Edge-Core ES3528MV2-DC Technical Information

Powered by Acctonwww.edge-core.comManagement Guide24/48 10/100 Ports + 2GEIntelligent Layer 2Fast Ethernet Switch

Contentsviprompt 4-25hostname 4-26User Access Commands 4-26username 4-27enable password 4-28IP Filter Commands 4-29management 4-29show management

Configuring the Switch3-563Configuring Local/Remote Logon AuthenticationUse the Authentication Settings menu to restrict management access based on sp

User Authentication3-573Command Attributes• Authentication – Select the authentication, or authentication sequence required:- Local – User authenticat

Configuring the Switch3-583Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authent

User Authentication3-593Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket

Configuring the Switch3-603Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-35 HTTPS Setting

User Authentication3-613Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of t

Configuring the Switch3-6233. Import Client’s Public Key to the Switch – Use the copy tftp public-key command (page 4-70) to copy a file containing th

User Authentication3-633Generating the Host Key PairA host public/private key pair is used to provide secure communications between an SSH client and

Configuring the Switch3-643Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save th

User Authentication3-653Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status – All

Contentsviisntp client 4-54sntp server 4-55sntp poll 4-56show sntp 4-56ntp client 4-57ntp server 4-57ntp poll 4-58ntp authenticate 4-59ntp aut

Configuring the Switch3-663CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that t

User Authentication3-673• If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configurati

Configuring the Switch3-683Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply att

User Authentication3-693• The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the s

Configuring the Switch3-703Configuring 802.1X Global SettingsThe 802.1X protocol includes port authentication. The 802.1X protocol must be enabled glo

User Authentication3-713• Re-authen – Sets the client to be re-authenticated after the interval specified by the Re-authentication Period. Re-authenti

Configuring the Switch3-723CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this examp

User Authentication3-733Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Table 3-7 802.1X St

Configuring the Switch3-743Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the stati

User Authentication3-753address is forwarded by the switch only if the source MAC address is successfully authenticated by a central RADIUS server. Wh

Contentsviii802.1X Port Authentication 4-85dot1x system-auth-control 4-86dot1x default 4-86dot1x max-req 4-87dot1x port-control 4-87dot1x operati

Configuring the Switch3-763Web – Click Security, Network Access, Configuration.Figure 3-43 Network Access ConfigurationCLI – This example sets and di

User Authentication3-773Note: MAC authentication cannot be configured on trunk ports. Ports configured as trunk members are indicated on the Network A

Configuring the Switch3-783• Query By – Specifies parameters to use in the MAC address query.• Port – Specifies a port interface.• MAC Address – Speci

User Authentication3-793CLI – This example displays all entries currently in the secure MAC address table. Configuring MAC Address FiltersMAC address

Configuring the Switch3-803CLI – This example configures filter ID 1 with three MAC addresses, then applies the filter to port 1. Filtering Addresses

User Authentication3-813Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interfa

Configuring the Switch3-823Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4

Access Control Lists3-833The order in which active ACLs are checked is as follows:1. User-defined rules in the Ingress MAC ACL for ingress ports.2. Us

Configuring the Switch3-843Configuring a Standard IP ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Addr

Access Control Lists3-853Configuring an Extended IP ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Sourc

Contentsixsnmp-server 4-117show snmp 4-117snmp-server community 4-118snmp-server contact 4-119snmp-server location 4-119snmp-server host 4-120sn

Configuring the Switch3-863Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-873Configuring a MAC ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Source/Destina

Configuring the Switch3-883Binding a Port to an Access Control ListAfter configuring Access Control Lists (ACL), you should bind them to the ports tha

Port Configuration3-893CLI – This example assigns an IP and MAC access list to port 1, and an IP access list to port 3.Port ConfigurationDisplaying Co

Configuring the Switch3-903Web – Click Port, Port Information or Trunk Information.Figure 3-53 Displaying Port/Trunk InformationField Attributes (CLI

Port Configuration3-913• Max MAC count – Shows the maximum number of MAC address that can be learned by a port. (0 - 1024 addresses)• Port security ac

Configuring the Switch3-923• Flow Control – Allows automatic or manual selection of flow control.• Autonegotiation (Port Capabilities) – Allows auto-n

Port Configuration3-933CLI – Select the interface, and then enter the required settings.Creating Trunk GroupsYou can create multiple links between dev

Configuring the Switch3-943• When configuring static trunks on switches of different types, they must be compatible with the Cisco EtherChannel standa

Port Configuration3-953CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to

Contentsxclear mac-address-table dynamic 4-158show mac-address-table 4-158mac-address-table aging-time 4-159show mac-address-table aging-time 4-15

Configuring the Switch3-963Command Attributes • Member List (Current) – Shows configured trunks (Unit, Port).• New – Includes entry fields for creatin

Port Configuration3-973Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following

Configuring the Switch3-983Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can

Port Configuration3-993CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG.Displayin

Configuring the Switch3-1003Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 3-

Port Configuration3-1013Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for the

Configuring the Switch3-1023Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3

Port Configuration3-1033Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for th

Configuring the Switch3-1043CLI – The following example displays the LACP configuration settings and operational state for the remote side of port cha

Port Configuration3-1053Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if applicatio

Contentsxiprivate-vlan 4-189private vlan association 4-190switchport mode private-vlan 4-191switchport private-vlan host-association 4-191switchpor

Configuring the Switch3-1063CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and

Port Configuration3-1073Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port, t

Configuring the Switch3-1083Web – Click Port, Rate Limit, Granularity. Select the required rate limit granularity for Fast Ethernet and Gigabit Ethern

Port Configuration3-1093Web – Click Port, Rate Limit, Input/Output Port/Trunk Configuration. Enable the Rate Limit Status for the required interfaces,

Configuring the Switch3-1103Table 3-11 Port StatisticsParameter DescriptionInterface StatisticsReceived Octets The total number of octets received on

Port Configuration3-1113Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions. Thi

Configuring the Switch3-1123Fragments The total number of frames received that were less than 64 octets in length (excluding framing bits, but includi

Port Configuration3-1133Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the

Configuring the Switch3-1143CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices.

Address Table Settings3-1153Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Contentsxiiip igmp snooping query-max-response-time 4-218ip igmp snooping router-port-expire-time 4-218Static Multicast Routing Commands 4-219ip ig

Configuring the Switch3-1163Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Spanning Tree Algorithm Configuration3-1173Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attribu

Configuring the Switch3-1183ports, and disables all other ports. Network packets are therefore only forwarded between root ports and designated ports,

Spanning Tree Algorithm Configuration3-1193MSTP then builds a Internal Spanning Tree (IST) for the Region containing all commonly configured MSTP brid

Configuring the Switch3-1203• Bridge ID – A unique identifier for this bridge, consisting of the bridge priority, the MST Instance ID 0 for the Common

Spanning Tree Algorithm Configuration3-1213• Root Maximum Age – The maximum time (in seconds) this device can wait without receiving a configuration m

Configuring the Switch3-1223CLI – This command displays global STA settings, followed by settings for each port. Note:The current root port and curren

Spanning Tree Algorithm Configuration3-1233Configuring Global SettingsGlobal settings apply to the entire switch.Command Usage• Spanning Tree Protocol

Configuring the Switch3-1243address will then become the root device. (Note that lower numeric values indicate higher priority.)• Default: 32768• Rang

Spanning Tree Algorithm Configuration3-1253Configuration Settings for MSTP • Max Instance Numbers – The maximum number of MSTP instances to which this

Contentsxiiicluster commander 4-250cluster ip-pool 4-250cluster member 4-251rcommand 4-252show cluster 4-252show cluster members 4-253show cluste

Configuring the Switch3-1263Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-70 STA Global Con

Spanning Tree Algorithm Configuration3-1273CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MS

Configuring the Switch3-1283• Oper Path Cost – The contribution of this port to the path cost of paths towards the spanning tree root which include th

Spanning Tree Algorithm Configuration3-1293• Internal path cost – The path cost for the MST. See the preceding item.• Priority – Defines the priority

Configuring the Switch3-1303CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP and MSTP attr

Spanning Tree Algorithm Configuration3-1313The following interface attributes can be configured:• Spanning Tree – Enables/disables STA on this interfa

Configuring the Switch3-1323other STA-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-

Spanning Tree Algorithm Configuration3-1333To use multiple spanning trees:1. Set the spanning tree type to MSTP (STA Configuration, page 3-123).2. Ent

Configuring the Switch3-1343Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priorit

Spanning Tree Algorithm Configuration3-1353CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. -------------------------

Contentsxiv

Configuring the Switch3-1363Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display the current statu

Spanning Tree Algorithm Configuration3-1373Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usi

Configuring the Switch3-1383• Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower va

VLAN Configuration3-1393VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into separ

Configuring the Switch3-1403Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags sh

VLAN Configuration3-1413these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine secur

Configuring the Switch3-1423Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange

VLAN Configuration3-1433CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN a

Configuring the Switch3-1443Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list.Figure 3-78 VLAN Current TableComma

VLAN Configuration3-1453CLI – Current VLAN information can be displayed with the following command.Creating VLANsUse the VLAN Static List to create or

xvTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-5Table 3-1 Configuration Options 3-3Table 3-2 Main Menu 3-4Table 3-3 Logging Levels

Configuring the Switch3-1463Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbo

VLAN Configuration3-1473Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port members for the selected VLAN index. As

Configuring the Switch3-1483Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status i

VLAN Configuration3-1493Web – Open VLAN, 802.1Q VLAN, Static Membership by Port. Select an interface from the scroll-down box (Port or Trunk). Click Q

Configuring the Switch3-1503Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLA

VLAN Configuration3-1513• GARP Leave Timer10 – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the j

Configuring the Switch3-1523CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the

VLAN Configuration3-15332. Use the Private VLAN Port Configuration menu (page 3-156) to set the port type to promiscuous (i.e., the single channel to

Configuring the Switch3-1543Configuring Private VLANs The Private VLAN Configuration page is used to create/remove primary, community, or isolated VLA

VLAN Configuration3-1553Web – Click VLAN, Private VLAN, Association. Select the required primary VLAN from the scroll-down box, highlight one or more

TablesxviTable 4-27 Authentication Commands 4-76Table 4-28 Authentication Sequence 4-76Table 4-29 RADIUS Client Commands 4-78Table 4-30 TACACS Comm

Configuring the Switch3-1563Web – Click VLAN, Private VLAN, Port Information or Trunk Information.Figure 3-86 Private VLAN Port InformationCLI – This

VLAN Configuration3-1573• Community VLAN – A community VLAN conveys traffic between community ports, and from community ports to their designated prom

Configuring the Switch3-1583Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedence when

Class of Service Configuration3-1593Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfa

Configuring the Switch3-1603Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using four prio

Class of Service Configuration3-1613Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click

Configuring the Switch3-1623Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

Class of Service Configuration3-1633Setting the Service Weight for Traffic ClassesThis switch uses the Weighted Round Robin (WRR) algorithm to determi

Configuring the Switch3-1643Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of priori

Class of Service Configuration3-1653Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining ei

TablesxviiTable 4-72 IGMP Filtering and Throttling Commands 4-221Table 4-73 Multicast VLAN Registration Commands 4-228Table 4-74 show mvr - display

Configuring the Switch3-1663CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value

Class of Service Configuration3-1673Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS

Configuring the Switch3-1683Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port number (i.e.

Class of Service Configuration3-1693CLI* – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5

Configuring the Switch3-1703Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then click A

Multicast Filtering3-1713requesting to join the service and sends data out to those ports only. It then propagates the service request up to any neigh

Configuring the Switch3-1723Command Attributes• IGMP Status — When enabled, the switch will monitor network traffic to determine which hosts want to r

Multicast Filtering3-1733CLI – This example modifies the settings for multicast filtering, and then displays the current status.Enabling IGMP Immediat

Configuring the Switch3-1743CLI – This example enables IGMP immediate leave for VLAN 1 and then displays the current IGMP snooping status.Displaying I

Multicast Filtering3-1753CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying Stat

Tablesxviii

Configuring the Switch3-1763Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multic

Multicast Filtering3-1773Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query me

Configuring the Switch3-1783CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on

Multicast Filtering3-1793Web – Click IGMP Snooping, IGMP Filter Configuration. Create a profile number by entering the number in text box and clicking

Configuring the Switch3-1803Command Attributes• Profile ID – Selects an existing profile number to configure. After selecting an ID number, click the

Multicast Filtering3-1813CLI – This example configures profile number 19 by setting the access mode to “permit” and then specifying a range of multica

Configuring the Switch3-1823• Trunk – Indicates if a port is a trunk member.Web – Click IGMP Snooping, IGMP Filter/Throttling Port Configuration or IG

Multicast VLAN Registration3-1833Multicast VLAN Registration Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-

Configuring the Switch3-18434. For multicast streams that will run for a long term and be associated with a stable set of hosts, you can statically bi

Multicast VLAN Registration3-1853CLI – This example first enables IGMP snooping, enables MVR globally, and then configures a range of MVR group addres

xixFiguresFigure 3-1 Home Page 3-2Figure 3-2 Panel Display 3-3Figure 3-3 System Information 3-10Figure 3-4 Displaying Switch Information 3-12Figur

Configuring the Switch3-1863Displaying Port Members of Multicast GroupsYou can display the multicast groups assigned to the MVR VLAN either through IG

Multicast VLAN Registration3-1873Configuring MVR Interface Status Each interface that participates in the MVR VLAN must be configured as an MVR source

Configuring the Switch3-1883Web – Click MVR, Port or Trunk Configuration.Figure 3-110 MVR Port ConfigurationCLI – This example configures an MVR sour

Configuring Domain Name Service3-1893Web – Click MVR, Group Member Configuration. Select a port or trunk from the “Interface” field, and click Query t

Configuring the Switch3-1903• If there is no domain list, the default domain name is used. If there is a domain list, the default domain name is not u

Configuring Domain Name Service3-1913Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more

Configuring the Switch3-1923Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are used to

Configuring Domain Name Service3-1933CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses

Configuring the Switch3-1943CLI - This example displays all the resource records learned from the designated name servers.Switch ClusteringSwitch Clus

Switch Clustering3-1953• Role – Indicates the current role of the switch in the cluster; either Commander, Member, or Candidate.• Cluster IP Pool – An

FiguresxxFigure 3-43 Network Access Configuration 3-76Figure 3-44 Network Access Port Configuration 3-77Figure 3-45 Network Access MAC Address Infor

Configuring the Switch3-1963Web – Click Cluster, Member Configuration. Figure 3-116 Cluster Member ConfigurationCLI – This example creates a new clus

Switch Clustering3-1973CLI – This example shows information about cluster Member switches.Cluster Candidate InformationDisplays information about disc

Configuring the Switch3-1983

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pr

Command Line Interface4-64current mode. The command classes and associated modes are displayed in the following table:Exec CommandsWhen you open a new

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

FiguresxxiFigure 3-88 Port Priority Configuration 3-159Figure 3-89 Traffic Classes 3-161Figure 3-90 Queue Mode 3-162Figure 3-91 Configuring Queue S

Command Line Interface4-84Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain e

Command Groups4-94Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command GroupsCommand Group D

Command Line Interface4-104The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configur

Line Commands4-114Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. Th

Command Line Interface4-124Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty” in screen displays such as show

Line Commands4-134Example Related Commandsusername (4-27)password (4-13)passwordThis command specifies the password for a line. Use the no form to rem

Command Line Interface4-144timeout login responseThis command sets the interval that the system waits for a user to log into the CLI. Use the no form

Line Commands4-154Command Mode Line ConfigurationCommand Usage • If user input is detected within the timeout interval, the session is kept open; othe

Command Line Interface4-164Related Commandssilent-time (4-16)timeout login response (4-13)silent-timeThis command sets the amount of time the manageme

Line Commands4-174Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If

Figuresxxii

Command Line Interface4-184speedThis command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from t

Line Commands4-194disconnectThis command terminates an SSH, Telnet, or console connection.Syntax disconnect session-idsession-id – The session identif

Command Line Interface4-204Example To show all lines, enter this command:General CommandsenableThis command activates Privileged Exec mode. In privile

General Commands4-214Default SettingLevel 15Command ModeNormal ExecCommand Usage • “super” is the default password required to change the command mode

Command Line Interface4-224configureThis command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. Y

General Commands4-234The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and

Command Line Interface4-244exitThis command returns to the previous configuration mode or exit the configuration program.Default Setting NoneCommand M

System Management Commands4-254System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration

Command Line Interface4-264Example hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default ho

System Management Commands4-274usernameThis command adds named users, requires authentication at login, specifies or changes a user's password (o

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-284enable passwordAfter initially logging onto the system, you should set the Privileged Exec password. Remember to record it

System Management Commands4-294IP Filter CommandsmanagementThis command specifies the client IP addresses that are allowed management access to the sw

Command Line Interface4-304ExampleThis example restricts management access to the indicated addresses.show managementThis command displays the client

System Management Commands4-314Web Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use the no

Command Line Interface4-324Example Related Commandsip http port (4-31)ip http secure-serverThis command enables the secure hypertext transfer protocol

System Management Commands4-334Example Related Commandsip http secure-port (4-33)copy tftp https-certificate (4-70)ip http secure-portThis command spe

Command Line Interface4-344Telnet Server Commandsip telnet portThis command specifies the TCP port number used by the Telnet interface. Use the no for

System Management Commands4-354Related Commandsip telnet port (4-34)Secure Shell CommandsThe Berkley-standard includes remote access tools originally

Command Line Interface4-364The SSH server on this switch supports both password and public key authentication. If password authentication is specified

System Management Commands4-374corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this p

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Command Line Interface4-384ip ssh timeoutThis command configures the timeout for the SSH server. Use the no form to restore the default setting.Syntax

System Management Commands4-394Example Related Commandsshow ip ssh (4-41)ip ssh server-key sizeThis command sets the SSH server key size. Use the no f

Command Line Interface4-404Example ip ssh crypto host-key generateThis command generates the host key pair (i.e., public and private). Syntax ip ssh c

System Management Commands4-414Command Mode Privileged ExecCommand Usage • This command clears the host key from volatile memory (RAM). Use the no ip

Command Line Interface4-424Example show sshThis command displays the current SSH server connections.Command Mode Privileged ExecExample Console#show i

System Management Commands4-434show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [u

Command Line Interface4-444Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to switch

System Management Commands4-454logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the lo

Command Line Interface4-464logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to remove

System Management Commands4-474logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved

Description of Software Features1-31Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach

Command Line Interface4-484Related Commandsshow logging (4-48)show loggingThis command displays the configuration settings for logging messages to loc

System Management Commands4-494The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-53)show logThis

Command Line Interface4-504ExampleThe following example shows sample messages stored in RAM.SMTP Alert CommandsThese commands configure SMTP event han

System Management Commands4-514Command Mode Global ConfigurationCommand Usage • You can specify up to three SMTP servers for event handing. However, y

Command Line Interface4-524logging sendmail source-emailThis command sets the email address used for the “From” field in alert messages. Use the no fo

System Management Commands4-534logging sendmailThis command enables SMTP event handling. Use the no form to disable this function.Syntax[no] logging s

Command Line Interface4-544Time CommandsThe system clock can be dynamically set by polling a set of specified NTP time servers. Maintaining an accurat

System Management Commands4-554Example Related Commandssntp server (4-55)sntp poll (4-56)show sntp (4-56)sntp serverThis command sets the IP address o

Command Line Interface4-564sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the n

System Management Commands4-574ntp clientThis command enables NTP client requests for time synchronization from NTP time servers specified with the nt

Management GuideFast Ethernet SwitchLayer 2 Standalone Switchwith 24/48 10/100BASE-TX (RJ-45) Ports,and 2 Combination Gigabit Ports (RJ-45/SFP)

Introduction1-41Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domai

Command Line Interface4-584Default Setting Version number: 3Command Mode Global ConfigurationCommand Usage • This command specifies time servers that

System Management Commands4-594Example Related Commandsntp client (4-57)ntp authenticateThis command enables authentication for NTP client-server comm

Command Line Interface4-604• key - An MD5 authentication key string. The key string can be up to 32 case-sensitive printable ASCII characters (no spac

System Management Commands4-614Example clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour h

Command Line Interface4-624Related Commandsshow sntp (4-56)calendar setThis command sets the system clock. It may be used if there is no time server o

System Management Commands4-634System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile memory tha

Command Line Interface4-644Example Related Commandsshow running-config (4-65)Console#show startup-configbuilding startup-config, please wait...!!us

System Management Commands4-654show running-configThis command displays the configuration information currently in use.Default Setting NoneCommand Mod

Command Line Interface4-664Example Related Commandsshow startup-config (4-63)Console#show running-configbuilding running-config, please wait...!SNTP

System Management Commands4-674show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecComman

System Defaults1-51System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switc

Command Line Interface4-684Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index

System Management Commands4-694Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Synt

Command Line Interface4-704• Enabling jumbo frames will limit the maximum threshold for broadcast storm control. (See the switchport broadcast command

Flash/File Commands4-714• public-key - Keyword that allows you to copy a SSH key from a TFTP server. (“Secure Shell Commands” on page 4-35)Default Set

Command Line Interface4-724The following example shows how to copy the running configuration to a startup file.The following example shows how to down

Flash/File Commands4-734deleteThis command deletes a file or image.Syntax delete filenamefilename - Name of the configuration file or image name.Defau

Command Line Interface4-744• File information is shown below:Example The following example shows how to display all file information:whichbootThis com

Flash/File Commands4-754boot systemThis command specifies the image used to start up the system.Syntax boot system {boot-rom| config | opcode}: filena

Command Line Interface4-764Authentication Commands You can configure this switch to authenticate users logging into the system for management access u

Authentication Commands4-774• RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The use

Introduction1-61Port Configuration Admin Status EnabledAuto-negotiation EnabledFlow Control DisabledRate Limiting Input and output limits DisabledPort

Command Line Interface4-784authentication is attempted on the TACACS+ server. If the TACACS+ server is not available, the local user name and password

Authentication Commands4-794• retransmit - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1-30)• key

Command Line Interface4-804Default Setting NoneCommand Mode Global ConfigurationExample radius-server retransmitThis command sets the number of retrie

Authentication Commands4-814Example show radius-server This command displays the current settings for the RADIUS server.Default Setting NoneCommand Mo

Command Line Interface4-824tacacs-server hostThis command specifies the TACACS+ server. Use the no form to restore the default.Syntax tacacs-server ho

Authentication Commands4-834Syntax tacacs-server key key_stringno tacacs-server keykey_string - Encryption key used to authenticate logon access for t

Command Line Interface4-844Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch st

Authentication Commands4-854Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

Command Line Interface4-864dot1x system-auth-controlThis command enables 802.1X port authentication globally on the switch. Use the no form to restore

Authentication Commands4-874dot1x max-reqThis command sets the maximum number of times the switch port will retransmit an EAP request/identity packet

System Defaults1-71System Log Status EnabledMessages Logged Levels 0-7 (all)Messages Logged to Flash Levels 0-6SMTP Email Alerts Event Handler Enabled

Command Line Interface4-884dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the

Authentication Commands4-894Command ModePrivileged ExecExampledot1x re-authenticationThis command enables periodic re-authentication globally for all

Command Line Interface4-904dot1x timeout re-authperiodThis command sets the time period after which a connected client must be re-authenticated. Synta

Authentication Commands4-914Syntaxshow dot1x [statistics] [interface interface]• statistics - Displays dot1x status for each port.• interface• etherne

Command Line Interface4-924- Port-control – Shows the dot1x mode on a port as auto, force-authorized, or force-unauthorized (page 4-87).- Supplicant –

Authentication Commands4-934ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status

Command Line Interface4-944Network AccessThe Network Access feature controls host access to the network by authenticating its MAC address on the conne

Authentication Commands4-954Command Usage • When enabled on a port interface, the authentication process sends a Password Authentication Protocol (PAP

Command Line Interface4-964Command Mode Interface Configuration Command Usage The maximum number of MAC addresses per port is 1024, and the maximum nu

Authentication Commands4-974Example The following example creates MAC filter 1 and adds MAC address 00-00-E8-12-11-01 to the filter.network-access por

Introduction1-81

Command Line Interface4-984Command Usage • When enabled, the VLAN identifiers returned by the RADIUS server will be applied to the port, providing the

Authentication Commands4-994clear network-accessUse this command to clear entries from the secure MAC addresses table.Syntaxclear network-access mac-a

Command Line Interface4-1004Example show network-access mac-filterUse this command to display MAC authentication filters.Syntaxshow network-access mac

Authentication Commands4-1014• ethernet unit/port- unit - This is unit 1.- port - Port number. (Range: 1-26/52) • sort - Sorts displayed entries by ei

Command Line Interface4-1024Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol,

Access Control List Commands4-1034IP ACLs access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP

Command Line Interface4-1044Command Usage• When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command t

Access Control List Commands4-1054Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address

Command Line Interface4-1064Default SettingNoneCommand ModeExtended ACLCommand Usage• All new rules are appended to the end of the list.• Address bitm

Access Control List Commands4-1074This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Related Comma

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-1084Command Usage• A port can only be bound to one ACL.• If a port is already bound to an ACL and you bind it to a different A

Access Control List Commands4-1094Command UsageA packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the

Command Line Interface4-1104MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to rem

Access Control List Commands4-1114Related Commandspermit, deny (MAC ACL) (4-111)mac access-group (4-112)show mac access-list (4-112)permit, deny (MAC

Command Line Interface4-1124Example This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where the Ether

Access Control List Commands4-1134Command Usage• A port can only be bound to one ACL.• If a port is already bound to an ACL and you bind it to a diffe

Command Line Interface4-1144Command Usage• You must configure an ACL mask before you can map CoS values to the rule.• A packet matching a rule within

Access Control List Commands4-1154ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined mas

Command Line Interface4-1164SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP),

SNMP Commands4-1174snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no for

Initial Configuration2-22• Configure up to 4 static or LACP trunks• Enable port mirroring• Set broadcast storm control on any port• Display system inf

Command Line Interface4-1184Examplesnmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove th

SNMP Commands4-1194• private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects.Command Mode Global

Command Line Interface4-1204Command Mode Global ConfigurationExample Related Commandssnmp-server contact (4-119)snmp-server host This command specifie

SNMP Commands4-1214• SNMP Version: 1• UDP Port: 162Command Mode Global ConfigurationCommand Usage • If you do not enter an snmp-server host command, n

Command Line Interface4-1224supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notific

SNMP Commands4-1234conjunction with the corresponding entries in the Notify View assigned by the snmp-server group command (page 4-126).Example Relate

Command Line Interface4-1244• A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID.

SNMP Commands4-1254snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Syntax

Command Line Interface4-1264show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis c

SNMP Commands4-1274Default Setting • Default groups: public23 (read only), private24 (read/write)• readview - Every object belonging to the Internet O

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-1284snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify

SNMP Commands4-1294• remote - Specifies an SNMP engine on a remote device.• ip-address - The Internet address of the remote device.• v1 | v2c | v3 - U

Command Line Interface4-1304show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngin

Interface Commands4-1314Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

Command Line Interface4-1324Command Mode Global Configuration Example To specify port 24, enter the following command:descriptionThis command adds a d

Interface Commands4-1334Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex settin

Command Line Interface4-1344• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Exampl

Interface Commands4-1354Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Commands ne

Command Line Interface4-1364ExampleThe following example enables flow control on port 5.Related Commands negotiation (4-133)capabilities (flowcontrol,

Interface Commands4-1374switchport broadcast packet-rateThis command configures broadcast storm control. Use the no form to disable broadcast storm co

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-1384Command Mode Privileged ExecCommand Usage Statistics are only initialized for a power reset. This command sets the base va

Interface Commands4-1394Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interfa

Command Line Interface4-1404Example show interfaces switchportThis command displays the administrative and operational status of the specified interfa

Interface Commands4-1414Example This example shows the configuration setting for port 24. Console#show interfaces switchport ethernet 1/24 Broadcast t

Command Line Interface4-1424Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis com

Mirror Port Commands4-1434Example The following example configures the switch to mirror received packets from port 6 to 11:show port monitorThis comma

Command Line Interface4-1444Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic transmitted or receive

Rate Limit Commands4-1454Examplerate-limit granularityUse this command to define the rate limit granularity for the Fast Ethernet ports, and the Gigab

Command Line Interface4-1464Command Usage • For Fast Ethernet interfaces, the rate limit granularity is 512 Kbps, 1 Mbps, or 3.3 Mbps.• For Gigabit Et

Link Aggregation Commands4-1474Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1484Command Usage • When configuring static trunks, the switches must comply with the Cisco EtherChannel standard.•Use no chan

Link Aggregation Commands4-1494ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other en

Command Line Interface4-1504Command Mode Interface Configuration (Ethernet)Command Usage • Port must be configured with the same system priority to jo

Link Aggregation Commands4-1514• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Confi

Command Line Interface4-1524lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lacp {

Link Aggregation Commands4-1534Default Setting Port Channel: allCommand Mode Privileged ExecExample Console#show lacp 1 countersChannel group :

Command Line Interface4-1544Console#show lacp 1 internalPort Channel : 1-------------------------------------------------------------------------Oper

Link Aggregation Commands4-1554Console#show lacp 1 neighborsPort channel 1 neighbors------------------------------------------------------------------

Command Line Interface4-1564Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands4-1574mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an a

ES3526XAES3552XAF2.2.6.3 E122006-CS-R02149100005500H

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1584clear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the transm

Address Table Commands4-1594means to match a bit and “1” means to ignore a bit. For example, a mask of 00-00-00-00-00-00 means an exact match, and a m

Command Line Interface4-1604Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Spanning Tree Commands4-1614spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Command Line Interface4-1624- This creates one spanning tree instance for the entire network. If multiple VLANs are implemented on a network, the path

Spanning Tree Commands4-1634Global ConfigurationCommand Usage This command sets the maximum time (in seconds) the root device will wait before changin

Command Line Interface4-1644spanning-tree max-ageThis command configures the spanning tree bridge maximum age globally for this switch. Use the no for

Spanning Tree Commands4-1654Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device, root port, and design

Command Line Interface4-1664spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutive RSTP/

Spanning Tree Commands4-1674mst vlanThis command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no f

Basic Configuration2-72The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

Command Line Interface4-1684mst priorityThis command configures the priority of a spanning tree instance. Use the no form to restore the default.Synta

Spanning Tree Commands4-1694The MST region name and revision number (page 4-169) are used to designate a unique MST region. A bridge (i.e., spanning-t

Command Line Interface4-1704Default Setting 20Command Mode MST ConfigurationCommand Usage An MSTI region is treated as a single node by the STP and RS

Spanning Tree Commands4-1714The recommended range is:•Ethernet: 200,000-20,000,000•Fast Ethernet: 20,000-2,000,000•Gigabit Ethernet: 2,000-200,000 Def

Command Line Interface4-1724Command Usage • This command defines the priority for the use of a port in the Spanning Tree Algorithm. If the path cost f

Spanning Tree Commands4-1734spanning-tree portfastThis command sets an interface to fast forwarding. Use the no form to disable fast forwarding.Syntax

Command Line Interface4-1744Default Setting autoCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Specify a point-to-point

Spanning Tree Commands4-1754Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Each spanning-tree instance is associated wit

Command Line Interface4-1764Example Related Commandsspanning-tree mst cost (4-174)spanning-tree protocol-migrationThis command re-checks the appropria

Spanning Tree Commands4-1774• port-channel channel-id (Range: 1-32) • instance_id - Instance identifier of the multiple spanning tree. (Range: 0-4094,

Initial Configuration2-82Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a vi

Command Line Interface4-1784show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privil

VLAN Commands4-1794VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the s

Command Line Interface4-1804Example Related Commands show vlan (4-187)vlanThis command configures a VLAN. Use the no form to restore the default setti

VLAN Commands4-1814Configuring VLAN Interfacesinterface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLA

Command Line Interface4-1824switchport modeThis command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax

VLAN Commands4-1834Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage When set to receive all frame types, any received frames

Command Line Interface4-1844Example The following example shows how to set the interface to port 1 and then enable ingress filtering:switchport native

VLAN Commands4-1854switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Syntax

Command Line Interface4-1864switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Sy

VLAN Commands4-1874show vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name | private-vlan private-vlan-type]• id -

Managing System Files2-92Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, W

Command Line Interface4-1884Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. T

VLAN Commands4-18943. Use the switchport mode private-vlan command to configure ports as promiscuous (i.e., having access to all ports in the primary

Command Line Interface4-1904an associated “primary” VLAN that contains promiscuous ports. When using an isolated VLAN, it must be configured to contai

VLAN Commands4-1914switchport mode private-vlanUse this command to set the private VLAN mode for an interface. Use the no form to restore the default

Command Line Interface4-1924Command Mode Interface Configuration (Ethernet, Port Channel) Command UsageAll ports assigned to a secondary (i.e., commun

VLAN Commands4-1934switchport private-vlan mappingUse this command to map an interface to a primary VLAN. Use the no form to remove this mapping.Synta

Command Line Interface4-1944ExampleGVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN infor

GVRP and Bridge Extension Commands4-1954Example show bridge-extThis command shows the configuration for bridge extension commands.Default Setting None

Command Line Interface4-1964show gvrp configurationThis command shows if GVRP is enabled.Syntax show gvrp configuration [interface]interface • etherne

GVRP and Bridge Extension Commands4-1974Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client

Initial Configuration2-102

Command Line Interface4-1984Related Commandsgarp timer (4-196)Priority CommandsThe commands described in this section allow you to specify which data

Priority Commands4-1994queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) prio

Command Line Interface4-2004Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero.Comma

Priority Commands4-2014Command Mode Global ConfigurationCommand Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights

Command Line Interface4-2024Command Usage • CoS values assigned at the ingress port are also used at the egress port.• This command sets the CoS prior

Priority Commands4-2034Example show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interface •

Command Line Interface4-2044Priority Commands (Layer 3 and 4) map ip port (Global Configuration)This command enables IP port mapping (i.e., class of s

Priority Commands4-2054map ip port (Interface Configuration)This command set IP port priority (i.e., TCP/UDP port priority). Use the no form to remove

Command Line Interface4-2064Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface Configuratio

Priority Commands4-2074map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the

Command Line Interface4-2084Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not spe

Priority Commands4-2094Default SettingNoneCommand Mode Privileged ExecExample The following shows that HTTP traffic has been mapped to CoS value 0:R

Command Line Interface4-2104Example Related Commands map ip port (Global Configuration) (4-204)map ip precedence (Interface Configuration) (4-206) sho

Multicast Filtering Commands4-2114Example Related Commands map ip dscp (Global Configuration) (4-207)map ip dscp (Interface Configuration) (4-207)Mult

Command Line Interface4-2124ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp snoop

Multicast Filtering Commands4-2134Command Mode Global ConfigurationExample The following shows how to statically configure a multicast group on a port

Command Line Interface4-2144Default Setting DisabledCommand Mode Interface Configuration (VLAN)Command Usage The IGMP snooping immediate-leave feature

Multicast Filtering Commands4-2154Syntax show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping]• vlan-id - VLAN ID (1 to 4094) • user

Command Line Interface4-2164IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form

Multicast Filtering Commands4-2174Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier w

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-2184ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore the def

Multicast Filtering Commands4-2194Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this comman

Command Line Interface4-2204Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Ther

Multicast Filtering Commands4-2214IGMP Filtering and Throttling CommandsIn certain switch applications, the administrator may want to control the mult

Command Line Interface4-2224• IGMP filtering and throttling only applies to dynamically learned multicast groups, it does not apply to statically conf

Multicast Filtering Commands4-2234Command Usage • Each profile has only one access mode; either permit or deny.• When the access mode is set to permit

Command Line Interface4-2244Default Setting NoneCommand Mode Interface ConfigurationCommand Usage • The IGMP filtering profile must first be created w

Multicast Filtering Commands4-2254Example ip igmp max-groups actionThis command sets the IGMP throttling action for an interface on the switch. Syntax

Command Line Interface4-2264Command Mode Privileged ExecExample show ip igmp profileThis command displays IGMP filtering profiles created on the switc

Multicast Filtering Commands4-2274• port-channel channel-id (Range: 1-4) Default Setting NoneCommand Mode Privileged ExecCommand Usage Using this comm

Panel Display3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a pa

Command Line Interface4-2284mvr (Global Configuration)This command enables Multicast VLAN Registration (MVR) globally on the switch, statically config

Multicast Filtering Commands4-2294mvr (Interface Configuration)This command configures an interface as an MVR receiver or source port using the type k

Command Line Interface4-2304response to determine if there are any remaining subscribers for that multicast group before removing the port from the gr

Multicast Filtering Commands4-2314Command Usage Enter this command without any keywords to display the global settings for MVR. Use the interface keyw

Command Line Interface4-2324The following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN:Domain Name

Domain Name Service Commands4-2334ip hostThis command creates a static entry in the DNS table that maps a host name to an IP address. Use the no form

Command Line Interface4-2344• * - Removes all entries.Default Setting NoneCommand Mode Privileged ExecExample This example clears all static entries f

Domain Name Service Commands4-2354ip domain-listThis command defines a list of domain names that can be appended to incomplete host names (i.e., host

Command Line Interface4-2364ip name-serverThis command specifies the address of one or more domain name servers to use for name-to-address resolution.

Domain Name Service Commands4-2374Default Setting DisabledCommand Mode Global ConfigurationCommand Usage • At least one name server must be specified

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Command Line Interface4-2384show dnsThis command displays the configuration of the DNS service.Command Mode Privileged ExecExampleshow dns cacheThis c

Domain Name Service Commands4-2394clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleConsole#clear dns

Command Line Interface4-2404DHCP CommandsThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) relay and Option 82 functions

DHCP Commands4-2414ip dhcp relay information policyThis command sets the DHCP snooping information option policy for DHCP client packets that include

Command Line Interface4-2424Usage GuidelinesYou must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP relay agent wil

IP Interface Commands4-2434IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for

Command Line Interface4-2444Command Usage • You must assign an IP address to this device to gain management access over the network. You can manually

IP Interface Commands4-2454Example The following example defines a default gateway for this device:Related Commands show ip redirects (4-246)ip dhcp r

Command Line Interface4-2464Example Related Commands show ip redirects (4-246)show ip redirectsThis command shows the default gateway configured for t

IP Interface Commands4-2474- Normal response - The normal response occurs in one to ten seconds, depending on network traffic. - Destination does not

Main Menu3-53SSH 3-61Host-Key Settings Generates the host key pair (public and private) 3-63Settings Configures Secure Shell server settings 3-65Port

Command Line Interface4-2484Switch Cluster CommandsSwitch Clustering is a method of grouping switches together to enable centralized management throug

Switch Cluster Commands4-2494Examplecluster commanderThis command enables the switch as a cluster Commander. Use the no form to disable the switch as

Command Line Interface4-2504Command Usage • An “internal” IP address pool is used to assign IP addresses to Member switches in the cluster. Internal c

Switch Cluster Commands4-2514Command ModePrivileged ExecCommand Usage • This command only operates through a Telnet connection to the Commander switch

Command Line Interface4-2524show cluster candidatesThis command shows the discovered Candidate switches in the network.Command Mode Privileged ExecExa

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Lis

Software SpecificationsA-2AAdditional FeaturesBOOTP clientSNTP (Simple Network Time Protocol)SNMP (Simple Network Management Protocol)RMON (Remote Mon

Management Information BasesA-3AManagement Information BasesBridge MIB (RFC 1493)Entity MIB (RFC 2737)Ether-like MIB (RFC 2665)Extended Bridge MIB (RF

Software SpecificationsA-4A

B-1Appendix B: Troubleshooting Problems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet

iContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-5Chapter 2: Initial Configuration 2-

Configuring the Switch3-63Trunk Broadcast Control Sets the broadcast storm threshold for each trunk 3-105Mirror Port Configuration Sets the source an

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2GARP VLAN Registration Protocol (GVRP)Defines a way for switches to exchange VLAN information in order to register necessary VLAN me

Glossary-3GlossaryIGMP SnoopingListening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups t

GlossaryGlossary-4MD5 Message-Digest AlgorithmAn algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and

Glossary-5GlossaryRemote Monitoring (RMON)RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard

GlossaryGlossary-6User Datagram Protocol (UDP)UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport

Index-1Numerics802.1X, port authentication 3-68Aacceptable frame type 3-150, 4-182Access Control List See ACLACLExtended IP 3-83, 4-102, 4-103, 4-105

Index-2IndexGGARP VLAN Registration Protocol See GVRPgateway, default 3-14, 4-245GVRPglobal setting 4-194interface configuration 3-150, 4-195GVRP, g

Index-3Indexpath cost 3-120, 3-128method 3-124, 4-165STA 3-120, 3-128, 4-165port authentication 3-68port priorityconfiguring 3-158, 4-198default ingre

Main Menu3-73Private VLAN 3-152Information Displays Private VLAN feature information 3-153Configuration This page is used to create/remove primary or

Index-4IndexTTACACS+, logon authentication 3-56, 4-81time, setting 3-35, 4-54traffic class weights 3-163, 4-200trap manager 2-7, 3-41, 4-120troublesho

ES3526XAES3552XAE122006-CS-R02D149100005500H

Configuring the Switch3-83IGMP Snooping 3-170IGMP Configuration Enables multicast filtering; configures parameters for multicast query3-171IGMP Filte

Main Menu3-93Member Configuration Adds switch Members to the cluster 3-195Member Information Displays cluster Member switch information 3-196Candidate

Configuring the Switch3-103Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location

Basic Configuration3-113CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Infor

Configuring the Switch3-123These additional parameters are displayed for the CLI.• Unit - This is unit 1.• Redundant Power Status – Displays the statu

Basic Configuration3-133Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filterin

Configuring the Switch3-143CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface

Basic Configuration3-153Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, se

ContentsiiSaving or Restoring Configuration Settings 3-22Downloading Configuration Settings from a Server 3-23Console Port Settings 3-24Telnet Sett

Configuring the Switch3-163Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

Basic Configuration3-173Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web inte

Configuring the Switch3-183• Drop – Discards the Option 82 information in a packet and then floods it to the entire VLAN.• DHCP Relay Server – IP addr

Basic Configuration3-193Managing FirmwareYou can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server,

Configuring the Switch3-203Downloading System Software from a ServerWhen downloading runtime code, you can specify the destination file name to replac

Basic Configuration3-213To delete a file select System, File, Delete. Select the file name from the given list by checking the tick box and click Appl

Configuring the Switch3-223Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server. The configu

Basic Configuration3-233Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set it

Configuring the Switch3-243CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the swit

Basic Configuration3-253• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match th

ContentsiiiAccess Control Lists 3-82Configuring Access Control Lists 3-82Setting the ACL Name and Type 3-83Configuring a Standard IP ACL 3-84Confi

Configuring the Switch3-263CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the cur

Basic Configuration3-273• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon

Configuring the Switch3-283CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display

Basic Configuration3-293• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For exa

Configuring the Switch3-303Remote Log ConfigurationThe Remote Logs page allows you to configure the logging of messages that are sent to syslog server

Basic Configuration3-313CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap.Displaying Log MessagesThe Lo

Configuring the Switch3-323Sending Simple Mail Transfer Protocol AlertsTo alert system administrators of problems, the switch can use SMTP (Simple Mai

Basic Configuration3-333Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an I

Configuring the Switch3-343CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and spec

Basic Configuration3-353Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic upda

ContentsivDisplaying Current Private VLANs 3-153Configuring Private VLANs 3-154Associating VLANs 3-154Displaying Private VLAN Interface Informatio

Configuring the Switch3-363CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current time and settin

Basic Configuration3-373Figure 3-22 NTP Client ConfigurationCLI – This example configures the switch to operate as an NTP client and then displays th

Configuring the Switch3-383Setting the Time ZoneSNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time

Simple Network Management Protocol3-393the format of the MIB specifications and the protocol used to access this information over the network.The swit

Configuring the Switch3-403Enabling the SNMP AgentEnables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command AttributesSNMP

Specifying Trap Managers and Trap Types3-413Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the

Configuring the Switch3-423To send an inform to a SNMPv2c host, complete these steps:1.Enable the SNMP agent (page 3-54).2.Enable trap informs as desc

Configuring SNMPv3 Management Access3-433• Enable Authentication Traps5 – Issues a notification message to specified IP trap managers whenever authent

Configuring the Switch3-443v2c or v3) and security level (i.e., authentication and privacy).4. Assign SNMP users to groups, along with their specific

Configuring SNMPv3 Management Access3-453configure the remote agent’s SNMP engine ID before you can send proxy requests or informs to it. (See “Specif

ContentsvChapter 4: Command Line Interface 4-1Using the Command Line Interface 4-1Accessing the CLI 4-1Console Connection 4-1Telnet Connection 4-

Configuring the Switch3-463available for the SNMPv3 security model).• Authentication Protocol – The method used for user authentication. (Options: MD5

Configuring SNMPv3 Management Access3-473CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remo

Configuring the Switch3-483• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.• Privacy Passwo

Configuring SNMPv3 Management Access3-493CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMP

Configuring the Switch3-503Table 3-5 Supported Notification MessagesObject Label Object ID DescriptionRFC 1493 TrapsnewRoot 1.3.6.1.2.1.17.0.1 The n

Configuring SNMPv3 Management Access3-513Private Traps - swPowerStatus ChangeTrap1.3.6.1.4.1.259.6.10.95.2.1.0.1 This trap is sent when the power stat

Configuring the Switch3-523Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a securi

Configuring SNMPv3 Management Access3-533Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The

Configuring the Switch3-543CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and

User Authentication3-553• New Account – Displays configuration settings for a new account.- User Name – The name of the user. (Maximum length: 8 chara