 A address table 2 -38 B BOOTP 2-13 broadcast storm, threshold 2-34 C Class of Service configuring 2-77 queue mapping 2 - 77 community string 2-83 configuration settings, saving or restoring 2-.
I NDEX Index-2 R RADIUS, logon authentication 2-17 rate limit configuration 2-98 restarting the system 2-24 S serial port configuring 3-61 , 3-68 , 3-8 6 SNMP community string 2-83 enabling traps 2-84.
.
38 T esla Irvine, CA 9 2618 Phone: (949 ) 679-800 0 FOR TECHNICAL SUPPOR T , CALL: From U. S.A. an d Cana da (2 4 hours a day , 7 da ys a w ee k) (800) SMC- 4-YOU; (94 9) 679-800 0; Fax: (949 ) 679- 1481 From Europe (8: 00 AM - 5: 30 PM UK Time) 44 (0) 118 97 4 870 0; Fax: 44 (0) 118 974 87 01 INTERNET E-mail addresses: techsupp ort@sm c.
デバイスSMC Networks TIGERSWITCH 10/100の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
SMC Networks TIGERSWITCH 10/100をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはSMC Networks TIGERSWITCH 10/100の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。SMC Networks TIGERSWITCH 10/100の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。SMC Networks TIGERSWITCH 10/100で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
SMC Networks TIGERSWITCH 10/100を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はSMC Networks TIGERSWITCH 10/100の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、SMC Networks TIGERSWITCH 10/100に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちSMC Networks TIGERSWITCH 10/100デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。
