Manuals / Brands / Computer Equipment / Switch / SMC Networks / Computer Equipment / Switch

SMC Networks 100BASE-TX, 16 10BASE-T Configuring Private VLANs

1 384

Download 384 pages, 5.44 Mb

Command Line Interface

4-154

4

Configuring Private VLANs

Private VLANs provide port-based security and isolation between ports within the

assigned VLAN. This switch supports two types of private VLAN ports: promiscuous,

and community ports. A promiscuous port can communicate with all interfaces within

a private VLAN. Community ports can only communicate with other ports in their

own community VLAN, and with their designated promiscuous ports. This section

describes commands used to configure private VLANs.

To configure private VLANs, follow these steps:

1. Use the private-vlan command to designate one or more community VLANs

and the primary VLAN that will channel traffic outside the community groups.

2. Use the private-vlan association command to map the secondary (i.e.,

community) VLAN(s) to the primary VLAN.

3. Use the switchport mode private-vlan comm and to configure ports as

promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e.,

having access restricted to community VLAN members, and channeli ng all

other traffic through a promiscuous port).

4. Use the switchport private-vlan host-association command to assign a port

to a secondary VLAN.

5. Use the switchport private-vlan mapping command to assign a port to a

primary VLAN.

6. Use the show vlan private-vlan command to verify your configuration settings.

Table4-54. Privat e VLAN Commands

Command Function Mode Page

Edit Private VLAN Groups

private-vlan Adds or deletes primary and secondary VLANs VC 4-155

private-vlan association Associates a secondary VLAN with a primary VLAN VC 4-156

Configure Private VLAN Interfaces

switchport mode

private-vlan

Sets an interface to host mode or promiscuous mode IC 4-156

switchport private-vlan

host-association

Associates an interface with a secondary VLAN IC 4-157

switchport private-vlan

mapping

Maps an interface to a primary VLAN IC 4-158

Display Private VLAN Information

show vlan private-vlan S hows private VLAN information NE,

PE

4-158

Contents

Main TigerSwitch 10/100 16-Port Fast Ethernet Switch Management Guide Page Page Page L W IMITED i ARRANTY ii Contents Page Page Page Page Page Page Page Page Page Tables Page Figures Page 1-1 Chapter 1: Introduction Key Features Table1-1. Key Features 1-2 Description of Software Features Description of Software Features 1-3 1-4 System Defaults 1-5 System Defaults 1-6 Table1-2. System Defaults (Continued) System Defaults 1-7 Table1-2. System Defaults (Continued) Page 2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options 2-2 Required Connections 2-3 Remote Connections Basic Configuration Console Connection 2-4 Setting Passwords Setting an IP Address Manual Configuration 2-5 Dynamic Configuration 2-6 Enabling SNMP Management Access Community Strings 2-7 Trap Receivers Saving Configuration Settings 2-8 Managing System Files 3-1 Chapter 3: Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Page Panel Display 3-3 Configuration Options Panel Display 3-4 Main Menu Main Menu 3-5 3-6 Main Menu 3-7 3-8 Basic Configuration Displaying System Information 3-9 Displaying Switch Hardware/Software Versions 3-10 3-11 Displaying Bridge Extension Capabilities 3-12 Setting the Switchs IP Address Page 3-14 Using DHCP/BOOTP 3-15 Managing Firmware Page 3-17 Saving or Restoring Configuration Settings 3-18 Downloading Configuration Settings from a Server 3-19 Console Port Settings 3-20 3-21 Telnet Settings 3-22 3-23 Configuring Event Logging System Log Configuration 3-24 3-25 Remote Logs Configuration 3-26 Displaying Log Messages 3-27 Resetting the System Setting the System Clock 3-28 Configuring SNTP Simple Network Management Protocol 3-29 Setting the Time Zone Simple Network Management Protocol 3-30 Setting Community Access Strings Simple Network Management Protocol 3-31 Specifying Trap Managers and Trap Types 3-32 User Authentication Configuring User Accounts Page 3-34 Configuring Local/Remote Logon Authentication 3-35 3-36 3-37 Configuring HTTPS 3-38 Replacing the Default Secure-site Certificate 3-39 Configuring the Secure Shell 3-40 3-41 Generating the Host Key Pair 3-42 3-43 Configuring the SSH Server 3-44 Configuring Port Security 3-45 3-46 Configuring 802.1x Port Authentication 3-47 Displaying 802.1x Global Settings 3-48 Configuring 802.1x Global Settings Configuring Port Settings for 802.1x 3-49 3-50 3-51 Displaying 802.1x Statistics 3-52 3-53 Access Control Lists Configuring Access Control Lists 3-54 Setting the ACL Name and Type 3-55 Configuring a Standard IP ACL 3-56 Configuring an Extended IP ACL 3-57 3-58 Configuring a MAC ACL 3-59 Binding a Port to an Access Control List 3-60 Filtering Addresses for Management Access Filtering Addresses for Management Access 3-61 3-62 Port Configuration Displaying Connection Status 3-63 3-64 Configuring Interface Connections 3-65 3-66 Creating Trunk Groups 3-67 Statically Configuring a Trunk } active links statically configured 3-68 Enabling LACP on Selected Ports } } 3-69 3-70 Configuring LACP Parameters Page 3-72 3-73 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Figure 3-44. Displaying LACP Port Counters CLI The following example displays LACP counters. Table 3-6. LACP Statistics 3-74 Displaying LACP Settings and Status for the Local Side 3-75 3-76 Displaying LACP Settings and Status for the Remote Side 3-77 Setting Broadcast Storm Thresholds 3-78 3-79 Configuring Port Mirroring 3-80 Configuring Rate Limits Rate Limit Granularity 3-81 Rate Limit Configuration 3-82 Showing Port Statistics 3-83 Table 3-9. Port Statistics (Continued) 3-84 Table 3-9. Port Statistics (Continued) Page 3-86 Address Table Settings Setting Static Addresses Address Table Settings 3-87 Displaying the Address Table Page 3-89 Changing the Aging Time Spanning Tree Algorithm Configuration 3-90 Displaying Global Settings x x 3-91 3-92 3-93 Configuring Global Settings 3-94 3-95 3-96 Displaying Interface Settings x x 3-97 3-98 3-99 Configuring Interface Settings 3-100 3-101 VLAN Configuration IEEE 802.1Q VLANs Assigning Ports to VLANs 3-102 3-103 Forwarding Tagged/Untagged Frames 3-104 Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Informati on 3-105 Displaying Current VLANs 3-106 3-107 Creating VLANs 3-108 Adding Static Members to VLANs (VLAN Index) 3-109 3-110 Adding Static Members to VLANs (Port Index) 3-111 Configuring VLAN Behavior for Interfaces 3-112 3-113 Private VLANs x Page 3-115 Configuring Private VLANs 3-116 Associating Community VLANs 3-117 Displaying Private VLAN Interface Information 3-118 Configuring Private VLAN Interfaces 3-119 3-120 Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces 3-121 3-122 Mapping CoS Values to Egress Queues 3-123 Selecting the Queue Mode 3-124 Setting the Service Weight for Traffic Classes 3-125 3-126 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority 3-127 Mapping IP Precedence 3-128 Mapping DSCP Priority 3-129 3-130 Mapping IP Port Priority 3-131 Mapping CoS Values to ACLs 3-132 Multicast Filtering 3-133 Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters 3-134 3-135 Displaying Interfaces Attached to a Multicast Router 3-136 Specifying Static Interfaces for a Multicast Router 3-137 Displaying Port Members of Multicast Services 3-138 Assigning Ports to Multicast Services Page Page 4-1 Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection 4-2 4-3 Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands The command show interfaces ? will display the following information: 4-5 Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes 4-6 Exec Commands Configuration Commands 4-7 4-8 Command Line Processing Command Groups 4-9 Command Groups The system commands can be broken down into the fun ctional groups shown below Table4-4. Co mmand Groups 4-10 Line Commands line 4-11 login 4-12 password 4-13 timeout login response exec-timeout 4-14 password-thresh 4-15 silent-time databits 4-16 parity 4-17 speed stopbits 4-18 disconnect show line 4-19 General Commands enable 4-20 disable 4-21 configure show history 4-22 reload end 4-23 exit quit 4-24 System Management Commands Device Designation Commands prompt 4-25 hostname User Access Commands 4-26 username 4-27 enable password 4-28 IP Filter Commands management 4-29 show management 4-30 Web Server Commands ip http port ip http server 4-31 ip http secure-server 4-32 ip http secure-port 4-33 Telnet Server Commands ip telnet port ip telnet server 4-34 Secure Shell Commands 4-35 4-36 ip ssh server 4-37 ip ssh timeout ip ssh authentication-retries 4-38 ip ssh server-key size delete public-key 4-39 ip ssh crypto host-key generate ip ssh crypto zeroize 4-40 ip ssh save host-key show ip ssh 4-41 Example show ssh This command displays the current SSH server connections. Command Mode Privileged Exec Example Table4-16. show ssh - display description 4-42 show public-key 4-43 Event Logging Commands logging on 4-44 logging history 4-45 logging host logging facility 4-46 logging trap clear logging 4-47 show log 4-48 show logging 4-49 The following example displays settings for the trap function. Time Commands Table4-20. sho w logging trap - display description Table4-21. Time Commands 4-50 sntp client 4-51 sntp server sntp poll 4-52 show sntp clock timezone 4-53 calendar set show calendar 4-54 System Status Commands light unit 4-55 show startup-config 4-56 show running-config 4-57 Example Related Commands show startup-config (4-55) 4-58 show system show users 4-59 show version 4-60 Frame Size Commands jumbo frame 4-61 Flash/File Commands copy 4-62 4-63 The following example shows how to copy the running configuration to a startup file. The following example shows how to download a configuration file: 4-64 delete dir 4-65 whichboot 4-66 boot system 4-67 Authentication Commands Authentication Sequence authentication login 4-68 authentication enable 4-69 RADIUS Client radius-server host 4-70 radius-server port 4-71 radius-server key radius-server retransmit 4-72 radius-server timeout show radius-server 4-73 TACACS+ Client tacacs-server host tacacs-server port 4-74 tacacs-server key show tacacs-server 4-75 Port Security Commands port security 4-76 4-77 802.1x Port Authentication dot1x system-auth-control 4-78 dot1x default dot1x max-req 4-79 dot1x port-control dot1x operation-mode 4-80 dot1x re-authenticate dot1x re-authentication 4-81 dot1x timeout quiet-period dot1x timeout re-authperiod 4-82 dot1x timeout tx-period show dot1x 4-83 4-84 4-85 Access Control List Commands 4-86 IP ACLs access-list ip 4-87 permit, deny (Standard ACL) 4-88 permit, deny (Extended ACL) 4-89 4-90 show ip access-list ip access-group 4-91 show ip access-group map access-list ip 4-92 show map access-list ip 4-93 MAC ACLs access-list mac 4-94 permit, deny (MAC ACL) 4-95 show mac access-list mac access-group 4-96 show mac access-group map access-list mac 4-97 show map access-list mac 4-98 ACL Information show access-list show access-group 4-99 SNMP Commands snmp-server community 4-100 snmp-server contact snmp-server location 4-101 snmp-server host 4-102 snmp-server enable traps show snmp 4-103 4-104 Interface Commands interface 4-105 description speed-duplex 4-106 negotiation 4-107 capabilities 4-108 flowcontrol 4-109 shutdown 4-110 switchport broadcast packet-rate clear counters 4-111 show interfaces status 4-112 show interfaces counters 4-113 show interfaces switchport 4-114 Example This example shows the configuration setting for port 16. Table4-40. Inte rfaces Switchport Statistics Mirror Port Commands 4-115 Mirror Port Commands port monitor 4-116 show port monitor Rate Limit Commands 4-117 Rate Limit Commands rate-limit 4-118 rate-limit granularity show rate-limit 4-119 Link Aggregation Commands 4-120 channel-group 4-121 lacp 4-122 lacp system-priority 4-123 lacp admin-key (Ethernet Interface) 4-124 lacp admin-key (Port Channel) 4-125 lacp port-priority show lacp 4-126 4-127 Table4-45. show lacp internal - display description 4-128 Table4-46. sho w lacp neighbors - display description Address Table Commands 4-129 Address Table Commands Table4-47. sh ow lacp sysid - display description Table4-48. Addr ess Table Commands 4-130 mac-address-table static Address Table Commands 4-131 clear mac-address-table dynamic show mac-address-table 4-132 mac-address-table aging-time show mac-address-table aging-time 4-133 Spanning Tree Commands spanning-tree 4-134 spanning-tree mode 4-135 spanning-tree forward-time spanning-tree hello-time 4-136 spanning-tree max-age 4-137 spanning-tree priority spanning-tree pathcost method 4-138 spanning-tree transmission-limit spanning-tree cost 4-139 spanning-tree port-priority 4-140 spanning-tree edge-port 4-141 spanning-tree portfast spanning-tree link-type 4-142 spanning-tree protocol-migration 4-143 show spanning-tree 4-144 4-145 VLAN Commands Editing VLAN Groups vlan database 4-146 vlan 4-147 Configuring VLAN Interfaces interface vlan 4-148 switchport mode switchport acceptable-frame-types 4-149 switchport ingress-filtering 4-150 switchport native vlan 4-151 switchport allowed vlan 4-152 switchport forbidden vlan 4-153 Displaying VLAN Information show vlan 4-154 Configuring Private VLANs 4-155 private-vlan 4-156 private vlan association switchport mode private-vlan 4-157 switchport private-vlan host-association 4-158 switchport private-vlan ma pping show vlan private-vlan GVRP and Bridge Extension Commands 4-159 GVRP and Bridge Extension Commands bridge-ext gvrp 4-160 show bridge-ext switchport gvrp GVRP and Bridge Extension Commands 4-161 show gvrp configuration garp timer 4-162 show garp timer 4-163 Priority Commands Priority Commands (Layer 2) 4-164 queue mode queue bandwidth 4-165 switchport priority default 4-166 queue cos-map 4-167 show queue mode show queue bandwidth 4-168 show queue cos-map 4-169 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) 4-170 map ip port (Interface Configuration) map ip precedence (Global Configuration) 4-171 map ip precedence (Interface Configuration) 4-172 map ip dscp (Global Configuration) map ip dscp (Interface Configuration) 4-173 show map ip port 4-174 show map ip precedence 4-175 show map ip dscp 4-176 Multicast Filtering Commands IGMP Snooping Commands 4-177 ip igmp snooping ip igmp snooping vlan static 4-178 ip igmp snooping version show ip igmp snooping 4-179 show mac-address-table multicast 4-180 IGMP Query Commands (Layer 2) ip igmp snooping querier ip igmp snooping query-count 4-181 ip igmp snooping query-interval 4-182 ip igmp snooping query-max-response-time ip igmp snooping router-port-expire-time 4-183 Static Multicast Routing Commands ip igmp snooping vlan mrouter 4-184 show ip igmp snooping mrouter 4-185 IP Interface Commands ip address 4-186 ip dhcp restart 4-187 ip default-gateway show ip interface 4-188 show ip redirects ping 4-189 Page A-1 Appendix A: Software Specifications Software Features Software Specifications A-2 A Management Features Standards Management Information Bases A-3 A Management Information Bases Page B-1 Appendix B: Troubleshooting Problems Accessing the Management Interface TableB-1. Troubleshooting Chart Troubleshooting B-2 B Using System Logs Glossary Page Page Page Page Page Index Index-1 Numerics A B Index-2 Index J L M Index-3 Index R S T U