Powered by Accton
Page
Fast Ethernet Switch
ES3528M-SFP E122007-DG-R01 149100035500A
Installation Guide
About This Guide
Page
Contents
Page
Iii
Page
Contents
Command Line Interface
Vii
Viii
Contents
Page
Contents
Xii
Xiii
Xiv
Contents
Appendix a Software Specifications
Xvi
Appendix B Troubleshooting
Glossary Index
Xvii
Xviii
Tables
Xix
Page
Xxi
Xxii
Figures
Xxiii
Figures
Xxiv
Xxv
Xxvi
Key Features
Key Features
Feature Description
Description of Software Features
Introduction
Description of Software Features
Introduction
Description of Software Features
System Defaults
System Defaults
Function Parameter Default
Password super
System Defaults Function Parameter
Client Enabled
Clock Synchronization Disabled
NTP
Connecting to the Switch
Configuration Options
Initial Configuration
Required Connections
Basic Configuration
Remote Connections
Console Connection
Setting Passwords
Setting an IP Address
Manual Configuration
Dynamic Configuration
Enabling Snmp Management Access
Trap Receivers
152
154
Saving Configuration Settings
Configuring Access for Snmp Version 3 Clients
159
160
Managing System Files
Initial Configuration
Configuring the Switch
Using the Web Interface
Navigating the Web Browser Interface
Home
Configuration Options Action
Panel Display
Button
Revert Apply Help
Main Menu
Main Menu Description
System System Information
Radius Group Settings
TACACS+ Group Settings
Https Settings Configures secure Http settings
107
116
149
155
802.1Q Vlan 155
159
Current Table
164
176
Port on this switch Remote Trunk Information
Remote Port Information
187
190
Static Multicast Router Port
217
225
233
245 Configuration Enables Upnp and defines timeout values
Displaying System Information
Field Attributes
Displaying Switch Hardware/Software Versions
CLI Specify the hostname, location and contact information
Main Board
Management Software
Web Click System, Switch Information
Switch Information
Bridge Extension Configuration
Displaying Bridge Extension Capabilities
Setting the Switch’s IP Address
CLI Enter the following command
Command Attributes
239
166
309
310
Using DHCP/BOOTP
311
Enabling Jumbo Frames
Managing Firmware
Downloading System Software from a Server
Copy Firmware
Saving or Restoring Configuration Settings
11 Deleting Files
Downloading Configuration Settings from a Server
12 Downloading Configuration Settings for Startup
Console Port Settings
13 Setting the Startup Configuration Settings
14 Console Port Settings
Telnet Settings
15 Enabling Telnet
Basic Configuration
Configuring Event Logging
System Log Configuration
Displaying Log Messages
CLI This example shows the event message stored in RAM
Error resource exhausted
Logging Levels
Level Severity Name Description
Remote Log Configuration
Simple Mail Transfer Protocol
18 Remote Logs
19 Enabling and Configuring Smtp
Resetting the System
20 Resetting the System
Setting the System Clock
Setting the Time Manually
Configuring Sntp
Configuring NTP
21 Sntp Configuration
22 NTP Client Configuration
Setting the Time Zone
23 Setting the System Clock
Simple Network Management Protocol
Setting Community Access Strings
SNMPv3 Security Models and Levels
Level Group Read View Write View Notify View Security
User defined
Access Mode
Specifying Trap Managers and Trap Types
Enabling Snmp Agent Status
156
Configuring SNMPv3 Management Access
Setting the Local Engine ID
Web Click SNMP, Agent Status
Configuring SNMPv3 Users
Specifying a Remote Engine ID
Web Click SNMP, SNMPv3, Engine ID
Configuring the Switch
Configuring Remote SNMPv3 Users
29 Configuring SNMPv3 Users
Configuring SNMPv3 Groups
30 Configuring Remote SNMPv3 Users
Supported Notification Messages
SwPowerStatus 6.1.4.1.259.8.1.4.2.1.0.1
Rmon Events
Private Traps
ChangeTrap SwIpFilterRejectTrap 6.1.4.1.259.8.1.4.2.1.0.40
Setting SNMPv3 Views
31 Configuring SNMPv3 Groups
32 Configuring SNMPv3 Views
User Authentication
Configuring User Accounts
33 Access Levels
Configuring Local/Remote Logon Authentication
Command Usage
Radius Settings
Tacacs Settings
34 Authentication Settings
100
101
Configuring Encryption Keys
Command Attributes Radius Settings
TACACS+ Settings
AAA Authorization and Accounting
Configuring AAA Radius Group Settings
Configuring AAA TACACS+ Group Settings
102
103
Configuring AAA Accounting
37 AAA TACACS+ Group Settings
38 AAA Accounting Settings
AAA Accounting Update
AAA Accounting 802.1X Port Settings
106
AAA Accounting Exec Command Privileges
107
41 AAA Accounting Exec Command Privileges
108
AAA Accounting Exec Settings
AAA Accounting Summary
AAA Accounting Summary
AAA Accounting Statistics Summary
Web Click Security, AAA, Summary
110
Authorization Settings
44 AAA Authorization Settings
Authorization Exec Settings
Authorization Summary
109
Configuring Https
Https System Support Web Browser Operating System
Replacing the Default Secure-site Certificate
47 Https Settings
Configuring the Secure Shell
Address server ip-address
Command Usage
Authenticating SSH v1.5 Clients
Authenticating SSH v2 Clients
Configuring the SSH Server
SSH server includes basic settings for authentication
Generating the Host Key Pair
50 SSH Host-Key Settings
Importing User Public Keys
User Authentication
51 SSH User Public-Key Settings
END SSH2 Public KEY
Configuring Port Security
Configuring 802.1X Port Authentication
111
Configuring the Switch
Displaying 802.1X Global Settings
Configuring 802.1X Global Settings
802.1X protocol provides client authentication
CLI This example shows the default global setting for
Configuring Port Settings for
CLI This example enables 802.1X globally for the switch
113
55 802.1X Port Configuration
114
116
117
Displaying 802.1X Statistics
802.1X Statistics
Parameter Description
Web Authentication
CLI This example displays the 802.1X statistics for port
Configuring Web Authentication
57 Web Authentication Configuration
Configuring Web Authentication for Ports
Displaying Web Authentication Port Information
137
Re-authenticating Web Authenticated Ports
Web Click Security, Web Authentication, Port Information
Network Access MAC Address Authentication
136
Configuring the MAC Authentication Reauthentication Time
Configuring MAC Authentication for Ports
Web Click Security, Network Access, Configuration
Mode Enables MAC authentication on a port. Default None
62 Network Access Port Configuration
Configuring Port Link Detection
CLI This example configures MAC authentication for port
63 Network Access Port Link Detection Configuration
Displaying Secure MAC Address Information
MAC Authentication
Configuring MAC authentication parameters for ports
Port Indicates the port being configured
129
Access Control Lists
123
Configuring Access Control Lists
Setting the ACL Name and Type
Configuring a Standard IP ACL
CLI This example creates a standard IP ACL named david
140
Configuring an Extended IP ACL
141
103
68 Configuring Extended IP ACLs
Configuring a MAC ACL
Binding a Port to an Access Control List
146
Filtering IP Addresses for Management Access
143
108
CLI This example allows Snmp access for a specific client
71 Creating an IP Filter List
Port Configuration
Displaying Connection Status
Field Attributes Web
Configuration
Field Attributes CLI
Basic Information
Current Status
Configuring Interface Connections
CLI This example shows the connection status for Port
173
167
171
168
170
Creating Trunk Groups
Statically Configuring a Trunk
74 Configuring Static Trunks
Enabling Lacp on Selected Ports
181
75 Lacp Trunk Configuration
Configuring Lacp Parameters
Dynamically Creating a Port Channel
182
76 Lacp Port Configuration
Displaying Lacp Port Counters
You can display statistics for Lacp protocol messages
Lacp Port Counters
Field Description
77 Lacp Port Counters Information
CLI The following example displays Lacp counters
Displaying Lacp Settings and Status for the Local Side
Lacp Internal Configuration Information
78 Lacp Port Internal Information
Displaying Lacp Settings and Status for the Remote Side
79 Lacp Port Neighbors Information
Setting Broadcast Storm Thresholds
172
175
Configuring Port Mirroring
177
Configuring Rate Limits
Rate Limit Configuration
179
Showing Port Statistics
11 Port Statistics
Etherlike Statistics
Rmon Statistics
Formed Oversize Frames
Formed Fragments
83 Port Statistics
Address Table Settings
Setting Static Addresses
CLI This example shows statistics for port
174
Displaying the Address Table
190
85 Configuring a Dynamic Address Table
191
Spanning Tree Algorithm Configuration
Changing the Aging Time
CLI This example sets the aging time to 300 seconds
192
Designated Root Port Bridge
Displaying Global Settings
139
87 Displaying Spanning Tree Information
235
Configuring Global Settings
Global settings apply to the entire switch
Basic Configuration of Global Settings
Root Device Configuration
Configuration Settings for Rstp
Configuration Settings for Mstp
88 Configuring Spanning Tree
Displaying Interface Settings
AD B
89 Displaying Spanning Tree Port Information
Configuring Interface Settings
CLI This example shows the STA attributes for port
148
Configuring Multiple Spanning Trees
CLI This example sets STA attributes for port
223
225
224
Displaying Interface Settings for Mstp
MST Instance ID Instance identifier to configure. Default
92 Displaying Mstp Interface Settings
Configuring Interface Settings for Mstp
154
Vlan Configuration
Ieee 802.1Q VLANs
CLI This example sets the Mstp attributes for port
Assigning Ports to VLANs
Port-based Vlan
Enabling or Disabling Gvrp Global Setting
CLI This example enables Gvrp for the switch
Forwarding Tagged/Untagged Frames
Command Attributes Web
Displaying Basic Vlan Information
Displaying Current VLANs
96 Displaying Current VLANs Command Attributes CLI
Creating VLANs
250
Adding Static Members to VLANs Vlan Index
CLI This example creates a new Vlan
242
243
163
Adding Static Members to VLANs Port Index
248
Configuring Vlan Behavior for Interfaces
100 Configuring VLANs per Port
Configuring Ieee 802.1Q Tunneling
Layer 2 Flow for Packets Coming into a Tunnel Access Port
QinQ Tunneling
Layer 2 Flow for Packets Coming into a Tunnel Uplink Port
Enabling QinQ Tunneling on the Switch
Configuration Limitations for QinQ
General Configuration Guidelines for QinQ
101 802.1Q Tunnel Status and Ethernet Type
CLI This example sets the switch to operate in QinQ mode
Adding an Interface to a QinQ Tunnel
251
253
Private VLANs
252
Displaying Current Private VLANs
Configuring Private VLANs
103 Private Vlan Information
Associating VLANs
Each community Vlan must be associated with a primary Vlan
256
Displaying Private Vlan Interface Information
106 Private Vlan Port Information
Configuring Private Vlan Interfaces
259
Protocol Vlan Group Configuration
Protocol VLANs
257
258
Protocol Vlan System Configuration
261
Setting Lldp Timing Attributes
Web Click VLAN, Protocol VLAN, System Configuration
Link Layer Discovery Protocol
262
182
Configuring Lldp Interface Attributes
195
197
198
184
111 Lldp Port Configuration
Displaying Lldp Local Device Information
Displaying Lldp Remote Port Information
212
Displaying Lldp Remote Information Details
213
Displaying Device Statistics
115 Lldp Device Statistics
Displaying Detailed Device Statistics
116 Lldp Device Statistics Details
Class of Service Configuration
Layer 2 Queue Settings
Setting the Default Priority for Interfaces
Port Priority Configuration
CLI This example assigns a default priority of 5 to port
Mapping CoS Values to Egress Queues
265
12 Mapping CoS Values to Egress Queues
13 CoS Priority Levels
Priority Level Traffic Type
Background
Enabling CoS
267
269
Selecting the Queue Mode
Setting the Service Weight for Traffic Classes
Web Click Priority, Traffic Classes Status
268
Layer 3/4 Priority Settings
Mapping Layer 3/4 Priorities to CoS Values
Switch allows you to enable or disable the IP Dscp priority
Enabling IP Dscp Priority
Mapping Dscp Priority
14 Mapping Dscp Priority Values
IP Dscp Value CoS Value
10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40
Quality of Service
270
271
Configuring Quality of Service Parameters
Configuring a Class Map
Class map is used for matching packets to a specified class
Class Map
Class Configuration
Match Class Settings
273
274
Policy Configuration
Creating QoS Policies
Policy Map
Policy Rule Settings Class Settings
Policy Options
125 Configuring Policy Maps
Attaching a Policy Map to Ingress Queues
275
276
277
VoIP Traffic Configuration
Configuring VoIP Traffic
Configuring VoIP Traffic Port
281
282
128 VoIP Traffic Port Configuration
Configuring Telephony OUI
283
284
285
129 Telephony OUI List
Multicast Filtering
Layer 2 Igmp Snooping and Query
Configuring Igmp Snooping and Query Parameters
214
Enabling Igmp Immediate Leave
Displaying Interfaces Attached to a Multicast Router
290
Specifying Static Interfaces for a Multicast Router
132 Displaying Multicast Router Port Information
Displaying Port Members of Multicast Services
133 Static Multicast Router Port Configuration
Assigning Ports to Multicast Services
134 IP Multicast Registration Table
Igmp Filtering and Throttling
291
Enabling Igmp Filtering and Throttling
136 Enabling Igmp Filtering and Throttling
Configuring Igmp Filter Profiles
298
302
Configuring Igmp Filtering and Throttling for Interfaces
Only one profile can be assigned to an interface
299
138 Igmp Filter and Throttling Port Configuration
Multicast Vlan Registration
300
301
303
Configuring Global MVR Settings
General Configuration Guidelines for MVR
Displaying MVR Interface Status
304
Displaying Port Members of Multicast Groups
307
Configuring MVR Interface Status
Web Click MVR, Group IP Information
142 MVR Port Configuration
Assigning Static Multicast Groups to Interfaces
305
Dhcp Snooping
Dhcp Snooping Configuration
Dhcp Snooping Vlan Configuration
Web Click Dhcp Snooping, Configuration
Enables Dhcp snooping on the specified Vlan
Dhcp Snooping Information Option Configuration
Web Click Dhcp Snooping, Vlan Configuration
CLI This example first enables Dhcp Snooping for Vlan
319
Dhcp Snooping Port Configuration
Web Click Dhcp Snooping, Information Option Configuration
322
Dhcp Snooping Binding Information
320
324
IP Source Guard Port Configuration
IP Source Guard
Static IP Source Guard Binding Configuration
313
316
Web Click IP Source Guard, Static Configuration
Dynamic IP Source Guard Binding Information
IP Clustering
Web Click IP Source Guard, Dynamic Information
Cluster Configuration
152 Cluster Member Choice
Cluster Member Configuration
Web Click Cluster, Configuration
Adds Candidate switches to the cluster as Members
325
Displays current cluster Member switch information
Cluster Member Information
Cluster Candidate Information
328
Web Click Cluster, Candidate Information
156 Cluster Candidate Information
UPnP
215
216
217
Using the Command Line Interface
Accessing the CLI
Telnet Connection
Entering Commands
Command Completion
Getting Help on Commands
Keywords and Arguments
Showing Commands
Lldp
Negating the Effect of Commands
Using Command History
Understanding Command Modes
Partial Keyword Lookup
Exec Commands
Command Modes
Configuration Commands
Configuration Modes Command Prompt
Consoleconfig-if# 166
Vlan database Consoleconfig-vlan 242
Consoleconfig#interface ethernet 1/5 Consoleconfig-if#exit
Command Line Processing
Command Line Processing
Keystroke Function
Command Groups
Command Groups Description
Line Commands
Line Commands Function Mode
Login
Line
Password
Username 4-38 password
Syntax Password 0 7 password no password
No password is specified
Timeout login response
Exec-timeout
Password-thresh
Syntax Exec-timeout seconds no exec-timeout
Syntax Password-thresh threshold no password-thresh
Silent-time
Databits
Syntax Silent-time seconds no silent-time
Parity
Syntax Databits 7 8 no databits
Syntax Parity none even odd no parity
Speed
Stopbits
Syntax Speed bps no speed
Syntax Stopbits 1
Disconnect
Show line
Syntax Disconnect session-id
Syntax Show line console vty
General Commands
Enable
General Commands Function Mode
Syntax Enable level
Disable
Disable Enable password
Enable
Level
Configure
Show history
End
Reload cancel
Syntax Reload cancel
Reload
Syntax Reload in hour hours minute minutes
Syntax Show reload Default Setting
This command returns to Privileged Exec mode
Show reload
End
This command exits the configuration program
This example shows how to quit a CLI session
Exit
Quit
System Management Commands
Device Designation Commands
Prompt
Banner Commands Function Mode
Banner
Hostname
Syntax Hostname name no hostname
Banner configure
Syntax Banner configure Default Setting
Banner configure company
Name The name of the company. Maximum length 32 characters
Banner configure dc-power-info
Banner configure department
Banner configure equipment-info
Banner configure equipment-location
Banner configure ip-lan
Banner configure lp-number
Lp-num- The LP number. Maximum length 32 characters
Banner configure manager-info
Banner configure mux
Syntax Banner configure mux muxinfo
Banner configure note
No banner configure mux
This command displays all banner information
Syntax Show banner Default Setting
Show banner
User Access Commands
10 User Access Commands Function Mode
11 Default Login Settings Username Access-level Password
Username
Enable password
Default is level Default password is super
IP Filter Commands
12 IP Filter Commands Function Mode
Management
Show management
Web Server Commands
Ip http port
Ip http server
Syntax No ip http secure-server Default Setting
Ip http secure-server
Ip http port
14 Https System Support Web Browser Operating System
Ip http secure-port
Ip http secure-port4-44 Copy tftp https-certificate
Portnumber The UDP port used for HTTPS. Range
Ip http secure-server4-43
Telnet Server Commands
Ip telnet port
Ip telnet server
Secure Shell Commands
16 SSH Commands Function Mode
Ip telnet port
Sets the SSH server key size Copy tftp public-key
System Management Commands
Syntax No ip ssh server Default Setting
Ip ssh server
Ip ssh crypto host-key generate 4-51 show ssh
Ip ssh timeout
Ip ssh authentication-retries
Syntax Ip ssh timeout seconds no ip ssh timeout
Exec-timeout4-15 show ip ssh
Ip ssh server-key size
Delete public-key
Syntax Delete public-key username dsa rsa
Ip ssh crypto host-key generate
Ip ssh crypto zeroize
Syntax Ip ssh crypto host-key generate dsa rsa
Syntax Ip ssh crypto zeroize dsa rsa
Ip ssh save host-key
Show ip ssh
Syntax Ip ssh save host-key dsa rsa
Show ssh
17 show ssh display description
Terminology
Show public-key
Syntax Show public-key user username host
Username Name of an SSH user. Range 1-8 characters
Shows all public keys
Event Logging Commands
18 Event Logging Commands Function Mode
Syntax No logging on Default Setting
Logging on
Flash errors level 3 RAM warnings level 6
Logging history
19 Logging Levels
Logging host
Logging facility
Syntax No logging host hostipaddress
Hostipaddress The IP address of a syslog server
Logging trap
Clear logging
Syntax Logging trap level no logging trap
Syntax Clear logging flash ram
Show logging
Syntax Show logging flash ram sendmail trap
20 show logging flash/ram display description
Facility command
Logging trap command
Syntax Show log flash ram login tail
Show log
Smtp Alert Commands
22 Smtp Alert Commands Function Mode
Logging sendmail host
Following example shows sample messages stored in RAM
Logging sendmail level
Syntax Logging sendmail level level
Logging sendmail source-email
Logging sendmail destination-email
Syntax No logging sendmail source-email email-address
This example will set the source email john@acme.com
Syntax No logging sendmail Default Setting
Logging sendmail
Show logging sendmail
Time Commands
23 Time Commands Function Mode
Syntax No sntp client Default Setting
Sntp client
Sntp server
Sntp server 4-66 sntp poll 4-67 show sntp
Syntax Sntp server ip1 ip2 ip3
Sntp poll
Show sntp
Sntp client 4-65 sntp poll 4-67 show sntp
Syntax Sntp poll seconds no sntp poll
Syntax No ntp client Default Setting
Ntp client
Sntp client 4-65 ntp poll 4-70 ntp server
Ntp server
Syntax
Version number
Ntp client 4-68 ntp poll 4-70 show ntp
Ntp authenticate
Syntax No ntp authenticate Default Setting
Ntp poll
Syntax Ntp poll seconds no ntp poll
Ntp authentication-key
Ntp authentication-key4-71
Show ntp
Clock timezone-predefined
GMT-Greenwich-Mean-Time-Dublin,Edinburgh,Lisbon,London
Clock timezone
Clock summer-time date
No clock summer-time
Clock summer-time predefined
Australia
235959, Sunday, Week 5 of March 60 min Europe
235959, Sunday, Week 3 of March 60 min
Clock summer-time recurring
This command displays the system clock
Calendar set
Show calendar
Calendar set hour min sec day month year month day year
System Status Commands
Show startup-config
25 System Status Commands Function Mode
Show running-config
Show running-config4-79
Command Line Interface
Show startup-config4-78
This command displays system information
Show system
Show users
Show version
Frame Size Commands
26 Frame Size Commands Function Mode
Jumbo frame Enables support for jumbo frames
Syntax No jumbo frame Default Setting
Flash/File Commands
27 Flash/File Commands Function Mode
Copy
Copy
None
Following example shows how to download a configuration file
This command deletes a file or image
Delete
Delete unit filename
Dir Delete public-key4-50
Syntax Dir unit boot-rom config opcode filename
Dir
28 File Directory Information
Column Heading Description
Whichboot
Boot system
Syntax whichboot unit
Syntax Boot system unit boot-romconfig opcode filename
Authentication Commands
Authentication Sequence
Dir 4-89 whichboot
29 Authentication Commands Command Group Function
Authentication login
Username for setting the local user names and passwords
Local
Authentication enable
Enable password sets the password for changing command modes
31 Radius Client Commands Function Mode
Show radius-server Shows the current Radius settings
Radius Client
Default Setting Auth-port
Retransmit Command Mode
Radius-server host
Radius-server acct-port
Radius-server auth-port
Radius-server key
Syntax Radius-server key keystring no radius-server key
Radius-server timeout
Radius-server retransmit
Show radius-server
32 Tacacs Commands Function Mode
Show tacacs-server Shows the current TACACS+ settings 101
TACACS+ Client
Tacacs-server host
Default Setting Port
Tacacs-server port
Tacacs-server key
Syntax Tacacs-server port portnumber no tacacs-server port
Tacacs-server timeout
Tacacs-server retransmit
Syntax Tacacs-server key keystring no tacacs-server key
Show tacacs-server
AAA Commands
33 AAA Commands Function Mode
Aaa group server
Syntax No aaa group server radius tacacs+ group-name
Server Group Configuration
Server
Aaa accounting dot1x
No server index ip-address
Accounting is not enabled No servers are specified
Command Usage Example
Aaa accounting exec
Aaa accounting commands
Minute
Interface Configuration
Syntax Accounting exec default list-nameno accounting exec
Accounting dot1x
Accounting exec
Accounting commands
Aaa authorization exec
Authorization exec
Authorization is not enabled No servers are specified
Show accounting
Interface
Ethernet unit/port
Unit Stack unit. Range Port Port number. Range
Port Security Commands
34 Port Security Commands Function Mode
Status Disabled Action None Maximum Addresses
Interface Configuration Ethernet
802.1X Port Authentication
35 802.1X Port Authentication Command Function Mode
Dot1x default
Acquire a new client Dot1x timeout re-authperiod
117 Be re-authenticated Dot1x timeout tx-period
Syntax No dotx system-auth-control Default Setting
Default Command Mode
Dot1x max-req
Dot1x port-control
Syntax Dot1x max-req count no dot1x max-req
Dot1x re-authenticate
Syntax Dot1x re-authenticate interface
Dot1x operation-mode
Single-host
Dot1x re-authentication
Dot1x timeout quiet-period
Syntax No dot1x re-authentication Command Mode
Seconds The number of seconds. Range
Dot1x timeout re-authperiod
Dot1x timeout tx-period
Dot1x intrusion-action
Show dot1x
Block-traffic
Syntax Show dot1x statistics interface interface
Authenticator State Machine
Backend State Machine
Reauthentication State Machine
State Current state including initialize, reauthenticate
Network-access mode
36 Network Access Command Function Mode
Max-mac-count Interface Mac-authentication
Syntax No network-access mode mac-authentication
Network-access max-mac-count
Mac-authentication intrusion-action
Mac-authentication max-mac-count
Interface Config
2048
Network-access dynamic-qos
Network-access dynamic-vlan
Syntax No network-access dynamic-qos Default Setting
Syntax No network-access dynamic-vlan Default Setting
Network-access guest-vlan
Network-access link-detection
Following example enables dynamic Vlan assignment on port
No network-access link-detection
Network-access link-detection link-down
Network-access link-detection link-up
Network-access link-detection link-up-down
Mac-authentication reauth-time
1800
Clear network-access
Show network-access
Syntax Show network-access interface interface
Unit This is unit Port Port number. Range
Show network-access mac-address-table
Displays the settings for all interfaces
Displays all filters
37 Web Authentication Command Function Mode
Login-success-page-url Successful web authentication
Web-auth login-attempts
Web-auth login-fail-page-url
Login attempts
Web-auth login-page-url
Web-auth login-success-page-url
Switch-generated login
Web-auth session-timeout
Web-auth quiet-period
Web-auth system-auth-control
Web-auth
No web-auth system-auth-control
No web-auth
This command displays global web authentication parameters
Show web-auth
Show web-auth interface
Web-auth re-authenticate Port
Web-auth re-authenticate IP
Show web-auth summary
Show web-auth summary
138
Access Control List Commands
Access Control Lists
38 Access Control Lists Command Groups Function
Access-list ip
39 IP ACLs Command Function Mode
Syntax No access-list ip standard extended aclname
IP ACLs
Permit, deny Ip access-group4-143 show ip access-list4-143
Access-list ip
Syntax No permit deny any source bitmask host source
Standard ACL
Any destination address-bitmask host destination
Source-port sport end destination-port dport end
Extended ACL
Show ip access-list
Ip access-group
Syntax Show ip access-list standard extended aclname
Syntax No ip access-group aclname
Show ip access-group
Show ip access-list4-143
This command shows the ports assigned to IP ACLs
40 MAC ACL Commands Function Mode
Access-list mac
Syntax No access-list mac aclname
Aclname Name of the ACL. Maximum length 16 characters
Permit, deny MAC ACL
Show mac access-list
This command displays the rules for configured MAC ACLs
Syntax Show mac access-list aclname
Permit, deny Mac access-group4-148
Mac access-group
Show mac access-group
Syntax Mac access-group aclname
Show mac access-list4-147
Show access-list
Show access-group
41 ACL Information Command Function Mode
ACL Information
Snmp Commands
42 Snmp Commands Function Mode
Syntax No snmp-server Default Setting
Snmp-server
Show snmp
Snmp-server community
Snmp-server contact
Snmp-server location
Syntax Snmp-server contact string no snmp-server contact
Syntax Snmp-server location text no snmp-server location
Snmp-server host
Host Address None Notification Type Traps
Snmp Version UDP Port
Snmp-server enable traps
Snmp-server enable traps
Issue authentication and link-up-down traps
Snmp-server engine-id
This command shows the Snmp engine ID
This example shows the default engine ID
Show snmp engine-id
Defaultview includes access to the entire MIB tree
Snmp-server view
Examples
This view includes MIB-2
This command shows information on the Snmp views
Show snmp view
Snmp-server group
44 show snmp view display description
Show snmp group
162
Snmp-server user
45 show snmp group display description
164
This command shows information on Snmp users
Show snmp user
46 show snmp user display description
Interface Commands
47 Interface Commands Function Mode
Interface
Port-channel channel-idRange
Description
Speed-duplex
Syntax Description string no description
Syntax No negotiation Default Setting
Negotiation
Negotiation 4-168 capabilities
Following example configures port 11 to use autonegotiation
Capabilities
Capabilities 4-169speed-duplex4-167
Syntax No flowcontrol Default Setting
Flowcontrol
Negotiation 4-168speed-duplex4-167 flowcontrol
Syntax No shutdown Default Setting
Shutdown
Switchport packet-rate
Port-channel channel-idRange Default Setting
Clear counters
Syntax Clear counters interface
This command displays the status for an interface
Show interfaces status
Following example clears statistics on port
Syntax Show interfaces status interface
This command displays interface statistics
Show interfaces counters
Syntax Show interfaces counters interface
Shows the counters for all interfaces
Show interfaces switchport
Syntax Show interfaces switchport interface
Shows all interfaces
48 Interfaces Switchport Statistics
Mirror Port Commands
49 Mirror Port Commands Function Mode
Port monitor
Interface ethernet unit/port source port
This command displays mirror information
Following shows mirroring configured from port 6 to port
Show port monitor
Syntax Show port monitor interface
Rate Limit Commands
50 Rate Limit Commands Function Mode
Rate-limit Configures the maximum input rate for a port 179
Rate-limit
Link Aggregation Commands
51 Link Aggregation Commands
185
173
Channel-group
Guidelines for Creating Trunks
General Guidelines
Dynamically Creating a Port Channel
Syntax No lacp Default Setting
Lacp
Following example creates trunk 1 and then adds port
Lacp system-priority
32768
Lacp admin-keyEthernet Interface
Lacp admin-key Port Channel
Interface Configuration Port Channel
This command displays Lacp information
Lacp port-priority
Show lacp
Port Channel all
52 show lacp counters display description
Type
LACPDUs Illegal Pkts
53 show lacp internal display description
54 show lacp neighbors display description
55 show lacp sysid display description
Address Table Commands
56 Address Table Commands Function Mode
Mac-address-table static
Action
Clear mac-address-table dynamic
Show mac-address-table
Mac-address- MAC address Mask Bits to match in the address
Mac-address-table aging-time
Sort Sort by address, vlan or interface
Lldp Commands
57 Lldp Commands Function Mode
Show mac-address-table aging-time
196
Mac-phy Physical layer specifications Lldp dot3-tlv
Vlan ID
Syntax no lldp Default Setting
Lldp
Lldp holdtime-multiplier
Holdtime multiplier TTL 4*30 = 120 seconds
Lldp medFastStartCount
Lldp notification-interval
Syntax Lldp medfaststartcount packets
Packets
Syntax Lldp refresh-interval seconds no lldp refresh-delay
Lldp refresh-interval
Lldp reinit-delay
Lldp tx-delay
Syntax Lldp reinit-delay seconds no lldp reinit-delay
Syntax Lldp tx-delay seconds no lldp tx-delay
Lldp admin-status
Syntax No lldp notification Default Setting
Lldp notification
Tx-rx
Syntax No lldp mednotification Default Setting
Lldp mednotification
Lldp basic-tlv management-ip-address
Lldp basic-tlv port-description
Syntax No lldp basic-tlv port-description Default Setting
Lldp basic-tlv system-capabilities
Lldp basic-tlv system-description
Syntax No lldp basic-tlv system-description Default Setting
Syntax No lldp basic-tlv system-name Default Setting
Lldp basic-tlv system-name
Lldp dot1-tlv proto-ident
Syntax No lldp dot1-tlv proto-vid Default Setting
No lldp dot1-tlv proto-ident
Lldp dot1-tlv proto-vid
Lldp dot1-tlv pvid
Lldp dot1-tlv vlan-name
No lldp dot1-tlv vlan-name
Lldp dot3-tlv link-agg
No lldp dot3-tlv link-agg
Syntax No lldp dot3-tlv mac-phy Default Setting
Lldp dot3-tlv mac-phy
Lldp dot3-tlv max-frame
Syntax No lldp dot3-tlv max-frame
Syntax No lldp dot3-tlv poe Default Setting
Lldp dot3-tlv poe
Lldp medtlv extpoe
Syntax No lldp medtlv extpoe
Lldp medtlv inventory
No lldp medtlv inventory
Lldp medtlv location
No lldp medtlv location
Lldp medtlv med-cap
No lldp medtlv med-cap
Lldp medtlv network-policy
No lldp medtlv network-policy
Show lldp config
Syntax Show lldp config detail interface
Detail Shows configuration summary
Port-channel channel-idRange Command Mode
211
Show lldp info local-device
Syntax Show lldp info local-device detail interface
Detail Shows detailed information
Show lldp info remote-device
Show lldp info statistics
Syntax Show lldp info remote-device detail interface
Syntax Show lldp info statistics detail interface
214
UPnP Commands
UPnP Commands Function Mode
Syntax No upnp device Default Setting
Upnp device
Upnp device ttl
Upnp device advertise duration
Syntax Upnp device ttl value
Following example, the TTL is set to
Spanning Tree Commands
58 Spanning Tree Commands Function Mode
Show upnp
Syntax No spanning-tree Default Setting
Spanning tree is enabled
Spanning-tree
Spanning-tree mode
Rstp
Spanning-tree forward-time
Spanning-tree hello-time
Spanning-tree max-age
Spanning-tree priority
Spanning-tree pathcost method
Syntax Spanning-tree pathcost method long short
Spanning-tree mst-configuration
Spanning-tree transmission-limit
No spanning-tree pathcost method
MST Configuration
Mst vlan
No mst instanceid vlan vlan-range
Mst priority
Name
Mst instanceid priority priority no mst instanceid priority
Syntax Name name
Revision
Max-hops
Syntax Revision number
Number Revision number of the spanning tree. Range
Spanning-tree spanning-disabled
Syntax No spanning-tree spanning-disabled Default Setting
This example disables the spanning tree algorithm for port
Spanning-tree cost
Spanning-tree port-priority
Priority The priority for a port. Range 0-240, in steps
Syntax No spanning-tree edge-port Default Setting
Spanning-tree edge-port
Syntax No spanning-tree portfast Default Setting
Spanning-tree portfast
Spanning-treeedge-port4-229
Spanning-tree link-type
Spanning-tree loopback-detection
Auto
Spanning-tree loopback-detection release-mode
Spanning-tree loopback-detection trap
Spanning-tree mst cost
Spanning-tree mst port-priority
Spanning-tree mst port-priority4-234
Spanning-tree protocol-migration
Show spanning-tree
Syntax Spanning-tree protocol-migration interface
Syntax Show spanning-tree interface mst instanceid
Mstp
Show spanning-tree mst configuration
Vlan Commands
Gvrp and Bridge Extension Commands
59 VLANs Command Groups Function
60 Gvrp and Bridge Extension Commands Function Mode
Syntax No bridge-ext gvrp Default Setting
Bridge-ext gvrp
Show bridge-ext
Switchport gvrp
Show gvrp configuration
Syntax No switchport gvrp Default Setting
Syntax Show gvrp configuration interface
Garp timer
Show garp timer
Syntax Show garp timer interface
61 Editing Vlan Groups Command Function Mode
Editing Vlan Groups
Vlan database
By default only Vlan 1 exists and is active
Vlan Database Configuration
Vlan
Show vlan
Configuring Vlan Interfaces
62 Configuring Vlan Interfaces Command Function Mode
Interface vlan
Interface vlan
Switchport mode
All ports are in hybrid mode with the Pvid set to Vlan
Switchport acceptable-frame-types4-246
Switchport acceptable-frame-types
Switchport ingress-filtering
Switchport mode
All frame types
Switchport native vlan
Switchport allowed vlan
Switchport forbidden vlan
No VLANs are included in the forbidden list
63 Show Vlan Commands Function Mode
Displaying Vlan Information
Show vlan
64 Ieee 802.1Q Tunneling Commands Function Mode
General Configuration Guidelines for QinQ
Dot1q-tunnel system-tunnel-control
Syntax No dot1q-tunnel system-tunnel-control
Switchport dot1q-tunnel mode
Show dot1q-tunnel4-253 Show interfaces switchport
Switchport dot1q-tunnel tpid
This command displays information about QinQ tunnel ports
Show dot1q-tunnel
0x8100
Configuring Private VLANs
Switchport dot1q-tunnel mode
65 Private Vlan Commands
Edit Private Vlan Groups Private-vlan
65 Private Vlan Commands Function Mode
Configure Private Vlan Interfaces
Display Private Vlan Information
Private-vlan
Private vlan association
Switchport mode private-vlan
No private-vlan primary-vlan-idassociation
Normal Vlan
Switchport private-vlan host-association
Switchport private-vlan isolated
Isolated-vlan-id- ID of isolated VLAN. Range
Switchport private-vlan mapping
Show vlan private-vlan
Syntax Show vlan private-vlan community isolated primary
Protocol-vlan protocol-group Configuring Groups
66 Protocol-based Vlan Commands Function Mode
Protocol-vlan protocol-group Configuring VLANs
No protocol groups are configured
No protocol groups are mapped to any VLANs
Show protocol-vlan protocol-group
Show protocol-vlan protocol-group-vid
Syntax Show protocol-vlan protocol-group group-id
Priority Commands
Priority Commands Layer
67 Priority Commands Command Groups Function
68 Priority Commands Layer Function Mode
Queue mode
Switchport priority default
Syntax Queue mode strict wrr no queue mode
Queue bandwidth weight1...weight4 no queue bandwidth
Weights 1, 2, 4, 8 are assigned to queues 0-3 respectively
Queue bandwidth
69 Default CoS Values to Egress Queues
Queue cos-map
Queue cos-mapqueueid cos1 ... cosn no queue cos-map
Show queue mode
Following example shows how to change the CoS assignments
This command shows the current queue mode
Show queue bandwidth
Priority Commands Layer 3
This command shows the class of service priority map
70 Priority Commands Layer 3 Function Mode
Show queue cos-map
Syntax No map ip dscp Default Setting
Map ip dscp dscp-value cos cos-value no map ip dscp
71 IP Dscp to CoS Vales IP Dscp Value CoS Value
This command shows the IP Dscp priority map
Show map ip dscp
Syntax Show map ip dscp interface
Quality of Service Commands
72 Quality of Service Commands Function Mode
Class-map
Syntax No class-map class-map-namematch-any
Class Map Configuration
Match
Show class map
Policy-map
No policy-mappolicy-map-name
Policy Map Configuration
Class
No class class-map-name
Policy Map Class Configuration
Set
Police
Syntax No police rate-kbpsburst-byteexceed-action drop set
Service-policy
Syntax No service-policy input policy-map-name
No policy map is attached to an interface
Show class-map
Show policy-map
Syntax Show class-map class-map-name
Show policy-mappolicy-map-name class class-map-name
Voice Vlan Commands
73 Voice Vlan Commands Function Mode
Show policy-map interface
Syntax Show policy-map interface interface input
Voice vlan
Voice vlan voice-vlan-id no voice vlan
Voice vlan aging
Voice vlan mac-address
Syntax Voice vlan aging minutes no voice vlan
Minutes
Switchport voice vlan
Following example sets port 1 to Voice Vlan auto mode
Following example adds a MAC OUI to the OUI Telephony list
Switchport voice vlan rule
Switchport voice vlan security
Syntax No switchport voice vlan rule oui lldp
OUI Enabled Lldp Disabled
Switchport voice vlan priority
Following example enables security filtering on port
Priority-value- The CoS priority value. Range
Following example sets the CoS priority to 5 on port
Show voice vlan
Syntax Show voice vlan oui status
Multicast Filtering Commands
Igmp Snooping Commands
74 Multicast Filtering Commands Command Groups Function
75 Igmp Snooping Commands Function Mode
Syntax No ip igmp snooping Default Setting
Following example enables Igmp snooping
Ip igmp snooping
Ip igmp snooping vlan static
Following configures the switch to use Igmp Version
Syntax No ip igmp snooping leave-proxy Default Setting
Ip igmp snooping version
Ip igmp snooping leave-proxy
Interface Configuration Vlan
Following shows how to enable immediate leave
Ip igmp snooping immediate-leave
Syntax No ip igmp snooping immediate-leave vlan-id
This command shows the Igmp snooping configuration
Following shows the current Igmp snooping configuration
This command shows known multicast addresses
Show ip igmp snooping
Igmp Query Commands Layer
76 Igmp Query Commands Layer Function Mode
Syntax No ip igmp snooping querier Default Setting
Ip igmp snooping querier
Following shows how to configure the query count to
Ip igmp snooping query-count
Ip igmp snooping query-interval
Times
Seconds The report delay advertised in Igmp queries. Range
Ip igmp snooping query-max-response-time
Static Multicast Routing Commands
77 Static Multicast Routing Commands Function Mode
Ip igmp snooping router-port-expire-time
Ip igmp snooping vlan mrouter
Show ip igmp snooping mrouter
Syntax No ip igmp snooping vlan vlan-idmrouter interface
Syntax Show ip igmp snooping mrouter vlan vlan-id
Igmp Filtering and Throttling Commands
78 Igmp Filtering and Throttling Commands Function Mode
Multicast router port types displayed include Static
299
Syntax No ip igmp filter Default Setting
Ip igmp profile
Syntax No ip igmp profile profile-number
Profile-number- An Igmp filter profile number. Range
Syntax Permit deny Default Setting
Permit, deny
Range
No range low-ip-address high-ip-address
Ip igmp max-groups
Syntax No ip igmp filter profile-number
Syntax Ip igmp max-groups number no ip igmp max-groups
Ip igmp max-groups action
Syntax Ip igmp max-groups action replace deny
Show ip igmp filter
Show ip igmp profile
Syntax Show ip igmp filter interface interface
Syntax Show ip igmp profile profile-number
Show ip igmp throttle interface
Syntax Show ip igmp throttle interface interface
Multicast Vlan Registration Commands
79 Multicast Vlan Registration Commands Function Mode
305
Multicast groups assigned to the MVR Vlan
Mvr Interface Configuration
306
Following shows the global MVR settings
Show mvr
Syntax Show mvr interface interface members ip-address
80 show mvr display description
81 show mvr interface display description
82 show mvr members display description
IP Interface Commands
83 IP Interface Commands Function Mode
Ip address
310
Ip default-gateway
Syntax Ip default-gateway gateway no ip default-gateway
Gateway IP address of the default gateway
Following example defines a default gateway for this device
This command submits a Bootp or Dhcp client request
This command displays the settings of an IP interface
Ip dhcp restart
Show ip interface
Ip default-gateway4-310
This command has no default for the host
Show ip redirects
Ping
IP Source Guard Commands
84 IP Source Guard Commands Function Mode
Ip source-guard
Syntax Ip source-guard sip sip-macno ip source-guard
314
This example enables IP source guard on port
No configured entries
Ip source-guard binding
No ip source-guard binding mac-addressvlan vlan-id
This command shows the source guard binding table
Show ip source-guard
Show ip source-guard binding
Ip source-guard4-313 ip dhcp snooping Ip dhcp snooping vlan
Dhcp Snooping Commands
85 Dhcp Snooping Commands Function Mode
Syntax No ip dhcp snooping Default Setting
Ip dhcp snooping
318
This example enables Dhcp snooping globally for the switch
This example enables Dhcp snooping for Vlan
Ip dhcp snooping vlan
Ip dhcp snooping vlan 4-319 ip dhcp snooping trust
Syntax No ip dhcp snooping trust Default Setting
Ip dhcp snooping trust
This example enables MAC address verification
Ip dhcp snooping verify mac-address
Ip dhcp snooping information option
This example enables the Dhcp Snooping Information Option
Ip dhcp snooping information policy
Replace
This command shows the Dhcp snooping configuration settings
Ip dhcp snooping database flash
Show ip dhcp snooping
IP Cluster Commands
86 Switch Cluster Commands Function Mode
Syntax No cluster Default Setting
Show ip dhcp snooping binding
Cluster commander
Syntax No cluster commander Default Setting
Cluster ip-pool
Cluster member
Syntax Cluster ip-pool ip-addressno cluster ip-pool
10.254.254.1
Rcommand
Syntax Rcommand id member-id
Member-id- The ID number of the Member switch. Range
This command shows the switch clustering configuration
This command shows the current switch cluster members
Show cluster members
Show cluster candidates
Appendix a Software Specifications
Software Features
Management Features
Groups 1, 2, 3, 9 Statistics, History, Alarm, Event
Standards
Igmp RFC 1112 IGMPv2 RFC
Management Information Bases
Management Information Bases a
Software Specifications
Table B-1 Troubleshooting Chart
Symptom Action
Using System Logs
Access Control List ACL
Boot Protocol Bootp
Class of Service CoS
Differentiated Services Code Point Service Dscp
Garp Vlan Registration Protocol Gvrp
Generic Attribute Registration Protocol Garp
Generic Multicast Registration Protocol Gmrp
Group Attribute Registration Protocol Garp
Igmp Snooping
Igmp Query
Internet Group Management Protocol Igmp
In-Band Management
Multicast Switching
Port Authentication
Remote Authentication Dial-in User Service Radius
Network Time Protocol NTP
Secure Shell SSH
Simple Network Management Protocol Snmp
Simple Network Time Protocol Sntp
Spanning Tree Algorithm STA
Virtual LAN Vlan
XModem
Index
Numerics
Index
Link Layer Discovery Protocol See
Index-4
Index-5
Type Length Value See also
LLDP-MED TLV
Page
ES3528M-SFP E122007-DG-R01 149100035500A
