Configuring SNMPv3 Users | Accton Technology ES3552XA, ES3526XA

Configuring SNMPv3 Management Access 3

configure the remote agent’s SNMP engine ID before you can send proxy requests or informs to it. (See “Specifying Trap Managers and Trap Types” on page 3-41and “Configuring Remote SNMPv3 Users” on page 3-47.)

The engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are specified, trailing zeroes are added to the value. For example, the value “1234” is equivalent to “1234” followed by 22 zeroes.

Web – Click SNMP, SNMPv3, Remote Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.

Figure 3-28 Setting an Engine ID

CLI – This example specifies a remote SNMPv3 engine ID.

Console(config)#snmp-server engineID remote 54321 192.168.1.19	4-123
Console(config)#exit
Console#show snmp engine-id	4-124
Local SNMP engineID: 8000002a8000000000e8666672
Local SNMP engineBoots: 1
Remote SNMP engineID	IP address
80000000030004e2b316c54321	192.168.1.19
Console#

Configuring SNMPv3 Users

Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group. The SNMPv3 group restricts users to a specific read, write, or notify view.

Command Attributes

•User Name – The name of user connecting to the SNMP agent. (Range: 1-32 characters)

•Group Name – The name of the SNMP group to which the user is assigned. (Range: 1-32 characters)

•Security Model – The user security model; SNMP v1, v2c or v3.

•Security Level – The security level used for the user:

-noAuthNoPriv – There is no authentication or encryption used in SNMP communications. (This is the default for SNMPv3.)

-AuthNoPriv – SNMP communications use authentication, but the data is not encrypted (only available for the SNMPv3 security model).

-AuthPriv – SNMP communications use both authentication and encryption (only

3-45

Image 89

Accton Technology ES3552XA, ES3526XA manual Configuring SNMPv3 Users, CLI This example specifies a remote SNMPv3 engine ID

Contents

Powered by Accton Page Fast Ethernet Switch ES3526XA ES3552XA F2.2.6.3 E122006-CS-R02 149100005500H Contents Page Iii Page Command Line Interface Page Vii Viii Contents Page Contents Xii Appendix B Troubleshooting Appendix a Software SpecificationsGlossary Index Xiii Xiv Tables Xvi Xvii Xviii Xix Figures Figures Xxi Xxii Key Features Key FeaturesFeature Description Supports standard STP and Rapid Spanning Tree Protocol Rstp Description of Software Features Description of Software Features Introduction System Defaults System DefaultsFunction Parameter Default Password super Client Enabled System Defaults Function Parameter Clock Synchronization Disabled Introduction Configuration Options Connecting to the Switch Required Connections Initial Configuration Console Connection Basic ConfigurationRemote Connections Manual Configuration Setting PasswordsSetting an IP Address Dynamic Configuration Community Strings for Snmp version 1 and 2c clients Enabling Snmp Management Access 120 Trap Receivers118 Configuring Access for Snmp Version 3 Clients Saving Configuration Settings125 126 Managing System Files Initial Configuration Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Panel Display Configuration Options Main Menu ConfigurationMain Menu Menu Description System System Information ACL Menu Description Current Table 139143 148 155 Class-of-service value IP Dscp Priority164 Dscp Priority Status Both IP Precedence Priority Query Igmp Filter Configuration Menu Description Igmp Snooping 170 Igmp ConfigurationConfiguration Settings Igmp Filter/Throttling Trunk Configuration Settings Main Menu Field Attributes Displaying System Information Main Board Displaying Switch Hardware/Software VersionsManagement Software Expansion Slot Displaying Switch Information Displaying Bridge Extension Capabilities Bridge Extension Configuration CLI Enter the following command Setting the Switch’s IP AddressCommand Attributes 195 245 131244 246 Using DHCP/BOOTP Dhcp Relay and Option 82 Information Command Usage 242 241 Managing Firmware Operation Code Image File Transfer Downloading System Software from a Server 11 Deleting Files Saving or Restoring Configuration Settings 12 Copy Configuration Settings Downloading Configuration Settings from a Server Console Port Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet System Log Configuration Configuring Event Logging Level Severity Name Description Logging Levels 17 Remote Logs Remote Log Configuration CLI This example shows the event message stored in RAM Displaying Log Messages Sending Simple Mail Transfer Protocol Alerts 19 Enabling and Configuring Smtp Alerts 20 Resetting the System Resetting the System Configuring Sntp Setting the System Clock Configuring NTP 22 NTP Client Configuration Simple Network Management Protocol Setting the Time Zone User defined SNMPv3 Security Models and LevelsLevel Group Read View Write View Notify View Security CLI The following example enables Snmp on the switch Setting Community Access StringsEnabling the Snmp Agent 117 Specifying Trap Managers and Trap Types 25 Configuring Snmp Community Strings Configuring the Switch 122 Configuring SNMPv3 Management Access Specifying a Remote Engine ID Setting a Local Engine IDCLI This example sets an SNMPv3 engine ID 123 CLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 Users 29 Configuring SNMPv3 Users 130 Configuring Remote SNMPv3 Users 30 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages This trap is sent when the fan fails Private Traps SwPowerStatusSwFanRecoverTrap This trap is sent when the fan failure has 127 31 Configuring SNMPv3 Groups 32 Configuring SNMPv3 Views Setting SNMPv3 Views Configuring User Accounts User Authentication 33 Access Levels Configuring Local/Remote Logon Authentication Tacacs Settings Radius Settings 34 Authentication Settings Https System Support Configuring Https Address server ip-address Replacing the Default Secure-site Certificate Configuring the Secure Shell Configuring the Switch Generating the Host Key Pair 36 SSH Host-Key Settings SSH server includes basic settings for authentication Configuring the SSH Server Configuring Port Security 38 Configuring Port Security Configuring 802.1X Port Authentication 802.1X protocol provides client authentication Displaying 802.1X Global SettingsCLI This example shows the default global setting for Web Click Security, 802.1X, Information CLI This example enables 802.1X globally for the switch Configuring 802.1X Global SettingsConfiguring Port Settings for Authorized 41 802.1X Port Configuration Consoleconfig#interface ethernet 1/2 802.1X Statistics Displaying 802.1X Statistics CLI This example displays the 802.1X statistics for port MAC Address Authentication Configuring the MAC Authentication Reauthentication Time Web Click Security, Network Access, Configuration Configuring MAC Authentication for Ports Displaying Secure MAC Address Information Web Click Security, Network Access, Port ConfigurationCLI This example configures MAC authentication for port 45 Network Access MAC Address Information 100 Configuring MAC Address Filters Filtering Addresses for Management Access 47 Creating a Web IP Filter List CLI This example allows Snmp access for a specific client Configuring Access Control Lists Access Control Lists 103 Setting the ACL Name and TypeCLI This example creates a standard IP ACL named david 104 Configuring a Standard IP ACL Configuring an Extended IP ACL 105 50 ACL Configuration Extended IP 111 Configuring a MAC ACL 52 Binding a Port to an ACL Binding a Port to an Access Control List Displaying Connection Status Port ConfigurationField Attributes Web 107 Basic Information ConfigurationWeb Click Port, Port Information or Trunk Information 138 Configuring Interface ConnectionsCurrent Status 54 Port/Trunk Configuration 135 Creating Trunk Groups136 55 Configuring Port Trunks Statically Configuring a Trunk 147 Enabling Lacp on Selected Ports 148 56 Lacp Configuration Dynamically Creating a Port Channel Configuring Lacp Parameters 57 Lacp Aggregation Port Lacp Port Counters Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages LACPDUs Illegal Pkts Protocols Ethernet Type Field Description Displaying Lacp Settings and Status for the Local SideLacp Internal Configuration Information 59 Lacp Port Internal Information 10 Lacp Neighbor Configuration Information Displaying Lacp Settings and Status for the Remote Side Console#show lacp 1 neighbors 61 Port Broadcast Control Setting Broadcast Storm Thresholds 140 Configuring Port Mirroring137 142 Configuring Rate LimitsRate Limit Granularity 145 Rate Limit Configuration 144 Showing Port Statistics Errors Transmit ErrorsFCS Errors Protocol Rmon Statistics 11 Port StatisticsParameter Description Fragments Or alignment error 65 Port Statistics Setting Static Addresses Address Table SettingsCLI This example shows statistics for port 139 157 Displaying the Address Table 158 67 Dynamic Addresses Changing the Aging Time Spanning Tree Algorithm ConfigurationCLI This example sets the aging time to 300 seconds 159 Designated Root Port Bridge For this Region Displaying Global Settings 120 69 STA Information Mstp 176 Basic Configuration of Global Settings Configuring Global SettingsGlobal settings apply to the entire switch Configuration Settings for Rstp Root Device Configuration Configuration Settings for Mstp 70 STA Global Configuration Displaying Interface Settings AD B 71 STA Port Information CLI This example shows the STA attributes for port Configuring Interface Settings 131 CLI This example sets STA attributes for port Configuring Multiple Spanning Trees 133 178 73 Mstp Vlan Configuration 167 74 Mstp Port Information Displaying Interface Settings for Mstp Configuring Interface Settings for Mstp 174 CLI This example sets the Mstp attributes for port175 Assigning Ports to VLANs Vlan ConfigurationIeee 802.1Q VLANs VA Vlan Aware VU Vlan Unaware Forwarding Tagged/Untagged Frames CLI This example enables Gvrp for the switch Enabling or Disabling Gvrp Global SettingDisplaying Basic Vlan Information 194 Displaying Current VLANs Command Attributes Web 78 Vlan Current Table Command Attributes CLI 187 Creating VLANs 180 CLI This example creates a new Vlan179 Adding Static Members to VLANs Vlan Index 185 Adding Static Members to VLANs Port Index 81 Vlan Static Membership by Port Configuring Vlan Behavior for Interfaces 82 Vlan Port Configuration 182 Private VLANs183 184 153 Displaying Current Private VLANs 189 Configuring Private VLANsAssociating VLANs 190 Displaying Private Vlan Interface Information 193 Configuring Private Vlan Interfaces 191 87 Private Vlan Port Configuration Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings CLI This example assigns a default priority of 5 to port 88 Port Priority Configuration 13 CoS Priority Levels Mapping CoS Values to Egress Queues12 Egress Queue Priority Mapping 203 201 90 Queue Mode Selecting the Queue Mode 202 Setting the Service Weight for Traffic Classes200 Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority SettingsSelecting IP Precedence/DSCP Priority 204 14 Mapping IP Precedence Mapping IP Precedence 15 Mapping Dscp Priority Values Mapping Dscp Priority206 209 210 207 95 IP Port Priority Status Mapping IP Port Priority 205 Mapping CoS Values to ACLs16 Egress Queue Priority Mapping 108 Multicast Filtering Layer 2 Igmp Snooping and Query Configuring Igmp Snooping and Query Parameters 98 Igmp Configuration Enabling Igmp Immediate Leave 100 Displaying Multicast Router Port Information Displaying Interfaces Attached to a Multicast Router 219 Specifying Static Interfaces for a Multicast Router220 215 Displaying Port Members of Multicast Services 103 Igmp Member Port Table Assigning Ports to Multicast Services Enabling Igmp Filtering and Throttling Igmp Filtering and Throttling 104 Enabling Igmp Filtering and Throttling Configuring Igmp Filter Profiles 105 Igmp Profile Configuration Configuring Igmp Filtering and Throttling for Interfaces 106 Igmp Filter and Throttling Port Configuration Multicast Vlan Registration General Configuration Guidelines for MVR 107 MVR Global Configuration Configuring Global MVR Settings 108 MVR Port Information Displaying MVR Interface Status 109 MVR Group IP Information Displaying Port Members of Multicast Groups MVR Vlan Configuring MVR Interface Status Assigning Static Multicast Groups to Interfaces Web Click MVR, Port or Trunk Configuration Configuring General DNS Service Parameters Configuring Domain Name Service 190 235 234236 237 113 DNS Static Host Table Configuring Static DNS Host to Address Entries 238 Displaying the DNS Cache233 Cluster Configuration Switch Clustering Adds Candidate switches to the cluster as Members Cluster Member Configuration249 250 Cluster Member Information Web Click Cluster, Member ConfigurationDisplays current cluster Member switch information 253 Cluster Candidate Information Configuring the Switch 198 Telnet Connection Using the Command Line InterfaceAccessing the CLI Command Line Interface Command Completion Entering CommandsGetting Help on Commands Keywords and Arguments CLIMSGPRIVILEGEEXECCMDW2SHOWMVR Showing Commands Using Command History Negating the Effect of CommandsUnderstanding Command Modes Partial Keyword Lookup Command Modes Exec Commands Configuration Modes Command Prompt Configuration CommandsConsoleconfig-if# 131 Spanning-tree mst-configuration Consoleconfig-mstp# 160 Keystroke Function Command Line ProcessingCommand Line Processing Command Groups Description Command Groups Command Line Interface Line Line Commands Related Commands LoginSyntax Login local no login Example Username 4-27 password PasswordSyntax Password 0 7 password no password No password is specified Syntax Exec-timeout seconds no exec-timeout Timeout login responseExec-timeout Silent-time4-16 Timeout login response Password-threshSyntax Password-thresh threshold no password-thresh Default value is three attempts Databits Silent-timeSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databits Syntax Parity none even odd no parity Parity Stopbits SpeedSyntax Speed bps no speed Syntax Stopbits 1 Show line DisconnectSyntax Disconnect session-id Syntax Show line console vty Enable General CommandsTo show all lines, enter this command General Commands Function Mode Disable Enable password DisableEnable Level Show history Configure End Reload This example shows how to quit a CLI session This command exits the configuration programExit Quit Prompt System Management CommandsDevice Designation Commands User Access Commands Function Mode User Access CommandsHostname Syntax Hostname name no hostname Username 10 Default Login Settings Username Access-level PasswordGuest Admin Enable 4-20 authentication enable Enable passwordDefault is level Default password is super 11 IP Filter Commands Function Mode IP Filter CommandsManagement Management Show management Ip http server Web Server CommandsIp http port Ip http secure-server Syntax No ip http secure-server Default SettingIp http port 13 Https System Support Web Browser Operating System Ip http secure-port4-33 Copy tftp https-certificate Ip http secure-portPortnumber The UDP port used for HTTPS/SSL. Range Ip http secure-server4-32 Ip telnet server Telnet Server CommandsIp telnet port 15 SSH Commands Function Mode Secure Shell CommandsIp telnet port Sets the SSH server key size Copy tftp public-key Command Line Interface Ip ssh crypto host-key generate 4-40 show ssh Syntax No ip ssh server Default SettingIp ssh server Ip ssh authentication-retries Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Exec-timeout4-14 show ip ssh Syntax Delete public-key username dsa rsa Ip ssh server-key sizeDelete public-key Ip ssh crypto zeroize Ip ssh crypto host-key generateSyntax Ip ssh crypto host-key generate dsa rsa Syntax Ip ssh crypto zeroize dsa rsa Syntax Ip ssh save host-key dsa rsa Ip ssh save host-keyShow ip ssh Terminology Show ssh16 show ssh display description Syntax Show public-key user username host Show public-keyUsername Name of an SSH user. Range 1-8 characters Shows all public keys 17 Event Logging Commands Function Mode Event Logging CommandsSyntax No logging on Default Setting Logging on 18 Logging Levels Flash errors level 3 RAM warnings level 6Logging history Logging facility Logging hostSyntax No logging host hostipaddress Hostipaddress The IP address of a syslog server Clear logging Logging trapSyntax Logging trap level no logging trap Syntax Clear logging flash ram 19 show logging flash/ram display description Show loggingSyntax Show logging flash ram sendmail trap Logging trap command Facility commandSyntax Show log flash ram login tail Show log 21 Smtp Alert Commands Function Mode Smtp Alert CommandsLogging sendmail host Following example shows sample messages stored in RAM Syntax Logging sendmail level level Logging sendmail level Logging sendmail destination-email Logging sendmail source-emailSyntax No logging sendmail source-email email-address This example will set the source email john@acme.com Show logging sendmail Syntax No logging sendmail Default SettingLogging sendmail 22 Time Commands Function Mode Time CommandsSyntax No sntp client Default Setting Sntp client Sntp server 4-55 sntp poll 4-56 show sntp Sntp serverSyntax Sntp server ip1 ip2 ip3 Ip IP address of an NTP time server. Range 1-3 addresses Syntax Sntp poll seconds no sntp poll Sntp pollShow sntp Ntp client Syntax No ntp client Default SettingNtp server Sntp client 4-54 ntp poll 4-58 ntp server Version number Ntp pollNtp client 4-57 ntp poll 4-58 show ntp Syntax Ntp poll seconds no ntp poll Ntp authentication-key Ntp authenticateSyntax No ntp authenticate Default Setting Ntp authentication-key4-59 Show ntp Clock timezone Calendar set This command displays the system clockShow calendar Calendar set hour min sec day month year month day year 23 System Status Commands Function Mode System Status CommandsShow startup-config Show running-config4-65 Show running-config Show startup-config4-63 Show users This command displays system informationShow system Show version 24 Frame Size Commands Frame Size CommandsJumbo frame Enables support for jumbo frames Syntax No jumbo frame Default Setting Command Function Mode Copy Flash/File Commands25 Flash/File Commands Flash/File Commands Following example shows how to download a configuration file Delete Syntax Dir boot-rom config opcode filenameDir Delete filename Syntax whichboot Default Setting Whichboot26 File Directory Information Column Heading Description Dir 4-73 whichboot Boot systemSyntax Boot system boot-romconfig opcode filename Authentication Sequence Authentication CommandsAuthentication login 27 Authentication Commands Command Group Function Username for setting the local user names and passwords Authentication enable Show radius-server Shows the current Radius settings 29 Radius Client Commands Function ModeRadius Client Radius-server host Radius-server key Radius-server port Radius-server retransmit Radius-server timeout Show radius-server 30 Tacacs Commands Function ModeTACACS+ Client Tacacs-server port Tacacs-server hostTacacs-server key Syntax Tacacs-server port portnumber no tacacs-server port Syntax Tacacs-server key keystring no tacacs-server key Show tacacs-server 31 Port Security Commands Function Mode Port Security CommandsStatus Disabled Action None Maximum Addresses Interface Configuration Ethernet 32 802.1X Port Authentication Command Function Mode 802.1X Port Authentication Acquire a new client Dot1x timeout re-authperiod Dot1x defaultBe re-authenticated Dot1x timeout tx-period Syntax No system-auth-control Default Setting Dot1x max-req Default Command ModeDot1x port-control Syntax Dot1x max-req count no dot1x max-req Syntax Dot1x re-authenticate interface Dot1x re-authenticateDot1x operation-mode Interface Dot1x timeout quiet-period Dot1x re-authenticationSyntax No dot1x re-authentication Command Mode Seconds The number of seconds. Range Show dot1x Dot1x timeout re-authperiodDot1x timeout tx-period Statistics Displays dot1x status for each port Syntax Show dot1x statistics interface interface Reauthentication State Machine Authenticator State MachineState Current state including initialize, reauthenticate Backend State Machine Example 33 Network Access Command Function Mode Network AccessNetwork-access mode 1024 Network-access max-mac-count Syntax No network-access mac-filter filter-idmac-address Network-access mac-filter Network-access dynamic-vlan Network-access port-mac-filterSyntax No network-access dynamic-vlan Default Setting Filter-id- The number that identifies the filter. Range 1800 Mac-authentication reauth-timeFollowing example enables dynamic Vlan assignment on port Show network-access Clear network-accessSyntax Show network-access interface interface Displays the settings for all interfaces Show network-access mac-address-table Show network-access mac-filterUse this command to display MAC authentication filters Displays all filters 101 Access Control Lists Access Control List Commands 34 Access Control Lists Command Groups Function Access-list ip35 IP ACLs Command Function Mode Syntax No access-list ip standard extended aclname Standard ACL Permit, deny Ip access-group4-107 show ip access-list4-107Syntax No permit deny any source bitmask host source No permit deny tcp Access-list ip Extended ACL Ip access-group Show ip access-listSyntax Show ip access-list standard extended aclname Syntax No ip access-group aclname Map access-list ip Show ip access-groupShow ip access-list4-107 This command shows the ports assigned to IP ACLs Queue cos-map4-201 Show map access-list ip Show map access-list ipSyntax Show map access-list ip interface 36 Egress Queue Priority Mapping Example 37 MAC ACLs Command Function Mode Access-list macSyntax No access-list mac aclname MAC ACLs Syntax No permit deny Permit, deny MAC ACL Mac access-group Show mac access-listSyntax Show mac access-list aclname Syntax Mac access-group aclname Map access-list mac Show mac access-groupShow mac access-list4-112 This command shows the ports assigned to MAC ACLs Queue cos-map4-201 Show map access-list mac Show map access-list macSyntax Show map access-list mac interface 38 Egress Queue Priority Mapping Show access-group Show access-list39 ACL Information Command Function Mode ACL Information 40 Snmp Commands Function Mode Snmp Commands Show snmp Syntax No snmp-server Default SettingSnmp-server Snmp-server community Snmp-server location Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server enable traps Snmp-server engine-id Show snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID Snmp-server view Defaultview includes access to the entire MIB treeExamples This view includes MIB-2 Show snmp view This command shows information on the Snmp viewsSnmp-server group 42 show snmp view display description Show snmp group 43 show snmp group display description Snmp-server user 129 44 show snmp user display description This command shows information on Snmp usersShow snmp user 45 Interface Commands Function Mode Interface CommandsInterface Port-channel channel-idRange Syntax Description string no description DescriptionSpeed-duplex Negotiation 4-133 capabilities Syntax No negotiation Default SettingNegotiation Capabilities 4-134speed-duplex4-132 Following example configures port 11 to use autonegotiationCapabilities Negotiation 4-133speed-duplex4-132 flowcontrol Syntax No flowcontrol Default SettingFlowcontrol Shutdown Syntax No shutdown Default Setting This command clears statistics on an interface Switchport broadcast packet-ratePort-channel channel-idRange Default Setting Clear counters Show interfaces status This command displays the status for an interfaceFollowing example clears statistics on port Syntax Show interfaces status interface Show interfaces counters This command displays interface statisticsSyntax Show interfaces counters interface Shows the counters for all interfaces Shows all interfaces Show interfaces switchportSyntax Show interfaces switchport interface Interfaces Switchport Statistics 47 Mirror Port Commands Function Mode Mirror Port CommandsPort monitor Interface ethernet unit/port source port Following shows mirroring configured from port 6 to port This command displays mirror informationShow port monitor Syntax Show port monitor interface 48 Rate Limit Commands Function Mode Rate Limit CommandsRate-limit Fast Ethernet255 Gigabit Ethernet30 Use this command to display the rate limit granularity Global Configuration Ethernet, Port ChannelRate-limit granularity Show rate-limit 49 Link Aggregation Commands Link Aggregation Commands151 138 Guidelines for Creating Trunks Channel-groupGeneral Guidelines Dynamically Creating a Port Channel Following example creates trunk 1 and then adds port Syntax No lacp Default SettingLacp 32768 Lacp system-priority Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port Channel Show lacp This command displays Lacp informationLacp port-priority 50 show lacp counters display description Port Channel allType Badly formed PDU or an illegal value of Protocol Subtype 51 show lacp internal display description 52 show lacp neighbors display description 53 show lacp sysid display description Address Table Commands54 Address Table Commands Function Mode Mac-address- MAC address Mac-address-table staticVlan-id- Vlan ID Range Action Mac-address- MAC address Mask Bits to match in the address Clear mac-address-table dynamicShow mac-address-table Show mac-address-table aging-time Mac-address-table aging-time 55 Spanning Tree Commands Function Mode Spanning Tree Commands Syntax No spanning-tree Default Setting Spanning-tree modeSpanning tree is enabled Spanning-tree Spanning-tree forward-time Spanning-tree forward-time 4-162spanning-tree max-age Spanning-tree hello-time Spanning-tree forward-time 4-162spanning-tree hello-time Spanning-tree max-ageSpanning-tree priority Long method Spanning-tree pathcost method This command limits the maximum transmission rate for BPDUs Spanning-tree mst-configurationSpanning-tree transmission-limit Count The transmission limit in seconds. Range No mst instanceid vlan vlan-range MST ConfigurationMst vlan Name Mst priorityMst instanceid priority priority no mst instanceid priority Syntax Name name Max-hops RevisionSyntax Revision number Max-hopshop-number Syntax No spanning-tree spanning-disabled Default Setting Spanning-tree spanning-disabledThis example disables the spanning tree algorithm for port Spanning-tree cost Priority The priority for a port. Range 0-240, in steps Spanning-tree port-priority Spanning-tree edge-port Syntax No spanning-tree edge-port Default Setting Spanning-tree portfast Syntax No spanning-tree portfast Default SettingSpanning-tree link-type Spanning-treeedge-port4-172 Auto Spanning-tree mst cost Spanning-tree mst port-priority4-175 Spanning-tree mst port-priority Spanning-tree protocol-migration Port-channel channel-idRange Command ModeShow spanning-tree Syntax Spanning-tree protocol-migration interface 177 Show spanning-tree mst configuration 56 VLANs Command Groups Function Vlan Commands57 Editing Vlan Groups Command Function Mode Editing Vlan Groups Vlan Database Configuration By default only Vlan 1 exists and is activeVlan Show vlan 58 Configuring Vlan Interfaces Command Function Mode Configuring Vlan InterfacesInterface vlan Interface vlan Switchport acceptable-frame-types Switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types4-182 Syntax No switchport ingress-filtering Default Setting Switchport ingress-filtering Switchport native vlan Switchport allowed vlan Displaying Vlan Information Switchport forbidden vlan59 Show Vlan Commands Function Mode Following example shows how to display information for Vlan This command shows Vlan informationShow vlan Shows all VLANs 60 Private Vlan Commands Configuring Private VLANs Private-vlan Vlan Configuration No private-vlan primary-vlan-idassociation Private vlan association Switchport private-vlan host-association Switchport mode private-vlanNormal Vlan Secondary-vlan-id- ID of secondary VLAN. Range Isolated-vlan-id- ID of isolated VLAN. Range Switchport private-vlan isolated Syntax Show vlan private-vlan community isolated primary Switchport private-vlan mappingShow vlan private-vlan 61 Gvrp and Bridge Extension Commands Function Mode Gvrp and Bridge Extension CommandsSyntax No bridge-ext gvrp Default Setting Bridge-ext gvrp Show bridge-ext Switchport gvrpSyntax No switchport gvrp Default Setting Garp timer Show gvrp configurationThis command shows if Gvrp is enabled Syntax Show gvrp configuration interface Shows all Garp timers Show garp timerSyntax Show garp timer interface Priority Commands Layer Priority Commands62 Priority Commands Command Groups Function 63 Priority Commands Layer Function Mode Syntax Queue mode strict wrr no queue mode Queue modeSwitchport priority default Queue bandwidth Queue bandwidth weight1...weight4 no queue bandwidth Queue cos-mapqueueid cos1 ... cosn no queue cos-map Queue cos-map This command shows the current queue mode Show queue modeShow queue bandwidth Show queue cos-map4-203 Syntax Show queue cos-map interface This command shows the class of service priority mapShow queue cos-map Syntax No map ip port Default Setting Priority Commands Layer 365 Priority Commands Layer 3 Function Mode Syntax No map ip precedence Default Setting Following example shows how to map Http traffic to CoS value 66 Mapping IP Precedence Values CoS Value Command Mode List below shows the default priority mapping Map ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default Setting Show map ip port Use this command to show the IP port priority map67 IP Dscp to CoS Vales IP Dscp Value CoS Value 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Syntax Show map ip precedence interface This command shows the IP precedence priority mapShow map ip precedence Syntax Show map ip dscp interface This command shows the IP Dscp priority mapShow map ip dscp Igmp Snooping Commands Multicast Filtering Commands68 Multicast Filtering Commands Command Groups Function 69 Igmp Snooping Commands Function Mode Following example enables Igmp snooping Syntax No ip igmp snooping Default SettingIp igmp snooping Ip igmp snooping vlan static Ip igmp snooping version Following configures the switch to use Igmp VersionIp igmp snooping immediate-leave Igmp Version Show mac-address-table multicast Show ip igmp snooping 215 70 Igmp Query Commands Layer Function Mode Igmp Query Commands LayerSyntax No ip igmp snooping querier Default Setting Ip igmp snooping querier Ip igmp snooping query-interval Following shows how to configure the query count toTimes Ip igmp snooping query-max-response-time4-218 Ip igmp snooping router-port-expire-time Seconds The report delay advertised in Igmp queries. RangeIp igmp snooping query-max-response-time 71 Static Multicast Routing Commands Function Mode Static Multicast Routing CommandsIp igmp snooping vlan mrouter Syntax No ip igmp snooping vlan vlan-idmrouter interface Show ip igmp snooping mrouter Displays multicast router ports for all configured VLANsSyntax Show ip igmp snooping mrouter vlan vlan-id Multicast router port types displayed include Static 72 Igmp Filtering and Throttling Commands Function Mode Igmp Filtering and Throttling CommandsSyntax No ip igmp filter Default Setting 223 Ip igmp profile Syntax Permit deny Default SettingPermit, deny Syntax No ip igmp profile profile-number Syntax No ip igmp filter profile-number RangeNo range low-ip-address high-ip-address Syntax Ip igmp max-groups number No ip igmp max-groups Ip igmp max-groups Show ip igmp filter Ip igmp max-groups actionSyntax Ip igmp max-groups action replace deny Syntax Show ip igmp filter interface Show ip igmp throttle interface Show ip igmp profileSyntax Show ip igmp profile profile-number Syntax Show ip igmp throttle interface interface 73 Multicast Vlan Registration Commands Function Mode Multicast Vlan Registration Commands229 Multicast groups assigned to the MVR Vlan No mvr group ip-address count vlan vlan-id Command Line Interface Mvr Global Configuration Multicast Filtering Commands Mvr Interface Configuration Unit Stack unit. Range Port Port number. Range Show mvrSyntax Show mvr interface interface members ip-address 74 show mvr display description Following shows the global MVR settingsAre satisfied 75 show mvr interface display description 76 show mvr members display description Domain Name Service Commands77 DNS Commands Function Mode Clear host Ip hostNo ip host name address1 address2 … address8 Syntax Clear host name Removes all entries Ip domain-nameThis example clears all static entries from the DNS table Syntax Ip domain-name name no ip domain-name Ip domain-name4-234 Ip domain-listSyntax No ip domain-list name Ip domain-lookup Ip name-serverServer-address1- IP address of domain-name server Ip domain-name4-234 ip domain-lookup4-236 Ip domain-name4-234 ip name-server4-236 Show hosts 78 show dns cache display description Show dnsShow dns cache Clear dns cache This command clears all entries in the DNS cache 79 Dhcp Commands Function Mode Dhcp CommandsSyntax No ip dhcp relay information option Default Setting Ip dhcp relay information option Ip dhcp relay server Ip dhcp relay information policySyntax Ip dhcp relay information policy drop keep replace Ip dhcp relay server address1 address2 address3 Usage Guidelines Show ip dhcp-relay Ip address IP Interface Commands80 IP Interface Commands Function Mode Syntax Ip default-gateway gateway no ip default-gateway Ip default-gatewayGateway IP address of the default gateway No static route is established Show ip interface Ip dhcp restart This command has no default for the host Ip default-gateway4-244Show ip redirects Ping 247 81 Switch Cluster Commands Function Mode Switch Cluster CommandsSyntax No cluster Default Setting Cluster Syntax No cluster commander Default Setting Cluster commanderCluster ip-pool Syntax Cluster ip-pool ip-addressno cluster ip-pool Syntax Rcommand id member-id RcommandMember-id- The ID number of the Member switch. Range Cluster member This command shows the current switch cluster members This command shows the switch clustering configurationShow cluster Show cluster members Show cluster candidates Software Features Appendix a Software Specifications Standards Management FeaturesGroups 1, 2, 3, 9 Statistics, History, Alarm, Event Management Information Bases Software Specifications Symptom Action Table B-1 Troubleshooting Chart Using System Logs Boot Protocol Bootp Access Control List ACLClass of Service CoS Differentiated Services Code Point Service Dscp Generic Attribute Registration Protocol Garp Garp Vlan Registration Protocol GvrpGeneric Multicast Registration Protocol Gmrp Group Attribute Registration Protocol Garp Igmp Query Igmp SnoopingInternet Group Management Protocol Igmp In-Band Management Port Authentication Multicast SwitchingRemote Authentication Dial-in User Service Radius MD5 Message-Digest Algorithm Rapid Spanning Tree Protocol Rstp Remote Monitoring RmonSecure Shell SSH Simple Network Management Protocol Snmp XModem User Datagram Protocol UDPVirtual LAN Vlan Numerics Index Garp Vlan Registration Protocol See Gateway, default 3-14,4-245 Index-3 Index-4 Page ES3526XA ES3552XA E122006-CS-R02D 149100005500H