Port Isolation, Shared Vlan, No port protected Ports

User Manual	UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5

isolation. If you want to configure Private VLAN on the hiD 6615 S223/S323 switch, refer to Port Isolation configuration.

8.1.9.1Port Isolation

The Port Isolation feature is a method that restricts L2 switching between isolated ports in a VLAN. Nevertheless, flows between isolated port and non-isolated port are not re- stricted. If you use the port protected command, packet cannot be transmitted between protected ports. However, to non-protected ports, communication is possible.

To configure Port Isolation, use the following command.

Command	Mode	Description

port protected PORTS	Bridge	Enables port isolation.

no port protected [PORTS]		Disables port isolation.
no port protected [PORTS]		Disables port isolation.

8.1.9.2Shared VLAN

This chapter is only for Layer 2 switch operation. The hiD 6615 S223/S323 is Layer 3 switch, but it can be used for Layer 2 also. Because there is no routing information in Layer 2 switch, each VLAN cannot communicate. Especially, the uplink port should re- ceive packets from all VLANs. Therefore, when you configure the hiD 6615 S223/S323 as Layer 2 switch, the uplink ports have to be included in all VLANs.

Fig. 8.4 In Case Packets Going Outside in Layer 2 environment

As above configuration with untagged packet, if an untagged packet comes into port 1, it is added with tag 1 for PVID 1. And the uplink port 24 is also included in the default VLAN; it can transmit to port 24.

However, a problem is possible to occur for coming down untagged packets to uplink ports. If an untagged packet comes to uplink ports from outer network, the system does not know which PIVD it has and where should it forward.

A50010-Y3-C150-2-7619

187

Page 187

Image 187

Siemens S223, S323 Port Isolation, Shared Vlan, Command Mode Description Port protected Ports, No port protected Ports

Contents

A50010-Y3-C150-2-7619 Umncli Surpass hiD 6615 S223/S323 R1.5 Important Notice on Product SafetyA50010-Y3-C150-2-7619 Details Reason for UpdateIssue History Summary System software upgrade added Contents 5.2 4.34.4 5.1 12.1 7.17.2 7.3 103 100101 102 127 124125 126 150 Surpass hiD 6615 S223/S323 R1.5 3.1147 149 182 179180 181 6.1 Surpass hiD 6615 S223/S323 R1.5 5.9216 217 247 1.161.17 246 3.8 Surpass hiD 6615 S223/S323 R1.5 3.2268 269 299 295297 298 10.1.1.2 Surpass hiD 6615 S223/S323 R1.5 10.1.1318 10.1.1.1 354 10.2.12353 10.2.13 Illustrations Igmp Snooping and PIM-SM Configuration Network 279 176 TablesTab 171 Tab .1 Overview of Chapters A50010-Y3-C150-2-7619 AudienceDocument Structure Tab .1 briefly describes the structure of this document CE Declaration of Conformity Tab .2 Command Notation of Guide BookDocument Convention Document Notation GPL/LGPL Warranty and Liability Exclusion System Overview IP Routing System FeaturesQuality of Service QoS Multicasting Broadcast Storm Control Spanning Tree Protocol STPLink Aggregation Trunking System Management based on CLI Radius and TACACS+ Command Mode Command Line Interface CLI Shows hiD 6615 S323 software mode structure briefly Tab .1 Main Commands of Privileged Exec View Mode Privileged Exec View ModePrivileged Exec Enable Mode Global Configuration Mode Tab .3 Main Commands of Global Configuration Mode Bridge Configuration Mode Tab .4 Main Commands of Bridge Configuration Mode Rule Configuration ModeOpens Rule Configuration mode Command Mode Description Ip dhcp pool Pool Dhcp Configuration ModeDhcp Option 82 Configuration Mode Tab .6 Main Commands of Dhcp Configuration Mode Rmon Configuration Mode Interface Configuration ModeCommand Mode Description Interface Interface Command Mode Description Router Configuration ModeVrrp Configuration Mode Tab .10 Main Commands of Router Configuration Mode Route-Map Configuration Mode 6615 S223/S323 Listing Available CommandsVariables following after the commands Useful Tips Command Calling Command HistorySurpass hiD 6615 S223/S323 R1.5 SWITCH# show clock Using AbbreviationUsing Command of Privileged Exec Enable Mode Tab .13 Command Abbreviation Exits to Privileged Exec enable mode Exit Current Command ModeAble mode, you will be logged out System Connection System LoginStep Command Mode Description Passwd enable Password Password for Privileged Exec ModePasswd enable 8 Password Management for System Account Changing Login PasswordCreating System Account To display the created account, use the following command Configuring Security Level SWITCH# show list No privilege bgp level Command Mode Description No privilegeNo privilege configure level No privilege rmon-alarm level Shows a configured security level Command Mode Description Show privilege Limiting Number of User Telnet AccessSWITCH# write memory SWITCH# disconnect ttyp0 Auto Log-out System RebootingManual System Rebooting SWITCHconfig# show exec-timeout No auto-reset cpu memory System AuthenticationAuto System Rebooting Auto-reset memory 1-120 Authentication Interface Authentication MethodPrimary Authentication Method Radius Server Priority Radius Server for System AuthenticationTimeout of Authentication Request Radius Server 5.2 Tacacs Server Priority Tacacs Server for System AuthenticationTacacs Server Frequency of Retransmit Command Mode Description Login tacacs timeout Additional TACACS+ ConfigurationTCP Port for the Authentication Authentication Type Start stop both Accounting ModeDisplaying System Authentication Login accounting-mode none Tacacs Sample Configuration Assigning IP Address Disabling Interface Interface Configuration ModeTo enable the interface, use the following command Enabling Interface No ip route IP-ADDRESS/M Static Route and Default GatewayAssigning IP Address to Network Interface Ip address IP-ADDRESS/M Forwarding Information BaseFIB Retain Displaying Forwarding Information BaseFIB Table Show ip interface Interface ② On Interface Configuration ModeDisplaying Interface Show interface Interface SSH Server SSH Secure Shell SSH Client Assigning Specific Authentication KeyLogin to SSH Server 2.3 Configuring Authentication Key Connect to SSH server with the authentication key Configure the authentication key in the switchSsh keygen rsa1 rsa dsa Server Suppliant Authenticator Authentication Server 802.1x AuthenticationEAP over LAN EAP over Radius Designate as default Response 1 802.1x AuthenticationConfiguring Radius Server Authentication Server Command Mode Description Dot1x radius-server move IP Configuring Authentication ModeDot1x radius-server host Command Mode Description Dot1x timeout tx-period Authentication PortForce Authorization Mode Description Dot1x port-control auto force Enabling 802.1x Re-Authentication 2 802.1x Re-Authentication1.7 Configuring Number of Request to Radius Server 1.8 Configuring Interval of Request to Radius Server Configuring the Interval of Requesting Re-authentication Configuring the Interval of Re-Authentication2.4 802.1x Re-authentication 6 802.1x User Authentication Statistic Initializing Authentication StatusApplying Default Value Displaying 802.1x Configuration SWTICHconfig# dot1x auth-mode mac-base SWTICHconfig# dot1x system-auth-control PortAuthed Selecting Port Type Port BasicShow port Ports Enabling Ethernet Port Ethernet Port ConfigurationTo enable/disable a port, use the following command Command Mode Description Port medium Port sfp rj45 Port speed Ports 10 100 Command Mode Description Port nego Ports on offAuto-negotiation Transmit Rate Half Duplex ModeCommand Mode Description Port duplex Ports full half Flow Control SWITCHbridge# show port description Following is an example of configuring flow control to portTo view description of port, use the following command SWITCHbridge# port flow-control 25 on Packets Statistics SWITCHbridge# show port statistics avg-pktSWITCHbridge# show port statistics rmon Traffic Statistics CPU statistics To enable/disable protocol statisticsProtocol statistics Port Status To display a port status, use the following commandSWITCH# show port Port Mirroring Command Mode Description Mirror add Ports ingress Activate the port mirroring, using the following commandDesignate the monitor port, use the following command Designate the mirrored ports, use the following command Configure the monitor port 1 and mirroring port 2, 3, 4 To disable monitoring function, use the following commandConnect a motoring PC to the monitor port of the switch Enable mirroring function Host Name Environment ConfigurationTime and Date Tab .1 World Time Zone Time ZoneNetwork Time Protocol Tab .1 shows the world time zone Simple Network Time Protocol Sntp NTP Network Time ProtocolFollowing is an example of releasing NTP and showing it To display Sntp configuration, use the following command Terminal ConfigurationNo sntp DNS Server Login BannerTo restore a default banner, use the following command To set a DNS server, use the following command CPU Load Fan OperationDisabling Daemon Operation System Threshold No threshold Port Ports rx Mode Description Threshold PortPort Traffic Fan Operation Threshold temp Value Value System TemperatureEnabling FTP Server System Memory All Option History router bgp pim rip Configuration ManagementDisplaying System Configuration Assigning IP Address of FTP Client Auto-Saving Saving System ConfigurationSystem Configuration File SWITCH# show running-config syslog To delete backup file, use the following command Restoring Default ConfigurationSWITCHconfig# copy running-config SURPASShiD6615 System Management SWITCHconfig# restore factory-defaultsNetwork Connection Figured time interval. Default is 2 seconds Data pattern 0xABCD Type of serviceItems Description Source address or interface Set DF bit in IP header? no IP Source Routing A50010-Y3-C150-2-7619 IP Icmp Source-Routing Following is the basic information to trace packet routes Tracing Packet Route SWITCH# traceroute Displaying User Connecting to SystemMAC Table System Information Configuring Ageing timeSWITCH# show uptime Running Time of System Running Process System Memory InformationCPU packet limit Average of CPU Load Default OS Displaying Installed OSDisplaying System Image A50010-Y3-C150-2-7619 103 Switch StatusTech Support Ber of display lines of terminal screen No snmp community ro rw Community Command Mode Description Snmp community ro rw CommunitySimple Network Management Protocol Snmp Snmp Community Following is an example of creating 2 Snmp communities Information of Snmp AgentA50010-Y3-C150-2-7619 105 Snmp Group Following is an example of configuring Snmp com2secSWITCHconfig# show snmp com2sec Snmp Com2sec Following is an example of creating an Snmp view record Permission to Access Snmp View RecordSWITCHconfig# snmp view Test included Snmp View Record Snmp Version 3 User Lowing commandTo display Snmp version 3 user, use the following command Snmp access Snmp Trap Host Snmp Trap ModeTo set an Snmp trap host, use the following command To select an Snmp trap-mode, use the following command 110 A50010-Y3-C150-2-7619 Enabling Snmp Trap Disabling Snmp Trap To disable Snmp trap, use the following commandNode Displaying Snmp Trap Snmp AlarmEnabling Alarm Notification SWITCHconfig# snmp inform-trap-host Alarm Severity Criterion Default Alarm SeverityTo configure a priority of alarm, use the following command 114 A50010-Y3-C150-2-7619 Generic Alarm Severity Critical major minor warning intermedi Adva Alarm SeveritySnmp Alarm-severity adva-if-sfp-mismatch A50010-Y3-C150-2-7619 115 116 A50010-Y3-C150-2-7619 ERP Alarm Severity STP Guard Alarm Severity Displaying Snmp ConfigurationA50010-Y3-C150-2-7619 117 SWITCHconfig# show snmp alarm-history To disable Snmp feature, use the following commandDisabling Snmp A50010-Y3-C150-2-7619 119 Operation, Administration and Maintenance OAMDisables local OAM OAM Loopback OAM Unidirection Local OAM ModeRemote OAM To display OAM configuration, use the following command Displaying OAM ConfigurationA50010-Y3-C150-2-7619 121 122 A50010-Y3-C150-2-7619 Basic TLV Link Layer Discovery Protocol LldpLldp Operation Lldp Operation Type Lldp Message Interval and Delay Time124 A50010-Y3-C150-2-7619 To display Lldp configuration, use the following command Displaying Lldp ConfigurationA50010-Y3-C150-2-7619 125 Remote Monitoring Rmon To open RMON-historymode, use the following commandSWITCHconfig# show rmon-history config Command Mode Description Rmon-history Interval of Sample Inquiry Source Port of Statistical DataSubject of Rmon History Number of Sample Data Activating Rmon History Deleting Configuration of Rmon HistoryDisplaying Rmon History A50010-Y3-C150-2-7619 129 Rmon AlarmSubject of Rmon Alarm Command Mode Description Rmon-alarm 130 A50010-Y3-C150-2-7619 Object of Sample InquiryAbsolute Comparison and Delta Comparison Upper Bound of Threshold Lower Bound of Threshold Configuring Standard of the First Alarm Rmon Event Activating Rmon AlarmDeleting Configuration of Rmon Alarm Displaying Rmon Alarm Activating Rmon Event Event DescriptionSubject of Rmon Event Event Type Activates Rmon event Deleting Configuration of Rmon EventDisplaying Rmon Event 134 A50010-Y3-C150-2-7619 Syslog Output Level without a Priority To set a syslog output level, use the following commandSyslog Syslog Output Level Log user uucp emerg alert crit err Syslog Output Level with a Priority136 A50010-Y3-C150-2-7619 Local5 local6 local7 lpr mail news sys Syslog Bind Address Facility CodeA50010-Y3-C150-2-7619 137 Displaying Syslog Message Displaying Syslog ConfigurationDebug Message for Remote Terminal Disabling Syslog Rule and QoS How to Operate Rule and QoS 140 A50010-Y3-C150-2-7619 Rule ConfigurationRule Creation Rule Priority A50010-Y3-C150-2-7619 141 Packet Classification Tcp 142 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 143 Rule Action Overwrites 802.1p CoS field in the packet same as IP 144 A50010-Y3-C150-2-7619 Modifying and Deleting Rule Applying RuleRemedy Select another name for the rule e.g. add a prefix Displaying Rule 3 QoS Weighted Fair Queuing WFQ Weighted Round Robin WRRScheduling Algorithm Strict Priority Queuing SP Weighted Fair Queuing 3.3 802.1p Priory-to-queue Mapping Qos Weight Queue Parameter Admin Access RuleTo configure a queue parameter, use the following command To display a configuration of QoS, enter following command Highest Defaul low Command Mode Description Rule Name create adminCommand Mode Description Priority low medium high A50010-Y3-C150-2-7619 151 152 A50010-Y3-C150-2-7619 Match permit Permits a packet Command Mode Description No-match denyCommand Mode Description Apply Applies an admin access rule to the system 154 A50010-Y3-C150-2-7619 Shows a current configuration of a rule Internet NetBIOS FilteringA50010-Y3-C150-2-7619 155 Martian Filtering SWITCHbridge# show netbios-filterMax Host Following is an example of displaying configured max hosts To display configured max host, use the following commandMax New Hosts Port Security on Port To configure max new hosts, use the following commandEnable port security on the port Port Security A50010-Y3-C150-2-7619 159 Set the violation mode and the action to be takenSet the maximum number of secure MAC address for the port Enter a secure MAC address for the port Maximum This is an example of configuring port security on portPort Security Aging Port A50010-Y3-C150-2-7619 161 MAC Table Clear mac Name Port Command Mode Description Clear macCommand Mode Description No mac Clear mac Name Adding Policy of MAC Filter Default Policy of MAC FilteringSample Configuration MAC Filtering Listing of MAC Filter Policy Deleting MAC Filter PolicyDisplaying MAC Filter Policy Following is an example of displaying one configuration Address Resolution Protocol ARPARP Table Displaying ARP Table Registering ARP Table166 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 167 To display ARP alias, use the following commandARP Alias ARP Inspection 168 A50010-Y3-C150-2-7619 Gratuitous ARP Icmp Message ControlProxy-ARP Type Value Blocking Echo Reply MessageInterval for Transmit Icmp Message Tab Type Status 172 A50010-Y3-C150-2-7619 Command Mode Description Ip icmp interval rate-limitEnable Shows Icmp interval configuration Global Transmitting Icmp Redirect Message IP TCP Flag Control RST ConfigurationPolicy of unreached messages Packet Dump SYN ConfigurationVerifying Packet Dump Packet Dump with Option Packet Dump by ProtocolA50010-Y3-C150-2-7619 175 Tab .4 Options for Packet Dump 176 A50010-Y3-C150-2-7619 Tab .4 shows the options for packet dumpOption Description Debug Packet Dump Displaying the usage of the packet routing tableA50010-Y3-C150-2-7619 177 Strengthened Security VlanEnlarged Network Bandwidth Cost-Effective Way Port-Based Vlan Deleting Vlan Creating VlanSpecifying Pvid Assigning Port to Vlan MAC address-based Vlan Protocol-Based VlanDisplaying Vlan Macbase MAC-ADDRESS Subnet-based VlanTagged Vlan Vlan Tag Displaying Vlan Information Vlan DescriptionMapping Frames to Vlan Tagged QinQTunnel Port Trunk Port Designate the QinQ port Double Tagging ConfigurationTo disable double tagging, use the following command Double Tagging Operation Private Vlan Tpid ConfigurationLayer 2 Isolation Private Vlan Edge No port protected Ports Command Mode Description Port protected PortsPort Isolation Shared Vlan Vlan fid Vlans FID 188 A50010-Y3-C150-2-7619 Vlan Translation Open Rule Configuration mode using rule Name create commandOpen Bridge Configuration mode using the bridge command Sample Configuration 1 Configuring Port-based Vlan Default br2 br3 br4 Sample Configuration 2 Deleting Port-based VlanFollowing is deleting vlan id 3 among configured Vlan Sample Configuration 3 Configuring Protocol-based Vlan SWITCHbridge# vlan dot1q-tunnel enable Sample Configuration 4 Configuring QinQSwitch Sample Configuration 5 Configuring Shared Vlan with FID Link Aggregation SWITCHbridge# vlan add br5 1-42untagged Dstip dstmac Srcdstip Configuring Port TrunkPort Trunk Trunk distmode Link Aggregation Control Protocol Lacp Displaying Port Trunk ConfigurationDisabling Port Trunk Activate Lacp function, using the following command Configuring LacpPacket Route To disable configuring packets, use the following command Operating Mode of Member Port196 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 197 Identifying Member Ports within LacpBpdu Transmission Rate Key value of Member Port 198 A50010-Y3-C150-2-7619 Priority of SwitchCommand Mode Description Lacp port priority Ports Priority of Member Port To display a configured LACP, use the following command Displaying Lacp ConfigurationA50010-Y3-C150-2-7619 199 Spanning-Tree Protocol STP STP Operation Root SwitchA50010-Y3-C150-2-7619 201 Switch Designated Switch Port Priority Designated Port and Root Port Learning DisabledPort States Listening Rstp Operation Switch B Switch CBackup Port Path Switch D Rapid Network Convergence Bpdu Policy 17 Network Convergence of 802.1w A50010-Y3-C150-2-7619 207 19 Network Convergece of 802.1w 208 A50010-Y3-C150-2-7619 Compatibility with 802.1d Mstp Operation Operation Switch D Switch ERegion B IST Region a IST Configuring STP/RSTP/MSTP/PVSTP/PVRSTP Mode RequiredA50010-Y3-C150-2-7619 211 Path-cost Configuring STP/RSTP/MSTPRoot Switch Activating STP/RSTP/MSTP Tab STP Path-cost Port-priorityA50010-Y3-C150-2-7619 213 MST Region A50010-Y3-C150-2-7619 215 Mstp ProtocolPoint-to-point MAC Parameters Edge Ports To delete the edge port mode, use the following command Displaying Configuration A50010-Y3-C150-2-7619 217 Configuring PVSTP/PVRSTPCommand Mode Description Stp pvst enable VLAN-RANGE Activating PVSTP/PVRSTP 218 A50010-Y3-C150-2-7619 Ally. To configure port priority, use the following command6.3 Path-cost 6.4 Port-priority Root Guard Root Guard ConfigurationRestarting Protocol Migration Hello Time Bridge Protocol Data Unit ConfigurationForward Delay Hello Time Max Age Forward Delay 9.5 Bpdu Filter To delete a configured max age, use the following commandFollowing command 9.4 Bpdu Hop Configure Bpdu Guard Configure the specific port as edge-portSelf Loop Detection 224 A50010-Y3-C150-2-7619 Displaying Bpdu Configuration Backup Route SWITCHbridge# stp force-version mstp Mstp Configuration226 A50010-Y3-C150-2-7619 Internet Virtual Router Redundancy Protocol Vrrp 228 A50010-Y3-C150-2-7619 Configuring VrrpTo delete the Vrrp configuration, use the following command Associated IP Address Master Router and Backup Router Access to Associated IP AddressA50010-Y3-C150-2-7619 229 SWTICH1config# router vrrp default Layer 3 Switch 2 IP Address 10.0.0.2/24 Vrrp Track Function To configure Vrrp Track, use the following command Authentication Password A50010-Y3-C150-2-7619 233 SWITCHconfig-vrrp#authentication cleartext networkPreempt Following is an example of disabling Preempt Rate Limit Configuration modeVrrp Statistics To set a port bandwidth, use the following command Configuring Rate LimitA50010-Y3-C150-2-7619 235 Flood Guard Configuring Flood-Guard236 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 237 Following is an example of configuration to bandwidth asSWITCHbridge# show mac-flood-guard Bandwidth IP Packet Broadcast Dhcp Server or Relay Agent Dynamic Host Configuration Protocol DhcpSaving Cost Efficient IP Management Dhcp Server Dhcp Subnet Dhcp Pool CreationRange of IP Address A50010-Y3-C150-2-7619 241 Default GatewayFollowing is an example of specifying the default gateway IP Lease Time 242 A50010-Y3-C150-2-7619 DNS ServerManual Binding Following is an example of specifying a DNS server Recognition of Dhcp Client Domain NameDhcp Server Option Static Mapping Authorized ARP Command Mode Description Ip dhcp arp ping packetCommand Mode Description Ip dhcp arp ping timeout IP Address Validation A50010-Y3-C150-2-7619 245 Ignoring Bootp RequestProhibition of 1N IP Address Assignment Dhcp Packet Statistics 246 A50010-Y3-C150-2-7619 Displaying Dhcp Pool ConfigurationSWITCHconfig# show ip dhcp server statistics Command Mode Description Show ip dhcp pool Pool Relay Agent Information Pattern Dhcp Address Allocation with OptionDhcp Class Capability Dhcp Class Creation No address range A.B.C.D Associating Dhcp ClassRange of IP Address for Dhcp Class Text String A50010-Y3-C150-2-7619 249 Dhcp Lease DatabaseDhcp Database Agent Displaying Dhcp Lease Status PC= Dhcp Client Dhcp Relay AgentDeleting Dhcp Lease Database Dhcp Server Relay Agent Subnet Smart Relay Agent Forwarding Packet Forwarding AddressC.D all Dhcp Option Option 82 Sub-Option Enabling Dhcp Option Option 82 Reforwarding Policy Default Trust PolicyOption 82 Trust Policy Trusted Physical Port To specify a trusted remote ID, use the following commandSimplified Dhcp Option Trusted Remote ID 6.3 Dhcp Class ID Dhcp ClientEnabling Dhcp Client 6.2 Dhcp Client ID A50010-Y3-C150-2-7619 257 Displaying Dhcp Client ConfigurationRequesting Option Forcing Release or Renewal of Dhcp Lease 258 A50010-Y3-C150-2-7619 Dhcp SnoopingEnabling Dhcp Snooping Dhcp Trust State Source MAC Address Verification Mode Description Ip dhcp snooping Limit-leaseDhcp Rate Limit Dhcp Lease Limit 260 A50010-Y3-C150-2-7619 Dhcp Snooping Database AgentSpecifying Dhcp Snooping Database Agent Specifying Dhcp Snooping Binding Entry Source IP Address Filter Displaying Dhcp Snooping ConfigurationIP Source Guard Enabling IP Source Guard Static IP Source Binding Displaying IP Source Guard ConfigurationSource port-security commands together Command Mode Description Ip dhcp verify source Ports Dhcp Server Packet Filtering Command Mode Description Ip dhcp filter-addressDhcp Filtering Dhcp Packet Filtering 264 A50010-Y3-C150-2-7619 Command Mode Description Debug dhcp filterPacket service all Debugging Dhcp ERP Operation Ethernet Ring Protection ERP Normal Node RM Node Normal NodeSend Link Down Message RM Node Loss of Test Packet Lotp Configuring ERPERP Domain Protected Activation RM NodePort of ERP domain Protected Vlan Test Packet Interval Manual Switch to SecondaryWait-to-Restore Time Learning Disable Time Stacking Displaying ERP ConfigurationShow erp all DOMAIN-ID A50010-Y3-C150-2-7619 271 Switch GroupDesignating Master and Slave Switch Designate Mater switch using the following command Disabling Stacking Accessing to Slave Switch from Master SwitchTo disable stacking, use the following command Sample Configuration 1 Configuring Stacking A50010-Y3-C150-2-7619 273 SWITCHA# configure terminalSWITCHAconfig# stack device default SWITCHBconfig# stack device default Ticast dlf Rate Ports Broadcast Storm ControlTo disconnect, input as below Storm-control broadcast mul Jumbo-frame Capacity Command Mode Description Jumbo-frame PortsA50010-Y3-C150-2-7619 275 Maximum Transmission Unit MTU Blocking Direct Broadcast276 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 277 SWITCHconfig-if#show running-config interface Layer 3 Network Layer 2 Network Limitation of Mrib Routing Entry Command Mode Description Ip multicast route-limitMulticast Routing Information Base Enabling Multicast Routing Required 280 A50010-Y3-C150-2-7619 Clearing Mrib InformationClearing Total or Partial Group Entry of Mrib Clearing Statistics of Multicast Routing Table Multicast Time-To-Live Threshold Displaying Mrib InformationMrib Debug 282 A50010-Y3-C150-2-7619 Multicast Aging Igmp Version Igmp Basic ConfigurationInternet Group Management Protocol Igmp Igmp Version per Interface Igmp Debug Igmp Static Join SettingIgmp Version Removing Igmp Entry Vlan Vlan port Port reporter Igmp Query ConfigurationCommand Mode Description Ip igmp static-group Maximum Number of Groups 286 A50010-Y3-C150-2-7619 Igmp Maximum Response Time Igmp v2 Fast Leave Displaying the Igmp ConfigurationA50010-Y3-C150-2-7619 287 Enabling Igmp Snooping per Vlan Igmp Snooping Basic ConfigurationStep Execute the ip multicast-routing command 3 L2 Mfib Igmp v2 Snooping Enable Igmp snooping on a Vlan interfaceCommand Mode Description Ip igmp snooping vlan Vlans Command Mode Description Show ip igmp snooping Vlan Multicast Packet Igmp v2 Snooping Fast Leave290 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 291 To disable Igmp querier, use the following commandIgmp v2 Snooping Querier Enabling Igmp Snooping Querier 292 A50010-Y3-C150-2-7619 Timeout Value of Igmp v2 Snooping Querier’s General QueryTo disable the max-response-time, use the following command Query Interval of Igmp v2 Snooping Querier Last-member-query-interval Igmp v2 Snooping Last-Member-IntervalA50010-Y3-C150-2-7619 293 Vlans querier detail 294 A50010-Y3-C150-2-7619 Configuring Mrouter Port per VlanIgmp v2 Snooping Report Method Mrouter Port Multicast TCN Flooding Displaying Mrouter ConfigurationMrouter Port Learning Method Nected to on a Vlan interface Command Mode Description Ip igmp snooping tcn query296 A50010-Y3-C150-2-7619 Vlans flood A50010-Y3-C150-2-7619 297 Igmp v3 SnoopingIgmp Snooping Version Join Host Management Multicast Vlan Registration MVR To display a configuration, use the following commandImmediate Block A50010-Y3-C150-2-7619 299 Enabling MVRMVR Group Address MVR IP Address Igmp Filtering and Throttling 7.5 Displaying MVR ConfigurationSend and Receive Port A50010-Y3-C150-2-7619 301 Creating Igmp ProfilePolicy of Igmp Profile Group Range of Igmp Profile 302 A50010-Y3-C150-2-7619 To return to the default setting, use the following commandApplying Igmp Profile to the Filter Port Max Number of Igmp Join Group Displaying Igmp Snooping Table PIM-SM Protocol Independent Multicast-Sparse ModeRPT and SPT Packet for the request PIM Common Configuration DR Priority PIM-SM and Passive Mode 306 A50010-Y3-C150-2-7619 To configure a query hold time, use the following commandFilters of Neighbor in PIM PIM Hello Query PIM Debug Bootstrap Router BSRTo activate PIM-SM debugging, use the following command BSR and RP Global Clears all RP sets Set RP InformationStatic RP for Certain Group Ip pim bsr-candidate A50010-Y3-C150-2-7619 309 Enabling Transmission of Candidate RP Message Rate Limit of Register Message PIM-SM Registration4.3 4.4 Ignoring RP Priority Source Address of Register Message Configure filtering out multicast sourcesCommand Mode Description Ip pim register-suppression Filters for Register Message from RP 312 A50010-Y3-C150-2-7619 SPT SwitchoverThis command is disabled by default Reachability for PIM Register Process Cisco Router Interoperability PIM Join/Prune InteroperabilityChecksum of Full PIM Register Message With older Cisco IOS versions With older Cisco IOS versions, use the following command8.2 Candidate RP Message with Cisco BSR 8.3 Excluding GenID Option PIM Snooping PIM-SSM Group 316 A50010-Y3-C150-2-7619 Displaying PIM-SM Configuration Border Gateway Protocol BGP IP Routing Protocol Configuration Type of BGP Basic ConfigurationEnabling BGP Routing Go back to Global Configuration mode using the exit command Advanced ConfigurationDisabling BGP Routing As-set summary-only Command Mode Description Aggregate-address A.B.C.D/MSummary of Path Automatic Summarization of Path No bgp deterministic-med Multi-Exit Discriminator MEDChoosing Best Path Bgp deterministic-med Aspath Command Mode Description Bgp bestpath as-path ignoreCommand Mode Description Bgp bestpath compare-confed Selects the best path using the router ID for identical Graceful Restart Configures the router to consider the MED in choosing 324 A50010-Y3-C150-2-7619 IP Address FamilyRestart Time Stalepath Time BGP Neighbor Default RoutePeer Group Route Map To create a BGP Peer Group, use the following commandForce Shutdown Session Reset of All Peers BGP Session ResetWord shutdown 328 A50010-Y3-C150-2-7619 Session Reset of Peers within Particular AS Session Reset of External Peer Session Reset of Specific RouteA50010-Y3-C150-2-7619 329 330 A50010-Y3-C150-2-7619 Session Reset of Peer Group A50010-Y3-C150-2-7619 331 Displaying and Managing BGP NEIGHBOR-IP routes 332 A50010-Y3-C150-2-7619 Enabling Ospf Open Shortest Path First Ospf 334 A50010-Y3-C150-2-7619 Command Mode Description Router ospfNo router ospf Ospf Interface ABR Type ConfigurationCommand Mode Description Network A.B.C.D/M area Compatibility Support Authentication Key Authentication Type336 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 337 Interface Cost Routing Protocol Interval Blocking Transmission of Route Information Database To configure a transmit delay, use the following command To configure a dead interval, use the following commandA50010-Y3-C150-2-7619 339 Ospf Priority Ospf Maximum Transmission Unit MTU340 A50010-Y3-C150-2-7619 Ospf Network Type Non-Broadcast NetworkA50010-Y3-C150-2-7619 341 Ospf Area Area Authentication342 A50010-Y3-C150-2-7619 Area 0-4294967295filter-list prefix LIST-NAMEin out Default Cost of AreaArea 0-4294967295filter-list access LIST-NAMEin out No area 0-4294967295filter- list access LIST-NAMEin out No-summary Default-information-originateNot So Stubby Area Nssa No-redistribution Originate To delete configured NSSA, use the following commandOriginate metric Router Configures Nssa with one option A50010-Y3-C150-2-7619 345 C.D/M advertise not Advertise Area RangeShortcut Area 346 A50010-Y3-C150-2-7619 Virtual Link Stub Area Dead-interval Transmit-delay348 A50010-Y3-C150-2-7619 Hello-interval Default MetricTo delete the configuration, use the following command Graceful Restart Support Helper Grace-period350 A50010-Y3-C150-2-7619 Metric-type Default RouteOpaque-LSA Support Metric Metric-type Always Route-map MAP-NAME Metric-type Router Deletes the configurationFinding Period Route-map Metric-type Route-map MAP-NAME External Routes to Ospf NetworkA50010-Y3-C150-2-7619 353 External Inter-area Intra-area To delete the default metric, use the following commandRouter Deletes the default metric Ospf Distance A50010-Y3-C150-2-7619 355 To make it as a default, use the following commandHost Route Passive Interface Summary Routing Information Blocking Routing InformationOspf Monitoring and Management As A.B.C.D To display the Ospf database, use the following commandDisplaying Ospf Protocol Information A50010-Y3-C150-2-7619 357 358 A50010-Y3-C150-2-7619 Command Mode Description Show ip ospf interface Interface Limiting Number of Database Displaying Debugging InformationA50010-Y3-C150-2-7619 359 Overflow database external Command Mode Description Overflow databaseMaximum Process of LSA 360 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 361 To use RIP protocol, you should enable RIPRouting Information Protocol RIP Enabling RIP RIP Neighbor Router Configure the network to operate as RIP RIP Version Redistributing Routing Information Creating available Static Route only for RIP Command Mode Description Route-map TAG deny permit Metrics for Redistributed Routes Originating Default Information Administrative DistanceRouting Information Filtering Disabling the transmission to Interface Filtering Access List and Prefix ListOffset List Maximum Number of RIP Routes RIP Network TimerUpdate Timeout Split Horizon Authentication KeyTo adjust the timers, use the following command No timers basic Update Time Restarting RIP To disable RIP authentication, use the following commandUDP Buffer Size of RIP 372 A50010-Y3-C150-2-7619 Monitoring and Managing RIP Command Mode Description Copy ftp tftp os Download General UpgradeA50010-Y3-C150-2-7619 373 374 A50010-Y3-C150-2-7619 Boot Mode Upgrade A50010-Y3-C150-2-7619 375 To configure a subnet mask, use the following commandTo configure a default gateway, use the following command To the boot mode only 376 A50010-Y3-C150-2-7619 Boot load os1 10.27.41.82 V5212G.3.18.x Uploads the new system software using the following command FTP UpgradeA50010-Y3-C150-2-7619 377 378 A50010-Y3-C150-2-7619 Exit the FTP client using the following commandCommand! For more information, see Section Command Mode Description Exit CoS Class of Service Access Control ListAddress Resolution Protocol Command Line Interface Medium Access Control Internet Service ProviderLoss of Signal Loss of Power Transmission Control Protocol Type of ServiceSpanning Tree Protocol Software

8.1.9.1Port Isolation

Command

Mode

Description

port protected PORTS

no port protected [PORTS]

8.1.9.2Shared VLAN

Fig. 8.4 In Case Packets Going Outside in Layer 2 environment

As above configuration with untagged packet, if an untagged packet comes into port 1, it is added with tag 1 for PVID 1. And the uplink port 24 is also included in the default VLAN; it can transmit to port 24.

However, a problem is possible to occur for coming down untagged packets to uplink ports. If an untagged packet comes to uplink ports from outer network, the system does not know which PIVD it has and where should it forward.

A50010-Y3-C150-2-7619

187