Implement 802.1x on Ethernet Switch | 3Com 10014298 guide

IEEE 802.1x 209

■EAPoL-Key: Key information frame, supporting to encrypt the EAP packets.

■EAPoL-Encapsulated-ASF-Alert: Supports the Alerting message of Alert Standard Forum (ASF).

The EAPoL-Start, EAPoL-Logoff, and EAPoL-Key only exist between the Supplicant and the Authenticator. The EAP-Packet information is re-encapsulated by the Authenticator System and then transmitted to the Authentication Server System. The EAPoL-Encapsulated-ASF-Alert is related to the network management information and terminated by the Authenticator.

802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the scheme. The administrator of the access device should configure the AAA scheme by selecting RADIUS or local authentication to assist 802.1x in implementing the user ID authentication. For a detailed description, refer to the corresponding AAA configuration.

Implement 802.1x on Ethernet Switch

The Switch 7750 not only supports the port access authentication method regulated by 802.1x, but also extends and optimizes it in the following way:

■Support to connect several End Stations in the downstream by a physical port.

■The access control (or the user authentication method) can be based on port or MAC address.

In this way, the system becomes more secure, and easier to manage.

Configuring 802.1x The configuration tasks of 802.1x itself, can be fulfilled in system view of the Ethernet switch. When the global 802.1x is not enabled, the user can configure the 802.1x state of the port. The configured items will take effect after the global 802.1x is enabled.

Do not enable 802.1x and RSTP at the same time or the switch may not work normally.

The 802.1x configuration tasks are described in the following sections:

■Enabling/Disabling 802.1x

■Setting the Port Access Control Mode

■Setting Port Access Control Method

■Checking the Users that Log on the Switch by Proxy

■Setting Number of Users on a Port

■Enabling DHCP to Launch Authentication

■Configuring the Authentication Method for 802.1x Users

■Setting the Maximum Retransmission Times

■Configuring Timers

■Enabling/Disabling Quiet-Period Timer

■Displaying and Debugging 802.1x

Image 209

3Com 10014298 manual Implement 802.1x on Ethernet Switch

Contents

Switch Configuration Guide Campus Drive 3Com CorporationMarlborough, MA 01752-3064 Contents 110 IP Multicast Protocols 112 104 Route Capacity 105 Configuring Route CapacityIP Multicast Overview 109 STP Overview 181 Configuring STP 137 Configuring PIM-SM 138 Gmrp Configuring Gmrp 146Configuring the Mstp Running Mode 192 191 244 Configuring File Management 245 Dynamic Vlan with Radius Server Configuration Example 240237 239 286 274 Configuring Rmon278 Configuring NTP 279 Page Lists the text conventions used in this book Lists icon conventions that are used throughout this bookText Conventions Icon Description Display user-interface Product Overview Console port. To set up the local configuration environment ConfiguringSwitch Parameters Setting TerminalTo set terminal parameters Dialog box, as shown in Figure Select Properties HyperTerminal Window Enter system view, return to user view by pressing Ctrl+Z Connecting the PC to the SwitchTelnet Run Telnet Connecting Two Switch 7750 Systems SW7750telnet Dial-up Modem Set Up Remote Configuration Environment Dial the Remote PC Interface Configure the Attributes of the AUX Console Port Configuring the Attributes of the AUX Console PortEntering the User Interface View Enter User Interface View Configuring the Terminal Attributes Managing Users By default, the terminal screen length is 24 lines Authorize users to use the command lines Perform the following configuration in user interface viewConfigure Authentication Method Configure the Local Authentication Password Set Command Level After User Login Perform the following configuration in local-user viewSet Command Level Used After a User Logs Configuring Redirection Configuring the Attributes of a ModemSet Command Priority Configure Modem Configure to Send Messages Between User Interfaces Perform the following configuration in user viewConfigure Automatic Command Execution Displaying and Debugging User Interface Interface Command Line Command Line Interface Function Feature of Command View Displaying Features of the Command Line Command LineEditing Features of the Command Line Online Help History Command Common Command Line Error MessagesCommon Command Line Error Messages Retrieve History Command Displaying Features of the Command Line Editing Features of the Command LineEditing Functions Display Functions System Access Ethernet Port Overview Port Configuration Enabling and Disabling Ethernet Ports Setting Description Character String for Ethernet PortEntering Ethernet Port View Setting Cable Type for Ethernet Port Setting Duplex Attribute of the Ethernet PortSetting the Speed of the Ethernet Port Setting Ethernet Port Broadcast Suppression Ratio Setting Flow Control for Ethernet PortPermitting/Forbidding Jumbo Frames on the Ethernet port Set Flow Control for Ethernet Port Setting Ethernet Port Broadcast Suppression Ratio Setting the Link Type for an Ethernet PortAdding the Ethernet Port to a Vlan Set Link Type for Ethernet Port Adding the Ethernet Port to Specified VLANs Setting the Default Vlan ID for Ethernet PortSet the Default Vlan ID for the Ethernet Port Copying a Port Configuration to Other Ports Copying a Port Configuration to Other PortsDisplaying and Debugging Ethernet Ports Display and Debug Ethernet Port Example Configuring the Default Vlan ID of the Trunk Port Configuring LinkPort Configuration Aggregation Manual and Static Lacp Aggregation Port Configuration Dynamic Lacp aggregation Undo lacp enable Lacp enableEnabling or Disabling Lacp at a Port Enabling/Disabling Lacp at a Port Add/Delete Ethernet Port to/from Aggregation Group Creating or Deleting an Aggregation GroupCreate or Delete an Aggregation Group By default, an aggregation group has no descriptor Setting or Deleting an Aggregation Group DescriptorConfiguring System Priority By default, system priority is Configure Port Priority Default value for port priority isDisplaying and Debugging Link Aggregation Display and Debug Link Aggregation Networking For Link Aggregation Example Link Aggregation Configuration Configuring Link Aggregation Port Configuration Configuring GARP/GVRP Configuring VLANsVlan Overview Vlan Overview Creating or Deleting a Vlan Setting the Broadcast Suppression Ratio for VlanSpecifying the Broadcast Suppression Ratio for a Vlan Creating or Deleting a Vlan By default, the string parameter is null Setting or Deleting the Vlan Description Character StringSpecifying or Removing Vlan Interfaces Create a Vlan before creating an interface for it Displaying and Debugging a Vlan Example Vlan Configuration Adding Ethernet Ports to a Vlan By default, the system adds all ports to VLAN1Adding Ethernet Ports to a Vlan Creating and Deleting a Vlan Protocol Type Creating and Deleting a Vlan Protocol TypeAdd Ethernet1/0/1 and Ethernet1/0/2 to VLAN2 Add Ethernet1/0/3 and Ethernet1/0/4 to VLAN3 Example Protocol-Based Vlan ConfigurationSW7750-vlan2port ethernet1/0/1 to ethernet1/0/2 SW7750-vlan3port ethernet1/0/3 to ethernet1/0/4 SW7750-vlan2protocol-vlan ? Configure the protocol Vlan on port G1/0/1SW7750-vlan2protocol-vlan ip SW7750int g1/0/1 Vlan and multicast addresses Configure port G1/0/3 as Vlan 3 and port G1/0/2 as Vlan Setting the Garp Timers Setting the Garp Timers Display and Debug Garp Displaying and Debugging Garp Setting the Gvrp Registration Type By default, Gvrp is disabled on a portEnabling or Disabling Global Gvrp Enabling or Disabling Port Gvrp Example Gvrp Configuration Example By default, the Gvrp registration type is normalSetting the Gvrp Registration Type Displaying and Debugging Gvrp Create VLANs Enable Gvrp globallyEnable Gvrp on the trunk port Address Configuring IP Configuring the IP Address of the Vlan Interface Configure IP Address and HostName for a HostConfigure the Host Name and the Corresponding IP Address Subnet and Mask Configure IP Address for a Vlan Interface Example Configuring an IP AddressDisplaying and Debugging an IP Address Display and Debug IP Address Address Configuration Configure the IP address for Vlan interfaceExample IP Address Resolution Enter Vlan interface Learning Gratuitous ARPs Manually Adding/Deleting Static ARP Mapping EntriesManually Adding/Deleting Static ARP Mapping Entries Learning Gratuitous ARPs Displaying and Debugging ARP Configuring the Dynamic ARP Aging TimerDhcp Relay Configure/Delete the IP Address of the Dhcp Server Configuring a Dhcp Server IP Address in a Dhcp Server GroupDhcp-server groupNo ip ipaddress1 Ipaddress2 Configuring the Address Table Entry Configuring the Dhcp Server Group for the Vlan InterfaceEnabling/Disabling Dhcp Security Features Configure/Delete the Address Table Entry Displaying and Debugging Dhcp Relay Example Configuring Dhcp Relay Relay Configuration Dynamically Show the configuration of Dhcp server groups in User viewSW7750display dhcp-server SW7750display dhcp-server interface vlan-interface Attributes IP Performance Display and Debug IP Performance Configure Whether to Forward L3 Broadcast Packets SW7750terminal debugging SW7750debugging tcp transact SW7750terminal debugging SW7750debugging tcp packet Network Protocol Operation IP Routing Protocol Operation About Hops Routing Table Unreliable source Static RoutesIndividual static routes can be different Routes Shared Between Routing Protocols Configuring a Static Route Default RouteConfiguring a Static Route Configuring a Default Route Configuring a Default RouteParameters are explained as follows IP address and mask Transmitting interface or next hop address Displaying and Debugging Static Routes Example Typical Static Route ConfigurationDeleting All Static Routes Displaying and Debugging the Routing Table Configure the static route for Ethernet Switch B Configure the static route for Ethernet Switch aConfigure the static route for Ethernet Switch C Enabled, but the IP packets cannot be forwarded normally Network or host is unreachable RIP Enabling RIP and Entering the RIP View Enabling RIP and Entering the RIP ViewRip Undo rip Configuring Unicast RIP Messages By default, RIP is not enabledEnabling the RIP Interface Specifying the RIP Version Specifying RIP Version of the Interface Configuring RIP Timers By default, RIP-1 performs zero field check on the packet Configuring RIP-1 Zero Field Check of the Interface PacketConfiguring Zero Field Check of the Interface Packet Specifying the Operating State of the Interface By default, RIP-2 uses the route aggregation function By default, the router receives the host routeSetting RIP-2 Packet Authentication Disabling Host Route By default, split horizon of the interface is enabled Configuring Split HorizonSetting RIP-2 Packet Authentication Configuring Split Horizon By default, the cost value for the RIP imported route is Configuring the Default Cost for the Imported RouteSetting the RIP Preference By default, the preference of RIP is Displaying and Debugging RIP Configuring Route FilteringConfiguring RIP to Filter Routes Configure RIP on Switch a Example Typical RIP ConfigurationConfigure RIP on Switch B Configure RIP on Switch C Information that meets its conditions IP Routing PolicyAdvertise, receive, and import the route information IP Prefix Defining a Route Policy IP PrefixDefining a Route Policy Permit deny node Defining If-match Conditions By default, no matching is performedDefining If-match Clauses for a Route Policy Defining Apply Clauses Configuring Importing Routes of Other ProtocolsDefining Apply Clauses for a Route Policy Configuring Filtering for Received Routes Configuring for Filtering Received RoutesDefining IP Prefix Defining Prefix-list Configuring Filtering of Distributed Routes Configuring for Filtering Distributed RoutesDisplaying and Debugging the Routing Policy Displaying and Debugging the Route Policy Setting the Lower Limit for Switch Memory Configuring Route CapacitySetting the Safety Value for Switch Memory Setting the Lower Limit of the Ethernet Switch Memory Setting the Safety Value of the Ethernet Switch Memory Setting the Lower Limit and the Safety Value Simultaneously Memory auto-establish enable Operation Command Enable automatic recovery of disconnectedDisplaying and Debugging Route Capacity Displaying and Debugging Route Capacity IP Routing Protocol Operation Multicast Protocol Comparison Between the Unicast and Multicast Transmission Ethernet Multicast MAC Addresses Ranges and meanings of Class D addresses are shown in TableRanges and Meanings of Class D Addresses Reserved Multicast Address List Multicast Routing Protocol Internet Group Management Protocol Igmp RPF Reverse Path Forwarding PIM-SM Protocol-Independent Multicast Sparse Mode Multicast routing-enable By default, multicast routing is disabledUndo multicast routing-enable Enabling Multicast Clearing MFC Forwarding Entries or Statistic Information Configuring the Multicast Route LimitBy default, the multicast route-limit is Displaying and Debugging Common Multicast Configuration Configuring IgmpDisplay and Debug Common Multicast Configuration Participating in multicast must implement Igmp Specific group query Configuring the Igmp Version By default, Igmp is not enabledDefault is Igmp Version Enabling Igmp on an Interface Igmp lastmember-queryinterval By default, the interval is 1 secondSeconds Undo igmp Configure a Router to Be a Member of a Group Configuring the Limit of Igmp Groups on an InterfaceConfiguring a Router to be a Member of a Group Limiting Access to IP Multicast Groups By default, a router does not join a multicast groupConfiguring the Igmp Query Message Interval Default interval is 60 seconds Configuring the Maximum Query Response Time Configuring the Igmp Querier Present TimerConfigure the Igmp Querier Present Timer Configure the Maximum Query Response Time Display and Debug Igmp Displaying and Debugging Igmp Igmp Snooping Multicast Packet Transmission With Igmp Snooping Implement Igmp Snooping Implementing Igmp Snooping Enabling/Disabling Igmp Snooping Configure Router Port Aging TimeConfigure Router Port Aging Time Configuring Maximum Response Time By default, the port aging time is 260 secondsBy default, the maximum response time is 10 seconds Configure Aging Time of Multicast Group Member Display the status of Gmrp Example Igmp Snooping ConfigurationEnable Igmp Snooping if it is disabled Multicast Protocol Assert Mechanism Diagram Configuring the Interface Hello Message Interval See Configuring Common Multicast onEnabling PIM-DM Entering PIM View Perform the following configuration in the PIM view Configuring the Filtering of Multicast Source/GroupConfiguring the Filtering of PIM Neighbors Configure Hello Message Interval on an Interface Displaying and Debugging PIM-DM Displaying and Debugging PIM-DM Configuration procedure Example PIM-DM ConfigurationEnable the multicast routing protocol Enable PIM-DM Build the RP shared tree RPT Neighbor discovery mechanism is the same as that of PIM-DM Configure Candidate RPs Preparing to ConfigureConfigure BSRs Configure Static RP Refer to Configuring Igmp on Refer to Configuring Common Multicast onEnabling PIM-SM Enabling PIM-SM Configuring Candidate-BSRs Setting the PIM-SM Domain BorderSetting the PIM-SM Domain Border Pim bsr-boundary Configuring Static RP Configuring Candidate-RPsConfiguring Candidate-BSRs Configuring Candidate-RPs Configuring the Filtering of PIM Neighbor See Configuring PIM-DMonConfiguring RP to Filter the Register Messages Sent by DR Configuring the Interface Hello Message Interval Limiting the Range of Legal C-RP Limiting the Range of Legal BSRBsr-policy acl-number Undo bsr-policy Clearing PIM Neighbors Clearing Multicast Route Entries from PIM Routing TableDisplaying and Debugging PIM-SM Clearing Multicast Route Entries from PIM Routing Table Example Configuring PIM-SIM Execute the debugging command in user view to debug PIM-SMConfigure Switch a Enable PIM-SM Display and Debug PIM-SM Configure the C-BSR Configure Switch B Enable PIM-SMConfigure the C-RP Configure PIM domain border Multicast in Vlan Configure Switch C Enable PIM-SMInformation dynamically registered by other switches Example Configuring Gmrp Enable/Disable Gmrp GloballyEnabling/Disabling Gmrp on the Port Displaying and Debugging Gmrp Configure LSB Enable Gmrp globally Enable Gmrp on the port Hardware ACL OverviewFiltering or Classifying Value range Maximum Quantitative Limitation to the ACL Configuring the Time Configuring ACLsBe done in sequence Range Basic ACL is defined by numbers from 2000 to Defining a Basic ACLDefine an Advanced ACL Define Basic ACL Defining a Layer-2 ACL Perform the following configuration in designated viewDefine Advanced ACL Define Layer-2 ACL Activate ACL Displaying and Debugging an ACL Access Control ACL Configuration Examples Define the work time range Set the time range 800 to Select ACL mode Select ip-based ACL modeActivate ACL Activate the traffic-of-payserver ACL Define the time range Define time range 800 to Select ACL mode Select link-based ACL mode Configuring QoSDefine the rules for packet with source IP address Activate ACL Activate the ACL traffic-of-host Traffic Classification Traffic refers to all packets passing through a switchTraffic Traffic Policing Packet FilterBandwidth Assurance Port Traffic Limit Traffic Counting Traffic Mirroring Setting Port Priority Setting Port PriorityOperation Command Set port priority Restore the default priority Undo priority Setting Port Mirroring Setting Port MirroringSetting Queue Scheduling Restore the default mapping Configure the COS local-precedence mapping tableBy default, the switch selects the default mapping Mapping Between Dscp Priority Levels and Outbound Queues Configuring the Priority for Queue Scheduling Configuring the Traffic LimitConfiguring the Traffic Limit Entering QoS View Setting Traffic Bandwidth Setting Line LimitSetting Traffic Redirection Setting the Line Rate Configure RED Operation Configuring the RED OperationRelabeling the Priority Level Relabeling the Priority Level Configuring Traffic Statistics Configuring Traffic StatisticsDisplaying and Debugging QoS Display and Debug QoS Display priority-trust Traffic Bandwidth Traffic StatisticsTraffic Limit and Line Rate Port Mirroring Define the traffic-of-payserver rule in the advanced ACLSet traffic limit for the wage server Enter QoS view SW7750acl number Priority Relabeling Configuration ExampleDefine traffic classification rules for PC1 packets Packet Redirection Other interface units support only SP algorithm View the configuration with the display commandRule 0 interface gigabitetherent7/0/8 SW7750queue-scheduler wrr 5 5 10 10 15 15 9 Traffic Bandwidth Define traffic rules for the packets of IP address Traffic Bandwidth Traffic Statistics Security, see System Access Configuring ACLControl Define traffic rules for PC1 packets Importing an ACL Defining an ACLExample Controlling Telnet Users with ACL Defining a Basic ACL Define a Numbered Basic ACL Call an ACLImporting an ACL to Control Snmp Users Example Controlling Snmp Users with an ACL Authentication privacy read-viewRead-view read-view write-view Snmp-agent group v3 group-name Import the basic ACLs QOS/ Operation STP Overview Configuring STP Illustrates the network Algorithm Configuring STP STP Operation Final Stabilized Spanning Tree Mstp Overview Vlan Mapping Table MST RegionInternal Spanning Tree IST Common Spanning Tree CST Msti Region root Multiple Spanning Tree Instance MstiCommon Root Bridge Boundary port Mstp Principles Configuring MstpCist calculation Msti calculation Undo stp Region-configuration Stp region-configurationEntering MST region view Enter MST Region View Perform the following configuration in MST region view Configuring the MST RegionRoot Switch Configure the MST Region for a Switch Specify the Switch as Primary or Secondary Root Switch Configure the Priority for a Switch By default, the switch priority isConfigure the Mstp Running Mode Configure the Switching Network Diameter Configure the Max Hops in an MST Region Configure the Time Parameters of a Switch Configuring in Ethernet port view Configuring in system viewConfigure the Max Transmission Speed on a Port Port Configure a Port as an Edge Port or a Non-edge Port Specify the Standard To BeFollowed in Path Cost Calculation Configure the Path Cost of a PortInstance instance-id cost Stp instance instance-id cost Link Restore the default standard to be used Calculates the default Path Cost for the connectedStp pathcost-standard Dot1d-1998 dot1t legacy Instance instance-id port Configure the Port PriorityPriority priority Stp instance instance-idport Configure the Port Connection With the Point-to-point Link Configuring the Port Connection with Point-to-Point Link Variable of a Port Configure the mCheck Variable of a PortSecurity Function Mcheck Configure the Switch Security Function Device Enable/Disable Mstp on a DeviceEnable/Disable Mstp on a Port Snooping Configuring DigestDigest Snooping Prerequisites Configure digest snooping Ieee 802.1x Authentication Process Implement 802.1x on Ethernet Switch Enabling/Disabling Setting the Port Access Control ModeSetting Port Access Control Method Setting Number of Users on a Port Checking the Users that Log on the Switch by ProxyEnabling Dhcp to Launch Authentication Set to Enable Dhcp to Launch Authentication Configuring Timers Configuring the Authentication Method for 802.1x UsersSetting the Maximum Retransmission Times Example 802.1x Configuration Enabling/Disabling Quiet-Period TimerEnable/Disable a Quiet-Period Timer Displaying and Debugging SW7750radius scheme radius1 SW7750dot1x interface ethernet 1/0/2SW7750dot1x port-method macbased interface ethernet 1/0/2 AAA and Radius ImplementingProtocols Network security management Radius Creating/Deleting an ISP Domain Configuring AAAImplementing AAA/RADIUS on Ethernet Switch Create/Delete ISP Domain Configuring Relevant Attributes of an ISP DomainConfigure Relevant Attributes of ISP Domain Creating a Local User By default, there is no local user in the systemSetting Attributes of a Local User By default, no online user will be disconnected by force Disconnecting a User by ForceRadius Protocol Radius server type, etc Undo radius scheme Creating/Deleting a Radius Server GroupCreate/Delete a Radius Server Group Set IP Address and Port Number of Radius Server Setting the IP Address and Port Number of Radius Server Setting the Response Timeout Timer of Radius Server Setting the Radius Packet Encryption KeyBy default, timeout timer of Radius server is 3 seconds Setting Retransmission Times of the Radius Request Packet Enable the Selection of the Radius Accounting Option Setting a Real-time Accounting IntervalEnabling the Selection of the Radius Accounting Option Set Retransmission Times of Radius Request Packet Setting Maximum Times of Real-time Accounting Request By default, minute is set to 12 minutesEnabling/Disabling Stop Accounting Request Buffer Recommended Ratio of Minute to Number of Users By default, the Radius server type is standard Setting the Supported Type of Radius ServerSetting Radius Server State Enable/Disable Stopping Accounting Request Buffer Set the Unit of Data Flow Transmitted to Radius Server Setting Username Format Transmitted to Radius ServerSet Radius Server State Configuring Source Address for Radius Packets Sent by NAS Configuring a Local Radius Server GroupSetting the Timers of the Radius Server Setting the Response Timeout Timer of the Radius Server 229 35 Configure the Radius server response timer III. Configure the Radius Server Response TimerHwtacacs configuration tasks include 36 Hwtacacs configuration Configuring Hwtacacs AAA and Radius Operation Configuring Hwtacacs Perform the following configuration in Hwtacacs view Configuring Hwtacacs Interval is in minutes and must be a multiple Setting Tacacs Server TimersDefault response timeout timer is set to 5 seconds Debugging the AAA DisplayingRADIUS, Hwtacacs Protocols Remote Radius Server Examples Configure Radius scheme Configure the domainConfigure the association between domain and Radius Authentication at a Configure Vlan delivery mode as string Configure a Hwtacacs schemeConfigure name of the delivered Vlan Associate the domain with the Hwtacacs Radius packet cannot be transmitted to Radius server ConfigurationsUser authentication/authorization always fails AAA and Radius Operation File System File SystemManaging the MAC Address Table Managing Devices Perform the following operation in system view Mode of the File SystemFile Operation File System Operation Format the flash Example File System OperationDisplay the working directory in the flash Create a directory named test Erasing the Configuration Files from Flash Memory Perform the following configuration in all viewsSaving the Current Configuration Enable/Disable FTP Server Configuring the FTP Server Authentication and AuthorizationConfigure the FTP Server Authentication and Authorization Enabling and Disabling the FTP Server By default, the FTP server connection timeout is 30 minutes Configuring FTP Server ParametersDisplaying and Debugging the FTP Server Introduction to FTP Client By default, Tftp transmits files in binary mode Configuring the File Transmission ModeDownloading Files with Tftp Uploading Files with Tftp Setting MAC Address Table Entries Disabling or Enabling MAC Address Learning on a Port By default, the MAC address learning function is enabledDisabling or Enabling Global MAC Address Learning Setting the MAC Address Aging Time for the System Setting MAC Address Aging TimeDisplaying and Debugging the MAC Address Table Displaying and Debugging MAC Address Table Enter the system view of the switch Example Configuring MAC Address Table ManagementDisplay the MAC address configurations in all views Add a MAC address specify the native VLAN, port and state Upgrading BootROM Is booted Perform the following configuration in user viewResetting a Slot If you input reboot only, the whole system will be reset Maintaining Debugging System Setting the Slot Temperature LimitSetting the Backboard View Setting the System Clock Setting the System NameSetting the Time Zone Setting Daylight Saving Time By default, daylight saving time is not set Perform this command in user viewSetting Daylight Saving Time Display Commands of the System Enabling and Disabling Debugging Displaying Diagnostic Information Following sections Ping Tracert Command Testing Tools forTracert Command Ping Operation Command Trace a route Tracert CommandTimeout host Tracert -f first-TTL -m Enabling and Disabling the Logging Function Setting the Output Channel of the LogEnable/Disable the Logging Function Log Output Defining the Log Filtering RulesNumbers and Names of the Channels for Log Output Syslog-Defined Severity Define the Filtering Rules of the Channels Configuring the Snmp Timestamp Output FormatConfiguring the Snmp Timestamp Output Format Example Log Configuration Configuring the Info-center LoghostEnable Rstp module debugging SW7750 security messages Displaying and Debugging the Syslog Function Displaying and Debugging the Syslog Function Architecture of the MIB Tree MIB Attribute MIB Content References Setting the Community NameMIBs Supported by the Ethernet Switch Setting the Community Name Setting the Destination Address of a TrapSetting the Destination Address of a Trap Enabling and Disabling the Snmp Agent to Send a Trap By default, the lifetime of a trap message is 120 seconds Setting the Lifetime of the Trap MessageSetting Snmp Information By default, syslocation is specified as Marlborough MA Setting the Source Address of the Trap Setting and Deleting an Snmp GroupSetting and Deleting an Snmp Group Setting the Source Address of the Trap Creating and Updating View Information or Deleting a View Creating and Updating View Information or Deleting a ViewAdding and Deleting a User to or from an Snmp Group Displaying and Debugging Snmp Enabling and Disabling Transmission of Trap InformationDisabling the Snmp Agent Operation Command Display the contact character string Example Snmp ConfigurationEnter the system view Set the community name, group name, and user Networks Used network management standards Adding or Delete an Entry to or from the Alarm Table Adding and Deleting an Entry to or from the Alarm TableAdding and Deleting an Entry to or from the Event Table Add or Delete an Entry to or from the Event Table Add or Delete an Entry to or from the Statistics Table Example Rmon Configuration Displaying the Rmon ConfigurationConfigure Rmon View the configurations in user view NTP Configuring NTP Operating Mode Ntp-service unicast-server Configuring NTP Time ServerAuthentication-keyid keyid Undo ntp-service unicast-server Configuring NTP Broadcast Server Mode Perform the following configurations in Vlan interface viewConfiguring NTP Peer Mode Configuring NTP Multicast Client Mode Configuring NTP Broadcast Client ModeConfiguring NTP Multicast Server Mode Setting the NTP Authentication Key Configuring NTP ID AuthenticationSetting the Specified Key to Be Reliable Key number key-numberranges from 1 to Designating an Interface to Transmit NTP Message Setting the NTP Master Clock Displaying and Debugging NTP Setting the Authority to Access a Local SwitchSetting Maximum Local Sessions Configure the Switch SW77501 Enter system view Example Configuring NTP ServersConfigure Ethernet Switch SW77502 Enter system view Set the local clock as the NTP master clock at stratum SW77502display ntp-service status Configure Ethernet Switch SW77504 Enter system view Example Configuring NTP Peers SW77504display ntp-service sessions SW77504display ntp-service status Configure Ethernet Switch SW77501 Enter system view Example Configuring NTP Broadcast ModeEnter Vlan-interface2 view Set it as broadcast server Configure Ethernet Switch SW77503 Enter system view Example Configuring NTP Multicast Mode# Set the local clock as a master NTP clock at stratum Set it as a multicast server Example Configuring Authentication-Enabled NTP Server Mode SW77501ntp-service reliable authentication-keyid Configure the key as reliableSW77501ntp-service authentication enable System Management