Main
TigerStack 10/100
24/48-Port 10/100Mbps Stackable Managed Switch Management Guide
Management Guide
Page
Page
Page
L
W
IMITED
ARRANTY
W
IMITED
ARRANTY
ii
iii
ONTENTS
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1
iv
v
vi
4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 4-1
vii
viii
ix
x
xi
xii
xiii
xiv
APPENDICES:
Page
T
xvii
ABLES
xviii
Page
Page
F
xxi
IGURES
xxii
xxiii
Page
1-1
NTRODUCTION
Key Features
1-2
Description of Software Features
F
S
1-3
1-4
F
S
1-5
1-6
D
1-7
System Defaults
1-8
D
1-9
Page
NITIAL
2-1
ONFIGURATION
Connecting to the Switch
Configuration Options
C
2-2
Required Connections
S
2-3
C
2-4
Remote Connections
O
2-5
Stack Operations
Unit Numbering
C
2-6
Recovering from Stack Failure or Topology Change
Resilient IP Interface for Management Access
C
Basic Configuration
Console Connection
C
2-8
Setting Passwords
C
2-9
Setting an IP Address
Manual Configuration
C
2-10
Dynamic Configuration
C
2-11
Enabling SNMP Management Access
C
2-12
Community Strings
C
2-13
Trap Receivers
Saving Configuration Settings
C
Managing System Files
Page
Page
3-1
CHAPTER 3 CONFIGURING THE SWITCH
Using the Web Interface
Page
Navigating the Web Browser Interface
S
3-4
Configuration Options
Panel Display
Main Menu
Table 3-2 Main Menu
S
3-6
M
3-7
S
3-8
M
3-9
S
3-10
C
3-11
Basic Configuration
Displaying System Information
Page
C
ASIC
3-13
CLI Specify the hostname, location and contact information.
Displaying Switch Hardware/Software Versions
Page
C
3-15
Displaying Bridge Extension Capabilities
Page
C
3-17
Setting the Switchs IP Address
S
3-18
Manual Configuration
C
3-19
Using DHCP/BOOTP
S
3-20
C
3-21
Managing Firmware
Page
Page
S
3-24
Saving or Restoring Configuration Settings
C
3-25
Page
C
3-27
S
3-28
Console Port Settings
C
3-29
S
3-30
Telnet Settings
C
3-31
S
3-32
C
3-33
Configuring Event Logging
System Log Configuration
S
3-34
C
3-35
Remote Log Configuration
Page
C
3-37
Page
C
3-39
Sending Simple Mail Transfer Protocol Alerts
Page
C
3-41
Resetting the System
S
3-42
Setting the System Clock
Configuring SNTP
C
3-43
S
3-44
Setting the Time Zone
N
Simple Network Management Protocol
Setting Community Access Strings
Page
Page
S
3-48
User Authentication
Configuring User Accounts
A
3-49
S
3-50
Configuring Local/Remote Logon Authentication
A
3-51
S
3-52
Page
S
3-54
Configuring HTTPS
A
3-55
S
3-56
Replacing the Default Secure-site Certificate
A
3-57
Configuring the Secure Shell
S
3-58
A
3-59
S
3-60
Generating the Host Key Pair
A
3-61
S
3-62
Configuring the SSH Server
Page
S
3-64
Configuring Port Security
A
3-65
S
3-66
Configuring 802.1X Port Authentication
A
3-67
Page
A
3-69
Configuring 802.1X Global Settings
S
3-70
Configuring Port Settings for 802.1X
A
3-71
S
3-72
A
3-73
Displaying 802.1X Statistics
This switch can display statistics for dot1x protocol exchanges for any port.
Table 3-5 802.1X Statistics
S
3-74
A
3-75
Filtering Addresses for Management Access
Page
C
L
3-77
Access Control Lists
Configuring Access Control Lists
S
3-78
Setting the ACL Name and Type
Page
Page
C
L
3-81
Configuring an Extended IP ACL
S
3-82
C
L
3-83
S
3-84
Configuring a MAC ACL
Page
Page
Page
Port Configuration
C
3-89
Field Attributes (CLI) Basic Information:
Configuration:
S
3-90
Current Status:
C
3-91
Configuring Interface Connections
S
3-92
C
3-93
Creating Trunk Groups
S
3-94
C
}
3-95
Statically Configuring a Trunk
Page
C
}
ORT
3-97
Enabling LACP on Selected Ports
}
S
3-98
C
3-99
Configuring LACP Parameters Dynamically Creating a Port Channel
S
3-100
Page
S
3-102
C
3-103
Displaying LACP Port Counters
You can display statistics for LACP protocol messages.
Figure 3-45 LACP - Port Counters Information
S
3-104
CLI The following example displays LACP counters.
Displaying LACP Settings and Status for the Local Side
C
3-105
Table 3-7 LACP Internal Configuration Information (Continued)
S
3-106
C
3-107
Displaying LACP Settings and Status for the Remote Side
Table 3-8 LACP Neighbor Configuration Information
S
3-108
C
3-109
Setting Broadcast Storm Thresholds
Page
C
3-111
Configuring Port Mirroring
Page
C
3-113
Configuring Rate Limits
Rate Limit Granularity
S
3-114
Rate Limit Configuration
C
3-115
Showing Port Statistics
S
3-116
Table 3-9 Port Statistics
C
3-117
S
3-118
C
3-119
Page
C
ORT
3-121
CLI This example shows statistics for port 13.
Address Table Settings
Page
Page
Page
Spanning Tree Algorithm Configuration
T
C
A
3-127
x x
S
3-128
Displaying Global Settings
T
C
A
3-129
Page
T
C
LGORITHM
A
REE
S
3-132
Configuring Global Settings
T
C
A
3-133
S
3-134
Page
S
3-136
Displaying Interface Settings
T
x
x
S
3-138
Page
S
3-140
Configuring Interface Settings
T
C
A
3-141
S
3-142
3-143
VLAN Configuration
IEEE 802.1Q VLANs
S
3-144
Assigning Ports to VLANs
3-145
S
3-146
3-147
Forwarding Tagged/Untagged Frames
S
3-148
Enabling or Disabling GVRP (Global Setting)
Displaying Basic VLAN Information
3-149
Displaying Current VLANs
Command Attributes (Web)
Page
3-151
Creating VLANs
S
3-152
3-153
Adding Static Members to VLANs (VLAN Index)
Page
3-155
S
3-156
Adding Static Members to VLANs (Port Index)
3-157
Configuring VLAN Behavior for Interfaces
S
3-158
3-159
S
3-160
Private VLANs
3-161
Displaying Current Private VLANs
Page
3-163
Configuring Private VLANs
S
3-164
Associating VLANs
3-165
Displaying Private VLAN Interface Information
S
3-166
Configuring Private VLAN Interfaces
3-167
S
3-168
Class of Service Configuration
S
3-170
C
S
3-171
Mapping CoS Values to Egress Queues
S
3-172
C
S
3-173
Selecting the Queue Mode
S
3-174
Setting the Service Weight for Traffic Classes
C
S
3-175
Layer 3/4 Priority Settings
S
3-176
Selecting IP Precedence/DSCP Priority
Mapping IP Precedence
Page
S
3-178
Mapping DSCP Priority
Page
S
3-180
Mapping IP Port Priority
Page
S
3-182
Mapping CoS Values to ACLs
Page
S
3-184
Multicast Filtering
F
3-185
Layer 2 IGMP (Snooping and Query)
Configuring IGMP Snooping and Query Parameters
S
3-186
F
3-187
S
3-188
Displaying Interfaces Attached to a Multicast Router
F
3-189
Specifying Static Interfaces for a Multicast Router
S
3-190
Displaying Port Members of Multicast Services
F
3-191
S
3-192
Assigning Ports to Multicast Services
F
3-193
Page
4-1
4
I
INE
L
OMMAND
L
I
4-2
Telnet Connection
Page
Entering Commands
Page
L
I
4-6
Showing Commands
Page
L
I
4-8
Understanding Command Modes
Exec Commands
C
4-9
Configuration Commands
L
I
4-10
C
4-11
Command Line Processing
L
I
Command Groups
The system commands can be broken down into the functional groups shown below
Table 4-4 Command Groups
G
4-13
L
I
4-14
Line Commands
Table 4-5 Line Commands
C
4-15
line
L
I
4-16
login
C
4-17
password
L
I
4-18
timeout login response
C
4-19
exec-timeout
L
I
4-20
password-thresh
C
4-21
silent-time
L
I
4-22
databits
C
4-23
parity
speed
L
I
4-24
stopbits
C
4-25
disconnect
show line
L
General Commands
I
4-26
Example To show all lines, enter this command:
Table 4-6 General Commands
C
4-27
enable
L
I
4-28
disable
configure
C
4-29
show history
L
I
4-30
reload
end
C
4-31
exit
quit
L
System Management Commands
M
C
4-33
Device Designation Commands
prompt
L
I
4-34
hostname
User Access Commands
M
C
4-35
username
L
I
4-36
enable password
M
C
IP Filter Commands
4-37
L
I
4-38
management
M
C
4-39
show management
L
I
Web Server Commands
4-40
Table 4-12 Web Server Commands
M
C
4-41
ip http port
ip http server
L
I
4-42
ip http secure-server
M
C
4-43
ip http secure-port
L
I
4-44
Telnet Server Commands
ip telnet port
M
C
4-45
ip telnet server
L
I
4-46
Secure Shell Commands
M
C
4-47
L
I
4-48
M
C
4-49
ip ssh server
L
I
4-50
ip ssh timeout
M
C
4-51
ip ssh authentication-retries
ip ssh server-key size
L
I
4-52
delete public-key
ip ssh crypto host-key generate
M
C
4-53
ip ssh crypto zeroize
L
I
4-54
ip ssh save host-key
M
C
4-55
show ip ssh
show ssh
L
I
4-56
show public-key
Table 4-16 show ssh - display description (Continued)
M
C
4-57
L
I
4-58
Event Logging Commands
logging on
M
C
4-59
logging history
L
I
4-60
logging host
M
C
4-61
logging facility
L
I
4-62
logging trap
M
C
4-63
clear logging
show logging
L
I
4-64
M
C
4-65
show log
L
I
4-66
The following example shows sample messages stored in RAM.
SMTP Alert Commands
M
C
4-67
logging sendmail host
L
I
4-68
logging sendmail level
M
C
4-69
logging sendmail source-email
logging sendmail destination-email
L
I
4-70
logging sendmail
show logging sendmail
M
C
4-71
Time Commands
Table 4-22 Time Commands
L
I
4-72
sntp client
M
C
4-73
sntp server
L
I
4-74
sntp poll
show sntp
M
C
4-75
clock timezone
L
I
4-76
calendar set
M
C
System Status Commands
4-77
show calendar
L
I
4-78
light unit
show startup-config
M
C
4-79
L
I
4-80
show running-config
M
C
ANAGEMENT
YSTEM
4-81
L
I
4-82
show system
M
C
4-83
show users
show version
L
I
4-84
Frame Size Commands
jumbo frame
Flash/File Commands
L
I
4-86
copy
C
4-87
L
I
4-88
The following example shows how to copy the running co nfiguration to a startup file.
The following example shows how to download a configuration file:
C
4-89
delete
L
I
4-90
dir
C
4-91
whichboot
L
I
4-92
boot system
C
Authentication Commands
Authentication Sequence
L
I
4-94
authentication login
C
4-95
authentication enable
L
I
4-96
RADIUS Client
C
4-97
radius-server host
L
I
4-98
radius-server port
radius-server key
C
4-99
radius-server retransmit
radius-server timeout
L
I
4-100
show radius-server
C
4-101
TACACS+ Client
tacacs-server host
L
I
4-102
tacacs-server port
tacacs-server key
C
4-103
show tacacs-server
Port Security Commands
L
I
4-104
port security
C
4-105
L
I
4-106
802.1X Port Authentication
Table 4-32 802.1X Port Authentication
C
4-107
dot1x system-auth-control
dot1x default
dot1x max-req
L
I
4-108
dot1x port-control
C
4-109
dot1x operation-mode
L
I
4-110
dot1x re-authenticate
dot1x re-authentication
C
4-111
dot1x timeout quiet-period
dot1x timeout re-authperiod
L
I
4-112
dot1x timeout tx-period
show dot1x
C
4-113
L
I
4-114
C
UTHENTICATION
4-115
L
I
Access Control List Commands
C
IP ACLs
L
4-117
L
I
4-118
access-list ip
C
L
4-119
permit, deny (Standard ACL)
L
I
4-120
permit, deny (Extended ACL)
C
L
4-121
L
I
4-122
C
L
4-123
show ip access-list
ip access-group
L
I
4-124
show ip access-group
C
L
4-125
map access-list ip
L
I
4-126
show map access-list ip
C
L
4-127
MAC ACLs
access-list mac
L
I
4-128
permit, deny (MAC ACL)
C
L
4-129
L
I
4-130
show mac access-list
mac access-group
C
L
4-131
show mac access-group
map access-list mac
L
I
4-132
show map access-list mac
Page
L
I
4-134
Example
show access-group
SNMP Commands
snmp-server community
L
I
4-136
snmp-server contact
4-137
snmp-server location
L
I
4-138
snmp-server host
4-139
snmp-server enable traps
L
I
4-140
show snmp
4-141
L
I
4-142
Interface Commands
Table 4-40 Interface Commands
C
4-143
interface
description
L
I
4-144
speed-duplex
C
4-145
negotiation
L
I
4-146
capabilities
C
4-147
flowcontrol
L
I
4-148
shutdown
C
4-149
switchport broadcast packet-rate
L
I
4-150
clear counters
C
4-151
show interfaces status
L
I
4-152
show interfaces counters
C
4-153
L
I
4-154
show interfaces switchport
C
4-155
Table 4-41 Interfaces Switchport Statistics
L
I
Mirror Port Commands
port monitor
P
C
4-157
show port monitor
L
Rate Limit Commands
Page
L
I
4-160
rate-limit granularity
A
Link Aggregation Commands
L
I
4-162
A
C
4-163
channel-group
L
I
4-164
lacp
A
C
GGREGATION
INK
4-165
L
I
4-166
lacp system-priority
A
C
4-167
lacp admin-key (Ethernet Interface)
L
I
4-168
lacp admin-key (Port Channel)
A
C
4-169
lacp port-priority
Page
A
C
4-171
Table 4-45 show lacp counters - display description
L
I
4-172
Table 4-46 show lacp internal - display description
A
C
4-173
Table 4-46 show lacp internal - display description (Continued)
L
I
4-174
Table 4-47 show lacp neighbors - display description
T
Address Table Commands
Table 4-48 show lacp sysid - display description
Table 4-49 Address Table Commands
L
I
4-176
mac-address-table static
T
C
4-177
clear mac-address-table dynamic
show mac-address-table
L
I
4-178
T
C
4-179
mac-address-table aging-time
show mac-address-table aging-time
Spanning Tree Commands
Table 4-50 Spanning Tree Commands
T
C
4-181
spanning-tree
L
I
4-182
spanning-tree mode
T
C
4-183
spanning-tree forward-time
spanning-tree hello-time
L
I
4-184
spanning-tree max-age
T
C
4-185
spanning-tree priority
L
I
4-186
spanning-tree pathcost method
spanning-tree transmission-limit
T
C
4-187
spanning-tree spanning-disabled
L
I
4-188
spanning-tree cost
T
C
4-189
spanning-tree port-priority
spanning-tree edge-port
L
I
4-190
spanning-tree portfast
T
C
4-191
spanning-tree link-type
L
I
4-192
spanning-tree protocol-migration
T
C
4-193
show spanning-tree
L
I
4-194
4-195
VLAN Commands
Editing VLAN Groups
vlan database
L
I
4-196
vlan
4-197
L
I
4-198
Configuring VLAN Interfaces
interface vlan
4-199
switchport mode
L
I
4-200
switchport acceptable-frame-types
4-201
switchport ingress-filtering
L
I
4-202
switchport native vlan
4-203
switchport allowed vlan
L
I
4-204
switchport forbidden vlan
4-205
Displaying VLAN Information
show vlan
L
I
4-206
Configuring Private VLANs
4-207
L
I
4-208
private-vlan
4-209
L
I
4-210
private vlan association
4-211
switchport mode private-vlan
L
I
4-212
switchport private-vlan host-association
switchport private-vlan iso lated
4-213
switchport private-vlan mapping
L
I
4-214
show vlan private-vlan
GVRP
GVRP and Bridge Extension Commands
bridge-ext gvrp
L
I
4-216
show bridge-ext
GVRP
C
E
B
4-217
L
I
4-218
garp timer
GVRP
C
E
B
4-219
Priority Commands
C
4-221
queue mode
L
I
4-222
switchport priority default
C
4-223
queue bandwidth
L
I
4-224
queue cos-map
C
4-225
show queue mode
L
I
4-226
show queue bandwidth
show queue cos-map
C
Priority Commands (Layer 3 and 4)
4-227
Table 4-60 Priority Commands (Layer 3 and 4)
L
I
4-228
map ip port (Global Configuration)
map ip port (Interface Configuration)
C
4-229
map ip precedence (Global Configuration)
L
I
4-230
map ip precedence (Interface Configuration)
C
4-231
map ip dscp (Global Configuration)
map ip dscp (Interface Configuration)
L
I
4-232
C
4-233
show map ip port
L
I
4-234
show map ip precedence
C
4-235
show map ip dscp
L
I
Multicast Filtering Commands
Table 4-63 Multicast Filtering Commands
Table 4-64 IGMP Snooping Commands
F
C
4-237
ip igmp snooping
ip igmp snooping vlan static
L
I
4-238
ip igmp snooping version
F
C
4-239
show ip igmp snooping
show mac-address-table multicast
L
I
IGMP Query Commands (Layer 2)
4-240
F
C
4-241
ip igmp snooping querier
ip igmp snooping query-count
L
I
4-242
ip igmp snooping query-interval
F
C
4-243
ip igmp snooping query-max-response-time
L
I
4-244
ip igmp snooping router-port-expire-time
F
C
4-245
Static Multicast Routing Commands
ip igmp snooping vlan mrouter
L
I
4-246
show ip igmp snooping mrouter
C
IP Interface Commands
ip address
L
I
4-248
C
4-249
ip default-gateway
ip dhcp restart
L
I
4-250
show ip interface
C
4-251
show ip redirects
ping
L
I
4-252
PPENDIX
A-1
A S
S
OFTWARE
PECIFICATIONS
Software Features
Management Features
S
A-3
Standards
S
A-4
Management Information Bases
PPENDIX
B-1
B T
Problems Accessing the Management Interface
ROUBLESHOOTING
B-2
S
L
B-3
Using System Logs
Page
G
Glossary-1
LOSSARY
Glossary-2
Glossary-3
Glossary-4
Glossary-5
Glossary-6
Glossary-7
Glossary-8
NDEX
Numerics
A
B
C
H
I
J
L
M
Q
R
S
T
U
V
W