Levelone GTL-2691 User Manual

USER GUIDE GTL-2691 20 GE + 4 GE Combo SFP + 2 10G Slots L3Managed Stackable SwitchUser Manual

CONTENTS– 10 –Configuring a MAC ACL 365Configuring an ARP ACL 367Binding a Port to an Access Control List 369ARP Inspection 370Configuring Globa

CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 100 –◆ Diagnostic Code — Software that is run during system boot-up, also known as

CHAPTER 31 | Interface CommandsInterface Configuration– 1000 –◆ The 1000BASE-T and 10GBASE-T standard does not support forced mode. Auto-negotiati

CHAPTER 31 | Interface CommandsInterface Configuration– 1001 –EXAMPLE The following example adds a description to port 4.Console(config)#interface

CHAPTER 31 | Interface CommandsInterface Configuration– 1002 –media-type This command forces the port type selected for combination ports 21-24. U

CHAPTER 31 | Interface CommandsInterface Configuration– 1003 –◆ When auto-negotiation is enabled the switch will negotiate the best settings for a

CHAPTER 31 | Interface CommandsInterface Configuration– 1004 –speed-duplex This command configures the speed and duplex mode of a given interface

CHAPTER 31 | Interface CommandsInterface Configuration– 1005 –RELATED COMMANDS negotiation (1002)capabilities (999)switchport mtu This command con

CHAPTER 31 | Interface CommandsInterface Configuration– 1006 –◆ The port MTU size can be displayed with the show show interfaces status command.EX

CHAPTER 31 | Interface CommandsInterface Configuration– 1007 –◆ The rate limits set by this command are also used by automatic storm control when

CHAPTER 31 | Interface CommandsInterface Configuration– 1008 –EXAMPLE The following example clears statistics on port 5.Console#clear counters eth

CHAPTER 31 | Interface CommandsInterface Configuration– 1009 –EXAMPLE Console#show interfaces counters ethernet 1/17Ethernet 1/ 1 ===== IF table S

CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 101 –To restore configuration settings from a backup server, enter the following co

CHAPTER 31 | Interface CommandsInterface Configuration– 1010 –show interfacesstatusThis command displays the status for an interface.SYNTAX show i

CHAPTER 31 | Interface CommandsInterface Configuration– 1011 –show interfacesswitchportThis command displays the administrative and operational st

CHAPTER 31 | Interface CommandsInterface Configuration– 1012 –Table 100: show interfaces switchport - display description Field DescriptionBroadc

CHAPTER 31 | Interface CommandsInterface Configuration– 1013 –show interfacestransceiverThis command displays identifying information for the spec

CHAPTER 31 | Interface CommandsCable Diagnostics– 1014 – Vcc : 0.00 V Bias Current : 43.11 mA TX Power : 6

CHAPTER 31 | Interface CommandsCable Diagnostics– 1015 – Cable Short with accuracy 0 meters. Pair A OK, length 1 meters Pair B OK, length 2 me

CHAPTER 31 | Interface CommandsCable Diagnostics– 1016 –EXAMPLE Console#show cable-diagnostics dsp interface ethernet 1/1Cable Diagnostics on inte

– 1017 –32 LINK AGGREGATION COMMANDSPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network conn

CHAPTER 32 | Link Aggregation CommandsManual Configuration Commands– 1018 –◆ All ports in a trunk must be configured in an identical manner, inclu

CHAPTER 32 | Link Aggregation CommandsManual Configuration Commands– 1019 –DEFAULT SETTINGsrc-dst-ipCOMMAND MODEGlobal ConfigurationCOMMAND USAGE◆

CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 102 –

CHAPTER 32 | Link Aggregation CommandsDynamic Configuration Commands– 1020 –channel-group This command adds a port to a trunk. Use the no form to

CHAPTER 32 | Link Aggregation CommandsDynamic Configuration Commands– 1021 –COMMAND USAGE ◆ The ports on both ends of an LACP trunk must be config

CHAPTER 32 | Link Aggregation CommandsDynamic Configuration Commands– 1022 –lacp admin-key(Ethernet Interface)This command configures a port'

CHAPTER 32 | Link Aggregation CommandsDynamic Configuration Commands– 1023 –lacp port-priority This command configures LACP port priority. Use the

CHAPTER 32 | Link Aggregation CommandsDynamic Configuration Commands– 1024 –lacp system-priority This command configures a port's LACP system

CHAPTER 32 | Link Aggregation CommandsTrunk Status Display Commands– 1025 –DEFAULT SETTING 0COMMAND MODE Interface Configuration (Port Channel)COM

CHAPTER 32 | Link Aggregation CommandsTrunk Status Display Commands– 1026 –EXAMPLEConsole#show lacp 1 countersPort Channel: 1---------------------

CHAPTER 32 | Link Aggregation CommandsTrunk Status Display Commands– 1027 –Console#show lacp 1 neighborsPort Channel 1 neighbors------------------

CHAPTER 32 | Link Aggregation CommandsTrunk Status Display Commands– 1028 – Console#show lacp sysidPort Channel System Priority System MAC

– 1029 –33 PORT MIRRORING COMMANDSData can be mirrored from a local port on the same switch or from a remote port on another switch for analysis at

– 103 –SECTION IIWEB CONFIGURATIONThis section describes the basic switch features, along with a detailed description of how to configure each featu

CHAPTER 33 | Port Mirroring CommandsLocal Port Mirroring Commands– 1030 –DEFAULT SETTING ◆ No mirror session is defined. ◆ When enabled for an int

CHAPTER 33 | Port Mirroring CommandsRSPAN Mirroring Commands– 1031 –COMMAND MODE Privileged ExecCOMMAND USAGE This command displays the currently

CHAPTER 33 | Port Mirroring CommandsRSPAN Mirroring Commands– 1032 –3. Use the rspan destination command to specify the destination port for the t

CHAPTER 33 | Port Mirroring CommandsRSPAN Mirroring Commands– 1033 –rspan source Use this command to specify the source port and traffic type to b

CHAPTER 33 | Port Mirroring CommandsRSPAN Mirroring Commands– 1034 –rspan destination Use this command to specify the destination port to monitor

CHAPTER 33 | Port Mirroring CommandsRSPAN Mirroring Commands– 1035 –rspan remote vlan Use this command to specify the RSPAN VLAN, switch role (sou

CHAPTER 33 | Port Mirroring CommandsRSPAN Mirroring Commands– 1036 –dynamically add port members to an RSPAN VLAN. Also, note that the show vlan c

CHAPTER 33 | Port Mirroring CommandsRSPAN Mirroring Commands– 1037 –COMMAND MODE Privileged ExecEXAMPLE Console#show rspan sessionRSPAN Session ID

CHAPTER 33 | Port Mirroring CommandsRSPAN Mirroring Commands– 1038 –

– 1039 –34 RATE LIMIT COMMANDSThis function allows the network manager to control the maximum rate for traffic transmitted or received on an interfa

SECTION II | Web Configuration– 104 –◆ "Multicast Routing" on page 705

CHAPTER 34 | Rate Limit Commands– 1040 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#rate-limit input 64Console(config-if)#RELA

– 1041 –35 AUTOMATIC TRAFFIC CONTROL COMMANDSAutomatic Traffic Control (ATC) configures bounding thresholds for broadcast and multicast storms which

CHAPTER 35 | Automatic Traffic Control Commands– 1042 –USAGE GUIDELINESATC includes storm control for broadcast or multicast traffic. The control

CHAPTER 35 | Automatic Traffic Control Commands– 1043 –expires. When ingress traffic falls below this threshold, ATC sends a Storm Alarm Clear Tra

CHAPTER 35 | Automatic Traffic Control CommandsThreshold Commands– 1044 –Threshold Commandsauto-traffic-controlapply-timerThis command sets the ti

CHAPTER 35 | Automatic Traffic Control CommandsThreshold Commands– 1045 –seconds - The time at which to release the control response after ingress

CHAPTER 35 | Automatic Traffic Control CommandsThreshold Commands– 1046 –EXAMPLE This example enables automatic storm control for broadcast traffi

CHAPTER 35 | Automatic Traffic Control CommandsThreshold Commands– 1047 –EXAMPLE This example sets the control response for broadcast traffic on p

CHAPTER 35 | Automatic Traffic Control CommandsThreshold Commands– 1048 –EXAMPLE This example sets the clear threshold for automatic storm control

CHAPTER 35 | Automatic Traffic Control CommandsThreshold Commands– 1049 –auto-traffic-controlauto-control-releaseThis command automatically releas

– 105 –3 USING THE WEB INTERFACEThis switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistic

CHAPTER 35 | Automatic Traffic Control CommandsSNMP Trap Commands– 1050 –SNMP Trap Commandssnmp-server enableport-traps atcbroadcast-alarm-clearTh

CHAPTER 35 | Automatic Traffic Control CommandsSNMP Trap Commands– 1051 –snmp-server enableport-traps atcbroadcast-control-applyThis command sends

CHAPTER 35 | Automatic Traffic Control CommandsSNMP Trap Commands– 1052 –snmp-server enableport-traps atcmulticast-alarm-clearThis command sends a

CHAPTER 35 | Automatic Traffic Control CommandsSNMP Trap Commands– 1053 –snmp-server enableport-traps atcmulticast-control-applyThis command sends

CHAPTER 35 | Automatic Traffic Control CommandsATC Display Commands– 1054 –ATC Display Commandsshow auto-traffic-controlThis command shows global

– 1055 –36 ADDRESS TABLE COMMANDSThese commands are used to configure the address table for filtering specified addresses, displaying current entrie

CHAPTER 36 | Address Table Commands– 1056 –EXAMPLE Console(config)#mac-address-table aging-time 100Console(config)#mac-address-tablestaticThis com

CHAPTER 36 | Address Table Commands– 1057 –EXAMPLE Console(config)#mac-address-table static 00-e0-29-94-34-de interface ethernet 1/1 vlan 1 delete

CHAPTER 36 | Address Table Commands– 1058 –COMMAND USAGE ◆ The MAC Address Table contains the MAC addresses associated with each interface. Note t

CHAPTER 36 | Address Table Commands– 1059 –show mac-address-table countThis command shows the number of MAC addresses used and the number of avail

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 106 –forwarding (i.e., enable Admin Edge Port) to improve the switch’s re

CHAPTER 36 | Address Table Commands– 1060 –

– 1061 –37 SPANNING TREE COMMANDSThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and comman

CHAPTER 37 | Spanning Tree Commands– 1062 –spanning-tree This command enables the Spanning Tree Algorithm globally for the switch. Use the no form

CHAPTER 37 | Spanning Tree Commands– 1063 –EXAMPLE This example shows how to enable the Spanning Tree Algorithm for the switch:Console(config)#spa

CHAPTER 37 | Spanning Tree Commands– 1064 –DEFAULT SETTING 2 secondsCOMMAND MODE Global ConfigurationCOMMAND USAGE This command sets the time inte

CHAPTER 37 | Spanning Tree Commands– 1065 –RELATED COMMANDSspanning-tree forward-time (1063)spanning-tree hello-time (1063)spanning-tree mode This

CHAPTER 37 | Spanning Tree Commands– 1066 – A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments. Be

CHAPTER 37 | Spanning Tree Commands– 1067 –spanning-treepriorityThis command configures the spanning tree priority globally for this switch. Use t

CHAPTER 37 | Spanning Tree Commands– 1068 –revision (1072)max-hops (1069)spanning-treesystem-bpdu-floodingThis command configures the system to fl

CHAPTER 37 | Spanning Tree Commands– 1069 –COMMAND USAGE This command limits the maximum transmission rate for BPDUs.EXAMPLE Console(config)#spann

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 107 –CONFIGURATIONOPTIONSConfigurable parameters have a dialog box or a d

CHAPTER 37 | Spanning Tree Commands– 1070 –mst priority This command configures the priority of a spanning tree instance. Use the no form to resto

CHAPTER 37 | Spanning Tree Commands– 1071 –COMMAND MODE MST ConfigurationCOMMAND USAGE ◆ Use this command to group VLANs into spanning tree instan

CHAPTER 37 | Spanning Tree Commands– 1072 –EXAMPLE Console(config-mstp)#name R&DConsole(config-mstp)#RELATED COMMANDSrevision (1072)revision T

CHAPTER 37 | Spanning Tree Commands– 1073 –COMMAND USAGE ◆ This command filters all Bridge Protocol Data Units (BPDUs) received on an interface to

CHAPTER 37 | Spanning Tree Commands– 1074 –be manually re-enabled using the no spanning-tree spanning-disabled command.◆ Before enabling BPDU Guar

CHAPTER 37 | Spanning Tree Commands– 1075 – COMMAND MODE Interface Configuration (Ethernet, Port Channel)COMMAND USAGE ◆ This command is used by t

CHAPTER 37 | Spanning Tree Commands– 1076 –devices such as workstations or servers, retains the current forwarding database to reduce the amount o

CHAPTER 37 | Spanning Tree Commands– 1077 –spanning-treeloopback-detectionThis command enables the detection and response to Spanning Tree loopbac

CHAPTER 37 | Spanning Tree Commands– 1078 –command, the selected interface will be automatically enabled when the shutdown interval has expired.◆

CHAPTER 37 | Spanning Tree Commands– 1079 –◆ When configured for manual release mode, then a link down / up event will not release the port from t

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 108 –MAIN MENU Using the onboard web agent, you can define system paramet

CHAPTER 37 | Spanning Tree Commands– 1080 –shown below. Path cost “0” is used to indicate auto-configuration mode. When the short path cost method

CHAPTER 37 | Spanning Tree Commands– 1081 –COMMAND USAGE ◆ This command defines the priority for the use of an interface in the multiple spanning-

CHAPTER 37 | Spanning Tree Commands– 1082 –spanning-tree port-priorityThis command configures the priority for the specified interface. Use the no

CHAPTER 37 | Spanning Tree Commands– 1083 –COMMAND USAGE ◆ A bridge with a lower bridge identifier (or same identifier and lower MAC address) can

CHAPTER 37 | Spanning Tree Commands– 1084 –spanning-treetc-prop-stopThis command stops propagating topology changes on an interface. Use the no fo

CHAPTER 37 | Spanning Tree Commands– 1085 –EXAMPLE Console#spanning-tree loopback-detection release ethernet 1/1Console#spanning-treeprotocol-migr

CHAPTER 37 | Spanning Tree Commands– 1086 –show spanning-tree This command shows the configuration for the common spanning tree (CST) or for an in

CHAPTER 37 | Spanning Tree Commands– 1087 –EXAMPLEThis example shows a full listing of global and interface settings for the spanning tree.Console

CHAPTER 37 | Spanning Tree Commands– 1088 –This example shows a brief summary of global and interface setting for the spanning tree.Console#show s

– 1089 –38 ERPS COMMANDSThe G.8032 recommendation, also referred to as Ethernet Ring Protection Switching (ERPS), can be used to increase the availa

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 109 –Configure by Port Range Configures connection settings for a range o

CHAPTER 38 | ERPS Commands– 1090 –Configuration Guidelines for ERPS1. Create an ERPS ring: Create a ring using the erps domain command. The ring n

CHAPTER 38 | ERPS Commands– 1091 –erps This command enables ERPS on the switch. Use the no form to disable this feature. SYNTAX [no] erpsDEFAULT S

CHAPTER 38 | ERPS Commands– 1092 –control-vlan This command specifies a dedicated VLAN used for sending and receiving ERPS protocol messages. Use

CHAPTER 38 | ERPS Commands– 1093 –enable This command activates the current ERPS ring. Use the no form to disable the current ring. SYNTAX [no

CHAPTER 38 | ERPS Commands– 1094 –COMMAND USAGE The guard timer duration should be greater than the maximum expected forwarding delay for an R-APS

CHAPTER 38 | ERPS Commands– 1095 –major-domain This command specifies the ERPS ring used for sending control packets. Use the no form to remove th

CHAPTER 38 | ERPS Commands– 1096 –COMMAND USAGE ◆ This parameter is used to ensure that received R-APS PDUs are directed for this ring. A unique l

CHAPTER 38 | ERPS Commands– 1097 –more information on how ERPS recovers from a node failure, refer to "Ethernet Ring Protection Switching&quo

CHAPTER 38 | ERPS Commands– 1098 –non-erps-dev-protectThis command sends non-standard health-check packets when an owner node enters protection st

CHAPTER 38 | ERPS Commands– 1099 –EXAMPLE Console(config-erps)#non-erps-dev-protectConsole(config-erps)#propagate-tc This command enables propagat

CONTENTS– 11 –Simple Network Management Protocol 426Configuring Global Settings for SNMP 428Setting the Local Engine ID 429Specifying a Remote E

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 110 –Statistics Shows Interface, Etherlike, RMON and Utilization trunk st

CHAPTER 38 | ERPS Commands– 1100 –ring-port This command configures a node’s connection to the ring through the east or west interface. Use the no

CHAPTER 38 | ERPS Commands– 1101 –rpl owner This command configures a ring node to be the Ring Protection Link (RPL) owner or a non-owner. SYNTAX

CHAPTER 38 | ERPS Commands– 1102 –EXAMPLE Console(config-erps)#wtr-timer 10Console(config-erps)#clear erps statistics This command clears statisti

CHAPTER 38 | ERPS Commands– 1103 –This example displays detailed information for the specified ERPS ring. Console#show erps domain rd1Domain Nam

CHAPTER 38 | ERPS Commands– 1104 –This example displays statistics for the specified ring. Console#show erps statistics domain rdERPS statistics f

CHAPTER 38 | ERPS Commands– 1105 –show erps statistics This command displays statistics for ERPS protocol messages for all configured rings, or fo

CHAPTER 38 | ERPS Commands– 1106 –

– 1107 –39 VLAN COMMANDSA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same ph

CHAPTER 39 | VLAN CommandsGVRP and Bridge Extension Commands– 1108 –GVRP AND BRIDGE EXTENSION COMMANDSGARP VLAN Registration Protocol defines a wa

CHAPTER 39 | VLAN CommandsGVRP and Bridge Extension Commands– 1109 –garp timer This command sets the values for the join, leave and leaveall timer

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 111 –ProtocolConfigure ProtocolAdd Creates a protocol group, specifying s

CHAPTER 39 | VLAN CommandsGVRP and Bridge Extension Commands– 1110 –switchportforbidden vlanThis command configures forbidden VLANs. Use the no fo

CHAPTER 39 | VLAN CommandsGVRP and Bridge Extension Commands– 1111 –COMMAND USAGE GVRP cannot be enabled for ports set to Access mode using the sw

CHAPTER 39 | VLAN CommandsGVRP and Bridge Extension Commands– 1112 –COMMAND MODE Normal Exec, Privileged ExecEXAMPLE Console#show garp timer ether

CHAPTER 39 | VLAN CommandsEditing VLAN Groups– 1113 –EDITING VLAN GROUPSvlan database This command enters VLAN database mode. All commands in this

CHAPTER 39 | VLAN CommandsEditing VLAN Groups– 1114 –vlan This command configures a VLAN. Use the no form to restore the default settings or delet

CHAPTER 39 | VLAN CommandsConfiguring VLAN Interfaces– 1115 –EXAMPLE The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN i

CHAPTER 39 | VLAN CommandsConfiguring VLAN Interfaces– 1116 –COMMAND USAGE ◆ Creating a “normal” VLAN with the vlan command initializes it as a La

CHAPTER 39 | VLAN CommandsConfiguring VLAN Interfaces– 1117 –EXAMPLE The following example shows how to restrict the traffic received on port 1 to

CHAPTER 39 | VLAN CommandsConfiguring VLAN Interfaces– 1118 –◆ If a VLAN on the forbidden list for an interface is manually added to that interfac

CHAPTER 39 | VLAN CommandsConfiguring VLAN Interfaces– 1119 –switchport mode This command configures the VLAN membership mode for a port. Use the

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 112 –Modify Modify priority for an MST instance 258Add Member Adds VLAN m

CHAPTER 39 | VLAN CommandsConfiguring VLAN Interfaces– 1120 –switchport nativevlanThis command configures the PVID (i.e., default VLAN ID) for a p

CHAPTER 39 | VLAN CommandsConfiguring VLAN Interfaces– 1121 –The following figure shows VLANs 1 and 2 configured on switches A and B, with VLAN tr

CHAPTER 39 | VLAN CommandsDisplaying VLAN Information– 1122 –DISPLAYING VLAN INFORMATIONThis section describes commands used to display VLAN infor

CHAPTER 39 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 1123 –Console#CONFIGURING IEEE 802.1Q TUNNELINGIEEE 802.1Q tunneling (QinQ tunneling)

CHAPTER 39 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 1124 –7. Configure the QinQ tunnel uplink port to dot1Q-tunnel uplink mode (switchpor

CHAPTER 39 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 1125 –switchport dot1q-tunnel modeThis command configures an interface as a QinQ tunn

CHAPTER 39 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 1126 –switchport dot1q-tunnel servicematch cvidThis command creates a CVLAN to SPVLAN

CHAPTER 39 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 1127 –EXAMPLEThis example sets the SVID to 99 in the outer tag for egress packets exi

CHAPTER 39 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 1128 –7. Verify configuration settings.Console#show dot1q-tunnel service802.1Q Tunnel

CHAPTER 39 | VLAN CommandsConfiguring IEEE 802.1Q Tunneling– 1129 –◆ The specified ethertype only applies to ports configured in Uplink mode using

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 113 –VoIP Voice over IP 303Configure Global Configures auto-detection of

CHAPTER 39 | VLAN CommandsConfiguring Port-based Traffic Segmentation– 1130 –Console#show dot1q-tunnel service 100802.1Q Tunnel Service Subscripti

CHAPTER 39 | VLAN CommandsConfiguring Port-based Traffic Segmentation– 1131 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ Traffic segmentation

CHAPTER 39 | VLAN CommandsConfiguring Port-based Traffic Segmentation– 1132 –traffic-segmentationsessionThis command creates a traffic-segmentatio

CHAPTER 39 | VLAN CommandsConfiguring Port-based Traffic Segmentation– 1133 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ A port cannot be con

CHAPTER 39 | VLAN CommandsConfiguring Private VLANs– 1134 –EXAMPLEThis example enables forwarding of traffic between uplink ports assigned to diff

CHAPTER 39 | VLAN CommandsConfiguring Private VLANs– 1135 – To configure private VLANs, follow these steps:1. Use the private-vlan command to desi

CHAPTER 39 | VLAN CommandsConfiguring Private VLANs– 1136 –private-vlan Use this command to create a primary or community private VLAN. Use the no

CHAPTER 39 | VLAN CommandsConfiguring Private VLANs– 1137 –private vlanassociationUse this command to associate a primary VLAN with a secondary (i

CHAPTER 39 | VLAN CommandsConfiguring Private VLANs– 1138 –COMMAND MODE Interface Configuration (Ethernet, Port Channel) COMMAND USAGETo assign a

CHAPTER 39 | VLAN CommandsConfiguring Private VLANs– 1139 –switchport private-vlan mappingUse this command to map an interface to a primary VLAN.

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 114 –User Accounts 325Add Configures user names, passwords, and access le

CHAPTER 39 | VLAN CommandsConfiguring Protocol-based VLANs– 1140 –EXAMPLEConsole#show vlan private-vlanPrimary Secondary Type Interf

CHAPTER 39 | VLAN CommandsConfiguring Protocol-based VLANs– 1141 –protocol-vlanprotocol-group(Configuring Groups)This command creates a protocol g

CHAPTER 39 | VLAN CommandsConfiguring Protocol-based VLANs– 1142 –COMMAND MODE Interface Configuration (Ethernet, Port Channel)COMMAND USAGE ◆ Whe

CHAPTER 39 | VLAN CommandsConfiguring Protocol-based VLANs– 1143 –EXAMPLE This shows protocol group 1 configured for IP over Ethernet:Console#show

CHAPTER 39 | VLAN CommandsConfiguring IP Subnet VLANs– 1144 –CONFIGURING IP SUBNET VLANSWhen using IEEE 802.1Q port-based VLAN classification, all

CHAPTER 39 | VLAN CommandsConfiguring IP Subnet VLANs– 1145 –is found, the corresponding VLAN ID is assigned to the frame. If no mapping is found,

CHAPTER 39 | VLAN CommandsConfiguring MAC Based VLANs– 1146 –CONFIGURING MAC BASED VLANSWhen using IEEE 802.1Q port-based VLAN classification, all

CHAPTER 39 | VLAN CommandsConfiguring Voice VLANs– 1147 –◆ When MAC-based, IP subnet-based, and protocol-based VLANs are supported concurrently, p

CHAPTER 39 | VLAN CommandsConfiguring Voice VLANs– 1148 –voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID. Use

CHAPTER 39 | VLAN CommandsConfiguring Voice VLANs– 1149 –voice vlan aging This command sets the Voice VLAN ID time out. Use the no form to restore

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 115 –Add Rule 352Absolute Sets exact time or time range 352Periodic Sets

CHAPTER 39 | VLAN CommandsConfiguring Voice VLANs– 1150 –description - User-defined text that identifies the VoIP devices. (Range: 1-32 characters

CHAPTER 39 | VLAN CommandsConfiguring Voice VLANs– 1151 –COMMAND USAGEWhen auto is selected, you must select the method to use for detecting VoIP

CHAPTER 39 | VLAN CommandsConfiguring Voice VLANs– 1152 –switchport voicevlan ruleThis command selects a method for detecting VoIP traffic on a po

CHAPTER 39 | VLAN CommandsConfiguring Voice VLANs– 1153 –COMMAND USAGE◆ Security filtering discards any non-VoIP packets received on the port that

CHAPTER 39 | VLAN CommandsConfiguring Voice VLANs– 1154 –Eth 1/10 Disabled Disabled OUI 6 NAConsole#show voice vlan ouiOUI Address

– 1155 –40 CLASS OF SERVICE COMMANDSThe commands described in this section allow you to specify which data packets have greater precedence when traf

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 2)– 1156 –queue cos-map This command assigns class of service (CoS) values to the p

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 2)– 1157 –RELATED COMMANDS show queue cos-map (1160)queue mode This command sets th

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 2)– 1158 –◆ A weight can be assigned to each of the weighted queues (and thereby to

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 2)– 1159 –EXAMPLE The following example shows how to assign round-robin weights of

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 116 –Administration 405Log 405System 405Configure Global Stores error mes

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 2)– 1160 –EXAMPLE The following example shows how to set a default priority on port

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 2)– 1161 –COMMAND MODE Privileged ExecEXAMPLE Console#show queue mode ethernet 1/1U

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 1162 –PRIORITY COMMANDS (LAYER 3 AND 4)This section describes commands us

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 1163 –map ip port (GlobalConfiguration)This command enables IP port mappi

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 1164 –EXAMPLE The following example shows how to enable IP precedence map

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 1165 –EXAMPLE The following example shows how to map IP DSCP value 1 to C

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 1166 –map ip precedence(InterfaceConfiguration)This command sets IP prece

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 1167 –show map ip dscp This command shows the IP DSCP priority map.SYNTAX

CHAPTER 40 | Class of Service CommandsPriority Commands (Layer 3 and 4)– 1168 –EXAMPLE The following shows that HTTP traffic has been mapped to Co

– 1169 –41 QUALITY OF SERVICE COMMANDSThe commands described in this section are used to configure Differentiated Services (DiffServ) classification

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 117 –Show Community Shows community strings and access mode 439Add SNMPv3

CHAPTER 41 | Quality of Service Commands– 1170 –To create a service policy for a specific category of ingress traffic, follow these steps:1. Use t

CHAPTER 41 | Quality of Service Commands– 1171 –COMMAND USAGE ◆ First enter this command to designate a class map and enter the Class Map configur

CHAPTER 41 | Quality of Service Commands– 1172 –match This command defines the criteria used to classify traffic. Use the no form to delete the ma

CHAPTER 41 | Quality of Service Commands– 1173 –This example creates a class map call “rd-class#2,” and sets it to match packets marked for IP Pre

CHAPTER 41 | Quality of Service Commands– 1174 –COMMAND USAGE ◆ Use the policy-map command to specify the name of the policy map, and then use the

CHAPTER 41 | Quality of Service Commands– 1175 –◆ Up to 16 classes can be included in a policy map.EXAMPLE This example creates a policy called “r

CHAPTER 41 | Quality of Service Commands– 1176 –◆ Policing is based on a token bucket, where bucket depth (i.e., the maximum burst before the buck

CHAPTER 41 | Quality of Service Commands– 1177 –committed-rate - Committed information rate (CIR) in kilobits per second. (Range: 1-1000000 kbps o

CHAPTER 41 | Quality of Service Commands– 1178 –The token buckets C and E are initially full, that is, the token count Tc(0) = BC and the token co

CHAPTER 41 | Quality of Service Commands– 1179 –police trtcm-color This command defines an enforcer for classified traffic based on a two rate thr

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 118 –Configure Details Configures ring parameters 468CFM Connectivity Fa

CHAPTER 41 | Quality of Service Commands– 1180 –Rate (CIR) and Peak Information Rate (PIR), and their associated burst sizes - Committed Burst Siz

CHAPTER 41 | Quality of Service Commands– 1181 –EXAMPLE This example creates a policy called “rd-policy,” uses the class command to specify the pr

CHAPTER 41 | Quality of Service Commands– 1182 –EXAMPLE This example creates a policy called “rd-policy,” uses the class command to specify the pr

CHAPTER 41 | Quality of Service Commands– 1183 –show class-map This command displays the QoS class maps which define matching criteria used for cl

CHAPTER 41 | Quality of Service Commands– 1184 –EXAMPLEConsole#show policy-map Policy Map rd-policyDescription: class rd-class set cos 3 Console#

– 1185 –42 MULTICAST FILTERING COMMANDSThis switch uses IGMP (Internet Group Management Protocol) to check for any attached hosts that want to recei

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1186 –IGMP SNOOPINGThis section describes commands used to configure IGMP snooping on the

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1187 –ip igmp snooping This command enables IGMP snooping globally on the switch or on a s

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1188 –ip igmp snoopingproxy-reportingThis command enables IGMP Snooping with Proxy Reporti

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1189 –COMMAND USAGE ◆ IGMP snooping querier is not supported for IGMPv3 snooping (see ip i

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 119 –Show Fault Notification Generator Displays configuration settings fo

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1190 –ip igmp snoopingrouter-port-expire-timeThis command configures the querier timeout.

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1191 –◆ If a topology change notification (TCN) is received, and all the uplink ports are

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1192 –tree change occurred. When an upstream multicast router receives this solicitation,

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1193 –DEFAULT SETTING 400 seconds COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ When a

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1194 –EXAMPLE The following configures the global setting for IGMP snooping to version 1.C

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1195 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ By default, general query messages

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1196 –EXAMPLE The following shows how to enable immediate leave.Console(config)#ip igmp sn

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1197 –DEFAULT SETTING 10 (1 second) COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ When

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1198 –◆ Advertisements are sent by routers to advertise that IP multicast forwarding is en

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1199 –To resolve this problem, the source address in proxied IGMP query and report message

CONTENTS– 12 –Displaying Fault Notification Settings 508Displaying Continuity Check Errors 50915 MULTICAST FILTERING 511Overview 511IGMP Protoco

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 120 –Configure Detail Configure detailed settings, such as advertisement

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1200 –downstream hosts, all receivers build an IGMP report for the multicast groups they h

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1201 –ip igmp snoopingvlan staticThis command adds a port to a multicast group. Use the no

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1202 –COMMAND USAGE This command displays global and VLAN-specific IGMP configuration sett

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1203 –igmpsnp - Display only entries learned through IGMP snooping. sort-by-port - Display

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1204 –COMMAND MODE Privileged ExecEXAMPLE The following shows IGMP protocol statistics inp

CHAPTER 42 | Multicast Filtering CommandsIGMP Snooping– 1205 –The following shows IGMP query-related statistics for VLAN 1:Console#show ip igmp sn

CHAPTER 42 | Multicast Filtering CommandsStatic Multicast Routing– 1206 –STATIC MULTICAST ROUTINGThis section describes commands used to configure

CHAPTER 42 | Multicast Filtering CommandsStatic Multicast Routing– 1207 –EXAMPLE The following shows how to configure port 11 as a multicast route

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1208 –IGMP FILTERING AND THROTTLINGIn certain switch applications, the adm

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1209 –COMMAND USAGE◆ IGMP filtering enables you to assign a profile to a s

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 121 –Configure Global Enables DHCP snooping globally, MAC-address verific

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1210 –permit, deny This command sets the access mode for an IGMP filter pr

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1211 –EXAMPLE Console(config)#ip igmp profile 19Console(config-igmp-profil

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1212 –DEFAULT SETTING 1024COMMAND MODE Interface Configuration (Ethernet)C

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1213 –EXAMPLE Console(config)#interface ethernet 1/1Console(config-if)#ip

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1214 –EXAMPLE Console(config)#interface ethernet 1/1Console(config-if)#ip

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1215 –EXAMPLE Console#show ip igmp profileIGMP Profile 19IGMP Profile 50Co

CHAPTER 42 | Multicast Filtering CommandsIGMP Filtering and Throttling– 1216 –show ip igmpthrottle interfaceThis command displays the interface se

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1217 –COMMAND MODE Privileged ExecCOMMAND USAGE Using this command without specifying an in

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1218 –ipv6 mld snooping This command enables MLD Snooping globally on the switch. Use the n

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1219 –COMMAND USAGE ◆ If enabled, the switch will serve as querier if elected. The querier

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 122 –Show Static Multicast Router Displays ports statically configured as

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1220 –ipv6 mld snoopingquery-max-response-timeThis command configures the maximum response

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1221 –EXAMPLE Console(config)#ipv6 mld snooping robustness 2Console(config)#ipv6 mld snoopi

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1222 –COMMAND MODEGlobal ConfigurationCOMMAND USAGE◆ When set to “flood,” any received IPv6

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1223 –port-channel channel-id (Range: 1-32) DEFAULT SETTING No static multicast router port

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1224 –EXAMPLEConsole(config)#ipv6 mld snooping vlan 1 static FF00:0:0:0:0:0:0:10C ethernet

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1225 –EXAMPLE The following shows MLD Snooping configuration informationConsole#show ipv6 m

CHAPTER 42 | Multicast Filtering CommandsMLD Snooping– 1226 –EXAMPLE The following shows MLD Snooping group mapping information:Console#show ipv6

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1227 –MVR FOR IPV4This section describes commands used to configure Multicast VLAN Registra

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1228 –mvr This command enables Multicast VLAN Registration (MVR) globally on the switch. Us

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1229 –EXAMPLE The following an MVR group address profile to domain 1:Console(config)#mvr do

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 123 –Show Current Member Shows multicast addresses associated with the se

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1230 –DEFAULT SETTING No profiles are definedCOMMAND MODE Global ConfigurationCOMMAND USAGE

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1231 –EXAMPLE This example sets the proxy query interval for MVR proxy switching.Console(co

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1232 –EXAMPLE The following example enable MVR proxy switching.Console(config)#mvr proxy-sw

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1233 –mvr source-port-mode dynamicThis command configures the switch to only forward multic

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1234 –COMMAND MODE Global ConfigurationEXAMPLE Console(config)#mvr domain 1 upstream-source

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1235 –mvr immediate-leaveThis command causes the switch to immediately remove an interface

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1236 –mvr type This command configures an interface as an MVR receiver or source port. Use

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1237 –mvr vlan group This command statically binds a multicast group to a port which will r

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1238 –show mvr This command shows information about MVR domain settings, including MVR oper

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1239 –show mvrassociated-profileThis command shows the profiles bound the specified domain.

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 124 –Show VLAN Statistics Shows statistics for protocol messages and numb

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1240 –Console#show mvr members This command shows information about the current number of e

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1241 –EXAMPLE The following shows information about the number of multicast forwarding entr

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1242 –show mvr profile This command shows all configured MVR profiles.COMMAND MODE Privileg

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1243 –EXAMPLE The following shows MVR protocol-related statistics received:Console#show mvr

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv4– 1244 –The following shows MVR query-related statistics:Console#show mvr domain 1 statistics

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1245 –MVR FOR IPV6This section describes commands used to configure Multicast VLAN Registra

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1246 –mvr6 associated-profileThis command binds the MVR group addresses specified in a prof

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1247 –EXAMPLE The following example enables MVR for domain 1:Console(config)#mvr6 domain 1C

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1248 –mvr6 proxy-query-intervalThis command configures the interval at which the receiver p

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1249 –◆ Receiver ports are known as downstream or router interfaces. These interfaces perfo

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 125 –Reset Statistics Clears statistics for RIP protocol messages 668OSPF

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1250 –COMMAND USAGE ◆ This command sets the number of times report messages are sent upstre

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1251 –mvr6 upstream-source-ipThis command configures the source IPv6 address assigned to al

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1252 –COMMAND MODE Global ConfigurationCOMMAND USAGE MVR source ports can be configured as

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1253 –EXAMPLE The following enables immediate leave on a receiver port.Console(config)#inte

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1254 –EXAMPLE The following configures one source port and several receiver ports on the sw

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1255 –EXAMPLE The following statically assigns a multicast group to a receiver port:Console

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1256 –show mvr6associated-profileThis command shows the profiles bound the specified domain

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1257 –COMMAND MODE Privileged ExecEXAMPLE The following displays information about the inte

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1258 –EXAMPLE The following shows information about the number of multicast forwarding entr

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1259 –show mvr6 profile This command shows all configured MVR profiles.COMMAND MODE Privile

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 126 –Virtual Link 697Add Configures a virtual link through a transit area

CHAPTER 42 | Multicast Filtering CommandsMVR for IPv6– 1260 – Eth 1/ 2 12 15 8 3 5 19 4 VLAN

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1261 – Specific Query Sent : 0 Number of Reports Sent : 2 Number of Leaves S

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1262 –EXAMPLEConsole(config)#interface vlan 1Console(config-if)#ip igmpConsole(config-if)

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1263 –EXAMPLE Console(config)#interface vlan 1Console(config-if)#ip igmp last-member-quer

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1264 –ip igmp query-intervalThis command configures the frequency at which host query mes

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1265 –COMMAND MODE Interface Configuration (VLAN)COMMAND USAGE ◆ The robustness value is

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1266 –request to join the multicast group will also fail if the next node up the reverse

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1267 –If there are Version 1 hosts present for a particular group, the switch will ignore

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1268 –COMMAND MODE Privileged ExecCOMMAND USAGE To display information about multicast gr

CHAPTER 42 | Multicast Filtering CommandsIGMP (Layer 3)– 1269 –The following shows the information displayed in a detailed listing for a dynamical

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 127 – Show Shows the static addresses configured for each RP and the asso

CHAPTER 42 | Multicast Filtering CommandsIGMP Proxy Routing– 1270 –show ip igmpinterfaceThis command shows multicast information for the specified

CHAPTER 42 | Multicast Filtering CommandsIGMP Proxy Routing– 1271 –To enable IGMP proxy service, follow these steps:1. Use the ip multicast-routin

CHAPTER 42 | Multicast Filtering CommandsIGMP Proxy Routing– 1272 –◆ Only one upstream interface is supported on the system.◆ A maximum of 1024 mu

CHAPTER 42 | Multicast Filtering CommandsMLD (Layer 3)– 1273 –MLD (LAYER 3)This section describes commands used to configure Layer 3 Multicast Lis

CHAPTER 42 | Multicast Filtering CommandsMLD (Layer 3)– 1274 – Query Interval : 125 sec Query Max Response Time : 10 s

CHAPTER 42 | Multicast Filtering CommandsMLD (Layer 3)– 1275 –ipv6 mld max-resp-intervalThis command configures the maximum response time advertis

CHAPTER 42 | Multicast Filtering CommandsMLD (Layer 3)– 1276 –COMMAND MODE Interface Configuration (VLAN)COMMAND USAGE ◆ Multicast routers send ho

CHAPTER 42 | Multicast Filtering CommandsMLD (Layer 3)– 1277 –the robustness value is set to zero, meaning that this device will not advertise a Q

CHAPTER 42 | Multicast Filtering CommandsMLD (Layer 3)– 1278 –EXAMPLE The following example assigns VLAN 1 as a static member of the specified mul

CHAPTER 42 | Multicast Filtering CommandsMLD (Layer 3)– 1279 –clear ipv6 mld group This command deletes entries from the MLD cache. SYNTAX clear i

CHAPTER 3 | Using the Web InterfaceNavigating the Web Browser Interface– 128 –

CHAPTER 42 | Multicast Filtering CommandsMLD (Layer 3)– 1280 –command, and multicast routing must be enabled globally on the system using the ip m

CHAPTER 42 | Multicast Filtering CommandsMLD Proxy Routing– 1281 –show ipv6 mldinterfaceThis command shows multicast information for the specified

CHAPTER 42 | Multicast Filtering CommandsMLD Proxy Routing– 1282 –To enable MLD proxy service, follow these steps:1. Use the ipv6 multicast-routin

CHAPTER 42 | Multicast Filtering CommandsMLD Proxy Routing– 1283 –◆ Only one upstream interface is supported on the system. ◆ MLD and MLD proxy ca

CHAPTER 42 | Multicast Filtering CommandsMLD Proxy Routing– 1284 –

– 1285 –43 LLDP COMMANDSLink Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast

CHAPTER 43 | LLDP Commands– 1286 –lldp basic-tlv system-nameConfigures an LLDP-enabled port to advertise its system nameIClldp dot1-tlv proto-iden

CHAPTER 43 | LLDP Commands– 1287 –lldp This command enables LLDP globally on the switch. Use the no form to disable LLDP.SYNTAX[no] lldpDEFAULT SE

CHAPTER 43 | LLDP Commands– 1288 –lldp med-fast-start-countThis command specifies the amount of MED Fast Start LLDPDUs to transmit during the acti

CHAPTER 43 | LLDP Commands– 1289 –◆ Information about changes in LLDP neighbors that occur between SNMP notifications is not transmitted. Only sta

– 129 –4 BASIC MANAGEMENT TASKSThis chapter describes the following topics:◆ Displaying System Information – Provides basic system description, incl

CHAPTER 43 | LLDP Commands– 1290 –COMMAND MODEGlobal ConfigurationCOMMAND USAGEWhen LLDP is re-initialized on a port, all information in the remot

CHAPTER 43 | LLDP Commands– 1291 –lldp admin-status This command enables LLDP transmit, receive, or transmit and receive mode on the specified por

CHAPTER 43 | LLDP Commands– 1292 –enterprise specific or other starting points for the search, such as the Interface or Entity MIB.◆ Since there a

CHAPTER 43 | LLDP Commands– 1293 –lldp basic-tlvsystem-capabilitiesThis command configures an LLDP-enabled port to advertise its system capabiliti

CHAPTER 43 | LLDP Commands– 1294 –lldp basic-tlvsystem-nameThis command configures an LLDP-enabled port to advertise the system name. Use the no f

CHAPTER 43 | LLDP Commands– 1295 –lldp dot1-tlv proto-vidThis command configures an LLDP-enabled port to advertise port related VLAN information.

CHAPTER 43 | LLDP Commands– 1296 –lldp dot1-tlv vlan-nameThis command configures an LLDP-enabled port to advertise its VLAN name. Use the no form

CHAPTER 43 | LLDP Commands– 1297 –lldp dot3-tlv mac-phyThis command configures an LLDP-enabled port to advertise its MAC and physical layer capabi

CHAPTER 43 | LLDP Commands– 1298 –lldp med-locationcivic-addrThis command configures an LLDP-MED-enabled port to advertise its location identifica

CHAPTER 43 | LLDP Commands– 1299 –Any number of CA type and value pairs can be specified for the civic address location, as long as the total does

CONTENTS– 13 –16 IP CONFIGURATION 573Setting the Switch’s IP Address (IP Version 4) 573Sending DHCP Inform Requests for Additional Information 577

CHAPTER 4 | Basic Management TasksDisplaying System Information– 130 –PARAMETERSThese parameters are displayed:◆ System Description – Brief descri

CHAPTER 43 | LLDP Commands– 1300 –COMMAND USAGE◆ This option sends out SNMP trap notifications to designated target stations at the interval speci

CHAPTER 43 | LLDP Commands– 1301 –lldp med-tlv location This command configures an LLDP-MED-enabled port to advertise its location identification

CHAPTER 43 | LLDP Commands– 1302 –lldp med-tlvnetwork-policyThis command configures an LLDP-MED-enabled port to advertise its network policy confi

CHAPTER 43 | LLDP Commands– 1303 –An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lld

CHAPTER 43 | LLDP Commands– 1304 –Console#show lldp config detail ethernet 1/1LLDP Port Configuration Detail Port : Eth 1/1 Admin Status : Tx-Rx N

CHAPTER 43 | LLDP Commands– 1305 –EXAMPLEConsole#show lldp info local-device LLDP Local System Information Chassis Type : MAC Addr

CHAPTER 43 | LLDP Commands– 1306 –EXAMPLENote that an IP phone or other end-node device which advertises LLDP-MED capabilities must be connected t

CHAPTER 43 | LLDP Commands– 1307 – Power Priority : Unknown Power Value : 0 Watts Inventory :

CHAPTER 43 | LLDP Commands– 1308 –Console#show lldp info statistics detail ethernet 1/1 LLDP Port Statistics Detail PortName : Eth 1/1

– 1309 –44 CFM COMMANDSConnectivity Fault Management (CFM) is an OAM protocol that includes proactive connectivity monitoring using continuity check

CHAPTER 4 | Basic Management TasksDisplaying Switch Hardware/Software Versions– 131 –DISPLAYING SWITCH HARDWARE/SOFTWARE VERSIONS Use the System &

CHAPTER 44 | CFM Commands– 1310 –ethernet cfm mep Sets an interface as a domain boundary, defines it as a maintenance end point (MEP), and sets di

CHAPTER 44 | CFM Commands– 1311 –Basic Configuration Steps for CFM1. Configure the maintenance domains with the ethernet cfm domain command.2. Con

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1312 –5. Enable CFM globally on the switch with the ethernet cfm enable command.6. Enable CFM on

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1313 –EXAMPLEThis example sets the maintenance level for sending AIS messages within the specifi

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1314 –ethernet cfm aisperiodThis command configures the interval at which AIS information is sen

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1315 –COMMAND USAGE ◆ For multipoint connectivity, a MEP cannot determine the specific maintenan

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1316 –pass, and only if a maintenance end point (MEP) is created at some lower MA Level.none – N

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1317 –Also note that while MEPs are active agents which can initiate consistency check messages

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1318 –ma index name This command creates a maintenance association (MA) within the current maint

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1319 –applied to this MA. For a detailed description of the MIP types, refer to the Command Usag

CHAPTER 4 | Basic Management TasksConfiguring Support for Jumbo Frames– 132 –WEB INTERFACETo view hardware and software version information.1. Cli

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1320 –ethernet cfm mep This command sets an interface as a domain boundary, defines it as a main

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1321 –ethernet cfm port-enableThis command enables CFM processing on an interface. Use the no fo

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1322 –COMMAND USAGE This command can be used to clear AIS defect entries if a MEP does not exit

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1323 –This example shows the configuration status for continuity check and cross-check traps.Con

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1324 –DEFAULT SETTING NoneCOMMAND MODE Privileged ExecEXAMPLEThis example shows all configured m

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1325 –show ethernet cfmmaintenance-pointslocalThis command displays the maintenance points confi

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1326 –show ethernet cfmmaintenance-pointslocal detail mepThis command displays detailed CFM info

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1327 –show ethernet cfmmaintenance-pointsremote detailThis command displays detailed CFM informa

CHAPTER 44 | CFM CommandsDefining CFM Structures– 1328 –ma-name – Maintenance association name. (Range: 1-44 alphanumeric characters)DEFAULT SETTI

CHAPTER 44 | CFM CommandsContinuity Check Operations– 1329 –Continuity Check Operations ethernet cfm cc maintervalThis command sets the transmissi

CHAPTER 4 | Basic Management TasksDisplaying Bridge Extension Capabilities– 133 –PARAMETERSThe following parameters are displayed: ◆ Jumbo Frame –

CHAPTER 44 | CFM CommandsContinuity Check Operations– 1330 –is registered. The interval at which CCMs are issued should therefore be configured to

CHAPTER 44 | CFM CommandsContinuity Check Operations– 1331 –◆ If a maintenance point receives a CCM with an invalid MEPID or MA level or an MA lev

CHAPTER 44 | CFM CommandsContinuity Check Operations– 1332 –EXAMPLEThis example enables SNMP traps for mep-up events.Console(config)#snmp-server e

CHAPTER 44 | CFM CommandsContinuity Check Operations– 1333 –DEFAULT SETTING NoneCOMMAND MODE Privileged ExecCOMMAND USAGE Use this command without

CHAPTER 44 | CFM CommandsContinuity Check Operations– 1334 –show ethernet cfmerrorsThis command displays the CFM continuity check errors logged on

CHAPTER 44 | CFM CommandsCross Check Operations– 1335 –Cross Check Operationsethernet cfm mepcrosscheck start-delayThis command sets the maximum d

CHAPTER 44 | CFM CommandsCross Check Operations– 1336 –mep-unknown – Sends a trap if an unconfigured MEP comes up.DEFAULT SETTING All continuity c

CHAPTER 44 | CFM CommandsCross Check Operations– 1337 –COMMAND USAGE ◆ Use this command to statically configure remote MEPs that exist inside the

CHAPTER 44 | CFM CommandsCross Check Operations– 1338 –These remote MEPs are used in the cross-check operation to verify that all endpoints in the

CHAPTER 44 | CFM CommandsLink Trace Operations– 1339 –Link Trace Operationsethernet cfmlinktrace cacheThis command enables caching of CFM data lea

CHAPTER 4 | Basic Management TasksDisplaying Bridge Extension Capabilities– 134 –◆ VLAN Learning – This switch uses Independent VLAN Learning (IVL

CHAPTER 44 | CFM CommandsLink Trace Operations– 1340 –COMMAND MODE Global ConfigurationCOMMAND USAGE Before setting the aging time for cache entri

CHAPTER 44 | CFM CommandsLink Trace Operations– 1341 –ethernet cfmlinktraceThis command sends CFM link trace messages to the MAC address of a remo

CHAPTER 44 | CFM CommandsLink Trace Operations– 1342 –◆ When using the command line or web interface, the source MEP used by to send a link trace

CHAPTER 44 | CFM CommandsLoopback Operations– 1343 –Loopback Operationsethernet cfmloopbackThis command sends CFM loopback messages to a MAC addre

CHAPTER 44 | CFM CommandsFault Generator Operations– 1344 –transmit-count – The number of times the loopback message is sent. (Range: 1-100)packet

CHAPTER 44 | CFM CommandsFault Generator Operations– 1345 –DEFAULT SETTING 3 secondsCOMMAND MODE CFM Domain ConfigurationCOMMAND USAGE A fault ala

CHAPTER 44 | CFM CommandsFault Generator Operations– 1346 –notification generator state machine has been reset, and repeat those steps until the f

CHAPTER 44 | CFM CommandsFault Generator Operations– 1347 –mep fault-notifyreset-timeThis command configures the time after a fault alarm has been

CHAPTER 44 | CFM CommandsDelay Measure Operations– 1348 –Delay Measure Operationsethernet cfm delay-measure two-wayThis command sends periodic del

CHAPTER 44 | CFM CommandsDelay Measure Operations– 1349 –Size: 64 bytesTimeout: 5 secondsCOMMAND MODE Privileged ExecCOMMAND USAGE ◆ Delay measure

CHAPTER 4 | Basic Management TasksManaging System Files– 135 –MANAGING SYSTEM FILESThis section describes how to upgrade the switch operating soft

CHAPTER 44 | CFM CommandsDelay Measure Operations– 1350 –

– 1351 –45 DOMAIN NAME SERVICE COMMANDSThese commands are used to configure Domain Naming System (DNS) services. Entries can be manually configured

CHAPTER 45 | Domain Name Service Commands– 1352 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ Domain names are added to the end of the list on

CHAPTER 45 | Domain Name Service Commands– 1353 –◆ If all name servers are deleted, DNS will automatically be disabled.EXAMPLEThis example enables

CHAPTER 45 | Domain Name Service Commands– 1354 –Domain Name List:Name Server List:Console#RELATED COMMANDS ip domain-list (1351)ip name-server (1

CHAPTER 45 | Domain Name Service Commands– 1355 –ip name-server This command specifies the address of one or more domain name servers to use for n

CHAPTER 45 | Domain Name Service Commands– 1356 –ipv6 host This command creates a static entry in the DNS table that maps a host name to an IPv6 a

CHAPTER 45 | Domain Name Service Commands– 1357 –clear host This command deletes dynamic entries from the DNS table.SYNTAX clear host {name | *}na

CHAPTER 45 | Domain Name Service Commands– 1358 –show dns cache This command displays entries in the DNS cache.COMMAND MODE Privileged ExecEXAMPLE

CHAPTER 45 | Domain Name Service Commands– 1359 –Table 180: show hosts - display description Field DescriptionNo. The entry number for each resou

CHAPTER 4 | Basic Management TasksManaging System Files– 136 –NOTE: Up to two copies of the system software (i.e., the runtime firmware) can be st

CHAPTER 45 | Domain Name Service Commands– 1360 –

– 1361 –46 DHCP COMMANDSThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client, relay, and server functions. Any VLA

CHAPTER 46 | DHCP CommandsDHCP Client– 1362 –DEFAULT SETTING Class identifier option enabled, with the name GTL-2691COMMAND MODE Interface Configu

CHAPTER 46 | DHCP CommandsDHCP Client– 1363 –EXAMPLEConsole(config)#interface vlan 2Console(config-if)#ip dhcp client class-id hex 000099669966Con

CHAPTER 46 | DHCP CommandsDHCP Client– 1364 –ip dhcp restart client This command submits a BOOTP or DHCP client request.DEFAULT SETTING NoneCOMMAN

CHAPTER 46 | DHCP CommandsDHCP Relay– 1365 –DHCP RELAYThis section describes commands used to configure DHCP relay functions for host devices atta

CHAPTER 46 | DHCP CommandsDHCP Relay for IPv4– 1366 –RELATED COMMANDSip dhcp restart relay (1366)ip dhcp restart relay This command enables DHCP r

CHAPTER 46 | DHCP CommandsDHCP Relay for IPv6– 1367 –DHCP Relay for IPv6ipv6 dhcp relaydestinationThis command specifies the destination address o

CHAPTER 46 | DHCP CommandsDHCP Server– 1368 –EXAMPLE Console(config)#interface vlan 1Console(config-if)#ipv6 dhcp relay destination 2001:0DB8:3000

CHAPTER 46 | DHCP CommandsDHCP Server– 1369 –ip dhcp excluded-addressThis command specifies IP addresses that the DHCP server should not assign to

CHAPTER 4 | Basic Management TasksManaging System Files– 137 –SAVING THE RUNNINGCONFIGURATION TO ALOCAL FILEUse the System > File (Copy) page t

CHAPTER 46 | DHCP CommandsDHCP Server– 1370 –ip dhcp pool This command configures a DHCP address pool and enter DHCP Pool Configuration mode. Use

CHAPTER 46 | DHCP CommandsDHCP Server– 1371 –COMMAND USAGEIf the DHCP server is running, you must restart it to implement any configuration change

CHAPTER 46 | DHCP CommandsDHCP Server– 1372 –COMMAND MODE DHCP Pool ConfigurationCOMMAND USAGE ◆ This command identifies a DHCP client to bind to

CHAPTER 46 | DHCP CommandsDHCP Server– 1373 –dns-server This command specifies the Domain Name System (DNS) IP servers available to a DHCP client.

CHAPTER 46 | DHCP CommandsDHCP Server– 1374 –hardware-address This command specifies the hardware address of a DHCP client. This command is valid

CHAPTER 46 | DHCP CommandsDHCP Server– 1375 –COMMAND MODEDHCP Pool ConfigurationUSAGE GUIDELINES ◆ Host addresses must fall within the range speci

CHAPTER 46 | DHCP CommandsDHCP Server– 1376 –hours - Specifies the number of hours in the lease. A days value must be supplied before you can conf

CHAPTER 46 | DHCP CommandsDHCP Server– 1377 –EXAMPLE Console(config-dhcp)#netbios-name-server 10.1.0.33 10.1.0.34Console(config-dhcp)#RELATED COMM

CHAPTER 46 | DHCP CommandsDHCP Server– 1378 –COMMAND MODEDHCP Pool ConfigurationUSAGE GUIDELINES ◆ When a client request is received, the switch f

CHAPTER 46 | DHCP CommandsDHCP Server– 1379 –EXAMPLE Console(config-dhcp)#next-server 10.1.0.21Console(config-dhcp)#RELATED COMMANDSbootfile (1371

CHAPTER 4 | Basic Management TasksManaging System Files– 138 –If you replaced a file currently used for startup and want to start using the new fi

CHAPTER 46 | DHCP CommandsDHCP Server– 1380 –DEFAULT SETTING NoneCOMMAND MODENormal Exec, Privileged ExecEXAMPLEConsole#show ip dhcp binding I

– 1381 –47 VRRP COMMANDSVirtual Router Redundancy Protocol (VRRP) use a virtual IP address to support a primary router and multiple backup routers.

CHAPTER 47 | VRRP Commands– 1382 –vrrp authentication This command specifies the key used to authenticate VRRP packets received from other routers

CHAPTER 47 | VRRP Commands– 1383 –COMMAND MODE Interface (VLAN)COMMAND USAGE ◆ The interfaces of all routers participating in a virtual router gro

CHAPTER 47 | VRRP Commands– 1384 –COMMAND USAGE ◆ If preempt is enabled, and this backup router has a priority higher than the current acting mast

CHAPTER 47 | VRRP Commands– 1385 –◆ If the backup preempt function is enabled with the vrrp preempt command, and a backup router with a priority h

CHAPTER 47 | VRRP Commands– 1386 –EXAMPLEConsole(config-if)#vrrp 1 timers advertise 5Console(config-if)#clear vrrp interfacecountersThis command c

CHAPTER 47 | VRRP Commands– 1387 –COMMAND MODE Privileged ExecCOMMAND USAGE ◆ Use this command without any keywords to display the full listing of

CHAPTER 47 | VRRP Commands– 1388 –This example displays the brief listing of status information for all groups.Console#show vrrp briefInterface

CHAPTER 47 | VRRP Commands– 1389 –EXAMPLEThis example displays the full listing of status information for VLAN 1.Console#show vrrp interface vlan

CHAPTER 4 | Basic Management TasksManaging System Files– 139 –WEB INTERFACETo show the system files:1. Click System, then File. 2. Select Show fro

CHAPTER 47 | VRRP Commands– 1390 –show vrrp routercountersThis command displays counters for errors found in VRRP protocol packets.COMMAND MODE Pr

– 1391 –48 IP INTERFACE COMMANDS An IP Version 4 and Version 6 address may be used for management access to the switch over the network. Both IPv4 o

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1392 –BASIC IPV4CONFIGURATIONThis section describes commands used to configure IP addresses for

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1393 –◆ Before any network interfaces are configured on the router, first create a VLAN for each

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1394 –ip default-gateway This command specifies the default gateway for destinations not found i

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1395 –RELATED COMMANDS ip route (1448)show ip route (1450)ipv6 default-gateway (1408)show ip int

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1396 –ICMP Statistics:ICMP received 45 input 45 errors

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1397 –◆ A trace terminates when the destination responds, when the maximum timeout (TTL) is exce

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1398 –COMMAND MODE Normal Exec, Privileged ExecCOMMAND USAGE ◆ Use the ping command to see if an

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1399 –ARP CONFIGURATION This section describes commands used to configure the Address Resolution

CONTENTS– 14 –Configuring IP Routing Interfaces 624Configuring Local and Remote Interfaces 624Using the Ping Function 625Using the Trace Route Fu

CHAPTER 4 | Basic Management TasksManaging System Files– 140 –indicated here). Enter the file name for other switches described in this manual exa

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1400 –EXAMPLEConsole(config)#arp 10.1.0.19 01-02-03-04-05-06Console(config)#RELATED COMMANDS cle

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1401 –ip proxy-arp This command enables proxy Address Resolution Protocol (ARP). Use the no form

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1402 –show arp This command displays entries in the Address Resolution Protocol (ARP) cache.COMM

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1403 –UDP HELPERCONFIGURATIONUser Datagram Protocol (UDP) Helper allows host applications to for

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1404 –EXAMPLEThis example enables forwarding for DHCPv6 UDP packets.Console(config)#ip forward-p

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1405 –ip helper-address This command specifies the application server or subnet (indicated by a

CHAPTER 48 | IP Interface CommandsIPv4 Interface– 1406 –EXAMPLEThis example indicates that designated UDP broadcast packets are to be forwarded to

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1407 –IPV6 INTERFACEThis switch supports the following IPv6 interface commands. Table 195: IPv6

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1408 –Interface Address Configuration and Utilitiesipv6 default-gatewayThis command sets an IPv6

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1409 –◆ An IPv6 default gateway can only be successfully set when a network interface that direc

CHAPTER 4 | Basic Management TasksManaging System Files– 141 –PARAMETERSThe following parameters are displayed: ◆ Automatic Opcode Upgrade – Enabl

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1410 –◆ When configuring a global IPv6 address for a static tunnel, the link-local address gener

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1411 –ipv6 address eui-64 This command configures an IPv6 address for an interface using an EUI-

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1412 –◆ For example, if a device had an EUI-48 address of 28-9F-18-1C-82-35, the global/local bi

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1413 –ipv6 addresslink-localThis command configures an IPv6 link-local address for an interface

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1414 –FF02::1IPv6 link MTU is 1500 bytesND DAD is enabled, number of DAD attempts: 3.ND retransm

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1415 –Link-local address: FE80::200:E8FF:FE93:82A0/64Global unicast address(es): 2001:DB8:2222

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1416 –◆ IPv6 must be enabled on an interface before the MTU can be set.EXAMPLE The following exa

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1417 –FF02::1IPv6 link MTU is 1280 bytesND DAD is enabled, number of DAD attempts: 2.ND retransm

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1418 –This example displays a brief summary of IPv6 addresses configured on the switch.Console#s

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1419 –show ipv6 traffic This command displays statistics about IPv6 traffic passing through this

CHAPTER 4 | Basic Management TasksManaging System Files– 142 –ExamplesThe following examples demonstrate the URL syntax for a TFTP server at IP ad

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1420 – 3 neighbor solicit messages neighbor advertisement

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1421 –reassembly succeeded The number of IPv6 datagrams successfully reassembled. Note that this

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1422 –echo request messages The number of ICMP Echo (request) messages received by the interface

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1423 –clear ipv6 traffic This command resets IPv6 traffic counters.COMMAND MODE Privileged ExecC

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1424 –size - Number of bytes in a packet. (Range: 0-1500 bytes) The actual packet size will be e

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1425 –traceroute6 This command shows the route packets take to the specified destination. SYNTAX

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1426 –Hop Packet 1 Packet 2 Packet 3 IPv6 Address--- -------- -------- -------- ----------------

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1427 –vlan-id - VLAN ID (Range: 1-4093) hardware-address - The 48-bit MAC layer address for the

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1428 –ipv6 nd dadattemptsThis command configures the number of consecutive neighbor solicitation

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1429 –EXAMPLE The following configures five neighbor solicitation attempts for addresses configu

CHAPTER 4 | Basic Management TasksSetting the System Clock– 143 –Figure 11: Configuring Automatic Code UpgradeIf a new image is found at the spec

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1430 –◆ The ipv6 nd other-config-flag command is used to tell hosts that they should use statefu

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1431 –EXAMPLE The following tells hosts to use stateful autoconfiguration to obtain other non-ad

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1432 –FF02::2FF02::1:FF00:0FF02::1:2FF02::1:FF9C:CA10FF02::1IPv6 link MTU is 1500 bytesND DAD is

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1433 –EXAMPLE The following sets the reachable time for a remote node to 1000 milliseconds:Conso

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1434 –COMMAND USAGE ◆ Prefixes configured as addresses on an interface using the ipv6 address co

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1435 –by the system (33% of the maximum RA interval) and the maximum value set by the ipv6 nd ra

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1436 –ipv6 nd rarouter-preferenceThis command configures the default router preference for the r

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1437 –EXAMPLE The following suppressed router advertisements on the current interface:Console(co

CHAPTER 48 | IP Interface CommandsIPv6 Interface– 1438 –IPv6 Address Age Link-layer Addr State VLANFE80::2E0:CF

CHAPTER 48 | IP Interface CommandsIPv6 to IPv4 Tunnels– 1439 –IPV6 TO IPV4 TUNNELSThis switch supports connection between isolated IPv6 nodes over

CHAPTER 4 | Basic Management TasksSetting the System Clock– 144 –PARAMETERSThe following parameters are displayed: ◆ Current Time – Shows the curr

CHAPTER 48 | IP Interface CommandsIPv6 to IPv4 Tunnels– 1440 –7. Bind the tunnel to a VLAN with the tunnel source vlan command.8. Assign an IPv6 g

CHAPTER 48 | IP Interface CommandsIPv6 to IPv4 Tunnels– 1441 –tunnel destination This command sets the IPv4 address of a tunnel destination (or fa

CHAPTER 48 | IP Interface CommandsIPv6 to IPv4 Tunnels– 1442 –packets (by ensuring an IPv4 MTU of at least 1300 bytes is used) or by preventing fr

CHAPTER 48 | IP Interface CommandsIPv6 to IPv4 Tunnels– 1443 –The 6to4 mechanism is typically implemented almost entirely in routers bordering

CHAPTER 48 | IP Interface CommandsIPv6 to IPv4 Tunnels– 1444 –tunnel end-point IPv4 address. This eliminates the need to explicitly configure the

CHAPTER 48 | IP Interface CommandsIPv6 to IPv4 Tunnels– 1445 –tunnel ttl This command configures the TTL (Time to Live) value stored in the IPv4 h

CHAPTER 48 | IP Interface CommandsIPv6 to IPv4 Tunnels– 1446 –The following example shows the interface status of the configured tunnels. Console#

– 1447 –49 IP ROUTING COMMANDSAfter network interfaces are configured for the switch, the paths used to send traffic between different interfaces mu

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1448 –IPv4 Commandsip route This command configures static routes. Use the no form t

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1449 –◆ If both static and dynamic paths have the same lowest cost, the first route

CHAPTER 4 | Basic Management TasksSetting the System Clock– 145 –SETTING THE SNTPPOLLING INTERVALUse the System > Time (Configure General - SNT

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1450 –show ip host-route This command displays the interface associated with known r

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1451 –COMMAND MODE Privileged ExecCOMMAND USAGE ◆ The FIB contains information requi

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1452 –Information Base (see Command Usage under the show ip route command).EXAMPLE C

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1453 –IP sent forwards datagrams 5927 requests

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1454 –IPv6 Commandsipv6 route This command configures static IPv6 routes. Use the no

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1455 –◆ If both static and dynamic paths have the same lowest cost, the first route

CHAPTER 49 | IP Routing CommandsGlobal Routing Configuration– 1456 –COMMAND MODE Privileged ExecCOMMAND USAGE ◆ The FIB contains information requi

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1457 –ROUTING INFORMATION PROTOCOL (RIP).Table 204: Routing Information Protoc

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1458 –router rip This command enables Routing Information Protocol (RIP) routi

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1459 –RELATED COMMANDSip route (1448)redistribute (1463)default-metric This co

CHAPTER 4 | Basic Management TasksSetting the System Clock– 146 –CONFIGURING NTP Use the System > Time (Configure General - NTP) page to config

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1460 –distance This command defines an administrative distance for external ro

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1461 –maximum-prefix This command sets the maximum number of RIP routes allowe

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1462 –EXAMPLEConsole(config-router)#neighbor 10.2.0.254Console(config-router)#

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1463 –passive-interface This command stops RIP from sending routing updates on

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1464 –COMMAND MODE Router ConfigurationCOMMAND USAGE ◆ When a metric value has

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1465 –timers basic This command configures the RIP update timer, timeout timer

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1466 –version This command specifies a RIP version used globally by the router

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1467 –ip rip authenticationmodeThis command specifies the type of authenticati

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1468 –ip rip authenticationstringThis command specifies an authentication key

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1469 –COMMAND MODE Interface Configuration (VLAN)COMMAND USAGE ◆ Use this comm

CHAPTER 4 | Basic Management TasksSetting the System Clock– 147 –CONFIGURING TIMESERVERSUse the System > Time (Configure Time Server) pages to

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1470 –EXAMPLEConsole(config)#interface vlan 1Console(config-if)#ip rip receive

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1471 –RELATED COMMANDSversion (1466)ip rip send-packet This command configures

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1472 –COMMAND USAGE ◆ Split horizon never propagates routes back to an interfa

CHAPTER 49 | IP Routing CommandsRouting Information Protocol (RIP)– 1473 –the RIP routes learned from neighbors and also keep the RIP network inta

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1474 –EXAMPLE Console#show ip ripCodes: R - RIP, Rc - RIP connected, Rs - RIP s

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1475 –area stub Defines a stubby area that cannot send or receive LSAs RCarea v

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1476 –General Configurationrouter ospf This command enables Open Shortest Path

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1477 –destination. When disabled, preference is based on type of path (where ty

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1478 –◆ The metric for the default external route is used to calculate the path

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1479 –router-id This command assigns a unique router ID for this device within

CHAPTER 4 | Basic Management TasksSetting the System Clock– 148 –SPECIFYING NTP TIME SERVERSUse the System > Time (Configure Time Server – Add

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1480 –timers spf This command configures the delay after receiving a topology c

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1481 –EXAMPLEConsole#clear ip ospf processConsole#Route Metrics and Summariesar

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1482 –area range This command summarizes the routes advertised by an Area Borde

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1483 –auto-cost reference-bandwidthUse this command to calculate the default me

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1484 –default-metric This command sets the default metric for external routes i

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1485 –redistribute This command redistributes external routing information from

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1486 –the cost associated with reaching the advertising ASBR, plus the cost of

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1487 –EXAMPLEThis example creates a summary address for all routes contained in

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1488 –other areas within the AS for an NSSA ABR, or to areas outside the AS for

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1489 –EXAMPLEThis example creates a stub area 10.3.0.0, and assigns all interfa

CHAPTER 4 | Basic Management TasksSetting the System Clock– 149 –To show the list of configured NTP time servers:1. Click System, then Time. 2. Se

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1490 –EXAMPLEThis example creates a stub area 10.2.0.0, and assigns all interfa

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1491 –value must be the same for all routers attached to an autonomous system.

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1492 –DEFAULT SETTING area-id: Nonerouter-id: Nonehello-interval: 10 secondsret

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1493 –network area This command defines an OSPF area and the interfaces that op

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1494 –Interface Configurationip ospfauthenticationThis command specifies the au

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1495 –◆ The plain-text authentication-key, or the MD5 key-id and key, must be u

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1496 –EXAMPLEThis example sets a password for the specified interface.Console(c

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1497 –ip ospf dead-interval This command sets the interval at which hello packe

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1498 –ip ospf hello-interval This command specifies the interval between sendin

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1499 –DEFAULT SETTING MD5 authentication is disabled.COMMAND USAGE ◆ Before spe

CONTENTS– 15 –Configuring Stub Settings 682Displaying Information on NSSA and Stub Areas 684Configuring Area Ranges (Route Summarization for ABRs)

CHAPTER 4 | Basic Management TasksSetting the System Clock– 150 –Figure 18: Adding an NTP Authentication KeyTo show the list of configured NTP au

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1500 –DEFAULT SETTING 1COMMAND USAGE ◆ A designated router (DR) and backup desi

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1501 –COMMAND USAGE ◆ A router will resend an LSA to a neighbor if it receives

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1502 –EXAMPLEConsole(config)#interface vlan 1Console(config-if)#ip ospf transmi

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1503 –EXAMPLEConsole#show ip ospf Routing Process "ospf 1" with ID 19

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1504 –show ip ospfborder-routersThis command shows entries in the routing table

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1505 –show ip ospfdatabaseThis command shows information about different OSPF L

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1506 – Net Link States (Area 0.0.0.0)Link ID ADV Router

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1507 –The following shows output when using the external keyword.Console#show i

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1508 – External Route Tag: 0Console#The following shows output when usin

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1509 –The following shows output when using the router keyword.Console#show ip

CHAPTER 4 | Basic Management TasksConsole Port Settings– 151 –◆ Minutes (0-59) – The number of minutes before/after UTC.WEB INTERFACETo set your l

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1510 –The following shows output when using the summary keyword.Console#show ip

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1511 –show ip ospfinterfaceThis command displays summary information for OSPF i

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1512 –show ip ospfneighborThis command displays information about neighboring r

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1513 –EXAMPLEConsole#show ip ospf neighbor ID Pri State

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1514 –IA 172.16.10.0/24 [30] via 10.10.11.50, VLAN2, Area 0.0.0.0E2 192.168.0.0

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv2)– 1515 –show ip protocolsospfThis command displays OSPF process parameters.SYNTAX

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1516 –OPEN SHORTEST PATH FIRST (OSPFV3). Table 217: Open Shortest Path First Co

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1517 –General GuidelinesFollow these basic steps to configure OSPFv3:1. Assign

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1518 –COMMAND USAGE ◆ This command is used to enable an OSPFv3 routing process,

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1519 –DEFAULT SETTING ciscoCOMMAND USAGE ◆ The basic criteria for a router to s

CHAPTER 4 | Basic Management TasksConsole Port Settings– 152 –◆ Exec Timeout – Sets the interval that the system waits until user input is detecte

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1520 –max-current-dd This command sets the maximum number of neighbors with whi

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1521 –COMMAND USAGE ◆ This command sets the router ID for the OSPF process spec

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1522 –◆ Using a low value for the holdtime allows the router to switch to a new

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1523 –area range This command summarizes the routes advertised by an Area Borde

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1524 –default-metric This command sets the default metric for external routes i

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1525 –type-value1 - Type 1 external route2 - Type 2 external route (default) -

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1526 –no-summary - Stops an Area Border Router (ABR) from sending summary link

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1527 –area virtual-link This command defines a virtual link. To remove a virtua

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1528 –DEFAULT SETTING area-id: Nonerouter-id: Nonehello-interval: 10 secondsret

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1529 –COMMAND MODE Interface ConfigurationDEFAULT SETTING NoneCOMMAND USAGE ◆ A

CHAPTER 4 | Basic Management TasksTelnet Settings– 153 –Figure 21: Console Port SettingsTELNET SETTINGSUse the System > Telnet menu to configu

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1530 –ipv6 router ospf tagareaThis command binds an OSPF area to the selected i

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1531 –RELATED COMMANDSrouter ipv6 ospf (1517)router-id (1520)ipv6 router ospf a

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1532 –ipv6 ospf dead-intervalThis command sets the interval at which hello pack

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1533 –ipv6 ospf hello-intervalThis command specifies the interval between sendi

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1534 –COMMAND MODE Interface Configuration (VLAN)DEFAULT SETTING 1COMMAND USAGE

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1535 –DEFAULT SETTING 5 secondsCOMMAND USAGE ◆ A router will resend an LSA to a

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1536 –receive them. To avoid this problem, use the transmit delay to force the

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1537 –Display Informationshow ipv6 ospf This command shows basic information ab

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1538 –show ipv6 ospfdatabaseThis command shows information about different OSPF

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1539 – AS-external-LSALink State ID ADV Router Age Seq#

CHAPTER 4 | Basic Management TasksTelnet Settings– 154 –◆ Exec Timeout – Sets the interval that the system waits until user input is detected. If

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1540 –show ipv6 ospfneighborThis command displays information about neighboring

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1541 –EXAMPLEConsole#show ipv6 ospf neighbor ID Pri State

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1542 –C 2001:DB8:2222:7272::/64, VLAN1? FE80::/64, VLAN1 inactiveC FE8

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1543 –RELATED COMMANDSarea virtual-link (1527)Hello due The timeout for the nex

CHAPTER 49 | IP Routing CommandsOpen Shortest Path First (OSPFv3)– 1544 –

– 1545 –50 MULTICAST ROUTING COMMANDSMulticast routers can use various kinds of multicast routing protocols to deliver IP multicast packets across d

CHAPTER 50 | Multicast Routing CommandsGeneral Multicast Routing– 1546 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ This command is used to e

CHAPTER 50 | Multicast Routing CommandsGeneral Multicast Routing– 1547 –IP Multicast Routing Table Flags: D - Dense, S - Sparse, s - SSM Channel,

CHAPTER 50 | Multicast Routing CommandsGeneral Multicast Routing– 1548 –This example lists all entries in the multicast table in summary form:Cons

CHAPTER 50 | Multicast Routing CommandsGeneral Multicast Routing– 1549 –EXAMPLE Console(config)#ipv6 multicast-routingConsole(config)#show ipv6 mr

CHAPTER 4 | Basic Management TasksDisplaying CPU Utilization– 155 –DISPLAYING CPU UTILIZATIONUse the System > CPU Utilization page to display i

CHAPTER 50 | Multicast Routing CommandsGeneral Multicast Routing– 1550 –Table 226: show ip mroute - display descriptionField DescriptionFlagsThe f

CHAPTER 50 | Multicast Routing CommandsStatic Multicast Routing– 1551 –This example lists all entries in the multicast table in summary form:Conso

CHAPTER 50 | Multicast Routing CommandsStatic Multicast Routing– 1552 –COMMAND USAGE Depending on your network connections, IGMP snooping may not

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1553 –PIM MULTICAST ROUTINGThis section describes the PIM commands used for IPv4 and

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1554 –Shared Mode Commandsrouter pim This command enables IPv4 Protocol-Independent

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1555 –EXAMPLEConsole(config)#router pimConsole(config)#exitConsole#show ip pim inter

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1556 –determines that there are no group members or downstream routers, or when a pr

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1557 –COMMAND USAGE The ip pim hello-holdtime should be greater than the value of ip

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1558 –COMMAND MODE Interface Configuration (VLAN)COMMAND USAGE The multicast interfa

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1559 –RELATED COMMANDSip pim override-interval (1559)ip pim propagation-delay (1560)

CHAPTER 4 | Basic Management TasksDisplaying Memory Utilization– 156 –DISPLAYING MEMORY UTILIZATIONUse the System > Memory Status page to displ

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1560 –ip pim propagation-delayThis command configures the propagation delay required

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1561 –COMMAND MODE Interface Configuration (VLAN)COMMAND USAGE ◆ When a router first

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1562 –show ip pimneighborThis command displays information about PIM neighbors.SYNTA

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1563 –COMMAND USAGE A graft message is sent by a router to cancel a prune state. Whe

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1564 –COMMAND MODE Interface Configuration (VLAN)COMMAND USAGE ◆ The pruned state ti

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1565 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ When the ip pim bsr-candidate

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1566 –COMMAND MODE Global ConfigurationCOMMAND USAGE This command can be used to rel

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1567 –ip pim rp-address This command sets a static address for the Rendezvous Point

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1568 –EXAMPLEIn the following example, the first PIM-SM command just specifies the R

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1569 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ When the ip pim rp-candidate

CHAPTER 4 | Basic Management TasksResetting the System– 157 –Master unit is taken as the top of the stack and is numbered as unit 1, and all other

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1570 –ip pim spt-threshold This command prevents the last-hop PIM router from switch

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1571 –ip pim dr-priority This command sets the priority value for a Designated Route

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1572 –Console#ip pim join-prune-intervalThis command sets the join/prune timer. Use

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1573 – Propagation Delay : 500 ms Override Interval : 2500

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1574 –State : Elected BSRConsole#show ip pim rpmappingThis command displa

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1575 –show ip pim rp-hash This command displays the RP used for the specified multic

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1576 –ipv6 pim hello-interval Sets the interval between sending PIM hello messages I

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1577 –PIM6 Shared Mode Commandsrouter pim6 This command enables IPv6 Protocol-Indepe

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1578 –globally for the router with the router pim6 command, and also enable PIM-DM o

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1579 –ipv6 pim hello-holdtimeThis command configures the interval to wait for hello

CHAPTER 4 | Basic Management TasksResetting the System– 158 –PARAMETERSThe following parameters are displayed: System Reload Information◆ Reload S

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1580 –EXAMPLEConsole(config-if)#ipv6 pim hello-interval 60Console(config-if)#ipv6 pi

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1581 –COMMAND USAGE ◆ When other downstream routers on the same VLAN are notified th

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1582 –Join message back to the upstream router to ensure that the flow is not termin

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1583 –ipv6 pim trigger-hello-delayThis command configures the maximum time before tr

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1584 –EXAMPLEConsole#show ipv6 pim interface vlan 1PIM is enabled.VLAN 1 is up. PIM

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1585 –PIM-DM Commandsipv6 pim graft-retry-intervalThis command configures the time t

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1586 –ipv6 pim max-graft-retriesThis command configures the maximum number of times

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1587 –◆ This command is only effectively for interfaces of first hop, PIM-DM routers

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1588 –◆ This router will continue to be the BSR until it receives a bootstrap messag

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1589 –EXAMPLEThis example sets the register rate limit to 500 pps. Console(config)#i

CHAPTER 4 | Basic Management TasksResetting the System– 159 – Weekly - Day of the week at which to reload. (Range: Sunday ... Saturday) Monthly -

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1590 –ipv6 pim rp-address This command sets a static address for the Rendezvous Poin

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1591 –EXAMPLEIn the following example, the first PIM-SM command just specifies the R

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1592 –candidate RP for the specified group addresses. The IP address of the designat

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1593 –ipv6 pim spt-thresholdThis command prevents the last-hop PIM router from switc

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1594 –ipv6 pim dr-priority This command sets the priority value for a Designated Rou

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1595 –Console#ipv6 pim join-prune-intervalThis command sets the join/prune timer. Us

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1596 – Propagation Delay : 500 ms Override Interval : 2500 ms DR Priorit

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1597 –State : Elected BSRConsole#show ipv6 pim rpmappingThis command disp

CHAPTER 50 | Multicast Routing CommandsPIM Multicast Routing– 1598 –show ipv6 pim rp-hashThis command displays the RP used for the specified multi

– 1599 –SECTION IVAPPENDICESThis section provides additional information and includes these items:◆ "Software Specifications" on page 1601

CONTENTS– 16 –SECTION III COMMAND LINE INTERFACE 74522 USING THE COMMAND LINE INTERFACE 747Accessing the CLI 747Console Connection 747Telnet Conne

CHAPTER 4 | Basic Management TasksResetting the System– 160 –Figure 27: Restarting the Switch (In)Figure 28: Restarting the Switch (At)Figure 29

SECTION IV | Appendices– 1600 –

– 1601 –A SOFTWARE SPECIFICATIONSSOFTWARE FEATURESMANAGEMENTAUTHENTICATIONLocal, RADIUS, TACACS+, Port Authentication (802.1X), HTTPS, SSH, Port Sec

CHAPTER A | Software SpecificationsSoftware Features– 1602 –VLAN SUPPORT Up to 4093 groups; port-based, protocol-based, tagged (802.1Q),voice VLAN

CHAPTER A | Software SpecificationsManagement Features– 1603 –MANAGEMENT FEATURESIN-BAND MANAGEMENT Telnet, web-based HTTP or HTTPS, SNMP manager,

CHAPTER A | Software SpecificationsManagement Information Bases– 1604 –IGMPv2 (RFC 2236)IGMPv3 (RFC 3376) - partial supportIGMP Proxy (RFC 4541)IP

CHAPTER A | Software SpecificationsManagement Information Bases– 1605 –MIB II (RFC 1213)OSPF MIB (RFC 1850)OSPFv3 MIB (draft-ietf-ospf-ospfv3-mib-

CHAPTER A | Software SpecificationsManagement Information Bases– 1606 –

– 1607 –B TROUBLESHOOTINGPROBLEMS ACCESSING THE MANAGEMENT INTERFACE Table 239: Troubleshooting ChartSymptom ActionCannot connect using Telnet, web

CHAPTER B | TroubleshootingUsing System Logs– 1608 –USING SYSTEM LOGSIf a fault does occur, refer to the Installation Guide to ensure that the pro

– 1609 –C LICENSE INFORMATIONThis product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GN

– 161 –5 INTERFACE CONFIGURATIONThis chapter describes the following topics:◆ Port Configuration – Configures connection settings, including auto-ne

CHAPTER C | License InformationThe GNU General Public License– 1610 –GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND

CHAPTER C | License InformationThe GNU General Public License– 1611 –b) Accompany it with a written offer, valid for at least three years, to give

CHAPTER C | License InformationThe GNU General Public License– 1612 –9. If the distribution and/or use of the Program is restricted in certain cou

– 1613 –GLOSSARYACL Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GLOSSARY– 1614 –DIFFSERV Differentiated Services provides quality of service on large networks by employing a well-defined set of building blocks fr

GLOSSARY– 1615 –GMRP Generic Multicast Registration Protocol. GMRP allows network devices to register end stations with multicast groups. GMRP requi

GLOSSARY– 1616 –IGMP Internet Group Management Protocol. A protocol through which hosts can register with their local router for multicast services.

GLOSSARY– 1617 –LINK AGGREGATION See Port Trunk. LLDP Link Layer Discovery Protocol is used to discover basic information about neighboring devices

GLOSSARY– 1618 –OSPF Open Shortest Path First is a link-state routing protocol that functions better over a larger network such as the Internet, as

GLOSSARY– 1619 –RIP Routing Information Protocol seeks to find the shortest route to another device by minimizing the distance-vector, or hop count,

CHAPTER 5 | Interface ConfigurationPort Configuration– 162 –◆ When using auto-negotiation, the optimal settings will be negotiated between the lin

GLOSSARY– 1620 –TELNET Defines a remote communication facility for interfacing to a terminal device over TCP/IP.TFTP Trivial File Transfer Protocol.

– 1621 –COMMAND LISTAaaa accounting dot1x 876aaa accounting exec 877aaa accounting update 878aaa authorization exec 879aaa group server 88

COMMAND LIST– 1622 –default-information originate 1458default-information originate 1477default-metric 1459default-metric 1484default-metric

COMMAND LIST– 1623 –ip domain-name 1353ip forward-protocol udp 1403ip helper 1404ip helper-address 1405ip host 1354ip http port 884ip ht

COMMAND LIST– 1624 –ipv6 access-group 985ipv6 address 1409ipv6 address eui-64 1411ipv6 address link-local 1413ipv6 default-gateway 1408ip

COMMAND LIST– 1625 –lldp reinit-delay 1289lldp tx-delay 1290logging facility 799logging history 799logging host 800logging on 801logging

COMMAND LIST– 1626 –ntp client 813ntp server 814Pparity 792passive-interface 1463passive-interface 1502passive-interface 1536password

COMMAND LIST– 1627 –show class-map 1183show cluster 824show cluster candidates 825show cluster members 825show dns 1357show dns cache 13

COMMAND LIST– 1628 –show lacp 1025show line 797show lldp config 1303show lldp info local-device 1304show lldp info remote-device 1305show

COMMAND LIST– 1629 –snmp-server enable traps ethernet cfm cc 1331snmp-server enable traps ethernet cfm crosscheck 1335snmp-server engine-id 83

CHAPTER 5 | Interface ConfigurationPort Configuration– 163 –◆ Name – Allows you to label an interface. (Range: 1-64 characters)◆ Admin – Allows yo

COMMAND LIST– 1630 –vlan-trunking 1120voice vlan 1148voice vlan aging 1149voice vlan mac-address 1149vrrp authentication 1382vrrp ip 138

– 1631 –INDEXNUMERICS802.1Q tunnel 215, 1123access 1125configuration, guidelines 218, 1123configuration, limitations 218, 1124CVID to SVID m

INDEX– 1632 –ignoring superior BPDUs 253, 1082selecting protocol based on message format 254, 1085shut down port on receipt 254, 1073bridge ex

INDEX– 1633 –information option policy 399, 950information option, enabling 399, 949policy selection 399, 950specifying trusted interfaces 4

INDEX– 1634 –Ffault isolation, CFM 474, 1341fault notification generator, CFM 476, 483, 508, 1345, 1347fault notification, CFM 474, 508, 1309,

INDEX– 1635 –static multicast routing 519, 1206static port assignment 521, 1206static router interface 514, 1206static router port, configurin

INDEX– 1636 –local device information, displaying 416, 1304message attributes 413, 1285message statistics 424, 1307remote information, display

INDEX– 1637 –multicast filtering 511, 1185enabling IGMP snooping 515, 1187enabling IGMP snooping per interface 522, 1187enabling MLD snooping

INDEX– 1638 –default metric for external routes 674, 1484enabling 1476general settings 673, 676, 1474hello interval 692, 1498interface summa

INDEX– 1639 –triggered hello delay 731, 1583PIMv6-DMglobal configuration 729, 735interface settings 731PIMv6-SM 735bootstrap router 736BSR

CHAPTER 5 | Interface ConfigurationPort Configuration– 164 –◆ Speed/Duplex – Allows you to manually set the port speed and duplex mode. (i.e., wit

INDEX– 1640 –remote maintenance end point, CFM 477, 486, 492, 501, 504, 505, 1326, 1327, 1332, 1336Remote Monitoring See RMONrename, DiffServ 1

INDEX– 1641 –configuring 343, 890downloading public keys for clients 349, 780generating host key pair 347, 895server, configuring 346, 892ti

INDEX– 1642 –basic information, displaying 1111configuring port members, by interface 206, 1116–1120configuring port members, VLAN index 205cr

GTL-2691E042013/ST-R01

CHAPTER 5 | Interface ConfigurationPort Configuration– 165 –WEB INTERFACETo configure port connection parameters:1. Click Interface, Port, General

CHAPTER 5 | Interface ConfigurationPort Configuration– 166 –◆ Media Type – Media type used. (Options: Copper-Forced, SFP-Forced, or SFP-Preferred-

CHAPTER 5 | Interface ConfigurationPort Configuration– 167 –COMMAND USAGE ◆ Traffic can be mirrored from one or more source ports to one destinati

CHAPTER 5 | Interface ConfigurationPort Configuration– 168 –To display the configured mirror sessions:1. Click Interface, Port, Mirror.2. Select S

CHAPTER 5 | Interface ConfigurationPort Configuration– 169 –Transmitted Errors The number of outbound packets that could not be transmitted becaus

CONTENTS– 17 –System Status 769show access-list tcam-utilization 769show memory 770show process cpu 770show running-config 771show startup-conf

CHAPTER 5 | Interface ConfigurationPort Configuration– 170 –Internal MAC Receive ErrorsA count of frames for which reception on a particular inter

CHAPTER 5 | Interface ConfigurationPort Configuration– 171 –WEB INTERFACETo show a list of port statistics:1. Click Interface, Port, Statistics.2.

CHAPTER 5 | Interface ConfigurationPort Configuration– 172 –Figure 37: Showing Port Statistics (Chart)PERFORMING CABLEDIAGNOSTICSUse the Interfac

CHAPTER 5 | Interface ConfigurationPort Configuration– 173 –◆ The test takes approximately 5 seconds. The switch displays the results of the test

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 174 –WEB INTERFACETo test the cable attached to a port:1. Click Interface, Port, Cable Tes

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 175 –COMMAND USAGEBesides balancing the load across each port in the trunk, the other port

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 176 –However, note that the static trunks on this switch are Cisco EtherChannel compatible

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 177 –To add member ports to a static trunk:1. Click Interface, Trunk, Static.2. Select Con

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 178 –To display trunk connection parameters:1. Click Interface, Trunk, Static.2. Select Co

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 179 –◆ All ports on both ends of an LACP trunk must be configured for full duplex, and aut

CONTENTS– 18 –stopbits 796timeout login response 796disconnect 797show line 797Event Logging 798logging facility 799logging history 799logging

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 180 –NOTE: Configuring LACP settings for a port only applies to its administrative state,

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 181 –Figure 46: Enabling LACP on a PortTo configure LACP parameters for group members:1.

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 182 –Figure 48: Showing Members of a Dynamic TrunkTo configure connection parameters for

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 183 –Figure 50: Displaying Connection Parameters for Dynamic TrunksDISPLAYING LACPPORT CO

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 184 –Figure 51: Displaying LACP Port CountersDISPLAYING LACPSETTINGS AND STATUSFOR THE LO

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 185 –WEB INTERFACETo display LACP settings and status for the local side:1. Click Interfac

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 186 –DISPLAYING LACPSETTINGS AND STATUSFOR THE REMOTE SIDEUse the Interface > Trunk >

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 187 –Figure 53: Displaying LACP Port Remote InformationCONFIGURING LOADBALANCINGUse the I

CHAPTER 5 | Interface ConfigurationTrunk Configuration– 188 – Source and Destination IP Address: All traffic with the same source and destination

CHAPTER 5 | Interface ConfigurationSampling Traffic Flows– 189 –Figure 54: Configuring Load BalancingSAMPLING TRAFFIC FLOWSThe flow sampling (sFl

CONTENTS– 19 –Time Range 817time-range 818absolute 818periodic 819show time-range 820Switch Clustering 820cluster 821cluster commander 822cluste

CHAPTER 5 | Interface ConfigurationSampling Traffic Flows– 190 –CONFIGURING SFLOWPARAMETERSUse the Interface > sFlow page to set the source and

CHAPTER 5 | Interface ConfigurationTraffic Segmentation– 191 –3. Click Apply.Figure 55: Sampling Traffic FlowsTRAFFIC SEGMENTATIONIf tighter secu

CHAPTER 5 | Interface ConfigurationTraffic Segmentation– 192 – Blocking – Blocks traffic between uplink ports assigned to different sessions. Forw

CHAPTER 5 | Interface ConfigurationTraffic Segmentation– 193 –CONFIGURING UPLINKAND DOWNLINK PORTSUse the Interface > Traffic Segmentation (Con

CHAPTER 5 | Interface ConfigurationTraffic Segmentation– 194 –◆ Interface – Displays a list of ports or trunks. Port – Port Identifier. (Range: 1-

CHAPTER 5 | Interface ConfigurationVLAN Trunking– 195 –VLAN TRUNKINGUse the Interface > VLAN Trunking page to allow unknown VLAN groups to pass

CHAPTER 5 | Interface ConfigurationVLAN Trunking– 196 –◆ Trunk – Trunk Identifier. (Range: 1-32)◆ VLAN Trunking Status – Enables VLAN trunking on

– 197 –6 VLAN CONFIGURATIONThis chapter includes the following topics:◆ IEEE 802.1Q VLANs – Configures static and dynamic VLANs.◆ Private VLANs – Co

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 198 –or IP subnets. VLANs inherently provide a high level of network security since traffic must

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 199 –VLAN Classification – When the switch receives a frame, it classifies the frame in one of tw

USER MANUALGTL-2691MANAGED 24-PORT L3 STACKABLE GE SWITCHLayer 3 Stackable Gigabit Ethernet Switchwith 20 10/100/1000BASE-T (RJ-45) Ports,4 Gigabit Co

CONTENTS– 20 –show nlm oper-status 845show snmp notify-filter 845Additional Trap Commands 845memory 845process cpu 84626 REMOTE MONITORING COM

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 200 –Figure 62: Using GVRPForwarding Tagged/Untagged FramesIf you want to create a small port-ba

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 201 –about this interface type. This parameter must be enabled before you can assign an IP addres

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 202 –To modify the configuration settings for VLAN groups:1. Click VLAN, Static.2. Select Modify

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 203 –aware devices. Or configure a port as forbidden to prevent the switch from automatically add

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 204 –◆ Ingress Filtering – Determines how to process frames tagged for VLANs for which the ingres

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 205 –◆ Trunk Range – Displays a list of ports. (Range: 1-32)NOTE: The PVID, acceptable frame type

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 206 –4. Modify the settings for any interface as required. 5. Click Apply.Figure 67: Configuring

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 207 –Figure 68: Configuring Static VLAN Members by Interface RangeCONFIGURINGDYNAMIC VLANREGISTR

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 208 – Join – The interval between transmitting requests/queries to participate in a VLAN group. (

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q VLANs– 209 –To configure GVRP status and timers on a port or trunk:1. Click VLAN, Dynamic.2. Select Conf

CONTENTS– 21 –radius-server key 870radius-server retransmit 871radius-server timeout 871show radius-server 872TACACS+ Client 872tacacs-server h

CHAPTER 6 | VLAN ConfigurationPrivate VLANs– 210 –To show the members of a dynamic VLAN:1. Click VLAN, Dynamic.2. Select Show Dynamic VLAN from th

CHAPTER 6 | VLAN ConfigurationPrivate VLANs– 211 –all other traffic through promiscuous ports). Then assign any promiscuous ports to a primary VLA

CHAPTER 6 | VLAN ConfigurationPrivate VLANs– 212 –To display a list of private VLANs:1. Click VLAN, Private.2. Select Configure VLAN from the Step

CHAPTER 6 | VLAN ConfigurationPrivate VLANs– 213 –5. Select an entry from the Community VLAN list to associate it with the selected primary VLAN.

CHAPTER 6 | VLAN ConfigurationPrivate VLANs– 214 –◆ Port – Port Identifier. (Range: 1-26/50)◆ Trunk – Trunk Identifier. (Range: 1-32)◆ Port/Trunk

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 215 –Figure 77: Configuring Interfaces for Private VLANsIEEE 802.1Q TUNNELINGIEEE 802.1Q Tun

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 216 –When a double-tagged packet enters another trunk port in an intermediate or core switch

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 217 –3. After packet classification through the switching process, the packet is written to m

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 218 –7. The switch sends the packet to the proper egress port.8. If the egress port is an unt

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 219 –6. Configure the QinQ tunnel uplink port to Uplink mode (see "Adding an Interface t

CONTENTS– 22 –ip ssh timeout 894delete public-key 894ip ssh crypto host-key generate 895ip ssh crypto zeroize 896ip ssh save host-key 896show i

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 220 –Figure 79: Enabling QinQ TunnelingCREATING CVLAN TOSPVLAN MAPPINGENTRIESUse the VLAN &g

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 221 –PARAMETERSThese parameters are displayed:◆ Port – Port identifier. (Range: 1-26)◆ Custom

CHAPTER 6 | VLAN ConfigurationIEEE 802.1Q Tunneling– 222 –Figure 81: Showing CVLAN to SPVLAN Mapping EntriesThe preceding example sets the SVID t

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 223 – Uplink – Configures QinQ tunneling for an uplink port to another device within the service pro

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 224 –COMMAND USAGE◆ To configure protocol-based VLANs, follow these steps:1. First configure VLAN gr

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 225 –WEB INTERFACETo configure a protocol group:1. Click VLAN, Protocol.2. Select Configure Protocol

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 226 –MAPPING PROTOCOLGROUPS TOINTERFACESUse the VLAN > Protocol (Configure Interface - Add) page

CHAPTER 6 | VLAN ConfigurationProtocol VLANs– 227 –6. Enter the corresponding VLAN to which the protocol traffic will be forwarded.7. Click Apply.

CHAPTER 6 | VLAN ConfigurationConfiguring IP Subnet VLANs– 228 –CONFIGURING IP SUBNET VLANSUse the VLAN > IP Subnet page to configure IP subnet

CHAPTER 6 | VLAN ConfigurationConfiguring IP Subnet VLANs– 229 –WEB INTERFACETo map an IP subnet to a VLAN:1. Click VLAN, IP Subnet.2. Select Add

CONTENTS– 23 –pppoe intermediate-agent vendor-tag strip 917clear pppoe intermediate-agent statistics 917show pppoe intermediate-agent info 918sho

CHAPTER 6 | VLAN ConfigurationConfiguring MAC-based VLANs– 230 –CONFIGURING MAC-BASED VLANSUse the VLAN > MAC-Based page to configure VLAN base

CHAPTER 6 | VLAN ConfigurationConfiguring MAC-based VLANs– 231 –6. Click Apply.Figure 89: Configuring MAC-Based VLANsTo show the MAC addresses ma

CHAPTER 6 | VLAN ConfigurationConfiguring MAC-based VLANs– 232 –

– 233 –7 ADDRESS TABLE SETTINGSSwitches store the addresses for all known devices. This information is used to pass traffic directly between the inb

CHAPTER 7 | Address Table SettingsConfiguring MAC Address Learning– 234 –◆ Also note that MAC address learning cannot be disabled if any of the fo

CHAPTER 7 | Address Table SettingsSetting Static Addresses– 235 –SETTING STATIC ADDRESSESUse the MAC Address > Static page to configure static

CHAPTER 7 | Address Table SettingsChanging the Aging Time– 236 –4. Click Apply.Figure 92: Configuring Static MAC AddressesTo show the static addr

CHAPTER 7 | Address Table SettingsDisplaying the Dynamic Address Table– 237 –WEB INTERFACETo set the aging time for entries in the dynamic address

CHAPTER 7 | Address Table SettingsClearing the Dynamic Address Table– 238 –WEB INTERFACETo show the dynamic address table:1. Click MAC Address, Dy

CHAPTER 7 | Address Table SettingsClearing the Dynamic Address Table– 239 –3. Select the method by which to clear the entries (i.e., All, MAC Addr

CONTENTS– 24 –web-auth re-authenticate (IP) 944show web-auth 945show web-auth interface 945show web-auth summary 946DHCP Snooping 946ip dhcp sn

CHAPTER 7 | Address Table SettingsClearing the Dynamic Address Table– 240 –

– 241 –8 SPANNING TREE ALGORITHM This chapter describes the following basic topics:◆ Loopback Detection – Configures detection and response to loopb

CHAPTER 8 | Spanning Tree AlgorithmOverview– 242 –lowest cost spanning tree, it enables all root ports and designated ports, and disables all othe

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Loopback Detection– 243 –An MST Region consists of a group of interconnected bridges that have the

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Loopback Detection– 244 –◆ The interface ceases to receive it’s own BPDUs in a forward delay interv

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 245 –Figure 100: Configuring Port Loopback DetectionCONFIGURING GLOBAL SE

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 246 –MSTP generates a unique spanning tree for each instance. This provide

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 247 –spanning tree is disabled globally on the switch or disabled on a spe

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 248 –delay is required because every device must receive information about

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Global Settings for STA– 249 –Figure 101: Configuring Global Settings for STA (STP)Figure 102: Co

CONTENTS– 25 –Denial of Service Protection 969dos-protection land 969dos-protection tcp-scan 970show dos-protection 97030 ACCESS CONTROL LISTS 9

CHAPTER 8 | Spanning Tree AlgorithmDisplaying Global Settings for STA– 250 –Figure 103: Configuring Global Settings for STA (MSTP)DISPLAYING GLOB

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 251 –◆ Root Port – The number of the port on this switch that is closes

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 252 –CLI REFERENCES◆ "Spanning Tree Commands" on page 1061PAR

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 253 –◆ Admin Link Type – The link type attached to this interface. Poin

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for STA– 254 –An interface cannot function as an edge port under the following c

CHAPTER 8 | Spanning Tree AlgorithmDisplaying Interface Settings for STA– 255 –5. Click Apply.Figure 105: Configuring Interface Settings for STAD

CHAPTER 8 | Spanning Tree AlgorithmDisplaying Interface Settings for STA– 256 –The rules defining port status are: A port on a network segment wit

CHAPTER 8 | Spanning Tree AlgorithmDisplaying Interface Settings for STA– 257 –Figure 106: STA Port RolesWEB INTERFACETo display interface settin

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 258 –CONFIGURING MULTIPLE SPANNING TREESUse the Spanning Tree > MSTP (C

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 259 –WEB INTERFACETo create instances for MSTP:1. Click Spanning Tree, MST

CONTENTS– 26 –capabilities 999description 1000flowcontrol 1001media-type 1002negotiation 1002shutdown 1003speed-duplex 1004switchport mtu 1005switc

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 260 –To modify the priority for an MST instance:1. Click Spanning Tree, MS

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Multiple Spanning Trees– 261 –To add additional VLAN groups to an MSTP instance:1. Click Spanning T

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 262 –CONFIGURING INTERFACE SETTINGS FOR MSTPUse the Spanning Tree >

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 263 –The recommended range is listed in Table 12 on page 252. The defa

CHAPTER 8 | Spanning Tree AlgorithmConfiguring Interface Settings for MSTP– 264 –

– 265 –9 CONGESTION CONTROLThe switch can set the maximum upload or download data transfer rate for any port. It can also control traffic storms by

CHAPTER 9 | Congestion ControlStorm Control– 266 –◆ Rate – Sets the rate limit level. (Range: 64 - 1,000,000 kbits per second for Gigabit Ethernet

CHAPTER 9 | Congestion ControlStorm Control– 267 –◆ When traffic exceeds the threshold specified for broadcast and multicast or unknown unicast tr

CHAPTER 9 | Congestion ControlAutomatic Traffic Control– 268 –4. Set the required threshold beyond which the switch will start dropping packets.5.

CHAPTER 9 | Congestion ControlAutomatic Traffic Control– 269 –The key elements of this diagram are described below:◆ Alarm Fire Threshold – The hi

CONTENTS– 27 –show port monitor 1030RSPAN Mirroring Commands 1031rspan source 1033rspan destination 1034rspan remote vlan 1035no rspan session

CHAPTER 9 | Congestion ControlAutomatic Traffic Control– 270 –SETTING THE ATCTIMERSUse the Traffic > Auto Traffic Control (Configure Global) pa

CHAPTER 9 | Congestion ControlAutomatic Traffic Control– 271 –Figure 120: Configuring ATC TimersCONFIGURING ATCTHRESHOLDS ANDRESPONSESUse the Tra

CHAPTER 9 | Congestion ControlAutomatic Traffic Control– 272 –◆ Auto Release Control – Automatically stops a traffic control response of rate limi

CHAPTER 9 | Congestion ControlAutomatic Traffic Control– 273 –WEB INTERFACETo configure the response timers for automatic storm control:1. Click T

CHAPTER 9 | Congestion ControlAutomatic Traffic Control– 274 –

– 275 –10 CLASS OF SERVICEClass of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the sw

CHAPTER 10 | Class of ServiceLayer 2 Queue Settings– 276 –◆ If the output port is an untagged member of the associated VLAN, these frames are stri

CHAPTER 10 | Class of ServiceLayer 2 Queue Settings– 277 –◆ WRR queuing specifies a relative weight for each queue. WRR uses a predefined relative

CHAPTER 10 | Class of ServiceLayer 2 Queue Settings– 278 –WEB INTERFACETo configure the queue mode:1. Click Traffic, Priority, Queue.2. Select the

CHAPTER 10 | Class of ServiceLayer 2 Queue Settings– 279 –Figure 125: Setting the Queue Mode (Strict and WRR)MAPPING COS VALUESTO EGRESS QUEUESUs

CONTENTS– 28 –show mac-address-table aging-time 1058show mac-address-table count 105937 SPANNING TREE COMMANDS 1061spanning-tree 1062spanning-tree

CHAPTER 10 | Class of ServiceLayer 2 Queue Settings– 280 –CLI REFERENCES◆ "queue cos-map" on page 1156◆ "show queue cos-map" o

CHAPTER 10 | Class of ServiceLayer 3/4 Priority Settings– 281 –Figure 126: Mapping CoS Values to Egress QueuesLAYER 3/4 PRIORITY SETTINGSMapping

CHAPTER 10 | Class of ServiceLayer 3/4 Priority Settings– 282 –COMMAND USAGE◆ The DSCP is six bits wide, allowing coding for up to 64 different fo

CHAPTER 10 | Class of ServiceLayer 3/4 Priority Settings– 283 –Figure 127: Mapping IP DSCP Priority ValuesMAPPING IPPRECEDENCEUse the Traffic >

CHAPTER 10 | Class of ServiceLayer 3/4 Priority Settings– 284 –NOTE: IP Precedence settings apply to all interfaces. PARAMETERSThese parameters ar

CHAPTER 10 | Class of ServiceLayer 3/4 Priority Settings– 285 –COMMAND USAGE ◆ This mapping table is only used if the protocol type of the arrivin

CHAPTER 10 | Class of ServiceLayer 3/4 Priority Settings– 286 –To show the TCP/UDP port number to CoS priority map:1. Click Traffic, Priority, IP

– 287 –11 QUALITY OF SERVICE This chapter describes the following tasks required to apply QoS policies:Class Map – Creates a map which identifies a

CHAPTER 11 | Quality of ServiceConfiguring a Class Map– 288 –COMMAND USAGETo create a service policy for a specific category or ingress traffic, f

CHAPTER 11 | Quality of ServiceConfiguring a Class Map– 289 –◆ Description – A brief description of a class map. (Range: 1-64 characters)Add Rule◆

CONTENTS– 29 –show spanning-tree 1086show spanning-tree mst configuration 108838 ERPS COMMANDS 1089erps 1091erps domain 1091control-vlan 1092enab

CHAPTER 11 | Quality of ServiceConfiguring a Class Map– 290 –To show the configured class maps: 1. Click Traffic, DiffServ.2. Select Configure Cla

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 291 –To show the rules for a class map: 1. Click Traffic, DiffServ.2. Select Configure Class

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 292 –Policing is based on a token bucket, where bucket depth (that is, the maximum burst bef

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 293 – if Te(t)-B ≥ 0, the packets is yellow and Te is decremented by B down to the minimum v

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 294 –respectively. The maximum size of the token bucket P is BP and the maximum size of the

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 295 –Add Rule◆ Policy Name – Name of policy map.◆ Class Name – Name of a class map that defi

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 296 – Violate – Specifies whether the traffic that exceeds the maximum rate (CIR) will be dr

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 297 – Drop – Drops out of conformance traffic. Violate – Specifies whether the traffic that

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 298 – Transmit – Transmits in-conformance traffic without any change to the DSCP service lev

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 299 –To show the configured policy maps: 1. Click Traffic, DiffServ.2. Select Configure Poli

– 3 –ABOUT THIS GUIDEPURPOSE This guide gives specific information on how to operate and use the management functions of the switch.AUDIENCE The gui

CONTENTS– 30 –switchport allowed vlan 1117switchport ingress-filtering 1118switchport mode 1119switchport native vlan 1120vlan-trunking 1120Dis

CHAPTER 11 | Quality of ServiceCreating QoS Policies– 300 –Figure 137: Adding Rules to a Policy MapTo show the rules for a policy map: 1. Click T

CHAPTER 11 | Quality of ServiceAttaching a Policy Map to a Port– 301 –ATTACHING A POLICY MAP TO A PORTUse the Traffic > DiffServ (Configure Int

CHAPTER 11 | Quality of ServiceAttaching a Policy Map to a Port– 302 –

– 303 –12 VOIP TRAFFIC CONFIGURATIONThis chapter covers the following topics:◆ Global Settings – Enables VOIP globally, sets the Voice VLAN, and the

CHAPTER 12 | VoIP Traffic ConfigurationConfiguring VoIP Traffic– 304 –CLI REFERENCES◆ "Configuring Voice VLANs" on page 1147PARAMETERSTh

CHAPTER 12 | VoIP Traffic ConfigurationConfiguring Telephony OUI– 305 –CONFIGURING TELEPHONY OUIVoIP devices attached to the switch can be identif

CHAPTER 12 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 306 –Figure 141: Configuring an OUI Telephony ListTo show the MAC OUI numb

CHAPTER 12 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 307 – Auto – The port will be added as a tagged member to the Voice VLAN wh

CHAPTER 12 | VoIP Traffic ConfigurationConfiguring VoIP Traffic Ports– 308 –3. Configure any required changes to the VoIP settings each port.4. Cl

– 309 –13 SECURITY MEASURESYou can configure this switch to authenticate users logging into the system for management access using local or remote a

CONTENTS– 31 –show mac-vlan 1147Configuring Voice VLANs 1147voice vlan 1148voice vlan aging 1149voice vlan mac-address 1149switchport voice vla

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 310 –◆ DHCP Snooping – Filter IP traffic on insecure ports for which the source ad

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 311 –3. Define a method name for each service to which you want to apply accountin

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 312 – [authentication sequence] – User authentication is performed by up to three

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 313 –CLI REFERENCES◆ "RADIUS Client" on page 868◆ "TACACS+ Client&q

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 314 – Set Key – Mark this box to set or modify the encryption key. Authentication

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 315 –When specifying the priority sequence for a sever, the server index must alre

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 316 –Figure 147: Configuring Remote Authentication Server (TACACS+)To configure t

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 317 –To show the RADIUS or TACACS+ server groups used for accounting and authoriza

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 318 –◆ Method Name – Specifies an accounting method for service requests. The “def

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 319 –◆ Accounting Type - Displays the accounting service.◆ Interface - Displays th

CONTENTS– 32 –police flow 1175police srtcm-color 1176police trtcm-color 1179set 1181service-policy 1182show class-map 1183show policy-map 1183s

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 320 –Figure 151: Configuring AAA Accounting MethodsTo show the accounting method

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 321 –Figure 153: Configuring AAA Accounting Service for 802.1X ServiceFigure 154:

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 322 –To display basic accounting information and statistics recorded for user sess

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 323 –other group name refers to a server group configured on the TACACS+ Group Set

CHAPTER 13 | Security MeasuresAAA Authorization and Accounting– 324 –To show the authorization method applied to the EXEC service type and the ass

CHAPTER 13 | Security MeasuresConfiguring User Accounts– 325 –To display a the configured authorization method and assigned server groups for The

CHAPTER 13 | Security MeasuresConfiguring User Accounts– 326 – Plain Password – Plain text unencrypted password. Encrypted Password – Encrypted pa

CHAPTER 13 | Security MeasuresWeb Authentication– 327 –To show user accounts: 1. Click Security, User Accounts.2. Select Show from the Action list

CHAPTER 13 | Security MeasuresWeb Authentication– 328 –CONFIGURING GLOBALSETTINGS FOR WEBAUTHENTICATIONUse the Security > Web Authentication (C

CHAPTER 13 | Security MeasuresWeb Authentication– 329 –CONFIGURINGINTERFACE SETTINGSFOR WEBAUTHENTICATIONUse the Security > Web Authentication

CONTENTS– 33 –IGMP Filtering and Throttling 1208ip igmp filter (Global Configuration) 1208ip igmp profile 1209permit, deny 1210range 1210ip igmp

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 330 –Figure 164: Configuring Interface Settings for Web Authentication

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 331 –◆ Authenticated MAC addresses are stored as dynamic entries in the

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 332 –For example, if the attribute is “service-policy-in=p1;service-pol

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 333 –regardless of the 802.1X Operation Mode (Single-Host, Multi-Host,

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 334 –PARAMETERSThese parameters are displayed:◆ MAC Authentication Sta

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 335 –exempt from authentication on the specified port (as described und

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 336 – Link down – Only link down events will trigger the port action. L

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 337 –COMMAND USAGE◆ Specified MAC addresses are exempt from authenticat

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 338 –Figure 169: Showing the MAC Address Filter Table for Network Acce

CHAPTER 13 | Security MeasuresNetwork Access (MAC Address Authentication)– 339 –WEB INTERFACETo display the authenticated MAC addresses stored in

CONTENTS– 34 –mvr proxy-query-interval 1230mvr proxy-switching 1231mvr robustness-value 1232mvr source-port-mode dynamic 1233mvr upstream-source

CHAPTER 13 | Security MeasuresConfiguring HTTPS– 340 –CONFIGURING HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protoc

CHAPTER 13 | Security MeasuresConfiguring HTTPS– 341 –PARAMETERSThese parameters are displayed:◆ HTTPS Status – Allows you to enable/disable the H

CHAPTER 13 | Security MeasuresConfiguring HTTPS– 342 –When you have obtained these, place them on your TFTP server and transfer them to the switch

CHAPTER 13 | Security MeasuresConfiguring the Secure Shell– 343 –Figure 172: Downloading the Secure-Site CertificateCONFIGURING THE SECURE SHELL

CHAPTER 13 | Security MeasuresConfiguring the Secure Shell– 344 –To use the SSH server, complete these steps:1. Generate a Host Key Pair – On the

CHAPTER 13 | Security MeasuresConfiguring the Secure Shell– 345 –NOTE: To use SSH with only password authentication, the host public key must stil

CHAPTER 13 | Security MeasuresConfiguring the Secure Shell– 346 –CONFIGURING THESSH SERVERUse the Security > SSH (Configure Global) page to ena

CHAPTER 13 | Security MeasuresConfiguring the Secure Shell– 347 –Figure 173: Configuring the SSH ServerGENERATING THEHOST KEY PAIRUse the Securit

CHAPTER 13 | Security MeasuresConfiguring the Secure Shell– 348 –WEB INTERFACETo generate the SSH host key pair: 1. Click Security, SSH.2. Select

CHAPTER 13 | Security MeasuresConfiguring the Secure Shell– 349 –IMPORTING USERPUBLIC KEYSUse the Security > SSH (Configure User Key - Copy) pa

CONTENTS– 35 –ip igmp last-member-query-interval 1262ip igmp max-resp-interval 1263ip igmp query-interval 1264ip igmp robustval 1264ip igmp sta

CHAPTER 13 | Security MeasuresConfiguring the Secure Shell– 350 –Figure 176: Copying the SSH User’s Public KeyTo display or clear the SSH user’s

CHAPTER 13 | Security MeasuresAccess Control Lists– 351 –ACCESS CONTROL LISTS Access Control Lists (ACL) provide packet filtering for IPv4 frames

CHAPTER 13 | Security MeasuresAccess Control Lists– 352 –◆ If no matches are found down to the end of the list, the traffic is denied. For this re

CHAPTER 13 | Security MeasuresAccess Control Lists– 353 –WEB INTERFACETo configure a time range: 1. Click Security, ACL.2. Select Configure Time R

CHAPTER 13 | Security MeasuresAccess Control Lists– 354 –6. Fill in the required parameters for the selected mode.7. Click Apply.Figure 180: Add

CHAPTER 13 | Security MeasuresAccess Control Lists– 355 –SHOWING TCAMUTILIZATIONUse the Security > ACL (Configure ACL - Show TCAM) page to show

CHAPTER 13 | Security MeasuresAccess Control Lists– 356 –SETTING THE ACLNAME AND TYPEUse the Security > ACL (Configure ACL - Add) page to creat

CHAPTER 13 | Security MeasuresAccess Control Lists– 357 –Figure 183: Creating an ACLTo show a list of ACLs: 1. Click Security, ACL.2. Select Conf

CHAPTER 13 | Security MeasuresAccess Control Lists– 358 –◆ Source IP Address – Source IP address.◆ Source Subnet Mask – A subnet mask containing f

CHAPTER 13 | Security MeasuresAccess Control Lists– 359 –CONFIGURING ANEXTENDED IPV4 ACLUse the Security > ACL (Configure ACL - Add Rule - IP E

CONTENTS– 36 –lldp basic-tlv port-description 1292lldp basic-tlv system-capabilities 1293lldp basic-tlv system-description 1293lldp basic-tlv sys

CHAPTER 13 | Security MeasuresAccess Control Lists– 360 –where the equivalent binary bit “1” means to match a bit and “0” means to ignore a bit. T

CHAPTER 13 | Security MeasuresAccess Control Lists– 361 –Figure 186: Configuring an Extended IPv4 ACLCONFIGURING ASTANDARD IPV6 ACLUse the Securi

CHAPTER 13 | Security MeasuresAccess Control Lists– 362 –◆ Time Range – Name of a time range.WEB INTERFACETo add rules to a Standard IPv6 ACL: 1.

CHAPTER 13 | Security MeasuresAccess Control Lists– 363 –CONFIGURING ANEXTENDED IPV6 ACLUse the Security > ACL (Configure ACL - Add Rule - IPv6

CHAPTER 13 | Security MeasuresAccess Control Lists– 364 –◆ Flow Label – A label for packets belonging to a particular traffic “flow” for which the

CHAPTER 13 | Security MeasuresAccess Control Lists– 365 –Figure 188: Configuring an Extended IPv6 ACLCONFIGURING A MACACLUse the Security > AC

CHAPTER 13 | Security MeasuresAccess Control Lists– 366 –◆ Packet Format – This attribute includes the following packet types: Any – Any Ethernet

CHAPTER 13 | Security MeasuresAccess Control Lists– 367 –Figure 189: Configuring a MAC ACLCONFIGURING AN ARPACLUse the Security > ACL (Configu

CHAPTER 13 | Security MeasuresAccess Control Lists– 368 –◆ Source/Destination IP Subnet Mask – Subnet mask for source or destination address. (See

CHAPTER 13 | Security MeasuresAccess Control Lists– 369 –Figure 190: Configuring a ARP ACLBINDING A PORT TO ANACCESS CONTROLLISTAfter configuring

CONTENTS– 37 –show ethernet cfm md 1323show ethernet cfm ma 1324show ethernet cfm maintenance-points local 1325show ethernet cfm maintenance-poin

CHAPTER 13 | Security MeasuresARP Inspection– 370 –WEB INTERFACETo bind an ACL to a port: 1. Click Security, ACL.2. Select Configure Interface fro

CHAPTER 13 | Security MeasuresARP Inspection– 371 –COMMAND USAGEEnabling & Disabling ARP Inspection◆ ARP Inspection is controlled on a global

CHAPTER 13 | Security MeasuresARP Inspection– 372 –with different MAC addresses are classified as invalid and are dropped. IP – Checks the ARP bod

CHAPTER 13 | Security MeasuresARP Inspection– 373 – Src-MAC – Validates the source MAC address in the Ethernet header against the sender MAC addre

CHAPTER 13 | Security MeasuresARP Inspection– 374 –◆ ARP Inspection uses the DHCP snooping bindings database for the list of valid IP-to-MAC addre

CHAPTER 13 | Security MeasuresARP Inspection– 375 –Figure 193: Configuring VLAN Settings for ARP InspectionCONFIGURINGINTERFACE SETTINGSFOR ARP I

CHAPTER 13 | Security MeasuresARP Inspection– 376 –3. Specify any untrusted ports which require ARP inspection, and adjust the packet inspection r

CHAPTER 13 | Security MeasuresARP Inspection– 377 –WEB INTERFACETo display statistics for ARP Inspection: 1. Click Security, ARP Inspection.2. Sel

CHAPTER 13 | Security MeasuresFiltering IP Addresses for Management Access– 378 –WEB INTERFACETo display the ARP Inspection log: 1. Click Security

CHAPTER 13 | Security MeasuresFiltering IP Addresses for Management Access– 379 –◆ You can delete an address range just by specifying the start ad

CONTENTS– 38 –45 DOMAIN NAME SERVICE COMMANDS 1351ip domain-list 1351ip domain-lookup 1352ip domain-name 1353ip host 1354ip name-server 1355ipv

CHAPTER 13 | Security MeasuresConfiguring Port Security– 380 –To show a list of IP addresses authorized for management access: 1. Click Security,

CHAPTER 13 | Security MeasuresConfiguring Port Security– 381 –◆ When the port security state is changed from enabled to disabled, all dynamically

CHAPTER 13 | Security MeasuresConfiguring 802.1X Port Authentication– 382 –The maximum address count is effective when port security is enabled or

CHAPTER 13 | Security MeasuresConfiguring 802.1X Port Authentication– 383 –ports in a network can be centrally controlled from a server, which mea

CHAPTER 13 | Security MeasuresConfiguring 802.1X Port Authentication– 384 –◆ Each client that needs to be authenticated must have dot1X client sof

CHAPTER 13 | Security MeasuresConfiguring 802.1X Port Authentication– 385 –4. Click ApplyFigure 201: Configuring Global Settings for 802.1X Port

CHAPTER 13 | Security MeasuresConfiguring 802.1X Port Authentication– 386 –◆ Control Mode – Sets the authentication mode to one of the following o

CHAPTER 13 | Security MeasuresConfiguring 802.1X Port Authentication– 387 –a port, the switch will initiate authentication when the port link stat

CHAPTER 13 | Security MeasuresConfiguring 802.1X Port Authentication– 388 –◆ Identifier (Server) – Identifier carried in the most recent EAP Succe

CHAPTER 13 | Security MeasuresConfiguring 802.1X Port Authentication– 389 –DISPLAYING 802.1XSTATISTICSUse the Security > Port Authentication (S

CONTENTS– 39 –netbios-name-server 1376netbios-node-type 1377network 1377next-server 1378clear ip dhcp binding 1379show ip dhcp binding 1379show ip

CHAPTER 13 | Security MeasuresDoS Protection– 390 –WEB INTERFACETo display port authenticator statistics for 802.1X: 1. Click Security, Port Authe

CHAPTER 13 | Security MeasuresIP Source Guard– 391 –◆ TCP Scan – Configures the switch to protect against the types of DoS attacks described below

CHAPTER 13 | Security MeasuresIP Source Guard– 392 –CONFIGURING PORTSFOR IP SOURCEGUARDUse the Security > IP Source Guard > Port Configurati

CHAPTER 13 | Security MeasuresIP Source Guard– 393 –PARAMETERSThese parameters are displayed:◆ Filter Type – Configures the switch to filter inbou

CHAPTER 13 | Security MeasuresIP Source Guard– 394 –CONFIGURING STATICBINDINGS FOR IPSOURCE GUARDUse the Security > IP Source Guard > Static

CHAPTER 13 | Security MeasuresIP Source Guard– 395 –4. Click ApplyFigure 206: Configuring Static Bindings for IP Source GuardTo display static bi

CHAPTER 13 | Security MeasuresDHCP Snooping– 396 –◆ IP Address – A valid unicast IP address, including classful types A, B or C.Dynamic Binding Li

CHAPTER 13 | Security MeasuresDHCP Snooping– 397 –COMMAND USAGEDHCP Snooping Process◆ Network traffic may be disrupted when malicious DHCP message

CHAPTER 13 | Security MeasuresDHCP Snooping– 398 – If a DHCP packet from a client passes the filtering criteria above, it will only be forwarded t

CHAPTER 13 | Security MeasuresDHCP Snooping– 399 –DHCP packets, keep the existing information, or replace it with the switch’s relay information.D

ABOUT THIS GUIDE– 4 –REVISION HISTORY This section summarizes the changes in each revision of this guide.APRIL 2013 RELEASEThis is the first version

CONTENTS– 40 –ip helper 1404ip helper-address 1405show ip helper 1406IPv6 Interface 1407Interface Address Configuration and Utilities 1408ipv6

CHAPTER 13 | Security MeasuresDHCP Snooping– 400 –4. Click ApplyFigure 209: Configuring Global Settings for DHCP SnoopingDHCP SNOOPINGVLANCONFIGU

CHAPTER 13 | Security MeasuresDHCP Snooping– 401 –WEB INTERFACETo configure global settings for DHCP Snooping: 1. Click Security, IP Source Guard,

CHAPTER 13 | Security MeasuresDHCP Snooping– 402 –WEB INTERFACETo configure global settings for DHCP Snooping: 1. Click Security, IP Source Guard,

CHAPTER 13 | Security MeasuresDHCP Snooping– 403 –◆ Store – Writes all dynamically learned snooping entries to flash memory. This function can be

CHAPTER 13 | Security MeasuresDHCP Snooping– 404 –

– 405 –14 BASIC ADMINISTRATION PROTOCOLSThis chapter describes basic administration tasks including:◆ Event Logging – Sets conditions for logging ev

CHAPTER 14 | Basic Administration ProtocolsConfiguring Event Logging– 406 –The System Logs page allows you to configure and limit system messages

CHAPTER 14 | Basic Administration ProtocolsConfiguring Event Logging– 407 –3. Enable or disable system logging, set the level of event messages to

CHAPTER 14 | Basic Administration ProtocolsConfiguring Event Logging– 408 –REMOTE LOGCONFIGURATIONUse the Administration > Log > Remote page

CHAPTER 14 | Basic Administration ProtocolsConfiguring Event Logging– 409 –Figure 215: Configuring Settings for Remote Logging of Error MessagesS

CONTENTS– 41 –tunnel source vlan 1444tunnel ttl 1445show ipv6 tunnel 144549 IP ROUTING COMMANDS 1447Global Routing Configuration 1447IPv4 Comman

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 410 –WEB INTERFACETo configure SMTP alert messages: 1. Click Administrat

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 411 –SETTING LLDP TIMINGATTRIBUTESUse the Administration > LLDP (Conf

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 412 –should therefore periodically check the value of lldpStatsRemTableL

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 413 –CONFIGURING LLDPINTERFACEATTRIBUTESUse the Administration > LLDP

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 414 –Since there are typically a number of different addresses associate

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 415 – Max Frame Size – The maximum frame size. (See "Configuring Su

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 416 –Figure 218: Configuring LLDP Interface AttributesDISPLAYING LLDPLO

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 417 –◆ Chassis ID – An octet string indicating the specific identifier f

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 418 –WEB INTERFACETo display LLDP information for the local device: 1. C

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 419 –PARAMETERSThese parameters are displayed:Port◆ Local Port – The loc

CONTENTS– 42 –show ip protocols rip 1473show ip rip 1473Open Shortest Path First (OSPFv2) 1474General Configuration 1476router ospf 1476compati

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 420 –◆ Port Description – A string that indicates the port’s description

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 421 –Port Details – 802.3 Extension Port Information◆ Remote Port Auto-N

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 422 –◆ Remote Power Pairs – “Signal” means that the signal pairs only ar

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 423 –Figure 221: Displaying Remote Device Information for LLDP (Port)

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 424 –Figure 222: Displaying Remote Device Information for LLDP (Port De

CHAPTER 14 | Basic Administration ProtocolsLink Layer Discovery Protocol– 425 –PARAMETERSThese parameters are displayed:General Statistics on Remo

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 426 –Figure 223: Displaying LLDP Device Statistics (General)Figure

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 427 –as well as the traffic passing through its ports. A network ma

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 428 –COMMAND USAGEConfiguring SNMPv1/2c Management AccessTo configu

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 429 –PARAMETERSThese parameters are displayed:◆ Agent Status – Enab

CONTENTS– 43 –show ip ospf database 1505show ip ospf interface 1511show ip ospf neighbor 1512show ip ospf route 1513show ip ospf virtual-links

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 430 –ID is deleted or changed, all SNMP users will be cleared. You

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 431 –COMMAND USAGE◆ SNMP passwords are localized using the engine I

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 432 –Figure 228: Showing Remote Engine IDs for SNMPSETTING SNMPV3V

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 433 –3. Select Add View from the Action list.4. Enter a view name a

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 434 –5. Click ApplyFigure 231: Adding an OID Subtree to an SNMP Vi

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 435 –CONFIGURINGSNMPV3 GROUPSUse the Administration > SNMP (Conf

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 436 –Table 29: Supported Notification Messages Model Level Grou

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 437 –Private TrapsswPowerStatusChangeTrap 1.3.6.1.4.1.22426.1.26910

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 438 –WEB INTERFACETo configure an SNMP group:1. Click Administratio

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 439 –SETTING COMMUNITYACCESS STRINGSUse the Administration > SNM

CONTENTS– 44 –show ipv6 ospf route 1541show ipv6 ospf virtual-links 154250 MULTICAST ROUTING COMMANDS 1545General Multicast Routing 1545IPv4 Com

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 440 –To show the community access strings:1. Click Administration,

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 441 – AuthPriv – SNMP communications use both authentication and en

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 442 –To show local SNMPv3 users:1. Click Administration, SNMP.2. Se

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 443 –◆ Security Level – The following security levels are only used

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 444 –Figure 239: Configuring Remote SNMPv3 UsersTo show remote SNM

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 445 –SPECIFYING TRAPMANAGERSUse the Administration > SNMP (Confi

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 446 –PARAMETERSThese parameters are displayed:SNMP Version 1◆ IP Ad

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 447 –SNMP Version 3◆ IP Address – IP address of a new management st

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 448 –WEB INTERFACETo configure trap managers:1. Click Administratio

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 449 –Figure 243: Configuring Trap Managers (SNMPv3)To show configu

CONTENTS– 45 –ip pim rp-candidate 1568ip pim spt-threshold 1570ip pim dr-priority 1571ip pim join-prune-interval 1572clear ip pim bsr rp-set

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 450 –COMMAND USAGE◆ Systems that support SNMP often need a mechanis

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 451 –4. Fill in the IP address of a configured trap manager and the

CHAPTER 14 | Basic Administration ProtocolsSimple Network Management Protocol– 452 –◆ Unknown community name – The total number of SNMP messages d

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 453 –◆ Response PDUs – The total number of SNMP Get-Response PDUs which have been ac

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 454 –a trap message to the management agent which can then respond to the event if s

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 455 –threshold, and again moves back up to the rising threshold. (Range: 1-65535)◆ R

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 456 –Figure 248: Configuring an RMON AlarmTo show configured RMON alarms:1. Click A

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 457 –CONFIGURING RMONEVENTSUse the Administration > RMON (Configure Global - Add

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 458 –WEB INTERFACETo configure an RMON event:1. Click Administration, RMON.2. Select

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 459 –Figure 251: Showing Configured RMON EventsCONFIGURING RMONHISTORY SAMPLESUse t

CONTENTS– 46 –show ipv6 pim rp mapping 1597show ipv6 pim rp-hash 1598SECTION IV APPENDICES 1599ASOFTWARE SPECIFICATIONS 1601Software Features 160

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 460 –◆ Owner - Name of the person who created this entry. (Range: 1-127 characters)W

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 461 –Figure 253: Showing Configured RMON History SamplesTo show collected RMON hist

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 462 –CONFIGURING RMONSTATISTICAL SAMPLESUse the Administration > RMON (Configure

CHAPTER 14 | Basic Administration ProtocolsRemote Monitoring– 463 –Figure 255: Configuring an RMON Statistical SampleTo show configured RMON stat

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 464 –Figure 257: Showing Collected RMON Statistical SamplesETHERNE

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 465 –blocking traffic over the RPL. When a ring failure occurs, the

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 466 –Configuration Guidelines for ERPS1. Create an ERPS ring (Confi

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 467 –◆ Ring ports can not be a member of a dynamic trunk. ◆ Dynamic

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 468 –ERPS RINGCONFIGURATIONUse the Administration > ERPS (Config

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 469 –Configure Details◆ Domain Name – Name of a configured ERPS rin

– 47 –FIGURESFigure 1: Home Page 106Figure 2: Front Panel Indicators 107Figure 3: System Information 130Figure 4: General Switch Information 132Figu

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 470 –◆ RPL Owner – Configures a ring node to be the Ring Protection

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 471 –Control VLAN must be tagged. Failure to observe these restrict

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 472 –Figure 260: Creating an ERPS RingTo configure the ERPS parame

CHAPTER 14 | Basic Administration ProtocolsEthernet Ring Protection Switching– 473 –Figure 262: Creating an ERPS Ring (Secondary Ring)To show the

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 474 –CONNECTIVITY FAULT MANAGEMENTConnectivity Fault Management (CFM) is

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 475 –the DSAPs within an MA, and may also include interconnection points

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 476 –distinguished by the domain name, maintenance level, maintenance as

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 477 –3. Configure the local maintenance end points (MEPs) which will ser

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 478 –Domains"), Configure MA page (see "Configuring CFM Mainte

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 479 –Continuity Check Errors◆ Connectivity Check Config – Sends a trap i

FIGURES– 48 –Figure 32: Displaying Port Information 166Figure 33: Configuring Local Port Mirroring 166Figure 34: Configuring Local Port Mirroring 16

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 480 –WEB INTERFACETo configure global settings for CFM:1. Click Administ

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 481 –CONFIGURINGINTERFACES FOR CFMCFM processes are enabled by default f

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 482 –CLI REFERENCES◆ "CFM Commands" on page 1309COMMAND USAGEC

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 483 –The MIP creation method defined for an MA (see "Configuring CF

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 484 –PARAMETERSThese parameters are displayed:Creating a Maintenance Dom

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 485 –3. Select Add from the Action list.4. Specify the maintenance domai

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 486 –To configure detailed settings for maintenance domains:1. Click Adm

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 487 –◆ Multiple domains at the same maintenance level cannot have an MA

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 488 –◆ MIP Creation Type – Specifies the CFM protocol’s creation method

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 489 –◆ AIS Transmit Level – Configure the AIS maintenance level in an MA

FIGURES– 49 –Figure 68: Configuring Static VLAN Members by Interface Range 207Figure 69: Configuring Global Status of GVRP 208Figure 70: Configuring

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 490 –Figure 272: Showing Maintenance AssociationsTo configure detailed

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 491 –CONFIGURINGMAINTENANCE ENDPOINTSUse the Administration > CFM (Co

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 492 –6. Click Apply.Figure 274: Configuring Maintenance End PointsTo sh

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 493 –COMMAND USAGE◆ All MEPs that exist on other devices inside a mainte

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 494 –Figure 276: Configuring Remote Maintenance End PointsTo show the c

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 495 –◆ LTMs are sent as multicast CFM frames, and forwarded from MIP to

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 496 –5. Click Apply.6. Check the results in the Link Trace cache (see &q

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 497 –◆ MA Index – MA identifier. (Range: 0-4094)◆ Source MEP ID – The id

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 498 –TRANSMITTING DELAY-MEASURE REQUESTSUse the Administration > CFM

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 499 –◆ Count – The number of times to retry sending the message if no re

– 5 –CONTENTSABOUT THIS GUIDE 3CONTENTS 5FIGURES 47TABLES 61SECTION I GETTING STARTED 691INTRODUCTION 71Key Features 71Description of Software Feat

FIGURES– 50 –Figure 104: Displaying Global Settings for STA 251Figure 105: Configuring Interface Settings for STA 255Figure 106: STA Port Roles 257F

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 500 –DISPLAYING LOCALMEPSUse the Administration > CFM > Show Infor

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 501 –DISPLAYING DETAILSFOR LOCAL MEPSUse the Administration > CFM >

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 502 –◆ Suppress Alarm – Shows if the specified MEP is configured to supp

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 503 –DISPLAYING LOCALMIPSUse the Administration > CFM > Show Infor

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 504 –DISPLAYING REMOTEMEPSUse the Administration > CFM > Show Info

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 505 –DISPLAYING DETAILSFOR REMOTE MEPSUse the Administration > CFM &g

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 506 – Down – The interface cannot pass packets. Testing – The interface

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 507 –DISPLAYING THE LINKTRACE CACHEUse the Administration > CFM >

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 508 – EgrVid – The Egress Port can be identified, but the bridge port is

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 509 –◆ Alarm Time – The time a defect must exist before a fault alarm is

FIGURES– 51 –Figure 140: Configuring a Voice VLAN 304Figure 141: Configuring an OUI Telephony List 306Figure 142: Showing an OUI Telephony List 306F

CHAPTER 14 | Basic Administration ProtocolsConnectivity Fault Management– 510 –and some other MA y, at a higher maintenance level, and associated

– 511 –15 MULTICAST FILTERING This chapter describes how to configure the following multicast services:◆ Layer 2 IGMP – Configures snooping and quer

CHAPTER 15 | Multicast FilteringIGMP Protocol– 512 –This switch can use Internet Group Management Protocol (IGMP) to filter multicast traffic. IGM

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 513 –across different subnetworks. Therefore, when PIM routing is enabled for a

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 514 –NOTE: When the switch is configured to use IGMPv3 snooping, the snooping v

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 515 –CONFIGURING IGMPSNOOPING AND QUERYPARAMETERSUse the Multicast > IGMP Sn

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 516 –◆ Proxy Reporting Status – Enables IGMP Snooping with Proxy Reporting. (De

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 517 –When the root bridge in a spanning tree receives a TCN for a VLAN where IG

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 518 –◆ IGMP Snooping Version – Sets the protocol version for compatibility with

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 519 –SPECIFYING STATICINTERFACES FOR AMULTICAST ROUTERUse the Multicast > IG

FIGURES– 52 –Figure 176: Copying the SSH User’s Public Key 350Figure 177: Showing the SSH User’s Public Key 350Figure 178: Setting the Name of a Tim

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 520 –To show the static interfaces attached to a multicast router:1. Click Mult

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 521 –ASSIGNINGINTERFACES TOMULTICAST SERVICESUse the Multicast > IGMP Snoopi

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 522 –Figure 295: Assigning an Interface to a Multicast ServiceTo show the stat

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 523 –and snooping switches from different vendors. In response to this problem,

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 524 –NOTE: MRD messages are flooded to all ports in a VLAN where IGMP snooping

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 525 –◆ Multicast Router Discovery – MRD is used to discover which interfaces ar

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 526 –◆ Last Member Query Interval – The interval to wait for a response to a gr

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 527 –Figure 297: Configuring IGMP Snooping on a VLANTo show the interface sett

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 528 –PARAMETERSThese parameters are displayed:◆ IGMP Query Drop – Configures an

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 529 –◆ Group Address – IP multicast group address with subscribers directly att

FIGURES– 53 –Figure 212: Displaying the Binding Table for DHCP Snooping 403Figure 213: Configuring Settings for System Memory Logs 407Figure 214: Sh

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 530 –◆ Port – Port identifier. (Range: 1-28)◆ Trunk – Trunk identifier. (Range:

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 531 –Output Statistics◆ Report – The number of IGMP membership reports sent fro

CHAPTER 15 | Multicast FilteringLayer 2 IGMP (Snooping and Query)– 532 –Figure 302: Displaying IGMP Snooping Statistics – VLAN To display IGMP

CHAPTER 15 | Multicast FilteringFiltering and Throttling IGMP Groups– 533 –FILTERING AND THROTTLING IGMP GROUPSIn certain switch applications, the

CHAPTER 15 | Multicast FilteringFiltering and Throttling IGMP Groups– 534 –Figure 304: Enabling IGMP Filtering and Throttling $$$CONFIGURING IGMP

CHAPTER 15 | Multicast FilteringFiltering and Throttling IGMP Groups– 535 –WEB INTERFACETo create an IGMP filter profile and set its access mode:1

CHAPTER 15 | Multicast FilteringFiltering and Throttling IGMP Groups– 536 –5. Click Apply.Figure 307: Adding Multicast Groups to an IGMP Filterin

CHAPTER 15 | Multicast FilteringFiltering and Throttling IGMP Groups– 537 –removes an existing group and replaces it with the new multicast group.

CHAPTER 15 | Multicast FilteringMLD Snooping (Snooping and Query for IPv6)– 538 –Figure 309: Configuring IGMP Filtering and Throttling Interface

CHAPTER 15 | Multicast FilteringMLD Snooping (Snooping and Query for IPv6)– 539 –An IPv6 address must be configured on the VLAN interface from whi

FIGURES– 54 –Figure 248: Configuring an RMON Alarm 456Figure 249: Showing Configured RMON Alarms 456Figure 250: Configuring an RMON Event 458Figure

CHAPTER 15 | Multicast FilteringMLD Snooping (Snooping and Query for IPv6)– 540 –3. Click Apply.Figure 310: Configuring General Settings for MLD

CHAPTER 15 | Multicast FilteringMLD Snooping (Snooping and Query for IPv6)– 541 –Figure 311: Configuring Immediate Leave for MLD SnoopingSPECIFYI

CHAPTER 15 | Multicast FilteringMLD Snooping (Snooping and Query for IPv6)– 542 –Figure 312: Configuring a Static Interface for an IPv6 Multicast

CHAPTER 15 | Multicast FilteringMLD Snooping (Snooping and Query for IPv6)– 543 –ASSIGNINGINTERFACES TO IPV6MULTICAST SERVICESUse the Multicast &g

CHAPTER 15 | Multicast FilteringMLD Snooping (Snooping and Query for IPv6)– 544 –Figure 315: Assigning an Interface to an IPv6 Multicast Service

CHAPTER 15 | Multicast FilteringMLD Snooping (Snooping and Query for IPv6)– 545 –Figure 317: Showing Current Interfaces Assigned to an IPv6 Multi

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 546 –◆ Request List – Sources included on the router’s request l

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 547 –NOTE: Multicast Routing Discovery (MRD) is used to discover

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 548 –the proxy devices independent of the multicast routing prot

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 549 –◆ The system periodically checks the multicast route table

FIGURES– 55 –Figure 284: Showing Information on Remote MEPs 504Figure 285: Showing Detailed Information on Remote MEPs 506Figure 286: Showing the Li

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 550 –CONFIGURING IGMPINTERFACEPARAMETERSUse the Multicast > I

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 551 –the QRV field does not contain a declared robustness value,

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 552 –WEB INTERFACETo configure IGMP interface settings:1. Click

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 553 –◆ The switch supports a maximum of 64 static group entries.

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 554 –Figure 323: Showing Static IGMP Groups DISPLAYINGMULTICAST

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 555 –◆ V1 Timer – The time remaining until the switch assumes th

CHAPTER 15 | Multicast FilteringLayer 3 IGMP (Query used with Multicast Routing)– 556 – Forward – Indicates whether or not traffic will be forward

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 557 –MULTICAST VLAN REGISTRATIONMulticast VLAN Registration (MVR) is a protocol that

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 558 –group to the participating interfaces (see "Assigning Static MVR Multicast

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 559 –WEB INTERFACETo configure global settings for MVR:1. Click Multicast, MVR.2. Sel

FIGURES– 56 –Figure 320: Configuring IGMP Proxy Routing 549Figure 321: Configuring IGMP Interface Settings 552Figure 322: Configuring Static IGMP Gr

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 560 –PARAMETERSThese parameters are displayed:Configure Profile◆ Profile Name – The n

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 561 –To show the configured MVR group address profiles:1. Click Multicast, MVR.2. Sel

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 562 –Figure 331: Showing the MVR Group Address Profiles Assigned to a Domain CONFI

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 563 –remaining subscribers for that multicast group before removing the port from the

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 564 –WEB INTERFACETo configure interface settings for MVR:1. Click Multicast, MVR.2.

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 565 –◆ The MVR VLAN cannot be specified as the receiver VLAN for static bindings.PARA

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 566 –4. Select an MVR domain.5. Select the port or trunk for which to display this in

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 567 –WEB INTERFACETo show all MVR groups assigned to a port:1. Click Multicast, MVR.2

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 568 –◆ General Query Sent – The number of general queries sent from this interface.◆

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 569 –WEB INTERFACETo display statistics for MVR query-related messages:1. Click Multi

FIGURES– 57 –Figure 356: Showing the List of Name Servers for DNS 599Figure 357: Configuring Static Entries in the DNS Table 600Figure 358: Showing

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 570 –To display MVR protocol-related statistics for a VLAN:1. Click Multicast, MVR.2.

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 571 –To display MVR protocol-related statistics for a port:1. Click Multicast, MVR.2.

CHAPTER 15 | Multicast FilteringMulticast VLAN Registration– 572 –

– 573 –16 IP CONFIGURATIONThis chapter describes how to configure an initial IP interface for management access to the switch over the network. This

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 574 –◆ To enable routing between interfaces defined on this switch an

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 575 –WEB INTERFACETo set a static address for the switch:1. Click IP,

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 4)– 576 –Figure 340: Configuring a Dynamic IPv4 AddressNOTE: The switch

CHAPTER 16 | IP ConfigurationSending DHCP Inform Requests for Additional Information– 577 –Figure 341: Showing the Configured IP Address for an I

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 578 –WEB INTERFACETo send DHCP Inform requests for additional informa

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 579 –CONFIGURING THEIPV6 DEFAULTGATEWAYUse the IP > IPv6 Configura

FIGURES– 58 –Figure 392: Setting the Maximum ECMP Number 638Figure 393: Master Virtual Router with Backup Routers 639Figure 394: Several Virtual Mas

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 580 –◆ "DHCP Client" on page 1361COMMAND USAGE◆ The switch

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 581 –◆ ND DAD Attempts – The number of consecutive neighbor solicitat

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 582 – This time limit is included in all router advertisements sent o

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 583 –◆ The switch must always be configured with a link-local address

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 584 – EUI-64 (Extended Universal Identifier) – Configures an IPv6 add

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 585 –3. Specify the VLAN to configure, select the address type, and t

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 586 –example, FF02::1:FF90:0/104 is the solicited-node multicast addr

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 587 –SHOWING THE IPV6NEIGHBOR CACHEUse the IP > IPv6 Configuration

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 588 –Figure 347: Showing IPv6 NeighborsSHOWING IPV6STATISTICSUse the

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 589 –PARAMETERSThese parameters are displayed:Table 33: Show IPv6 Sta

FIGURES– 59 –Figure 428: Showing General Settings for OSPF 677Figure 429: Adding an NSSA or Stub 678Figure 430: Showing NSSAs or Stubs 679Figure 431

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 590 –IPv6 TransmittedForwards Datagrams The number of output datagram

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 591 –Neighbor Advertisement MessagesThe number of ICMP Neighbor Adver

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 592 –WEB INTERFACETo show the IPv6 statistics:1. Click IP, IPv6 Confi

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 593 –Figure 349: Showing IPv6 Statistics (ICMPv6)Figure 350: Showin

CHAPTER 16 | IP ConfigurationSetting the Switch’s IP Address (IP Version 6)– 594 –SHOWING THE MTUFOR RESPONDINGDESTINATIONSUse the IP > IPv6 Co

– 595 –17 IP SERVICESThis chapter describes the following IP services:◆ DNS – Configures default domain names, identifies servers to use for dynamic

CHAPTER 17 | IP ServicesDomain Name Service– 596 –COMMAND USAGE◆ To enable DNS service on this switch, enable domain lookup status, and configure

CHAPTER 17 | IP ServicesDomain Name Service– 597 –◆ If there is no domain list, the default domain name is used (see "Configuring General DNS

CHAPTER 17 | IP ServicesDomain Name Service– 598 –Figure 354: Showing the List of Domain Names for DNSCONFIGURING A LISTOF NAME SERVERSUse the IP

CHAPTER 17 | IP ServicesDomain Name Service– 599 –Figure 355: Configuring a List of Name Servers for DNSTo show the list name servers:1. Click IP

CONTENTS– 6 –SECTION II WEB CONFIGURATION 1033USING THE WEB INTERFACE 105Connecting to the Web Interface 105Navigating the Web Browser Interface 1

FIGURES– 60 –Figure 464: Configuring a Static Rendezvous Point 723Figure 465: Showing Static Rendezvous Points 723Figure 466: Configuring an RP Cand

CHAPTER 17 | IP ServicesDomain Name Service– 600 –WEB INTERFACETo configure static entries in the DNS table:1. Click IP Service, DNS, Static Host

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 601 –client can try each address in succession, until it establishes a connection wit

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 602 –SPECIFYING A DHCPCLIENT IDENTIFIERUse the IP Service > DHCP > Client page

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 603 –CONFIGURING DHCPRELAY SERVICEUse the IP Service > DHCP > Relay page to con

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 604 –Figure 362: Configuring DHCP Relay ServiceCONFIGURING THEDHCP SERVERThis switch

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 605 –ENABLING THE SERVERUse the IP Service > DHCP > Server (Configure Global) p

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 606 –◆ End IP Address – The last address in a range that the DHCP server should not a

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 607 –CONFIGURING ADDRESS POOLSUse the IP Service > DHCP > Server (Configure Poo

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 608 –◆ Subnet Mask – The bit combination that identifies the network (or subnet) and

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 609 –3. Select Add from the Action list.4. Set the pool Type to Network or Host. 5. E

– 61 –TABLESTable 1: Key Features 71Table 2: System Defaults 79Table 3: Options 60, 66 and 67 Statements 96Table 4: Options 55 and 124 Statements

CHAPTER 17 | IP ServicesDynamic Host Configuration Protocol– 610 –Figure 368: Configuring DHCP Server Address Pools (Host)To show the configured

CHAPTER 17 | IP ServicesForwarding UDP Service Requests– 611 –PARAMETERSThese parameters are displayed:◆ IP Address – IP address assigned to host.

CHAPTER 17 | IP ServicesForwarding UDP Service Requests– 612 –ENABLING THE UDPHELPERUse the IP Service > UDP Helper > General page to enable

CHAPTER 17 | IP ServicesForwarding UDP Service Requests– 613 –IEN-116 Name Service port 42NetBIOS Datagram Server port 138NetBIOS Name Server p

CHAPTER 17 | IP ServicesForwarding UDP Service Requests– 614 –SPECIFYING THETARGET SERVER ORSUBNETUse the IP Service > UDP Helper > Address

CHAPTER 17 | IP ServicesConfiguring the PPPoE Intermediate Agent– 615 –3. Enter the address of the remote server or subnet where UDP request packe

CHAPTER 17 | IP ServicesConfiguring the PPPoE Intermediate Agent– 616 –COMMAND USAGEWhen PPPoE IA is enabled, the switch inserts a tag identifying

CHAPTER 17 | IP ServicesConfiguring the PPPoE Intermediate Agent– 617 –Figure 376: Configuring Global Settings for PPPoE Intermediate AgentCONFIG

CHAPTER 17 | IP ServicesConfiguring the PPPoE Intermediate Agent– 618 – The switch intercepts PPPoE discovery frames from the client and inserts a

CHAPTER 17 | IP ServicesConfiguring the PPPoE Intermediate Agent– 619 –SHOWING PPPOE IASTATISTICSUse the IP Service > PPPoE Intermediate Agent

TABLES– 62 –Table 32: ShowIPv6 Neighbors - display description 587Table 33: Show IPv6 Statistics - display description 589Table 34: Show MTU - dis

CHAPTER 17 | IP ServicesConfiguring the PPPoE Intermediate Agent– 620 –Figure 378: Showing PPPoE Intermediate Agent Statisticsg

– 621 –18 GENERAL IP ROUTINGThis chapter provides information on network functions including:◆ Ping – Sends ping message to another node on the netw

CHAPTER 18 | General IP RoutingIP Routing and Switching– 622 –Figure 379: Virtual Interfaces and Layer 3 RoutingIP ROUTING AND SWITCHINGIP Switch

CHAPTER 18 | General IP RoutingIP Routing and Switching– 623 –broadcast to get the destination MAC address from the destination node. The IP packe

CHAPTER 18 | General IP RoutingConfiguring IP Routing Interfaces– 624 –ROUTING PROTOCOLS The switch supports both static and dynamic routing.◆ Sta

CHAPTER 18 | General IP RoutingConfiguring IP Routing Interfaces– 625 –unknown destinations, i.e., packets that do not match any routing table ent

CHAPTER 18 | General IP RoutingConfiguring IP Routing Interfaces– 626 –WEB INTERFACETo ping another device on the network:1. Click IP, General, Pi

CHAPTER 18 | General IP RoutingAddress Resolution Protocol– 627 –returning an “ICMP port unreachable” message. If the timer goes off before a resp

CHAPTER 18 | General IP RoutingAddress Resolution Protocol– 628 –next hop. IP traffic passes along the path to its final destination in this way,

CHAPTER 18 | General IP RoutingAddress Resolution Protocol– 629 –Figure 382: Proxy ARPPARAMETERSThese parameters are displayed:◆ Timeout – Sets t

TABLES– 63 –Table 68: User Access Commands 864Table 69: Default Login Settings 865Table 70: Authentication Sequence Commands 866Table 71: RADIUS

CHAPTER 18 | General IP RoutingAddress Resolution Protocol– 630 –Figure 383: Configuring General Settings for ARPCONFIGURING STATICARP ADDRESSESF

CHAPTER 18 | General IP RoutingAddress Resolution Protocol– 631 –WEB INTERFACETo map an IP address to the corresponding physical address in the AR

CHAPTER 18 | General IP RoutingAddress Resolution Protocol– 632 –DISPLAYING DYNAMICOR LOCAL ARPENTRIESThe ARP cache contains static entries, and e

CHAPTER 18 | General IP RoutingConfiguring Static Routes– 633 –DISPLAYING ARPSTATISTICSUse the IP > ARP (Show Information) page to display stat

CHAPTER 18 | General IP RoutingConfiguring Static Routes– 634 –network topology, so you should only configure a small number of stable routes to e

CHAPTER 18 | General IP RoutingDisplaying the Routing Table– 635 –Figure 389: Configuring Static RoutesTo display static routes:1. Click IP, Rout

CHAPTER 18 | General IP RoutingDisplaying the Routing Table– 636 –network, the routing table is updated, and those changes are immediately reflect

CHAPTER 18 | General IP RoutingEqual-cost Multipath Routing– 637 –Figure 391: Displaying the Routing TableEQUAL-COST MULTIPATH ROUTINGUse the IP

CHAPTER 18 | General IP RoutingEqual-cost Multipath Routing– 638 –◆ The routing table can only have up to 8 equal-cost multipaths for static routi

– 639 –19 CONFIGURING ROUTER REDUNDANCYRouter redundancy protocols use a virtual IP address to support a primary router and multiple backup routers.

TABLES– 64 –Table 104: show lacp neighbors - display description 1027Table 105: show lacp sysid - display description 1028Table 106: Port Mirrorin

CHAPTER 19 | Configuring Router RedundancyConfiguring VRRP Groups– 640 –Figure 395: Several Virtual Master Routers Configured for Mutual Backup a

CHAPTER 19 | Configuring Router RedundancyConfiguring VRRP Groups– 641 –priority. In cases where the configured priority is the same on several gr

CHAPTER 19 | Configuring Router RedundancyConfiguring VRRP Groups– 642 –◆ VLAN – ID of a VLAN configured with an IP interface. (Range: 1-4093; Def

CHAPTER 19 | Configuring Router RedundancyConfiguring VRRP Groups– 643 –◆ Authentication Mode – Authentication mode used to verify VRRP packets re

CHAPTER 19 | Configuring Router RedundancyConfiguring VRRP Groups– 644 –Figure 396: Configuring the VRRP Group IDTo show the configured VRRP grou

CHAPTER 19 | Configuring Router RedundancyConfiguring VRRP Groups– 645 –Figure 398: Setting the Virtual Router Address for a VRRP GroupTo show th

CHAPTER 19 | Configuring Router RedundancyDisplaying VRRP Global Statistics– 646 –Figure 400: Configuring Detailed Settings for a VRRP GroupDISPL

CHAPTER 19 | Configuring Router RedundancyDisplaying VRRP Group Statistics– 647 –Figure 401: Showing Counters for Errors Found in VRRP PacketsDIS

CHAPTER 19 | Configuring Router RedundancyDisplaying VRRP Group Statistics– 648 –WEB INTERFACETo show counters for VRRP protocol events and errors

– 649 –20 UNICAST ROUTINGThis chapter describes how to configure the following unicast routing protocols:RIP – Configures Routing Information Protoc

TABLES– 65 –Table 140: IGMP Snooping Commands 1186Table 141: show ip igmp snooping statistics input - display description 1204Table 142: show ip i

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 650 –To coexist with a network built on multilayer switches, the subnetw

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 651 –versions can take a long time to converge on a new route after the

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 652 –RIP send/receive versions set on the RIP Interface settings screen

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 653 –access list that filters networks according to the IP address of th

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 654 –Figure 404: Configuring General Settings for RIPCLEARING ENTRIESFR

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 655 –◆ Clear Route By Network – Clears a specific route based on its IP

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 656 –PARAMETERSThese parameters are displayed:◆ By Address – Adds a netw

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 657 –Figure 407: Showing Network Interfaces Using RIP SPECIFYING PASSIV

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 658 –Figure 408: Specifying a Passive RIP Interface To show the passive

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 659 –3. Add the address of any static neighbors which may not readily to

TABLES– 66 –Table 176: MEP Defect Descriptions 1346Table 177: show fault-notify-generator - display description 1348Table 178: Address Table Comma

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 660 –◆ Metric – Metric assigned to all external routes for the specified

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 661 –Figure 413: Showing External Routes Redistributed into RIP SPECIFY

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 662 –WEB INTERFACETo define an administrative distance for external rout

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 663 –◆ "ip rip authentication mode" on page 1467◆ "ip rip

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 664 –password. If any incoming protocol messages do not contain the corr

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 665 –◆ Authentication Type – Specifies the type of authentication requir

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 666 –Figure 416: Configuring a Network Interface for RIP To show the ne

CHAPTER 20 | Unicast RoutingConfiguring the Routing Information Protocol– 667 –◆ Rcv Bad Routes – Number of bad routes received.◆ Send Updates – N

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 668 –Figure 419: Showing RIP Peer InformationRESETTING

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 669 –Figure 421: Configuring OSPFCOMMAND USAGE◆ OSPF l

TABLES– 67 –Table 212: show ip ospf database summary - display description 1510Table 213: show ip ospf interface - display description 1511Table 2

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 670 – You can further optimize the exchange of OSPF tra

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 671 –CLI REFERENCES◆ "router ospf" on page 14

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 672 –WEB INTERFACETo define an OSPF area and the interf

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 673 –Figure 425: Showing OSPF Process Identifiers CONF

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 674 –◆ Auto Cost – Calculates the cost for an interface

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 675 –◆ Advertise Default Route12 – The router can adver

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 676 –Figure 427: Configure General Settings for OSPF D

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 677 –WEB INTERFACETo show administrative settings and s

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 678 –ADDING AN NSSA ORSTUBUse the Routing Protocol >

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 679 –To show the NSSA or stubs added to the specified O

TABLES– 68 –

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 680 –CLI REFERENCES◆ "router ospf" on page 14

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 681 –◆ Redistribute – Disable this option when the rout

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 682 –5. Click ApplyFigure 432: Configuring Protocol Se

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 683 –◆ A stub can have multiple ABRs or exit points. Ho

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 684 –Figure 434: Configuring Protocol Settings for a S

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 685 –Figure 435: Displaying Information on NSSA and St

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 686 –PARAMETERSThese parameters are displayed:◆ Process

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 687 –3. Select the process ID.Figure 438: Showing Conf

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 688 –◆ Protocol Type – Specifies the external routing p

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 689 –Figure 440: Importing External Routes To show the

– 69 –SECTION IGETTING STARTEDThis section provides an overview of the switch, and introduces some basic concepts about network switches. It also de

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 690 –CLI REFERENCES◆ "router ospf" on page 14

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 691 –To show the summary addresses for external routes:

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 692 –◆ IP Address – Address of the interfaces assigned

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 693 –◆ Transmit Delay – Sets the estimated time to send

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 694 –the OSPF header when routing protocol packets are

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 695 –Figure 444: Configuring Settings for All Interfac

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 696 –Figure 445: Configuring Settings for a Specific A

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 697 –Figure 447: Showing MD5 Authentication Keys CONFI

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 698 –CLI REFERENCES◆ "router ospf" on page 14

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 699 –To show virtual links:1. Click Routing Protocol, O

CONTENTS– 7 –Displaying Connection Status 165Configuring Port Mirroring 166Showing Port or Trunk Statistics 168Performing Cable Diagnostics 172T

SECTION I | Getting Started– 70 –

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 700 –Figure 452: Showing MD5 Authentication Keys DISPL

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 701 –CLI REFERENCES◆ "show ip ospf database"

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 702 –Figure 453: Displaying Information in the Link St

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 703 – Attempt – Connection down, but attempting contact

CHAPTER 20 | Unicast RoutingConfiguring the Open Shortest Path First Protocol (Version 2)– 704 –

– 705 –21 MULTICAST ROUTINGThis chapter describes the following multicast routing topics:◆ Enabling Multicast Routing Globally – Describes how to gl

CHAPTER 21 | Multicast RoutingOverview– 706 –PIM-DM is a simple multicast routing protocol that uses flood and prune to build a source-routed mult

CHAPTER 21 | Multicast RoutingOverview– 707 –group addresses. The BSR places information about all of the candidate RPs in subsequent bootstrap me

CHAPTER 21 | Multicast RoutingConfiguring Global Settings for Multicast Routing– 708 –data transmission delays. The switch can also be configured

CHAPTER 21 | Multicast RoutingConfiguring Global Settings for Multicast Routing– 709 –DISPLAYING THEMULTICAST ROUTINGTABLEUse the Multicast > M

– 71 –1 INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that al

CHAPTER 21 | Multicast RoutingConfiguring Global Settings for Multicast Routing– 710 –Show Details◆ Group Address – IP group address for a multica

CHAPTER 21 | Multicast RoutingConfiguring Global Settings for Multicast Routing– 711 – Pruned – This route has been terminated. Registering - A do

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 712 –CONFIGURING PIM FOR IPV4This section describes how to configure PIM-DM and PIM-SM for

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 713 –◆ PIM and IGMP proxy cannot be used at the same time. When an interface is set to use

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 714 –Hello messages are sent to neighboring PIM routers from which this device has receive

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 715 –The override interval and the propagation delay are used to calculate the LAN prune d

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 716 –of each router in the tree. This also enables PIM routers to recognize topology chang

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 717 –Figure 459: Configuring PIM Interface Settings (Dense Mode)Figure 460: Configuring

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 718 –DISPLAYING NEIGHBORINFORMATIONUse the Routing Protocol > PIM > Neighbor page to

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 719 –◆ Register Source – Configures the IP source address of a register message to an addr

CHAPTER 1 | IntroductionDescription of Software Features– 72 –DESCRIPTION OF SOFTWARE FEATURESThe switch provides a wide range of advanced perform

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 720 –Figure 462: Configuring Global Settings for PIM-SMCONFIGURING A BSRCANDIDATEUse the

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 721 –with the same seed hash will be mapped to the same RP. If the mask length is less tha

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 722 –◆ If an IP address is specified that was previously used for an RP, then the older en

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 723 –Figure 464: Configuring a Static Rendezvous PointTo display static rendezvous points

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 724 –◆ The election process for each group is based on the following criteria: Find all RP

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 725 –Figure 466: Configuring an RP CandidateTo display settings for an RP candidate:1. Cl

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 726 –◆ Priority – Priority value used by this BSR candidate.◆ Hash Mask Length – The numbe

CHAPTER 21 | Multicast RoutingConfiguring PIM for IPv4– 727 –Figure 468: Showing Information About the BSRDISPLAYING RPMAPPINGUse the Routing Pro

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 728 –Figure 469: Showing RP MappingCONFIGURING PIMV6 FOR IPV6This section describes how

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 729 –CONFIGURING PIMINTERFACE SETTINGSUse the Routing Protocol > PIM6 > Interface

CHAPTER 1 | IntroductionDescription of Software Features– 73 –CONFIGURATIONBACKUP ANDRESTOREYou can save the current configuration settings to a f

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 730 –◆ Hello Holdtime – Sets the interval to wait for hello messages from a neighboring

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 731 –command effectively prompts any downstream neighbors with hosts receiving the flow

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 732 –◆ Max. Graft Retries – The maximum number of times to resend a Graft message if it

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 733 –prune state for this (source, group) pair until the join/prune interval timer expir

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 734 –Figure 472: Configuring PIMv6 Interface Settings (Sparse Mode)DISPLAYING NEIGHBORI

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 735 –CONFIGURING GLOBALPIM6-SM SETTINGSUse the Routing Protocol > PIM6 > PIM6-SM (

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 736 –WEB INTERFACETo configure global settings for PIM6-SM:1. Click Routing Protocol, PI

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 737 –PARAMETERSThese parameters are displayed:◆ BSR Candidate Status – Configures the sw

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 738 –CONFIGURING A PIM6STATIC RENDEZVOUSPOINTUse the Routing Protocol > PIM6 > PIM

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 739 –3. Specify the static RP to use for a multicast group, or a range of groups by usin

CHAPTER 1 | IntroductionDescription of Software Features– 74 –RATE LIMITING This feature controls the maximum rate for traffic transmitted or rece

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 740 –from the BSR also elects an active RP for each group range using the same election

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 741 –multicast group address and mask indicating the groups for which this router is bid

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 742 –◆ Priority – Priority value used by this BSR candidate.◆ Hash Mask Length – The num

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 743 –Figure 480: Showing Information About the PIM6 BSRDISPLAYING RPMAPPINGUse the Rout

CHAPTER 21 | Multicast RoutingConfiguring PIMv6 for IPv6– 744 –Figure 481: Showing PIM6 RP Mapping

– 745 –SECTION IIICOMMAND LINE INTERFACEThis section provides a detailed description of the Command Line Interface, along with examples for all of t

SECTION III | Command Line Interface– 746 –◆ "Class of Service Commands" on page 1155◆ "Quality of Service Commands" on page 1

– 747 –22 USING THE COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).NOTE: You can only access the console i

CHAPTER 22 | Using the Command Line InterfaceAccessing the CLI– 748 –TELNET CONNECTION Telnet operates over the IP transport protocol. In this env

CHAPTER 22 | Using the Command Line InterfaceEntering Commands– 749 –NOTE: You can open up to eight sessions to the device via Telnet or SSH.ENTER

CHAPTER 1 | IntroductionDescription of Software Features– 75 –This prevents bad frames from entering the network and wasting bandwidth.To avoid dr

CHAPTER 22 | Using the Command Line InterfaceEntering Commands– 750 –GETTING HELP ONCOMMANDSYou can display a brief description of the help system

CHAPTER 22 | Using the Command Line InterfaceEntering Commands– 751 – radius-server RADIUS server information reload Show

CHAPTER 22 | Using the Command Line InterfaceEntering Commands– 752 –NEGATING THE EFFECTOF COMMANDSFor many configuration commands you can enter t

CHAPTER 22 | Using the Command Line InterfaceEntering Commands– 753 –display the “Console#” command prompt. You can also enter Privileged Exec mod

CHAPTER 22 | Using the Command Line InterfaceEntering Commands– 754 –◆ Line Configuration - These commands modify the console port and Telnet conf

CHAPTER 22 | Using the Command Line InterfaceEntering Commands– 755 –For example, you can use the following commands to enter interface configurat

CHAPTER 22 | Using the Command Line InterfaceCLI Command Groups– 756 –CLI COMMAND GROUPSThe system commands can be broken down into the functional

CHAPTER 22 | Using the Command Line InterfaceCLI Command Groups– 757 –The access mode shown in the following tables is indicated by these abbrevia

CHAPTER 22 | Using the Command Line InterfaceCLI Command Groups– 758 –PM (Policy Map Configuration)RC (Router Configuration)VC (VLAN Database Conf

– 759 –23 GENERAL COMMANDSThese commands are used to control the command access mode, configuration mode, and other basic functions.prompt This comm

CHAPTER 1 | IntroductionDescription of Software Features– 76 –◆ Simplify network management for node changes/moves by remotely configuring VLAN me

CHAPTER 23 | General Commands– 760 –EXAMPLE Console(config)#prompt RD2RD2(config)#reload (GlobalConfiguration)This command restarts the system at

CHAPTER 23 | General Commands– 761 –COMMAND USAGE ◆ This command resets the entire system. ◆ Any combination of reload options may be specified. I

CHAPTER 23 | General Commands– 762 –EXAMPLE Console>enablePassword: [privileged level password]Console#RELATED COMMANDS disable (764)enable pas

CHAPTER 23 | General Commands– 763 –EXAMPLE In this example, the show history command lists the contents of the command history buffer:Console#sho

CHAPTER 23 | General Commands– 764 –disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only dis

CHAPTER 23 | General Commands– 765 –show reload This command displays the current reload settings, and the time at which next scheduled reload wil

CHAPTER 23 | General Commands– 766 –EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and t

– 767 –24 SYSTEM MANAGEMENT COMMANDSThese commands are used to control system logs, passwords, user names, management options, and display or config

CHAPTER 24 | System Management CommandsDevice Designation– 768 –hostname This command specifies or modifies the host name for this device. Use the

CHAPTER 24 | System Management CommandsSystem Status– 769 –SYSTEM STATUSThis section describes commands used to display system information.show ac

CHAPTER 1 | IntroductionDescription of Software Features– 77 –ETHERNET RINGPROTECTIONSWITCHINGERPS can also be used to increase the availability a

CHAPTER 24 | System Management CommandsSystem Status– 770 –show memory This command shows memory utilization parameters.COMMAND MODE Normal Exec,

CHAPTER 24 | System Management CommandsSystem Status– 771 –show running-configThis command displays the configuration information currently in use

CHAPTER 24 | System Management CommandsSystem Status– 772 –!<stackingMac>00_00-00-00-00-00-00_00</stackingMac>!<stackingMac>00_0

CHAPTER 24 | System Management CommandsSystem Status– 773 –◆ This command displays settings for key command modes. Each mode group is separated by

CHAPTER 24 | System Management CommandsSystem Status– 774 –EXAMPLEConsole#show systemSystem Description : GTL-2691 Managed L3 Stackable SwitchSyst

CHAPTER 24 | System Management CommandsSystem Status– 775 – Telnet Server Port: 23 Jumbo Frame: Disabled...show users Shows all a

CHAPTER 24 | System Management CommandsFrame Size– 776 –EXAMPLE Console#show versionUnit 1 Serial Number : S123456 Hardware Version

CHAPTER 24 | System Management CommandsFan Control– 777 –between the two end nodes must be able to accept the extended frame size. And for half-du

CHAPTER 24 | System Management CommandsFile Management– 778 –FILE MANAGEMENTManaging FirmwareFirmware can be uploaded and downloaded to or from an

CHAPTER 24 | System Management CommandsFile Management– 779 –General Commandsboot system This command specifies the file or image used to start up

CHAPTER 1 | IntroductionDescription of Software Features– 78 –ADDRESS RESOLUTIONPROTOCOLThe switch uses ARP and Proxy ARP to convert between IP ad

CHAPTER 24 | System Management CommandsFile Management– 780 –copy This command moves (upload/download) a code image or configuration file between

CHAPTER 24 | System Management CommandsFile Management– 781 –◆ You can use “Factory_Default_Config.cfg” as the source to copy from the factory def

CHAPTER 24 | System Management CommandsFile Management– 782 –The following example shows how to copy the running configuration to a startup file.C

CHAPTER 24 | System Management CommandsFile Management– 783 –This example shows how to copy a file to an FTP server. Console#copy ftp fileFTP serv

CHAPTER 24 | System Management CommandsFile Management– 784 –dir This command displays a list of files in flash memory.SYNTAX dir [unit:] {boot-ro

CHAPTER 24 | System Management CommandsFile Management– 785 –whichboot This command displays which files were booted when the system powered up.SY

CHAPTER 24 | System Management CommandsFile Management– 786 –1. It will search for a new version of the image at the location specified by upgrade

CHAPTER 24 | System Management CommandsFile Management– 787 –DEFAULT SETTING NoneCOMMAND MODE Global ConfigurationCOMMAND USAGE ◆ This command is

CHAPTER 24 | System Management CommandsLine– 788 –COMMAND MODE Global ConfigurationEXAMPLEThis shows how to specify a TFTP server where new code i

CHAPTER 24 | System Management CommandsLine– 789 –line This command identifies a specific line for configuration, and to process subsequent line c

CHAPTER 1 | IntroductionSystem Defaults– 79 –SYSTEM DEFAULTSThe switch’s system defaults are provided in the configuration file “Factory_Default_C

CHAPTER 24 | System Management CommandsLine– 790 –databits This command sets the number of data bits per character that are interpreted and genera

CHAPTER 24 | System Management CommandsLine– 791 –COMMAND USAGE ◆ If user input is detected within the timeout interval, the session is kept open;

CHAPTER 24 | System Management CommandsLine– 792 –◆ This command controls login authentication via the switch itself. To configure user names and

CHAPTER 24 | System Management CommandsLine– 793 –password This command specifies the password for a line. Use the no form to remove the password.

CHAPTER 24 | System Management CommandsLine– 794 –password-thresh This command sets the password intrusion threshold which limits the number of fa

CHAPTER 24 | System Management CommandsLine– 795 –COMMAND MODE Line Configuration (console only)EXAMPLE To set the silent time to 60 seconds, ente

CHAPTER 24 | System Management CommandsLine– 796 –stopbits This command sets the number of the stop bits transmitted per byte. Use the no form to

CHAPTER 24 | System Management CommandsLine– 797 –EXAMPLE To set the timeout to two minutes, enter this command:Console(config-line)#timeout login

CHAPTER 24 | System Management CommandsEvent Logging– 798 –EXAMPLE To show all lines, enter this command:Console#show line Console Configuration:

CHAPTER 24 | System Management CommandsEvent Logging– 799 –logging facility This command sets the facility type for remote logging of syslog messa

CONTENTS– 8 –7ADDRESS TABLE SETTINGS 233Configuring MAC Address Learning 233Setting Static Addresses 235Changing the Aging Time 236Displaying the

CHAPTER 1 | IntroductionSystem Defaults– 80 –Port Configuration Admin Status EnabledAuto-negotiation EnabledFlow Control DisabledPo rt Trunking St

CHAPTER 24 | System Management CommandsEvent Logging– 800 –DEFAULT SETTING Flash: errors (level 3 - 0)RAM: debugging (level 7 - 0)COMMAND MODE Glo

CHAPTER 24 | System Management CommandsEvent Logging– 801 –EXAMPLE Console(config)#logging host 10.1.0.3Console(config)#logging on This command co

CHAPTER 24 | System Management CommandsEvent Logging– 802 –DEFAULT SETTING DisabledLevel 7COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ Using t

CHAPTER 24 | System Management CommandsEvent Logging– 803 –show log This command displays the log messages stored in local memory.SYNTAX show log

CHAPTER 24 | System Management CommandsEvent Logging– 804 –EXAMPLEThe following example shows that system logging is enabled, the message level fo

CHAPTER 24 | System Management CommandsSMTP Alerts– 805 –SMTP ALERTSThese commands configure SMTP event handling, and forwarding of alert messages

CHAPTER 24 | System Management CommandsSMTP Alerts– 806 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ You can specify up to three SMTP servers

CHAPTER 24 | System Management CommandsSMTP Alerts– 807 –EXAMPLEThis example will send email alerts for system errors from level 3 through 0.Conso

CHAPTER 24 | System Management CommandsTime– 808 –COMMAND USAGE You may use an symbolic email address that identifies the switch, or the address o

CHAPTER 24 | System Management CommandsTime– 809 –SNTP Commandssntp client This command enables SNTP client requests for time synchronization from

CHAPTER 1 | IntroductionSystem Defaults– 81 –IP Settings Management. VLAN Any VLAN configured with an IP addressIP Address 192.168.1.1Default Gate

CHAPTER 24 | System Management CommandsTime– 810 –Current Mode: unicastSNTP Status : EnabledSNTP Server 137.92.140.80 0.0.0.0 0.0.0.0Current Serve

CHAPTER 24 | System Management CommandsTime– 811 –DEFAULT SETTING NoneCOMMAND MODE Global ConfigurationCOMMAND USAGE This command specifies time s

CHAPTER 24 | System Management CommandsTime– 812 –NTP Commandsntp authenticate This command enables authentication for NTP client-server communica

CHAPTER 24 | System Management CommandsTime– 813 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ The key number specifies a key value in the NTP

CHAPTER 24 | System Management CommandsTime– 814 –◆ This command enables client time requests to time servers specified via the ntp servers comman

CHAPTER 24 | System Management CommandsTime– 815 –EXAMPLE Console(config)#ntp server 192.168.3.20Console(config)#ntp server 192.168.3.21Console(co

CHAPTER 24 | System Management CommandsTime– 816 –minutes - Number of minutes before/after UTC. (Range: 0-59 minutes)before-utc - Sets the local t

CHAPTER 24 | System Management CommandsTime Range– 817 –COMMAND USAGE Note that when SNTP is enabled, the system clock cannot be manually configur

CHAPTER 24 | System Management CommandsTime Range– 818 –time-range This command specifies the name of a time range, and enters time range configur

CHAPTER 24 | System Management CommandsTime Range– 819 –COMMAND MODE Time Range ConfigurationCOMMAND USAGE If a time range is already configured,

CHAPTER 1 | IntroductionSystem Defaults– 82 –

CHAPTER 24 | System Management CommandsSwitch Clustering– 820 –EXAMPLEThis example configures a time range for the periodic occurrence of an event

CHAPTER 24 | System Management CommandsSwitch Clustering– 821 –Using Switch Clustering◆ A switch cluster has a primary unit called the “Commander”

CHAPTER 24 | System Management CommandsSwitch Clustering– 822 –IP subnets in the network. Cluster IP addresses are assigned to switches when they

CHAPTER 24 | System Management CommandsSwitch Clustering– 823 –cluster ip-pool This command sets the cluster IP address pool. Use the no form to r

CHAPTER 24 | System Management CommandsSwitch Clustering– 824 –COMMAND MODEGlobal ConfigurationCOMMAND USAGE ◆ The maximum number of cluster Membe

CHAPTER 24 | System Management CommandsSwitch Clustering– 825 –Heartbeat Loss Count : 3 secondsNumber of Members : 1Number of Candidates : 2Con

CHAPTER 24 | System Management CommandsSwitch Clustering– 826 –

– 827 –25 SNMP COMMANDSControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the e

CHAPTER 25 | SNMP Commands– 828 –Notification Log Commandsnlm Enables the specified notification log GCsnmp-server notify-filter Creates a notific

CHAPTER 25 | SNMP CommandsGeneral SNMP Commands– 829 –General SNMP Commandssnmp-server This command enables the SNMPv3 engine and services for all

– 83 –2 INITIAL SWITCH CONFIGURATIONThis chapter includes information on connecting to the switch and basic configuration procedures.CONNECTING TO T

CHAPTER 25 | SNMP CommandsGeneral SNMP Commands– 830 –EXAMPLE Console(config)#snmp-server community alpha rwConsole(config)#snmp-servercontactThis

CHAPTER 25 | SNMP CommandsGeneral SNMP Commands– 831 –EXAMPLE Console(config)#snmp-server location WC-19Console(config)#RELATED COMMANDSsnmp-serve

CHAPTER 25 | SNMP CommandsSNMP Target Host Commands– 832 –SNMP Target Host Commandssnmp-server enabletrapsThis command enables this device to send

CHAPTER 25 | SNMP CommandsSNMP Target Host Commands– 833 –snmp-server host This command specifies the recipient of a Simple Network Management Pro

CHAPTER 25 | SNMP CommandsSNMP Target Host Commands– 834 –enable multiple hosts, you must issue a separate snmp-server host command for each host.

CHAPTER 25 | SNMP CommandsSNMPv3 Commands– 835 –EXAMPLE Console(config)#snmp-server host 10.1.19.23 batmanConsole(config)#RELATED COMMANDSsnmp-ser

CHAPTER 25 | SNMP CommandsSNMPv3 Commands– 836 –◆ Trailing zeroes need not be entered to uniquely specify a engine ID. In other words, the value “

CHAPTER 25 | SNMP CommandsSNMPv3 Commands– 837 –COMMAND USAGE ◆ A group sets the access policy for the assigned users.◆ When authentication is sel

CHAPTER 25 | SNMP CommandsSNMPv3 Commands– 838 –DEFAULT SETTING None COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ Local users (i.e., the comma

CHAPTER 25 | SNMP CommandsSNMPv3 Commands– 839 –snmp-server view This command adds an SNMP view which controls user access to the MIB. Use the no

CHAPTER 2 | Initial Switch ConfigurationConnecting to the Switch– 84 –◆ Control port access through IEEE 802.1X security or static address filteri

CHAPTER 25 | SNMP CommandsSNMPv3 Commands– 840 –show snmpengine-idThis command shows the SNMP engine ID.COMMAND MODE Privileged ExecEXAMPLEThis ex

CHAPTER 25 | SNMP CommandsSNMPv3 Commands– 841 –Write View : No writeview specifiedNotify View : No notifyview specifiedStorage Type : vo

CHAPTER 25 | SNMP CommandsSNMPv3 Commands– 842 –Row Status: activeConsole#show snmp view This command shows information on the SNMP views.COMMAND

CHAPTER 25 | SNMP CommandsNotification Log Commands– 843 –Notification Log Commandsnlm This command enables or disables the specified notification

CHAPTER 25 | SNMP CommandsNotification Log Commands– 844 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ Systems that support SNMP often need a

CHAPTER 25 | SNMP CommandsAdditional Trap Commands– 845 –show nlmoper-statusThis command shows the operational status of configured notification l

CHAPTER 25 | SNMP CommandsAdditional Trap Commands– 846 –COMMAND USAGE Once the rising alarm threshold is exceeded, utilization must drop beneath

– 847 –26 REMOTE MONITORING COMMANDSRemote Monitoring allows a remote device to collect information or respond to specified events on an independent

CHAPTER 26 | Remote Monitoring Commands– 848 –rmon alarm This command sets threshold bounds for a monitored variable. Use the no form to remove an

CHAPTER 26 | Remote Monitoring Commands– 849 –◆ If the current value is less than or equal to the falling threshold, and the last sample value was

CHAPTER 2 | Initial Switch ConfigurationConnecting to the Switch– 85 –3. Make sure the terminal emulation software is set as follows: Select the a

CHAPTER 26 | Remote Monitoring Commands– 850 –◆ The specified events determine the action to take when an alarm triggers this event. The response

CHAPTER 26 | Remote Monitoring Commands– 851 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#rmon collection history 21 buckets 2

CHAPTER 26 | Remote Monitoring Commands– 852 –show rmon alarms This command shows the settings for all configured alarms.COMMAND MODE Privileged E

CHAPTER 26 | Remote Monitoring Commands– 853 –show rmonstatisticsThis command shows the information collected for all configured entries in the st

CHAPTER 26 | Remote Monitoring Commands– 854 –

– 855 –27 FLOW SAMPLING COMMANDS Flow sampling (sFlow) can be used with a remote sFlow Collector to provide an accurate, detailed and real-time over

CHAPTER 27 | Flow Sampling Commands– 856 –COMMAND USAGE Flow sampling must be enabled globally on the switch, as well as for those ports where it

CHAPTER 27 | Flow Sampling Commands– 857 –sflow max-datagram-sizeThis command configures the maximum size of the sFlow datagram payload. Use the n

CHAPTER 27 | Flow Sampling Commands– 858 –sflow owner This command configures the name of the receiver (i.e., sFlow Collector). Use the no form to

CHAPTER 27 | Flow Sampling Commands– 859 –sflow sample This command configures the packet sampling rate. Use the no form to restore the default ra

CHAPTER 2 | Initial Switch ConfigurationStack Operations– 86 –STACK OPERATIONSUp to eight switches can be stacked together as described in the Ins

CHAPTER 27 | Flow Sampling Commands– 860 –sflow timeout This command configures the length of time samples are sent to the Collector before resett

CHAPTER 27 | Flow Sampling Commands– 861 –COMMAND MODE Privileged ExecEXAMPLEConsole#show sflow interface ethernet 1/9 Interface of Ethernet 1/9

CHAPTER 27 | Flow Sampling Commands– 862 –

– 863 –28 AUTHENTICATION COMMANDS You can configure this switch to authenticate users logging into the system for management access using local or r

CHAPTER 28 | Authentication CommandsUser Accounts– 864 –USER ACCOUNTSThe basic commands required for management access are listed in this section.

CHAPTER 28 | Authentication CommandsUser Accounts– 865 –EXAMPLE Console(config)#enable password level 15 0 adminConsole(config)#RELATED COMMANDSen

CHAPTER 28 | Authentication CommandsAuthentication Sequence– 866 –EXAMPLE This example shows how the set the access level and password for a user.

CHAPTER 28 | Authentication CommandsAuthentication Sequence– 867 –◆ RADIUS and TACACS+ logon authentication assigns a specific privilege level for

CHAPTER 28 | Authentication CommandsRADIUS Client– 868 –“authentication login radius tacacs local,” the user name and password on the RADIUS serve

CHAPTER 28 | Authentication CommandsRADIUS Client– 869 –COMMAND MODE Global ConfigurationEXAMPLE Console(config)#radius-server acct-port 181Consol

CHAPTER 2 | Initial Switch ConfigurationStack Operations– 87 –SELECTING THEBACKUP UNITOnce the Master unit finishes booting up, it continues to sy

CHAPTER 28 | Authentication CommandsRADIUS Client– 870 –key - Encryption key used to authenticate logon access for client. Do not use blank spaces

CHAPTER 28 | Authentication CommandsRADIUS Client– 871 –radius-serverretransmitThis command sets the number of retries. Use the no form to restore

CHAPTER 28 | Authentication CommandsTACACS+ Client– 872 –show radius-server This command displays the current settings for the RADIUS server.DEFAU

CHAPTER 28 | Authentication CommandsTACACS+ Client– 873 –tacacs-server host This command specifies the TACACS+ server and other optional parameter

CHAPTER 28 | Authentication CommandsTACACS+ Client– 874 –COMMAND MODE Global ConfigurationEXAMPLE Console(config)#tacacs-server key greenConsole(c

CHAPTER 28 | Authentication CommandsTACACS+ Client– 875 –EXAMPLE Console(config)#tacacs-server retransmit 5Console(config)#tacacs-servertimeoutThi

CHAPTER 28 | Authentication CommandsAAA– 876 –TACACS Server Group:Group Name Member Index------------------------- -------------tac

CHAPTER 28 | Authentication CommandsAAA– 877 –group - Specifies the server group to use.radius - Specifies all RADIUS hosts configure with the rad

CHAPTER 28 | Authentication CommandsAAA– 878 –group - Specifies the server group to use.radius - Specifies all RADIUS hosts configure with the rad

CHAPTER 28 | Authentication CommandsAAA– 879 –◆ Using the command without specifying an interim interval enables updates, but does not change the

CHAPTER 2 | Initial Switch ConfigurationStack Operations– 88 –other units within this VLAN interface, then this IP address will no longer be avail

CHAPTER 28 | Authentication CommandsAAA– 880 –aaa group server Use this command to name a group of security server hosts. To remove a server group

CHAPTER 28 | Authentication CommandsAAA– 881 –EXAMPLE Console(config)#aaa group server radius tpsConsole(config-sg-radius)#server 10.2.68.120Conso

CHAPTER 28 | Authentication CommandsAAA– 882 –EXAMPLE Console(config)#line consoleConsole(config-line)#accounting exec tpsConsole(config-line)#exi

CHAPTER 28 | Authentication CommandsWeb Server– 883 –statistics - Displays accounting records.user-name - Displays accounting records for a specif

CHAPTER 28 | Authentication CommandsWeb Server– 884 –ip http port This command specifies the TCP port number used by the web browser interface. Us

CHAPTER 28 | Authentication CommandsWeb Server– 885 –ip http secure-port This command specifies the UDP port number used for HTTPS connection to t

CHAPTER 28 | Authentication CommandsWeb Server– 886 –COMMAND USAGE ◆ Both HTTP and HTTPS service can be enabled independently on the switch. Howev

CHAPTER 28 | Authentication CommandsTelnet Server– 887 –TELNET SERVERThis section describes commands used to configure Telnet management access to

CHAPTER 28 | Authentication CommandsTelnet Server– 888 –ip telnet port This command specifies the TCP port number used by the Telnet interface. Us

CHAPTER 28 | Authentication CommandsSecure Shell– 889 –show ip telnet This command displays the configuration settings for the Telnet server. COMM

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 89 –running a different image version. For information on downloading firmware, see “

CHAPTER 28 | Authentication CommandsSecure Shell– 890 –Configuration GuidelinesThe SSH server on this switch supports both password and public key

CHAPTER 28 | Authentication CommandsSecure Shell– 891 –4. Set the Optional Parameters – Set other optional parameters, including the authenticatio

CHAPTER 28 | Authentication CommandsSecure Shell– 892 –c. The client sends a signature generated using the private key to the switch.d. When the s

CHAPTER 28 | Authentication CommandsSecure Shell– 893 –COMMAND MODE Global ConfigurationCOMMAND USAGE ◆ The SSH server supports up to eight client

CHAPTER 28 | Authentication CommandsSecure Shell– 894 –ip ssh timeout This command configures the timeout for the SSH server. Use the no form to r

CHAPTER 28 | Authentication CommandsSecure Shell– 895 –EXAMPLE Console#delete public-key admin dsaConsole#ip ssh crypto host-key generateThis comm

CHAPTER 28 | Authentication CommandsSecure Shell– 896 –ip ssh cryptozeroizeThis command clears the host key from memory (i.e. RAM). SYNTAX ip ssh

CHAPTER 28 | Authentication CommandsSecure Shell– 897 –RELATED COMMANDSip ssh crypto host-key generate (895)show ip ssh This command displays the

CHAPTER 28 | Authentication CommandsSecure Shell– 898 –1854900028313416250083487184495220874292122556916656552963281635169640408315547660664151657

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 899 –802.1X PORT AUTHENTICATIONThe switch supports IEEE 802.1X (dot1x) port-based

CONTENTS– 9 –12 VOIP TRAFFIC CONFIGURATION 303Overview 303Configuring VoIP Traffic 303Configuring Telephony OUI 305Configuring VoIP Traffic Ports

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 90 –4. Type “username admin password 0 password,” for the Privileged Exec level, wher

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 900 –General Commandsdot1x default This command sets all configurable dot1x global

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 901 –dot1x system-auth-controlThis command enables IEEE 802.1X port authentication

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 902 –dot1x max-reauth-reqThis command sets the maximum number of times that the sw

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 903 –dot1x operation-modeThis command allows hosts (clients) to connect to an 802.

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 904 –dot1x port-control This command sets the dot1x mode on a port interface. Use

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 905 –EXAMPLEConsole(config)#interface eth 1/2Console(config-if)#dot1x re-authentic

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 906 –EXAMPLEConsole(config)#interface eth 1/2Console(config-if)#dot1x timeout re-a

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 907 –DEFAULT30 secondsCOMMAND MODEInterface ConfigurationEXAMPLEConsole(config)#in

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 908 –Display Information Commandsshow dot1x This command shows general port authen

CHAPTER 28 | Authentication Commands802.1X Port Authentication– 909 – Reauth Max Retries – Maximum number of reauthentication attempts. Max Reque

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 91 –◆ Default gateway for the network To assign an IPv4 address to the switch, comple

CHAPTER 28 | Authentication CommandsManagement IP Filter– 910 –802.1X Port Details802.1X Authenticator is enabled on port 1/1...802.1X Authenticat

CHAPTER 28 | Authentication CommandsManagement IP Filter– 911 –management This command specifies the client IP addresses that are allowed manageme

CHAPTER 28 | Authentication CommandsManagement IP Filter– 912 –show management This command displays the client IP addresses that are allowed mana

CHAPTER 28 | Authentication CommandsPPPoE Intermediate Agent– 913 –PPPOE INTERMEDIATE AGENTThis section describes commands used to configure the P

CHAPTER 28 | Authentication CommandsPPPoE Intermediate Agent– 914 –port-ID attribute in PPP authentication and AAA accounting requests to a RADIUS

CHAPTER 28 | Authentication CommandsPPPoE Intermediate Agent– 915 –pppoe intermediate-agent port-enableThis command enables the PPPoE IA on an int

CHAPTER 28 | Authentication CommandsPPPoE Intermediate Agent– 916 –◆ The switch intercepts PPPoE discovery frames from the client and inserts a un

CHAPTER 28 | Authentication CommandsPPPoE Intermediate Agent– 917 –pppoe intermediate-agent vendor-tagstripThis command enables the stripping of v

CHAPTER 28 | Authentication CommandsPPPoE Intermediate Agent– 918 –show pppoeintermediate-agentinfoThis command displays configuration settings fo

CHAPTER 28 | Authentication CommandsPPPoE Intermediate Agent– 919 –EXAMPLEConsole#show pppoe intermediate-agent statistics interface ethernet 1/1E

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 92 –example, followed by the “link-local” command parameter. Then press <Enter>

CHAPTER 28 | Authentication CommandsPPPoE Intermediate Agent– 920 –

– 921 –29 GENERAL SECURITY MEASURES This switch supports many methods of segregating traffic for clients attached to each of the data ports, and for

CHAPTER 29 | General Security MeasuresPort Security– 922 –PORT SECURITY These commands can be used to enable port security on a port. When MAC add

CHAPTER 29 | General Security MeasuresPort Security– 923 –◆ The mac-learning commands cannot be used if 802.1X Port Authentication has been global

CHAPTER 29 | General Security MeasuresPort Security– 924 –COMMAND USAGE ◆ The default maximum number of MAC addresses allowed on a secure port is

CHAPTER 29 | General Security MeasuresPort Security– 925 –show port security This command displays port security status and the secure address cou

CHAPTER 29 | General Security MeasuresPort Security– 926 –The following example shows the port security settings and number of secure addresses fo

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 927 –NETWORK ACCESS (MAC ADDRESS AUTHENTICATION)Network Access

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 928 –network-accessagingUse this command to enable aging for au

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 929 –COMMAND MODE Global Configuration COMMAND USAGE◆ Specified

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 93 –3. Type “exit” to return to the global configuration mode prompt. Press <Enter

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 930 –network-accessdynamic-qosUse this command to enable the dy

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 931 –EXAMPLE The following example enables the dynamic QoS feat

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 932 –network-accessguest-vlanUse this command to assign all tra

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 933 –network-accesslink-detection link-downUse this command to

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 934 –EXAMPLEConsole(config)#interface ethernet 1/1Console(confi

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 935 –COMMAND MODE Interface Configuration COMMAND USAGE The max

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 936 –◆ When port status changes to down, all MAC addresses are

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 937 –mac-authenticationintrusion-actionUse this command to conf

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 938 –clear network-accessUse this command to clear entries from

CHAPTER 29 | General Security MeasuresNetwork Access (MAC Address Authentication)– 939 –EXAMPLE Console#show network-access interface ethernet 1/1

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 94 –To automatically configure the switch by communicating with BOOTP or DHCP address

CHAPTER 29 | General Security MeasuresWeb Authentication– 940 –00-00-00 to 00-00-01-FF-FF-FF to be displayed. All other MACs would be filtered out

CHAPTER 29 | General Security MeasuresWeb Authentication– 941 –NOTE: RADIUS authentication must be activated and configured for the web authentica

CHAPTER 29 | General Security MeasuresWeb Authentication– 942 –EXAMPLE Console(config)#web-auth login-attempts 2Console(config)#web-auth quiet-per

CHAPTER 29 | General Security MeasuresWeb Authentication– 943 –EXAMPLE Console(config)#web-auth session-timeout 1800Console(config)#web-auth syste

CHAPTER 29 | General Security MeasuresWeb Authentication– 944 –web-auth re-authenticate (Port)This command ends all web authentication sessions co

CHAPTER 29 | General Security MeasuresWeb Authentication– 945 –show web-auth This command displays global web authentication parameters.COMMAND MO

CHAPTER 29 | General Security MeasuresDHCP Snooping– 946 –show web-authsummaryThis command displays a summary of web authentication port parameter

CHAPTER 29 | General Security MeasuresDHCP Snooping– 947 –ip dhcp snooping This command enables DHCP snooping globally. Use the no form to restore

CHAPTER 29 | General Security MeasuresDHCP Snooping– 948 – If the DHCP packet is from a client, such as a DECLINE or RELEASE message, the switch f

CHAPTER 29 | General Security MeasuresDHCP Snooping– 949 –ip dhcp snoopingdatabase flashThis command writes all dynamically learned snooping entri

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 95 –2. Type “ipv6 enable” and press <Enter>.Console(config)#interface vlan 1Con

CHAPTER 29 | General Security MeasuresDHCP Snooping– 950 –just their MAC address. DHCP client-server exchange messages are then forwarded directly

CHAPTER 29 | General Security MeasuresDHCP Snooping– 951 –policy for these packets. The switch can either drop the DHCP packets, keep the existing

CHAPTER 29 | General Security MeasuresDHCP Snooping– 952 –ip dhcp snoopingvlanThis command enables DHCP snooping on the specified VLAN. Use the no

CHAPTER 29 | General Security MeasuresDHCP Snooping– 953 –COMMAND MODEInterface Configuration (Ethernet, Port Channel)COMMAND USAGE ◆ A trusted in

CHAPTER 29 | General Security MeasuresDHCP Snooping– 954 –COMMAND MODEPrivileged ExecEXAMPLEConsole(config)#clear ip dhcp snooping binding 11-22-3

CHAPTER 29 | General Security MeasuresIP Source Guard– 955 –show ip dhcpsnooping bindingThis command shows the DHCP snooping binding table entries

CHAPTER 29 | General Security MeasuresIP Source Guard– 956 –ip source-guardbindingThis command adds a static address to the source-guard binding t

CHAPTER 29 | General Security MeasuresIP Source Guard– 957 –EXAMPLEThis example configures a static source-guard binding on port 5.Console(config)

CHAPTER 29 | General Security MeasuresIP Source Guard– 958 –◆ Table entries include a MAC address, IP address, lease time, entry type (Static-IP-S

CHAPTER 29 | General Security MeasuresIP Source Guard– 959 –ip source-guardmax-bindingThis command sets the maximum number of entries that can be

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 96 –◆ If the switch does not receive a DHCP response prior to completing the bootup p

CHAPTER 29 | General Security MeasuresARP Inspection– 960 –show ip source-guard bindingThis command shows the source guard binding table.SYNTAX sh

CHAPTER 29 | General Security MeasuresARP Inspection– 961 –ip arp inspection This command enables ARP Inspection globally on the switch. Use the n

CHAPTER 29 | General Security MeasuresARP Inspection– 962 –◆ When ARP Inspection is disabled globally, it is still possible to configure ARP Inspe

CHAPTER 29 | General Security MeasuresARP Inspection– 963 –EXAMPLEConsole(config)#ip arp inspection filter sales vlan 1Console(config)#ip arp insp

CHAPTER 29 | General Security MeasuresARP Inspection– 964 –EXAMPLEConsole(config)#ip arp inspection log-buffer logs 1 interval 10Console(config)#i

CHAPTER 29 | General Security MeasuresARP Inspection– 965 –ip arp inspectionvlanThis command enables ARP Inspection for a specified VLAN or range

CHAPTER 29 | General Security MeasuresARP Inspection– 966 –ip arp inspectionlimitThis command sets a rate limit for the ARP packets received on a

CHAPTER 29 | General Security MeasuresARP Inspection– 967 –EXAMPLEConsole(config)#interface ethernet 1/1Console(config-if)#ip arp inspection trust

CHAPTER 29 | General Security MeasuresARP Inspection– 968 –show ip arpinspection logThis command shows information about entries stored in the log

CHAPTER 29 | General Security MeasuresDenial of Service Protection– 969 –EXAMPLEConsole#show ip arp inspection vlan 1VLAN ID DAI Status

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 97 – option dynamicProvision.tftp-server-name code 66 = text; option dynamicProvision

CHAPTER 29 | General Security MeasuresDenial of Service Protection– 970 –dos-protection tcp-scanThis command protects against DoS TCP-null-scan at

CHAPTER 29 | General Security MeasuresDenial of Service Protection– 971 –EXAMPLEConsole#show dos-protectionGlobal DoS Protections: LAND Attack

CHAPTER 29 | General Security MeasuresDenial of Service Protection– 972 –

– 973 –30 ACCESS CONTROL LISTSAccess Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port

CHAPTER 30 | Access Control ListsIPv4 ACLs– 974 –access-list ip This command adds an IP access list and enters configuration mode for standard or

CHAPTER 30 | Access Control ListsIPv4 ACLs– 975 –permit, deny(Standard IP ACL)This command adds a rule to a Standard IPv4 ACL. The rule sets a fil

CHAPTER 30 | Access Control ListsIPv4 ACLs– 976 –permit, deny(Extended IPv4 ACL)This command adds a rule to an Extended IPv4 ACL. The rule sets a

CHAPTER 30 | Access Control ListsIPv4 ACLs– 977 –port-bitmask – Decimal number representing the port bits to match. (Range: 0-65535)control-flags

CHAPTER 30 | Access Control ListsIPv4 ACLs– 978 –EXAMPLEThis example accepts any incoming packets if the source address is within subnet 10.7.1.x.

CHAPTER 30 | Access Control ListsIPv4 ACLs– 979 –COMMAND USAGE◆ Only one ACL can be bound to a port.◆ If an ACL is already bound to a port and you

CHAPTER 2 | Initial Switch ConfigurationBasic Configuration– 98 –◆ private - with read/write access. Authorized management stations are able to bo

CHAPTER 30 | Access Control ListsIPv6 ACLs– 980 –EXAMPLE Console#show ip access-list standardIP standard access-list david: permit host 10.1.1.21

CHAPTER 30 | Access Control ListsIPv6 ACLs– 981 –COMMAND MODEGlobal ConfigurationCOMMAND USAGE◆ When you create a new ACL or enter configuration m

CHAPTER 30 | Access Control ListsIPv6 ACLs– 982 –DEFAULT SETTINGNoneCOMMAND MODEStandard IPv6 ACLCOMMAND USAGENew rules are appended to the end of

CHAPTER 30 | Access Control ListsIPv6 ACLs– 983 –flow-label – A label for packets belonging to a particular traffic “flow” for which the sender re

CHAPTER 30 | Access Control ListsIPv6 ACLs– 984 –EXAMPLEThis example accepts any incoming packets if the destination address is 2009:DB9:2229::79/

CHAPTER 30 | Access Control ListsIPv6 ACLs– 985 – permit 2009:DB9:2229:5::/64Console#RELATED COMMANDSpermit, deny (Standard IPv6 ACL) (981)permit

CHAPTER 30 | Access Control ListsMAC ACLs– 986 –show ipv6 access-groupThis command shows the ports assigned to IPv6 ACLs.COMMAND MODEPrivileged Ex

CHAPTER 30 | Access Control ListsMAC ACLs– 987 –COMMAND USAGE◆ When you create a new ACL or enter configuration mode for an existing ACL, use the

CHAPTER 30 | Access Control ListsMAC ACLs– 988 –{permit | deny} untagged-eth2{any | host source | source address-bitmask} {any | host destination

CHAPTER 30 | Access Control ListsMAC ACLs– 989 –COMMAND MODEMAC ACLCOMMAND USAGE◆ New rules are added to the end of the list.◆ The ethertype optio

CHAPTER 2 | Initial Switch ConfigurationManaging System Files– 99 –CONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTSTo configure management access for

CHAPTER 30 | Access Control ListsMAC ACLs– 990 –EXAMPLE Console(config)#interface ethernet 1/2Console(config-if)#mac access-group jerry inConsole(

CHAPTER 30 | Access Control ListsARP ACLs– 991 –ARP ACLSThe commands in this section configure ACLs based on the IP or MAC address contained in AR

CHAPTER 30 | Access Control ListsARP ACLs– 992 –permit, deny(ARP ACL)This command adds a rule to an ARP ACL. The rule filters packets matching a s

CHAPTER 30 | Access Control ListsARP ACLs– 993 –EXAMPLE This rule permits packets from any source IP and MAC address to the destination subnet add

CHAPTER 30 | Access Control ListsACL Information– 994 –ACL INFORMATIONThis section describes commands used to display ACL information.show access-

CHAPTER 30 | Access Control ListsACL Information– 995 –EXAMPLE Console#show access-listIP standard access-list david: permit host 10.1.1.21 perm

CHAPTER 30 | Access Control ListsACL Information– 996 –

– 997 –31 INTERFACE COMMANDSThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN; or pe

CHAPTER 31 | Interface CommandsInterface Configuration– 998 –Interface Configurationinterface This command configures an interface type and enters

CHAPTER 31 | Interface CommandsInterface Configuration– 999 –COMMAND MODE Interface Configuration (Ethernet, Port Channel)COMMAND USAGEThe alias i