Page
Page
Page
Page
Contents
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Tables
Page
Page
Page
Figures
Page
Page
Page
Chapter 1: Introduction
1 Introduction
Description of Software Features
Page
System Defaults
System Defaults
Table 1-2System Defaults (Continued)
Address Table
Aging Time
Virtual LANs
Default VLAN
Chapter 2: Initial Configuration
2 Initial Configuration
Page
Page
Page
Then save your configuration changes by typing “copy
The default strings are:
public - with
private - with
To configure a community string, complete the following steps:
From the Privileged Exec level global configuration mode prompt, type
To save the current configuration settings, enter the following command:
From the Privileged Exec mode prompt, type “copy
2.Enter the name of the start-upfile. Press <Enter
Managing System Files
Page
Chapter 3: Configuring the Switch
3 Configuring the Switch
Navigating the Web Browser Interface
Table 3-1Web Page Configuration Buttons
Button
Action
Apply
Sets specified values to the system
Page
Page
Page
Page
ACL CoS Priority
matching an ACL rule
IGMP Configuration
query
Multicast Router
Page
CLI – Specify the hostname, location and contact information
Main Board
•Serial Number – The serial number of the switch
•Number of Ports – Number of built-inports
•Hardware Version – Hardware version of the main board
•Unit ID – Unit number in stack
•Redundant Power Status – Displays the status of the redundant power supply
Web – Click System, Switch Information
Figure 3-4Switch Information
CLI – Use the following command to display version information
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Figure 3-18Remote Logs
Page
Page
Figure 3-21Resetting the System
CLI – Use the reload command to restart the switch
Note: When restarting the system, it will always run the Power-On Self-Test
Page
Page
Simple Network Management Protocol
Table 3-4SNMPv3 Security Models and Levels
Group
public
private
v2c
Page
Page
•Trap UDP Port – Specifies the UDP port number used by the trap manager
Enable Authentication Traps
(Default: Enabled)
Enable
Page
Page
Page
Page
Page
Page
Page
Table 3-5Supported Notification Messages
Object Label
Object ID
RFC 1493 Traps
newRoot
Table 3-5Supported Notification Messages (Continued)
Private Traps
swPowerStatus
ChangeTrap
swFanFailureTrap
Figure 3-31Configuring SNMPv3 Groups
Page
User Authentication
Page
Page
Page
Figure 3-34Authentication Server Settings
CLI – Specify all the required parameters to enable logon authentication
Page
Page
Page
Set the Optional Parameters
Enable SSH Service
Challenge-Response
Authentication
a.The client sends its public key to the switch
Page
The SSH server includes basic settings for authentication
•SSH Server-KeySize – Specifies the SSH server key size. (Range: 512-896bits;
Default: 768)
-The server key is a private key that is never shared outside the switch
-The host key is shared with the SSH client, and is fixed at 1024 bits
Figure 3-37SSH Server Settings
Page
Page
Page
Page
Page
Page
Page
This switch can display statistics for dot1x protocol exchanges for any port
Table 3-7802.1X Statistics
Rx EAPOL Start
Rx EAPOL Logoff
Rx EAPOL Invalid
Figure 3-42802.1X Port Statistics
CLI – This example displays the dot1x statistics for port
Page
Figure 3-43IP Filter
CLI – This example restricts management access for Telnet clients
Access Control Lists
Page
Page
Page
Figure 3-46ACL Configuration - Extended IP
CLI – This example adds three rules:
Page
Page
Page
Page
Page
Page
Page
Figure 3-51ACL Port Binding
Port Configuration
Field Attributes (Web)
•Port – Port number
•Name – Interface label
•Type – Indicates the port type. (10G)
Page
Page
Page
Figure 3-53Port - Port Configuration
CLI – Select the interface, and then enter the required settings
Page
statically
configured
active
links
Page
•Member List (Current) – Shows configured trunks (Unit, Port)
Figure 3-55LACP Trunk Configuration
Page
Page
Page
Page
Table 3-9LACP Internal Configuration Information
Field
Oper Key
Current operational value of the key for the aggregation port
Admin Key
Figure 3-58LACP - Port Internal Information
Page
Page
Figure 3-60Port Broadcast Control
Page
Page
Table 3-11Port Statistics
Interface Statistics
Received Octets
characters
Received Unicast Packets
Table 3-11Port Statistics (Continued)
buffer space
Transmit Errors
errors
Etherlike Statistics
Received Frames
Broadcast Frames
Multicast Frames
multicast address
CRC/Alignment Errors
Page
Address Table Settings
CLI – This example shows statistics for port
Address Table Settings
•Static Address Counts13 – The number of manually configured addresses
•Current Static Address Table – Lists all the static addresses
Interface – Port or trunk associated with the device assigned a static address
•MAC Address – Physical address of a device mapped to this interface
Page
Page
Spanning Tree Algorithm Configuration
Page
Page
Page
Global settings apply to the entire switch
•Spanning Tree Protocol14
•Rapid Spanning Tree Protocol14
Page
•Minimum: The higher of 4 or [(Max. Message Age / 2) + 1]
•Maximum:
Configuration Settings for RSTP
The following attributes apply to both RSTP and MSTP:
Long: Specifies
Page
Page
Oper Link Type – The operational
port.R
R: Root Port
A:Alternate Port
D:Designated Port
Page
Page
Page
Page
To use multiple spanning trees:
1.Set the spanning tree type to MSTP (STA Configuration, page 3-116)
3.Add the VLANs that will share this MSTI (MSTP VLAN Configuration)
Note: All VLANs are automatically added to the IST (Instance 0)
•MST Instance – Instance identifier of this spanning tree. (Default: 0)
Figure 3-71MSTP VLAN Configuration
Page
MST Instance ID – Instance identifier to configure. (Range: 0-4094;Default: 0)
Figure 3-72MSTP Port Information
Page
Page
VLAN Configuration
Assigning Ports to VLANs
Page
Forwarding Tagged/Untagged Frames
Page
Page
Page
Figure 3-77VLAN Static List - Creating VLANs
CLI – This example creates a new VLAN
•Status – Enables or disables the specified VLAN
Page
CLI – The following example adds tagged and untagged ports to VLAN
•Interface – Port (1-8)or trunk identifier
•Member – VLANs for which the selected interface is a tagged member
•Non-Member– VLANs for which the selected interface is not a tagged member
Figure 3-79VLAN Static Membership by Port
-Ingress filtering only affects tagged frames
GARP Join Timer
GARP Leave Timer
Page
Page
Page
To configure protocol-basedVLANs, follow these steps:
First configure VLAN groups for the protocols you want to use
Create a protocol group for one or more protocols
Protocol Group ID – Group identifier of this protocol group. (Range:
Frame Type
Page
Class of Service Configuration
Figure 3-85Default Port Priority
CLI – This example assigns a default priority of 5 to port
Page
Figure 3-86Traffic Classes
Page
Figure 3-88Queue Scheduling
Page
Page
Table 3-15Mapping DSCP Priority
IP DSCP Value
CoS Value
10, 12, 14
18, 20, 22
Figure 3-91IP DSCP Priority
Page
Table 3-16Egress Queue Priority Mapping
You must configure an ACL mask before you can map CoS values to the rule
•Name23 – Name of ACL
•Type – Type of ACL (IP or MAC)
CoS Priority – CoS value used for packets matching an IP ACL rule. (Range:
Multicast Filtering
Page
Page
Figure 3-95IGMP Configuration
Page
Page
Page
Page
Configuring Domain Name Service
•Note that if all name servers are deleted, DNS will automatically be disabled
•Domain Lookup Status – Enables DNS host name-to-addresstranslation
Default Domain Name
Domain Name List
Figure 3-100DNS General Configuration
Page
Page
Page
Page
Chapter 4: Command Line Interface
4 Command Line Interface
Entering Commands
enable
Console#show startup-config
Console(config)#username admin password 0 smith
The command “show interfaces ?” will display the following information:
Table 4-1General Command Modes
Class
Exec
Normal
Privileged
Page
Page
Command Groups
Line Commands
Page
Page
Page
Page
Page
Page
Page
Page
show ssh (4-39)show users (4-61)
This command displays the terminal line’s parameters
show line [console | vty]
Shows all lines
Normal Exec, Privileged Exec
General Commands
Page
Page
Page
System Management Commands
Page
Page
Page
Page
This example restricts management access to the indicated addresses
show management {all-client| http-client| snmp-client| telnet-client}
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Table 4-16show ssh - display description
Session
The session number. (Range: 0-3)
Version
The Secure Shell version number
Table 4-17Event Logging Commands
logging on
logging history
severity
logging host
Page
Page
Page
Page
Page
Page
Page
Page
[no] logging sendmail destination-email email-address
[no] logging sendmail
Page
Page
Page
Page
Page
Page
show running-config (4-58)
Page
show startup-config (4-56)
This command displays system information
For a description of the items shown by this command, refer to
Page
Page
Flash/File Commands
•The system prompts for data required to complete the copy command
The maximum number of
To replace the startup configuration, you must use
For information on specifying an
The following example shows how to download a configuration file:
This command deletes a file or image
delete filename
filename - Name of configuration file or code image
Page
Page
Authentication Commands
Page
Page
Page
radius-serverport port_number no radius-serverport
radius-serverkey key_string no radius-serverkey
Page
Page
Page
Page
Page
Page
Page
Page
The
This command forces re-authenticationon all ports or a specific interface
dot1x re-authenticate[interface]
•ethernet unit/port
-unit - This is unit
Page
Page
Page
Page
Access Control List Commands
Page
Page
Page
Page
Extended ACL
•All new rules are appended to the end of the list
-SYN flag valid, use “control-code2 2”
-Both SYN and ACK valid, use “control-code18 18”
-SYN valid and ACK invalid, use “control-code2 18”
Page
Page
Page
Page
This command shows the ingress or egress rule masks for IP ACLs
show access-listip mask-precedence[in | out]
•in – Ingress mask precedence for ingress ACLs
•out – Egress mask precedence for egress ACLs
Page
Page
Page
Page
Page
Page
MAC ACL
•New rules are added to the end of the list
•The ethertype option can only be used to filter Ethernet II formatted packets
-0800 - IP
-0806 - ARP
Page
•vid-bitmask – VLAN ID of rule must match this bitmask
•ethertype – Check the Ethernet type field
•ethertype-bitmask – Ethernet type of rule must match this bitmask
MAC Mask
•Up to seven masks can be assigned to an ingress or egress ACL
This example creates an Egress MAC ACL
This command shows the ingress or egress rule masks for MAC ACLs
show access-listmac mask-precedence[in | out]
mask (MAC ACL) (4-104)
Page
Page
map access-listmac (4-108)
Table 4-38ACL Information Commands
show access-list
Show all ACLs and associated rules
show access-group
Shows the ACLs assigned to each port
SNMP Commands
This command can be used to check the status of SNMP communications
Page
Page
Page
6.Specify a remote engine ID where the user resides (page 4-117)
7.Then configure a remote user (page 4-122)
snmp-serverenable traps (4-116)
[no] snmp-serverenable traps [authentication | link-up-down]
•authentication - Keyword to issue authentication failure notifications
Page
A remote engine ID is required when using SNMPv3 informs. (See
This command shows the SNMP engine ID
This example shows the default engine ID
Local SNMP engineID
String identifying the engine ID
view-name
oid-tree
•view-name- Name of an SNMP view. (Range: 1-64characters)
•included - Defines an included view
•excluded - Defines an excluded view
Page
Page
Page
•encrypted - Accepts the password as encrypted input
•auth - Uses SNMPv3 with authentication
•md5 | sha - Uses MD5 or SHA authentication
•priv des56 - Uses SNMPv3 with privacy with DES56 encryption
Before you configure a remote user, use the
This command shows information on SNMP users
Table 4-43show snmp user - display description
EngineId
User Name
Name of user connecting to the SNMP agent
Interface Commands
Page
Page
Page
Page
Page
Shows the status for all interfaces
This command displays interface statistics
show interfaces counters [interface]
Shows the counters for all interfaces
show interfaces switchport [interface]
Shows all interfaces
Page
Mirror Port Commands
This command displays mirror information
show port monitor [interface]
interface - ethernet unit/port (source port)
•unit - This is unit
•port - Port number. (Range: 1-8)
Rate Limit Commands
Link Aggregation Commands
Page
Page
Page
Page
Page
Page
Table 4-50show lacp internal - display description
LACP port priority assigned to this interface within the channel group
Table 4-51show lacp neighbors - display description
Partner Admin
Port Number
Partner Oper
partner
Address Table Commands
Table 4-53Address Table Commands
dynamic
Displays entries in the bridge-forwardingdatabase
mac-address-table
mac-address-tablestatic mac-address interface interface vlan vlan-id [action]
no mac-address-tablestatic mac-address vlan vlan-id
•mac-address - MAC address
•vlan-id - VLAN ID (Range: 1-4094)
•action
Page
Page
Spanning Tree Commands
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
spanning-tree edge-port (4-161)
•auto - Automatically derived from the duplex mode setting
•point-to-point- Point-to-pointlink
•shared - Shared medium
Specify a
Page
Page
Page
Page
VLAN Commands
Page
Page
shutdown (4-129)
switchport mode {trunk | hybrid} no switchport mode
trunk - Specifies a port as an
All ports are in hybrid mode with the PVID set to VLAN
switchport acceptable-frame-types (4-172)
•all - The port accepts all frames, tagged or untagged
•tagged - The port only receives tagged frames
All frame types
switchport mode (4-171)
[no] switchport ingress-filtering
Page
switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list}
no switchport allowed vlan
•add vlan-list - List of VLAN identifiers to add
•remove vlan-list - List of VLAN identifiers to remove
•All ports are assigned to VLAN 1 by default
Page
Page
Table 4-59Private VLAN Commands
pvlan
Enables and configured private VLANS
show pvlan
Displays the configured private VLANS
Page
group-id
frame
no protocol-vlan protocol-group group-id
•group-id - Group identifier of this protocol group. (Range: 1-2147483647)
No protocol groups are configured
Page
GVRP and Bridge Extension Commands
Page
Page
Page
Priority Commands
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Multicast Filtering Commands
Page
The following shows how to statically configure a multicast group on a port:
ip igmp snooping version {1 | 2} no ip igmp snooping version
•1 - IGMP Version
•2 - IGMP Version
IGMP Version
The following shows the current IGMP snooping configuration:
This command shows known multicast addresses
show mac-address-tablemulticast [vlan vlan-id][user | igmp-snooping]
•user - Display only the user-configuredmulticast entries
•igmp-snooping- Display only entries learned through IGMP snooping
Page
Page
Page
Page
IP Interface Commands
Page
Page
•DHCP requires the server to reassign the client’s last address if available
In the following example, the device is reassigned the same address
ip address (4-206)
This command displays the settings for the switch’s IP interface
This command shows the default gateway configured for this device
ip default-gateway (4-207)
This command sends ICMP echo request packets to another node on the network
ping host [count count][size size]
•host - IP address or IP alias of the host
•count - Number of packets to send. (Range: 1-16,default: 5)
DNS Commands
Page
Page
ip domain-name (4-211)
[no] ip name-server server-address1 [server-address2 … server-address6]
[no] ip
name-server
•server-address1 - IP address of domain-nameserver
ip domain-name (4-211)ip domain-lookup (4-214)
[no] ip domain-lookup
•At least one name server must be specified before you can enable DNS
•If all name servers are deleted, DNS will automatically be disabled
This example enables DNS and then displays the configuration
ip domain-name (4-211)ip name-server (4-213)
This command displays the static host name-to-addressmapping table
This command displays the configuration of the DNS service
Page
Appendix A: Software Specifications
A Software Specifications
Management Information Bases A
Page
Appendix B: Troubleshooting
B Troubleshooting
Glossary
Glossary-2
Glossary-3
Glossary-4
Glossary-5
Glossary-6
Index
Index-2
Index-3
Index-4
