Accton Technology ES4548D Manuel d'utilisateur

Powered by AcctonManagement GuideES4524DES4548D24/48-PortGigabit Ethernet Switche-mail: [email protected]tel: 08-52 400 700 fax: 08-520 18121

Contentsxend 33-4exit 33-4quit 33-5Chapter 34: System Management Commands 34-1hostname 34-1reload 34-2switch renumber 34-2jumbo frame 34-3show s

Setting the System Clock10-210CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings.Se

11-1Chapter 11: Simple Network Management Protocol This chapter describes how to configure the Simple Network Management Protocol (SNMP) on the switch

Simple Network Management Protocol11-211security models v1 and v2c. The following table shows the security models and levels available and the system

Setting Community Access Strings11-311CLI – The following example enables SNMP on the switch.Setting Community Access Strings You may configure up to

Simple Network Management Protocol11-411Specifying Trap Managers and Trap TypesTraps indicating status changes are issued by the switch to specified t

Specifying Trap Managers and Trap Types11-511Version 1 or 2c clients), or define a corresponding “User Name” in the SNMPv3 Users page (for Version 3 c

Simple Network Management Protocol11-611Web – Click SNMP, Configuration. Enter the IP address and community string for each management station that wi

Configuring SNMPv3 Management Access11-711Setting a Local Engine IDAn SNMPv3 engine is an independent SNMP agent that resides on the switch. This engi

Simple Network Management Protocol11-811The engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are spec

Configuring SNMPv3 Management Access11-911• Authentication Password – A minimum of eight plain text characters is required.• Privacy Protocol – The en

ContentsxiChapter 38: SMTP Alert Commands 38-1logging sendmail host 38-1logging sendmail level 38-2logging sendmail source-email 38-2logging sendm

Simple Network Management Protocol11-1011CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remo

Configuring SNMPv3 Management Access11-1111• Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available.

Simple Network Management Protocol11-1211CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMP

Configuring SNMPv3 Management Access11-1311Table 11-2 Supported Notification MessagesObject Label Object ID DescriptionRFC 1493 TrapsnewRoot 1.3.6.1

Simple Network Management Protocol11-1411Private Traps - swPowerStatus ChangeTrap1.3.6.1.4.1.259.6.10.95.2.1.0.1 This trap is sent when the power stat

Configuring SNMPv3 Management Access11-1511Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name,

Simple Network Management Protocol11-1611Setting SNMPv3 ViewsSNMPv3 views are used to restrict user access to specified portions of the MIB tree. The

Configuring SNMPv3 Management Access11-1711CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interf

Simple Network Management Protocol11-1811

12-1Chapter 12: User Authentication This chapter describes how to configure the switch to authenticate users logging into the system for management ac

Contentsxiiradius-server timeout 41-8show radius-server 41-8TACACS+ Client 41-9tacacs-server host 41-9tacacs-server port 41-9tacacs-server key 4

User Authentication12-212Web – Click Security, User Accounts. To configure a new user account, enter the user name, access level, and password, then c

Configuring Local/Remote Logon Authentication12-312RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a co

User Authentication12-412- ServerIndex – Specifies one of five RADIUS servers that may be configured. The switch attempts authentication using the lis

Configuring HTTPS12-512CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to enabl

User Authentication12-612- The client and server generate session keys for encrypting and decrypting data.• The client and server establish a secure e

Configuring HTTPS12-712obtain a unique certificate and a private key and password from a recognized certification authority. Note: For maximum securit

User Authentication12-812Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of

Configuring the Secure Shell12-912client’s granted management access to the switch. (Note that these clients must be configured locally on the switch

User Authentication12-1012Authenticating SSH v2 Clientsa.The client first queries the switch to determine if DSA public key authentication using a pre

Configuring the Secure Shell12-1112Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to

ContentsxiiiChapter 44: Access Control List Commands 44-1IPv4 ACLs 44-1access-list ip 44-2permit, deny (Standard IPv4 ACL) 44-2permit, deny (Exte

User Authentication12-1212Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status – A

Filtering IP Addresses for Management Access12-1312CLI – This example enables SSH, sets the authentication parameters, and displays the current config

User Authentication12-1412• End IP Address – The end address of a range.Web – Click Security, IP Filter. Enter the IP addresses or range of addresses

13-1Chapter 13: Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses

Configuring Port Security13-213Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the che

14-1Chapter 14: Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attaching a c

Configuring 802.1X Port Authentication14-214The operation of dot1x on the switch requires the following:• The switch must have an IP address assigned.

Configuring 802.1X Global Settings14-314Configuring 802.1X Global SettingsThe 802.1X protocol provides port authentication. The 802.1X protocol must b

Configuring 802.1X Port Authentication14-414• Max Request – Sets the maximum number of times the switch port will retransmit an EAP request packet to

Configuring Port Settings for 802.1X14-514CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displaye

Contentsxivlacp port-priority 46-8show lacp 46-8show port-channel load-balance 46-11Chapter 47: Broadcast Storm Control Commands 47-1switchport br

Configuring 802.1X Port Authentication14-614Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port.

Displaying 802.1X Statistics14-714Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update th

Configuring 802.1X Port Authentication14-814

15-1Chapter 15: Access Control ListsAccess Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol

Access Control Lists15-215the “TCP” protocol is specified, then you can also filter packets based on the TCP control code. • IPv6 Standard: IPv6 ACL m

Configuring an Extended IPv4 ACL15-315Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host

Access Control Lists15-415• Source/Destination Port – Source/destination port number for the specified protocol type. (Range: 0-65535)• Source/Destina

Configuring an Extended IPv4 ACL15-515Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the add

Access Control Lists15-615Configuring a MAC ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Source/Destin

Configuring a Standard IPv6 ACL15-715Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the addr

ContentsxvChapter 52: VLAN Commands 52-1GVRP and Bridge Extension Commands 52-1bridge-ext gvrp 52-2show bridge-ext 52-2switchport gvrp 52-3show g

Access Control Lists15-815• Source Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address comprise the pre

Configuring an Extended IPv6 ACL15-915• Destination Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address

Access Control Lists15-1015Web – Specify the action (i.e., Permit or Deny). Select the address type (Any or IPv6-prefix). If you select “IPv6-prefix,”

Binding a Port to an Access Control List15-1115Binding a Port to an Access Control ListAfter configuring the Access Control Lists (ACL), you should bi

Access Control Lists15-1215

16-1Chapter 16: Port Configuration This chapter describes how to configure switch ports and display the current connection status.Displaying Connectio

Port Configuration16-216Field Attributes (CLI)Basic information:• Port type – Indicates the port type. (1000BASE-T or SFP)• MAC address – The physical

Displaying Connection Status16-316CLI – This example shows the connection status for Port 5.Console#show interfaces status ethernet 1/5 45-8Informatio

Port Configuration16-416Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interfac

Configuring Interface Connections16-516Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click

ContentsxviPriority Commands (Layer 3 and 4) 55-7map ip port (Global Configuration) 55-7map ip port (Interface Configuration) 55-8map ip precedence

Port Configuration16-616Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs

Showing Port Statistics16-716Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had bee

Port Configuration16-816Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of good f

Showing Port Statistics16-916Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at

Port Configuration16-1016CLI – This example shows statistics for port 12.Console#show interfaces counters ethernet 1/12 45-9Ethernet 1/12 Iftable stat

17-1Chapter 17: Creating Trunk Groups You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dr

Creating Trunk Groups17-217Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of differ

Setting a Load-Balance Mode for Trunks17-317CLI – This example creates trunk 1 with ports 9 and 10. Just connect these ports to two static trunk ports

Creating Trunk Groups17-417• Destination MAC Address: All traffic with the same destination MAC address is output on the same link in a trunk. This mo

Enabling LACP on Selected Ports17-517CLI – The following example sets the load-balance method to source and destination IP address. Enabling LACP on S

Contentsxviiip domain-lookup 58-5show hosts 58-6show dns 58-7show dns cache 58-7clear dns cache 58-8Chapter 59: IPv4 Interface Commands 59-1ip a

Creating Trunk Groups17-617Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After y

Configuring LACP Parameters17-717Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the

Creating Trunk Groups17-817Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can

Displaying LACP Port Counters17-917CLI – The following example configures LACP parameters for ports 1-10. Ports 1-8 are used as active members of the

Creating Trunk Groups17-1017Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 17

Displaying LACP Settings and Status for the Local Side17-1117Displaying LACP Settings and Status for the Local SideYou can display configuration setti

Creating Trunk Groups17-1217Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 1

Displaying LACP Settings and Status for the Remote Side17-1317Displaying LACP Settings and Status for the Remote SideYou can display configuration set

Creating Trunk Groups17-1417CLI – The following example displays the LACP configuration settings and operational state for the remote side of port cha

18-1Chapter 18: Broadcast Storm ControlBroadcast storms may occur when a device on your network is malfunctioning, or if application programs are not

ContentsxviiiSection IV: AppendicesAppendix A: Software Specifications A-1Software Features A-1Management Features A-2Standards A-2Management Infor

Broadcast Storm Control18-218CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and

19-1Chapter 19: Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a

Configuring Port Mirroring19-219Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor

20-1Chapter 20: Configuring Rate Limits This function allows the network manager to control the maximum rate for traffic transmitted or received on an

Configuring Rate Limits20-220CLI - This example sets the rate limit for input and output traffic passing through port 1 to 600 Mbps.Console(config)#in

21-1Chapter 21: Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between t

Address Table Settings21-221CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.Display

Displaying the Address Table21-321Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLA

Address Table Settings21-421Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Stat

22-1Chapter 22: Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provi

xixTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-6Table 3-1 Web Page Configuration Buttons 3-3Table 3-2 Switch Main Menu 3-4Table 9-

Spanning Tree Algorithm Configuration22-222alternate route that can be used when a node or port fails, and retaining the forwarding database for ports

Displaying Global Settings22-322MSTP connects all bridges and LAN segments with a single Common and Internal Spanning Tree (CIST). The CIST is formed

Spanning Tree Algorithm Configuration22-422These additional parameters are only displayed for the CLI:• Spanning tree mode – Specifies the type of spa

Displaying Global Settings22-522Web – Click Spanning Tree, STA, Information.Figure 22-1 STA InformationCLI – This command displays global STA setting

Spanning Tree Algorithm Configuration22-622Note: The current root port and current root cost display as zero when this device is not connected to the

Configuring Global Settings22-722• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must configure a

Spanning Tree Algorithm Configuration22-822• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discard

Configuring Global Settings22-922Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 22-2 STA Globa

Spanning Tree Algorithm Configuration22-1022CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and M

Displaying Interface Settings22-1122• Designated Port – The port priority and number of the port on the designated bridging device through which this

xxTablesTable 41-5 RADIUS Client Commands 41-5Table 41-6 TACACS+ Client Commands 41-9Table 41-7 Web Server Commands 41-11Table 41-8 HTTPS System Su

Spanning Tree Algorithm Configuration22-1222• External path cost – The path cost for the IST. This parameter is used by the STA to determine the bes

Configuring Interface Settings22-1322CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP and

Spanning Tree Algorithm Configuration22-1422The following interface attributes can be configured:• Spanning Tree – Enables/disables STA on this interf

Configuring Multiple Spanning Trees22-1522Migration button to manually re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the se

Spanning Tree Algorithm Configuration22-16223. Add the VLANs that will share this MSTI (MSTP VLAN Configuration). Note:All VLANs are automatically add

Configuring Multiple Spanning Trees22-1722CLI – This displays STA settings for instance 1, followed by settings for each port. CLI – This example sets

Spanning Tree Algorithm Configuration22-1822Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display t

Configuring Interface Settings for MSTP22-1922Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance

Spanning Tree Algorithm Configuration22-2022• Default: 128• Range: 0-240, in steps of 16• Admin MST Path Cost – This parameter is used by the MSTP to

23-1Chapter 23: VLAN Configuration In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch

xxiTablesTable 57-4 Static Multicast Routing Commands 57-8Table 58-1 DNS Commands 58-1Table 58-2 show dns cache - display description 58-7Table 59-

VLAN Configuration23-223Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should

Assigning Ports to VLANs23-323these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine

VLAN Configuration23-423Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN

Displaying Current VLANs23-523CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each

VLAN Configuration23-623Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4093, no leading zeroes).• Type – Shows how this VLAN was added to t

Adding Static Members to VLANs (VLAN Index)23-723Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, ma

VLAN Configuration23-823Command Attributes • VLAN – ID of configured VLAN (1-4093).• Name – Name of the VLAN (1 to 32 characters).• Status – Enables o

Adding Static Members to VLANs (Port Index)23-923CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (

VLAN Configuration23-1023Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN i

Configuring VLAN Behavior for Interfaces23-1123• GARP Leave Timer2 – The interval a port waits before leaving a VLAN group. This time should be set to

xxiiTables

VLAN Configuration23-1223CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GAR

Configuring IEEE 802.1Q Tunneling23-1323When a double-tagged packet enters another trunk port in an intermediate or core switch in the service provide

VLAN Configuration23-14233. After packet classification through the switching process, the packet is written to memory with one tag (an outer tag) or

Configuring IEEE 802.1Q Tunneling23-1523Configuration Limitations for QinQ• The native VLAN of uplink ports should not be used as the SPVLAN. If the S

VLAN Configuration23-1623Enabling QinQ Tunneling on the SwitchThe switch can be configured to operate in normal VLAN mode or IEEE 802.1Q (QinQ) tunnel

Configuring IEEE 802.1Q Tunneling23-1723Adding an Interface to a QinQ TunnelFollow the guidelines in the preceding section to set up a QinQ tunnel on

VLAN Configuration23-1823Figure 23-1 Tunnel Port ConfigurationCLI – This example sets port 1 to tunnel access mode, indicates that the TPID used for

24-1Chapter 24: Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic

Configuring Private VLANs24-224Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Po

25-1Chapter 25: Configuring Protocol-Based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLA

xxiiiFiguresFigure 3-1 Home Page 3-2Figure 3-2 Front Panel Indicators 3-3Figure 4-1 System Information 4-2Figure 4-2 Switch Information 4-4Figure

Configuring Protocol-Based VLANs25-225Web – Click VLAN, Protocol VLAN, Configuration. Enter a protocol group ID, frame type and protocol type, then cl

Mapping Protocols to VLANs25-325Web – Click VLAN, Protocol VLAN, Port Configuration. Select a a port or trunk, enter a protocol group ID, the correspo

Configuring Protocol-Based VLANs25-425

26-1Chapter 26: Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is

Class of Service Configuration26-226Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfa

Layer 2 Queue Settings26-326Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using eight pri

Class of Service Configuration26-426Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click

Layer 2 Queue Settings26-526Command Attributes• WRR - Weighted Round-Robin shares bandwidth at the egress ports by using scheduling weights 1, 2, 4, 6

Class of Service Configuration26-626Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), ente

Layer 3/4 Priority Settings26-726Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods of p

xxivFiguresFigure 12-7 IP Filter 12-14Figure 13-1 Port Security 13-2Figure 14-1 802.1X Global Information 14-2Figure 14-2 802.1X Global Configurati

Class of Service Configuration26-826Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining ei

Layer 3/4 Priority Settings26-926CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS v

Class of Service Configuration26-1026Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Servic

Layer 3/4 Priority Settings26-1126Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port number

Class of Service Configuration26-1226CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1

27-1Chapter 27: Quality of Service The commands described in this section are used to configure Quality of Service (QoS) classification criteria and

Quality of Service27-227Configuring a Class MapA class map is used for matching packets to a specified class.Command Usage • To configure a Class Map,

Configuring a Class Map27-327• IP Precedence – An IP Precedence value. (Range: 0-7) • VLAN – A VLAN. (Range:1-4093)• Add – Adds specified criteria to

Quality of Service27-427CLI - This example creates a class map call “rd-class,” and sets it to match packets marked for DSCP service value 3.Creating

Creating QoS Policies27-527• Add Policy – Opens the “Policy Configuration” page. Enter a policy name and description on this page, and click Add to op

xxvFiguresFigure 24-1 Private VLAN Status 24-1Figure 24-2 Private VLAN Link Status 24-2Figure 25-1 Protocol VLAN Configuration 25-2Figure 25-2 Prot

Quality of Service27-627Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. T

Attaching a Policy Map to Ingress Queues27-727CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the b

Quality of Service27-827

28-1Chapter 28: Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast s

Multicast Filtering28-228router/switch to ensure that multicast traffic is passed to all appropriate interfaces within the switch.Static IGMP Host Int

Layer 2 IGMP (Snooping and Query)28-328• IGMP Version — Sets the protocol version for compatibility with other devices on the network. (Range: 1-2; De

Multicast Filtering28-428Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informatio

Layer 2 IGMP (Snooping and Query)28-528Specifying Static Interfaces for a Multicast RouterDepending on your network connections, IGMP snooping may not

Multicast Filtering28-628Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast

Layer 2 IGMP (Snooping and Query)28-728Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and

xxviFigures

Multicast Filtering28-828CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLA

29-1Chapter 29: Configuring Domain Name Service The Domain Naming System (DNS) service on this switch allows host names to be mapped to IP addresses u

Configuring Domain Name Service29-229Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more

Configuring Static DNS Host to Address Entries29-329Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS

Configuring Domain Name Service29-429Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.

Displaying the DNS Cache29-529Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name servers.

Configuring Domain Name Service29-629CLI - This example displays all the resource records learned from the designated name servers.Console#show dns ca

30-1Chapter 30: Switch Clustering Switch Clustering is a method of grouping switches together to enable centralized management through a single unit.

Switch Clustering30-230Web – Click Cluster, Configuration. Figure 30-1 Cluster ConfigurationCLI – This example first enables clustering on the switch

Cluster Member Information30-330Web – Click Cluster, Member Configuration. Figure 30-2 Cluster Member ConfigurationCLI – This example creates a new c

Section I: Getting StartedThis section provides an overview of the switch, and introduces some basic concepts about network switches. It also describe

Switch Clustering30-430CLI – This example shows information about cluster Member switches.Cluster Candidate InformationDisplays information about disc

Section III:Command Line InterfaceThis section provides a detailed description of the Command Line Interface, along with examples for all of the comma

Command Line InterfaceDomain Name Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58-1IPv4 Interface Commands . . . .

31-1Chapter 31: Using the Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Accessing the CLIWhen accessing the

Using the Command Line Interface31-231To access the switch through a Telnet session, you must first set the IP address for the switch, and set the def

Entering Commands31-331Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords a

Using the Command Line Interface31-431Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords fo

Entering Commands31-531Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are

Using the Command Line Interface31-631Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands general

Entering Commands31-731Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modif

Getting Started

Using the Command Line Interface31-831To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end co

Entering Commands31-931Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enou

Using the Command Line Interface31-1031

32-1Chapter 32: CLI Command GroupsThe system commands can be broken down into the functional groups shown below.Table 32-1 Command Group IndexComman

CLI Command Groups32-232The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration) MST

33-1Chapter 33: General CommandsThis chapter describes general system commands that apply to using the CLI.enableThis command activates Privileged Exe

General Commands33-233Example Related Commands disable (33-2)enable password (41-2)disableThis command returns to Normal Exec mode from privileged mod

show history33-333Example Related Commands end (33-4)show historyThis command shows the contents of the command history buffer.Default Setting NoneCom

General Commands33-433promptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Syntax prompt stringno promptstring

quit33-533Command Mode AnyExample This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the C

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

General Commands33-633

34-1Chapter 34: System Management CommandsThis section describes commands used to configure information that uniquely identifies the switch, and displ

System Management Commands34-234reloadThis command restarts the system.Note:When the system is restarted, it will always run the Power-On Self-Test. I

jumbo frame34-334jumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Syntax [no] jumbo frameDefault Setting Disabl

System Management Commands34-434Command Usage • Use this command in conjunction with the show running-config command to compare the information in run

show running-config34-534Related Commandsshow running-config (34-5)show running-configThis command displays the configuration information currently in

System Management Commands34-634- Multiple spanning tree instances (name and interfaces)- IP address - Layer 4 precedence settings- Spanning tree sett

show system34-734show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Usage • For

System Management Commands34-834Command Mode Normal Exec, Privileged ExecCommand Usage The session used to execute this command is indicated by a “*”

show version34-934Example Console#show versionUnit1 Serial Number: 0000E8900000 Hardware Version: R01 EPLD Version: 1.02 N

Management GuideES4524D Gigabit Ethernet SwitchLayer 2 Switchwith 20 10/100/1000BASE-T (RJ-45) Ports, and 4 Gigabit Combination Ports (RJ-45/SFP)ES454

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

System Management Commands34-1034

35-1Chapter 35: File Management CommandsThese commands are used to manage software and configuration files on the switch.Managing FirmwareFirmware can

File Management Commands35-235copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a

copy35-335• To replace the startup configuration, you must use startup-config as the destination.•Use the copy file unit command to copy a local file

File Management Commands35-435The following example shows how to download a configuration file: This example shows how to copy a secure-site certifica

dir35-535Command Mode Privileged ExecCommand Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default

File Management Commands35-635• File information is shown below:Example The following example shows how to display all file information:whichbootThis

boot system35-735boot systemThis command specifies the file or image used to start up the system.Syntax boot system [unit:] {boot-rom| config | opcode

File Management Commands35-835

36-1Chapter 36: Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. The

Description of Software Features1-31Port Configuration – You can manually configure the speed and duplex mode, and flow control used on specific ports

Line Commands36-236Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as “VTY” in sc

password36-336• This command controls login authentication via the switch itself. To configure user names and passwords for remote authentication serv

Line Commands36-436Related Commandslogin (36-2)password-thresh (36-5)timeout login responseThis command sets the interval that the system waits for a

password-thresh36-536Default Setting CLI: No timeoutTelnet: 10 minutesCommand Mode Line ConfigurationCommand Usage • If user input is detected within

Line Commands36-636Related Commandssilent-time (36-6)silent-timeThis command sets the amount of time the management console is inaccessible after the

parity36-736Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity

Line Commands36-836speedThis command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal)

disconnect36-936Example To specify 2 stop bits, enter this command:disconnectThis command terminates an SSH, Telnet, or console connection.Syntax disc

Line Commands36-1036Example To show all lines, enter this command:Console#show line Console configuration: Password threshold: 3 times Interactive

37-1Chapter 37: Event Logging CommandsThis section describes commands used to configure event logging on the switch.logging onThis command controls lo

Introduction1-41Spanning Tree Algorithm – The switch supports these spanning tree protocols:Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol

Event Logging Commands37-237Related Commandslogging history (37-2)logging trap (37-4)clear log (37-5)logging historyThis command limits syslog message

logging host37-337Example logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to remove

Event Logging Commands37-437Command Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect

clear log37-537clear logThis command clears messages from the log buffer.Syntax clear log [flash | ram]• flash - Event history stored in flash memory

Event Logging Commands37-637ExampleThe following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., d

show log37-737show logThis command displays the log messages stored in local memory.Syntax show log {flash | ram}• flash - Event history stored in fla

Event Logging Commands37-837

38-1Chapter 38: SMTP Alert CommandsThese commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP servers and em

SMTP Alert Commands38-238Examplelogging sendmail levelThis command sets the severity threshold used to trigger alert messages.Syntaxlogging sendmail l

logging sendmail destination-email38-338Command Usage You may use an symbolic email address that identifies the switch, or the address of an administr

Description of Software Features1-51Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using eight p

SMTP Alert Commands38-438Exampleshow logging sendmailThis command displays the settings for the SMTP event handler.Command Mode Normal Exec, Privilege

39-1Chapter 39: Time Commands The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining an accurat

Time Commands39-239Example Related Commandssntp server (39-2)sntp poll (39-3)show sntp (39-3)sntp serverThis command sets the IP address of the server

sntp poll39-339Related Commandssntp client (39-1)sntp poll (39-3)show sntp (39-3)sntp pollThis command sets the interval between sending time requests

Time Commands39-439Example clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours minute

calendar set39-539calendar setThis command sets the system clock. It may be used if there is no time server on your network, or if you have not config

Time Commands39-639

40-1Chapter 40: SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as t

SNMP Commands40-240snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no for

snmp-server community40-340Examplesnmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the

Introduction1-61System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch d

SNMP Commands40-440• private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects.Command Mode Global

snmp-server host40-540Command Mode Global ConfigurationExample Related Commandssnmp-server contact (40-4)snmp-server host This command specifies the r

SNMP Commands40-640• SNMP Version: 1• UDP Port: 162Command Mode Global ConfigurationCommand Usage • If you do not enter an snmp-server host command, n

snmp-server enable traps40-740supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notif

SNMP Commands40-840conjunction with the corresponding entries in the Notify View assigned by the snmp-server group command (page 40-11).Example Relate

show snmp engine-id40-940• A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If

SNMP Commands40-1040snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Synta

show snmp view40-1140show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis command

SNMP Commands40-1240• writeview - Defines the view for write access. (1-64 characters)• notifyview - Defines the view for notifications. (1-64 charact

show snmp group40-1340show snmp groupFour default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access an

System Defaults1-71SNMP SNMP Agent EnabledCommunity Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabledLink-up-dow

SNMP Commands40-1440snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify View. Us

show snmp user40-1540Command Usage • The SNMP engine ID is used to compute the authentication/privacy digests from the password. You should therefore

SNMP Commands40-1640Table 40-5 show snmp user - display descriptionField DescriptionEngineId String identifying the engine ID.User Name Name of user

41-1Chapter 41: User Authentication Commands You can configure this switch to authenticate users logging into the system for management access using l

User Authentication Commands41-241• access-level level - Specifies the user level.The device has two predefined privilege levels: 0: Normal Exec, 15:

Authentication Sequence41-341Default Setting • The default is level 15. • The default password is “super”Command Mode Global ConfigurationCommand Usag

User Authentication Commands41-441• tacacs - Use TACACS server password.Default Setting LocalCommand Mode Global ConfigurationCommand Usage • RADIUS u

RADIUS Client41-541Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriente

User Authentication Commands41-641radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply

RADIUS Client41-741Command Mode Global ConfigurationExample radius-server keyThis command sets the RADIUS encryption key. Use the no form to restore t

Introduction1-81Traffic Prioritization Ingress Port Priority 0Queue Mode WRRWeighted Round Robin Queue: 0 1 2 3 4 5 6 7Weight: 1 2 4

User Authentication Commands41-841radius-server timeoutThis command sets the interval between transmitting authentication requests to the RADIUS serve

TACACS+ Client41-941TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software run

User Authentication Commands41-1041Default Setting 49Command Mode Global ConfigurationExample tacacs-server keyThis command sets the TACACS+ encryptio

Web Server Commands41-1141Web Server CommandsThis section describes commands used to configure web browser management access to the switch.ip http por

User Authentication Commands41-1241Command Mode Global ConfigurationExample Related Commandsip http port (41-11)ip http secure-serverThis command enab

Web Server Commands41-1341• The following web browsers and operating systems currently support HTTPS:• To specify a secure-site certificate, see “Repl

User Authentication Commands41-1441Related Commandsip http secure-server (41-12)Telnet Server CommandsThis section describes commands used to configur

Secure Shell Commands41-1541Secure Shell CommandsThis section describes the commands used to configure the SSH server. Note that you also need to inst

User Authentication Commands41-16412. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during th

Secure Shell Commands41-1741c.If a match is found, the switch uses its secret key to generate a random 256-bit string as a challenge, encrypts this st

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

User Authentication Commands41-1841Example Related Commandsip ssh crypto host-key generate (41-20)show ssh (41-22)ip ssh timeoutThis command configure

Secure Shell Commands41-1941ip ssh authentication-retriesThis command configures the number of times the SSH server attempts to reauthenticate a user.

User Authentication Commands41-2041delete public-keyThis command deletes the specified user’s public key.Syntax delete public-key username [dsa | rsa]

Secure Shell Commands41-2141Related Commandsip ssh crypto zeroize (41-21)ip ssh save host-key (41-21)ip ssh crypto zeroizeThis command clears the host

User Authentication Commands41-2241Example Related Commandsip ssh crypto host-key generate (41-20)show ip sshThis command displays the connection sett

Secure Shell Commands41-2341show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [user

User Authentication Commands41-2441Example IP Filter CommandsThis section describes commands used to configure IP management access to the switch.mana

IP Filter Commands41-2541Command Mode Global ConfigurationCommand Usage • If anyone tries to access a management interface on the switch from an inval

User Authentication Commands41-2641ExampleConsole#show management all-clientManagement Ip Filter HTTP-Client: Start IP address End IP address--

42-1Chapter 42: Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch stops learnin

Initial Configuration2-22• Configure up to 32 static or LACP trunks per switch• Enable port mirroring• Set broadcast storm control on any port• Displa

Port Security Commands42-242Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

43-1Chapter 43: 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the

802.1X Port Authentication43-243dot1x defaultThis command sets all configurable dot1x global and port settings to their default values.Command ModeGlo

dot1x operation-mode43-343• force-authorized – Configures the port to grant access to all clients, either dot1x-aware or otherwise. • force-unauthor

802.1X Port Authentication43-443Exampledot1x re-authenticateThis command forces re-authentication on all ports or a specific interface.Syntaxdot1x re-

dot1x timeout quiet-period43-543• The connected client is re-authenticated after the interval specified by the dot1x timeout re-authperiod command. Th

802.1X Port Authentication43-643Command ModeInterface ConfigurationExampledot1x timeout tx-periodThis command sets the time that an interface on the s

show dot1x43-743Command UsageThis command displays the following information:• Global 802.1X Parameters – Shows whether or not 802.1X port authenticat

802.1X Port Authentication43-843• Request Count– Number of EAP Request packets sent to the Supplicant without receiving a response.• Identifier(Server

44-1Chapter 44: Access Control List Commands Access Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4

Basic Configuration2-32Note: This switch supports four concurrent Telnet/SSH sessions.After configuring the switch’s IP parameters, you can access the

Access Control List Commands44-244access-list ip This command adds an IP access list and enters configuration mode for standard or extended IPv4 ACLs.

IPv4 ACLs44-344Default SettingNoneCommand ModeStandard IPv4 ACLCommand Usage• New rules are appended to the end of the list.• Address bitmasks are sim

Access Control List Commands44-444• host – Keyword followed by a specific IP address.• precedence – IP precedence level. (Range: 0-7)• tos – Type of S

IPv4 ACLs44-544ExampleThis example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched;

Access Control List Commands44-644ip access-group This command binds a port to an IPv4 ACL. Use the no form to remove the port.Syntax[no] ip access-gr

IPv6 ACLs44-744IPv6 ACLsThe commands in this section configure ACLs based on IPv6 addresses, next header type, and flow label. To configure IPv6 ACLs,

Access Control List Commands44-844Example Related Commandspermit, deny (44-8)ipv6 access-group (44-11)show ipv6 access-list (44-10)permit, deny (Stand

IPv6 ACLs44-944permit, deny (Extended IPv6 ACL) This command adds a rule to an Extended IPv6 ACL. The rule sets a filter condition for packets with sp

Access Control List Commands44-1044e.g., in a hop-by-hop option. A flow is uniquely identified by the combination of a source address and a non-zero f

IPv6 ACLs44-1144Command ModePrivileged ExecExample Related Commandspermit, deny (44-8)ipv6 access-group (44-11)ipv6 access-group This command binds a

ES4524DES4548DF0.0.0.4 E112006-CS-R01149100030400A

Initial Configuration2-423. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter

Access Control List Commands44-1244Example Related Commandsipv6 access-group (44-11)MAC ACLsThe commands in this section configure ACLs based on hardw

MAC ACLs44-1344• An ACL can contain up to 32 rules.Example Related Commandspermit, deny (44-13)mac access-group (44-15)show mac access-list (44-14)per

Access Control List Commands44-1444• source – Source MAC address.• destination – Destination MAC address range with bitmask.• address-bitmask2 – Bitma

MAC ACLs44-1544Example Related Commandspermit, deny 44-13mac access-group (44-15)mac access-groupThis command binds a port to a MAC ACL. Use the no fo

Access Control List Commands44-1644Example Related Commandsmac access-group (44-15)ACL InformationThis section describes commands used to display ACL

ACL Information44-1744Example Console#show access-groupInterface ethernet 1/2 IP standard access-list david MAC access-list jerryConsole#

Access Control List Commands44-1844

45-1Chapter 45: Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN.

Interface Commands45-245Command Mode Global Configuration Example To specify port 4, enter the following command:descriptionThis command adds a descri

negotiation45-345Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex setting is: -

Basic Configuration2-523. Type “exit” to return to the global configuration mode prompt. Press <Enter>. 4. To set the IP address of the default

Interface Commands45-445• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Example Th

flowcontrol45-545Example The following example configures Ethernet port 5 capabilities to 100half and 100full.Related Commands negotiation (45-3)speed

Interface Commands45-645Related Commands negotiation (45-3)capabilities (flowcontrol, symmetric) (45-4)media-typeThis command forces the port type sel

clear counters45-745Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable i

Interface Commands45-845show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface • e

show interfaces counters45-945show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface

Interface Commands45-1045show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Syntax

show interfaces switchport45-1145VLAN membership mode Indicates membership mode as Trunk or Hybrid (page 52-8).Ingress rule Shows if ingress filtering

Interface Commands45-1245

46-1Chapter 46: Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network

Initial Configuration2-62To configure an IPv6 link local address for the switch, complete the following steps:1. From the Global Configuration mode pr

Link Aggregation Commands46-246• All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the speci

port channel load-balance46-346port channel load-balanceThis command sets the load-distribution method among ports in aggregated links (for both stati

Link Aggregation Commands46-446- src-dst-ip: All traffic with the same source and destination IP address is output on the same link in a trunk. This m

lacp system-priority46-546ExampleThe following shows LACP enabled on ports 10-12. Because LACP has also been enabled on the ports at the other end of

Link Aggregation Commands46-646Command Mode Interface Configuration (Ethernet)Command Usage • Port must be configured with the same system priority to

lacp admin-key (Port Channel)46-746• Once the remote side of a link has been established, LACP operational settings are already in use on that side. C

Link Aggregation Commands46-846lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lac

show lacp46-946Default Setting Port Channel: allCommand Mode Privileged ExecExample Console#show lacp 1 countersPort channel: 1-----------------

Link Aggregation Commands46-1046Table 46-3 show lacp internal - display descriptionField DescriptionOper Key Current operational value of the key fo

show port-channel load-balance46-1146show port-channel load-balanceThis command shows the setting of the aggregated link load-balance method.Default S

Basic Configuration2-72To generate an IPv6 global unicast address for the switch using a general network prefix, complete the following steps:1. From

Link Aggregation Commands46-1246ExampleConsole#show port-channel load-balanceSource and destination IP addressConsole#

47-1Chapter 47: Broadcast Storm Control CommandsThese commands can be used to enable broadcast storm control on a port. You can protect your network f

Broadcast Storm Control Commands47-247

48-1Chapter 48: Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. port monitorThis command config

Mirror Port Commands48-248Example The following example configures the switch to mirror all packets from port 6 to 11:show port monitorThis command di

49-1Chapter 49: Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an int

Rate Limit Commands49-249

50-1Chapter 50: Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current en

Address Table Commands50-250Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this com

show mac-address-table50-350show mac-address-tableThis command shows classes of entries in the bridge-forwarding database.Syntax show mac-address-tabl

Initial Configuration2-82Dynamic ConfigurationObtaining an IPv4 AddressIf you select the “bootp” or “dhcp” option, IP will be enabled but will not fun

Address Table Commands50-450mac-address-table aging-timeThis command sets the aging time for entries in the address table. Use the no form to restore

51-1Chapter 51: Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and co

Spanning Tree Commands51-251spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

spanning-tree forward-time51-351Command Usage • Spanning Tree ProtocolUses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This cr

Spanning Tree Commands51-451Default Setting 15 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) t

spanning-tree max-age51-551spanning-tree max-ageThis command configures the spanning tree bridge maximum age globally for this switch. Use the no form

Spanning Tree Commands51-651Default Setting 32768Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device,

spanning-tree transmission-limit51-751spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecu

Spanning Tree Commands51-851mst vlanThis command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no f

mst priority51-951mst priorityThis command configures the priority of a spanning tree instance. Use the no form to restore the default.Syntax mst inst

Basic Configuration2-92Obtaining an IPv6 AddressLink Local Address — There are several ways to dynamically configure IPv6 addresses. The simplest meth

Spanning Tree Commands51-1051Command Usage The MST region name and revision number (page 51-10) are used to designate a unique MST region. A bridge (i

max-hops51-1151max-hopsThis command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to restore the def

Spanning Tree Commands51-1251spanning-tree costThis command configures the spanning tree path cost for the specified interface. Use the no form to res

spanning-tree port-priority51-1351spanning-tree port-priorityThis command configures the priority for the specified interface. Use the no form to rest

Spanning Tree Commands51-1451cause forwarding loops, they can pass directly through to the spanning tree forwarding state. Specifying Edge Ports provi

spanning-tree link-type51-1551ExampleRelated Commandsspanning-tree edge-port (51-13)spanning-tree link-typeThis command configures the link type for R

Spanning Tree Commands51-1651spanning-tree mst costThis command configures the path cost on a spanning instance in the Multiple Spanning Tree. Use the

spanning-tree mst port-priority51-1751spanning-tree mst port-priorityThis command configures the interface priority on a spanning instance in the Mult

Spanning Tree Commands51-1851Command Mode Privileged ExecCommand Usage If at any time the switch detects STP BPDUs, including Configuration or Topolog

show spanning-tree51-1951• For a description of the items displayed under “Spanning-tree information,” see “Configuring Global Settings” on page 22-6.

Initial Configuration2-1022. From the interface prompt, type “ipv6 address autoconfig” and press <Enter>.Enabling SNMP Management Access The swi

Spanning Tree Commands51-2051show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privi

52-1Chapter 52: VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the sam

VLAN Commands52-252bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] bridge-ext gvrpDefault

GVRP and Bridge Extension Commands52-352switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrp

VLAN Commands52-452garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default valu

Editing VLAN Groups52-552show garp timerThis command shows the GARP timers for the selected interface.Syntax show garp timer [interface]interface • et

VLAN Commands52-652Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can

Configuring VLAN Interfaces52-752Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.Related C

VLAN Commands52-852Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLA

Configuring VLAN Interfaces52-952switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to r

Basic Configuration2-112The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects

VLAN Commands52-1052• If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be d

Configuring VLAN Interfaces52-1152switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the

VLAN Commands52-1252switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Syntax swi

Configuring IEEE 802.1Q Tunneling52-1352Configuring IEEE 802.1Q TunnelingIEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (S

VLAN Commands52-1452dot1q-tunnel system-tunnel-controlThis command sets the switch to operate in QinQ mode. Use the no form to disable QinQ operating

Configuring IEEE 802.1Q Tunneling52-1552ExampleRelated Commandsshow dot1q-tunnel (52-16)show interfaces switchport (45-10)switchport dot1q-tunnel tpi

VLAN Commands52-1652show dot1q-tunnelThis command displays information about QinQ tunnel ports.Command Mode Privileged ExecExampleRelated Commandsswit

Displaying VLAN Information52-1752show vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keyword to be foll

VLAN Commands52-1852

53-1Chapter 53: Private VLAN CommandsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. This section des

Initial Configuration2-122Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a v

Private VLAN Commands53-253show pvlanThis command displays the configured private VLAN.Command Mode Privileged ExecExampleConsole#show pvlanPrivate VL

54-1Chapter 54: Protocol-based VLAN CommandsThe network devices required to support multiple protocols cannot be easily grouped into a common VLAN. T

Protocol-based VLAN Commands54-254• protocol - Protocol type. The only option for the llc_other frame type is ipx_raw. The options for all other frame

show protocol-vlan protocol-group54-354- If the frame is untagged and the protocol type matches, the frame is forwarded to the appropriate VLAN.- If t

Protocol-based VLAN Commands54-454show interfaces protocol-vlan protocol-groupThis command shows the mapping from protocol groups to VLANs for the sel

55-1Chapter 55: Class of Service Commands The commands described in this section allow you to specify which data packets have greater precedence when

Class of Service Commands55-255queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (C

Priority Commands (Layer 2)55-355switchport priority defaultThis command sets a priority for incoming untagged frames. Use the no form to restore the

Class of Service Commands55-455queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority qu

Priority Commands (Layer 2)55-555Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queui

Managing System Files2-132Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many

Class of Service Commands55-655show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority qu

Priority Commands (Layer 3 and 4)55-755Priority Commands (Layer 3 and 4)This section describes commands used to configure Layer 3 and Layer 4 traffic

Class of Service Commands55-855map ip port (Interface Configuration)This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form

Priority Commands (Layer 3 and 4)55-955Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface C

Class of Service Commands55-1055map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mappi

Priority Commands (Layer 3 and 4)55-1155Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that

Class of Service Commands55-1255Default SettingNoneCommand Mode Privileged ExecExample The following shows that HTTP traffic has been mapped to CoS va

Priority Commands (Layer 3 and 4)55-1355Example Related Commands map ip precedence (Global Configuration) (55-8)map ip precedence (Interface Configura

Class of Service Commands55-1455Related Commands map ip dscp (Global Configuration) (55-10)map ip dscp (Interface Configuration) (55-10)

56-1Chapter 56: Quality of Service Commands The commands described in this section are used to configure Differentiated Services (DiffServ) classifica

vContents Section I: Getting StartedChapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-6Chapter 2:

Initial Configuration2-142

Quality of Service Commands56-256Notes: 1. You can configure up to 16 rules per Class Map. You can also include multiple classes in a Policy Map.2. Yo

match56-356matchThis command defines the criteria used to classify traffic. Use the no form to delete the matching criteria.Syntax [no] match {access-

Quality of Service Commands56-456policy-mapThis command creates a policy map that can be attached to multiple interfaces, and enters Policy Map config

set56-556Default Setting NoneCommand Mode Policy Map ConfigurationCommand Usage • Use the policy-map command to specify a policy map and enter Policy

Quality of Service Commands56-656Command Mode Policy Map Class ConfigurationExample This example creates a policy called “rd_policy,” uses the class c

service-policy56-756Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “rd_class,” use

Quality of Service Commands56-856show class-mapThis command displays the QoS class maps which define matching criteria used for classifying traffic.Sy

show policy-map interface56-956Exampleshow policy-map interfaceThis command displays the service policy assigned to the specified interface.Syntax sho

Quality of Service Commands56-1056

57-1Chapter 57: Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to r

Section II: Switch ManagementThis section describes the basic switch features, along with a detailed description of how to configure each feature via

Multicast Filtering Commands57-257ip igmp snooping vlan staticThis command adds a port to a multicast group. Use the no form to remove the port.Syntax

IGMP Snooping Commands57-357Example The following configures the switch to use IGMP Version 1:show ip igmp snoopingThis command shows the IGMP snoopin

Multicast Filtering Commands57-457Example The following shows the multicast entries learned through IGMP snooping for VLAN 1:IGMP Query CommandsThis s

IGMP Query Commands57-557ip igmp snooping query-countThis command configures the query count. Use the no form to restore the default.Syntax ip igmp sn

Multicast Filtering Commands57-657Example The following shows how to configure the query interval to 100 seconds:ip igmp snooping query-max-response-t

IGMP Query Commands57-757ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the default.Syn

Multicast Filtering Commands57-857Static Multicast Routing Commandsip igmp snooping vlan mrouterThis command statically configures a multicast router

Static Multicast Routing Commands57-957show ip igmp snooping mrouter This command displays information on statically configured and dynamically learne

Multicast Filtering Commands57-1057

58-1Chapter 58: Domain Name Service Commands These commands are used to configure Domain Naming System (DNS) services. You can manually configure entr

Switch ManagementConfiguring Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-1Switch Clustering . . . . . . . .

Domain Name Service Commands58-258Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If mor

ip domain-name58-358ip domain-nameThis command defines the default domain name appended to incomplete host names (i.e., host names passed from a clien

Domain Name Service Commands58-458Default Setting NoneCommand Mode Global ConfigurationCommand Usage • Domain names are added to the end of the list o

ip domain-lookup58-558Command Usage The listed name servers are queried in the specified sequence until a response is received, or the end of the list

Domain Name Service Commands58-658ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (58-3)ip name-se

show dns58-758show dnsThis command displays the configuration of the DNS service.Command Mode Privileged ExecExampleshow dns cacheThis command display

Domain Name Service Commands58-858clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleConsole#clear dns

59-1Chapter 59: IPv4 Interface Commands An IP addresses may be used for management access to the switch over your network. An IPv4 address for this sw

IPv4 Interface Commands59-259numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the configuration program.

ip dhcp restart59-359• An default gateway can only be successfully set when a network interface that directly connects to the gateway has been configu

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

IPv4 Interface Commands59-459show ip interfaceThis command displays the settings of an IPv4 interface.Command Mode Privileged ExecExample Related Comm

ping59-559pingThis command sends (IPv4) ICMP echo request packets to another node on the network.Syntax ping host [count count][size size]• host - IP

IPv4 Interface Commands59-659

60-1Chapter 60: IPv6 Interface CommandsAn IPv6 address can either be manually configured or dynamically generated. You may also need to a establish an

IPv6 Interface Commands60-260ipv6 enableThis command enables IPv6 on an interface that has not been configured with an explicit IPv6 address. Use the

ipv6 general-prefix60-360ipv6 general-prefixThis command defines an IPv6 general prefix for the network address segment. Use the no form to remove the

IPv6 Interface Commands60-460show ipv6 general-prefixThis command displays all configured IPv6 general prefixes.Command Mode Normal Exec, Privileged E

ipv6 address60-560Command Usage • The general prefix normally applies to all interfaces, and is therefore specified at the global configuration level.

IPv6 Interface Commands60-660ipv6 address autoconfig This command enables stateless autoconfiguration of IPv6 addresses on an interface and enables IP

ipv6 address eui-6460-760Related Commands ipv6 address (60-4)show ipv6 interface (60-10)ipv6 address eui-64 This command configures an IPv6 address fo

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

IPv6 Interface Commands60-860universal/local bit in the address and inserting the hexadecimal number FFFE between the upper and lower three bytes of t

ipv6 address link-local60-960ipv6 address link-local This command configures an IPv6 link-local address for an interface and enables IPv6 on the inter

IPv6 Interface Commands60-1060Related Commands ipv6 enable (60-2)show ipv6 interface (60-10)show ipv6 interfaceThis command displays the usability and

show ipv6 interface60-1160This example displays a brief summary of IPv6 addresses configured on the switch.Related Commands show ip interface (59-4)IP

IPv6 Interface Commands60-1260ipv6 default-gateway This command sets an IPv6 default gateway to use when the management station in located on a differ

ipv6 mtu60-1360Example The following shows the default gateway configured for this device:Related Commands show ip redirects (59-4)ipv6 mtu This comma

IPv6 Interface Commands60-1460show ipv6 mtuThis command displays the maximum transmission unit (MTU) cache for destinations that have returned an ICMP

show ipv6 traffic60-1560Example The following example shows statistics for all IPv6 unicast and multicast traffic, as well as ICMP, UDP and TCP statis

IPv6 Interface Commands60-1660 router solicit 0 router advert 0 redirects 0 neighbor soli

show ipv6 traffic60-1760hop count exceeded Number of packets discarded because its time-to-live (TTL) field was decremented to zero. unknown protocol

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

IPv6 Interface Commands60-1860Ipv6 mcastmcast received The number of multicast packets received by the interface.mcast sent The number of multicast pa

show ipv6 traffic60-1960router solicit The number of ICMP Router Solicit messages received by the interface.router advert The number of ICMP Router Ad

IPv6 Interface Commands60-2060clear ipv6 traffic This command resets IPv6 traffic counters.Command Mode Privileged ExecCommand Usage This command rese

ping ipv660-2160ping ipv6 This command sends ICMP echo request packets to an IPv6 node on the network.ping ipv6 address {ipv6-address | host-name} [si

IPv6 Interface Commands60-2260Example Related Commands ping (59-5)ipv6 neighbor This command configures a static entry in the IPv6 neighbor discovery

ipv6 nd dad attempts60-2360• If the specified entry was dynamically learned through the IPv6 neighbor discovery process, and already exists in the nei

IPv6 Interface Commands60-2460in a “pending” state. Duplicate address detection is automatically restarted when the interface is administratively re-a

ipv6 nd ns interval60-2560ipv6 nd ns interval This command configures the interval between transmitting IPv6 neighbor solicitation messages on an inte

IPv6 Interface Commands60-2660show ipv6 neighborsThis command displays information in the IPv6 neighbor discovery cache.Syntax show ipv6 neighbors [vl

clear ipv6 neighbors60-2760Related Commands show mac-address-table (50-3)clear ipv6 neighborsThis command deletes all dynamic entries in the IPv6 neig

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

IPv6 Interface Commands60-2860

61-1Chapter 61: Switch Cluster CommandsSwitch Clustering is a method of grouping switches together to enable centralized management through a single u

Switch Cluster Commands61-261• Configured switch clusters are maintained across power resets and network changes.Examplecluster commanderThis command

cluster member61-361Command ModeGlobal ConfigurationCommand Usage • An “internal” IP address pool is used to assign IP addresses to Member switches in

Switch Cluster Commands61-461rcommandThis command provides access to a cluster Member CLI for configuration. Syntax rcommand id <member-id>membe

show cluster members61-561show cluster membersThis command shows the current switch cluster members.Command Mode Privileged ExecExampleshow cluster ca

Switch Cluster Commands61-661

Section IV:AppendicesThis section provides additional information on the following topics. Software Specifications . . . . . . . . . . . . . . . . .

Appendices

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS+, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Li

Navigating the Web Browser Interface3-53SNMP 11-1Configuration Configures community strings and related trap functions 11-3Agent Status Enables or dis

Software SpecificationsA-2AMulticast Filtering IGMP SnoopingSwitch Clustering36 groupsAdditional FeaturesCIDR (Classless Inter-Domain Routing)SNTP (Si

Management Information BasesA-3AIGMPv2 (RFC 2236)IPv4 IGMP (RFC 3228)RADIUS+ (RFC 2618)RMON (RFC 2819 groups 1,2,3,9)SNMP (RFC 1157)SNMPv2c (RFC 2571)

Software SpecificationsA-4ATACACS+ Authentication Client MIBTCP MIB (RFC 2012)Trap (RFC 1215)UDP MIB (RFC 2013)

B-1Appendix B: TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2Extended Universal Identifier (EUI) An address format used by IPv6 to identify the host portion of the network address. The interfac

Glossary-3GlossaryIEEE 802.1QVLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to differ

GlossaryGlossary-4IP Multicast FilteringA process whereby this switch can pass multicast traffic along to participating hosts.IP PrecedenceThe Type of

Glossary-5GlossaryPort AuthenticationSee IEEE 802.1X.Port MirroringA method whereby data on a target port is mirrored to a monitor port for troublesho

Configuring the Switch3-63Trunk Membership Specifies ports to group into static trunks 17-2LACP 17-1Configuration Allows ports to dynamically join tr

GlossaryGlossary-6Secure Shell (SSH)A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographi

Glossary-7GlossaryUser Datagram Protocol (UDP)UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport

GlossaryGlossary-8

Index-1Numerics802.1Q tunnel 23-12, 52-13description 23-12interface configuration 23-17, 52-14–52-15mode selection 23-17TPID 23-17, 52-15802.1X, port

Index-2IndexEedge port, STA 22-12, 22-14, 51-13event logging 37-1Ffirmwaredisplaying version 4-3, 34-8upgrading 6-2, 35-2GGARP VLAN Registration Proto

Index-3IndexTACACS+ server 12-2, 41-9logon authentication, sequence 12-3, 41-3, 41-4Mmain menu 3-4Management Information Bases (MIBs) A-3mirror port,

Index-4Indexpath cost method 22-8, 51-6port priority 22-12, 51-13protocol migration 22-14, 51-17transmission limit 22-8, 51-7standards, IEEE A-2startu

ES4524DES4548DE112006-CS-R01149100030400A

Navigating the Web Browser Interface3-73Port Configuration Configures port settings for a specified MST instance 22-19Trunk Configuration Configures t

ContentsviChapter 5: Setting an IP Address 5-1Setting the Switch’s IP Address (IP Version 4) 5-1Manual Configuration 5-2Using DHCP/BOOTP 5-3Setti

Configuring the Switch3-83IP DSCP Priority Sets IP Differentiated Services Code Point priority, mapping a DSCP tag to a class-of-service value26-9IP P

4-1Chapter 4: Basic System SettingsThis chapter describes the basic functions required to set up management access to the switch, display or upgrade o

Basic System Settings4-24Web – Click System, System Information. Specify the system name, location, and contact information for the system administrat

Displaying Switch Hardware/Software Versions4-34CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versi

Basic System Settings4-44• Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code.• Operation Code Version – Version number of runtime

Displaying Bridge Extension Capabilities4-54Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that suppor

Basic System Settings4-64CLI – Enter the following command. Configuring Support for Jumbo FramesThe switch provides more efficient throughput for larg

Renumbering the Stack4-74Renumbering the StackIf the units are no longer numbered sequentially after several topology changes or failures, you can res

Basic System Settings4-84

5-1Chapter 5: Setting an IP AddressThis chapter describes how to configure an IPv4 interface for management access over the network. This switch suppo

ContentsviiConfiguring the SSH Server 12-12Filtering IP Addresses for Management Access 12-13Chapter 13: Configuring Port Security 13-1Chapter 14:

Setting an IP Address5-25Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, s

Setting the Switch’s IP Address (IP Version 4)5-35Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dy

Setting an IP Address5-45Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web int

Setting the Switch’s IP Address (IP Version 6)5-55length, and using the EUI-64 form of the interface identifier to automatically create the low-order

Setting an IP Address5-65IP Address• Auto Configuration – Enables stateless autoconfiguration of IPv6 addresses on an interface and enables IPv6 funct

Setting the Switch’s IP Address (IP Version 6)5-75length of the general prefix takes precedence, and some of the address bits entered in the IPv6 Addr

Setting an IP Address5-85Current Address Table• IPv6 Address – IPv6 address assigned to this interface. In addition to the unicast addresses assigned

Setting the Switch’s IP Address (IP Version 6)5-95Web – Click System, IPv6 Configuration, IPv6 Configuration. Set the IPv6 default gateway, specify th

Setting an IP Address5-105CLI – This example configures an IPv6 gateway, specifies the management interface, configures a global unicast address, and

Setting the Switch’s IP Address (IP Version 6)5-115Web – Click System, IPv6 Configuration, IPv6 General Prefix. Click Add to open the editing fields f

ContentsviiiConfiguring Global Settings 22-6Displaying Interface Settings 22-10Configuring Interface Settings 22-13Configuring Multiple Spanning Tr

Setting an IP Address5-125- Configuring a value of 0 disables duplicate address detection.- Duplicate address detection determines if a new unicast IP

Setting the Switch’s IP Address (IP Version 6)5-135- PROBE - A reachability confirmation is actively sought by resending neighbor solicitation message

Setting an IP Address5-145Web – Click System, IPv6 Configuration, IPv6 ND Neighbor. To configure the Neighbor Detection protocol settings, select a VL

6-1Chapter 6: Managing System FilesThis chapter describes how to upgrade the switch operating software, save and restore switch configuration files, a

Managing System Files6-26Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace

Managing Firmware6-36To delete a file select System, File Management, Delete. Select the file name from the given list by checking the tick box and cl

Managing System Files6-46Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server. The configura

Saving or Restoring Configuration Settings6-56Downloading Configuration Settings from a ServerYou can download the configuration file under a new file

Managing System Files6-66CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch

7-1Chapter 7: Console Port SettingsYou can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial cons

ContentsixChapter 28: Multicast Filtering 28-1Layer 2 IGMP (Snooping and Query) 28-1Configuring IGMP Snooping and Query Parameters 28-2Displaying I

Console Port Settings7-27Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply.Figure 7-1 C

8-1Chapter 8: Telnet SettingsYou can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management acc

Telnet Settings8-28Figure 8-1 Configuring the Telnet InterfaceCLI – Enter Line Configuration mode for a virtual terminal, then specify the connection

9-1Chapter 9: Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that are recorded

Configuring Event Logging9-29Web – Click System, Logs, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and

Remote Log Configuration9-39• Host IP Address – Specifies a new server IP address to add to the Host IP List.Web – Click System, Logs, Remote Logs. To

Configuring Event Logging9-49Displaying Log MessagesUse the Logs page to scroll through the logged system and event messages. The switch can store up

Sending Simple Mail Transfer Protocol Alerts9-59• SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to co

Configuring Event Logging9-69CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and sp

10-1Chapter 10: Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates fro