SMC Networks SMC6224M , S, 3-70

C

ONFIGURING

THE

S

WITCH

3-70

CLI – This example enables 802.1X globally for the switch.

Configuring Port Settings for 802.1X

When 802.1X is enabled, you need to configure the parameters for the

authentication process that runs between the client and the switch (i.e.,

authenticator), as well as the client identity lookup process that runs

between the switch and authentication server. These paramete rs are

described in this section.

Command Attributes

•Port – Port number.

•Status – Indicates if authentication is enabled or disabled on the po rt.

(Default: Disabled)

• Operation Mode – Allows single or multiple hosts (clients) to connect

to an 802.1X-authorized port. (Options: Single-Host, Multi-Host;

Default: Single-Host)

• Max Count – The maximum number of hosts that can connect to a

port when the Multi-Host operation mode is selected. (Range: 1-1024;

Default: 5)

•Mode – Sets the authentication mode to one of the following options:

- Auto – Requires a dot1x-aware client to be authorized by the

authentication server. Clients that are not dot1x-aware will be denied

access.

- Force-Authorized – Forces the port to grant access to all clients,

either dot1x-aware or otherwise. (This is the default setting. )

- Force-Unauthorized – Forc es th e po rt t o de ny ac ces s to all clie nts ,

either dot1x-aware or otherwise.

•Re-authen – Sets the client to be re-authenticated after the interval

specified by the Re-authentication Period. Re-authentication can be

used to detect if a new device is plugged into a switch port.

(Default: Disabled)

Console(config)#dot1x system-auth-control 4-107

Console(config)#

Contents

Main TigerStack 10/100 24/48-Port 10/100Mbps Stackable Managed Switch Management Guide Management Guide Page Page Page L W IMITED ARRANTY W IMITED ARRANTY ii iii ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1 iv v vi 4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 4-1 vii viii ix x xi xii xiii xiv APPENDICES: Page T xvii ABLES xviii Page Page F xxi IGURES xxii xxiii Page 1-1 NTRODUCTION Key Features 1-2 Description of Software Features F S 1-3 1-4 F S 1-5 1-6 D 1-7 System Defaults 1-8 D 1-9 Page NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 Required Connections S 2-3 C 2-4 Remote Connections O 2-5 Stack Operations Unit Numbering C 2-6 Recovering from Stack Failure or Topology Change Resilient IP Interface for Management Access C Basic Configuration Console Connection C 2-8 Setting Passwords C 2-9 Setting an IP Address Manual Configuration C 2-10 Dynamic Configuration C 2-11 Enabling SNMP Management Access C 2-12 Community Strings C 2-13 Trap Receivers Saving Configuration Settings C Managing System Files Page Page 3-1 CHAPTER 3 CONFIGURING THE SWITCH Using the Web Interface Page Navigating the Web Browser Interface S 3-4 Configuration Options Panel Display Main Menu Table 3-2 Main Menu S 3-6 M 3-7 S 3-8 M 3-9 S 3-10 C 3-11 Basic Configuration Displaying System Information Page C ASIC 3-13 CLI Specify the hostname, location and contact information. Displaying Switch Hardware/Software Versions Page C 3-15 Displaying Bridge Extension Capabilities Page C 3-17 Setting the Switchs IP Address S 3-18 Manual Configuration C 3-19 Using DHCP/BOOTP S 3-20 C 3-21 Managing Firmware Page Page S 3-24 Saving or Restoring Configuration Settings C 3-25 Page C 3-27 S 3-28 Console Port Settings C 3-29 S 3-30 Telnet Settings C 3-31 S 3-32 C 3-33 Configuring Event Logging System Log Configuration S 3-34 C 3-35 Remote Log Configuration Page C 3-37 Page C 3-39 Sending Simple Mail Transfer Protocol Alerts Page C 3-41 Resetting the System S 3-42 Setting the System Clock Configuring SNTP C 3-43 S 3-44 Setting the Time Zone N Simple Network Management Protocol Setting Community Access Strings Page Page S 3-48 User Authentication Configuring User Accounts A 3-49 S 3-50 Configuring Local/Remote Logon Authentication A 3-51 S 3-52 Page S 3-54 Configuring HTTPS A 3-55 S 3-56 Replacing the Default Secure-site Certificate A 3-57 Configuring the Secure Shell S 3-58 A 3-59 S 3-60 Generating the Host Key Pair A 3-61 S 3-62 Configuring the SSH Server Page S 3-64 Configuring Port Security A 3-65 S 3-66 Configuring 802.1X Port Authentication A 3-67 Page A 3-69 Configuring 802.1X Global Settings S 3-70 Configuring Port Settings for 802.1X A 3-71 S 3-72 A 3-73 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Table 3-5 802.1X Statistics S 3-74 A 3-75 Filtering Addresses for Management Access Page C L 3-77 Access Control Lists Configuring Access Control Lists S 3-78 Setting the ACL Name and Type Page Page C L 3-81 Configuring an Extended IP ACL S 3-82 C L 3-83 S 3-84 Configuring a MAC ACL Page Page Page Port Configuration C 3-89 Field Attributes (CLI) Basic Information: Configuration: S 3-90 Current Status: C 3-91 Configuring Interface Connections S 3-92 C 3-93 Creating Trunk Groups S 3-94 C } 3-95 Statically Configuring a Trunk Page C } ORT 3-97 Enabling LACP on Selected Ports } S 3-98 C 3-99 Configuring LACP Parameters Dynamically Creating a Port Channel S 3-100 Page S 3-102 C 3-103 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Figure 3-45 LACP - Port Counters Information S 3-104 CLI The following example displays LACP counters. Displaying LACP Settings and Status for the Local Side C 3-105 Table 3-7 LACP Internal Configuration Information (Continued) S 3-106 C 3-107 Displaying LACP Settings and Status for the Remote Side Table 3-8 LACP Neighbor Configuration Information S 3-108 C 3-109 Setting Broadcast Storm Thresholds Page C 3-111 Configuring Port Mirroring Page C 3-113 Configuring Rate Limits Rate Limit Granularity S 3-114 Rate Limit Configuration C 3-115 Showing Port Statistics S 3-116 Table 3-9 Port Statistics C 3-117 S 3-118 C 3-119 Page C ORT 3-121 CLI This example shows statistics for port 13. Address Table Settings Page Page Page Spanning Tree Algorithm Configuration T C A 3-127 x x S 3-128 Displaying Global Settings T C A 3-129 Page T C LGORITHM A REE S 3-132 Configuring Global Settings T C A 3-133 S 3-134 Page S 3-136 Displaying Interface Settings T x x S 3-138 Page S 3-140 Configuring Interface Settings T C A 3-141 S 3-142 3-143 VLAN Configuration IEEE 802.1Q VLANs S 3-144 Assigning Ports to VLANs 3-145 S 3-146 3-147 Forwarding Tagged/Untagged Frames S 3-148 Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Information 3-149 Displaying Current VLANs Command Attributes (Web) Page 3-151 Creating VLANs S 3-152 3-153 Adding Static Members to VLANs (VLAN Index) Page 3-155 S 3-156 Adding Static Members to VLANs (Port Index) 3-157 Configuring VLAN Behavior for Interfaces S 3-158 3-159 S 3-160 Private VLANs 3-161 Displaying Current Private VLANs Page 3-163 Configuring Private VLANs S 3-164 Associating VLANs 3-165 Displaying Private VLAN Interface Information S 3-166 Configuring Private VLAN Interfaces 3-167 S 3-168 Class of Service Configuration S 3-170 C S 3-171 Mapping CoS Values to Egress Queues S 3-172 C S 3-173 Selecting the Queue Mode S 3-174 Setting the Service Weight for Traffic Classes C S 3-175 Layer 3/4 Priority Settings S 3-176 Selecting IP Precedence/DSCP Priority Mapping IP Precedence Page S 3-178 Mapping DSCP Priority Page S 3-180 Mapping IP Port Priority Page S 3-182 Mapping CoS Values to ACLs Page S 3-184 Multicast Filtering F 3-185 Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters S 3-186 F 3-187 S 3-188 Displaying Interfaces Attached to a Multicast Router F 3-189 Specifying Static Interfaces for a Multicast Router S 3-190 Displaying Port Members of Multicast Services F 3-191 S 3-192 Assigning Ports to Multicast Services F 3-193 Page 4-1 4 I INE L OMMAND L I 4-2 Telnet Connection Page Entering Commands Page L I 4-6 Showing Commands Page L I 4-8 Understanding Command Modes Exec Commands C 4-9 Configuration Commands L I 4-10 C 4-11 Command Line Processing L I Command Groups The system commands can be broken down into the functional groups shown below Table 4-4 Command Groups G 4-13 L I 4-14 Line Commands Table 4-5 Line Commands C 4-15 line L I 4-16 login C 4-17 password L I 4-18 timeout login response C 4-19 exec-timeout L I 4-20 password-thresh C 4-21 silent-time L I 4-22 databits C 4-23 parity speed L I 4-24 stopbits C 4-25 disconnect show line L General Commands I 4-26 Example To show all lines, enter this command: Table 4-6 General Commands C 4-27 enable L I 4-28 disable configure C 4-29 show history L I 4-30 reload end C 4-31 exit quit L System Management Commands M C 4-33 Device Designation Commands prompt L I 4-34 hostname User Access Commands M C 4-35 username L I 4-36 enable password M C IP Filter Commands 4-37 L I 4-38 management M C 4-39 show management L I Web Server Commands 4-40 Table 4-12 Web Server Commands M C 4-41 ip http port ip http server L I 4-42 ip http secure-server M C 4-43 ip http secure-port L I 4-44 Telnet Server Commands ip telnet port M C 4-45 ip telnet server L I 4-46 Secure Shell Commands M C 4-47 L I 4-48 M C 4-49 ip ssh server L I 4-50 ip ssh timeout M C 4-51 ip ssh authentication-retries ip ssh server-key size L I 4-52 delete public-key ip ssh crypto host-key generate M C 4-53 ip ssh crypto zeroize L I 4-54 ip ssh save host-key M C 4-55 show ip ssh show ssh L I 4-56 show public-key Table 4-16 show ssh - display description (Continued) M C 4-57 L I 4-58 Event Logging Commands logging on M C 4-59 logging history L I 4-60 logging host M C 4-61 logging facility L I 4-62 logging trap M C 4-63 clear logging show logging L I 4-64 M C 4-65 show log L I 4-66 The following example shows sample messages stored in RAM. SMTP Alert Commands M C 4-67 logging sendmail host L I 4-68 logging sendmail level M C 4-69 logging sendmail source-email logging sendmail destination-email L I 4-70 logging sendmail show logging sendmail M C 4-71 Time Commands Table 4-22 Time Commands L I 4-72 sntp client M C 4-73 sntp server L I 4-74 sntp poll show sntp M C 4-75 clock timezone L I 4-76 calendar set M C System Status Commands 4-77 show calendar L I 4-78 light unit show startup-config M C 4-79 L I 4-80 show running-config M C ANAGEMENT YSTEM 4-81 L I 4-82 show system M C 4-83 show users show version L I 4-84 Frame Size Commands jumbo frame Flash/File Commands L I 4-86 copy C 4-87 L I 4-88 The following example shows how to copy the running co nfiguration to a startup file. The following example shows how to download a configuration file: C 4-89 delete L I 4-90 dir C 4-91 whichboot L I 4-92 boot system C Authentication Commands Authentication Sequence L I 4-94 authentication login C 4-95 authentication enable L I 4-96 RADIUS Client C 4-97 radius-server host L I 4-98 radius-server port radius-server key C 4-99 radius-server retransmit radius-server timeout L I 4-100 show radius-server C 4-101 TACACS+ Client tacacs-server host L I 4-102 tacacs-server port tacacs-server key C 4-103 show tacacs-server Port Security Commands L I 4-104 port security C 4-105 L I 4-106 802.1X Port Authentication Table 4-32 802.1X Port Authentication C 4-107 dot1x system-auth-control dot1x default dot1x max-req L I 4-108 dot1x port-control C 4-109 dot1x operation-mode L I 4-110 dot1x re-authenticate dot1x re-authentication C 4-111 dot1x timeout quiet-period dot1x timeout re-authperiod L I 4-112 dot1x timeout tx-period show dot1x C 4-113 L I 4-114 C UTHENTICATION 4-115 L I Access Control List Commands C IP ACLs L 4-117 L I 4-118 access-list ip C L 4-119 permit, deny (Standard ACL) L I 4-120 permit, deny (Extended ACL) C L 4-121 L I 4-122 C L 4-123 show ip access-list ip access-group L I 4-124 show ip access-group C L 4-125 map access-list ip L I 4-126 show map access-list ip C L 4-127 MAC ACLs access-list mac L I 4-128 permit, deny (MAC ACL) C L 4-129 L I 4-130 show mac access-list mac access-group C L 4-131 show mac access-group map access-list mac L I 4-132 show map access-list mac Page L I 4-134 Example show access-group SNMP Commands snmp-server community L I 4-136 snmp-server contact 4-137 snmp-server location L I 4-138 snmp-server host 4-139 snmp-server enable traps L I 4-140 show snmp 4-141 L I 4-142 Interface Commands Table 4-40 Interface Commands C 4-143 interface description L I 4-144 speed-duplex C 4-145 negotiation L I 4-146 capabilities C 4-147 flowcontrol L I 4-148 shutdown C 4-149 switchport broadcast packet-rate L I 4-150 clear counters C 4-151 show interfaces status L I 4-152 show interfaces counters C 4-153 L I 4-154 show interfaces switchport C 4-155 Table 4-41 Interfaces Switchport Statistics L I Mirror Port Commands port monitor P C 4-157 show port monitor L Rate Limit Commands Page L I 4-160 rate-limit granularity A Link Aggregation Commands L I 4-162 A C 4-163 channel-group L I 4-164 lacp A C GGREGATION INK 4-165 L I 4-166 lacp system-priority A C 4-167 lacp admin-key (Ethernet Interface) L I 4-168 lacp admin-key (Port Channel) A C 4-169 lacp port-priority Page A C 4-171 Table 4-45 show lacp counters - display description L I 4-172 Table 4-46 show lacp internal - display description A C 4-173 Table 4-46 show lacp internal - display description (Continued) L I 4-174 Table 4-47 show lacp neighbors - display description T Address Table Commands Table 4-48 show lacp sysid - display description Table 4-49 Address Table Commands L I 4-176 mac-address-table static T C 4-177 clear mac-address-table dynamic show mac-address-table L I 4-178 T C 4-179 mac-address-table aging-time show mac-address-table aging-time Spanning Tree Commands Table 4-50 Spanning Tree Commands T C 4-181 spanning-tree L I 4-182 spanning-tree mode T C 4-183 spanning-tree forward-time spanning-tree hello-time L I 4-184 spanning-tree max-age T C 4-185 spanning-tree priority L I 4-186 spanning-tree pathcost method spanning-tree transmission-limit T C 4-187 spanning-tree spanning-disabled L I 4-188 spanning-tree cost T C 4-189 spanning-tree port-priority spanning-tree edge-port L I 4-190 spanning-tree portfast T C 4-191 spanning-tree link-type L I 4-192 spanning-tree protocol-migration T C 4-193 show spanning-tree L I 4-194 4-195 VLAN Commands Editing VLAN Groups vlan database L I 4-196 vlan 4-197 L I 4-198 Configuring VLAN Interfaces interface vlan 4-199 switchport mode L I 4-200 switchport acceptable-frame-types 4-201 switchport ingress-filtering L I 4-202 switchport native vlan 4-203 switchport allowed vlan L I 4-204 switchport forbidden vlan 4-205 Displaying VLAN Information show vlan L I 4-206 Configuring Private VLANs 4-207 L I 4-208 private-vlan 4-209 L I 4-210 private vlan association 4-211 switchport mode private-vlan L I 4-212 switchport private-vlan host-association switchport private-vlan iso lated 4-213 switchport private-vlan mapping L I 4-214 show vlan private-vlan GVRP GVRP and Bridge Extension Commands bridge-ext gvrp L I 4-216 show bridge-ext GVRP C E B 4-217 L I 4-218 garp timer GVRP C E B 4-219 Priority Commands C 4-221 queue mode L I 4-222 switchport priority default C 4-223 queue bandwidth L I 4-224 queue cos-map C 4-225 show queue mode L I 4-226 show queue bandwidth show queue cos-map C Priority Commands (Layer 3 and 4) 4-227 Table 4-60 Priority Commands (Layer 3 and 4) L I 4-228 map ip port (Global Configuration) map ip port (Interface Configuration) C 4-229 map ip precedence (Global Configuration) L I 4-230 map ip precedence (Interface Configuration) C 4-231 map ip dscp (Global Configuration) map ip dscp (Interface Configuration) L I 4-232 C 4-233 show map ip port L I 4-234 show map ip precedence C 4-235 show map ip dscp L I Multicast Filtering Commands Table 4-63 Multicast Filtering Commands Table 4-64 IGMP Snooping Commands F C 4-237 ip igmp snooping ip igmp snooping vlan static L I 4-238 ip igmp snooping version F C 4-239 show ip igmp snooping show mac-address-table multicast L I IGMP Query Commands (Layer 2) 4-240 F C 4-241 ip igmp snooping querier ip igmp snooping query-count L I 4-242 ip igmp snooping query-interval F C 4-243 ip igmp snooping query-max-response-time L I 4-244 ip igmp snooping router-port-expire-time F C 4-245 Static Multicast Routing Commands ip igmp snooping vlan mrouter L I 4-246 show ip igmp snooping mrouter C IP Interface Commands ip address L I 4-248 C 4-249 ip default-gateway ip dhcp restart L I 4-250 show ip interface C 4-251 show ip redirects ping L I 4-252 PPENDIX A-1 A S S OFTWARE PECIFICATIONS Software Features Management Features S A-3 Standards S A-4 Management Information Bases PPENDIX B-1 B T Problems Accessing the Management Interface ROUBLESHOOTING B-2 S L B-3 Using System Logs Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 NDEX Numerics A B C H I J L M Q R S T U V W