Manuals / SMC Networks / Computer Equipment / Switch

SMC Networks SMC6824M manual Configuring the Secure Shell

Models: SMC6824M

1 608

Download 608 pages 58 Kb

Page 134

CONFIGURING THE SWITCH

When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line interface to replace the default (unrecognized) certificate with an authorized one:

Console#copy tftp https-certificate			4-82
TFTP server ip		address: <server ip-address>
Source	certificate file name: <certificate file name>
Source	private	file name: <private key file name>

Private password: <password for private key>

Note:The switch must be reset for the new certificate to be activated. To reset the switch, type: Console#reload

Configuring the Secure Shell

The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.

The Secure Shell (SSH) includes server/client applications intended as a secure replacement for the older Berkley remote access tools. SSH can also provide remote management access to this switch as a secure replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a public-key that the client uses along with a local user name and password for access authentication. SSH also encrypts all data transfers passing between the switch and SSH-enabled management station clients, and ensures that data traveling over the network arrives unaltered.

Note that you need to install an SSH client on the management station to access the switch for management via the SSH protocol.

Note:The switch supports both SSH Version 1.5 and 2.0.

3-78

Image 134

SMC Networks SMC6824M manual Configuring the Secure Shell

Contents

TigerStack III 10/100 Page TigerStack III 10/100 Management Guide Trademarks Limited Warranty Limited Warranty Table of Contents Table of Contents Table of Contents Table of Contents Command Line Interface ViiViii Table of Contents Table of Contents Table of Contents Xii Xiii Xiv Table of Contents Xvi Glossary Index XviiXviii Tables XixTables Xxi Xxii Figures XxiiiXxiv 37 802.1X Global InformationXxv Xxvi Feature Description Key FeaturesKey Features Description of Software Features LacpDescription of Software Features Introduction Description of Software Features Introduction Function Parameter Default System DefaultsSystem Defaults Https Pvid Dhcp Connecting to the Switch Configuration OptionsInitial Configuration Required Connections Remote Connections Selecting the Stack Master Recovering from Stack Failure or Topology ChangeStack Operations Console Connection Basic ConfigurationResilient IP Interface for Management Access Setting Passwords Setting an IP AddressManual Configuration Dynamic Configuration Enabling Snmp Management Access Clients, we recommend that you delete both of the default Community Strings for Snmp version 1 and 2c clientsConfiguring Access for Snmp Version 3 Clients Trap ReceiversSaving Configuration Settings Managing System Files Configuring Power over Ethernet Initial Configuration Configuring the Switch Using the Web InterfaceConfiguring the Switch Navigating the Web Browser Interface HomeAction Web Page Configuration ButtonsButton Front Panel Indicators Panel DisplayMenu Description Switch Main MenuMain Menu Sntp ACL Vlan Mstp 206 Vlan ID Displaying System Information Field AttributesSystem Information Displaying Switch Hardware/Software Versions CLI Specify the hostname, location and contact informationManagement Software Web Click System, Switch Information General Switch InformationDisplaying Bridge Extension Capabilities Field AttributesWeb Click System, Bridge Extension Setting the IP AddressCLI Enter the following command Command Attributes Manual Configuration IP Interface Configuration ManualUsing DHCP/BOOTP IP Interface Configuration DhcpCommand Attributes Managing FirmwareDownloading System Software from a Server Copy FirmwareSetting the Startup Code Saving or Restoring Configuration Settings Command UsageBasic Configuration Downloading Configuration Settings from a Server 11 Downloading Configuration Settings for Start-Up12 Setting the Startup Configuration Settings Console Port Settings Command AttributesCLI only 13 Console Port Settings Telnet Settings Command Attributes14 Configuring the Telnet Interface Configuring Event Logging System Log ConfigurationCommand Attributes Logging LevelsRemote Log Configuration 15 System Logs16 Remote Logs Displaying Log Messages 17 Displaying LogsSending Simple Mail Transfer Protocol Alerts CLI This example shows the event message stored in RAM18 Enabling and Configuring Smtp Alerts Resetting the System 19 Resetting the SwitchCLI Use the reload command to reboot the system Setting the System ClockConfiguring Sntp Setting the Time Zone 20 Sntp Configuration21 Setting the Time Zone Simple Network Management ProtocolConfiguring the Switch SNMPv3 Security Models and Levels Model Level Group Read Write Notify Security ViewEnabling the Snmp Agent Setting Community Access StringsCLI The following example enables Snmp on the switch 23 Configuring Snmp Community Strings Command Usage Specifying Trap Managers and Trap TypesCommand Attributes 24 Configuring Snmp Trap Managers Configuring SNMPv3 Management Access Setting the Local Engine IDSpecifying a Remote Engine ID CLI This example sets an SNMPv3 engine IDConfiguring SNMPv3 Users CLI This example specifies a remote SNMPv3 engine IDConfiguring the Switch 27 Configuring SNMPv3 Users Configuring Remote SNMPv3 Users 169Command Attributes 28 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages Object Label Object ID DescriptionObject Label Object ID Description Rmon Events SwIpFilterRejectTrap 29 Configuring SNMPv3 Groups Setting SNMPv3 Views 16530 Configuring SNMPv3 Views User Authentication 163Configuring User Accounts Command Attributes31 Configuring User Accounts On a central server to Configuring Local/Remote Logon AuthenticationThat use software running Command Attributes Radius SettingsTacacs Settings 32 Authentication Server SettingsConfiguring Https 104Https Support Web Browser Operating SystemReplacing the Default Secure-site Certificate 33 Https SettingsConfiguring the Secure Shell Command Usage Configuring the Switch Generating the Host Key Pair Field Attributes34 SSH Host-Key Settings Configuring the SSH Server SSH server includes basic settings for authentication35 SSH Server Settings Configuring Port Security Command UsageCommand Attributes 36 Enabling Port Security Configuring 802.1X Port Authentication 802.1X System Authentication Control The global setting for Displaying 802.1X Global Settings802.1X protocol provides client authentication Web Click Security, 802.1X, InformationCLI This example enables 802.1X globally for the switch Configuring 802.1X Global SettingsCLI This example shows the default global setting for Configuring Port Settings for 39 802.1X Port Configuration AuthorizedUser Authentication Parameter Description Displaying 802.1X Statistics802.1X Statistics 40 Displaying 802.1X Statistics CLI This example displays the 802.1X statistics for portFiltering IP Addresses for Management Access Command Usage41 Entering IP Addresses to be Filtered Access Control Lists Configuring Access Control ListsSetting the ACL Name and Type Command AttributesCLI This example creates a standard IP ACL named bill Configuring a Standard IP ACL Command Attributes100 Configuring an Extended IP ACL Command Attributes 101102 44 Configuring Extended IP ACLs 103Configuring a MAC ACL Command Attributes 104Command Usage 10545 Configuring MAC ACLs 106Specifying the Mask Type Configuring ACL Masks107 This mask defines the fields to check in the IP header Configuring an IP ACL Mask108 47 Configuring an IP based ACL 109This mask defines the fields to check in the packet header Configuring a MAC ACL Mask110 48 Configuring an ACL MAC Mask 111Binding a Port to an Access Control List 112113 49 Mapping ACLs to Port Ingress/Egress QueuesDisplaying Connection Status Port ConfigurationCommand Attributes Web 114Web Click Port, Port Information or Trunk Information 115Field Attributes CLI 116 Current statusCLI This example shows the connection status for Port Configuring Interface Connections117 118 51 Configuring Port Attributes 119Creating Trunk Groups 120Statically Configuring a Trunk Command Usage 12152 Static Trunk Configuration 122Enabling Lacp on Selected Ports Command Usage 12353 Lacp Port Configuration 124125 126 54 Lacp Aggregation Port Configuration 127128 You can display statistics for Lacp protocol messages 129Displaying Lacp Port Counters Lacp Port Counters130 Displaying Lacp Settings and Status for the Local SideLacp Internal Configuration Information 131 132 56 Displaying Lacp Port Information133 Displaying Lacp Settings and Status for the Remote Side10 Lacp Neighbor Configuration Information 134 57 Displaying Remote Lacp Port InformationSetting Broadcast Storm Thresholds 135Configuring Port Mirroring 13659 Configuring a Mirror Port 137138 Configuring Rate LimitsCommand Attribute Showing Port Statistics 139140 11 Port Statistics141 142 Rmon Statistics143 144 61 Port StatisticsCLI This example shows statistics for port Power Over Ethernet Settings145 146 Switch Power StatusDisplays the Power over Ethernet parameters for the switch 147 Setting a Switch Power BudgetWeb Click PoE, Power Status Displaying Port Power Status 148149 Configuring Port PoE PowerWeb Click PoE, Power Port Status 65 Configuring Port PoE Power 150151 Address Table SettingsSetting Static Addresses Displaying the Address Table 152153 67 Displaying the MAC Dynamic Address Table154 Spanning Tree Algorithm ConfigurationChanging the Aging Time CLI This example sets the aging time to 300 seconds155 Displaying Global Settings 156157 158 159 Web Click Spanning Tree, STA Information160 Configuring Global SettingsGlobal settings apply to the entire switch Basic Configuration of Global Settings 161Root Device Configuration 162Configuration Settings for Rstp 16370 Configuring the Spanning Tree Algorithm 164Displaying Interface Settings 165166 167 AD B168 71 STA Port InformationConfiguring Interface Settings 169170 72 Configuring Spanning Tree Algorithm per Port 171CLI This example sets STA attributes for port Configuring Multiple Spanning Trees172 73 Mstp Vlan Configuration 173174 Displaying Interface Settings for Mstp 175176 Configuring Interface Settings for Mstp 177178 CLI This example sets the Mstp attributes for port179 Vlan ConfigurationIeee 802.1Q VLANs 180 Assigning Ports to VLANs181 182 Forwarding Tagged/Untagged Frames183 Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Web Click VLAN, 802.1Q VLAN, Basic Information 184Displaying Basic Vlan Information 185 Displaying Current VLANsCreating VLANs Command Attributes CLI186 187 79 Vlan Static List Creating VLANsCLI This example creates a new Vlan 188Adding Static Members to VLANs Vlan Index Command Attributes 189190 Adding Static Members to VLANs Port IndexConfiguring Vlan Behavior for Interfaces 191192 193 Private VLANs 194Displaying Current Private VLANs Vlan ID ID of configured Vlan195 196 83 Displaying Private Vlan Port InformationConfiguring Private VLANs 197Each community Vlan must be associated with a primary Vlan 198Associating Community VLANs 199 Displaying Private Vlan Interface InformationConfiguring Private Vlan Interfaces 20087 Configuring Private Vlan Ports 201Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings 202CLI This example assigns a default priority of 5 to port 20312 Mapping CoS Values to Egress Queues 204Mapping CoS Values to Egress Queues 13 CoS Priority Levels89 Configuring Traffic Classes 205Selecting the Queue Mode 206Setting the Service Weight for Traffic Classes 207Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority Settings208 Selecting IP Precedence/DSCP Priority14 Mapping IP Precedence 209Mapping IP Precedence 93 Mapping IP Precedence to Class of Service Values 21015 Mapping Dscp Priority 211Mapping Dscp Priority IP Dscp Value CoS Value94 Mapping IP Dscp Priority to Class of Service Values 212213 Mapping IP Port Priority214 95 Globally Enabling the IP Port Priority StatusCopy Settings 215Mapping CoS Values to ACLs CLI This feature not supported through the CLI216 16 CoS to ACL Mapping217 98 Mapping CoS Values to ACLs218 Changing Priorities Based on ACL Rules219 99 Changing Priorities Based on ACL Rules220 Multicast FilteringIgmp Protocol Layer 2 Igmp Snooping and Query 221Configuring Igmp Snooping and Query Parameters 222100 Configuring Internet Group Management Protocol 223224 Displaying Interfaces Attached to a Multicast Router225 Specifying Interfaces Attached to a Multicast RouterDisplaying Port Members of Multicast Services 226103 Displaying Port Members of Multicast Services 227Assigning Ports to Multicast Services 228229 Configuring Domain Name ServiceConfiguring General DNS Server Parameters 230 105 Configuring DNS 231Configuring Static DNS Host to Address Entries 232233 106 Mapping IP Addresses to a Host NameDisplaying the DNS Cache 234235 Web Select DNS, Cache236 Console Connection Using the Command Line InterfaceAccessing the CLI Telnet Connection Keywords and Arguments Entering CommandsThis section describes how to enter CLI commands Showing Commands Command CompletionGetting Help on Commands Minimum AbbreviationCommand Line Interface Understanding Command Modes Negating the Effect of CommandsUsing Command History Partial Keyword LookupClass Mode Exec CommandsCommand Modes Configuration Commands Configuration Command Modes Mode Command PromptKeystroke Function Command Line ProcessingKeystroke Commands Command Group Description Command GroupsCommand Group Index Configures DNS services 286 Command Function Mode Line CommandsLine Commands Password-thresh commandLine Login local LoginSyntax Login local no login Line ConfigurationSyntax Password 0 7 password no password PasswordUsername 4-34password No password is specifiedCLI Disabled 0 seconds Telnet 300 seconds Timeout login responseLogin 4-15password-thresh To set the timeout to two minutes, enter this commandCLI and Telnet 600 seconds 10 minutes Exec-timeoutSyntax Exec-timeout seconds no exec-timeout Default value is three attempts Password-threshSyntax Password-thresh threshold no password-thresh Syntax Silent-time seconds no silent-time Silent-timeDatabits Syntax Databits 7 8 no databitsParity Syntax Parity none even odd no paritySpeed To specify no parity, enter this commandTo specify 57600 bps, enter this command Syntax Speed bps no speedStopbits 1 StopbitsDisconnect Syntax disconnect session-idShow line Syntax Show line console vtyGeneral Commands General CommandsEnable Syntax enable levelNone DisableDisable Enable password Configure Show historyReload This command restarts the systemThis command resets the entire system End This example shows how to reset the switchThis command returns to Privileged Exec mode ExitQuit Use this command to exit the configuration programThis example shows how to quit a CLI session Command Group Function System Management CommandsSystem Management Commands Prompt Device Designation CommandsDevice Designation Commands Syntax Prompt string no promptSyntax Hostname name no hostname HostnameLight unit Syntax Light unit unitUsername User Access CommandsUser Access Commands 10 Default Login Settings Username Access-level PasswordEnable password Default is level is level Default password is super11 IP Filter Commands IP Filter CommandsEnable 4-25authentication enable ManagementShow management Web Server Commands 12 Web Server CommandsIp http port Default Setting Command ModeSyntax No ip http server Default Setting Ip http serverSyntax No ip http secure-server Default Setting Ip http secure-serverIp http secure-port4-42 Copy tftp https-certificate Ip http secure-port13 Https System Support Portnumber The UDP port used for HTTPS. RangeIp telnet server Telnet Server Commands14 Telnet Server Commands Ip http secure-server4-41Secure Shell Commands Server Enabled Server Port15 Secure Shell Commands Command Function ModeSystem Management Commands Ip ssh server Syntax No ip ssh server Default SettingDisabled Ip ssh crypto host-key generate 4-51 show ssh Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout SecondsIp ssh authentication-retries Exec-timeout4-18 show ip sshSyntax Delete public-key username dsa rsa Ip ssh server-key sizeDelete public-key Dsa DSA Version 2 key type Rsa RSA Version 1 key type Ip ssh crypto host-key generateSyntax Ip ssh crypto host-key generate dsa rsa Generates both the DSA and RSA key pairsSyntax Ip ssh crypto zeroize dsa rsa Ip ssh crypto zeroizeIp ssh save host-key Syntax Ip ssh save host-key dsa rsaShow ssh This command displays the current SSH server connectionsShow ip ssh Saves both the DSA and RSA key16 show ssh display description TerminologyUsername Name of an SSH user. Range 1-8 characters Show public-keySyntax Show public-key user username host Shows all public keysEvent Logging Commands 17 Event Logging CommandsLogging history Syntax No logging on Default SettingLogging on Logging history 4-57clear loggingLevel Severity Name Description Flash errors level 3 RAM informational level 618 Logging Levels Syntax No logging host hostipaddress Logging hostLogging facility Hostipaddress The IP address of a syslog serverSyntax Logging trap level no logging trap Disabled Level 7Logging trap Syntax Clear log flash ram Clear logShow logging Syntax Show logging flash ram sendmail trapFollowing example displays settings for the trap function 19 show logging flash/ram display descriptionSyntax Show log flash ram Show log20 show logging trap display description Logging sendmail host Smtp Alert Commands21 Smtp Commands Following example shows the event message stored in RAMLogging sendmail level Syntax Logging sendmail level levelLogging sendmail source-email Syntax Logging sendmail source-email email-addressLogging sendmail Syntax No logging sendmail Default SettingLogging sendmail destination-email Syntax No logging sendmail destination-email email-addressShow logging sendmail Time Commands22 Time Commands Syntax No sntp client Default Setting Sntp clientSyntax Sntp server ip1 ip2 ip3 Sntp serverSntp server 4-70 sntp poll 4-71 show sntp Syntax Sntp poll seconds no sntp poll Sntp pollSntp client 4-69 sntp poll 4-71 show sntp Show sntp Sntp clientClock timezone NoneShow calendar This command displays the system clockCalendar set Syntax23 System Status Commands System Status CommandsShow startup-config Example Show running-config Related CommandsShow startup-config This command displays system information Show systemShow users Show versionFlash/File Commands 24 Flash/File CommandsCopy Privileged ExecCommand Usage Following example shows how to download a configuration file Command Line Interface Dir Delete public-key This command deletes a file or imageDelete Dir This command displays a list of files in flash memorySyntax Dir unit boot-rom config opcode filename 25 File Directory InformationWhichboot Following example shows how to display all file informationDir 4-87whichboot Boot systemSyntax Boot system unit boot-romconfig opcode filename Command Group Function Mode Power over Ethernet Commands26 PoE Commands Syntax Power mainpower maximum allocation watts unit unit Power mainpower maximum allocationPower inline compatible Syntax No power inline compatibleCompatible Mode Enabled Syntax No power inline Default Setting Power inlinePower inline maximum allocation Power inline priority LowEthernet Show power inline statusSyntax Show power inline status interface Unit Stack unit. Range Port Port number. Range28 show power mainpower parameters Show power mainpower27 show power inline status parameters Mainpower maximum allocation on29 Authentication Commands Authentication CommandsAuthentication Sequence 30 Authentication Sequence CommandAuthentication login LocalAuthentication enable Username for setting the local user names and passwords31 Radius Client Commands Radius ClientRetransmit Command Mode Default Setting Auth-portTimeout 5 seconds Radius-server hostSyntax Radius-server port portnumber no radius-server port Radius-server portRadius-server key 1812Radius-server timeout Radius-server retransmitShow radius-server Privileged ExecTacacs-server host 32 TACACS+ Client CommandsTACACS+ Client Hostipaddress IP address of a TACACS+ serverSyntax Tacacs-server port portnumber no tacacs-server port Tacacs-server portTacacs-server key Syntax Tacacs-server key keystring no tacacs-server keyPort Security Commands Show tacacs-serverInterface Configuration Ethernet 33 Port Security CommandsStatus Disabled Action None Maximum Addresses Port security109 802.1X Port Authentication 34 802.1X Port Authentication CommandsDot1x system-auth-control Dot1x defaultSyntax No dot1x system-auth-control Default Setting Dot1x max-reqDot1x port-control Default Command ModeDefault Force-authorizedDot1x operation-mode Single-hostSyntax Dot1x re-authenticate interface Dot1x re-authenticateDot1x re-authentication Syntax No dot1x re-authentication Command ModeSeconds The number of seconds. Range Dot1x timeout quiet-periodDot1x timeout re-authperiod Syntax Show dot1x statistics interface interface Dot1x timeout tx-periodShow dot1x Statistics Displays dot1x status for each port Interface117 Authenticator State Machine State- Current state including initialize, reauthenticateAccess Control List Commands Access Control ListsAccess Control List Commands Command Groups Function Masks for Access Control Lists35 Access Control List Commands 36 IP ACL Commands IP ACLsAccess-list ip Syntax No access-list ip standard extended aclnameAccess-list ip extended fragment-auto-mask Permit, deny Standard ACLPermit, deny Extended ACL Standard ACLNo permit deny tcp Extended ACL127 Syntax Show ip access-list standard extended aclname Show ip access-listThis command displays the rules for configured IP ACLs Permit, deny Ip access-group4-134Mask IP ACL 4-130 ip access-group4-134 Access-list ip mask-precedenceSyntax No access-list ip mask-precedence in out Syntax No mask protocol IP Mask131 132 Show access-list ip mask-precedence Syntax Show access-list ip mask-precedence in outIp access-group Syntax No ip access-group aclname in outShow ip access-list4-128 Show ip access-groupMap access-list ip This command shows the ports assigned to IP ACLsSyntax Show map access-list ip interface Show map access-list ipQueue cos-map4-257 Show map access-list ip 37 Egress Queue Priority MappingMatch access-list ip Map access-list ipShow marking Match access-list ip38 MAC ACL Commands MAC ACLsAccess-list mac Syntax No access-list mac aclnamePermit, deny MAC ACL Syntax No permit denyMAC ACL Syntax Show mac access-list aclname Show mac access-listThis command displays the rules for configured MAC ACLs Permit, deny Mac access-group4-146Access-list mac mask-precedence Mask MAC ACL 4-144 mac access-group4-146Syntax No mask pktformat MAC Mask145 This example creates an Egress MAC ACLSyntax Show access-list mac mask-precedence in out Show access-list mac mask-precedenceMac access-group Syntax Mac access-group aclname in outShow mac access-list4-142 Show mac access-groupMap access-list mac This command shows the ports assigned to MAC ACLsSyntax Show map access-list mac interface Show map access-list macQueue cos-map4-257 Show map access-list mac 39 Mapping CoS Values to MAC ACL RulesMatch access-list mac Map access-list mac40 ACL Information Show access-listACL Information This command shows the port assignments of ACLs Snmp CommandsShow access-group 41 Snmp CommandsSyntax No snmp-server Default Setting Snmp-serverShow snmp NoneSyntax Snmp-server contact string no snmp-server contact Snmp-server communitySnmp-server contact Snmp-server location Syntax Snmp-server location text no snmp-server location156 Snmp-server host157 158 Snmp-server enable traps Issue authentication and link-up-down trapsSnmp-server engine-id Snmp-server hostShow snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID 42 show snmp engine-id display description Defaultview includes access to the entire MIB treeSnmp-server view Examples This command shows information on the Snmp viewsShow snmp view This view includes MIB-2164 Snmp-server groupCommand Usage Show snmp group166 44 show snmp group display descriptionDefault Setting Snmp-server user168 45 show snmp user display description This command shows information on Snmp usersShow snmp user Interface Commands 46 Interface CommandsPort-channel channel-idRange InterfaceDescription Syntax Description string no descriptionFollowing example adds a description to port Interface Configuration Ethernet, Port ChannelSpeed-duplex Negotiation 4-173capabilities Syntax No negotiation Default SettingNegotiation Negotiation 4-173speed-duplex Following example configures port 11 to use autonegotiationCapabilities Flowcontrol Syntax No flowcontrol Default SettingFlow control enabled Negotiation 4-173speed-duplex4-172 flowcontrolAll interfaces are enabled Following example enables flow control on portSyntax No shutdown Default Setting ShutdownSwitchport broadcast packet-rate Following example disables portClear counters This command clears statistics on an interfacePort-channel channel-idRange Default Setting Syntax Clear counters interfaceSyntax Show interfaces status interface This command displays the status for an interfaceShow interfaces status Shows the status for all interfacesSyntax Show interfaces counters interface This command displays interface statisticsShow interfaces counters Shows the counters for all interfaces181 This example shows the configuration setting for port Show interfaces switchportSyntax Show interfaces switchport interface Shows all interfaces47 show interfaces switchport display description Field DescriptionInterface Configuration Ethernet, destination port Mirror Port Commands48 Mirror Port Commands Port monitorSyntax Show port monitor interface This command displays mirror informationShow port monitor Shows all sessions49 Rate Limit Commands Rate Limit CommandsFollowing shows mirroring configured from port 6 to port Interface Configuration Ethernet, Port Channel Rate-limitLink Aggregation Commands 50 Link Aggregation CommandsGuidelines for Creating Trunks General GuidelinesLacp Syntax no lacp Default SettingChannel-group Syntax Channel-group channel-idno channel-group191 Lacp system-priority 32768Lacp admin-keyEthernet Interface Lacp admin-key Port Channel Syntax Lacp admin-key key no lacp admin-keyDefault Setting Lacp port-priorityPort Channel all This command displays Lacp informationShow lacp 51 show lacp counters display description197 52 show lacp internal display descriptionPartner 199 53 show lacp neighbors display description54 show lacp sysid display description Address Table Commands55 Address Table Commands Vlan-id- Vlan ID Range Mac-address-table staticMac-address- MAC address Mac-address- MAC address Mask Bits to match in the address Clear mac-address-table dynamicShow mac-address-table Mac-address-table aging-time SecondsShow mac-address-table aging-time Spanning Tree Commands56 Spanning Tree Commands RSTP/MSTP Spanning-tree Syntax No spanning-tree Default SettingSpanning tree is enabled Spanning-tree mode Rstp208 Spanning-tree forward-timeSpanning-tree hello-time Seconds210 Spanning-tree max-ageIeee 802.1t format Spanning-tree default prioritySpanning-tree priority Spanning-tree pathcost method Long methodCount -The transmission limit in seconds. Range This command limits the maximum transmission rate for BPDUsSpanning-tree transmission-limit Syntax No spanning-tree backup-root Default Setting Spanning-tree backup-rootSpanning-tree mst-configuration MST Configuration Mst vlanMst priority Mst instanceid priority priority no mst instanceid prioritySyntax name name Switch’s MAC addressName Name Name of the spanning treeSyntax revision number RevisionMax-hops Number Revision number of the spanning tree. RangeThis example disables the Spanning Tree Algorithm for port Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting Spanning-tree cost Syntax Spanning-tree cost cost no spanning-tree costPriority The priority for a port. Range 0-240, in steps Spanning-tree port-prioritySpanning-tree edge-port Syntax No spanning-tree edge-portSyntax No spanning-tree portfast Default Setting Spanning-tree portfastSpanning-tree link-type Spanning-treeedge-port4-221Spanning-tree mst cost AutoSpanning-tree mst port-priority Spanning-tree mst port-priority4-225Syntax Spanning-tree protocol-migration interface Port-channel channel-idRange Command ModeSpanning-tree protocol-migration Show spanning-tree Syntax Show spanning-tree interface mst instanceid228 Show spanning-tree mst configuration 229Editing Vlan Groups Vlan Commands57 Vlan Commands Vlan databaseBy default only Vlan 1 exists and is active Vlan59 Configuring Vlan Interfaces Configuring Vlan InterfacesVlan Database Configuration Shutdown Interface vlanSyntax Interface vlan vlan-id All ports are in hybrid mode with the Pvid set to Vlan Switchport modeSyntax Switchport mode trunk hybrid no switchport mode Switchport acceptable-frame-types All frame typesSwitchport ingress-filtering Syntax No switchport ingress-filtering Default SettingSwitchport native vlan 237Switchport allowed vlan 238No VLANs are included in the forbidden list Switchport forbidden vlan239 Show vlan 240Displaying Vlan Information 60 Displaying Vlan Information241 Following example shows how to display information for Vlan61 Private Vlan Commands 242 243 Private-vlanNo private-vlan primary-vlan-idassociation 244Private-vlan association Normal Vlan Switchport mode private-vlan245 246 Switchport private-vlan host-associationSwitchport private-vlan mapping Syntax Show vlan private-vlan community primary 247Show vlan private-vlan 248 Gvrp and Bridge Extension Commands62 Gvrp and Bridge Extension Commands Bridge-ext gvrp Syntax No bridge-ext gvrp Default Setting249 Show bridge-extSyntax No switchport gvrp Default Setting Switchport gvrpShow gvrp configuration Syntax Show gvrp configuration interface251 Garp timerShows both global and interface-specific configuration Shows all Garp timers Show garp timerSyntax Show garp timer interface 252253 Priority Commands63 Priority Commands 64 Priority Commands Layer Priority Commands LayerQueue mode Syntax Queue mode strict wrr no queue mode255 Queue bandwidthSwitchport priority default 256257 Queue cos-map65 Default CoS Priority Levels 258259 Show queue modeThis command shows the current queue mode Show queue bandwidth260 Priority Commands Layer 366 Priority Commands Layer 3 Show queue cos-mapSyntax No map ip port Default Setting 261Syntax No map ip precedence Default Setting 26267 Mapping IP Precedence to CoS Values List below shows the default priority mapping263 Syntax No map ip dscp Default Setting 264265 68 Mapping IP Dscp to CoS ValuesShow map ip port This command shows the IP port priority map266 Syntax Show map ip port interfaceShow map ip precedence This command shows the IP precedence priority map267 Syntax Show map ip precedence interfaceShow map ip dscp This command shows the IP Dscp priority map268 Syntax Show map ip dscp interface69 Multicast Filtering Commands Multicast Filtering CommandsIgmp Snooping Commands 70 Igmp Snooping Commands270 Syntax No ip igmp snooping Default SettingFollowing example enables Igmp snooping Ip igmp snoopingIp igmp snooping version Following configures the switch to use Igmp Version271 Igmp VersionShow mac-address-table multicast 272Show ip igmp snooping 273 Igmp Query Commands Layer71 Igmp Query Commands Layer Ip igmp snooping querierTimes 274Ip igmp snooping query-count Ip igmp snooping query-interval Following shows how to configure the query count to275 Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. Range276 Ip igmp snooping router-port-expire-time Switch must use IGMPv2 for this command to take effect277 278 Static Multicast Routing Commands72 Static Multicast Routing Commands Ip igmp snooping vlan mrouterShow ip igmp snooping mrouter Displays multicast router ports for all configured VLANs279 Syntax Show ip igmp snooping mrouter vlan vlan-id280 IP Interface Commands73 IP Interface Command Syntax Ip addressInterface Configuration Vlan 281282 Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Ip dhcp restart283 Show ip interfaceShow ip redirects This command has no default for the host284 Ping285 286 DNS Commands74 DNS Commands No static entries 287Ip host This example maps two address to a host nameIp domain-name 288Clear host Syntax Clear host nameSyntax No ip domain-list name 289Ip domain-list Ip domain-name4-288 290Ip name-server Ip domain-lookup Syntax No ip domain-lookup Default Setting291 Ip domain-name4-288 ip domain-lookup4-291Ip domain-name4-288 ip name-server4-290 292Show hosts 293 This command displays the configuration of the DNS serverThis command displays entries in the DNS cache Show dnsClear dns cache This command clears all entries in the DNS cache294 75 Show DNS Output DescriptionDhcp Client Port Configuration AuthenticationAccess Control Lists PoEPort Trunking Class of ServiceAdditional Features Spanning Tree ProtocolStandards SNMPv3Management Information Bases Symptom Action Problems Accessing the Management InterfaceTable B-1 Troubleshooting Chart Cannot access Using System Logs Troubleshooting Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 XModem Glossary-8Virtual LAN Vlan Index Index-1Index-2 IgmpIndex-3 Index-4 Page For Technical SUPPORT, Call