Manuals / SMC Networks / Computer Equipment / Switch

SMC Networks SMC6824M manual Binding a Port to an Access Control List, 112

Models: SMC6824M

1 608

Download 608 pages 58 Kb

Page 168

CONFIGURING THE SWITCH

CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask.

Console(config)#access-list mac M4	4-139
Console(config-mac-acl)#permit any any	4-140
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11
ff-ff-ff-ff-ff-ff any vid 3	4-140
Console(config-mac-acl)#end
Console#show access-list	4-150
MAC access-list M4:
permit any any
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
Console(config)#access-list mac mask-precedence in	4-143

Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid

4-144
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/12	4-171
Console(config-if)#mac access-group M4 in	4-146

Console(config-if)#end Console#show access-list MAC access-list M4:

deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 permit any any

MAC ingress mask ACL:

mask pktformat host any vid Console#

Binding a Port to an Access Control List

After configuring the Access Control Lists (ACL), you can bind the ports that need to filter traffic to the appropriate ACLs. You can only bind a port to one ACL for each basic type – IP ingress, IP egress, MAC ingress and MAC egress.

Command Usage

•You must configure a mask for an ACL rule before you can bind it to a port.

•This switch supports ACLs for both ingress and egress filtering. However, you can only bind one IP ACL and one MAC ACL to any port for ingress filtering, and one IP ACL and one MAC ACL to any port for egress filtering. In other words, only four ACLs can be bound to an interface – Ingress IP ACL, Egress IP ACL, Ingress MAC ACL and Egress MAC ACL.

3-112

Image 168

SMC Networks SMC6824M manual Binding a Port to an Access Control List, 112

Contents

TigerStack III 10/100 Page TigerStack III 10/100 Management Guide Trademarks Limited Warranty Limited Warranty Table of Contents Table of Contents Table of Contents Table of Contents Command Line Interface ViiViii Table of Contents Table of Contents Table of Contents Xii Xiii Xiv Table of Contents Xvi Glossary Index XviiXviii Tables XixTables Xxi Xxii Figures XxiiiXxiv 37 802.1X Global InformationXxv Xxvi Key Features Key FeaturesFeature Description Description of Software Features LacpDescription of Software Features Introduction Description of Software Features Introduction System Defaults System DefaultsFunction Parameter Default Https Pvid Dhcp Connecting to the Switch Configuration OptionsInitial Configuration Required Connections Remote Connections Recovering from Stack Failure or Topology Change Stack OperationsSelecting the Stack Master Basic Configuration Resilient IP Interface for Management AccessConsole Connection Setting Passwords Setting an IP AddressManual Configuration Dynamic Configuration Enabling Snmp Management Access Clients, we recommend that you delete both of the default Community Strings for Snmp version 1 and 2c clientsConfiguring Access for Snmp Version 3 Clients Trap ReceiversSaving Configuration Settings Managing System Files Configuring Power over Ethernet Initial Configuration Configuring the Switch Using the Web InterfaceConfiguring the Switch Navigating the Web Browser Interface HomeWeb Page Configuration Buttons ButtonAction Front Panel Indicators Panel DisplaySwitch Main Menu Main MenuMenu Description Sntp ACL Vlan Mstp 206 Vlan ID Displaying System Information Field AttributesSystem Information Displaying Switch Hardware/Software Versions CLI Specify the hostname, location and contact informationManagement Software Web Click System, Switch Information General Switch InformationDisplaying Bridge Extension Capabilities Field AttributesSetting the IP Address CLI Enter the following commandWeb Click System, Bridge Extension Command Attributes Manual Configuration IP Interface Configuration ManualUsing DHCP/BOOTP IP Interface Configuration DhcpCommand Attributes Managing FirmwareDownloading System Software from a Server Copy FirmwareSetting the Startup Code Saving or Restoring Configuration Settings Command UsageBasic Configuration Downloading Configuration Settings from a Server 11 Downloading Configuration Settings for Start-Up12 Setting the Startup Configuration Settings Console Port Settings Command AttributesCLI only 13 Console Port Settings Telnet Settings Command Attributes14 Configuring the Telnet Interface Configuring Event Logging System Log ConfigurationCommand Attributes Logging LevelsRemote Log Configuration 15 System Logs16 Remote Logs Displaying Log Messages 17 Displaying LogsSending Simple Mail Transfer Protocol Alerts CLI This example shows the event message stored in RAM18 Enabling and Configuring Smtp Alerts Resetting the System 19 Resetting the SwitchSetting the System Clock Configuring SntpCLI Use the reload command to reboot the system Setting the Time Zone 20 Sntp Configuration21 Setting the Time Zone Simple Network Management ProtocolConfiguring the Switch SNMPv3 Security Models and Levels Model Level Group Read Write Notify Security ViewSetting Community Access Strings CLI The following example enables Snmp on the switchEnabling the Snmp Agent 23 Configuring Snmp Community Strings Command Usage Specifying Trap Managers and Trap TypesCommand Attributes 24 Configuring Snmp Trap Managers Configuring SNMPv3 Management Access Setting the Local Engine IDSpecifying a Remote Engine ID CLI This example sets an SNMPv3 engine IDConfiguring SNMPv3 Users CLI This example specifies a remote SNMPv3 engine IDConfiguring the Switch 27 Configuring SNMPv3 Users Configuring Remote SNMPv3 Users 169Command Attributes 28 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages Object Label Object ID DescriptionObject Label Object ID Description Rmon Events SwIpFilterRejectTrap 29 Configuring SNMPv3 Groups Setting SNMPv3 Views 16530 Configuring SNMPv3 Views User Authentication 163Configuring User Accounts Command Attributes31 Configuring User Accounts Configuring Local/Remote Logon Authentication That use software runningOn a central server to Command Attributes Radius SettingsTacacs Settings 32 Authentication Server SettingsConfiguring Https 104Https Support Web Browser Operating SystemReplacing the Default Secure-site Certificate 33 Https SettingsConfiguring the Secure Shell Command Usage Configuring the Switch Generating the Host Key Pair Field Attributes34 SSH Host-Key Settings Configuring the SSH Server SSH server includes basic settings for authentication35 SSH Server Settings Configuring Port Security Command UsageCommand Attributes 36 Enabling Port Security Configuring 802.1X Port Authentication Displaying 802.1X Global Settings 802.1X protocol provides client authentication802.1X System Authentication Control The global setting for Web Click Security, 802.1X, InformationConfiguring 802.1X Global Settings CLI This example shows the default global setting forCLI This example enables 802.1X globally for the switch Configuring Port Settings for 39 802.1X Port Configuration AuthorizedUser Authentication Displaying 802.1X Statistics 802.1X StatisticsParameter Description 40 Displaying 802.1X Statistics CLI This example displays the 802.1X statistics for portFiltering IP Addresses for Management Access Command Usage41 Entering IP Addresses to be Filtered Access Control Lists Configuring Access Control ListsSetting the ACL Name and Type Command AttributesConfiguring a Standard IP ACL Command Attributes 100CLI This example creates a standard IP ACL named bill Configuring an Extended IP ACL Command Attributes 101102 44 Configuring Extended IP ACLs 103Configuring a MAC ACL Command Attributes 104Command Usage 10545 Configuring MAC ACLs 106Configuring ACL Masks 107Specifying the Mask Type Configuring an IP ACL Mask 108This mask defines the fields to check in the IP header 47 Configuring an IP based ACL 109Configuring a MAC ACL Mask 110This mask defines the fields to check in the packet header 48 Configuring an ACL MAC Mask 111Binding a Port to an Access Control List 112113 49 Mapping ACLs to Port Ingress/Egress QueuesPort Configuration Command Attributes WebDisplaying Connection Status 114115 Field Attributes CLIWeb Click Port, Port Information or Trunk Information 116 Current statusConfiguring Interface Connections 117CLI This example shows the connection status for Port 118 51 Configuring Port Attributes 119Creating Trunk Groups 120Statically Configuring a Trunk Command Usage 12152 Static Trunk Configuration 122Enabling Lacp on Selected Ports Command Usage 12353 Lacp Port Configuration 124125 126 54 Lacp Aggregation Port Configuration 127128 129 Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages Lacp Port CountersDisplaying Lacp Settings and Status for the Local Side Lacp Internal Configuration Information130 131 132 56 Displaying Lacp Port InformationDisplaying Lacp Settings and Status for the Remote Side 10 Lacp Neighbor Configuration Information133 134 57 Displaying Remote Lacp Port InformationSetting Broadcast Storm Thresholds 135Configuring Port Mirroring 13659 Configuring a Mirror Port 137Configuring Rate Limits Command Attribute138 Showing Port Statistics 139140 11 Port Statistics141 142 Rmon Statistics143 144 61 Port StatisticsPower Over Ethernet Settings 145CLI This example shows statistics for port Switch Power Status Displays the Power over Ethernet parameters for the switch146 Setting a Switch Power Budget Web Click PoE, Power Status147 Displaying Port Power Status 148Configuring Port PoE Power Web Click PoE, Power Port Status149 65 Configuring Port PoE Power 150Address Table Settings Setting Static Addresses151 Displaying the Address Table 152153 67 Displaying the MAC Dynamic Address TableSpanning Tree Algorithm Configuration Changing the Aging Time154 CLI This example sets the aging time to 300 seconds155 Displaying Global Settings 156157 158 159 Web Click Spanning Tree, STA InformationConfiguring Global Settings Global settings apply to the entire switch160 Basic Configuration of Global Settings 161Root Device Configuration 162Configuration Settings for Rstp 16370 Configuring the Spanning Tree Algorithm 164Displaying Interface Settings 165166 167 AD B168 71 STA Port InformationConfiguring Interface Settings 169170 72 Configuring Spanning Tree Algorithm per Port 171Configuring Multiple Spanning Trees 172CLI This example sets STA attributes for port 73 Mstp Vlan Configuration 173174 Displaying Interface Settings for Mstp 175176 Configuring Interface Settings for Mstp 177178 CLI This example sets the Mstp attributes for portVlan Configuration Ieee 802.1Q VLANs179 180 Assigning Ports to VLANs181 182 Forwarding Tagged/Untagged FramesEnabling or Disabling Gvrp Global Setting CLI This example enables Gvrp for the switch183 184 Displaying Basic Vlan InformationWeb Click VLAN, 802.1Q VLAN, Basic Information 185 Displaying Current VLANsCommand Attributes CLI 186Creating VLANs 187 79 Vlan Static List Creating VLANs188 Adding Static Members to VLANs Vlan IndexCLI This example creates a new Vlan Command Attributes 189190 Adding Static Members to VLANs Port IndexConfiguring Vlan Behavior for Interfaces 191192 193 Private VLANs 194Vlan ID ID of configured Vlan 195Displaying Current Private VLANs 196 83 Displaying Private Vlan Port InformationConfiguring Private VLANs 197198 Associating Community VLANsEach community Vlan must be associated with a primary Vlan 199 Displaying Private Vlan Interface InformationConfiguring Private Vlan Interfaces 20087 Configuring Private Vlan Ports 201Class of Service Configuration Layer 2 Queue SettingsSetting the Default Priority for Interfaces 202CLI This example assigns a default priority of 5 to port 203204 Mapping CoS Values to Egress Queues12 Mapping CoS Values to Egress Queues 13 CoS Priority Levels89 Configuring Traffic Classes 205Selecting the Queue Mode 206Setting the Service Weight for Traffic Classes 207Layer 3/4 Priority Settings 208Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority209 Mapping IP Precedence14 Mapping IP Precedence 93 Mapping IP Precedence to Class of Service Values 210211 Mapping Dscp Priority15 Mapping Dscp Priority IP Dscp Value CoS Value94 Mapping IP Dscp Priority to Class of Service Values 212213 Mapping IP Port Priority214 95 Globally Enabling the IP Port Priority StatusCopy Settings 215CLI This feature not supported through the CLI 216Mapping CoS Values to ACLs 16 CoS to ACL Mapping217 98 Mapping CoS Values to ACLs218 Changing Priorities Based on ACL Rules219 99 Changing Priorities Based on ACL RulesMulticast Filtering Igmp Protocol220 Layer 2 Igmp Snooping and Query 221Configuring Igmp Snooping and Query Parameters 222100 Configuring Internet Group Management Protocol 223224 Displaying Interfaces Attached to a Multicast Router225 Specifying Interfaces Attached to a Multicast RouterDisplaying Port Members of Multicast Services 226103 Displaying Port Members of Multicast Services 227Assigning Ports to Multicast Services 228Configuring Domain Name Service Configuring General DNS Server Parameters229 230 105 Configuring DNS 231Configuring Static DNS Host to Address Entries 232233 106 Mapping IP Addresses to a Host NameDisplaying the DNS Cache 234235 Web Select DNS, Cache236 Using the Command Line Interface Accessing the CLIConsole Connection Telnet Connection Entering Commands This section describes how to enter CLI commandsKeywords and Arguments Command Completion Getting Help on CommandsShowing Commands Minimum AbbreviationCommand Line Interface Negating the Effect of Commands Using Command HistoryUnderstanding Command Modes Partial Keyword LookupExec Commands Command ModesClass Mode Configuration Commands Configuration Command Modes Mode Command PromptCommand Line Processing Keystroke CommandsKeystroke Function Command Groups Command Group IndexCommand Group Description Configures DNS services 286 Line Commands Line CommandsCommand Function Mode Password-thresh commandLine Login Syntax Login local no loginLogin local Line ConfigurationPassword Username 4-34passwordSyntax Password 0 7 password no password No password is specifiedTimeout login response Login 4-15password-threshCLI Disabled 0 seconds Telnet 300 seconds To set the timeout to two minutes, enter this commandExec-timeout Syntax Exec-timeout seconds no exec-timeoutCLI and Telnet 600 seconds 10 minutes Password-thresh Syntax Password-thresh threshold no password-threshDefault value is three attempts Silent-time DatabitsSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databitsParity Syntax Parity none even odd no parityTo specify no parity, enter this command To specify 57600 bps, enter this commandSpeed Syntax Speed bps no speedStopbits DisconnectStopbits 1 Syntax disconnect session-idShow line Syntax Show line console vtyGeneral Commands EnableGeneral Commands Syntax enable levelDisable Disable Enable passwordNone Configure Show historyThis command restarts the system This command resets the entire systemReload This example shows how to reset the switch This command returns to Privileged Exec modeEnd ExitUse this command to exit the configuration program This example shows how to quit a CLI sessionQuit System Management Commands System Management CommandsCommand Group Function Device Designation Commands Device Designation CommandsPrompt Syntax Prompt string no promptHostname Light unitSyntax Hostname name no hostname Syntax Light unit unitUser Access Commands User Access CommandsUsername 10 Default Login Settings Username Access-level PasswordEnable password Default is level is level Default password is superIP Filter Commands Enable 4-25authentication enable11 IP Filter Commands ManagementShow management Web Server Commands 12 Web Server CommandsDefault Setting Command Mode Syntax No ip http server Default SettingIp http port Ip http serverSyntax No ip http secure-server Default Setting Ip http secure-serverIp http secure-port 13 Https System SupportIp http secure-port4-42 Copy tftp https-certificate Portnumber The UDP port used for HTTPS. RangeTelnet Server Commands 14 Telnet Server CommandsIp telnet server Ip http secure-server4-41Secure Shell Commands Server Enabled Server Port15 Secure Shell Commands Command Function ModeSystem Management Commands Syntax No ip ssh server Default Setting DisabledIp ssh server Ip ssh timeout Syntax Ip ssh timeout seconds no ip ssh timeoutIp ssh crypto host-key generate 4-51 show ssh SecondsIp ssh authentication-retries Exec-timeout4-18 show ip sshIp ssh server-key size Delete public-keySyntax Delete public-key username dsa rsa Ip ssh crypto host-key generate Syntax Ip ssh crypto host-key generate dsa rsaDsa DSA Version 2 key type Rsa RSA Version 1 key type Generates both the DSA and RSA key pairsIp ssh crypto zeroize Ip ssh save host-keySyntax Ip ssh crypto zeroize dsa rsa Syntax Ip ssh save host-key dsa rsaThis command displays the current SSH server connections Show ip sshShow ssh Saves both the DSA and RSA key16 show ssh display description TerminologyShow public-key Syntax Show public-key user username hostUsername Name of an SSH user. Range 1-8 characters Shows all public keysEvent Logging Commands 17 Event Logging CommandsSyntax No logging on Default Setting Logging onLogging history Logging history 4-57clear loggingFlash errors level 3 RAM informational level 6 18 Logging LevelsLevel Severity Name Description Logging host Logging facilitySyntax No logging host hostipaddress Hostipaddress The IP address of a syslog serverDisabled Level 7 Logging trapSyntax Logging trap level no logging trap Clear log Show loggingSyntax Clear log flash ram Syntax Show logging flash ram sendmail trapFollowing example displays settings for the trap function 19 show logging flash/ram display descriptionShow log 20 show logging trap display descriptionSyntax Show log flash ram Smtp Alert Commands 21 Smtp CommandsLogging sendmail host Following example shows the event message stored in RAMLogging sendmail level Syntax Logging sendmail level levelLogging sendmail source-email Syntax Logging sendmail source-email email-addressSyntax No logging sendmail Default Setting Logging sendmail destination-emailLogging sendmail Syntax No logging sendmail destination-email email-addressTime Commands 22 Time CommandsShow logging sendmail Syntax No sntp client Default Setting Sntp clientSntp server Sntp server 4-70 sntp poll 4-71 show sntpSyntax Sntp server ip1 ip2 ip3 Sntp poll Sntp client 4-69 sntp poll 4-71 show sntpSyntax Sntp poll seconds no sntp poll Show sntp Sntp clientClock timezone NoneThis command displays the system clock Calendar setShow calendar SyntaxSystem Status Commands Show startup-config23 System Status Commands Example Show running-config Related CommandsShow startup-config This command displays system information Show systemShow users Show versionFlash/File Commands 24 Flash/File CommandsCopy Privileged ExecCommand Usage Following example shows how to download a configuration file Command Line Interface This command deletes a file or image DeleteDir Delete public-key This command displays a list of files in flash memory Syntax Dir unit boot-rom config opcode filenameDir 25 File Directory InformationWhichboot Following example shows how to display all file informationBoot system Syntax Boot system unit boot-romconfig opcode filenameDir 4-87whichboot Power over Ethernet Commands 26 PoE CommandsCommand Group Function Mode Power mainpower maximum allocation Power inline compatibleSyntax Power mainpower maximum allocation watts unit unit Syntax No power inline compatibleCompatible Mode Enabled Power inline Power inline maximum allocationSyntax No power inline Default Setting Power inline priority LowShow power inline status Syntax Show power inline status interfaceEthernet Unit Stack unit. Range Port Port number. RangeShow power mainpower 27 show power inline status parameters28 show power mainpower parameters Mainpower maximum allocation onAuthentication Commands Authentication Sequence29 Authentication Commands 30 Authentication Sequence CommandAuthentication login LocalAuthentication enable Username for setting the local user names and passwords31 Radius Client Commands Radius ClientDefault Setting Auth-port Timeout 5 secondsRetransmit Command Mode Radius-server hostRadius-server port Radius-server keySyntax Radius-server port portnumber no radius-server port 1812Radius-server timeout Radius-server retransmitShow radius-server Privileged Exec32 TACACS+ Client Commands TACACS+ ClientTacacs-server host Hostipaddress IP address of a TACACS+ serverTacacs-server port Tacacs-server keySyntax Tacacs-server port portnumber no tacacs-server port Syntax Tacacs-server key keystring no tacacs-server keyPort Security Commands Show tacacs-server33 Port Security Commands Status Disabled Action None Maximum AddressesInterface Configuration Ethernet Port security109 802.1X Port Authentication 34 802.1X Port Authentication CommandsDot1x default Syntax No dot1x system-auth-control Default SettingDot1x system-auth-control Dot1x max-reqDefault Command Mode DefaultDot1x port-control Force-authorizedDot1x operation-mode Single-hostDot1x re-authenticate Dot1x re-authenticationSyntax Dot1x re-authenticate interface Syntax No dot1x re-authentication Command ModeDot1x timeout quiet-period Dot1x timeout re-authperiodSeconds The number of seconds. Range Dot1x timeout tx-period Show dot1xSyntax Show dot1x statistics interface interface Statistics Displays dot1x status for each port Interface117 Authenticator State Machine State- Current state including initialize, reauthenticateAccess Control List Commands Access Control ListsAccess Control List Commands Masks for Access Control Lists 35 Access Control List CommandsCommand Groups Function 36 IP ACL Commands IP ACLsAccess-list ip Syntax No access-list ip standard extended aclnameAccess-list ip extended fragment-auto-mask Permit, deny Standard ACLPermit, deny Extended ACL Standard ACLNo permit deny tcp Extended ACL127 Show ip access-list This command displays the rules for configured IP ACLsSyntax Show ip access-list standard extended aclname Permit, deny Ip access-group4-134Access-list ip mask-precedence Syntax No access-list ip mask-precedence in outMask IP ACL 4-130 ip access-group4-134 Syntax No mask protocol IP Mask131 132 Show access-list ip mask-precedence Syntax Show access-list ip mask-precedence in outIp access-group Syntax No ip access-group aclname in outShow ip access-group Map access-list ipShow ip access-list4-128 This command shows the ports assigned to IP ACLsShow map access-list ip Queue cos-map4-257 Show map access-list ipSyntax Show map access-list ip interface 37 Egress Queue Priority MappingMatch access-list ip Map access-list ipMatch access-list ip 38 MAC ACL CommandsShow marking MAC ACLsAccess-list mac Syntax No access-list mac aclnamePermit, deny MAC ACL Syntax No permit denyMAC ACL Show mac access-list This command displays the rules for configured MAC ACLsSyntax Show mac access-list aclname Permit, deny Mac access-group4-146Access-list mac mask-precedence Mask MAC ACL 4-144 mac access-group4-146Syntax No mask pktformat MAC Mask145 This example creates an Egress MAC ACLShow access-list mac mask-precedence Mac access-groupSyntax Show access-list mac mask-precedence in out Syntax Mac access-group aclname in outShow mac access-group Map access-list macShow mac access-list4-142 This command shows the ports assigned to MAC ACLsShow map access-list mac Queue cos-map4-257 Show map access-list macSyntax Show map access-list mac interface 39 Mapping CoS Values to MAC ACL RulesMatch access-list mac Map access-list macShow access-list ACL Information40 ACL Information Snmp Commands Show access-groupThis command shows the port assignments of ACLs 41 Snmp CommandsSyntax No snmp-server Default Setting Snmp-serverShow snmp NoneSnmp-server community Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Snmp-server location Syntax Snmp-server location text no snmp-server location156 Snmp-server host157 158 Snmp-server enable traps Issue authentication and link-up-down trapsSnmp-server engine-id Snmp-server hostThis command shows the Snmp engine ID This example shows the default engine IDShow snmp engine-id Defaultview includes access to the entire MIB tree Snmp-server view42 show snmp engine-id display description This command shows information on the Snmp views Show snmp viewExamples This view includes MIB-2164 Snmp-server groupCommand Usage Show snmp group166 44 show snmp group display descriptionDefault Setting Snmp-server user168 This command shows information on Snmp users Show snmp user45 show snmp user display description Interface Commands 46 Interface CommandsInterface DescriptionPort-channel channel-idRange Syntax Description string no descriptionInterface Configuration Ethernet, Port Channel Speed-duplexFollowing example adds a description to port Syntax No negotiation Default Setting NegotiationNegotiation 4-173capabilities Following example configures port 11 to use autonegotiation CapabilitiesNegotiation 4-173speed-duplex Syntax No flowcontrol Default Setting Flow control enabledFlowcontrol Negotiation 4-173speed-duplex4-172 flowcontrolFollowing example enables flow control on port Syntax No shutdown Default SettingAll interfaces are enabled ShutdownSwitchport broadcast packet-rate Following example disables portThis command clears statistics on an interface Port-channel channel-idRange Default SettingClear counters Syntax Clear counters interfaceThis command displays the status for an interface Show interfaces statusSyntax Show interfaces status interface Shows the status for all interfacesThis command displays interface statistics Show interfaces countersSyntax Show interfaces counters interface Shows the counters for all interfaces181 Show interfaces switchport Syntax Show interfaces switchport interfaceThis example shows the configuration setting for port Shows all interfaces47 show interfaces switchport display description Field DescriptionMirror Port Commands 48 Mirror Port CommandsInterface Configuration Ethernet, destination port Port monitorThis command displays mirror information Show port monitorSyntax Show port monitor interface Shows all sessionsRate Limit Commands Following shows mirroring configured from port 6 to port49 Rate Limit Commands Interface Configuration Ethernet, Port Channel Rate-limitLink Aggregation Commands 50 Link Aggregation CommandsGuidelines for Creating Trunks General GuidelinesSyntax no lacp Default Setting Channel-groupLacp Syntax Channel-group channel-idno channel-group191 Lacp system-priority 32768Lacp admin-keyEthernet Interface Lacp admin-key Port Channel Syntax Lacp admin-key key no lacp admin-keyDefault Setting Lacp port-priorityThis command displays Lacp information Show lacpPort Channel all 51 show lacp counters display description197 52 show lacp internal display descriptionPartner 199 53 show lacp neighbors display descriptionAddress Table Commands 55 Address Table Commands54 show lacp sysid display description Mac-address-table static Mac-address- MAC addressVlan-id- Vlan ID Range Clear mac-address-table dynamic Show mac-address-tableMac-address- MAC address Mask Bits to match in the address Mac-address-table aging-time SecondsSpanning Tree Commands 56 Spanning Tree CommandsShow mac-address-table aging-time RSTP/MSTP Syntax No spanning-tree Default Setting Spanning tree is enabledSpanning-tree Spanning-tree mode Rstp208 Spanning-tree forward-timeSpanning-tree hello-time Seconds210 Spanning-tree max-ageSpanning-tree default priority Spanning-tree priorityIeee 802.1t format Spanning-tree pathcost method Long methodThis command limits the maximum transmission rate for BPDUs Spanning-tree transmission-limitCount -The transmission limit in seconds. Range Spanning-tree backup-root Spanning-tree mst-configurationSyntax No spanning-tree backup-root Default Setting MST Configuration Mst vlanMst priority Mst instanceid priority priority no mst instanceid prioritySwitch’s MAC address NameSyntax name name Name Name of the spanning treeRevision Max-hopsSyntax revision number Number Revision number of the spanning tree. RangeSpanning-tree spanning-disabled Syntax No spanning-tree spanning-disabled Default SettingThis example disables the Spanning Tree Algorithm for port Spanning-tree cost Syntax Spanning-tree cost cost no spanning-tree costSpanning-tree port-priority Spanning-tree edge-portPriority The priority for a port. Range 0-240, in steps Syntax No spanning-tree edge-portSyntax No spanning-tree portfast Default Setting Spanning-tree portfastSpanning-tree link-type Spanning-treeedge-port4-221Spanning-tree mst cost AutoSpanning-tree mst port-priority Spanning-tree mst port-priority4-225Port-channel channel-idRange Command Mode Spanning-tree protocol-migrationSyntax Spanning-tree protocol-migration interface Show spanning-tree Syntax Show spanning-tree interface mst instanceid228 Show spanning-tree mst configuration 229Vlan Commands 57 Vlan CommandsEditing Vlan Groups Vlan databaseBy default only Vlan 1 exists and is active VlanConfiguring Vlan Interfaces Vlan Database Configuration59 Configuring Vlan Interfaces Interface vlan Syntax Interface vlan vlan-idShutdown Switchport mode Syntax Switchport mode trunk hybrid no switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types All frame typesSwitchport ingress-filtering Syntax No switchport ingress-filtering Default SettingSwitchport native vlan 237Switchport allowed vlan 238Switchport forbidden vlan 239No VLANs are included in the forbidden list 240 Displaying Vlan InformationShow vlan 60 Displaying Vlan InformationFollowing example shows how to display information for Vlan 61 Private Vlan Commands241 242 243 Private-vlan244 Private-vlan associationNo private-vlan primary-vlan-idassociation Switchport mode private-vlan 245Normal Vlan Switchport private-vlan host-association Switchport private-vlan mapping246 247 Show vlan private-vlanSyntax Show vlan private-vlan community primary Gvrp and Bridge Extension Commands 62 Gvrp and Bridge Extension Commands248 Syntax No bridge-ext gvrp Default Setting 249Bridge-ext gvrp Show bridge-extSwitchport gvrp Show gvrp configurationSyntax No switchport gvrp Default Setting Syntax Show gvrp configuration interfaceGarp timer Shows both global and interface-specific configuration251 Show garp timer Syntax Show garp timer interfaceShows all Garp timers 252Priority Commands 63 Priority Commands253 Priority Commands Layer Queue mode64 Priority Commands Layer Syntax Queue mode strict wrr no queue mode255 Queue bandwidthSwitchport priority default 256257 Queue cos-map65 Default CoS Priority Levels 258Show queue mode This command shows the current queue mode259 Show queue bandwidthPriority Commands Layer 3 66 Priority Commands Layer 3260 Show queue cos-mapSyntax No map ip port Default Setting 261Syntax No map ip precedence Default Setting 262List below shows the default priority mapping 26367 Mapping IP Precedence to CoS Values Syntax No map ip dscp Default Setting 264265 68 Mapping IP Dscp to CoS ValuesThis command shows the IP port priority map 266Show map ip port Syntax Show map ip port interfaceThis command shows the IP precedence priority map 267Show map ip precedence Syntax Show map ip precedence interfaceThis command shows the IP Dscp priority map 268Show map ip dscp Syntax Show map ip dscp interfaceMulticast Filtering Commands Igmp Snooping Commands69 Multicast Filtering Commands 70 Igmp Snooping CommandsSyntax No ip igmp snooping Default Setting Following example enables Igmp snooping270 Ip igmp snoopingFollowing configures the switch to use Igmp Version 271Ip igmp snooping version Igmp Version272 Show ip igmp snoopingShow mac-address-table multicast Igmp Query Commands Layer 71 Igmp Query Commands Layer273 Ip igmp snooping querier274 Ip igmp snooping query-countTimes Following shows how to configure the query count to 275Ip igmp snooping query-interval Seconds The report delay advertised in Igmp queries. Range 276Ip igmp snooping query-max-response-time Switch must use IGMPv2 for this command to take effect 277Ip igmp snooping router-port-expire-time Static Multicast Routing Commands 72 Static Multicast Routing Commands278 Ip igmp snooping vlan mrouterDisplays multicast router ports for all configured VLANs 279Show ip igmp snooping mrouter Syntax Show ip igmp snooping mrouter vlan vlan-idIP Interface Commands 73 IP Interface Command Syntax280 Ip addressInterface Configuration Vlan 281Ip default-gateway Syntax Ip default-gateway gateway no ip default-gateway282 Ip dhcp restart283 Show ip interfaceThis command has no default for the host 284Show ip redirects Ping285 DNS Commands 74 DNS Commands286 287 Ip hostNo static entries This example maps two address to a host name288 Clear hostIp domain-name Syntax Clear host name289 Ip domain-listSyntax No ip domain-list name 290 Ip name-serverIp domain-name4-288 Syntax No ip domain-lookup Default Setting 291Ip domain-lookup Ip domain-name4-288 ip domain-lookup4-291292 Show hostsIp domain-name4-288 ip name-server4-290 This command displays the configuration of the DNS server This command displays entries in the DNS cache293 Show dnsThis command clears all entries in the DNS cache 294Clear dns cache 75 Show DNS Output DescriptionAuthentication Access Control ListsDhcp Client Port Configuration PoEClass of Service Additional FeaturesPort Trunking Spanning Tree ProtocolStandards SNMPv3Management Information Bases Problems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom Action Cannot access Using System Logs Troubleshooting Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 Virtual LAN VlanXModem Index Index-1Index-2 IgmpIndex-3 Index-4 Page For Technical SUPPORT, Call