Manuals / Accton Technology / Computer Equipment / Switch

Accton Technology ES3526XA Setting a Local Engine ID, Specifying a Remote Engine ID, 123, 124

Models: ES3526XA ES3552XA

1 512

Download 512 pages 41.9 Kb

Page 88

3 Configuring the Switch

v2c or v3) and security level (i.e., authentication and privacy).

4.Assign SNMP users to groups, along with their specific authentication and privacy passwords.

Setting a Local Engine ID

An SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protects against message replay, delay, and redirection. The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets.

A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engineID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users.

A new engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are specified, trailing zeroes are added to the value. For example, the value “1234” is equivalent to “1234” followed by 22 zeroes.

Web – Click SNMP, SNMPv3, Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.

Figure 3-27 Setting the SNMPv3 Engine ID

CLI – This example sets an SNMPv3 engine ID.

Console(config)#snmp-server engine-id local 12345abcdef			4-123
Console(config)#exit
Console#show snmp engine-id			4-124
Local	SNMP	engineID: 8000002a8000000000e8666672
Local	SNMP	engineBoots: 1

Console#

Specifying a Remote Engine ID

To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.

SNMP passwords are localized using the engine ID of the authoritative agent. For informs, the authoritative SNMP agent is the remote agent. You therefore need to

3-44

Image 88

Accton Technology ES3526XA, ES3552XA manual Setting a Local Engine ID, Specifying a Remote Engine ID, 123, 124

Contents

Powered by Accton Page Fast Ethernet Switch ES3526XA ES3552XA F2.2.6.3 E122006-CS-R02 149100005500H Contents Page Iii Page Command Line Interface Page Vii Viii Contents Page Contents Xii Appendix a Software Specifications Appendix B TroubleshootingGlossary Index XiiiXiv Tables Xvi Xvii Xviii Figures XixFigures Xxi Xxii Key Features Key FeaturesFeature Description Supports standard STP and Rapid Spanning Tree Protocol RstpDescription of Software Features Description of Software Features Introduction System Defaults System DefaultsFunction Parameter Default Password superSystem Defaults Function Parameter Client EnabledClock Synchronization Disabled Introduction Connecting to the Switch Configuration OptionsInitial Configuration Required ConnectionsRemote Connections Basic ConfigurationConsole Connection Setting an IP Address Setting PasswordsManual Configuration Dynamic Configuration Enabling Snmp Management Access Community Strings for Snmp version 1 and 2c clients118 Trap Receivers120 Saving Configuration Settings Configuring Access for Snmp Version 3 Clients125 126Managing System Files Initial Configuration Configuring the Switch Using the Web InterfaceNavigating the Web Browser Interface HomeConfiguration Options Panel DisplayConfiguration Main MenuMain Menu Menu Description System System InformationMenu Description ACL139 Current Table143 148Class-of-service value IP Dscp Priority 155164 Dscp Priority Status Both IP Precedence PriorityMenu Description Igmp Snooping 170 Igmp Configuration Query Igmp Filter ConfigurationConfiguration Settings Igmp Filter/Throttling Trunk Configuration SettingsMain Menu Displaying System Information Field AttributesDisplaying Switch Hardware/Software Versions Main BoardManagement Software Expansion SlotDisplaying Switch Information Bridge Extension Configuration Displaying Bridge Extension CapabilitiesSetting the Switch’s IP Address CLI Enter the following commandCommand Attributes 195244 131245 Using DHCP/BOOTP 246Command Usage Dhcp Relay and Option 82 Information241 242Managing Firmware Downloading System Software from a Server Operation Code Image File Transfer11 Deleting Files Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server 12 Copy Configuration SettingsConsole Port Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet Configuring Event Logging System Log ConfigurationLogging Levels Level Severity Name DescriptionRemote Log Configuration 17 Remote LogsDisplaying Log Messages CLI This example shows the event message stored in RAMSending Simple Mail Transfer Protocol Alerts 19 Enabling and Configuring Smtp Alerts Resetting the System 20 Resetting the SystemSetting the System Clock Configuring SntpConfiguring NTP 22 NTP Client Configuration Setting the Time Zone Simple Network Management ProtocolLevel Group Read View Write View Notify View Security SNMPv3 Security Models and LevelsUser defined Setting Community Access Strings CLI The following example enables Snmp on the switchEnabling the Snmp Agent 11725 Configuring Snmp Community Strings Specifying Trap Managers and Trap TypesConfiguring the Switch Configuring SNMPv3 Management Access 122Setting a Local Engine ID Specifying a Remote Engine IDCLI This example sets an SNMPv3 engine ID 123Configuring SNMPv3 Users CLI This example specifies a remote SNMPv3 engine ID29 Configuring SNMPv3 Users Configuring Remote SNMPv3 Users 13030 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages Private Traps SwPowerStatus This trap is sent when the fan failsSwFanRecoverTrap This trap is sent when the fan failure has31 Configuring SNMPv3 Groups 127Setting SNMPv3 Views 32 Configuring SNMPv3 ViewsUser Authentication Configuring User Accounts33 Access Levels Configuring Local/Remote Logon Authentication Radius Settings Tacacs Settings34 Authentication Settings Configuring Https Https System SupportReplacing the Default Secure-site Certificate Address server ip-addressConfiguring the Secure Shell Configuring the Switch Generating the Host Key Pair 36 SSH Host-Key Settings Configuring the SSH Server SSH server includes basic settings for authenticationConfiguring Port Security 38 Configuring Port Security Configuring 802.1X Port Authentication Displaying 802.1X Global Settings 802.1X protocol provides client authenticationCLI This example shows the default global setting for Web Click Security, 802.1X, InformationConfiguring Port Settings for Configuring 802.1X Global SettingsCLI This example enables 802.1X globally for the switch 41 802.1X Port Configuration AuthorizedConsoleconfig#interface ethernet 1/2 Displaying 802.1X Statistics 802.1X StatisticsMAC Address Authentication CLI This example displays the 802.1X statistics for portConfiguring the MAC Authentication Reauthentication Time Configuring MAC Authentication for Ports Web Click Security, Network Access, ConfigurationCLI This example configures MAC authentication for port Web Click Security, Network Access, Port ConfigurationDisplaying Secure MAC Address Information 45 Network Access MAC Address Information Configuring MAC Address Filters 100Filtering Addresses for Management Access CLI This example allows Snmp access for a specific client 47 Creating a Web IP Filter ListAccess Control Lists Configuring Access Control ListsCLI This example creates a standard IP ACL named david Setting the ACL Name and Type103 Configuring a Standard IP ACL 104Configuring an Extended IP ACL 50 ACL Configuration Extended IP 105Configuring a MAC ACL 111Binding a Port to an Access Control List 52 Binding a Port to an ACLPort Configuration Displaying Connection StatusField Attributes Web 107Web Click Port, Port Information or Trunk Information ConfigurationBasic Information Current Status Configuring Interface Connections138 54 Port/Trunk Configuration 136 Creating Trunk Groups135 Statically Configuring a Trunk 55 Configuring Port TrunksEnabling Lacp on Selected Ports 14756 Lacp Configuration 148Configuring Lacp Parameters Dynamically Creating a Port Channel57 Lacp Aggregation Port You can display statistics for Lacp protocol messages Displaying Lacp Port CountersLacp Port Counters Protocols Ethernet Type LACPDUs Illegal PktsLacp Internal Configuration Information Displaying Lacp Settings and Status for the Local SideField Description 59 Lacp Port Internal Information Displaying Lacp Settings and Status for the Remote Side 10 Lacp Neighbor Configuration InformationConsole#show lacp 1 neighbors Setting Broadcast Storm Thresholds 61 Port Broadcast Control137 Configuring Port Mirroring140 Rate Limit Granularity Configuring Rate Limits142 Rate Limit Configuration 145Showing Port Statistics 144Transmit Errors ErrorsFCS Errors ProtocolParameter Description 11 Port StatisticsRmon Statistics Or alignment error Fragments65 Port Statistics Address Table Settings Setting Static AddressesCLI This example shows statistics for port 139Displaying the Address Table 15767 Dynamic Addresses 158Spanning Tree Algorithm Configuration Changing the Aging TimeCLI This example sets the aging time to 300 seconds 159Designated Root Port Bridge Displaying Global Settings For this Region120 69 STA Information 176 MstpGlobal settings apply to the entire switch Configuring Global SettingsBasic Configuration of Global Settings Root Device Configuration Configuration Settings for RstpConfiguration Settings for Mstp 70 STA Global Configuration Displaying Interface Settings AD B 71 STA Port Information Configuring Interface Settings CLI This example shows the STA attributes for port131 Configuring Multiple Spanning Trees CLI This example sets STA attributes for port133 73 Mstp Vlan Configuration 178167 Displaying Interface Settings for Mstp 74 Mstp Port InformationConfiguring Interface Settings for Mstp 175 CLI This example sets the Mstp attributes for port174 Ieee 802.1Q VLANs Vlan ConfigurationAssigning Ports to VLANs VA Vlan Aware VU Vlan Unaware Forwarding Tagged/Untagged Frames Enabling or Disabling Gvrp Global Setting CLI This example enables Gvrp for the switchDisplaying Basic Vlan Information 194Command Attributes Web Displaying Current VLANs78 Vlan Current Table Command Attributes CLI Creating VLANs 187179 CLI This example creates a new Vlan180 Adding Static Members to VLANs Vlan Index Adding Static Members to VLANs Port Index 18581 Vlan Static Membership by Port Configuring Vlan Behavior for Interfaces 82 Vlan Port Configuration Private VLANs 182183 184Displaying Current Private VLANs 153Associating VLANs Configuring Private VLANs189 Displaying Private Vlan Interface Information 190Configuring Private Vlan Interfaces 19387 Private Vlan Port Configuration 191Layer 2 Queue Settings Class of Service ConfigurationSetting the Default Priority for Interfaces 88 Port Priority Configuration CLI This example assigns a default priority of 5 to port12 Egress Queue Priority Mapping Mapping CoS Values to Egress Queues13 CoS Priority Levels 201 203Selecting the Queue Mode 90 Queue Mode200 Setting the Service Weight for Traffic Classes202 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS ValuesSelecting IP Precedence/DSCP Priority 204Mapping IP Precedence 14 Mapping IP PrecedenceMapping Dscp Priority 15 Mapping Dscp Priority Values206 209207 210Mapping IP Port Priority 95 IP Port Priority Status16 Egress Queue Priority Mapping Mapping CoS Values to ACLs205 Multicast Filtering 108Configuring Igmp Snooping and Query Parameters Layer 2 Igmp Snooping and Query98 Igmp Configuration Enabling Igmp Immediate Leave Displaying Interfaces Attached to a Multicast Router 100 Displaying Multicast Router Port Information220 Specifying Static Interfaces for a Multicast Router219 Displaying Port Members of Multicast Services 215Assigning Ports to Multicast Services 103 Igmp Member Port TableIgmp Filtering and Throttling Enabling Igmp Filtering and ThrottlingConfiguring Igmp Filter Profiles 104 Enabling Igmp Filtering and Throttling105 Igmp Profile Configuration Configuring Igmp Filtering and Throttling for Interfaces 106 Igmp Filter and Throttling Port Configuration General Configuration Guidelines for MVR Multicast Vlan RegistrationConfiguring Global MVR Settings 107 MVR Global ConfigurationDisplaying MVR Interface Status 108 MVR Port InformationDisplaying Port Members of Multicast Groups 109 MVR Group IP InformationConfiguring MVR Interface Status MVR VlanWeb Click MVR, Port or Trunk Configuration Assigning Static Multicast Groups to InterfacesConfiguring Domain Name Service Configuring General DNS Service Parameters190 234 235236 237Configuring Static DNS Host to Address Entries 113 DNS Static Host Table233 Displaying the DNS Cache238 Switch Clustering Cluster ConfigurationCluster Member Configuration Adds Candidate switches to the cluster as Members249 250Displays current cluster Member switch information Web Click Cluster, Member ConfigurationCluster Member Information Cluster Candidate Information 253Configuring the Switch 198 Accessing the CLI Using the Command Line InterfaceTelnet Connection Command Line Interface Entering Commands Command CompletionGetting Help on Commands Keywords and ArgumentsShowing Commands CLIMSGPRIVILEGEEXECCMDW2SHOWMVRNegating the Effect of Commands Using Command HistoryUnderstanding Command Modes Partial Keyword LookupExec Commands Command ModesConfiguration Commands Configuration Modes Command PromptConsoleconfig-if# 131 Spanning-tree mst-configuration Consoleconfig-mstp# 160Command Line Processing Command Line ProcessingKeystroke Function Command Groups Command Groups DescriptionCommand Line Interface Line Commands LineLogin Related CommandsSyntax Login local no login ExamplePassword Username 4-27 passwordSyntax Password 0 7 password no password No password is specifiedExec-timeout Timeout login responseSyntax Exec-timeout seconds no exec-timeout Password-thresh Silent-time4-16 Timeout login responseSyntax Password-thresh threshold no password-thresh Default value is three attemptsSilent-time DatabitsSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databitsParity Syntax Parity none even odd no paritySpeed StopbitsSyntax Speed bps no speed Syntax Stopbits 1Disconnect Show lineSyntax Disconnect session-id Syntax Show line console vtyGeneral Commands EnableTo show all lines, enter this command General Commands Function ModeDisable Disable Enable passwordEnable LevelConfigure Show historyReload EndThis command exits the configuration program This example shows how to quit a CLI sessionExit QuitDevice Designation Commands System Management CommandsPrompt User Access Commands User Access Commands Function ModeHostname Syntax Hostname name no hostnameGuest Admin 10 Default Login Settings Username Access-level PasswordUsername Default is level Default password is super Enable passwordEnable 4-20 authentication enable IP Filter Commands 11 IP Filter Commands Function ModeManagement ManagementShow management Ip http port Web Server CommandsIp http server Syntax No ip http secure-server Default Setting Ip http secure-serverIp http port 13 Https System Support Web Browser Operating SystemIp http secure-port Ip http secure-port4-33 Copy tftp https-certificatePortnumber The UDP port used for HTTPS/SSL. Range Ip http secure-server4-32Ip telnet port Telnet Server CommandsIp telnet server Secure Shell Commands 15 SSH Commands Function ModeIp telnet port Sets the SSH server key size Copy tftp public-keyCommand Line Interface Ip ssh server Syntax No ip ssh server Default SettingIp ssh crypto host-key generate 4-40 show ssh Ip ssh timeout Ip ssh authentication-retriesSyntax Ip ssh timeout seconds no ip ssh timeout Exec-timeout4-14 show ip sshDelete public-key Ip ssh server-key sizeSyntax Delete public-key username dsa rsa Ip ssh crypto host-key generate Ip ssh crypto zeroizeSyntax Ip ssh crypto host-key generate dsa rsa Syntax Ip ssh crypto zeroize dsa rsaShow ip ssh Ip ssh save host-keySyntax Ip ssh save host-key dsa rsa 16 show ssh display description Show sshTerminology Show public-key Syntax Show public-key user username hostUsername Name of an SSH user. Range 1-8 characters Shows all public keysEvent Logging Commands 17 Event Logging Commands Function ModeSyntax No logging on Default Setting Logging onLogging history Flash errors level 3 RAM warnings level 618 Logging Levels Logging host Logging facilitySyntax No logging host hostipaddress Hostipaddress The IP address of a syslog serverLogging trap Clear loggingSyntax Logging trap level no logging trap Syntax Clear logging flash ramSyntax Show logging flash ram sendmail trap Show logging19 show logging flash/ram display description Facility command Logging trap commandSyntax Show log flash ram login tail Show logSmtp Alert Commands 21 Smtp Alert Commands Function ModeLogging sendmail host Following example shows sample messages stored in RAMLogging sendmail level Syntax Logging sendmail level levelLogging sendmail source-email Logging sendmail destination-emailSyntax No logging sendmail source-email email-address This example will set the source email john@acme.comLogging sendmail Syntax No logging sendmail Default SettingShow logging sendmail Time Commands 22 Time Commands Function ModeSyntax No sntp client Default Setting Sntp clientSntp server Sntp server 4-55 sntp poll 4-56 show sntpSyntax Sntp server ip1 ip2 ip3 Ip IP address of an NTP time server. Range 1-3 addressesShow sntp Sntp pollSyntax Sntp poll seconds no sntp poll Syntax No ntp client Default Setting Ntp clientNtp server Sntp client 4-54 ntp poll 4-58 ntp serverNtp poll Version numberNtp client 4-57 ntp poll 4-58 show ntp Syntax Ntp poll seconds no ntp pollNtp authenticate Ntp authentication-keySyntax No ntp authenticate Default Setting Ntp authentication-key4-59Show ntp Clock timezone This command displays the system clock Calendar setShow calendar Calendar set hour min sec day month year month day yearShow startup-config System Status Commands23 System Status Commands Function Mode Show running-config4-65 Show running-config Show startup-config4-63 Show system This command displays system informationShow users Show version Frame Size Commands 24 Frame Size CommandsJumbo frame Enables support for jumbo frames Syntax No jumbo frame Default Setting25 Flash/File Commands Flash/File CommandsCommand Function Mode Copy Flash/File Commands Following example shows how to download a configuration file Syntax Dir boot-rom config opcode filename DeleteDir Delete filenameWhichboot Syntax whichboot Default Setting26 File Directory Information Column Heading DescriptionSyntax Boot system boot-romconfig opcode filename Boot systemDir 4-73 whichboot Authentication Commands Authentication SequenceAuthentication login 27 Authentication Commands Command Group FunctionAuthentication enable Username for setting the local user names and passwords29 Radius Client Commands Function Mode Show radius-server Shows the current Radius settingsRadius Client Radius-server hostRadius-server port Radius-server keyRadius-server timeout Radius-server retransmitTACACS+ Client 30 Tacacs Commands Function ModeShow radius-server Tacacs-server host Tacacs-server portTacacs-server key Syntax Tacacs-server port portnumber no tacacs-server portShow tacacs-server Syntax Tacacs-server key keystring no tacacs-server keyPort Security Commands 31 Port Security Commands Function ModeStatus Disabled Action None Maximum Addresses Interface Configuration Ethernet802.1X Port Authentication 32 802.1X Port Authentication Command Function ModeDot1x default Acquire a new client Dot1x timeout re-authperiodBe re-authenticated Dot1x timeout tx-period Syntax No system-auth-control Default SettingDefault Command Mode Dot1x max-reqDot1x port-control Syntax Dot1x max-req count no dot1x max-reqDot1x re-authenticate Syntax Dot1x re-authenticate interfaceDot1x operation-mode InterfaceDot1x re-authentication Dot1x timeout quiet-periodSyntax No dot1x re-authentication Command Mode Seconds The number of seconds. RangeDot1x timeout tx-period Dot1x timeout re-authperiodShow dot1x Syntax Show dot1x statistics interface interface Statistics Displays dot1x status for each portAuthenticator State Machine Reauthentication State MachineState Current state including initialize, reauthenticate Backend State MachineExample Network-access mode Network Access33 Network Access Command Function Mode Network-access max-mac-count 1024Network-access mac-filter Syntax No network-access mac-filter filter-idmac-addressNetwork-access port-mac-filter Network-access dynamic-vlanSyntax No network-access dynamic-vlan Default Setting Filter-id- The number that identifies the filter. RangeFollowing example enables dynamic Vlan assignment on port Mac-authentication reauth-time1800 Clear network-access Show network-accessSyntax Show network-access interface interface Displays the settings for all interfacesShow network-access mac-filter Show network-access mac-address-tableUse this command to display MAC authentication filters Displays all filters101 Access Control List Commands Access Control ListsAccess-list ip 34 Access Control Lists Command Groups Function35 IP ACLs Command Function Mode Syntax No access-list ip standard extended aclnameSyntax No permit deny any source bitmask host source Permit, deny Ip access-group4-107 show ip access-list4-107Standard ACL Access-list ip No permit deny tcpExtended ACL Show ip access-list Ip access-groupSyntax Show ip access-list standard extended aclname Syntax No ip access-group aclnameShow ip access-group Map access-list ipShow ip access-list4-107 This command shows the ports assigned to IP ACLsShow map access-list ip Queue cos-map4-201 Show map access-list ipSyntax Show map access-list ip interface 36 Egress Queue Priority Mapping ExampleAccess-list mac 37 MAC ACLs Command Function ModeSyntax No access-list mac aclname MAC ACLsPermit, deny MAC ACL Syntax No permit denyShow mac access-list Mac access-groupSyntax Show mac access-list aclname Syntax Mac access-group aclnameShow mac access-group Map access-list macShow mac access-list4-112 This command shows the ports assigned to MAC ACLsShow map access-list mac Queue cos-map4-201 Show map access-list macSyntax Show map access-list mac interface 38 Egress Queue Priority MappingShow access-list Show access-group39 ACL Information Command Function Mode ACL InformationSnmp Commands 40 Snmp Commands Function ModeSnmp-server Syntax No snmp-server Default SettingShow snmp Snmp-server community Snmp-server contact Snmp-server locationSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server locationSnmp-server host Host Address None Notification Type TrapsSnmp Version UDP Port Snmp-server enable traps Snmp-server enable trapsIssue authentication and link-up-down traps Snmp-server engine-id This example shows the default engine ID This command shows the Snmp engine IDShow snmp engine-id Defaultview includes access to the entire MIB tree Snmp-server viewExamples This view includes MIB-2This command shows information on the Snmp views Show snmp viewSnmp-server group 42 show snmp view display descriptionShow snmp group Snmp-server user 43 show snmp group display description129 Show snmp user This command shows information on Snmp users44 show snmp user display description Interface Commands 45 Interface Commands Function ModeInterface Port-channel channel-idRangeSpeed-duplex DescriptionSyntax Description string no description Negotiation Syntax No negotiation Default SettingNegotiation 4-133 capabilities Capabilities Following example configures port 11 to use autonegotiationCapabilities 4-134speed-duplex4-132 Flowcontrol Syntax No flowcontrol Default SettingNegotiation 4-133speed-duplex4-132 flowcontrol Syntax No shutdown Default Setting ShutdownSwitchport broadcast packet-rate This command clears statistics on an interfacePort-channel channel-idRange Default Setting Clear countersThis command displays the status for an interface Show interfaces statusFollowing example clears statistics on port Syntax Show interfaces status interfaceThis command displays interface statistics Show interfaces countersSyntax Show interfaces counters interface Shows the counters for all interfacesSyntax Show interfaces switchport interface Show interfaces switchportShows all interfaces Interfaces Switchport Statistics Mirror Port Commands 47 Mirror Port Commands Function ModePort monitor Interface ethernet unit/port source portThis command displays mirror information Following shows mirroring configured from port 6 to portShow port monitor Syntax Show port monitor interfaceRate Limit Commands 48 Rate Limit Commands Function ModeRate-limit Fast Ethernet255 Gigabit Ethernet30Global Configuration Ethernet, Port Channel Use this command to display the rate limit granularityRate-limit granularity Show rate-limitLink Aggregation Commands 49 Link Aggregation Commands151 138Channel-group Guidelines for Creating TrunksGeneral Guidelines Dynamically Creating a Port ChannelLacp Syntax No lacp Default SettingFollowing example creates trunk 1 and then adds port Lacp system-priority 32768Lacp admin-keyEthernet Interface Lacp admin-key Port Channel Interface Configuration Port ChannelLacp port-priority This command displays Lacp informationShow lacp Port Channel all 50 show lacp counters display descriptionType Badly formed PDU or an illegal value of Protocol Subtype51 show lacp internal display description 52 show lacp neighbors display description 54 Address Table Commands Function Mode Address Table Commands53 show lacp sysid display description Mac-address-table static Mac-address- MAC addressVlan-id- Vlan ID Range ActionShow mac-address-table Clear mac-address-table dynamicMac-address- MAC address Mask Bits to match in the address Mac-address-table aging-time Show mac-address-table aging-timeSpanning Tree Commands 55 Spanning Tree Commands Function ModeSpanning-tree mode Syntax No spanning-tree Default SettingSpanning tree is enabled Spanning-treeSpanning-tree forward-time Spanning-tree hello-time Spanning-tree forward-time 4-162spanning-tree max-ageSpanning-tree priority Spanning-tree max-ageSpanning-tree forward-time 4-162spanning-tree hello-time Spanning-tree pathcost method Long methodSpanning-tree mst-configuration This command limits the maximum transmission rate for BPDUsSpanning-tree transmission-limit Count The transmission limit in seconds. RangeMst vlan MST ConfigurationNo mst instanceid vlan vlan-range Mst priority NameMst instanceid priority priority no mst instanceid priority Syntax Name nameRevision Max-hopsSyntax Revision number Max-hopshop-numberSpanning-tree spanning-disabled Syntax No spanning-tree spanning-disabled Default SettingThis example disables the spanning tree algorithm for port Spanning-tree costSpanning-tree port-priority Priority The priority for a port. Range 0-240, in stepsSyntax No spanning-tree edge-port Default Setting Spanning-tree edge-portSyntax No spanning-tree portfast Default Setting Spanning-tree portfastSpanning-tree link-type Spanning-treeedge-port4-172Spanning-tree mst cost AutoSpanning-tree mst port-priority Spanning-tree mst port-priority4-175Port-channel channel-idRange Command Mode Spanning-tree protocol-migrationShow spanning-tree Syntax Spanning-tree protocol-migration interface177 Show spanning-tree mst configuration Vlan Commands 56 VLANs Command Groups Function57 Editing Vlan Groups Command Function Mode Editing Vlan GroupsBy default only Vlan 1 exists and is active Vlan Database ConfigurationVlan Show vlanConfiguring Vlan Interfaces 58 Configuring Vlan Interfaces Command Function ModeInterface vlan Interface vlanSwitchport mode Switchport acceptable-frame-typesAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types4-182Switchport ingress-filtering Syntax No switchport ingress-filtering Default SettingSwitchport native vlan Switchport allowed vlan 59 Show Vlan Commands Function Mode Switchport forbidden vlanDisplaying Vlan Information This command shows Vlan information Following example shows how to display information for VlanShow vlan Shows all VLANsConfiguring Private VLANs 60 Private Vlan CommandsVlan Configuration Private-vlanPrivate vlan association No private-vlan primary-vlan-idassociationSwitchport mode private-vlan Switchport private-vlan host-associationNormal Vlan Secondary-vlan-id- ID of secondary VLAN. RangeSwitchport private-vlan isolated Isolated-vlan-id- ID of isolated VLAN. RangeShow vlan private-vlan Switchport private-vlan mappingSyntax Show vlan private-vlan community isolated primary Gvrp and Bridge Extension Commands 61 Gvrp and Bridge Extension Commands Function ModeSyntax No bridge-ext gvrp Default Setting Bridge-ext gvrpSyntax No switchport gvrp Default Setting Switchport gvrpShow bridge-ext Show gvrp configuration Garp timerThis command shows if Gvrp is enabled Syntax Show gvrp configuration interfaceSyntax Show garp timer interface Show garp timerShows all Garp timers Priority Commands Priority Commands Layer62 Priority Commands Command Groups Function 63 Priority Commands Layer Function ModeSwitchport priority default Queue modeSyntax Queue mode strict wrr no queue mode Queue bandwidth weight1...weight4 no queue bandwidth Queue bandwidthQueue cos-map Queue cos-mapqueueid cos1 ... cosn no queue cos-mapShow queue mode This command shows the current queue modeShow queue bandwidth Show queue cos-map4-203Show queue cos-map This command shows the class of service priority mapSyntax Show queue cos-map interface 65 Priority Commands Layer 3 Function Mode Priority Commands Layer 3Syntax No map ip port Default Setting Following example shows how to map Http traffic to CoS value Syntax No map ip precedence Default SettingList below shows the default priority mapping 66 Mapping IP Precedence Values CoS Value Command ModeSyntax No map ip dscp Default Setting Map ip dscp dscp-value cos cos-value no map ip dscpUse this command to show the IP port priority map Show map ip port67 IP Dscp to CoS Vales IP Dscp Value CoS Value 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40Show map ip precedence This command shows the IP precedence priority mapSyntax Show map ip precedence interface Show map ip dscp This command shows the IP Dscp priority mapSyntax Show map ip dscp interface Multicast Filtering Commands Igmp Snooping Commands68 Multicast Filtering Commands Command Groups Function 69 Igmp Snooping Commands Function ModeSyntax No ip igmp snooping Default Setting Following example enables Igmp snoopingIp igmp snooping Ip igmp snooping vlan staticFollowing configures the switch to use Igmp Version Ip igmp snooping versionIp igmp snooping immediate-leave Igmp VersionShow ip igmp snooping Show mac-address-table multicast215 Igmp Query Commands Layer 70 Igmp Query Commands Layer Function ModeSyntax No ip igmp snooping querier Default Setting Ip igmp snooping querierFollowing shows how to configure the query count to Ip igmp snooping query-intervalTimes Ip igmp snooping query-max-response-time4-218Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. RangeIp igmp snooping router-port-expire-time Static Multicast Routing Commands 71 Static Multicast Routing Commands Function ModeIp igmp snooping vlan mrouter Syntax No ip igmp snooping vlan vlan-idmrouter interfaceDisplays multicast router ports for all configured VLANs Show ip igmp snooping mrouterSyntax Show ip igmp snooping mrouter vlan vlan-id Multicast router port types displayed include StaticIgmp Filtering and Throttling Commands 72 Igmp Filtering and Throttling Commands Function ModeSyntax No ip igmp filter Default Setting 223Syntax Permit deny Default Setting Ip igmp profilePermit, deny Syntax No ip igmp profile profile-numberNo range low-ip-address high-ip-address RangeSyntax No ip igmp filter profile-number Ip igmp max-groups Syntax Ip igmp max-groups number No ip igmp max-groupsIp igmp max-groups action Show ip igmp filterSyntax Ip igmp max-groups action replace deny Syntax Show ip igmp filter interfaceShow ip igmp profile Show ip igmp throttle interfaceSyntax Show ip igmp profile profile-number Syntax Show ip igmp throttle interface interfaceMulticast Vlan Registration Commands 73 Multicast Vlan Registration Commands Function Mode229 Multicast groups assigned to the MVR VlanCommand Line Interface Mvr Global Configuration No mvr group ip-address count vlan vlan-idMulticast Filtering Commands Mvr Interface Configuration Syntax Show mvr interface interface members ip-address Show mvrUnit Stack unit. Range Port Port number. Range Following shows the global MVR settings 74 show mvr display descriptionAre satisfied 75 show mvr interface display description77 DNS Commands Function Mode Domain Name Service Commands76 show mvr members display description Ip host Clear hostNo ip host name address1 address2 … address8 Syntax Clear host nameIp domain-name Removes all entriesThis example clears all static entries from the DNS table Syntax Ip domain-name name no ip domain-nameSyntax No ip domain-list name Ip domain-listIp domain-name4-234 Ip name-server Ip domain-lookupServer-address1- IP address of domain-name server Ip domain-name4-234 ip domain-lookup4-236Show hosts Ip domain-name4-234 ip name-server4-236Show dns cache Show dns78 show dns cache display description This command clears all entries in the DNS cache Clear dns cacheDhcp Commands 79 Dhcp Commands Function ModeSyntax No ip dhcp relay information option Default Setting Ip dhcp relay information optionIp dhcp relay information policy Ip dhcp relay serverSyntax Ip dhcp relay information policy drop keep replace Ip dhcp relay server address1 address2 address3Show ip dhcp-relay Usage Guidelines80 IP Interface Commands Function Mode IP Interface CommandsIp address Ip default-gateway Syntax Ip default-gateway gateway no ip default-gatewayGateway IP address of the default gateway No static route is establishedIp dhcp restart Show ip interfaceIp default-gateway4-244 This command has no default for the hostShow ip redirects Ping247 Switch Cluster Commands 81 Switch Cluster Commands Function ModeSyntax No cluster Default Setting ClusterCluster commander Syntax No cluster commander Default SettingCluster ip-pool Syntax Cluster ip-pool ip-addressno cluster ip-poolRcommand Syntax Rcommand id member-idMember-id- The ID number of the Member switch. Range Cluster memberThis command shows the switch clustering configuration This command shows the current switch cluster membersShow cluster Show cluster membersShow cluster candidates Appendix a Software Specifications Software FeaturesGroups 1, 2, 3, 9 Statistics, History, Alarm, Event Management FeaturesStandards Management Information Bases Software Specifications Table B-1 Troubleshooting Chart Symptom ActionUsing System Logs Access Control List ACL Boot Protocol BootpClass of Service CoS Differentiated Services Code Point Service DscpGarp Vlan Registration Protocol Gvrp Generic Attribute Registration Protocol GarpGeneric Multicast Registration Protocol Gmrp Group Attribute Registration Protocol GarpIgmp Snooping Igmp QueryInternet Group Management Protocol Igmp In-Band ManagementMulticast Switching Port AuthenticationRemote Authentication Dial-in User Service Radius MD5 Message-Digest AlgorithmRemote Monitoring Rmon Rapid Spanning Tree Protocol RstpSecure Shell SSH Simple Network Management Protocol SnmpVirtual LAN Vlan User Datagram Protocol UDPXModem Index NumericsGateway, default 3-14,4-245 Garp Vlan Registration Protocol SeeIndex-3 Index-4 Page ES3526XA ES3552XA E122006-CS-R02D 149100005500H