Accton-technology ES5508 Uživatelský manuál

www.edge-core.comManagement GuidePowered by AcctonES55088 XFP Slot Layer 210 Gigabit Ethernet Switch

Contentsxip ssh authentication-retries 4-36ip ssh server-key size 4-36delete public-key 4-37ip ssh crypto host-key generate 4-37ip ssh crypto zero

Configuring the Switch3-603CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and th

User Authentication3-613Web – Click Security, SSH, Settings. Enable SSH and adjust the authentication parameters as required, then click Apply. Note t

Configuring the Switch3-623Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC

User Authentication3-633Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox i

Configuring the Switch3-643Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply att

User Authentication3-653• The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native support

Configuring the Switch3-663Configuring 802.1X Global SettingsThe 802.1X protocol provides port authentication. The 802.1X protocol must be enabled glo

User Authentication3-673• Max Request – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it

Configuring the Switch3-683CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this examp

User Authentication3-693Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Table 3-7 802.1X S

Contentsxiwhichboot 4-67boot system 4-67Authentication Commands 4-68Authentication Sequence 4-69authentication login 4-69authentication enable 4-

Configuring the Switch3-703Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the stati

User Authentication3-713Filtering IP Addresses for Management AccessYou can create a list of up to 16 IP addresses or IP address groups that are allow

Configuring the Switch3-723Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an inte

Access Control Lists3-733Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 pr

Configuring the Switch3-743Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Na

Access Control Lists3-753and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned.Web – Specify the a

Configuring the Switch3-763• Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicates a specific protocol number

Access Control Lists3-773Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Configuring the Switch3-783Configuring a MAC ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Source/Desti

Access Control Lists3-793Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

Contentsxiishow map access-list ip 4-98match access-list ip 4-99show marking 4-100MAC ACLs 4-100access-list mac 4-101permit, deny (MAC ACL) 4-

Configuring the Switch3-803Configuring ACL MasksYou must specify masks that control the order in which ACL rules are checked. The switch includes two

Access Control Lists3-813Configuring an IP ACL MaskThis mask defines the fields to check in the IP header. Command Usage• Masks that include an entry

Configuring the Switch3-823Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source

Access Control Lists3-833Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mask

Configuring the Switch3-843CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rul

Port Configuration3-853Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egress tr

Configuring the Switch3-863• Autonegotiation – Shows if auto-negotiation is enabled for disabled. (This setting is fixed at “Disabled” for all 10G por

Port Configuration3-873• LACP – Shows if LACP is enabled or disabled.• Port security – Shows if port security is enabled or disabled.• Max MAC count –

Configuring the Switch3-883Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an inter

Port Configuration3-893Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure 3-5

Contentsxiiishow interfaces switchport 4-132Mirror Port Commands 4-134port monitor 4-134show port monitor 4-135Rate Limit Commands 4-136rate-limi

Configuring the Switch3-903Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk o

Port Configuration3-913Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of different

Configuring the Switch3-923CLI – This example creates trunk 1 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch

Port Configuration3-933Command Attributes• Member List (Current) – Shows configured trunks (Unit, Port).• New – Includes entry fields for creating ne

Configuring the Switch3-943Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the follo

Port Configuration3-953Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

Configuring the Switch3-963CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG, port

Port Configuration3-973Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Infor

Configuring the Switch3-983Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for

Port Configuration3-993Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-58

Contentsxivshow spanning-tree mst configuration 4-168VLAN Commands 4-168Editing VLAN Groups 4-168vlan database 4-169vlan 4-169Configuring VLAN Int

Configuring the Switch3-1003Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state fo

Port Configuration3-1013CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel

Configuring the Switch3-1023Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the thre

Port Configuration3-1033Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then at

Configuring the Switch3-1043Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or rec

Port Configuration3-1053Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs

Configuring the Switch3-1063Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been

Port Configuration3-1073Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of good f

Configuring the Switch3-1083Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at

Address Table Settings3-1093CLI – This example shows statistics for port 12.Address Table Settings Switches store the addresses for all known devices.

Contentsxvmap ip dscp (Interface Configuration) 4-194show map ip port 4-195show map ip precedence 4-196show map ip dscp 4-196Multicast Filtering C

Configuring the Switch3-1103Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Address Table Settings3-1113Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Configuring the Switch3-1123Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Stat

Spanning Tree Algorithm Configuration3-1133Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Da

Configuring the Switch3-1143new root port is selected from among the device ports attached to the network. (References to “ports” in this section mean

Spanning Tree Algorithm Configuration3-1153• Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., di

Configuring the Switch3-1163Note: The current root port and current root cost display as zero when this device is not connected to the network.Configu

Spanning Tree Algorithm Configuration3-1173• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must c

Configuring the Switch3-1183• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning

Spanning Tree Algorithm Configuration3-1193Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-68

ContentsxviAppendix A: Software Specifications A-1Software Features A-1Management Features A-2Standards A-2Management Information Bases A-3Appendi

Configuring the Switch3-1203CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters.

Spanning Tree Algorithm Configuration3-1213• Designated Port – The port priority and number of the port on the designated bridging device through whic

Configuring the Switch3-1223These additional parameters are only displayed for the CLI:• Admin status – Shows if this interface is enabled.• External

Spanning Tree Algorithm Configuration3-1233CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RST

Configuring the Switch3-1243The following interface attributes can be configured:• Spanning Tree – Enables/disables STA on this interface. (Default: E

Spanning Tree Algorithm Configuration3-1253• Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notif

Configuring the Switch3-1263To use multiple spanning trees:1. Set the spanning tree type to MSTP (STA Configuration, page 3-116).2. Enter the spanning

Spanning Tree Algorithm Configuration3-1273Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the i

Configuring the Switch3-1283CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. ----------------------------------------

Spanning Tree Algorithm Configuration3-1293Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display th

xviiTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-4Table 3-1 Web Page Configuration Buttons 3-3Table 3-2 Switch Main Menu 3-4Table 3

Configuring the Switch3-1303Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance using the MSTP Por

Spanning Tree Algorithm Configuration3-1313Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port wi

Configuring the Switch3-1323VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into s

VLAN Configuration3-1333Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should

Configuring the Switch3-1343these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine s

VLAN Configuration3-1353Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN

Configuring the Switch3-1363CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VL

VLAN Configuration3-1373Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4094, no leading zeroes).• Type – Shows how this VLAN was added to t

Configuring the Switch3-1383Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbo

VLAN Configuration3-1393• Trunk – Trunk identifier.• Membership Type – Select VLAN membership for each interface by marking the appropriate radio butt

xviiiTablesTable 4-24 Frame Size Commands 4-62Table 4-25 Flash/File Commands 4-63Table 4-26 File Directory Information 4-66Table 4-27 Authenticatio

Configuring the Switch3-1403CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VL

VLAN Configuration3-1413Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN id

Configuring the Switch3-1423Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60

VLAN Configuration3-1433CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP

Configuring the Switch3-1443Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports

VLAN Configuration3-1453Command UsageTo configure protocol-based VLANs, follow these steps:1. First configure VLAN groups for the protocols you want t

Configuring the Switch3-1463Mapping Protocols to VLANsMap a protocol group to a VLAN for each interface that will participate in the group.Command Usa

Class of Service Configuration3-1473Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precede

Configuring the Switch3-1483Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then

Class of Service Configuration3-1493Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using e

xixTablesTable 4-69 IGMP Snooping Commands 4-198Table 4-70 IGMP Query Commands (Layer 2) 4-201Table 4-71 Static Multicast Routing Commands 4-204Tab

Configuring the Switch3-1503Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click Apply.Fi

Class of Service Configuration3-1513Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traf

Configuring the Switch3-1523Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), enter a weig

Class of Service Configuration3-1533Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods o

Configuring the Switch3-1543Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight diff

Class of Service Configuration3-1553CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to Co

Configuring the Switch3-1563Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service Value f

Class of Service Configuration3-1573Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port numb

Configuring the Switch3-1583CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS

Multicast Filtering3-1593Web – Click Priority, ACL CoS Priority. Select a port, select an ACL rule, specify a CoS priority, then click Add.Figure 3-94

xxTables

Configuring the Switch3-1603multicast switch/router to ensure that it will continue to receive the multicast service. This procedure is called multica

Multicast Filtering3-1613Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Based

Configuring the Switch3-1623Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default se

Multicast Filtering3-1633Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informatio

Configuring the Switch3-1643Specifying Static Interfaces for a Multicast RouterDepending on your network connections, IGMP snooping may not always be

Multicast Filtering3-1653Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast

Configuring the Switch3-1663Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query

Configuring Domain Name Service3-1673Configuring Domain Name ServiceThe Domain Naming System (DNS) service on this switch allows host names to be mapp

Configuring the Switch3-1683Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name ser

Configuring Domain Name Service3-1693Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are

xxiFiguresFigure 3-1 Home Page 3-2Figure 3-2 Front Panel Indicators 3-3Figure 3-3 System Information 3-9Figure 3-4 Switch Information 3-11Figure 3

Configuring the Switch3-1703Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.Figure 3-

Configuring Domain Name Service3-1713Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name s

Configuring the Switch3-1723CLI - This example displays all the resource records learned from the designated name servers.Console#show dns cache 4-216

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pr

Command Line Interface4-64Exec CommandsWhen you open a new console session on the switch with the user name and password “guest,” the system enters th

Entering Commands4-74To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Co

xxiiFiguresFigure 3-42 802.1X Port Statistics 3-70Figure 3-43 IP Filter 3-72Figure 3-44 Selecting ACL Type 3-74Figure 3-45 ACL Configuration - Stan

Command Line Interface4-84Command GroupsThe system commands can be broken down into the functional groups shown below.Ctrl-L Repeats current command l

Line Commands4-94The access mode shown in the following tables is indicated by these abbreviations: PE (Privileged Exec) VC (VLAN Database Configurat

Command Line Interface4-104lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

Line Commands4-114loginThis command enables password checking at login. Use the no form to disable password checking and allow connections without a p

Command Line Interface4-124passwordThis command specifies the password for a line. Use the no form to remove the password.Syntax password {0 | 7} pass

Line Commands4-134Default Setting • CLI: Disabled (0 seconds)• Telnet: 600 secondsCommand Mode Line ConfigurationCommand Usage • If a login attempt is

Command Line Interface4-144password-threshThis command sets the password intrusion threshold which limits the number of failed logon attempts. Use the

Line Commands4-154Example To set the silent time to 60 seconds, enter this command:Related Commands password-thresh (4-14)databitsThis command sets th

Command Line Interface4-164parityThis command defines the generation of a parity bit. Use the no form to restore the default setting.Syntax parity {no

Line Commands4-174Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on devices

xxiiiFiguresFigure 3-87 Queue Mode 3-151Figure 3-88 Queue Scheduling 3-152Figure 3-89 IP Precedence/DSCP Priority Status 3-153Figure 3-90 IP Preced

Command Line Interface4-184Example Related Commandsshow ssh (4-39)show users (4-61)show lineThis command displays the terminal line’s parameters.Synta

General Commands4-194General CommandsenableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, and cer

Command Line Interface4-204Related Commands disable (4-20)enable password (4-26)disableThis command returns to Normal Exec mode from privileged mode.

General Commands4-214show historyThis command shows the contents of the command history buffer.Default Setting NoneCommand Mode Normal Exec, Privilege

Command Line Interface4-224Command Usage This command resets the entire system.Example This example shows how to reset the switch:endThis command retu

System Management Commands4-234quitThis command exits the configuration program.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand U

Command Line Interface4-244Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Synt

System Management Commands4-254Example User Access CommandsThe basic commands required for management access are listed in this section. This switch a

Command Line Interface4-264Command Mode Global ConfigurationCommand Usage The encrypted password is required for compatibility with legacy password se

System Management Commands4-274Example Related Commandsenable (4-19)authentication enable (4-70)IP Filter CommandsmanagementThis command specifies the

xxivFigures

Command Line Interface4-284• When entering addresses for the same group (i.e., SNMP, web or Telnet), the switch will not accept overlapping address ra

System Management Commands4-294Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no

Command Line Interface4-304Example Related Commandsip http port (4-29)ip http secure-serverThis command enables the secure hypertext transfer protocol

System Management Commands4-314Example Related Commandsip http secure-port (4-31)copy tftp https-certificate (4-63)ip http secure-portThis command spe

Command Line Interface4-324Telnet Server Commandsip telnet serverThis command allows this device to be monitored or configured from Telnet. It also sp

System Management Commands4-334This section describes the commands used to configure the SSH server. However, note that you also need to install a SSH

Command Line Interface4-344station and place the host public key in it. An entry for a public key in the known hosts file would appear similar to the

System Management Commands4-354ip ssh serverThis command enables the Secure Shell (SSH) server on this switch. Use the no form to disable this service

Command Line Interface4-364Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotia

System Management Commands4-374Default Setting 768 bitsCommand Mode Global ConfigurationCommand Usage • The server key is a private key that is never

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-384Command Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save host-key command to save t

System Management Commands4-394ip ssh save host-keyThis command saves the host key from RAM to flash memory. Syntax ip ssh save host-key [dsa | rsa]•

Command Line Interface4-404show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [usern

System Management Commands4-414• When an RSA key is displayed, the first field indicates the size of the host key (e.g., 1024), the second field is th

Command Line Interface4-424logging onThis command controls logging of error messages, sending debug or error messages to switch memory. The no form di

System Management Commands4-434• level - One of the levels listed below. Messages sent include the selected level down to level 0. (Range: 0-7)Default

Command Line Interface4-444Command Usage • By using this command more than once you can build up a list of host IP addresses.• The maximum number of h

System Management Commands4-454Default Setting • Disabled• Level 7 - 0Command Mode Global ConfigurationCommand Usage • Using this command with a speci

Command Line Interface4-464show loggingThis command displays the configuration settings for logging messages to local switch memory, to an SMTP event

System Management Commands4-474The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-51)show logThis

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Broadcast storm suppressi

Command Line Interface4-484ExampleThe following example shows the event message stored in RAM. SMTP Alert CommandsThese commands configure SMTP event

System Management Commands4-494• To open a connection, the switch first selects the server that successfully sent mail during the last connection, or

Command Line Interface4-504Command Mode Global ConfigurationCommand Usage You may use an symbolic email address that identifies the switch, or the add

System Management Commands4-514Exampleshow logging sendmailThis command displays the settings for the SMTP event handler.Command Mode Normal Exec, Pri

Command Line Interface4-524sntp clientThis command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with

System Management Commands4-534Default Setting NoneCommand Mode Global ConfigurationCommand Usage This command specifies time servers from which the s

Command Line Interface4-544show sntpThis command displays the current time and configuration settings for the SNTP client, and indicates whether or no

System Management Commands4-554Related Commandsshow sntp (4-54)calendar setThis command sets the system clock. It may be used if there is no time serv

Command Line Interface4-564System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile memory that is

System Management Commands4-574Example Related Commandsshow running-config (4-58)Console#show startup-config!<stackingDB>00</stackingDB>!

Description of Software Features1-31Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from overwhelming the network. When ena

Command Line Interface4-584show running-configThis command displays the configuration information currently in use.Default Setting NoneCommand Mode Pr

System Management Commands4-594Example Related Commandsshow startup-config (4-56)Console#show running-configbuilding running-config, please wait...!&l

Command Line Interface4-604show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Us

System Management Commands4-614show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client

Command Line Interface4-624Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Syntax [

Flash/File Commands4-634Example Flash/File CommandsThese commands are used to manage the system code or configuration files.copy This command moves

Command Line Interface4-644Command Mode Privileged ExecCommand Usage • The system prompts for data required to complete the copy command. • The destin

Flash/File Commands4-654The following example shows how to download a configuration file: This example shows how to copy a secure-site certificate fro

Command Line Interface4-664Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cf

Flash/File Commands4-674Example The following example shows how to display all file information:whichbootThis command displays which files were booted

Introduction1-41learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN

Command Line Interface4-684Command Mode Global ConfigurationCommand Usage • A colon (:) is required after the specified unit number and file type. • I

Authentication Commands4-694Authentication Sequenceauthentication loginThis command defines the login authentication method and precedence. Use the no

Command Line Interface4-704authentication enableThis command defines the authentication method and precedence to use when changing from Exec command m

Authentication Commands4-714RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software run

Command Line Interface4-724Example radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax r

Authentication Commands4-734radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radius-serv

Command Line Interface4-744Example TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that us

Authentication Commands4-754Example tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.S

Command Line Interface4-764show tacacs-serverThis command displays the current settings for the TACACS+ server.Default Setting NoneCommand Mode Privil

Authentication Commands4-774port securityThis command enables or configures port security. Use the no form without any keywords to disable port securi

System Defaults1-51Authentication Privileged Exec Level Username “admin”Password “admin”Normal Exec Level Username “guest”Password “guest”Enable Privi

Command Line Interface4-784Example The following example enables port security for port 5, and sets the response to a security violation to issue a tr

Authentication Commands4-794dot1x system-auth-controlThis command enables IEEE 802.1X port authentication globally on the switch. Use the no form to r

Command Line Interface4-804dot1x port-controlThis command sets the dot1x mode on a port interface. Use the no form to restore the default.Syntaxdot1x

Authentication Commands4-814Command Usage • The “max-count” parameter specified by this command is only effective if the dot1x mode is set to “auto” b

Command Line Interface4-824dot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been exceeded

Authentication Commands4-834dot1x timeout tx-periodThis command sets the time that an interface on the switch waits during an authentication session b

Command Line Interface4-844• 802.1X Port Details – Displays the port access control parameters for each interface, including the following items:- re

Authentication Commands4-854ExampleConsole#show dot1xGlobal 802.1X Parameterssystem-auth-control: enable802.1X Port SummaryPort Name Status Operation

Command Line Interface4-864Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol,

Access Control List Commands4-874The order in which active ACLs are checked is as follows:1. User-defined rules in the Egress MAC ACL for egress ports

Management Guide10 Gigabit Ethernet SwitchLayer 2 Standalone Switch with8 10GBASE XFP Slots, and1 10/100BASE-TX RJ-45 Management Port

Introduction1-61Address Table Aging Time 300 secondsVirtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledSwitchport Mod

Command Line Interface4-884access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the

Access Control List Commands4-894access-list ip extended fragment-auto-maskThis command automatically creates extra masks to support fragmented ACL en

Command Line Interface4-904Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 1

Access Control List Commands4-914Default SettingNoneCommand ModeExtended ACLCommand Usage• All new rules are appended to the end of the list.• Address

Command Line Interface4-924This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Related Commandsacce

Access Control List Commands4-934Command Usage• A mask can only be used by all ingress ACLs or all egress ACLs.• The precedence of the ACL rules appli

Command Line Interface4-944Command ModeIP MaskCommand Usage• Packets crossing a port are checked against all the rules in the ACL until a match is fou

Access Control List Commands4-954This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit

Command Line Interface4-964This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets.

Access Control List Commands4-974Related Commandsmask (IP ACL) (4-93)ip access-group This command binds a port to an IP ACL. Use the no form to remove

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-984map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only use

Access Control List Commands4-994Command ModePrivileged ExecExample Related Commandsmap access-list ip (4-98)match access-list ip This command changes

Command Line Interface4-1004Example Related Commands show marking (4-100)show marking This command displays the current configuration for packet marki

Access Control List Commands4-1014access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove

Command Line Interface4-1024permit, deny (MAC ACL)This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source or d

Access Control List Commands4-1034Command ModeMAC ACLCommand Usage• New rules are added to the end of the list.•The ethertype option can only be used

Command Line Interface4-1044access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no f

Access Control List Commands4-1054• vid-bitmask – VLAN ID of rule must match this bitmask.• ethertype – Check the Ethernet type field.• ethertype-bitm

Command Line Interface4-1064This example creates an Egress MAC ACL.show access-list mac mask-precedence This command shows the ingress or egress rule

Access Control List Commands4-1074mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the port.Syntaxmac access-group ac

Initial Configuration2-22• Enable port mirroring• Set broadcast storm control on any port• Display system information and statistics Required Connecti

Command Line Interface4-1084map access-list mac This command sets the output queue for packets matching an ACL rule. The specified CoS value is only u

Access Control List Commands4-1094Command ModePrivileged ExecExample Related Commandsmap access-list mac (4-108)match access-list mac This command cha

Command Line Interface4-1104ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined masks.Com

SNMP Commands4-1114SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well a

Command Line Interface4-1124Exampleshow snmpThis command can be used to check the status of SNMP communications.Default Setting NoneCommand Mode Norma

SNMP Commands4-1134snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified comm

Command Line Interface4-1144Related Commandssnmp-server location (4-114)snmp-server locationThis command sets the system location string. Use the no f

SNMP Commands4-1154to using the snmp-server host command. (Maximum length: 32 characters)• version - Specifies whether to send notifications as SNMP V

Command Line Interface4-1164To send an inform to a SNMPv3 host, complete these steps:1. Enable the SNMP agent (page 4-111).2. Allow the switch to send

SNMP Commands4-1174Command Usage • If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. In o

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-1184passwords to generate the security keys for authenticating and encrypting SNMPv3 packets. • A remote engine ID is required

SNMP Commands4-1194snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Syntax

Command Line Interface4-1204show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis c

SNMP Commands4-1214Default Setting • Default groups: public27 (read only), private28 (read/write)• readview - Every object belonging to the Internet O

Command Line Interface4-1224snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify

SNMP Commands4-1234• ip-address - The Internet address of the remote device.• v1 | v2c | v3 - Use SNMP version 1, 2c or 3.• encrypted - Accepts the pa

Command Line Interface4-1244show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngin

Interface Commands4-1254Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

Command Line Interface4-1264Command Mode Global Configuration Example To specify port 4, enter the following command:descriptionThis command adds a de

Interface Commands4-1274Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex settin

Initial Configuration2-424. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level.

Command Line Interface4-1284disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.• If autonegotiatio

Interface Commands4-1294Related Commands negotiation (4-127)speed-duplex (4-126)shutdown This command disables an interface. To restart a disabled int

Command Line Interface4-1304Example The following shows how to configure broadcast storm control at 600 packets per second: clear countersThis command

Interface Commands4-1314Default Setting Shows the status for all interfaces.Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is

Command Line Interface4-1324Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is specified, information on all interfaces is disp

Interface Commands4-1334Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is specified, information on all interfaces is displaye

Command Line Interface4-1344Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis com

Mirror Port Commands4-1354Example The following example configures the switch to mirror all packets from port 6 to 8:show port monitorThis command dis

Command Line Interface4-1364Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic transmitted or receive

Link Aggregation Commands4-1374Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1384Dynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following criteria:• Ports must

Link Aggregation Commands4-1394lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

Command Line Interface4-1404lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default set

Link Aggregation Commands4-1414lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to re

Command Line Interface4-1424Default Setting 0Command Mode Interface Configuration (Port Channel)Command Usage • Ports are only allowed to join the sam

Link Aggregation Commands4-1434Example show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbor

Command Line Interface4-1444Console#show lacp 1 internalPort channel: 1-------------------------------------------------------------------------Oper K

Link Aggregation Commands4-1454Console#show lacp 1 neighborsPort channel 1 neighbors------------------------------------------------------------------

Command Line Interface4-1464Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands4-1474mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an a

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1484clear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the transm

Address Table Commands4-1494means to match a bit and “1” means to ignore a bit. For example, a mask of 00-00-00-00-00-00 means an exact match, and a m

Command Line Interface4-1504Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Spanning Tree Commands4-1514spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Command Line Interface4-1524members may be inadvertently disabled to prevent network loops, thus isolating group members. When operating multiple VLAN

Spanning Tree Commands4-1534Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., disc

Command Line Interface4-1544Default Setting 20 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) a

Spanning Tree Commands4-1554spanning-tree pathcost methodThis command configures the path cost method used for Rapid Spanning Tree and Multiple Spanni

Command Line Interface4-1564spanning-tree mst-configuration This command changes to Multiple Spanning Tree (MST) configuration mode. Default Setting •

Spanning Tree Commands4-1574and the same instance (on each bridge) with the same set of VLANs. Also, note that RSTP treats each MSTI region as a singl

Basic Configuration2-72The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

Command Line Interface4-1584Default Setting Switch’s MAC addressCommand Mode MST ConfigurationCommand Usage The MST region name and revision number (p

Spanning Tree Commands4-1594max-hopsThis command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to re

Command Line Interface4-1604spanning-tree costThis command configures the spanning tree path cost for the specified interface. Use the no form to rest

Spanning Tree Commands4-1614spanning-tree port-priorityThis command configures the priority for the specified interface. Use the no form to restore th

Command Line Interface4-1624devices such as workstations or servers, retains the current forwarding database to reduce the amount of frame flooding re

Spanning Tree Commands4-1634Related Commandsspanning-tree edge-port (4-161)spanning-tree link-typeThis command configures the link type for Rapid Span

Command Line Interface4-1644The recommended range is -- Ethernet: 200,000-20,000,000- Fast Ethernet: 20,000-2,000,000- Gigabit Ethernet: 2,000-200,000

Spanning Tree Commands4-1654Command Mode Interface Configuration (Ethernet Ports 1-8, Port Channel)Command Usage • This command defines the priority f

Command Line Interface4-1664show spanning-treeThis command shows the configuration for the common spanning tree (CST) or for an instance within the mu

Spanning Tree Commands4-1674ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------S

Initial Configuration2-82Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a vi

Command Line Interface4-1684show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privil

VLAN Commands4-1694vlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.Default Setting NoneCom

Command Line Interface4-1704Command Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state re

VLAN Commands4-1714Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLA

Command Line Interface4-1724switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restor

VLAN Commands4-1734• If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be di

Command Line Interface4-1744switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the defau

VLAN Commands4-1754switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Syntax swit

Command Line Interface4-1764show vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keyword to be followed b

VLAN Commands4-1774Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. This secti

Managing System Files2-92Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, w

Command Line Interface4-1784show pvlanThis command displays the configured private VLAN.Command Mode Privileged ExecExampleConfiguring Protocol-based

VLAN Commands4-1794protocol-vlan protocol-group (Configuring Groups)This command creates a protocol group, or to add specific protocols to a group. Us

Command Line Interface4-1804Command Usage • When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces usi

GVRP and Bridge Extension Commands4-1814show interfaces protocol-vlan protocol-groupThis command shows the mapping from protocol groups to VLANs for t

Command Line Interface4-1824bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] bridge-ext gvr

GVRP and Bridge Extension Commands4-1834switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrp

Command Line Interface4-1844garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ def

Priority Commands4-1854show garp timerThis command shows the GARP timers for the selected interface.Syntax show garp timer [interface]interface • ethe

Command Line Interface4-1864Priority Commands (Layer 2)queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for

Priority Commands4-1874Example The following example sets the queue mode to strict priority service mode:switchport priority defaultThis command sets

ES5508F3.0.0.3 E042005-R01149100022900A

Initial Configuration2-102

Command Line Interface4-1884queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queue

Priority Commands4-1894Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for eac

Command Line Interface4-1904show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queue

Priority Commands4-1914Priority Commands (Layer 3 and 4) map ip port (Global Configuration)This command enables IP port mapping (i.e., class of servic

Command Line Interface4-1924Default Setting NoneCommand Mode Interface Configuration (Ethernet Ports 1-8, Port Channel)Command Usage • The precedence

Priority Commands4-1934map ip precedence (Interface Configuration)This command sets IP precedence priority (i.e., IP Type of Service priority). Use th

Command Line Interface4-1944Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.

Priority Commands4-1954• DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p standard,

Command Line Interface4-1964show map ip precedenceThis command shows the IP precedence priority map.Syntax show map ip precedence [interface]interface

Multicast Filtering Commands4-1974Default Setting NoneCommand Mode Privileged ExecExample Related Commands map ip dscp (Global Configuration) (4-193)m

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

Command Line Interface4-1984IGMP Snooping Commands ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Sy

Multicast Filtering Commands4-1994Example The following shows how to statically configure a multicast group on a port:ip igmp snooping versionThis com

Command Line Interface4-2004Example The following shows the current IGMP snooping configuration:show mac-address-table multicast This command shows kn

Multicast Filtering Commands4-2014IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no

Command Line Interface4-2024Command Mode Global ConfigurationCommand Usage The query count defines how long the querier waits for a response from a mu

Multicast Filtering Commands4-2034Default Setting 10 secondsCommand Mode Global ConfigurationCommand Usage• The switch must be using IGMPv2 for this c

Command Line Interface4-2044Example The following shows how to configure the default timeout to 300 seconds:Related Commands ip igmp snooping version

IP Interface Commands4-2054Example The following shows how to configure port 1 as a multicast router port within VLAN 1:show ip igmp snooping mrouter

Command Line Interface4-2064ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the defa

IP Interface Commands4-2074ExampleIn the following example, the device is assigned an address in VLAN 1.Related Commandsip dhcp restart (4-207)ip defa

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-2084• DHCP requires the server to reassign the client’s last address if available. • If the BOOTP or DHCP server has been move

IP Interface Commands4-2094Related Commands ip default-gateway (4-207)pingThis command sends ICMP echo request packets to another node on the network.

Command Line Interface4-2104DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries i

DNS Commands4-2114Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP ad

Command Line Interface4-2124Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-212)ip name-server (4-213)i

DNS Commands4-2134ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-name (4-211)ip n

Command Line Interface4-2144ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4

DNS Commands4-2154Related Commands ip domain-name (4-211)ip name-server (4-213)show hostsThis command displays the static host name-to-address mapping

Command Line Interface4-2164show dns cacheThis command displays entries in the DNS cache.Command Mode Privileged ExecExample clear dns cacheThis comma

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Lis

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

Software SpecificationsA-2AAdditional FeaturesBOOTP clientSNTP (Simple Network Time Protocol)SNMP (Simple Network Management Protocol)RMON (Remote Mon

Management Information BasesA-3ASNTP (RFC 2030)SSH (Version 2.0)TFTP (RFC 1350)Management Information BasesBridge MIB (RFC 1493)Entity MIB (RFC 2737)E

Software SpecificationsA-4A

B-1Appendix B: TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authentication protocol used by this switch to verify the netw

Glossary-3GlossaryIEEE 802.1XPort Authentication controls access to the switch ports by requiring users to first enter a user ID and password for auth

GlossaryGlossary-4Link Aggregation Control Protocol (LACP)Allows ports to automatically negotiate a trunked link with LACP-configured ports on another

Glossary-5GlossaryQuality of Service (QoS)QoS refers to the capability of a network to provide better service to selected traffic flows using features

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

GlossaryGlossary-6TelnetDefines a remote communication facility for interfacing to a terminal device over TCP/IP.Terminal Access Controller Access Con

Index-1Numerics802.1X, port authentication 3-64, 4-78Aacceptable frame type 3-141, 4-172Access Control List See ACLACLExtended IP 3-74, 4-86, 4-87, 4

Index-2IndexHhardware version, displaying 3-10, 4-61HTTPS 3-55, 4-30HTTPS, secure server 3-55, 4-30IIEEE 802.1D 3-112, 4-151IEEE 802.1s 4-151IEEE 802.

Index-3Indexcapabilities 3-88, 4-128duplex mode 3-88, 4-126speed 3-88, 4-126ports, configuring 3-85, 4-125ports, mirroring 3-103, 4-134priority, defau

Index-4Indexdisplaying port members 3-136, 4-176egress mode 3-142, 4-171interface configuration 3-141, 4-172–4-175private 3-143, 4-177protocol 3-144,

ES5508E042005-R01149100022900A

Navigating the Web Browser Interface3-53SNMPv3 3-39Engine ID Sets the SNMP v3 engine ID 3-40Remote Engine ID Sets the SNMP v3 engine ID on a remote de

Configuring the Switch3-63LACP 3-90Configuration Allows ports to dynamically join trunks 3-92Aggregation Port Configures parameters for link aggrega

Navigating the Web Browser Interface3-73Trunk Configuration Configures trunk settings for a specified MST instance 3-130VLAN 3-132802.1Q VLANGVRP Stat

Configuring the Switch3-83ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule3-158IGMP Snooping 3-159I

Basic Configuration3-93Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location and

vContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-4Chapter 2: Initial Configuration 2-

Configuring the Switch3-103CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch In

Basic Configuration3-113These additional parameters are displayed for the CLI.• Unit ID – Unit number in stack.• Redundant Power Status – Displays the

Configuring the Switch3-123Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filte

Basic Configuration3-133CLI – Enter the following command. Setting the Switch’s IP Address An IP address may be used for management access to the swit

Configuring the Switch3-143• MAC Address – The MAC address of this switch.• Restart DHCP – Requests a new IP address from the DHCP server.Manual Confi

Basic Configuration3-153Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by th

Configuring the Switch3-163Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web i

Basic Configuration3-173Managing FirmwareYou can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stack.

Configuring the Switch3-183Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to repla

Basic Configuration3-193To delete a file select System, File Management, Delete. Select the file name from the given list by checking the tick box and

ContentsviSaving or Restoring Configuration Settings 3-20Downloading Configuration Settings from a Server 3-21Console Port Settings 3-22Telnet Sett

Configuring the Switch3-203Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server, or copy fil

Basic Configuration3-213Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set it

Configuring the Switch3-223CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the swit

Basic Configuration3-233• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match th

Configuring the Switch3-243CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the cur

Basic Configuration3-253• Password5 – Specifies a password for the line connection. When a connection is started on a line with password protection, t

Configuring the Switch3-263Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that

Basic Configuration3-273Web – Click System, Logs, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flas

Configuring the Switch3-283Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Add

Basic Configuration3-293Displaying Log MessagesUse the Logs page to scroll through the logged system and event messages. The switch can store up to 20

ContentsviiConfiguring ACL Masks 3-80Specifying the Mask Type 3-80Configuring an IP ACL Mask 3-81Configuring a MAC ACL Mask 3-83Binding a Port to

Configuring the Switch3-303• SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to connect to the other li

Basic Configuration3-313CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify

Configuring the Switch3-323Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic u

Basic Configuration3-333CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings.Setting

Configuring the Switch3-343Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifica

Simple Network Management Protocol3-353security models v1 and v2c. The following table shows the security models and levels available and the system d

Configuring the Switch3-363CLI – The following example enables SNMP on the switch.Setting Community Access Strings You may configure up to five commun

Simple Network Management Protocol3-373Specifying Trap Managers and Trap TypesTraps indicating status changes are issued by the switch to specified tr

Configuring the Switch3-383Version 1 or 2c clients), or define a corresponding “User Name” in the SNMPv3 Users page (for Version 3 clients). (Range: 1

Simple Network Management Protocol3-393Web – Click SNMP, Configuration. Enter the IP address and community string for each management station that wil

ContentsviiiMapping Protocols to VLANs 3-146Class of Service Configuration 3-147Layer 2 Queue Settings 3-147Setting the Default Priority for Interf

Configuring the Switch3-403Setting a Local Engine IDAn SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protects aga

Simple Network Management Protocol3-413The engine ID can be specified by entering 10 to 64 hexadecimal characters. If less than 26 characters are spec

Configuring the Switch3-423• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Privacy Passwo

Simple Network Management Protocol3-433CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remote

Configuring the Switch3-443• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Privacy Passwo

Simple Network Management Protocol3-453CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3

Configuring the Switch3-463Table 3-5 Supported Notification MessagesObject Label Object ID DescriptionRFC 1493 TrapsnewRoot 1.3.6.1.2.1.17.0.1 The n

Simple Network Management Protocol3-473Private TrapsswPowerStatus ChangeTrap1.3.6.1.4.1.259.6.10.76.2.1.0.1 This trap is sent when the power state cha

Configuring the Switch3-483Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a securi

Simple Network Management Protocol3-493Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The pr

ContentsixCommand Line Processing 4-7Command Groups 4-8Line Commands 4-9line 4-10login 4-11password 4-12timeout login response 4-12exec-timeout 4-

Configuring the Switch3-503CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and

User Authentication3-513Command Attributes• Account List – Displays the current list of user accounts and associated access levels. (Defaults: admin,

Configuring the Switch3-523Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on s

User Authentication3-533• RADIUS Settings- Global – Provides globally applicable RADIUS settings.- ServerIndex – Specifies one of five RADIUS servers

Configuring the Switch3-543Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authent

User Authentication3-553Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket

Configuring the Switch3-563Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-35 HTTPS Settin

User Authentication3-573Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of t

Configuring the Switch3-583be configured locally on the switch via the User Accounts page as described on page 3-50.) The clients are subsequently aut

User Authentication3-593Field Attributes• Public-Key of Host-Key – The public key for the host.- RSA (Version 1): The first field indicates the size o