Edge-Core ES3628C Technical Information

Powered by AcctonManagement GuideES3628C24 10/100 Ports + 4GE Intelligent Layer 2/3/4Fast Ethernet Switchwww.edge-core.com

ContentsxConfiguring DVMRP Interface Settings 3-268Displaying Neighbor Information 3-270Displaying the Routing Table 3-271Configuring PIM-DM 3-272

Configuring the Switch3-523Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined vie

User Authentication3-533CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the

Configuring the Switch3-543Command Attributes• Account List – Displays the current list of user accounts and associated access levels. (Defaults: admi

User Authentication3-553Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on spec

Configuring the Switch3-563• RADIUS Settings- Global – Provides globally applicable RADIUS settings.- ServerIndex – Specifies one of five RADIUS serve

User Authentication3-573Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentica

Configuring the Switch3-583Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Sock

User Authentication3-593Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-35 HTTPS SettingsC

Configuring the Switch3-603Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some o

User Authentication3-613be configured locally on the switch via the User Accounts page as described on page 3-53.) The clients are subsequently authen

Contentsxidisable 4-21configure 4-22show history 4-22reload 4-23end 4-23exit 4-24quit 4-24System Management Commands 4-25Device Designation Commands

Configuring the Switch3-623Field Attributes• Public-Key of Host-Key – The public key for the host.- RSA (Version 1): The first field indicates the siz

User Authentication3-633CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then

Configuring the Switch3-643Web – Click Security, SSH, Settings. Enable SSH and adjust the authentication parameters as required, then click Apply. Not

User Authentication3-653Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC add

Configuring the Switch3-663Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbo

User Authentication3-673Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attach

Configuring the Switch3-683• The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native suppo

User Authentication3-693Configuring 802.1X Global SettingsThe 802.1X protocol provides port authentication. The 802.1X protocol must be enabled global

Configuring the Switch3-703• Max Request – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before

User Authentication3-713CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example,

ContentsxiiSMTP Alert Commands 4-49logging sendmail host 4-50logging sendmail level 4-50logging sendmail source-email 4-51logging sendmail destina

Configuring the Switch3-723Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Table 3-7 802.1

User Authentication3-733Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statisti

Configuring the Switch3-743Filtering IP Addresses for Management AccessYou can create a list of up to 16 IP addresses or IP address groups that are al

User Authentication3-753Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interfa

Configuring the Switch3-763Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4

Access Control Lists3-773Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Name

Configuring the Switch3-783and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned.Web – Specify the

Access Control Lists3-793• Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicates a specific protocol number (0

Configuring the Switch3-803Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-813Configuring a MAC ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Source/Destina

ContentsxiiiPort Security Commands 4-77port security 4-78802.1X Port Authentication 4-79dot1x system-auth-control 4-80dot1x default 4-80dot1x max

Configuring the Switch3-823Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-833Configuring ACL MasksYou must specify masks that control the order in which ACL rules are checked. The switch includes two sy

Configuring the Switch3-843Configuring an IP ACL MaskThis mask defines the fields to check in the IP header. Command Usage• Masks that include an entr

Access Control Lists3-853Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source o

Configuring the Switch3-863Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mas

Access Control Lists3-873CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules

Configuring the Switch3-883Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egres

Port Configuration3-893• Trunk Member8 – Shows if port is a trunk member. • Creation9 – Shows if a trunk is manually configured or dynamically set via

Configuring the Switch3-903• Flow control – Shows if flow control is enabled or disabled.• LACP – Shows if LACP is enabled or disabled.• Port security

Port Configuration3-913Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface

Contentsxivsnmp-server engine-id 4-113show snmp engine-id 4-114snmp-server view 4-115show snmp view 4-116snmp-server group 4-116show snmp group

Configuring the Switch3-923Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure

Port Configuration3-933Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk offer

Configuring the Switch3-943Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of differ

Port Configuration3-953CLI – This example creates trunk 1 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to

Configuring the Switch3-963Command Attributes• Member List (Current) – Shows configured trunks (Unit, Port).• New – Includes entry fields for creatin

Port Configuration3-973CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another swit

Configuring the Switch3-983Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the follo

Port Configuration3-993Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

Configuring the Switch3-1003CLI – The following example configures LACP parameters for ports 1-10. Ports 1-8 are used as active members of the LAG, po

Port Configuration3-1013Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Info

ContentsxvInterface Commands 4-143interface 4-143description 4-144speed-duplex 4-144negotiation 4-145capabilities 4-146shutdown 4-148switchport broad

Configuring the Switch3-1023Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for

Port Configuration3-1033Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-58

Configuring the Switch3-1043Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state fo

Port Configuration3-1053CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel

Configuring the Switch3-1063Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the thre

Port Configuration3-1073Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then at

Configuring the Switch3-1083Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or rec

Port Configuration3-1093Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs

Configuring the Switch3-1103Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been

Port Configuration3-1113Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of good f

Contentsxvimax-hops 4-179spanning-tree spanning-disabled 4-179spanning-tree cost 4-180spanning-tree port-priority 4-180spanning-tree edge-port 4-1

Configuring the Switch3-1123Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at

Address Table Settings3-1133CLI – This example shows statistics for port 12.Address Table SettingsSwitches store the addresses for all known devices.

Configuring the Switch3-1143Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Address Table Settings3-1153Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Configuring the Switch3-1163Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Stat

Spanning Tree Algorithm Configuration3-1173Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Da

Configuring the Switch3-1183new root port is selected from among the device ports attached to the network. (References to “ports” in this section mean

Spanning Tree Algorithm Configuration3-1193• Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., di

Configuring the Switch3-1203Note: The current root port and current root cost display as zero when this device is not connected to the network.Configu

Spanning Tree Algorithm Configuration3-1213• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must c

Contentsxviiqueue bandwidth 4-208queue cos-map 4-209show queue mode 4-210show queue bandwidth 4-210show queue cos-map 4-211Priority Commands (La

Configuring the Switch3-1223• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning

Spanning Tree Algorithm Configuration3-1233Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-68

Configuring the Switch3-1243CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters.

Spanning Tree Algorithm Configuration3-1253• Oper Path Cost – The contribution of this port to the path cost of paths towards the spanning tree root w

Configuring the Switch3-1263• Internal path cost – The path cost for the MST. See the preceding item.• Priority – Defines the priority used for this p

Spanning Tree Algorithm Configuration3-1273CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RST

Configuring the Switch3-1283The following interface attributes can be configured:• Spanning Tree – Enables/disables STA on this interface. (Default: E

Spanning Tree Algorithm Configuration3-1293Migration button to manually re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the s

Configuring the Switch3-1303Note: All VLANs are automatically added to the IST (Instance 0).To ensure that the MSTI maintains connectivity across the

Spanning Tree Algorithm Configuration3-1313CLI – This displays STA settings for instance 1, followed by settings for each port. CLI – This example set

Contentsxviiiip igmp query-interval 4-238ip igmp max-resp-interval 4-238ip igmp last-memb-query-interval 4-239ip igmp version 4-240show ip igmp in

Configuring the Switch3-1323Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display the current statu

Spanning Tree Algorithm Configuration3-1333Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usi

Configuring the Switch3-1343• Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower va

VLAN Configuration3-1353VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into separ

Configuring the Switch3-1363Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags sh

VLAN Configuration3-1373these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine secur

Configuring the Switch3-1383Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange

VLAN Configuration3-1393CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN a

Configuring the Switch3-1403Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4094, no leading zeroes).• Type – Shows how this VLAN was added

VLAN Configuration3-1413Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to

Contentsxixdefault-information originate 4-269timers spf 4-270area range 4-270area default-cost 4-271summary-address 4-272redistribute 4-272networ

Configuring the Switch3-1423Command Attributes • VLAN – ID of configured VLAN (1-4094).• Name – Name of the VLAN (1 to 32 characters).• Status – Enabl

VLAN Configuration3-1433CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VLAN S

Configuring the Switch3-1443Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLA

VLAN Configuration3-1453Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-300

Configuring the Switch3-1463CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the

VLAN Configuration3-1473Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports des

Configuring the Switch3-1483Command UsageTo configure protocol-based VLANs, follow these steps:1. First configure VLAN groups for the protocols you wa

VLAN Configuration3-1493Mapping Protocols to VLANsMap a protocol group to a VLAN for each interface that will participate in the group.Command Usage•

Configuring the Switch3-1503CLI – The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN

Class of Service Configuration3-1513Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfa

Contentsxxshow ip dvmrp route 4-308show ip dvmrp neighbor 4-309show ip dvmrp interface 4-309PIM-DM Multicast Routing Commands 4-310router pim 4-

Configuring the Switch3-1523Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using eight pri

Class of Service Configuration3-1533Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click

Configuring the Switch3-1543Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

Class of Service Configuration3-1553Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), ente

Configuring the Switch3-1563Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of priori

Class of Service Configuration3-1573Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining ei

Configuring the Switch3-1583CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value

Class of Service Configuration3-1593Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service

Configuring the Switch3-1603Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port number (i.e.

Quality of Service3-1613CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS valu

xxiTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-7Table 3-1 Web Page Configuration Buttons 3-3Table 3-2 Switch Main Menu 3-4Table 3-

Configuring the Switch3-1623Configuring Quality of Service Parameters To create a service policy for a specific category or ingress traffic, follow th

Quality of Service3-1633Command AttributesClass Map• Modify Name and Description – Configures the name and a brief description of a class map. (Range:

Configuring the Switch3-1643Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing cl

Quality of Service3-1653Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Command Usage • To configu

Configuring the Switch3-1663Policy Rule Settings- Class Settings -• Class Name – Name of class map.• Action – Shows the service provided to ingress tr

Quality of Service3-1673Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. T

Configuring the Switch3-1683CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522

Multicast Filtering3-1693Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A mu

Configuring the Switch3-1703Based on the group membership information learned from IGMP, a router/switch can determine which (if any) multicast traffi

Multicast Filtering3-1713Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Based

xxiiTablesTable 4-18 Logging Levels 4-44Table 4-19 show logging flash/ram - display description 4-48Table 4-20 show logging trap - display descripti

Configuring the Switch3-1723Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default se

Multicast Filtering3-1733Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informatio

Configuring the Switch3-1743Specifying Static Interfaces for a Multicast RouterDepending on your network connections, IGMP snooping may not always be

Multicast Filtering3-1753Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast

Configuring the Switch3-1763Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query

Multicast Filtering3-1773CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLA

Configuring the Switch3-1783it will continue to receive the multicast service. The following parameters are used to control Layer 3 IGMP and query fun

Multicast Filtering3-1793• Last Member Query Interval – A multicast client sends an IGMP leave message when it leaves a group. The router then checks

Configuring the Switch3-1803Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parame

Multicast Filtering3-1813Displaying Multicast Group InformationWhen IGMP (Layer 3) is enabled on this switch the current multicast groups learned via

xxiiiTablesTable 4-63 Private VLAN Commands 4-197Table 4-64 Protocol-based VLAN Commands 4-198Table 4-65 GVRP and Bridge Extension Commands 4-202Ta

Configuring the Switch3-1823Configuring Domain Name ServiceThe Domain Naming System (DNS) service on this switch allows host names to be mapped to IP

Configuring Domain Name Service3-1833Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more

Configuring the Switch3-1843Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are used to

Configuring Domain Name Service3-1853Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.

Configuring the Switch3-1863Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name servers.Fi

Dynamic Host Configuration Protocol3-1873CLI - This example displays all the resource records learned from the designated name servers.Dynamic Host Co

Configuring the Switch3-1883Command Usage You must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP relay agent will

Dynamic Host Configuration Protocol3-1893Configuring the DHCP ServerThis switch includes a Dynamic Host Configuration Protocol (DHCP) server that can

Configuring the Switch3-1903Web – Click DHCP, Server, General. Enter a single address or an address range, and click Add. Figure 3-108 DHCP Server G

Dynamic Host Configuration Protocol3-1913Configuring Address PoolsYou must configure IP address pools for each IP interface that will provide addresse

xxivTablesTable 4-108 show ip dvmrp neighbor - display description 4-309Table 4-109 PIM-DM Multicast Routing Commands 4-310Table 4-110 show ip pim n

Configuring the Switch3-1923• Client-Identifier – A unique designation for the client device, either a text string (1-15 characters) or hexadecimal va

Dynamic Host Configuration Protocol3-1933Configuring a Network Address PoolWeb – Click DHCP, Server, Pool Configuration. Click the Configure button fo

Configuring the Switch3-1943Configuring a Host Address PoolWeb – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Cli

Dynamic Host Configuration Protocol3-1953Displaying Address BindingsYou can display the host devices which have acquired an IP address from this switc

Configuring the Switch3-1963Configuring Router Redundancy Router redundancy protocols use a virtual IP address to support a primary router and multipl

Configuring Router Redundancy3-1973• Several virtual master routers configured for mutual backup and load sharing. Load sharing can be accomplished by

Configuring the Switch3-1983• VRRP creates a virtual MAC address for the master router based on a standard prefix, with the last octet equal to the gr

Configuring Router Redundancy3-1993Command Attributes (VRRP Group Configuration Detail)• Associated IP Table – IP interfaces associated with this virt

Configuring the Switch3-2003Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add.Figure 3-113 V

Configuring Router Redundancy3-2013Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real i

xxvFiguresFigure 3-1 Home Page 3-2Figure 3-2 Front Panel Indicators 3-3Figure 3-3 System Information 3-12Figure 3-4 Switch Information 3-14Figure

Configuring the Switch3-2023CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary interface

Configuring Router Redundancy3-2033CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch.Displayi

Configuring the Switch3-2043Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group.Figure 3-116 VRRP Group StatisticsCLI –

IP Routing3-2053IP RoutingOverviewThis switch supports IP routing and routing path management via static routing definitions (page 3-223) and dynamic

Configuring the Switch3-2063IP SwitchingIP Switching (or packet forwarding) encompasses tasks required to forward packets for both Layer 2 and Layer 3

IP Routing3-2073the high throughput and low latency of switching by enabling the traffic to bypass the routing engine once the path calculation has be

Configuring the Switch3-2083Basic IP Interface ConfigurationTo allow routing between different IP subnets, you must enable IP Routing as described in

IP Routing3-2093Configuring IP Routing InterfacesYou can specify the IP subnets connected to this router by manually assigning an IP address to each V

Configuring the Switch3-2103Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subne

IP Routing3-2113Address Resolution Protocol If IP routing is enabled (page 3-208), the router uses its routing tables to make routing decisions, and u

xxviFiguresFigure 3-42 802.1X Port Statistics 3-73Figure 3-43 IP Filter 3-75Figure 3-44 Selecting ACL Type 3-77Figure 3-45 ACL Configuration - Stan

Configuring the Switch3-2123Basic ARP ConfigurationYou can use the ARP General configuration menu to specify the timeout for ARP cache entries, or to

IP Routing3-2133Configuring Static ARP AddressesFor devices that do not respond to ARP requests, traffic will be dropped because the IP address cannot

Configuring the Switch3-2143Displaying Dynamically Learned ARP EntriesThe ARP cache contains entries that map IP addresses to the corresponding physic

IP Routing3-2153CLI - This example shows all entries in the ARP cache.Displaying Local ARP EntriesThe ARP cache also contains entries for local interf

Configuring the Switch3-2163CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache.Displaying ARP Stat

IP Routing3-2173CLI - This example provides detailed statistics on common IP-related protocols.Displaying Statistics for IP ProtocolsIP StatisticsThe

Configuring the Switch3-2183Datagrams Forwarded The number of input datagrams for which this entity was not their final IP destination, as a result of

IP Routing3-2193Web - Click IP, Statistics, IP.Figure 3-124 IP StatisticsCLI - See the example on page 3-216.ICMP StatisticsInternet Control Message

Configuring the Switch3-2203Web - Click IP, Statistics, ICMP.Figure 3-125 ICMP StatisticsCLI - See the example on page 3-216.Timestamps The number o

IP Routing3-2213UDP StatisticsUser Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying tr

xxviiFiguresFigure 3-87 Queue Mode 3-154Figure 3-88 Queue Scheduling 3-155Figure 3-89 IP Precedence/DSCP Priority Status 3-156Figure 3-90 IP Preced

Configuring the Switch3-2223TCP StatisticsThe Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched

IP Routing3-2233Configuring Static RoutesThis router can dynamically configure routes to other network segments using dynamic routing protocols (i.e.,

Configuring the Switch3-2243Displaying the Routing TableYou can display all the routes that can be accessed via the local network interfaces, via stat

IP Routing3-2253CLI - This example shows routes obtained from various methods.Configuring the Routing Information ProtocolThe RIP protocol is the most

Configuring the Switch3-2263routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks. Moreover, RIP (ve

IP Routing3-2273Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset interfaces to

Configuring the Switch3-2283Specifying Network Interfaces for RIPYou must specify network interfaces that will be included in the RIP routing process.

IP Routing3-2293Configuring Network Interfaces for RIPFor each interface that participates in the RIP routing process, you must specify the protocol m

Configuring the Switch3-2303Protocol Message AuthenticationRIPv1 is not a secure protocol. Any device sending protocol messages from UDP port 520 will

IP Routing3-2313• Authentication Key – Specifies the key to use for authenticating RIPv2 packets. For authentication to function properly, both the se

xxviiiFiguresFigure 3-132 RIP Interface Settings 3-231Figure 3-133 RIP Statistics 3-233Figure 3-134 OSPF General Configuration 3-238Figure 3-135 OS

Configuring the Switch3-2323Displaying RIP Information and StatisticsYou can display basic information about the current global configuration settings

IP Routing3-2333Web - Click Routing Protocol, RIP, Statistics.Figure 3-133 RIP Statistics

Configuring the Switch3-2343CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the

IP Routing3-2353Configuring the Open Shortest Path First ProtocolOpen Shortest Path First (OSPF) is more suited for large area networks which experien

Configuring the Switch3-2363• OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of

IP Routing3-2373• AS Boundary Router 29 – Allows this router to exchange routing information with boundary routers in other autonomous systems to whic

Configuring the Switch3-2383Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global

IP Routing3-2393Configuring OSPF AreasAn autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default,

Configuring the Switch3-2403 • Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned via OSPF, the

IP Routing3-2413Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default s

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent tha

Configuring the Switch3-2423Configuring Area Ranges (Route Summarization for ABRs)An OSPF area can include a large number of nodes. If the Area Border

IP Routing3-2433Web - Click Routing Protocol, OSPF, Area Range Configuration. Specify the area identifier, the base address and network mask, select w

Configuring the Switch3-2443Configuring OSPF InterfacesYou should specify a routing interface for any local subnet that needs to communicate with othe

IP Routing3-2453- On slow links, the router may send packets more quickly than devices can receive them. To avoid this problem, you can use the transm

Configuring the Switch3-2463- You can assign a unique password to each network (i.e., autonomous system) to improve the security of the routing databa

IP Routing3-2473Change any of the interface-specific protocol parameters, and then click Apply.Figure 3-138 OSPF Interface Configuration - DetailedC

Configuring the Switch3-2483Configuring Virtual LinksAll OSPF areas must connect to the backbone. If an area does not have a direct physical connectio

IP Routing3-2493Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router

Configuring the Switch3-2503Configuring Network Area AddressesOSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricte

IP Routing3-2513Web - Click Routing Protocol, OSPF, Network Area Address Configuration. Configure a backbone area that is contiguous with all the othe

Management GuideFast Ethernet SwitchLayer 3 Standalone Switch with 24 100BASE-TX (RJ-45) Ports, 2 1000BASE-T (RJ-45) Ports, and 2 SFP Slots

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Configuring the Switch3-2523CLI - This example configures the backbone area and one transit area.Console(config-router)#network 10.0.0.0 255.0.0.0 are

IP Routing3-2533Configuring Summary Addresses (for External AS Routes)An Autonomous System Boundary Router (ASBR) can redistribute routes learned from

Configuring the Switch3-2543CLI - This example This example creates a summary address for all routes contained in 192.168.x.x.Redistributing External

IP Routing3-2553Web - Click Routing Protocol, OSPF, Redistribute. Specify the protocol type to import, the metric type and path cost, then click Add.F

Configuring the Switch3-2563Note: This router supports up 16 areas, either normal transit areas, stubs, or NSSAs. Web - Click Routing Protocol, OSPF,

IP Routing3-2573Displaying Link State Database InformationOSPF routers advertise routes using Link State Advertisements (LSAs). The full collection of

Configuring the Switch3-2583Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display,

IP Routing3-2593Displaying Information on Border RoutersYou can display entries in the local routing table for Area Border Routers (ABR) and Autonomou

Configuring the Switch3-2603Displaying Information on Neighbor RoutersYou can display about neighboring routers on each interface within an OSPF area.

Multicast Routing3-2613Multicast RoutingThis router can route multicast traffic to different subnetworks using either Distance Vector Multicast Routin

Description of Software Features1-31Access Control Lists – ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP port numbe

Configuring the Switch3-2623Displaying the Multicast Routing TableYou can display information on each multicast route this router has learned via DVMR

Multicast Routing3-2633Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry.Figure

Configuring the Switch3-2643CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multic

Multicast Routing3-2653Configuring DVMRPThe Distance-Vector Multicast Routing Protocol (DVMRP) behaves somewhat similarly to RIP. A router supporting

Configuring the Switch3-2663Command UsageBroadcasting periodically floods the network with traffic from any active multicast server. If IGMP snooping

Multicast Routing3-2673which this device has received probes, and is used to verify whether or not these neighbors are still active members of the mul

Configuring the Switch3-2683Web – Click Routing Protocol, DVMRP, General Settings. Enable or disable DVMRP. Set the global parameters that control nei

Multicast Routing3-2693DVMRP Interface Settings• VLAN – Selects a VLAN interface on this router. • Metric – Sets the metric for this interface used to

Configuring the Switch3-2703Displaying Neighbor InformationYou can display all the neighboring DVMRP routers.Command Attributes• Neighbor Address – Th

Multicast Routing3-2713Displaying the Routing TableThe router learns source-routed information from neighboring DVMRP routers and also advertises lear

Introduction1-41IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning ad

Configuring the Switch3-2723CLI – This example displays known DVMRP routes.Configuring PIM-DMProtocol-Independent Multicasting (PIM) provides two diff

Multicast Routing3-2733Web – Click Routing Protocol, PIM-DM, General Settings. Enable or disable PIM-DM globally for the router, and click Apply.Figur

Configuring the Switch3-2743• Trigger Hello Interval – Configures the maximum time before transmitting a triggered PIM hello message after the router

Multicast Routing3-2753Web – Click Routing Protocol, PIM-DM, Interface Settings. Select a VLAN, enable or disable PIM-DM for the selected interface, m

Configuring the Switch3-2763Displaying Interface InformationYou can display a summary of the current interface status for PIM-DM, including the number

Multicast Routing3-2773Web – Click Routing Protocol, PIM-DM, Neighbor Information.Figure 3-156 PIM-DM Neighbor InformationCLI – This example display

Configuring the Switch3-2783

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Description of Software Features1-51• Use private VLANs to restrict traffic to pass only between data ports and the uplink ports, thereby isolating ad

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword w

Command Line Interface4-64Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display i

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

Command Line Interface4-84To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to ret

Entering Commands4-94Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

Command Line Interface4-104Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command Group Index

Line Commands4-114The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) MST (Multiple Spanning Tree) P

Command Line Interface4-124lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

Line Commands4-134Command Usage • There are three authentication modes provided by the switch itself at login:- login selects authentication by a sing

Introduction1-61remote network, the switch checks to see if it has the best route. If it does, it sends its own MAC address to the host. The host then

Command Line Interface4-144• The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when r

Line Commands4-154exec-timeoutThis command sets the interval that the system waits until user input is detected. Use the no form to restore the defaul

Command Line Interface4-164Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of

Line Commands4-174databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use the no f

Command Line Interface4-184Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit

Line Commands4-194Default Setting 1 stop bitCommand Mode Line Configuration Example To specify 2 stop bits, enter this command:disconnectThis command

Command Line Interface4-204Example To show all lines, enter this command:General CommandsenableThis command activates Privileged Exec mode. In privile

General Commands4-214Default SettingLevel 15Command ModeNormal ExecCommand Usage • “super” is the default password required to change the command mode

Command Line Interface4-224configureThis command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. Y

General Commands4-234The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and

System Defaults1-71System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switc

Command Line Interface4-244exitThis command returns to the previous configuration mode or exits the configuration program.Default Setting NoneCommand

System Management Commands4-254System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration

Command Line Interface4-264Example hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default ho

System Management Commands4-274User Access CommandsThe basic commands required for management access are listed in this section. This switch also incl

Command Line Interface4-284Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encry

System Management Commands4-294Related Commandsenable (4-20)authentication enable (4-71)IP Filter CommandsmanagementThis command specifies the client

Command Line Interface4-304• You can delete an address range just by specifying the start address, or by specifying both the start address and end add

System Management Commands4-314Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no

Command Line Interface4-324Example Related Commandsip http port (4-31)ip http secure-serverThis command enables the secure hypertext transfer protocol

System Management Commands4-334Example Related Commandsip http secure-port (4-33)copy tftp https-certificate (4-64)ip http secure-portThis command spe

Introduction1-81SNMP SNMP Agent EnabledCommunity Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabledLink-up-down e

Command Line Interface4-344Telnet Server Commandsip telnet serverThis command allows this device to be monitored or configured from Telnet. It also sp

System Management Commands4-354This section describes the commands used to configure the SSH server. However, note that you also need to install a SSH

Command Line Interface4-36410.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254 150202455931998685443583616519999233297817660658

System Management Commands4-374ip ssh serverThis command enables the Secure Shell (SSH) server on this switch. Use the no form to disable this service

Command Line Interface4-384Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotia

System Management Commands4-394Default Setting 768 bitsCommand Mode Global ConfigurationCommand Usage • The server key is a private key that is never

Command Line Interface4-404Command Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save host-key command to save t

System Management Commands4-414ip ssh save host-keyThis command saves the host key from RAM to flash memory. Syntax ip ssh save host-key [dsa | rsa]•

Command Line Interface4-424show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [usern

System Management Commands4-434• When an RSA key is displayed, the first field indicates the size of the host key (e.g., 1024), the second field is th

System Defaults1-91IP Settings Management. VLAN Any VLAN configured with an IP addressIP Address 0.0.0.0Subnet Mask 255.0.0.0Default Gateway 0.0.0.0DH

Command Line Interface4-444Default Setting NoneCommand Mode Global ConfigurationCommand Usage The logging process controls error messages saved to swi

System Management Commands4-454Default Setting • Flash: errors (level 3 - 0)• RAM: warnings (level 7 - 0)Command Mode Global ConfigurationCommand Usag

Command Line Interface4-464Default Setting 23Command Mode Global ConfigurationCommand Usage The command specifies the facility type tag sent in syslog

System Management Commands4-474clear logThis command clears messages from the log buffer.Syntax clear log [flash | ram]• flash - Event history stored

Command Line Interface4-484ExampleThe following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., de

System Management Commands4-494show logThis command displays the log messages stored in local memory.Syntax show log {flash | ram}• flash - Event hist

Command Line Interface4-504logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMT

System Management Commands4-514Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to the

Command Line Interface4-524Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to speci

System Management Commands4-534Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintain

Introduction1-101

Command Line Interface4-544Example Related Commandssntp server (4-54)sntp poll (4-55)show sntp (4-55)sntp serverThis command sets the IP address of th

System Management Commands4-554sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use t

Command Line Interface4-564clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours minute

System Management Commands4-574Default Setting NoneCommand Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, Feb

Command Line Interface4-584Command Usage • Use this command in conjunction with the show running-config command to compare the information in running

System Management Commands4-594Related Commandsshow running-config (4-59)show running-configThis command displays the configuration information curren

Command Line Interface4-604Example Related Commandsshow startup-config (4-57)show systemThis command displays system information.Default Setting NoneC

System Management Commands4-614Command Usage • For a description of the items shown by this command, refer to “Displaying System Information” on page

Command Line Interface4-624Example show versionThis command displays hardware and software version information for the system.Default Setting NoneComm

System Management Commands4-634Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Syntax [no]

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-644Flash/File CommandsThese commands are used to manage the system code or configuration files.copy This command moves (upl

Flash/File Commands4-654Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not cont

Command Line Interface4-664The following example shows how to download a configuration file: This example shows how to copy a secure-site certificate

Flash/File Commands4-674Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cfg”

Command Line Interface4-684Example The following example shows how to display all file information:whichbootThis command displays which files were boo

Authentication Commands4-694Command Mode Global ConfigurationCommand Usage • A colon (:) is required after the specified file type. • If the file cont

Command Line Interface4-704Authentication Sequenceauthentication loginThis command defines the login authentication method and precedence. Use the no

Authentication Commands4-714authentication enableThis command defines the authentication method and precedence to use when changing from Exec command

Command Line Interface4-724RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software runn

Authentication Commands4-734Example radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax

ES3628CF3.1.0.18 E032005-R02149100005100H

Initial Configuration2-22• Configure Spanning Tree parameters• Configure Class of Service (CoS) priority queuing• Configure up to 12 static or LACP tr

Command Line Interface4-744radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radius-serve

Authentication Commands4-754Example TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that u

Command Line Interface4-764Example tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.Sy

Authentication Commands4-774show tacacs-serverThis command displays the current settings for the TACACS+ server.Default Setting NoneCommand Mode Privi

Command Line Interface4-784port securityThis command enables or configures port security. Use the no form without any keywords to disable port securit

Authentication Commands4-794Example The following example enables port security for port 5, and sets the response to a security violation to issue a t

Command Line Interface4-804dot1x system-auth-controlThis command enables IEEE 802.1X port authentication globally on the switch. Use the no form to re

Authentication Commands4-814dot1x port-controlThis command sets the dot1x mode on a port interface. Use the no form to restore the default.Syntaxdot1x

Command Line Interface4-824Command Usage • The “max-count” parameter specified by this command is only effective if the dot1x mode is set to “auto” by

Authentication Commands4-834dot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been exceede

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-844dot1x timeout tx-periodThis command sets the time that an interface on the switch waits during an authentication session be

Authentication Commands4-854- Mode – Dot1x port control mode (page 4-81).- Authorized – Authorization status (yes or n/a - not authorized). • 802.1X P

Command Line Interface4-864• Reauthentication State Machine - State – Current state (including initialize, reauthenticate).ExampleConsole#show dot1xGl

Access Control List Commands4-874Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, prot

Command Line Interface4-884The order in which active ACLs are checked is as follows:1. User-defined rules in the Egress MAC ACL for egress ports.2. Us

Access Control List Commands4-894access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Us

Command Line Interface4-904Default SettingNoneCommand ModeStandard ACLCommand Usage• New rules are appended to the end of the list.• Address bitmasks

Access Control List Commands4-914• precedence – IP precedence level. (Range: 0-7)• tos – Type of Service level. (Range: 0-15)• dscp – DSCP priority le

Command Line Interface4-924ExampleThis example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule

Access Control List Commands4-934access-list ip mask-precedence This command changes to the IP Mask mode used to configure access control masks. Use t

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-944• destination-bitmask – Destination address of rule must match this bitmask.• precedence – Check the IP precedence field.•

Access Control List Commands4-954This shows that the entries in the mask override the precedence in which the rules are entered into the ACL. In the f

Command Line Interface4-964This shows how to create an extended ACL with an egress mask to drop packets leaving network 171.69.198.0 when the Layer 4

Access Control List Commands4-974This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other pac

Command Line Interface4-984Related Commandsmask (IP ACL) (4-93)ip access-group This command binds a port to an IP ACL. Use the no form to remove the p

Access Control List Commands4-994MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form t

Command Line Interface4-1004Related Commandspermit, deny (4-100)mac access-group (4-105)show mac access-list (4-101)permit, deny (MAC ACL)This command

Access Control List Commands4-1014•vid-bitmask38 – VLAN bitmask. (Range: 1-4094)• protocol – A specific Ethernet protocol number. (Range: 600-fff hex.

Command Line Interface4-1024access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no f

Access Control List Commands4-1034• vid-bitmask – VLAN ID of rule must match this bitmask.• ethertype – Check the Ethernet type field.• ethertype-bitm

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1044This example creates an Egress MAC ACL.show access-list mac mask-precedence This command shows the ingress or egress rule

Access Control List Commands4-1054mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the port.Syntaxmac access-group ac

Command Line Interface4-1064ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined masks.Com

SNMP Commands4-1074SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well a

Command Line Interface4-1084Exampleshow snmpThis command can be used to check the status of SNMP communications.Default Setting NoneCommand Mode Norma

SNMP Commands4-1094snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified comm

Command Line Interface4-1104Related Commandssnmp-server location (4-110)snmp-server locationThis command sets the system location string. Use the no f

SNMP Commands4-1114to using the snmp-server host command. (Maximum length: 32 characters)• version - Specifies whether to send notifications as SNMP V

Command Line Interface4-1124To send an inform to a SNMPv3 host, complete these steps:1. Enable the SNMP agent (page 4-107).2. Allow the switch to send

SNMP Commands4-1134SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, both a

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1144• A remote engine ID is required when using SNMPv3 informs. (See snmp-server host on page 4-110.) The remote engine ID is

SNMP Commands4-1154snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Syntax

Command Line Interface4-1164show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis c

SNMP Commands4-1174Default Setting • Default groups: public39 (read only), private40 (read/write)• readview - Every object belonging to the Internet O

Command Line Interface4-1184snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify

SNMP Commands4-1194• ip-address - The Internet address of the remote device.• v1 | v2c | v3 - Use SNMP version 1, 2c or 3.• encrypted - Accepts the pa

Command Line Interface4-1204show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngin

DHCP Commands4-1214DHCP CommandsThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client, relay, and server functions. Y

Command Line Interface4-1224Related Commandsip dhcp restart client (4-122)ip dhcp restart clientThis command submits a BOOTP or DHCP client request.De

DHCP Commands4-1234DHCP Relayip dhcp restart relayThis command enables DHCP relay for the specified VLAN. Use the no form to disable it.Syntax [no] ip

Basic Configuration2-72The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

Command Line Interface4-1244ip dhcp relay serverThis command specifies the addresses of DHCP servers to be used by the switch’s DHCP relay agent. Use

DHCP Commands4-1254service dhcpThis command enables the DHCP server on this switch. Use the no form to disable the DHCP server.Syntax[no] service dhcp

Command Line Interface4-1264Default Setting All IP pool addresses may be assigned.Command ModeGlobal ConfigurationExample ip dhcp poolThis command con

DHCP Commands4-1274networkThis command configures the subnet number and mask for a DHCP address pool. Use the no form to remove the subnet number and

Command Line Interface4-1284Command ModeDHCP Pool ConfigurationUsage Guidelines The IP address of the router should be on the same subnet as the clien

DHCP Commands4-1294Usage Guidelines • If DNS IP servers are not configured for a DHCP client, the client cannot correlate host names to IP addresses.•

Command Line Interface4-1304Example Related Commandsnext-server (4-129)netbios-name-serverThis command configures NetBIOS Windows Internet Naming Serv

DHCP Commands4-1314netbios-node-typeThis command configures the NetBIOS node type for Microsoft DHCP clients. Use the no form to remove the NetBIOS no

Command Line Interface4-1324Command Modes DHCP Pool ConfigurationExample The following example leases an address to clients using this pool for 7 days

DHCP Commands4-1334ExampleRelated Commandsclient-identifier (4-133)hardware-address (4-134)client-identifierThis command specifies the client identifi

Initial Configuration2-82Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a vi

Command Line Interface4-1344hardware-addressThis command specifies the hardware address of a DHCP client. This command is valid for manual bindings on

DHCP Commands4-1354Usage Guidelines •An address specifies the client’s IP address. If an asterisk (*) is used as the address parameter, the DHCP serve

Command Line Interface4-1364DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries i

DNS Commands4-1374Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP ad

Command Line Interface4-1384Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-138)ip name-server (4-139)i

DNS Commands4-1394ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-name (4-137)ip n

Command Line Interface4-1404ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4

DNS Commands4-1414Related Commands ip domain-name (4-137)ip name-server (4-139)show hostsThis command displays the static host name-to-address mapping

Command Line Interface4-1424show dns cacheThis command displays entries in the DNS cache.Command Mode Privileged ExecExample clear dns cacheThis comma

Interface Commands4-1434Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

Managing System Files2-92Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, w

Command Line Interface4-1444Command Mode Global Configuration Example To specify port 4, enter the following command:descriptionThis command adds a de

Interface Commands4-1454Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex settin

Command Line Interface4-1464• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Exampl

Interface Commands4-1474Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Commands ne

Command Line Interface4-1484Related Commands negotiation (4-145)capabilities (flowcontrol, symmetric) (4-146)shutdown This command disables an interfa

Interface Commands4-1494Command Usage • When broadcast traffic exceeds the specified threshold, packets above that threshold are dropped. • Broadcast

Command Line Interface4-1504show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface

Interface Commands4-1514show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface • eth

Command Line Interface4-1524show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Synt

Interface Commands4-1534Table 4-49 show interfaces switchport - display descriptionField DescriptionBroadcast threshold Shows if broadcast storm sup

Initial Configuration2-102

Command Line Interface4-1544Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis com

Mirror Port Commands4-1554Example The following example configures the switch to mirror all packets from port 6 to 11:show port monitorThis command di

Command Line Interface4-1564Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic transmitted or receive

Link Aggregation Commands4-1574Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth

Command Line Interface4-1584Dynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following criteria:• Ports must

Link Aggregation Commands4-1594lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

Command Line Interface4-1604lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default set

Link Aggregation Commands4-1614lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to re

Command Line Interface4-1624Default Setting 0Command Mode Interface Configuration (Port Channel)Command Usage • Ports are only allowed to join the sam

Link Aggregation Commands4-1634Example show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbor

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

Command Line Interface4-1644Console#show lacp 1 internalPort channel: 1-------------------------------------------------------------------------Oper K

Link Aggregation Commands4-1654Console#show lacp 1 neighborsPort channel 1 neighbors------------------------------------------------------------------

Command Line Interface4-1664Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands4-1674mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an a

Command Line Interface4-1684clear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the transm

Address Table Commands4-1694means to match a bit and “1” means to ignore a bit. For example, a mask of 00-00-00-00-00-00 means an exact match, and a m

Command Line Interface4-1704Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Spanning Tree Commands4-1714spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Command Line Interface4-1724members may be inadvertently disabled to prevent network loops, thus isolating group members. When operating multiple VLAN

Spanning Tree Commands4-1734Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., disc

vContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-7Chapter 2: Initial Configuration 2-

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-1744Default Setting 20 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) a

Spanning Tree Commands4-1754spanning-tree pathcost methodThis command configures the path cost method used for Rapid Spanning Tree and Multiple Spanni

Command Line Interface4-1764spanning-tree mst-configuration This command changes to Multiple Spanning Tree (MST) configuration mode. Default Setting •

Spanning Tree Commands4-1774and the same instance (on each bridge) with the same set of VLANs. Also, note that RSTP treats each MSTI region as a singl

Command Line Interface4-1784Default Setting Switch’s MAC addressCommand Mode MST ConfigurationCommand Usage The MST region name and revision number (p

Spanning Tree Commands4-1794max-hopsThis command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to re

Command Line Interface4-1804spanning-tree costThis command configures the spanning tree path cost for the specified interface. Use the no form to rest

Spanning Tree Commands4-1814Default Setting 128Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the p

Command Line Interface4-1824Example Related Commandsspanning-tree portfast (4-182)spanning-tree portfastThis command sets an interface to fast forward

Spanning Tree Commands4-1834spanning-tree link-typeThis command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree. Use the n

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

Command Line Interface4-1844Default Setting By default, the system automatically detects the speed and duplex mode used on each port, and configures t

Spanning Tree Commands4-1854Command Usage • This command defines the priority for the use of an interface in the multiple spanning-tree. If the path c

Command Line Interface4-1864show spanning-treeThis command shows the configuration for the common spanning tree (CST) or for an instance within the mu

Spanning Tree Commands4-1874ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------

Command Line Interface4-1884show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privil

VLAN Commands4-1894vlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.Default Setting NoneCom

Command Line Interface4-1904Command Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state re

VLAN Commands4-1914Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLA

Command Line Interface4-1924switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restor

VLAN Commands4-1934• If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be di

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Command Line Interface4-1944switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the defau

VLAN Commands4-1954switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Syntax swit

Command Line Interface4-1964show vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keyword to be followed b

VLAN Commands4-1974Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. This secti

Command Line Interface4-1984show pvlanThis command displays the configured private VLAN.Command Mode Privileged ExecExampleConfiguring Protocol-based

VLAN Commands4-19943. Then map the protocol for each interface to the appropriate VLAN using the protocol-vlan protocol-group command (Interface Confi

Command Line Interface4-2004Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • When creating a protocol-based VLAN, only ass

VLAN Commands4-2014show interfaces protocol-vlan protocol-groupThis command shows the mapping from protocol groups to VLANs for the selected interface

Command Line Interface4-2024GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN information

GVRP and Bridge Extension Commands4-2034show bridge-extThis command shows the configuration for bridge extension commands.Default Setting NoneCommand

Navigating the Web Browser Interface3-53SNMPv3 3-42Engine ID Sets the SNMP v3 engine ID 3-43Remote Engine ID Sets the SNMP v3 engine ID on a remote de

Command Line Interface4-2044show gvrp configurationThis command shows if GVRP is enabled.Syntax show gvrp configuration [interface]interface • etherne

GVRP and Bridge Extension Commands4-2054Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client

Command Line Interface4-2064Related Commandsgarp timer (4-204)Priority CommandsThe commands described in this section allow you to specify which data

Priority Commands4-2074queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) prio

Command Line Interface4-2084Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP Por

Priority Commands4-2094Example This example shows how to assign WRR weights to each of the priority queues:Related Commandsshow queue bandwidth (4-210

Command Line Interface4-2104Example The following example shows how to change the CoS assignments to a one-to-one mapping:Related Commands show queue

Priority Commands4-2114Example show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interface •

Command Line Interface4-2124Priority Commands (Layer 3 and 4) map ip port (Global Configuration)This command enables IP port mapping (i.e., class of s

Priority Commands4-2134Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority ma

Configuring the Switch3-63LACP 3-93Configuration Allows ports to dynamically join trunks 3-95Aggregation Port Configures parameters for link aggrega

Command Line Interface4-2144map ip precedence (Interface Configuration)This command sets IP precedence priority (i.e., IP Type of Service priority). U

Priority Commands4-2154Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP

Command Line Interface4-2164• DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p stand

Priority Commands4-2174show map ip precedenceThis command shows the IP precedence priority map.Syntax show map ip precedence [interface]interface • et

Command Line Interface4-2184show map ip dscpThis command shows the IP DSCP priority map.Syntax show map ip dscp [interface]interface • ethernet unit/p

Quality of Service Commands4-2194Quality of Service CommandsThe commands described in this section are used to configure Differentiated Services (Diff

Command Line Interface4-2204Notes: 1. You can only configure one rule per Class Map. However, you can include multiple classes in a Policy Map.2. You

Quality of Service Commands4-2214matchThis command defines the criteria used to classify traffic. Use the no form to delete the matching criteria.Synt

Command Line Interface4-2224This example creates a class map call “rd_class#3,” and sets it to match packets marked for VLAN 1:policy-mapThis command

Quality of Service Commands4-2234classThis command defines a traffic classification upon which a policy can act, and enters Policy Map Class configura

Navigating the Web Browser Interface3-73Trunk Configuration Configures trunk settings for a specified MST instance 3-133VLAN 3-135802.1Q VLANGVRP Stat

Command Line Interface4-2244setThis command services IP traffic by setting a CoS, DSCP, or IP Precedence value in a matching packet (as specified by t

Quality of Service Commands4-2254Command Usage • You can configure up to 63 policers (i.e., class maps) for Fast Ethernet and Gigabit Ethernet ingress

Command Line Interface4-2264show class-mapThis command displays the QoS class maps which define matching criteria used for classifying traffic.Syntax

Quality of Service Commands4-2274Exampleshow policy-map interfaceThis command displays the service policy assigned to the specified interface.Syntax s

Command Line Interface4-2284Multicast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts tha

Multicast Filtering Commands4-2294The following example enables IGMP snooping.ip igmp snooping vlan staticThis command adds a port to a multicast grou

Command Line Interface4-2304Command Usage • All systems on the subnet must support the same version. If there are legacy devices in your network that

Multicast Filtering Commands4-2314Command Mode Privileged ExecCommand Usage Member types displayed include IGMP or USER, depending on selected options

Command Line Interface4-2324Exampleip igmp snooping query-countThis command configures the query count. Use the no form to restore the default.Syntax

Multicast Filtering Commands4-2334Command Mode Global ConfigurationExample The following shows how to configure the query interval to 100 seconds:ip i

Configuring the Switch3-83QoS 3-161DiffServ Configure QoS classification criteria and service policies 3-161Class Map Creates a class map for a type o

Command Line Interface4-2344ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the default.

Multicast Filtering Commands4-2354ip igmp snooping vlan mrouterThis command statically configures a multicast router port. Use the no form to remove t

Command Line Interface4-2364Command Usage Multicast router port types displayed include Static or Dynamic.Example The following shows that port 11 in

Multicast Filtering Commands4-2374ExampleRelated Commands ip igmp snooping (4-228)show ip igmp snooping (4-230)ip igmp robustval This command specifie

Command Line Interface4-2384ip igmp query-intervalThis command configures the frequency at which host query messages are sent. Use the no form to rest

Multicast Filtering Commands4-2394Command Usage• The switch must be using IGMPv2 for this command to take effect. • This command defines how long any

Command Line Interface4-2404ip igmp versionThis command configures the IGMP version used on an interface. Use the no form of this command to restore t

Multicast Filtering Commands4-2414The following example shows the IGMP configuration for VLAN 1, as well as the device currently serving as the IGMP q

Command Line Interface4-2424Command Usage • This command displays information for multicast groups learned via IGMP, not static groups.• If the switch

IP Interface Commands4-2434IP Interface CommandsThere are no IP addresses assigned to this router by default. You must manually configure a new addres

Navigating the Web Browser Interface3-93ARP 3-211General Sets the protocol timeout, and enables or disables proxy ARP for the specified VLAN3-212Stati

Command Line Interface4-2444Default Setting DHCPCommand Mode Interface Configuration (VLAN)Command Usage • If this router is directly connected to end

IP Interface Commands4-2454Related Commandsip dhcp restart client (4-122)ip default-gatewayThis command specifies the default gateway for destinations

Command Line Interface4-2464Related Commands show ip redirects (4-246)show ip redirectsThis command shows the default gateway configured for this devi

IP Interface Commands4-2474- Network or host unreachable - The gateway found no corresponding entry in the route table. • Press <Esc> to stop pi

Command Line Interface4-2484Command Usage • The ARP cache is used to map 32-bit IP addresses into 48-bit hardware (i.e., Media Access Control) address

IP Interface Commands4-2494clear arp-cacheThis command deletes all dynamic entries from the Address Resolution Protocol (ARP) cache.Command Mode Privi

Command Line Interface4-2504ip proxy-arpThis command enables proxy Address Resolution Protocol (ARP). Use the no form to disable proxy ARP.Syntax [no]

IP Routing Commands4-2514Global Routing Configurationip routingThis command enables IP routing. Use the no form to disable IP routing.Syntax [no] ip r

Command Line Interface4-2524• gateway – IP address of the gateway used for this route. • metric – Selected RIP cost for this interface. (Range: 1-5, d

IP Routing Commands4-2534show ip routeThis command displays information in the IP routing table.Syntax show ip route [config | address [netmask]]• con

Configuring the Switch3-103Routing Protocol 3-207RIP 3-225General Settings Enables or disables RIP, sets the global RIP version and timer values3-226N

Command Line Interface4-2544show ip host-routeThis command displays the interface associated with known routes.Command Mode Privileged ExecExample Co

IP Routing Commands4-2554show ip trafficThis command displays statistics for IP, ICMP, UDP, TCP and ARP protocols.Command Mode Privileged ExecCommand

Command Line Interface4-2564Routing Information Protocol (RIP)router ripThis command enables Routing Information Protocol (RIP) routing for all IP int

IP Routing Commands4-2574timers basicThis command configures the RIP update timer, timeout timer, and garbage- collection timer. Use the no form to re

Command Line Interface4-2584networkThis command specifies the network interfaces that will be included in the RIP routing process. Use the no form to

IP Routing Commands4-2594Command Usage This command can be used to configure a static neighbor with which this router will exchange information, rathe

Command Line Interface4-2604ip rip receive versionThis command specifies a RIP version to receive on an interface. Use the no form to restore the defa

IP Routing Commands4-2614ip rip send versionThis command specifies a RIP version to send on an interface. Use the no form to restore the default value

Command Line Interface4-2624ip split-horizonThis command enables split-horizon or poison-reverse (a variation) on an interface. Use the no form to dis

IP Routing Commands4-2634• For authentication to function properly, both the sending and receiving interface must be configured with the same password

Navigating the Web Browser Interface3-113PIM-DMGeneral Settings Enables or disables PIM-DM globally for the switch 3-272Interface Settings Enables or

Command Line Interface4-2644show rip globalsThis command displays global configuration settings for RIP.Command Mode Privileged ExecExample show ip ri

IP Routing Commands4-2654Example Console#show ip rip configuration Interface SendMode ReceiveMode Poison Authentication-------

Command Line Interface4-2664Open Shortest Path First (OSPF) Table 4-89 Open Shortest Path First CommandsCommand Function Mode PageGeneral Configurat

IP Routing Commands4-2674router ospfThis command enables Open Shortest Path First (OSPF) routing for all IP interfaces on the router. Use the no form

Command Line Interface4-2684Command Usage • The router ID must be unique for every router in the autonomous system. Using the default setting based on

IP Routing Commands4-2694default-information originateThis command generates a default external route into an autonomous system. Use the no form to di

Command Line Interface4-2704Related Commandsip route (4-251)redistribute (4-272)timers spfThis command configures the hold time between making two con

IP Routing Commands4-2714Default Setting DisabledCommand Usage • This command can be used to advertise routes between areas.• If routes are set to be

Command Line Interface4-2724summary-addressThis command aggregates routes learned from other protocols. Use the no form to remove a summary address.Sy

IP Routing Commands4-2734Default Setting redistribution - noneprotocol - RIP and staticmetric-value - 0type-metric - 2Command Usage • This router supp

ContentsviSaving or Restoring Configuration Settings 3-23Downloading Configuration Settings from a Server 3-24Console Port Settings 3-25Telnet Sett

Configuring the Switch3-123Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location

Command Line Interface4-2744Command Usage • An area ID uniquely defines an OSPF broadcast area. The area ID 0.0.0.0 indicates the OSPF backbone for an

IP Routing Commands4-2754Command Usage • All routers in a stub must be configured with the same area ID.• Routing table space is saved in a stub by bl

Command Line Interface4-2764Command Usage • All routers in a NSSA must be configured with the same area ID.• An NSSA is similar to a stub, because whe

IP Routing Commands4-2774• authentication - Specifies the authentication mode. If no optional parameters follow this keyword, then plain text authenti

Command Line Interface4-2784Default Setting area-id: Nonerouter-id: Nonehello-interval: 10 secondsretransmit-interval: 5 secondstransmit-delay: 1 seco

IP Routing Commands4-2794Command Mode Interface Configuration (VLAN)Default Setting No authenticationCommand Usage • Before specifying plain-text pass

Command Line Interface4-2804ExampleThis example sets a password for the specified interface.Related Commandsip ospf authentication (4-278)ip ospf mess

IP Routing Commands4-2814Related Commandsip ospf authentication (4-278)ip ospf costThis command explicitly sets the cost of sending a packet on an int

Command Line Interface4-2824ExampleRelated Commandsip ospf hello-interval (4-282)ip ospf hello-intervalThis command specifies the interval between sen

IP Routing Commands4-2834Default Setting 1Command Usage • Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to an

Basic Configuration3-133CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Infor

Command Line Interface4-2844ip ospf transmit-delayThis command sets the estimated time to send a link-state update packet over an interface. Use the n

IP Routing Commands4-2854show ip ospf border-routersThis command shows entries in the routing table that lead to an Area Border Router (ABR) or Autono

Command Line Interface4-2864show ip ospf databaseThis command shows information about different OSPF Link State Advertisements (LSAs) stored in this r

IP Routing Commands4-2874Command Mode Privileged ExecExamplesThe following shows output for the show ip ospf database command.Console#show ip ospf dat

Command Line Interface4-2884The following shows output when using the asbr-summary keyword.Console#show ip ospf database asbr-summaryOSPF Router with

IP Routing Commands4-2894The following shows output when using the database-summary keyword.Console#show ip ospf database database-summaryArea ID (10.

Command Line Interface4-2904The following shows output when using the external keyword.Console#show ip ospf database externalOSPF Router with id(192.1

IP Routing Commands4-2914The following shows output when using the network keyword.Console#show ip ospf database networkOSPF Router with id(10.1.1.253

Command Line Interface4-2924The following shows output when using the router keyword.Console#show ip ospf database routerOSPF Router with id(10.1.1.25

IP Routing Commands4-2934The following shows output when using the summary keyword.Number of TOS metrics Type of Service metric – This router only sup

Configuring the Switch3-143• Operation Code Version – Version number of runtime code.• Role – Shows that this switch is operating as Master or Slave2.

Command Line Interface4-2944show ip ospf interfaceThis command displays summary information for OSPF interfaces.Syntax show ip ospf interface [vlan vl

IP Routing Commands4-2954show ip ospf neighborThis command displays information about neighboring routers on each interface within an OSPF area.Syntax

Command Line Interface4-2964show ip ospf summary-addressThis command displays all summary address information.Syntax show ip ospf summary-addressComma

Multicast Routing Commands4-2974Multicast Routing CommandsThis router uses IGMP snooping and query to determine the ports connected to downstream mult

Command Line Interface4-2984Default Setting No static multicast router ports are configured. Command Mode Global ConfigurationCommand Usage Depending

Multicast Routing Commands4-2994General Multicast Routing Commands ip multicast-routingThis command enables IP multicast routing. Use the no form to d

Command Line Interface4-3004Command Usage This command displays information for multicast routing. If no optional parameters are selected, detailed in

Multicast Routing Commands4-3014DVMRP Multicast Routing Commands router dvmrpThis command enables Distance-Vector Multicast Routing (DVMRP) globally f

Command Line Interface4-3024ExampleRelated Commands ip dvmrp (4-305)show router dvmrp (4-307)probe-intervalThis command sets the interval for sending

Multicast Routing Commands4-3034nbr-timeoutThis command sets the interval to wait for messages from a DVMRP neighbor before declaring it dead. Use the

Basic Configuration3-153Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filterin

Command Line Interface4-3044flash-update-intervalThis command specifies how often to send trigger updates, which reflect changes in the network topolo

Multicast Routing Commands4-3054default-gatewayThis command specifies the default DVMRP gateway for IP multicast traffic. Use the no form to remove th

Command Line Interface4-3064Command Usage To fully enable DVMRP, you need to enable multicast routing globally for the router with the ip multicast-ro

Multicast Routing Commands4-3074clear ip dvmrp routeThis command clears all dynamic routes learned by DVMRP.Command Mode Privileged ExecExampleAs show

Command Line Interface4-3084show ip dvmrp routeThis command displays all entries in the DVMRP routing table.Command Mode Normal Exec, Privileged ExecE

Multicast Routing Commands4-3094show ip dvmrp neighborThis command displays all of the DVMRP neighbor routers.Command Mode Normal Exec, Privileged Exe

Command Line Interface4-3104PIM-DM Multicast Routing Commands router pimThis command enables Protocol-Independent Multicast - Dense Mode (PIM-DM) glob

Multicast Routing Commands4-3114ip pim dense-modeThis command enables PIM-DM on the specified interface. Use the no form to disable PIM-DM on this int

Command Line Interface4-3124ip pim hello-intervalThis command configures the frequency at which PIM hello messages are transmitted. Use the no form to

Multicast Routing Commands4-3134ip pim trigger-hello-intervalThis command configures the maximum time before transmitting a triggered PIM Hello messag

Configuring the Switch3-163CLI – Enter the following command. Configuring Support for Jumbo FramesThe switch provides more efficient throughput for la

Command Line Interface4-3144Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffi

Multicast Routing Commands4-3154Default Setting 2Command Mode Interface Configuration (VLAN)Exampleshow router pimThis command displays the global PIM

Command Line Interface4-3164show ip pim neighborThis command displays information about PIM neighbors.Syntax show ip pim neighbor [ip-address]ip-addre

Router Redundancy Commands4-3174Virtual Router Redundancy Protocol CommandsTo configure VRRP, select an interface on one router in the group to serve

Command Line Interface4-3184Command Usage • The interfaces of all routers participating in a virtual router group must be within the same IP subnet.•

Router Redundancy Commands4-3194• When a VRRP packet is received from another router in the group, its authentication key is compared to the string co

Command Line Interface4-3204vrrp timers advertiseThis command sets the interval at which the master virtual router sends advertisements communicating

Router Redundancy Commands4-3214Default Setting • Preempt: Enabled• Delay: 0 secondsCommand Mode Interface (VLAN)Command Usage • If preempt is enabled

Command Line Interface4-3224ExampleThis example displays the full listing of status information for all groups.This example displays the brief listing

Router Redundancy Commands4-3234show vrrp interfaceThis command displays status information for the specified VRRP interface.Syntax show vrrp interfac

Basic Configuration3-173Setting the Switch’s IP Address This section describes how to configure an initial IP interface for management access over the

Command Line Interface4-3244show vrrp router countersThis command displays counters for errors found in VRRP protocol packets.Command Mode Privileged

Router Redundancy Commands4-3254clear vrrp router counters This command clears VRRP system statistics.Command Mode Privileged ExecExampleclear vrrp in

Command Line Interface4-3264

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS+, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Li

Software SpecificationsA-2AQuality of ServiceDiffServ supports class maps, policy maps, and service policiesMulticast Filtering IGMP Snooping (Layer 2

Management Information BasesA-3AIEEE 802.3-2002 Ethernet, Fast Ethernet, Gigabit Ethernet Link Aggregation Control Protocol (LACP) Full-duplex flo

Software SpecificationsA-4APort Access Entity MIB (IEEE 802.1X)Port Access Entity Equipment MIBPrivate MIBQuality of Service MIBRADIUS Authentication

B-1Appendix B: TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

Configuring the Switch3-183Manual ConfigurationWeb – Click IP, General, Routing Interface. Select the VLAN through which the management station is att

GlossaryGlossary-2Distance Vector Multicast Routing Protocol (DVMRP)A distance-vector-style routing protocol used for routing multicast datagrams thro

Glossary-3GlossaryIEEE 802.1QVLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to differ

GlossaryGlossary-4In-Band ManagementManagement of the network from a station attached directly to the network.IP Multicast FilteringA process whereby

Glossary-5GlossaryNetwork Time Protocol (NTP)NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarc

GlossaryGlossary-6Dense Mode is designed for networks where the probability of a multicast client is high and frequent flooding of multicast traffic c

Glossary-7GlossaryTelnetDefines a remote communication facility for interfacing to a terminal device over TCP/IP.Terminal Access Controller Access Con

GlossaryGlossary-8

Index-1Numerics802.1X, port authentication 3-67, 4-79Aacceptable frame type 3-144, 4-192Access Control List See ACLACLExtended IP 3-77, 4-87, 4-88, 4

Index-2IndexDynamic Host Configuration Protocol See DHCPEedge port, STA 3-126, 3-128, 4-181event logging 4-43Ffirmwaredisplaying version 3-13, 4-62u

Index-3IndexMSTP 4-171global settings 3-129, 4-170interface settings 3-127, 4-170multicast filtering 3-169, 4-228multicast groups 3-175, 3-181, 4-230d

Basic Configuration3-193Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by th

Index-4Indexspecifying interfaces 3-228, 4-258statistics 3-232, 4-265router redundancyprotocols 3-196, 4-316VRRP 3-197, 4-317routing table, displaying

Index-5Indexprivate 3-146, 4-197protocol 3-147, 4-198VRRP 3-197, 4-317authentication 3-199, 4-318configuration settings 3-197, 4-317group statistics 3

Index-6Index

ES3628CE032005-R02149100005100H

Configuring the Switch3-203Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires o

Basic Configuration3-213Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace

ContentsviiConfiguring ACL Masks 3-83Specifying the Mask Type 3-83Configuring an IP ACL Mask 3-84Configuring a MAC ACL Mask 3-86Binding a Port to

Configuring the Switch3-223To delete a file select System, File Management, Delete. Select the file name from the given list by checking the tick box

Basic Configuration3-233Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server, or copy files

Configuring the Switch3-243Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set

Basic Configuration3-253CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch,

Configuring the Switch3-263• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match

Basic Configuration3-273CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curren

Configuring the Switch3-283• Password6 – Specifies a password for the line connection. When a connection is started on a line with password protection

Basic Configuration3-293Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that are

Configuring the Switch3-303Web – Click System, Logs, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and f

Basic Configuration3-313Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Addres

ContentsviiiMapping Protocols to VLANs 3-149Class of Service Configuration 3-150Layer 2 Queue Settings 3-150Setting the Default Priority for Interf

Configuring the Switch3-323Displaying Log MessagesUse the Logs page to scroll through the logged system and event messages. The switch can store up to

Basic Configuration3-333• SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to connect to the other liste

Configuring the Switch3-343CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and spec

Basic Configuration3-353Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic upda

Configuring the Switch3-363CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings.Setti

Simple Network Management Protocol3-373Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol design

Configuring the Switch3-383security models v1 and v2c. The following table shows the security models and levels available and the system default setti

Simple Network Management Protocol3-393CLI – The following example enables SNMP on the switch.Setting Community Access Strings You may configure up to

Configuring the Switch3-403Specifying Trap Managers and Trap TypesTraps indicating status changes are issued by the switch to specified trap managers.

Simple Network Management Protocol3-413Version 1 or 2c clients), or define a corresponding “User Name” in the SNMPv3 Users page (for Version 3 clients

ContentsixIP Routing 3-205Overview 3-205Initial Configuration 3-205IP Switching 3-206Routing Path Management 3-207Routing Protocols 3-207Basic IP

Configuring the Switch3-423Web – Click SNMP, Configuration. Enter the IP address and community string for each management station that will receive tr

Simple Network Management Protocol3-433Setting a Local Engine IDAn SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine

Configuring the Switch3-443The engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are specified, traili

Simple Network Management Protocol3-453• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Pr

Configuring the Switch3-463CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remote SNMPv3 User

Simple Network Management Protocol3-473• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Pr

Configuring the Switch3-483CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3 GroupsAn SN

Simple Network Management Protocol3-493Table 3-5 Supported Notification MessagesObject Label Object ID DescriptionRFC 1493 TrapsnewRoot 1.3.6.1.2.1.

Configuring the Switch3-503Private TrapsswPowerStatus ChangeTrap1.3.6.1.4.1.259.6.10.75.2.1.0.1 This trap is sent when the power state changes.swFanFa

Simple Network Management Protocol3-513Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, ass