Accton Technology ES4710BD 12.1 Introduction to ACL

266

EES4710BD 10 Slots L2/L3/L4 Chassis Switch

Chapter 12 ACL Configuration

12.1 Introduction to ACL

ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing

network traffic control by granting or denying access through the switches, effectively safeguarding

the security of networks. The user can lay down a set of rules according to some information

specific to packets, each rule describes the action for a packet with certain information matched:

“permit” or “deny”. The user can apply such rules to the incoming or outgoing direction of switch

ports, so that data streams in the specific direction of specified ports must comply with the ACL

rules assigned.

12.1.1 Access list

Access list is a sequential collection of conditions that corresponds to a specific rule. Each rule

consists of filter information and the action when the rule is matched. Information included in a rule

is the effective combination of conditions such as source IP, destination IP, IP protocol number and

TCP port. Access lists can be categorized by the following criteria:

z Filter information based criterion: IP access list (layer 3 or higher information), MAC

access list (layer 2 information), and MAC-IP access list (layer 2 or higher). The current

implementation supports IP access list only, the other two functions will be provided later.

z Configuration complexity based criterion: standard and extended, the extended mode

allows more specific filtering of information.

z Nomenclature based criterion: numbered and named.

Description of an ACL should cover the above three aspects.

12.1.2 Access-group

When a set of access lists are created, they can be applied to traffic of any direction on all ports.

Access-group is the description to a the binding of an access list to the specified direction on a

specific port. When an access-group is created, all packets from in the specified direction through

the port will be compared to the access list rule to decide whether to permit or deny access.

12.1.3 Access list Action and Global Default Action

There are two access list actions and default actions: “permit” or “deny”

Contents

Main www.edge-core.com 10 Slots L2/L3/L4 Chassis Switch Users Guide Preface Content Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Chapter 1 Product Overview 1.1 Product Brief 1.1.1 Introduction 1.1.2 Features Advanced Architecture Interfaces Carrier Class Reliability Support for 10G Ethernet Page IGMP Snooping Broadcast Storm Control Port Mirroring DHCP Server, Relay and Client 1.1.3 Main Features 1.2 Technical specifications Protocols and Standards Management Protocols and Methods MIB Library 1.3 Physical Specifications 1.4 Hardware Components 1.4.1 Chassis 1.4.1.1 Board Rack 1.4.1.2 Power Supply 1.4.1.3 Ventilation and Cooling System 1.4.2 Introduction to ES4710BD cards 1.4.2.1 EM4710BD-AGENT 1.4.2.1.1 Front Panel 1.4.2.1.2 Front Panel - Indicator 1.4.2.1.3 Front Panel Console Port 1.4.2.1.4 Front Panel Management Port 1.4.2.1.5 Front Panel Reset Button 1.4.2.1.6 Front Panel SWAP Button 1.4.2.2 EM4700BD-12GT-RJ45 1.4.2.2.1 Front Panel 1.4.2.2.2 Front Panel - Indicator 1.4.2.2.3 Front Panel Port Description 1.4.2.2.4 Front Panel Reset Button 1.4.2.2.5 Front Panel SWAP Button 1.4.2.3 EM4700BD-12GX-SFP 1.4.2.3.1 Front Panel 1.4.2.3.2 Front Panel - Indicator 1.4.2.3.3 Front Panel Port Description 1.4.2.3.4 Front Panel Reset Button 1.4.2.3.5 Front Panel SWAP Button 1.4.2.4 EM4700BD-2XG-XENPAK 1.4.2.4.1 Front Panel 1.4.2.4.2 Front Panel - Indicator 1.4.2.4.3 Front Panel Port Description 1.4.2.4.4 Front Panel Reset Button 1.4.2.4.5 Front Panel SWAP Button 1.4.2.5 EM-7600-ES and EM-7600-ES-2GB 1.4.2.5.1 Front Panel 1.4.2.5.2 Front Panel - Indicator 1.4.2.5.3 Front Panel Port Description 1.4.2.5.4 Front Panel Reset Button 1.4.2.5.5 Front Panel SWAP Button 1.4.3 EM4710BD-AC and EM-7608-DC 1.4.3.1 EM4710BD-AC (Alternating Current Power Module) 1.4.3.2 EM-7608-DC (Direct Current Power Module) 1.4.3.3 Power module Front Panel 1.4.4 Power Distribution Box 1.4.5 System Backplane 1.4.6 Fan Tray 1.4.7 Dust Gauze 1.4.8 Rear Panel 1.4.9 Side Panels 1.5 System Features Chapter 2 Hardware Installation 2.1 Safety Information Page 2.1.1 Site Requirements 2.1.2 Temperature and Humidity Requirements 2.1.3 Dust and Particles 2.1.4 Preventing Electrostatic Discharge Damage 2.1.5 Anti-interference Requirements 2.1.6 Rack Configuration 2.1.7 Power Supply Requirements 2.2 Preparing for Installation 2.2.1 Checking Switch Hardware Configuration and Accessories 2.2.2 Required Tools and Utilities 2.3 Hardware Installation Page 2.3.1 Switch Installation 2.3.1.1 Desktop installation 2.3.1.2 Rack-mounting ES4710BD 2.3.1.3 Wearing an ESD Wrist Strap 2.3.2 Switch grounding 2.3.3 Card and module installation 2.3.3.1 Removing and Installing the Cards 2.3.3.2 Removing and installing the Dust Gauze 2.3.3.3 Removing and Installing the Fan Tray 2.3.3.4 Removing and Installing Power Supply Modules 2.3.4 Connecting to the console 2.3.5 Connecting to the Management Port 2.3.6 SFP transceiver installation 2.3.7 XENPAK transceiver installation 2.3.8 Copper Cable/Fiber Cable Connection 2.3.9 Power supply connection Page Chapter 3 Setup Configuration 3.1 Setup Configuration 3.1.1 Main Setup Menu 3.1.2 Setup Submenu 3.1.2.1 Configuring switch hostname 3.1.2.2 Configuring Vlan1 Interface 3.1.2.3 Telnet Server Configuration Page 3.1.2.4 Configuring Web Server 3.1.2.5 Configuring SNMP Page 3.1.2.6 Exiting Setup Configuration Mode Chapter 4 Switch Management 4.1 Management Options 4.1.1 Out-of-band Management Page Page Page 4.1.2 In-band Management 4.1.2.1 Management via Telnet Page Switch#config Switch(Config)#telnet-user test password 0 test 4.1.2.2 Managing the Switch through ECview 4.2 Management Interface 4.2.1 CLI Interface 4.2.1.1 Configuration Modes 4.2.1.1.1 User Mode 4.2.1.1.2 Admin Mode 4.2.1.1.3 Global Mode 4.2.1.1.3.1 Interface Mode 4.2.1.1.3.2 VLAN Mode 4.2.1.1.3.3 DHCP Address Pool Mode 4.2.1.1.3.4 Route Mode 4.2.1.1.3.5 ACL Mode 4.2.1.2 Configuration Syntax 4.2.1.3 Shortcut Key Support 4.2.1.4 Help function 4.2.1.5 Input verification 4.2.1.5.1 Returned Information: success 4.2.1.5.2 Returned Information: error 4.2.1.6 Fuzzy match support 4.3 Web Management 4.3.1 Main Page 4.3.2 Module Front Panel Chapter 5 Basic Switch Configuration 5.1 Basic Switch Configuration Commands 5.1.1 clock set 5.1.2 config 5.1.3 enable 5.1.4 enable password 5.1.5 exec timeout 5.1.6 exit 5.1.7 help 5.1.8 ip host 5.1.9 hostname 5.1.10 reload 5.1.11 set default 5.1.12 setup 5.1.13 language 5.2 Maintenance and Debug Commands 5.2.1 ping 5.2.2 Telnet 5.2.2.1 Introduction to Telnet 5.2.2.2 Telnet Task Sequence 5.2.2.3 Telnet Commands 5.2.2.3.1 monitor 5.2.2.3.2 telnet 5.2.2.3.3 telnet-server enable 5.2.2.3.4 telnet-server securityip 5.2.2.3.5 telnet-user 5.2.3 traceroute 5.2.4 show 5.2.4.1 show clock 5.2.4.2 show debugging 5.2.4.3 show flash 5.2.4.4 show history 5.2.4.5 show memory 5.2.4.6 show running-config 5.2.4.7 show startup-config 5.2.4.8 show switchport interface 5.2.4.9 show tcp 5.2.4.10 show udp 5.2.4.11 show telnet login 5.2.4.12 show telnet user 5.2.4.13 show version 5.2.5 debug 5.3 Configuring Switch IP Addresses 5.3.1 Configuring Switch IP Addresses Task Sequence 5.3.2 Commands for Configuring Switch IP Addresses 5.3.2.1 ip address 5.3.2.2 ip bootp-client enable 5.3.2.3 ip dhcp-client enable 5.4 Configuring SNMP 5.4.1 Introduction to SNMP 5.4.2 Introduction to MIB 5.4.3 Introduction to RMON 5.4.4 Configuring SNMP 5.4.4.1 SNMP Configuration Task Sequence 5.4.4.2 SNMP Configuration Commands 5.4.4.2.1 rmon 5.4.4.2.2 snmp-server community 5.4.4.2.3 snmp-server enable 5.4.4.2.4 snmp-server enable traps 5.4.4.2.5 snmp-server host 5.4.5 Typical SNMP Configuration Examples 5.4.4.2.6 snmp-server securityip 1. 1. 1. 5 1. 1. 1. 9 5.4.6 SNMP Troubleshooting Help 5.4.6.1 Monitor and Debug Commands 5.4.6.1.1 show snmp Page 5.4.6.1.2 show snmp status 5.4.6.1.3 debug snmp packet 5.4.6.2 SNMP Troubleshooting Help 5.5 Switch Upgrade 5.5.1 BootROM Upgrade Page 5.5.2 FTP/TFTP Upgrade 5.5.2.1 Introduction to FTP/TFTP Page 5.5.2.2 FTP/TFTP Configuration 5.5.2.2.1 FTP/TFTP Configuration Task Sequence Page 5.5.2.2.2 FTP/TFTP Configuration Commands 5.5.2.2.3 copyFTP 5.5.2.2.4 dir 5.5.2.2.5 ftp-server enable 5.5.2.2.6 ftp-server timeout 5.5.2.2.7 ip ftp 5.5.2.2.8 copyTFTP 5.5.2.2.9 tftp-server enable 5.5.2.2.10 tftp-server retransmission-number 5.5.2.2.11 tftp-server transmission-timeout 5.5.2.3 FTP/TFTP Configuration Examples 10. 1. 1. 1 10. 1. 1. 2 Page Page Page 5.5.2.4 FTP/TFTP Troubleshooting Help 5.5.2.4.1 Monitor and Debug Commands 5.5.2.4.2 show ftp 5.5.2.4.3 show tftp 5.5.2.4.4 FTP Troubleshooting Help 5.5.2.4.5 TFTP Troubleshooting Help 5.6 WEB MANAGEMENT 5.6.1 Switch basic configuration 5.6.1.1 Basicconfig 5.6.1.2 Configure exec timeout 5.6.2 SNMP configuration 5.6.2.1 SNMP manager configuration Page 5.6.2.4 SNMP statistics 5.6.2.5 RMON and trap configuration 5.6.3 Switch upgrade 5.6.3.1 TFTP client configuration 5.6.3.2 TFTP server configuration 5.6.3.3 FTP client configuration 5.6.3.4 FTP server configuration 5.6.4 Maintenance and debug command 5.6.4.1 Debug command 5.6.4.2 Show vlan port property 5.6.4.3 Others 5.6.5 Basic introduction to switch 5.6.6 Switch on-off information 5.6.7 Switch Maintenance 5.6.7.1 Web server user configuration Page 5.6.8.2 Telnet security IP Chapter 6 Device Management 6.1 Device Management Brief 6.2 Device Management Configuration 6.2.2 Device Management Troubleshooting Help 6.2.2.1 Monitor and Debug Commands 6.2.2.1.1 show slot 6.2.2.1.2 show fan 6.2.2.1.3 show power 6.2.2.1.4 debug devsm 6.3 Card Hot-Swap Operation 6.3.1 Card Hot-Insertion 6.3.2 Card Hot-Remove 6.3.3 Configuration Recover Rules 6.3.4 Active-Standby Alternation 6.4 WEB MANAGEMENT Page 6.4.3 Show fan 6.4.4 Show power 6.4.5 Show module in slot Chapter 7 Port Configuration 7.1 Introduction to Port 7.2 Port Configuration 7.2.1 Network Port Configuration 7.2.1.1 Network Port Configuration Task Sequence 7.2.1.2 Ethernet Port Configuration Commands 7.2.1.2.1 bandwidth 7.2.1.2.2 combo-forced-mode 7.2.1.2.3 flow control 7.2.1.2.4 interface ethernet 7.2.1.2.5 loopback 7.2.1.2.6 mdi 7.2.1.2.7 name 7.2.1.2.8 negotiation 7.2.1.2.9 rate-suppression 7.2.1.2.10 shutdown 7.2.1.2.11 speed-duplex 7.2.2 VLAN Interface Configuration 7.2.2.1 VLAN Interface Configuration Task Sequence 7.2.2.2 VLAN Interface Configuration Commands 7.2.2.2.1 interface vlan 7.2.2.2.2 ip address 7.2.2.2.3 shutdown 7.2.3.2 Network Management Port Configuration Commands 7.2.3.2.1 duplex 7.2.3.2.2 interface ethernet 7.2.3.2.3 ip address 7.2.3.2.4 loopback 7.2.3.2.5 shutdown 7.2.3.2.6 speed 7.2.4 Port Mirroring Configuration 7.2.4.1 Introduction to Port Mirroring 7.2.4.2 Port Mirroring Configuration Task Sequence 7.2.4.3 Port Mirroring Configuration 7.2.4.3.1 monitor session source interface 7.2.4.3.2 monitor session destination interface 7.2.4.4 Port Mirroring Examples 7.2.4.5 Device Mirroring Troubleshooting Help 7.2.4.5.1 Monitor and Debug Commands 7.2.4.5.1.1 show monitor 7.2.4.5.2 Device Mirroring Troubleshooting Help 7.3 Port Configuration Example 7.4 Port Troubleshooting Help 7.4.1 Monitor and Debug Commands 7.4.1.1 clear counters 7.4.1.2 show interface 7.4.2 Port Troubleshooting Help 7.5 WEB MANAGEMENT 7.5.1 Ethernet port configuration 7.5.1.1 Physical port configuration 7.5.1.2 Bandwidth control 7.5.2 Vlan interface configuration 7.5.2.1 Allocate IP address for L3 port 7.5.2.2 L3 port IP addr mode configuration 7.5.3 Port mirroring configuration 7.5.3.1 Mirror configuration 7.5.4 Port debug and maintenance 7.5.4.1 Show port information Chapter 8 MAC Table Configuration 8.1 Introduction to MAC Table 8.1.1 Obtaining MAC Table PC1 PC4 PC3 PC2 8.1.2 Forward or Filter 8.2 MAC Table Configuration 8.2.1 mac-address-table aging-time 8.2.2 mac-address-table static 8.2.3 mac-address-table blackhole 8.3 Typical Configuration Examples PC1 PC4 PC3 PC2 8.4 Troubleshooting Help 8.4.1 Monitor and Debug Commands 8.4.1.1 show mac-address-table aging-time 8.4.1.2 show mac-address-table static 8.4.1.3 show mac-address-table blackhole 8.4.2 Troubleshooting Help 8.5 MAC Address Function Extension 8.5.1 MAC Address Binding 8.5.1.1 Introduction to MAC Address Binding 8.5.1.2 MAC Address Binding Configuration 8.5.1.2.1 MAC Address Binding Configuration Task Sequence Page 8.5.1.2.2 MAC Address Binding Configuration Commands 8.5.1.2.2.1 switchport port-security 8.5.1.2.2.2 switchport port-security convert 8.5.1.2.2.3 switchport port-security lock 8.5.1.2.2.4 switchport port-security timeout 8.5.1.2.2.5 switchport port-security mac-address 8.5.1.2.2.6 clear port-security dynamic 8.5.1.2.2.7 switchport port-security maximum 8.5.1.2.2.8 switchport port-security violation 8.5.1.3 Mac Address Binding Troubleshooting Help 8.5.1.3.1 MAC Address Binding Debug and Monitor Commands 8.5.1.3.1.1 show port-security 8.5.1.3.1.2 show port-security interface 8.5.1.3.1.3 show port-security address 8.5.1.3.2 MAC Address Binding Troubleshooting Help 8.6 WEB MANAGEMENT 8.6.1 Mac address table configuration 8.6.1.1 Unicast address configuration 8.6.1.2 Delete unicast address 8.6.1.3 MAC address query 8.6.1.4 Show MAC address table 8.6.2 MAC address binding configuration 8.6.2.1 Enable port MAC-Binding 8.6.2.1.1 Enable port MAC-Binding 8.6.2.2 Lock port 8.6.2.2.1 Lock port 8.6.2.2.2 Dynamic MAC converting 8.6.2.2.3 Enable port security timeout 8.6.2.2.4 Binding MAC 8.6.2.2.5 Clearing port MAC 8.6.2.3 MAC binding attribution configuration 8.6.2.3.1 Maximum port security IP number configuration 8.6.2.3.2 Port violation mode 8.6.2.4 MAC binding debug 8.6.2.4.1 Show MAC binding security address Chapter 9 VLAN Configuration 9.1 Introduction to VLAN 9.2 VLAN Configuration 9.2.1 VLAN Configuration Task Sequence 9.2.2 VLAN Configuration Commands 9.2.2.1 vlan 9.2.2.2 name 9.2.2.3 switchport access vlan 9.2.2.4 switchport interface 9.2.2.5 switchport mode 9.2.2.6 switchport trunk allowed vlan 9.2.2.7 switchport trunk native vlan 9.2.2.8 vlan ingress disable 9.2.3 Typical VLAN Application Page 9.3 GVRP Configuration 9.3.1 GVRP Configuration Task Sequence 9.3.2 GVRP Commands 9.3.2.1 garp timer join 9.3.2.2 garp timer leave 9.3.2.3 garp timer hold 9.3.2.4 garp timer leaveall 9.3.2.5 gvrp 9.3.3 Typical GVRP Application Page 9.4 VLAN Troubleshooting Help 9.4.1 Monitor and Debug Information 9.4.1.1 show vlan 9.4.1.2 show garp 9.4.1.3 show gvrp 9.4.1.4 debug gvrp 9.4.2 VLAN Troubleshooting Help 9.5 WEB MANAGEMENT 9.5.1 Vlan configuration 9.5.1.1 Create/remove Vlan 9.5.1.1.1 VID allocation 9.5.1.1.2 VID attribution configuration 9.5.1.2 Allocate port for Vlan 9.5.1.2.1 Allocate port for Vlan 9.5.1.3 Port type configuration 9.5.1.3.1 Set port mode(trunk/access) 9.5.1.4 Trunk port configuration 9.5.1.4.1 Vlan setting for trunk port 9.5.1.5 Set allow Vlan 9.5.1.5.1 Vlan setting for access port 9.5.1.6 Enable/Disable Vlan ingress rule 9.5.1.6.1 Disable Vlan ingress rule 9.5.2 GVRP configuration 9.5.2.1 Enable global GVRP 9.5.2.3 GVRP configuration 9.5.2.2 Enable port GVRP 9.5.3 Vlan debug and maintenance 9.5.3.1 Show vlan 9.5.3.2 Show GARP 9.5.3.3 Show GVRP Chapter 10 MSTP Configuration 10.1 Introduction to MSTP 10.1.1 MSTP field 10.1.1.1 MST field operation 10.1.1.2 MST inter-field operation 10.1.2 Port role How does MSTP Load-balance Work 10.2 MSTP Configuration 10.2.1 MSTP configuration task sequence Page 10.2.2 Introduction to MSTP configuration commands 10.2.2.1 abort 10.2.2.2 exit 10.2.2.3 instance vlan 10.2.2.4 name 10.2.2.5 revision-level 10.2.2.6 spanning-tree 10.2.2.7 spanning-tree forward-time 10.2.2.8 spanning-tree hello-time 10.2.2.9 spanning-tree link-type p2p 10.2.2.10 spanning-tree maxage 10.2.2.11 spanning-tree max-hop 10.2.2.12 spanning-tree mcheck 10.2.2.13 spanning-tree mode 10.2.2.14 spanning-tree mst configuration 10.2.2.15 spanning-tree mst cost 10.2.2.16 spanning-tree mst port-priority 10.2.2.17 spanning-tree mst priority 10.2.2.18 spanning-tree portfast 10.3 MSTP Example Page Page Page 10.4 MSTP Troubleshooting Help 10.4.1 Monitor and Debug Command 10.4.1.1 show spanning-tree Page Page 10.4.1.2 show mst configuration 10.4.1.3 show mst-pending 10.4.1.4 debug spanning-tree 10.4.2 MSTP Troubleshooting Help 10.5 WEB MANAGEMENT 10.5.1 MSTP field operation 10.5.1.1 Instance configuration 10.5.1.2 Field operation 10.5.1.3 Revision level control 10.5.2 MSTP port operation 10.5.2.1 Edge port setting 10.5.2.2 Port priority setting 10.5.2.3 Port route cost setting 10.5.2.4 MSTP mode 10.5.3 MSTP global control 10.5.3.1 MSTP global protocol port configuration 10.5.3.2 Forward delay time configuration 10.5.3.4 Set the max age time for BPDU information in the switch 10.5.3.5 Set the max hop count support for BPDU transmitting in MSTP field 10.5.3.7 Set bridge priority of the specified instance for the switch 10.5.3.6 Set switch to spanning tree mode 10.5.4 Show MSTP setting 10.5.4.1 Instance information 10.5.4.2 MSTP field information Chapter11 IGMP Snooping Configuration 11.1 Introduction to IGMP Snooping 11.2 IGMP Snooping Configuration 11.2.1 IGMP Snooping Configuration Task 11.2.2 IGMP Snooping Configuration Command 11.2.2.1 ip igmp snooping 11.2.2.2 ip igmp snooping vlan 11.2.2.3 ip igmp snooping vlan mrouter 11.2.2.4 ip igmp snooping vlan static 11.2.2.5 ip igmp snooping vlan immediate-leave 11.2.2.6 ip igmp snooping vlan query 11.2.2.7 ip igmp snooping vlan query robustness 11.2.2.8 ip igmp snooping vlan query interval 11.2.2.9 ip igmp snooping vlan query max-response-time 11.3 IGMP Snooping Example Swi t ch 2 Switch1 11.4 IGMP Snooping Troubleshooting Help 11.4.1 Monitor and Debug Commands 11.4.1.1 show ip igmp snooping Page Page 11.4.1.2 show mac-address-table multicast 11.4.1.3 debug igmp snooping 11.4.2 IGMP Snooping Troubleshooting Help 11.5 WEB MANAGEMENT 11.5.1 Turning on the IGMP snooping function 11.5.2 IGMP snooping configuration 11.5.2.1 Query configuration 11.5.2.2 Snooping configuration 11.5.2.3 Configuration display 11.5.3 IGMP snooping static multicast configuration 11.5.3.1 IGMP snooping static multicast configuration 11.5.3.2 IGMP snooping display Page Chapter 12 ACL Configuration 12.1 Introduction to ACL 12.1.1 Access list 12.1.2 Access-group 12.1.3 Access list Action and Global Default Action 12.2 ACL configuration 12.2.1 ACL Configuration Task Sequence Page Page Page 12.2.2 ACL Configuration Commands 12.2.2.1 access-list(extended) 12.2.2.2 access list(standard) 12.2.2.3 firewall 12.2.2.4 firewall default 12.2.2.5 ip access extended 12.2.2.6 ip access standard 12.2.2.7 ip access-group 12.2.2.8 permit | deny(extended) 12.2.2.9 permit | deny(standard) 12.3 ACL Example 12.4 ACL Troubleshooting Help 12.4.1 ACL Debug and Monitor Commands 12.4.1.1 show access lists 12.4.1.2 show access-group 12.4.1.3 show firewall 12.4.2 ACL Troubleshooting Help 12.5 WEB MANAGEMENT 12.5.1 Numeric standard ACL configuration 12.5.2 Delete numeric IP ACL 12.5.3 Configure the numeric extended ACL Page Page 12.5.5 Configure extended ACL name configuration 12.5.6 Firewall configuration 12.5.7 ACL port binding Chapter 13 Port Channel Configuration 13.1 Introduction to Port Channel 13.2 Port Channel Configuration 13.2.1 Port Channel Configuration Task Sequence 13.2.2 Port Channel Configuration Commands 13.2.2.1 port-group 13.2.2.2 port-group mode 13.2.2.3 interface port-channel 13.3 Port Channel Example Page 13.4 Port Channel Troubleshooting Help 13.4.1 Monitor and Debug Commands 13.4.1.1 show port-group Page Page Page 13.4.1.2 debug lacp 13.4.2 Port Channel Troubleshooting Help 13.5 WEB MANAGEMENT 13.5.1 LACP port group configuration 13.5.2 LACP port configuration Chapter 14 DHCP Configuration 14.1 Introduction to DHCP 14.2 DHCP Server Configuration 14.2.1 DHCP Sever Configuration Task Sequence Page 14.2.2 DHCP Server Configuration Commands 14.2.2.1 bootfile 14.2.2.2 client-identifier 14.2.2.3 client-name 14.2.2.4 default-router 14.2.2.5 dns-server 14.2.2.6 domain-name 14.2.2.7 hardware-address 14.2.2.8 host 14.2.2.9 ip dhcp conflict logging 14.2.2.10 ip dhcp excluded-address 14.2.2.11 ip dhcp pool 14.2.2.12 loghost dhcp 14.2.2.13 lease 14.2.2.14 netbios-name-server 14.2.2.15 netbios-node-type 14.2.2.16 network-address 14.2.2.17 next-server 14.2.2.18 option 14.2.2.19 service dhcp 14.3 DHCP Relay Configuration 14.3.1 DHCP Relay Configuration Task Sequence 14.3.2 DHCP Relay Configuration Command 14.3.2.1 ip forward-protocol udp 14.3.2.2 ip helper-address 14.3.2.3 ip dhcp relay information policy drop 14.4 DHCP Configuration Example Page Page 14.5 DHCP Troubleshooting Help 14.5.1 Monitor and Debug Commands 14.5.1.1 clear ip dhcp binding 14.5.1.2 clear ip dhcp conflict 14.5.1.3 clear ip dhcp server statistics 14.5.1.4 show ip dhcp binding 14.5.1.5 show ip dhcp conflict 14.5.1.6 show ip dhcp server statistics 14.5.1.7 debug ip dhcp server 14.5.2 DHCP Troubleshooting Help 14.6 Web management 14.6.1 DHCP server configuration 14.6.2 Enable DHCP 14.6.2.1 Address pool configuration 14.6.2.2 Clients default gateway configuration 14.6.2.3 Client dns server configuration 14.6.2.4 Client wins server configuration 14.6.2.5 DHCP file server address configuration 14.6.2.6 DHCP network parameter configuration 14.6.2.7 Manual address pool configuration 14.6.2.8 Excluded address configuration Page 14.6.4 DHCP debugging 14.6.4.1 Delete binding log 14.6.4.2 Delete conflict log 14.6.4.3 Delete DHCP server statistics log 14.6.4.4 Show IP-Mac binding 14.6.2.5 Show conflict-logging Chapter 15 SNTP Configuration 15.1 SNTP Configuration Commands 15.1.1 sntp server 15.1.2 sntp polltime 15.1.3 sntp timezone 15.2 Typical SNTP Configuration Examples 15.3 SNTP Troubleshooting Help 15.3.1 Monitor and Debug Commands 15.3.1.1 show sntp 15.3.1.2 debug sntp 15.4 WEB MANAGEMENT 15.4.1 SNMP/NTP server configuration 15.4.2 Request interval configuration 15.4.3 Time difference 15.4.4 Show SNMP Chapter 16 QoS Configuration 16.1 Introduction to QoS 16.1.1 QoS Terms 16.1.2 QoS Implementation 16.1.3 Basic QoS Model Page Page Page 16.2 QoS Configuration 16.2.1 QoS Configuration Task Sequence Page Page Page 16.2.2 QoS Configuration Commands 16.2.2.1 mls qos 16.2.2.2 class-map 16.2.2.3 match 16.2.2.4 policy-map 16.2.2.5 class 16.2.2.6 set 16.2.2.7 police 16.2.2.8 mls qos aggregate-policer 16.2.2.9 police aggregate 16.2.2.10 mls qos trust 16.2.2.11 mls qos cos 16.2.2.12 service-policy 16.2.2.13 mls qos dscp-mutation 16.2.2.14 wrr-queue bandwidth 16.2.2.15 priority-queue out 16.2.2.16 wrr-queue cos-map 16.2.2.17 mls qos map 16.3 QoS Example Page Page 16.4 QoS Troubleshooting Help 16.4.1 QoS Debug and Monitor Commands 16.4.1.1 show mls-qos 16.4.1.2 show mls qos aggregate-policer 16.4.1.3 show mls qos interface Page 16.4.1.4 show mls qos maps 16.4.1.5 show class-map 16.4.1.6 show policy-map 16.4.2 QoS Troubleshooting Help 16.5 WEB MANAGEMENT 16.5.1 Enable QoS 16.5.2 Class-map configuration 16.5.2.1 Add/Remove class-Map 16.5.2.2 Class-map configuration 16.5.3 Policy-map priority configuration 16.5.3.1 Add/Remove policy-map 16.5.3.2 Policy-map priority configuration 16.5.3.3 Policy-map bandwidth configuration 16.5.3.4 Add/Remove aggregate policy 16.5.3.5 Apply aggregate policy 16.5.4 Apply QoS to port 16.5.4.1 Port trust mode configuration 16.5.4.2 Port default CoS configuration 16.5.4.3 Apply policy-map to port 16.5.4.4 Apply DSCP mutation mapping 16.5.5 Egress-queue configuration 16.5.5.1 Egress-queue WRR weight configuration 16.5.5.2 Egress-queue Work mode configuration 16.5.5.3 Mapping CoS values to egress queue 16.5.6 QoS mapping configuration 16.5.6.1 CoS-to-DSCP mapping 16.5.6.2 DSCP-to-CoS mapping 16.5.6.3 DSCP mutation mapping 16.5.6.4 IP-precedence-to-DSCP mapping 16.5.6.5 DSCP mark down mapping Chapter 17 L3 Forward Configuration 17.1 Layer 3 Interface 17.1.1 Introduction to Layer 3 Interface 17.1.2 Layer 3 interface configuration 17.1.2.1 Layer 3 Interface Configuration Task Sequence 17.1.2.2 Layer 3 Interface Configuration Commands 17.1.2.2.1 interface vlan 17.2 IP Forwarding 17.2.1 Introduction to IP Forwarding 17.2.2 IP Route Aggregation Configuration 17.2.2.1 IP Route Aggregation Configuration Task 17.2.2.2 IP Route Aggregation Configuration Command 17.2.2.2.1 ip fib optimize 17.2.3 IP Forwarding Troubleshooting Help 17.2.3.1 Monitor and Debug Commands 17.2.3.1.1 show ip traffic Page 17.2.3.1.2 debug ip packet 17.3 ARP 17.3.1 Introduction to ARP 17.3.2 ARP configuration 17.3.2.1 ARP Configuration Task Sequence 17.3.2.2 ARP Forwarding Configuration Commands 17.3.2.2.1 Arp 17.3.2.2.2 ip proxy-arp 17.3.3 ARP Forwarding Troubleshooting Help 17.3.3.1 Monitor and Debug Commands 17.3.3.1.1 show arp 17.3.3.1.2 clear arp-cache 17.3.3.1.3 debug arp 17.3.3.2 ARP Troubleshooting Help 17.4 Web management 17.4.1 L3 port configuration 17.4.2 IP route aggregation configuration 17.4.3 ARP configuration 17.4.3.1 Configure static ARP 17.4.3.2 Clear ARP 17.4.3.3 Show ARP 17.4.3.4 Proxy ARP configuration Chapter 18 Routing Protocol Configuration 18.1 Route Table 18.2 Static Route 18.2.1 Introduction to Static Route 18.2.2 Introduction to Default Route 18.2.3 Static Route Configuration 18.2.3.1 Static Route Configuration Task Sequence 18.2.3.2 Static Route Configuration Commands 18.2.3.2.1 ip route 18.2.3.2.2 show ip route 18.2.4 Configuration Scenario 18.2.5 Troubleshooting Help 18.2.5.1 Monitor and Debug Commands 18.3 RIP 18.3.1 Introduction to RIP Page 18.3.2 RIP Configuration 18.3.2.1 RIP Configuration Task Sequence Page Page 18.3.2.2 RIP Configuration Commands 18.3.2.2.1 auto-summary 18.3.2.2.2 default-metric 18.3.2.2.3 ip rip authentication key-chain 18.3.2.2.4 ip rip authentication mode 18.3.2.2.5 ip rip metricin 18.3.2.2.6 ip rip metricout 18.3.2.2.7 ip rip input 18.3.2.2.9 ip rip receive version 18.3.2.2.8 ip rip output 18.3.2.2.10 ip rip send version 18.3.2.2.11 ip rip work 18.3.2.2.12 ip split-horizon 18.3.2.2.13 redistribute 18.3.2.2.14 rip broadcast 18.3.2.2.15 rip checkzero 18.3.2.2.16 rip preference 18.3.2.2.17 router rip 18.3.2.2.18 timer basic 18.3.2.2.19 version 18.3.2.2.20 show ip protocols 18.3.2.2.21 show ip rip 18.3.2.2.22 debug ip rip packet 18.3.2.2.23 debug ip rip recv 18.3.2.2.24 debug ip rip send 18.3.3 Typical RIP Scenario Page 18.3.4 RIP Troubleshooting Help 18.3.4.1 Monitor and Debug Commands Page 18.3.4.2 RIP Troubleshooting 18.4 OSPF 18.4.1 Introduction to OSPF Page Page 18.4.2 OSPF Configuration 18.4.2.1 Configuration Task Sequence Page Page 18.4.2.2 OSPF Configuration Commands 18.4.2.2.1 default redistribute cost 18.4.2.2.2 default redistribute interval 18.4.2.2.3 default redistribute limit 18.4.2.2.4 default redistribute tag 18.4.2.2.5 default redistribute type 18.4.2.2.6 ip ospf authentication 18.4.2.2.7 ip ospf cost 18.4.2.2.8 ip ospf dead-interval 18.4.2.2.9 ospf enable area 18.4.2.2.10 ip ospf hello-interval 18.4.2.2.11 ip ospf passive-interface 18.4.2.2.12 ip ospf priority 18.4.2.2.13 ip ospf retransmit-interval 18.4.2.2.14 ip ospf transmit-delay 18.4.2.2.15 network 18.4.2.2.16 preference 18.4.2.2.17 redistribute ospfase 18.4.2.2.18 router id 18.4.2.2.19 router ospf 18.4.2.2.20 stub cost 18.4.2.2.21 virtuallink neighborid 18.4.2.2.22 show ip ospf 18.4.2.2.23 show ip ospf ase 18.4.2.2.24 show ip ospf cumulative 18.4.2.2.25 show ip ospf database Page 18.4.2.2.26 show ip ospf interface 18.4.2.2.27 show ip ospf neighbor 18.4.2.2.28 show ip ospf routing 18.4.2.2.29 show ip ospf virtual-links 18.4.2.2.30 show ip protocols 18.4.2.2.31 debug ip ospf event 18.4.2.2.32 debug ip ospf lsa 18.4.2.2.33 debug ip ospf packet 18.4.2.2.34 debug ip ospf spf 18.4.3 Typical OSPF Scenario SWI T Page Page Page Page Page Page 18.4.4 OSPF Troubleshooting Help 18.4.4.1 Monitor and Debugging Commands Page Page Page Page Page Page Page 18.4.4.2 OSPF Troubleshooting Help 18.5 WEB MANAGEMENT 18.5.1 Static route 18.5.2 RIP configuration 18.5.1.1 Static route configuration 18.5.2.1 RIP configuration 18.5.2.1.1 Enable RIP 18.5.2.1.2 Enable port to receive/transmit RIP packet 18.5.2.2 RIP parameter configuration 18.5.2.2.1 Enable imported route 18.5.2.2.2 Metricin/out configuration 18.5.2.2.3 RIP imported route 18.5.2.2.4 Global RIP configuration 18.5.2.2.5 Set RIP timer 18.5.3 OSPF 18.5.3.1.1 Enable/Disable OSPF protocol 18.5.3.1 Enable OSPF protocol 18.5.3.1.2 Router-ID configuration 18.5.3.1.3 OSPF network range configuration 18.5.3.1.4 Configure OSPF area for port 18.5.3.2 OSPF TX-parameter configuration 18.5.3.2.1 Configure OSPF authentication parameter configuration 18.5.3.2.2 Passive interface configuration 18.5.3.2.3 Sending packet cost configuration 18.5.3.3 OSPF imported route parameter configuration 18.5.3.3.1 Imported route parameter configuration 18.5.3.3.2 Import external routing information 18.5.3.4 Other parameter configuration 18.5.3.4.1 OSPF priority configuration 18.5.3.4.2 OSPF STUB area and default route cost configuration 18.5.3.4.3 OSPF virtual link configuration 18.5.3.4.4 Port DR priority configuration 18.5.3.5 OSPF debug 18.5.4 Display routing table Chapter 19 Multicast protocol Configuration 19.1 Multicast Protocol Overview 19.1.1 Introduction to Multicast 19.1.2 Multicast Address 19.1.3 IP Multicast Packets Forwarding 19.1.4 Application of Multicast 19.2 Common Multicast Configurations 19.2.1 Common Multicast Configuration Commands 19.2.1.1 show ip mroute Page 19.3 PIM-DM 19.3.1 Introduction to PIM-DM 19.3.2 PIM-DM Configuration 19.3.2.1 PIM-DM Configuration Task Sequence 19.3.2.2 PIM-DM Configuration Commands 19.3.2.3 ip pim dense-mode 19.3.2.4 ip pim query-interval 19.3.3 Typical PIM-DM Scenario 19.3.4 PIM-DM Troubleshooting Help 19.3.4.1 Monitor and Debug Commands 19.3.4.2 show ip pim mroute dm 19.3.4.3 show ip pim neighbor 19.3.4.4 show ip pim interface 19.3.4.5 debug ip pim 19.3.4.6 PIM-DM Troubleshooting Help 19.4 PIM-SM 19.4.1 Introduction to PIM-SM 19.4.2 PIM-SM Configuration 19.4.2.1 PIM-SM Configuration Task Sequence 19.4.2.2 PIM-SM Configuration Commands 19.4.2.2.1 ip pim sparse-mode 19.4.2.2.2 ip pim bsr-border 19.4.2.2.3 ip pim query-interval 19.4.2.2.4 ip pim bsr-candidate 19.4.2.2.5 ip pim rp-candidate 19.4.3 Typical PIM-SM Scenario 19.4.4 PIM-SM Troubleshooting Help 19.4.4.1 Monitor and Debug Commands 19.4.4.1.1 show ip pim bsr-router 19.4.4.1.2 show ip pim interface 19.4.4.1.3 show ip pim mroute sm 19.4.4.1.4 show ip pim neighbor 19.4.4.1.5 show ip pim rp 19.4.4.1.6 debug ip pim 19.4.4.1.7 debug ip pim bsr 19.4.4.2 PIM-SM Troubleshooting 19.5 DVMRP 19.5.1 Introduction to DVMRP 19.5.2 DVMRP configuration 19.5.2.1 Configuration Task Sequence Page 19.5.2.2 DVMRP Configuration Commands 19.5.2.2.1 ip dvmrp cisco-compatible 19.5.2.2.2 ip dvmrp enable 19.5.2.2.3 ip dvmrp graft-interval 19.5.2.2.4 ip dvmrp metric 19.5.2.2.5 ip dvmrp nbr-timeout 19.5.2.2.6 ip dvmrp probe-interval 19.5.2.2.7 ip dvmrp report-interval 19.5.2.2.8 ip dvmrp route-timeout 19.5.2.2.9 ip dvmrp tunnel 19.5.3 Typical DVMRP Scenario 19.5.4 DVMRP Troubleshooting Help 19.5.4.1 Monitor and Debug Commands 19.5.4.1.1 show ip dvmrp mroute 19.5.4.1.2 show ip dvmrp neighbor 19.5.4.1.3 show ip dvmrp route 19.5.4.1.4 show ip dvmrp tunnel 19.5.4.1.5 debug ip dvmrp detail 19.5.4.1.6 debug ip dvmrp pruning 19.5.4.2 DVMRP Troubleshooting 19.6 IGMP 19.6.1 Introduction to IGMP 19.6.2 IGMP configuration 19.6.2.1 Configuration Task Sequence Page 19.6.2.2 IGMP Configuration Commands 19.6.2.2.1 ip igmp access-group 19.6.2.2.2 ip igmp join-group 19.6.2.2.3 ip igmp query-interval 19.6.2.2.4 ip igmp query-max-response-time 19.6.2.2.5 ip igmp query-timeout 19.6.2.2.6 ip igmp static-group 19.6.2.2.7 ip igmp version 19.6.3 Typical IGMP Scenario 19.6.4 IGMP Troubleshooting Help 19.6.4.1 Monitor and Debug Commands 19.6.4.1.1 show ip igmp groups 19.6.4.1.2 show ip igmp interface 19.6.4.1.3 debug ip igmp event 19.6.4.1.4 debug ip igmp packet 19.6.4.2 IGMP Troubleshooting 19.7 WEB MANAGEMENT 19.7.1 Multicast public monitor command 19.7.2 PIM-DM configuration 19.7.2.1 Enable PIM-DM 19.7.2.2 PIM-DM parameter configuration 19.7.3 PIM-SM configuration 19.7.3.1 Enable PIM-SM 19.7.3.2 PIM-SM parameter configuration 19.7.3.3 Set interface as PIM-SM BSR border 19.7.3.4 Set router as BSR candidate 19.7.3.5 Set router as RP candidate 19.7.4 DVMRP configuration 19.7.4.1 Enable DVMRP 19.7.4.2 Cisco-compatible configuration 19.7.4.3 DVMRP parameter configuration 19.7.4.4 DVMRP global parameter configuration 19.7.4.5 DVMRP tunnel configuration 19.7.5 IGMP configuration 19.7.5.1 IGMP additive parameter configuration 19.7.5.2 IGMP version configuration 19.7.6 Multicast monitor configuration 19.7.6.1 Show ip pim interface 19.7.6.3 Show ip pim neighbor 19.7.6.2 Show ip pim mroute dm 19.7.6.4 Show ip pim bsr-router 19.7.6.5 Show ip pim mroute sm 19.7.6.6 Show ip pim rp 19.7.6.7 Show ip dvmrp mroute 19.7.6.8 Show ip dvmrp neighbor 20.1 Introduction to 802.1x 20.2 802.1x Configuration 20.2.1 802.1x Configuration Task Sequence Page Page 20.2.2 802.1x Configuration Commands 20.2.2.1 aaa enable 20.2.2.2 aaa-accounting enable 20.2.2.3 dot1x accept-mac 20.2.2.4 dot1x eapor enable 20.2.2.5 dot1x enable 20.2.2.6 dot1x privateclient enable 20.2.2.7 dot1x macfilter enable 20.2.2.8 dot1x max-req 20.2.2.9 dot1x max-user 20.2.2.10 dot1x port-control 20.2.2.11 dot1x port-method 20.2.2.12 dot1x re-authenticate 20.2.2.13 dot1x re-authentication 20.2.2.14 dot1x timeout quiet-period 20.2.2.15 dot1x timeout re-authperiod 20.2.2.16 dot1x timeout tx-period 20.2.2.17 radius-server accounting host 20.2.2.18 radius-server authentication host 20.2.2.19 radius-server dead-time 20.2.2.20 radius-server key 20.2.2.21 radius-server retransmit 20.2.2.22 radius-server timeout 20.3 802.1x Application Example 10.1.1.1 10. 1. 1. 2 Radius Server 10. 1. 1. 3 20.4 802.1x Troubleshooting 2o.4.1 802.1x Debug and Monitor Commands 20.4.1.1 show aaa config 20.4.1.2 show aaa authenticated-user 20.4.1.3 show aaa authenticating-user 20.4.1.4 show radius count 20.4.1.5 show dot1x 20.4.1.6 debug aaa 20.4.1.7 debug dot1x 20.4.2 802.1x Troubleshooting 20.5 WEB MANAGEMENT 20.5.1 RADIUS client configuration 20.5.1.1 RADIUS global configuration 20.5.1.2 RADIUS authentication configuration 20.5.1.3 RADIUS accounting configuration 20.5.2 802.1X configuration 20.5.2.1 802.1X configuration 20.5.2.2 802.1X port authentication configuration 20.5.2.3 802.1X port mac configuration 20.5.2.4 802.1X port status list Page Chapter21 VRRP Configuration 21.1 Introduction to VRRP 21.1.1 Configuration Task Sequence Page 21.1.2 VRRP Configuration Commands 21.1.2.1 router vrrp 21.1.2.2 virtual-ip 21.1.2.3 interface 21.1.2.4 enable 21.1.2.5 disable 21.1.2.6 vrrp authentication mode 21.1.2.7 vrrp authentication string 21.1.2.8 preempt 21.1.2.9 priority 21.1.2.10 advertisement-interval 21.1.2.11 circuit-failover 21.2 Typical VRRP Scenario 21.3 VRRP Troubleshooting Help 21.3.1 Monitor and Debug Commands 21.3.1.1 show vrrp 21.3.1.2 debug vrrp 21.3.2 VRRP Troubleshooting Help 21.4 WEB MANAGEMENT 21.4.1 Create VRRP Number 21.4.2 Configure VRRP Dummy IP 21.4.3 Configure VRRP Port 21.4.4 Activate Virtual Router 21.4.5 Configure Preemptive Mode For VRRP 21.4.6 Configure VRRP priority 21.4.7 Configure VRRP Timer interval 21.4.8 Configure VRRP Interface Monitor 21.4.9 Configure Authentication Mode For VRRP 21.4.10 Configure Authentication String For VRRP