Accton Technology ES4524D, ES4548D, 24/48-Port guide

12 User Authentication

- The client and server generate session keys for encrypting and decrypting data.

•The client and server establish a secure encrypted connection.

A padlock icon should appear in the status bar for Internet Explorer 5.x or above and Netscape 6.2 or above.

•The following web browsers and operating systems currently support HTTPS:

	Table 12-1 HTTPS System Support
Web Browser		Operating System

Internet Explorer 5.0 or later		Windows 98,Windows NT (with service pack 6a),
		Windows 2000, Windows XP
Netscape 6.2 or later		Windows 98,Windows NT (with service pack 6a),
		Windows 2000, Windows XP, Solaris 2.6

•To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” on page 12-6.

Command Attributes

•HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled)

•Change HTTPS Port Number – Specifies the UDP port number used for HTTPS/ SSL connection to the switch’s web interface. (Default: Port 443)

Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.

Figure 12-3 HTTPS Settings

CLI – This example enables the HTTP secure server and modifies the port number.

Console(config)#ip http secure-server	41-12
Console(config)#ip http secure-port 441	41-13
Console(config)#

Replacing the Default Secure-site Certificate

When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL) certificate appears for the switch. By default, the certificate that Netscape and Internet Explorer display will be associated with a warning that the site is not recognized as a secure site. This is because the certificate has not been signed by an approved certification authority. If you want this warning to be replaced by a message confirming that the connection to the switch is secure, you must

12-6

Image 124

Accton Technology ES4524D, ES4548D, 24/48-Port manual Replacing the Default Secure-site Certificate

Contents

Powered by Accton Page ES4524D Gigabit Ethernet Switch ES4524D ES4548D F0.0.0.4 E112006-CS-R01 149100030400A Contents Setting the System Clock 10-1 Access Control Lists 15-1 Vii Vlan Configuration 23-1 Viii Multicast Filtering 28-1 File Management Commands 35-1 Smtp Alert Commands 38-1 802.1X Port Authentication 43-1 Xii Access Control List Commands 44-1 Xiii Address Table Commands 50-1 Xiv Private Vlan Commands 53-1 Quality of Service Commands 56-1 Xvi IPv4 Interface Commands 59-1 Xvii Xviii Tables XixPage Xxi Xxii Figures Xxiii Figures IP Filter 12-14 Port Security 13-2 Xxiv Figures Xxv Xxvi Section I Getting Started Getting Started Key Features Key FeaturesFeature Description Introduction Description of Software Features Introduction Description of Software Features Introduction Description of Software Features System Defaults System DefaultsFunction Parameter Default Password super View defaultview Snmp System Defaults Function Parameter Traffic Prioritization Ingress Port Priority Queue ModeDisabled Igmp Snooping Snooping Enabled System Log Status Enabled Messages Logged Connecting to the Switch Initial ConfigurationConfiguration Options Required Connections Remote Connections Setting Passwords Basic ConfigurationConsole Connection Setting an IP Address Assigning an IPv4 Address Assigning an IPv6 Address 45-159-1 59-2 60-4 60-10 60-3 60-12 Obtaining an IPv4 Address 59-359-4 35-2 Obtaining an IPv6 Address 60-2 Enabling Snmp Management Access 60-6 40-3 40-5 Managing System Files 40-1040-11 40-14 Saving Configuration Settings Initial Configuration Section II Switch Management Page Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Web Page Configuration Buttons Panel DisplayApply Revert Help Action Switch Main Menu Description Main MenuSystem System Information IPv6 Neighbor 11-1 12-815-1 12-13 Lacp 17-1 Class-of-service value 23-1Current Table 23-5 26-9 28-2Query Multicast Router 28-4 Displaying System Information Basic System SettingsField Attributes System Information Displaying Switch Hardware/Software Versions CLI Specify the hostname, location and contact informationMain Board Management Software Switch Information 34-8 Displaying Bridge Extension Configuration Displaying Bridge Extension Capabilities Configuring Support for Jumbo Frames CLI Enter the following commandCommand Usage Command Attributes Resetting the System CLI Use the reload command to restart the switchRenumbering the Stack CLI This example renumbers all units in the stack Basic System Settings Setting an IP Address Setting the Switch’s IP Address IP Version Manual Configuration IPv4 Interface Configuration Manual Using DHCP/BOOTP IPv4 Interface Configuration Dhcp Configuring an IPv6 Address Setting the Switch’s IP Address IP Version 6 IP Address Setting the Switch’s IP Address IP Version 6 Current Address Table IPv6 Interface Configuration 60-13 Configuring an IPv6 General Network Prefix60-14 IPv6 General Prefix Configuration Protocol Settings Current Neighbor Cache Table Adding Static Neighbors IPv6 Neighbor -- Add 60-22 60-26 Managing System Files Managing Firmware Downloading System Software from a Server Copy Firmware Deleting Files 35-7 Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server Downloading Configuration Settings for Start-Up Console#copy tftp startup-config Console Port Settings 36-1 36-236-3 36-4 Telnet Settings Configuring the Telnet Interface Configuring Event Logging System Log ConfigurationError resource exhausted Logging Levels Remote Log Configuration 37-137-2 37-5 37-3 37-4 Displaying Log Messages Sending Simple Mail Transfer Protocol AlertsCLI This example shows the event message stored in RAM 37-7 Enabling and Configuring Smtp Alerts 38-1 38-238-3 38-4 Setting the System Clock Configuring Sntp Setting the Time Zone 39-139-3 39-2 Simple Network Management Protocol Snmp Overview Enabling the Snmp Agent SNMPv3 Security Models and LevelsLevel Group Read View Write View Notify View Security User defined CLI The following example enables Snmp on the switch Setting Community Access Strings40-2 Specifying Trap Managers and Trap Types 11-5 Configuring SNMPv3 Management Access 40-7 Setting a Local Engine ID Specifying a Remote Engine IDCLI This example sets an SNMPv3 engine ID 40-8 Configuring SNMPv3 Users CLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 Users Configuring Remote SNMPv3 Users 40-15 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Topology Change Timer immediately Any of its configured ports transitions fromThat its configuration may have been altered Authenticated. While all implementations Supported Notification Messages Configuring SNMPv3 Groups 40-13 Setting SNMPv3 Views Configuring SNMPv3 Views 11-17 Simple Network Management Protocol 11-18 User Authentication Configuring User Accounts Configuring Local/Remote Logon Authentication 41-1 Radius Settings Global Provides globally applicable Radius settingsWeb Telnet TACACS+ server Tacacs Settings Authentication Server Settings Configuring Https Replacing the Default Secure-site Certificate Copy Https Certificate Address server ip-address Configuring the Secure Shell Authenticating SSH v1.5 Clients Authenticating SSH v2 Clients Generating the Host Key Pair 41-21 41-2041-23 Configuring the SSH Server SSH server includes basic settings for authentication Filtering IP Addresses for Management Access 41-1741-18 41-19 41-24 41-25 Configuring Port Security Port Security 42-1 Configuring 802.1X Port Authentication Displaying 802.1X Global Settings 802.1X protocol provides port authenticationCLI This example shows the default global setting for Web Click Security, 802.1X, Information Configuring 802.1X Global Settings Configuring Port Settings forCLI This example enables 802.1X globally for the switch 43-1 802.1X Port Configuration Authorized 43-4 43-243-5 802.1X Statistics Displaying 802.1X StatisticsParameter Description 802.1X Port Statistics CLI This example displays the dot1x statistics for port Configuring 802.1X Port Authentication 14-8 Setting an ACL Name and Type Access Control ListsOverview CLI This example creates a standard IP ACL named bill Configuring a Standard IPv4 ACL44-2 Configuring an Extended IPv4 ACL ACL Configuration Standard IPv4 15-4 ACL Configuration Extended IPv4 44-3 Configuring a MAC ACL Configuring a Standard IPv6 ACL 44-13 Configuring an Extended IPv6 ACL 44-8 15-9 ACL Configuration Extended IPv6 44-9 Binding a Port to an Access Control List This switch supports ACLs for ingress filtering only44-6 44-15 Access Control Lists 15-12 Displaying Connection Status Port ConfigurationField Attributes Web Configuration Field Attributes CLIBasic information Current status CLI This example shows the connection status for Port 45-8 Configuring Interface Connections 45-2 45-645-3 45-4 Showing Port Statistics Etherlike Statistics Port StatisticsRmon Statistics Oversize Frames FormedFragments 16-9 CLI This example shows statistics for port 45-9 Creating Trunk Groups Statically Configuring a Trunk Static Trunk Configuration Setting a Load-Balance Mode for Trunks 46-2 Trunk Load Balance Mode 46-3 Enabling Lacp on Selected Ports46-11 Lacp Trunk Configuration 46-4 Configuring Lacp Parameters Dynamically Creating a Port Channel Lacp Aggregation Port You can display statistics for Lacp protocol messages Displaying Lacp Port CountersLacp Port Counters Parameter Description Marker Unknown Pkts TypeMarker Illegal Pkts Badly formed PDU or an illegal value of Protocol Subtype Lacp Internal Configuration Information Displaying Lacp Settings and Status for the Local SideField Description Lacp Port Internal Information Displaying Lacp Settings and Status for the Remote Side Lacp Neighbor Configuration Information Field Description 17-14 Setting Broadcast Storm Thresholds Broadcast Storm Control 47-1 45-10 Configuring Port Mirroring Mirror Port Configuration 48-1 Configuring Rate Limits Command Attribute 49-1 Address Table Settings Setting Static Addresses Displaying the Address Table 50-1 Dynamic Addresses 50-3 CLI This example sets the aging time to 400 seconds Changing the Aging Time50-4 Spanning Tree Algorithm Configuration Region R For this Region Displaying Global Settings 22-4 Web Click Spanning Tree, STA, Information STA Information Configuring Global Settings Global settings apply to the entire switch Basic Configuration of Global Settings Root Device Configuration Configuration Settings for Rstp Configuration Settings for Mstp STA Global Configuration Displaying Interface Settings 22-11 STA Port Information CLI This example shows the STA attributes for port Configuring Interface Settings51-18 22-14 Configuring Multiple Spanning Trees CLI This example sets STA attributes for port Mstp Vlan Configuration 51-8 Displaying Interface Settings for Mstp Mstp Port Information Configuring Interface Settings for Mstp CLI This example sets the Mstp attributes for port 51-16 Vlan Configuration Assigning Ports to VLANs 23-2 Forwarding Tagged/Untagged Frames CLI This example enables Gvrp for the switch Enabling or Disabling Gvrp Global SettingDisplaying Basic Vlan Information Displaying Current VLANs Command Attributes WebMax support Vlan numbers 256 Max support Vlan ID 4093 Creating VLANs Command Attributes CLI52-17 Adding Static Members to VLANs Vlan Index CLI This example creates a new Vlan52-5 52-6 Vlan Static Table Adding Static Members Adding Static Members to VLANs Port Index 52-11 Configuring Vlan Behavior for Interfaces Vlan Port Configuration Configuring Ieee 802.1Q Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Uplink Port Configuration Limitations for QinQ General Configuration Guidelines for QinQ Enabling QinQ Tunneling on the Switch CLI This example sets the switch to operate in QinQ mode52-14 52-16 Adding an Interface to a QinQ Tunnel Tunnel Port Configuration 52-15 Configuring Private VLANs CLI This example enables private VLANsEnabling Private VLANs 53-1 Configuring Uplink and Downlink Ports 53-2 Configuring Protocol Groups Configuring Protocol-Based VLANsCreate a protocol group for one or more protocols Mapping Protocols to VLANs 54-1 Protocol Vlan Port Configuration 54-2 Configuring Protocol-Based VLANs 25-4 Layer 2 Queue Settings Class of Service ConfigurationSetting the Default Priority for Interfaces CLI This example assigns a default priority of 5 to port 55-3 Mapping CoS Values to Egress Queues Mapping CoS Values to Egress QueuesCoS Priority Levels Priority Level Traffic Type 55-4 Selecting the Queue Mode55-6 55-2 Setting the Service Weight for Traffic Classes55-5 Queue Scheduling Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS ValuesSelecting IP Precedence/DSCP Priority 55-8 Mapping IP Precedence Mapping IP Precedence Priority Level Traffic Type Mapping Dscp Priority IP Dscp Value CoS Value Mapping Dscp Priority10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 55-10 55-13 Mapping IP Port Priority IP Port Priority Status 55-11 Quality of Service Configuring Quality of Service Parameters Configuring a Class Map Class ConfigurationMatch Class Settings Class map is used for matching packets to a specified class Configuring Class Maps Creating QoS Policies Policy Map56-2 56-3 Policy Rule Settings Class Settings Policy ConfigurationPolicy Options Configuring Policy Maps Attaching a Policy Map to Ingress Queues 56-456-5 56-6 Quality of Service 27-8 Multicast Filtering Layer 2 Igmp Snooping and Query Configuring Igmp Snooping and Query Parameters 57-1 57-457-5 57-6 Displaying Interfaces Attached to a Multicast Router 57-9 Specifying Static Interfaces for a Multicast Router 57-8 Displaying Port Members of Multicast Services IP Multicast Registration Table Assigning Ports to Multicast Services Igmp Member Port Table 28-8 Configuring Domain Name Service Configuring General DNS Service Parameters 58-3 58-458-5 58-7 Configuring Static DNS Host to Address Entries 58-1 58-6 Displaying the DNS Cache DNS Cache 29-6 Switch Clustering Cluster Configuration Cluster Member Configuration Web Click Cluster, ConfigurationAdds Candidate switches to the cluster as Members 61-1 Web Click Cluster, Member Configuration Displays current cluster Member switch informationCluster Member Information 61-3 Cluster Candidate Information 61-5 Section IIICommand Line Interface Page Accessing the CLI Using the Command Line InterfaceTelnet Connection 31-2 Entering Commands Command CompletionGetting Help on Commands Keywords and Arguments Showing Commands Using Command History Negating the Effect of CommandsPartial Keyword Lookup Exec Commands Understanding Command ModesGeneral Command Modes Configuration Commands Configuration Command Modes Prompt Consoleconfig-if# 45-1 Keystroke Commands Command Line ProcessingKeystroke Function Using the Command Line Interface 31-10 CLI Command Groups Command Group Index Description 55-1 Class of Service57-1 General Commands Enable Disable ConfigureRelated Commands Example Show history Normal Exec, Privileged Exec Prompt EndExit Syntax Prompt string no prompt This example shows how to quit a CLI session This command exits the configuration programQuit General Commands 33-6 System Management Commands System Management Commands Function ModeHostname Syntax Hostname name no hostname Syntax Switch all renumber Default Setting Switch renumberReload Show startup-config Syntax No jumbo frame Default SettingJumbo frame Show ipv6 mtu 34-4 Show running-config Show running-config34-5 Show startup-config34-3 Show system This command displays system informationShow users Show version 34-9 System Management Commands 34-10 File Management Commands Saving or Restoring Configuration SettingsFlash/File Commands Function Mode Managing Firmware Copy 35-3 This command deletes a file or image DeleteSyntax Delete unit filename This command displays a list of files in flash memory Syntax Dir unit boot-rom config opcode filenameDir Dir Delete public-key41-20 Whichboot Syntax whichboot unitFile Directory Information Column Heading Description Syntax Boot system unit boot-romconfig opcode filename Boot systemDir 35-5 whichboot File Management Commands 35-8 Line Commands Line Commands Function ModeLine Syntax Line console vty Login Syntax Login local no login Password Username 41-1 passwordSyntax Password 0 7 password no password No password is specified Exec-timeout Timeout login responseSyntax Exec-timeout seconds no exec-timeout Password-thresh CLI No timeout Telnet 10 minutesSyntax Password-thresh threshold no password-thresh Default value is three attempts Silent-time DatabitsSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databits Parity Syntax Parity none even odd no parity Speed StopbitsSyntax Speed bps no speed Syntax Stopbits 1 Disconnect Show lineSyntax Disconnect session-id Syntax Show line console vty To show all lines, enter this command Event Logging Commands Event Logging Commands Function ModeSyntax No logging on Default Setting Logging on Logging history Flash errors level 3 RAM warnings level 7Logging history 37-2 logging trap 37-4 clear log Default Setting Command Mode Logging hostLogging facility Syntax No logging host hostipaddress Logging trap Disabled Level 7Syntax Logging trap level no logging trap Clear log Show loggingSyntax Clear log flash ram Syntax Show logging flash ram sendmail trap Show logging flash/ram display description Logging facility commandShow logging trap display description Syntax Show log flash ram Show logFollowing example shows the event message stored in RAM Event Logging Commands 37-8 Smtp Alert Commands Smtp Alert Commands Function ModeLogging sendmail host 38-4 Logging sendmail level Logging sendmail source-emailSyntax Logging sendmail level level Syntax Logging sendmail source-email email-address Syntax No logging sendmail Default Setting Logging sendmail destination-emailLogging sendmail Syntax No logging sendmail destination-email email-address Show logging sendmail Time Commands Time Commands Function ModeSyntax No sntp client Default Setting Sntp client Sntp server 39-2 sntp poll 39-3 show sntp Sntp serverSyntax Sntp server ip1 ip2 ip3 Sntp poll Show sntpSntp client 39-1 sntp poll 39-3 show sntp Syntax Sntp poll seconds no sntp poll Clock timezone This command displays the system clock Calendar setShow calendar Calendar set hour min sec day month year month day year Time Commands 39-6 Snmp Commands Snmp Commands Function Mode Snmp-server Syntax No snmp-server Default SettingShow snmp Snmp-server community Snmp-server contact Snmp-server locationSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Snmp-server host Host Address None Notification Type Traps Snmp Version UDP Port Snmp-server enable traps Snmp-server enable trapsIssue authentication and link-up-down traps Snmp-server engine-id This example shows the default engine ID This command shows the Snmp engine IDShow snmp engine-id Defaultview includes access to the entire MIB tree Snmp-server viewExamples This view includes MIB-2 This command shows information on the Snmp views Show snmp viewSnmp-server group Show snmp view display description 40-12 Show snmp group display description Show snmp groupField Description Groupname Name of an Snmp group Snmp-server user This command shows information on Snmp users Show snmp user Show snmp user display description User Authentication Commands User Account CommandsAuthentication Commands Command Group Function User Access Commands Function Mode Default Login Settings Username Access-level Password Enable passwordGuest Admin Authentication login Authentication SequenceAuthentication Sequence Commands Function Mode Authentication enable Tacacs Use Tacacs server passwordUsername for setting the local user names and passwords Local Radius Client Commands Function Mode Show radius-server Shows the current Radius settings 41-8Radius Client 41-8 Default Setting Auth-port Retransmit Command ModeRadius-server host Radius-server port Radius-server retransmit Radius-server keySyntax Radius-server key keystring no radius-server key Radius-server timeout Show radius-server TACACS+ Client Commands Function Mode TACACS+ ClientTacacs-server host Tacacs-server port Show tacacs-server Tacacs-server keySyntax Tacacs-server key keystring no tacacs-server key Ip http port Web Server CommandsIp http server Ip http secure-server Syntax No ip http secure-server Default SettingIp http port Ip http secure-port41-13copy tftp https-certificate Ip http secure-portPortnumber The UDP port used for HTTPS. Range Telnet Server Commands Function Mode Telnet Server CommandsIp telnet server Secure Shell Commands 10 Secure Shell Commands Function ModeConfiguration Guidelines Sets the SSH server key size 41-19 Copy tftp public-key 41-16 Syntax No ip ssh server Default Setting Ip ssh server Ip ssh timeout Syntax Ip ssh timeout seconds no ip ssh timeoutExec-timeout36-4 show ip ssh Ip ssh crypto host-key generate 41-20 show ssh Ip ssh authentication-retries Ip ssh server-key sizeKey-size- The size of server key. Range 512-896 bits Bits Delete public-key Ip ssh crypto host-key generateSyntax Delete public-key username dsa rsa Syntax Ip ssh crypto host-key generate dsa rsa Ip ssh crypto zeroize Ip ssh save host-keySyntax Ip ssh crypto zeroize dsa rsa Syntax Ip ssh save host-key dsa rsa This command displays the current SSH server connections Show ip sshShow ssh Ip ssh crypto host-key generate Terminology Show public-keySyntax Show public-key user username host IP Filter Commands 12 IP Filter Commands Function ModeManagement 41-25 Show management 41-26 Port Security Commands Port Security Commands Function ModePort security Max-mac-count Shutdown 45-6mac-address-table static 802.1X Port Authentication 802.1X Port Authentication Commands Function ModeSyntax No dot1x system-auth-control Default Setting Dot1x system-auth-control Dot1x default Default Command ModeDot1x max-req Dot1x port-control Force-authorized Dot1x operation-modeSingle-host Dot1x re-authenticate Dot1x re-authenticationSyntax Dot1x re-authenticate interface Syntax No dot1x re-authentication Command Mode Dot1x timeout quiet-period Dot1x timeout re-authperiodDot1x timeout re-authperiod43-5 Seconds The number of seconds. Range Dot1x timeout tx-period Show dot1xSyntax Show dot1x statistics interface interface Statistics Displays dot1x status for each port Interface Authenticator State Machine Backend State Machine Reauthentication State Machine State- Current state including initialize, reauthenticate Access Control List Commands Access Control List Commands Command Groups FunctionIPv4 ACL Commands Function Mode IPv4 ACLs Access-list ip Syntax No access-list ip standard extended aclnamePermit, deny Ip access-group44-6 show ip access-list44-5 Syntax No permit deny any source bitmask host source Standard IPv4 ACL Access-list ipNo permit deny tcp Extended IPv4 ACL Show ip access-list This command displays the rules for configured IPv4 ACLsSyntax Show ip access-list standard extended aclname Permit, deny Ip access-group44-6 Ip access-group Show ip access-groupSyntax No ip access-group aclname Show ip access-list44-5 Access-list ipv6 IPv6 ACL Commands Function ModeSyntax No access-list ipv6 standard extended aclname IPv6 ACLs Standard IPv6 ACL Access-list ipv6New rules are appended to the end of the list Syntax No permit deny Any destination-ipv6-address/prefix-lengthNext-header next-header dscp dscp flow-label flow-label Extended IPv6 ACL Show ipv6 access-list This command displays the rules for configured IPv6 ACLs Show ipv6 access-group Ipv6 access-groupSyntax No ipv6 access-group aclname Access-list mac MAC ACL Commands Function ModeSyntax No access-list mac aclname MAC ACLs Permit, deny MAC ACL No permit deny tagged-eth2No permit deny untagged-eth2 No permit deny tagged-802.3 This command displays the rules for configured MAC ACLs Show mac access-listSyntax Show mac access-list aclname Show mac access-group Mac access-groupSyntax Mac access-group aclname Show access-list Show access-groupACL Information Commands Function Mode ACL Information 44-17 Access Control List Commands 44-18 Interface Commands Interface Commands Function ModeInterface Port-channel channel-idRange Speed-duplex DescriptionSyntax Description string no description Negotiation Syntax No negotiation Default SettingNegotiation 45-3 capabilities Capabilities Following example configures port 11 to use autonegotiationCapabilities 45-4speed-duplex45-2 Syntax No flowcontrol Default Setting Following example enables flow control on portFlowcontrol Negotiation 45-3speed-duplex45-2 flowcontrol Syntax Media-type mode no media-type Syntax No shutdown Default SettingMedia-type Shutdown Clear counters Port-channel channel-idRange Default SettingSyntax Clear counters interface This command displays the status for an interface Show interfaces statusSyntax Show interfaces status interface Shows the status for all interfaces This command displays interface statistics Show interfaces countersSyntax Show interfaces counters interface Shows the counters for all interfaces Syntax Show interfaces switchport interface Show interfaces switchportShow interfaces switchport display description Indicates membership mode as Trunk or Hybrid Indicates the default priority for untagged framesAllowed Vlan Indicates tagged Interface Commands 45-12 Link Aggregation Commands Link Aggregation CommandsGuidelines for Creating Trunks Dynamically Creating a Port Channel Channel-groupSyntax Channel-group channel-idno channel-group Port channel load-balance Src-dst-ip Syntax No lacp Default Setting Lacp Lacp system-priority 32768 Lacp admin-keyEthernet Interface Syntax Lacp admin-key key no lacp admin-key Lacp admin-key Port ChannelInterface Configuration Port Channel Lacp port-priority This command displays Lacp informationShow lacp Port Channel all Show lacp counters display descriptionType LACPDUs Illegal Pkts Show lacp internal display description Show lacp neighbors display description Show port-channel load-balance Show lacp sysid display description 46-12 Broadcast Storm Control Commands Switchport broadcast packet-rateBroadcast Storm Control Commands Function Mode Enabled for all ports Packet-rate limit 500 pps Broadcast Storm Control Commands 47-2 Mirror Port Commands Mirror Port Commands Function ModeInterface Configuration Ethernet, destination port Port monitor This command displays mirror information Following shows mirroring configured from port 6 to portShow port monitor Syntax Show port monitor interface Rate Limit Commands Rate Limit Commands Function ModeRate-limit Gigabit Ethernet 1000 Mbps Rate Limit Commands 49-2 Address Table Commands Address Table Commands Function ModeMac-address-table static Action Clear mac-address-table dynamic Mac-address- MAC address Mask Bits to match in the address Show mac-address-tableShow ipv6 neighbors Mac-address-table aging-time Show mac-address-table aging-time Spanning Tree Commands Spanning Tree Commands Function Mode Spanning-tree mode Syntax No spanning-tree Default SettingSpanning tree is enabled Spanning-tree Spanning-tree forward-time Spanning-tree forward-time Spanning-tree hello-time Spanning-tree forward-time 51-3spanning-tree max-age Spanning-tree priority Spanning-tree max-ageSpanning-tree forward-time 51-3spanning-tree hello-time Spanning-tree pathcost method Long method Spanning-tree mst-configuration This command limits the maximum transmission rate for BPDUsSpanning-tree transmission-limit Count The transmission limit in seconds. Range Mst vlan MST ConfigurationNo mst instanceid vlan vlan-range Mst priority NameMst instanceid priority priority no mst instanceid priority Syntax Name name Revision Syntax Revision numberNumber Revision number of the spanning tree. Range Name Spanning-tree spanning-disabled Syntax No spanning-tree spanning-disabled Default SettingThis example disables the spanning tree algorithm for port Max-hops Spanning-tree cost Syntax Spanning-tree cost cost no spanning-tree cost Syntax No spanning-tree edge-port Default Setting Spanning-tree port-prioritySpanning-tree edge-port Priority The priority for a port. Range 0-240, in steps Syntax No spanning-tree portfast Default Setting Spanning-tree portfast Spanning-tree link-type Spanning-treeedge-port51-13 Spanning-tree mst cost Spanning-tree mst port-priority51-17 Spanning-tree protocol-migration Spanning-tree mst port-prioritySyntax Spanning-tree protocol-migration interface Show spanning-tree Syntax Show spanning-tree interface mst instanceid 51-19 Show spanning-tree mst configuration Vlan Commands Gvrp and Bridge Extension CommandsVlan Commands Command Groups Function Gvrp and Bridge Extension Commands Function Mode Bridge-ext gvrp Syntax No bridge-ext gvrp Default SettingShow bridge-ext Switchport gvrp Show gvrp configurationSyntax No switchport gvrp Default Setting Syntax Show gvrp configuration interface Garp timer Show garp timer Syntax Show garp timer interfaceCommands for Editing Vlan Groups Function Mode Editing Vlan Groups By default only Vlan 1 exists and is active Vlan Database ConfigurationVlan Show vlan Configuring Vlan Interfaces Commands for Configuring Vlan Interfaces Function ModeInterface vlan Interface vlan Switchport mode Syntax Switchport mode hybrid trunk no switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types52-9 Switchport acceptable-frame-types Switchport ingress-filteringSwitchport mode Syntax No switchport ingress-filtering Default Setting Switchport native vlan Switchport allowed vlan Switchport forbidden vlan No VLANs are included in the forbidden list Ieee 802.1Q Tunneling Commands Function Mode General Configuration Guidelines for QinQDot1q-tunnel 52-14 Syntax No dot1q-tunnel system-tunnel-control Default Setting Show dot1q-tunnel52-16 Show interfaces switchport Switchport dot1q-tunnel tpid 0x8100 Commands for Displaying Vlan Information Function Mode Displaying Vlan Information This command shows Vlan information Following example shows how to display information for VlanShow vlan Syntax Show vlan id vlan-idname vlan-name Vlan Commands 52-18 Private Vlan Commands Private Vlan Commands Function ModePvlan No private VLANs are defined This command displays the configured private Vlan Show pvlan Protocol-based Vlan Commands Protocol-vlan protocol-group Configuring GroupsProtocol-based Vlan Commands Function Mode 54-4 No protocol groups are configured Protocol-vlan protocol-group ConfiguringNo protocol groups are mapped for any interface This shows protocol group 1 configured for IP over Ethernet Show protocol-vlan protocol-groupSyntax Show protocol-vlan protocol-group group-id Group-id- Group identifier for a protocol group. Range Show interfaces protocol-vlan protocol-group Mapping for all interfaces is displayed Class of Service Commands Priority Commands LayerPriority Commands Command Groups Function Priority Commands Layer Function Mode Queue mode Syntax Queue mode strict wrr no queue modeWeighted Round Robin Queue bandwidth 55-4 show queue mode Switchport priority default Queue bandwidth weight1...weight4 no queue bandwidth Queue bandwidthQueue cos-map Queue cos-mapqueueid cos1 ... cosn no queue cos-map Show queue mode Default CoS Priority LevelsThis command shows the current queue mode Show queue cos-map55-6 This command shows the class of service priority map Show queue bandwidthShow queue cos-map Syntax Show queue cos-map interface Priority Commands Layer 3 Function Mode Priority Commands Layer 3Syntax No map ip port Default Setting Following example shows how to map Http traffic to CoS value Syntax No map ip precedence Default Setting Map ip precedence Interface Configuration List below shows the default priority mapping Syntax No map ip dscp Default Setting Map ip dscp dscp-value cos cos-value no map ip dscp This command shows the IP port priority map Show map ip portMapping IP Dscp to CoS Values IP Dscp Value Syntax Show map ip port interface Show map ip precedence This command shows the IP precedence priority mapSyntax Show map ip precedence interface Show map ip dscp This command shows the IP Dscp priority mapSyntax Show map ip dscp interface 55-14 Quality of Service Commands Quality of Service Commands Function Mode Syntax No class-map class-map-namematch-any Class-mapShow class map Class Map Configuration Match Policy-map ClassNo policy-mappolicy-map-name No class class-map-name Policy Map Configuration Set Policy Map Class Configuration PoliceSyntax No police rate-kbpsburst-byteexceed-action drop set Drop out-of-profile packets Syntax No service-policy input policy-map-name Service-policyNo policy map is attached to an interface Show class-map Show policy-mapSyntax Show class-map class-map-name Show policy-mappolicy-map-name class class-map-name Show policy-map interface Port-channel channel-idRange Command ModeSyntax Show policy-map interface interface input Quality of Service Commands 56-10 Igmp Snooping Commands Multicast Filtering CommandsIp igmp snooping Ip igmp snooping version Ip igmp snooping vlan staticIgmp Version Show ip igmp snooping Show mac-address-table multicast Igmp Query Commands Igmp Query Commands Function ModeSyntax No ip igmp snooping querier Default Setting Ip igmp snooping querier Following shows how to configure the query count to Ip igmp snooping query-countIp igmp snooping query-interval Times Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping query-max-response-time Switch must use IGMPv2 for this command to take effect Ip igmp snooping router-port-expire-time Static Multicast Routing Commands Static Multicast Routing Commands Function ModeNo static multicast router ports are configured Ip igmp snooping vlan mrouter Displays multicast router ports for all configured VLANs Show ip igmp snooping mrouter Multicast Filtering Commands 57-10 Domain Name Service Commands DNS Commands Function ModeIp host No ip host name address1 address2 … address8 This command deletes entries from the DNS table Clear hostThis example maps two address to a host name Syntax Clear host name Ip domain-name Ip domain-listSyntax Ip domain-name name no ip domain-name Ip domain-list58-3 ip name-server58-4 ip domain-lookup58-5 Ip domain-name58-3 Ip name-serverServer-address1- IP address of domain-name server Ip domain-lookup Syntax No ip domain-lookup Default SettingIp domain-name58-3 ip domain-lookup58-5 Show hosts Ip domain-name58-3 ip name-server58-4 Show dns cache Show dnsShow dns cache display description This command clears all entries in the DNS cache Clear dns cache IPv4 Configuration Commands Function Mode IPv4 Interface CommandsIp address Ip default-gateway Syntax Ip default-gateway gateway no ip default-gatewayGateway IP address of the default gateway Ip dhcp restart 59-3 ipv6 address Following example defines a default gateway for this device Show ip redirects 59-4 ipv6 default-gateway60-12This command submits an IPv4 Bootp or Dhcp client request Ip dhcp restart This command displays the settings of an IPv4 interface Ip default-gateway59-2 Show ipv6 default-gateway60-12Show ip interface Show ip redirects This command has no default for the host PingSyntax Ping host count countsize size Interface 45-1 ping ipv6 59 IPv4 Interface Commands 59-6 IPv6 Interface Commands IPv6 Configuration Commands Ipv6 enable Syntax No ipv6 enable Default SettingIPv6 is disabled Ipv6 address link-local60-9 show ipv6 interface No general prefix is defined Ipv6 general-prefixShow ipv6 general-prefix60-4 This command displays all configured IPv6 general prefixes Show ipv6 general-prefixIpv6 address No IPv6 addresses are defined 60-5 Ipv6 address autoconfig Syntax No ipv6 address autoconfig Default Setting Ipv6 address eui-64 Ipv6 address Show ipv6 interface Ipv6 address autoconfig 60-6 show ipv6 interface Ipv6 address link-local Show ipv6 interface Ipv6 enable Show ipv6 interfaceShow ipv6 interface display description Field Show ipv6 interface display description FF022, and solicited nodes FF021FFXXXXXX as described belowAppending those bits to the prefix Maximum transmission unit for this interface Show ipv6 default-gateway Ipv6 default-gatewaySyntax Ipv6 default-gateway ipv6-addressno ipv6 address Ipv6 mtu Syntax Ipv6 mtu size no ipv6 mtu Show ipv6 mtu Show ipv6 trafficFollowing example shows the MTU cache for this device Show ipv6 mtu display description 60-15 Received in error Format errorsErrors discovered in processing their IPv6 options, etc Ipv6 rcvd Rcvd total Show ipv6 traffic display description Ipv6 sent Checksum errors Ipv6 icmp input InputInput interface for the messages Prohibited messages received by the interface Ipv6 icmp output Clear ipv6 traffic Repeat 5 timeout 2 seconds Ping ipv6 Ipv6 neighbor Show ipv6 neighbors 60-26mac-address-table static Ipv6 nd dad attemptsSyntax Ipv6 nd dad attempts count no ipv6 nd dad attempts Ipv6 nd ns interval 60-25 show ipv6 neighbors Ipv6 nd ns interval Milliseconds is used for neighbor discovery operations Syntax Show ipv6 neighbors vlan vlan-id ipv6-address Show ipv6 neighborsShow ipv6 neighbors display description Field Description Clear ipv6 neighbors Show ipv6 neighbors display description 60 IPv6 Interface Commands 60-28 Switch Cluster Commands Switch Cluster Commands Function ModeSyntax No cluster Default Setting Cluster Cluster commander Syntax No cluster commander Default SettingCluster ip-pool Syntax Cluster ip-pool ip-addressno cluster ip-pool Cluster member No Members Rcommand Syntax Rcommand id member-idMember-id- The ID number of the Member switch. Range This command shows the switch clustering configuration Show cluster members This command shows the current switch cluster membersShow cluster candidates Switch Cluster Commands 61-6 Section IVAppendices Appendices Appendix a Software Specifications Software Features Management Features Groups 1, 2, 3, 9 Statistics, History, Alarm, EventStandards Icmp RFC Igmp RFC Management Information Bases Management Information Bases a Software Specifications Appendix B Troubleshooting Problems Accessing the Management InterfaceTable B-1 Troubleshooting Chart Symptom Action Using System Logs Access Control List ACL Glossary Extended Universal Identifier EUI See Generic Attribute Registration Protocol Ieee 802.1Q Defines frame extensions for Vlan tagging IP Precedence See Port Trunk Port Mirroring See Ieee Secure Shell SSH TCP/IP protocol commonly used for software downloads User Datagram Protocol UDP Glossary Glossary-8 Index Numerics Index-2 Index-3 Index-4 Page ES4524D ES4548D E112006-CS-R01 149100030400A