Manuals / SMC Networks / Computer Equipment / Switch

SMC Networks SMC6824M manual Masks for Access Control Lists, Access Control List Commands

Models: SMC6824M

1 608

Page 413

COMMAND LINE INTERFACE

•Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown packets.

The order in which active ACLs are checked is as follows:

1.User-defined rules in the Egress MAC ACL for egress ports.

2.User-defined rules in the Egress IP ACL for egress ports.

3.User-defined rules in the Ingress MAC ACL for ingress ports.

4.User-defined rules in the Ingress IP ACL for ingress ports.

5.Explicit default rule (permit any any) in the ingress IP ACL for ingress ports.

6.Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports.

7.If no explicit rule is matched, the implicit default is permit all.

Masks for Access Control Lists

You must specify masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny the rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ACL. A mask must be bound exclusively to one of the basic ACL types (i.e., Ingress IP ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL), but a mask can be bound to up to four ACLs of the same type.

Table 4-35 Access Control List Commands

Command Groups	Function	Page

IP ACLs	Configures ACLs based on IP addresses, TCP/UDP	4-122
	port number, protocol type, and TCP control code

MAC ACLs	Configures ACLs based on hardware addresses, packet	4-138
	format, and Ethernet type

ACL Information	Displays ACLs and associated rules; shows ACLs	4-150
	assigned to each port

4-121

Page 413

Image 413

SMC Networks SMC6824M manual Masks for Access Control Lists, Access Control List Commands, Command Groups Function

Contents

TigerStack III 10/100 Page TigerStack III 10/100 Management Guide Trademarks Limited Warranty Limited Warranty Table of Contents Table of Contents Table of Contents Table of Contents Vii Command Line InterfaceViii Table of Contents Table of Contents Table of Contents Xii Xiii Xiv Table of Contents Xvi Xvii Glossary IndexXviii Xix TablesTables Xxi Xxii Xxiii Figures37 802.1X Global Information XxivXxv Xxvi Feature Description Key FeaturesKey Features Lacp Description of Software FeaturesDescription of Software Features Introduction Description of Software Features Introduction Function Parameter Default System DefaultsSystem Defaults Https Pvid Dhcp Configuration Options Connecting to the SwitchInitial Configuration Required Connections Remote Connections Selecting the Stack Master Recovering from Stack Failure or Topology ChangeStack Operations Console Connection Basic ConfigurationResilient IP Interface for Management Access Setting an IP Address Setting PasswordsManual Configuration Dynamic Configuration Enabling Snmp Management Access Community Strings for Snmp version 1 and 2c clients Clients, we recommend that you delete both of the defaultTrap Receivers Configuring Access for Snmp Version 3 ClientsSaving Configuration Settings Managing System Files Configuring Power over Ethernet Initial Configuration Using the Web Interface Configuring the SwitchConfiguring the Switch Home Navigating the Web Browser InterfaceAction Web Page Configuration ButtonsButton Panel Display Front Panel IndicatorsMenu Description Switch Main MenuMain Menu Sntp ACL Vlan Mstp 206 Vlan ID Field Attributes Displaying System InformationSystem Information CLI Specify the hostname, location and contact information Displaying Switch Hardware/Software VersionsManagement Software General Switch Information Web Click System, Switch InformationField Attributes Displaying Bridge Extension CapabilitiesWeb Click System, Bridge Extension Setting the IP AddressCLI Enter the following command Command Attributes IP Interface Configuration Manual Manual ConfigurationIP Interface Configuration Dhcp Using DHCP/BOOTPManaging Firmware Command AttributesCopy Firmware Downloading System Software from a ServerSetting the Startup Code Command Usage Saving or Restoring Configuration SettingsBasic Configuration 11 Downloading Configuration Settings for Start-Up Downloading Configuration Settings from a Server12 Setting the Startup Configuration Settings Command Attributes Console Port SettingsCLI only 13 Console Port Settings Command Attributes Telnet Settings14 Configuring the Telnet Interface System Log Configuration Configuring Event LoggingLogging Levels Command Attributes15 System Logs Remote Log Configuration16 Remote Logs 17 Displaying Logs Displaying Log MessagesCLI This example shows the event message stored in RAM Sending Simple Mail Transfer Protocol Alerts18 Enabling and Configuring Smtp Alerts 19 Resetting the Switch Resetting the SystemCLI Use the reload command to reboot the system Setting the System ClockConfiguring Sntp 20 Sntp Configuration Setting the Time ZoneSimple Network Management Protocol 21 Setting the Time ZoneConfiguring the Switch Model Level Group Read Write Notify Security View SNMPv3 Security Models and LevelsEnabling the Snmp Agent Setting Community Access StringsCLI The following example enables Snmp on the switch 23 Configuring Snmp Community Strings Specifying Trap Managers and Trap Types Command UsageCommand Attributes 24 Configuring Snmp Trap Managers Setting the Local Engine ID Configuring SNMPv3 Management AccessCLI This example sets an SNMPv3 engine ID Specifying a Remote Engine IDCLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 UsersConfiguring the Switch 27 Configuring SNMPv3 Users 169 Configuring Remote SNMPv3 UsersCommand Attributes 28 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Object Label Object ID Description Supported Notification MessagesObject Label Object ID Description Rmon Events SwIpFilterRejectTrap 29 Configuring SNMPv3 Groups 165 Setting SNMPv3 Views30 Configuring SNMPv3 Views 163 User AuthenticationCommand Attributes Configuring User Accounts31 Configuring User Accounts On a central server to Configuring Local/Remote Logon AuthenticationThat use software running Radius Settings Command Attributes32 Authentication Server Settings Tacacs Settings104 Configuring HttpsWeb Browser Operating System Https Support33 Https Settings Replacing the Default Secure-site CertificateConfiguring the Secure Shell Command Usage Configuring the Switch Field Attributes Generating the Host Key Pair34 SSH Host-Key Settings SSH server includes basic settings for authentication Configuring the SSH Server35 SSH Server Settings Command Usage Configuring Port SecurityCommand Attributes 36 Enabling Port Security Configuring 802.1X Port Authentication 802.1X protocol provides client authentication Displaying 802.1X Global Settings802.1X System Authentication Control The global setting for Web Click Security, 802.1X, InformationCLI This example enables 802.1X globally for the switch Configuring 802.1X Global SettingsCLI This example shows the default global setting for Configuring Port Settings for Authorized 39 802.1X Port ConfigurationUser Authentication Parameter Description Displaying 802.1X Statistics802.1X Statistics CLI This example displays the 802.1X statistics for port 40 Displaying 802.1X StatisticsCommand Usage Filtering IP Addresses for Management Access41 Entering IP Addresses to be Filtered Configuring Access Control Lists Access Control ListsCommand Attributes Setting the ACL Name and TypeCLI This example creates a standard IP ACL named bill Configuring a Standard IP ACL Command Attributes100 101 Configuring an Extended IP ACL Command Attributes102 103 44 Configuring Extended IP ACLs104 Configuring a MAC ACL Command Attributes105 Command Usage106 45 Configuring MAC ACLsSpecifying the Mask Type Configuring ACL Masks107 This mask defines the fields to check in the IP header Configuring an IP ACL Mask108 109 47 Configuring an IP based ACLThis mask defines the fields to check in the packet header Configuring a MAC ACL Mask110 111 48 Configuring an ACL MAC Mask112 Binding a Port to an Access Control List49 Mapping ACLs to Port Ingress/Egress Queues 113Command Attributes Web Port ConfigurationDisplaying Connection Status 114Web Click Port, Port Information or Trunk Information 115Field Attributes CLI Current status 116CLI This example shows the connection status for Port Configuring Interface Connections117 118 119 51 Configuring Port Attributes120 Creating Trunk Groups121 Statically Configuring a Trunk Command Usage122 52 Static Trunk Configuration123 Enabling Lacp on Selected Ports Command Usage124 53 Lacp Port Configuration125 126 127 54 Lacp Aggregation Port Configuration128 Displaying Lacp Port Counters 129You can display statistics for Lacp protocol messages Lacp Port Counters130 Displaying Lacp Settings and Status for the Local SideLacp Internal Configuration Information 131 56 Displaying Lacp Port Information 132133 Displaying Lacp Settings and Status for the Remote Side10 Lacp Neighbor Configuration Information 57 Displaying Remote Lacp Port Information 134135 Setting Broadcast Storm Thresholds136 Configuring Port Mirroring137 59 Configuring a Mirror Port138 Configuring Rate LimitsCommand Attribute 139 Showing Port Statistics11 Port Statistics 140141 Rmon Statistics 142143 61 Port Statistics 144CLI This example shows statistics for port Power Over Ethernet Settings145 146 Switch Power StatusDisplays the Power over Ethernet parameters for the switch 147 Setting a Switch Power BudgetWeb Click PoE, Power Status 148 Displaying Port Power Status149 Configuring Port PoE PowerWeb Click PoE, Power Port Status 150 65 Configuring Port PoE Power151 Address Table SettingsSetting Static Addresses 152 Displaying the Address Table67 Displaying the MAC Dynamic Address Table 153Changing the Aging Time Spanning Tree Algorithm Configuration154 CLI This example sets the aging time to 300 seconds155 156 Displaying Global Settings157 158 Web Click Spanning Tree, STA Information 159160 Configuring Global SettingsGlobal settings apply to the entire switch 161 Basic Configuration of Global Settings162 Root Device Configuration163 Configuration Settings for Rstp164 70 Configuring the Spanning Tree Algorithm165 Displaying Interface Settings166 AD B 16771 STA Port Information 168169 Configuring Interface Settings170 171 72 Configuring Spanning Tree Algorithm per PortCLI This example sets STA attributes for port Configuring Multiple Spanning Trees172 173 73 Mstp Vlan Configuration174 175 Displaying Interface Settings for Mstp176 177 Configuring Interface Settings for MstpCLI This example sets the Mstp attributes for port 178179 Vlan ConfigurationIeee 802.1Q VLANs Assigning Ports to VLANs 180181 Forwarding Tagged/Untagged Frames 182183 Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Web Click VLAN, 802.1Q VLAN, Basic Information 184Displaying Basic Vlan Information Displaying Current VLANs 185Creating VLANs Command Attributes CLI186 79 Vlan Static List Creating VLANs 187CLI This example creates a new Vlan 188Adding Static Members to VLANs Vlan Index 189 Command AttributesAdding Static Members to VLANs Port Index 190191 Configuring Vlan Behavior for Interfaces192 193 194 Private VLANsDisplaying Current Private VLANs Vlan ID ID of configured Vlan195 83 Displaying Private Vlan Port Information 196197 Configuring Private VLANsEach community Vlan must be associated with a primary Vlan 198Associating Community VLANs Displaying Private Vlan Interface Information 199200 Configuring Private Vlan Interfaces201 87 Configuring Private Vlan PortsLayer 2 Queue Settings Class of Service ConfigurationSetting the Default Priority for Interfaces 202203 CLI This example assigns a default priority of 5 to portMapping CoS Values to Egress Queues 20412 Mapping CoS Values to Egress Queues 13 CoS Priority Levels205 89 Configuring Traffic Classes206 Selecting the Queue Mode207 Setting the Service Weight for Traffic Classes208 Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority14 Mapping IP Precedence 209Mapping IP Precedence 210 93 Mapping IP Precedence to Class of Service ValuesMapping Dscp Priority 21115 Mapping Dscp Priority IP Dscp Value CoS Value212 94 Mapping IP Dscp Priority to Class of Service ValuesMapping IP Port Priority 21395 Globally Enabling the IP Port Priority Status 214215 Copy Settings216 CLI This feature not supported through the CLIMapping CoS Values to ACLs 16 CoS to ACL Mapping98 Mapping CoS Values to ACLs 217Changing Priorities Based on ACL Rules 21899 Changing Priorities Based on ACL Rules 219220 Multicast FilteringIgmp Protocol 221 Layer 2 Igmp Snooping and Query222 Configuring Igmp Snooping and Query Parameters223 100 Configuring Internet Group Management ProtocolDisplaying Interfaces Attached to a Multicast Router 224Specifying Interfaces Attached to a Multicast Router 225226 Displaying Port Members of Multicast Services227 103 Displaying Port Members of Multicast Services228 Assigning Ports to Multicast Services229 Configuring Domain Name ServiceConfiguring General DNS Server Parameters 230 231 105 Configuring DNS232 Configuring Static DNS Host to Address Entries106 Mapping IP Addresses to a Host Name 233234 Displaying the DNS CacheWeb Select DNS, Cache 235236 Console Connection Using the Command Line InterfaceAccessing the CLI Telnet Connection Keywords and Arguments Entering CommandsThis section describes how to enter CLI commands Getting Help on Commands Command CompletionShowing Commands Minimum AbbreviationCommand Line Interface Using Command History Negating the Effect of CommandsUnderstanding Command Modes Partial Keyword LookupClass Mode Exec CommandsCommand Modes Configuration Commands Mode Command Prompt Configuration Command ModesKeystroke Function Command Line ProcessingKeystroke Commands Command Group Description Command GroupsCommand Group Index Configures DNS services 286 Line Commands Line CommandsCommand Function Mode Password-thresh commandLine Syntax Login local no login LoginLogin local Line ConfigurationUsername 4-34password PasswordSyntax Password 0 7 password no password No password is specifiedLogin 4-15password-thresh Timeout login responseCLI Disabled 0 seconds Telnet 300 seconds To set the timeout to two minutes, enter this commandCLI and Telnet 600 seconds 10 minutes Exec-timeoutSyntax Exec-timeout seconds no exec-timeout Default value is three attempts Password-threshSyntax Password-thresh threshold no password-thresh Databits Silent-timeSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databitsSyntax Parity none even odd no parity ParityTo specify 57600 bps, enter this command To specify no parity, enter this commandSpeed Syntax Speed bps no speedDisconnect StopbitsStopbits 1 Syntax disconnect session-idSyntax Show line console vty Show lineEnable General CommandsGeneral Commands Syntax enable levelNone DisableDisable Enable password Show history ConfigureReload This command restarts the systemThis command resets the entire system This command returns to Privileged Exec mode This example shows how to reset the switchEnd ExitQuit Use this command to exit the configuration programThis example shows how to quit a CLI session Command Group Function System Management CommandsSystem Management Commands Device Designation Commands Device Designation CommandsPrompt Syntax Prompt string no promptLight unit HostnameSyntax Hostname name no hostname Syntax Light unit unitUsername User Access CommandsUser Access Commands Username Access-level Password 10 Default Login SettingsDefault is level is level Default password is super Enable passwordEnable 4-25authentication enable IP Filter Commands11 IP Filter Commands ManagementShow management 12 Web Server Commands Web Server CommandsSyntax No ip http server Default Setting Default Setting Command ModeIp http port Ip http serverIp http secure-server Syntax No ip http secure-server Default Setting13 Https System Support Ip http secure-portIp http secure-port4-42 Copy tftp https-certificate Portnumber The UDP port used for HTTPS. Range14 Telnet Server Commands Telnet Server CommandsIp telnet server Ip http secure-server4-41Server Enabled Server Port Secure Shell CommandsCommand Function Mode 15 Secure Shell CommandsSystem Management Commands Ip ssh server Syntax No ip ssh server Default SettingDisabled Syntax Ip ssh timeout seconds no ip ssh timeout Ip ssh timeoutIp ssh crypto host-key generate 4-51 show ssh SecondsExec-timeout4-18 show ip ssh Ip ssh authentication-retriesSyntax Delete public-key username dsa rsa Ip ssh server-key sizeDelete public-key Syntax Ip ssh crypto host-key generate dsa rsa Ip ssh crypto host-key generateDsa DSA Version 2 key type Rsa RSA Version 1 key type Generates both the DSA and RSA key pairsIp ssh save host-key Ip ssh crypto zeroizeSyntax Ip ssh crypto zeroize dsa rsa Syntax Ip ssh save host-key dsa rsaShow ip ssh This command displays the current SSH server connectionsShow ssh Saves both the DSA and RSA keyTerminology 16 show ssh display descriptionSyntax Show public-key user username host Show public-keyUsername Name of an SSH user. Range 1-8 characters Shows all public keys17 Event Logging Commands Event Logging CommandsLogging on Syntax No logging on Default SettingLogging history Logging history 4-57clear loggingLevel Severity Name Description Flash errors level 3 RAM informational level 618 Logging Levels Logging facility Logging hostSyntax No logging host hostipaddress Hostipaddress The IP address of a syslog serverSyntax Logging trap level no logging trap Disabled Level 7Logging trap Show logging Clear logSyntax Clear log flash ram Syntax Show logging flash ram sendmail trap19 show logging flash/ram display description Following example displays settings for the trap functionSyntax Show log flash ram Show log20 show logging trap display description 21 Smtp Commands Smtp Alert CommandsLogging sendmail host Following example shows the event message stored in RAMSyntax Logging sendmail level level Logging sendmail levelSyntax Logging sendmail source-email email-address Logging sendmail source-emailLogging sendmail destination-email Syntax No logging sendmail Default SettingLogging sendmail Syntax No logging sendmail destination-email email-addressShow logging sendmail Time Commands22 Time Commands Sntp client Syntax No sntp client Default SettingSyntax Sntp server ip1 ip2 ip3 Sntp serverSntp server 4-70 sntp poll 4-71 show sntp Syntax Sntp poll seconds no sntp poll Sntp pollSntp client 4-69 sntp poll 4-71 show sntp Sntp client Show sntpNone Clock timezoneCalendar set This command displays the system clockShow calendar Syntax23 System Status Commands System Status CommandsShow startup-config Example Related Commands Show running-configShow startup-config Show system This command displays system informationShow version Show users24 Flash/File Commands Flash/File CommandsPrivileged Exec CopyCommand Usage Following example shows how to download a configuration file Command Line Interface Dir Delete public-key This command deletes a file or imageDelete Syntax Dir unit boot-rom config opcode filename This command displays a list of files in flash memoryDir 25 File Directory InformationFollowing example shows how to display all file information WhichbootDir 4-87whichboot Boot systemSyntax Boot system unit boot-romconfig opcode filename Command Group Function Mode Power over Ethernet Commands26 PoE Commands Power inline compatible Power mainpower maximum allocationSyntax Power mainpower maximum allocation watts unit unit Syntax No power inline compatibleCompatible Mode Enabled Syntax No power inline Default Setting Power inlinePower inline maximum allocation Low Power inline prioritySyntax Show power inline status interface Show power inline statusEthernet Unit Stack unit. Range Port Port number. Range27 show power inline status parameters Show power mainpower28 show power mainpower parameters Mainpower maximum allocation onAuthentication Sequence Authentication Commands29 Authentication Commands 30 Authentication Sequence CommandLocal Authentication loginUsername for setting the local user names and passwords Authentication enableRadius Client 31 Radius Client CommandsTimeout 5 seconds Default Setting Auth-portRetransmit Command Mode Radius-server hostRadius-server key Radius-server portSyntax Radius-server port portnumber no radius-server port 1812Radius-server retransmit Radius-server timeoutPrivileged Exec Show radius-serverTACACS+ Client 32 TACACS+ Client CommandsTacacs-server host Hostipaddress IP address of a TACACS+ serverTacacs-server key Tacacs-server portSyntax Tacacs-server port portnumber no tacacs-server port Syntax Tacacs-server key keystring no tacacs-server keyShow tacacs-server Port Security CommandsStatus Disabled Action None Maximum Addresses 33 Port Security CommandsInterface Configuration Ethernet Port security109 34 802.1X Port Authentication Commands 802.1X Port AuthenticationSyntax No dot1x system-auth-control Default Setting Dot1x defaultDot1x system-auth-control Dot1x max-reqDefault Default Command ModeDot1x port-control Force-authorizedSingle-host Dot1x operation-modeDot1x re-authentication Dot1x re-authenticateSyntax Dot1x re-authenticate interface Syntax No dot1x re-authentication Command ModeSeconds The number of seconds. Range Dot1x timeout quiet-periodDot1x timeout re-authperiod Show dot1x Dot1x timeout tx-periodSyntax Show dot1x statistics interface interface Statistics Displays dot1x status for each port Interface117 State- Current state including initialize, reauthenticate Authenticator State MachineAccess Control Lists Access Control List CommandsAccess Control List Commands Command Groups Function Masks for Access Control Lists35 Access Control List Commands IP ACLs 36 IP ACL CommandsSyntax No access-list ip standard extended aclname Access-list ipPermit, deny Standard ACL Access-list ip extended fragment-auto-maskStandard ACL Permit, deny Extended ACLExtended ACL No permit deny tcp127 This command displays the rules for configured IP ACLs Show ip access-listSyntax Show ip access-list standard extended aclname Permit, deny Ip access-group4-134Mask IP ACL 4-130 ip access-group4-134 Access-list ip mask-precedenceSyntax No access-list ip mask-precedence in out IP Mask Syntax No mask protocol131 132 Syntax Show access-list ip mask-precedence in out Show access-list ip mask-precedenceSyntax No ip access-group aclname in out Ip access-groupMap access-list ip Show ip access-groupShow ip access-list4-128 This command shows the ports assigned to IP ACLsQueue cos-map4-257 Show map access-list ip Show map access-list ipSyntax Show map access-list ip interface 37 Egress Queue Priority MappingMap access-list ip Match access-list ip38 MAC ACL Commands Match access-list ipShow marking MAC ACLsSyntax No access-list mac aclname Access-list macSyntax No permit deny Permit, deny MAC ACLMAC ACL This command displays the rules for configured MAC ACLs Show mac access-listSyntax Show mac access-list aclname Permit, deny Mac access-group4-146Mask MAC ACL 4-144 mac access-group4-146 Access-list mac mask-precedenceMAC Mask Syntax No mask pktformatThis example creates an Egress MAC ACL 145Mac access-group Show access-list mac mask-precedenceSyntax Show access-list mac mask-precedence in out Syntax Mac access-group aclname in outMap access-list mac Show mac access-groupShow mac access-list4-142 This command shows the ports assigned to MAC ACLsQueue cos-map4-257 Show map access-list mac Show map access-list macSyntax Show map access-list mac interface 39 Mapping CoS Values to MAC ACL RulesMap access-list mac Match access-list mac40 ACL Information Show access-listACL Information Show access-group Snmp CommandsThis command shows the port assignments of ACLs 41 Snmp CommandsSnmp-server Syntax No snmp-server Default SettingNone Show snmpSyntax Snmp-server contact string no snmp-server contact Snmp-server communitySnmp-server contact Syntax Snmp-server location text no snmp-server location Snmp-server locationSnmp-server host 156157 158 Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server host Snmp-server engine-idShow snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID 42 show snmp engine-id display description Defaultview includes access to the entire MIB treeSnmp-server view Show snmp view This command shows information on the Snmp viewsExamples This view includes MIB-2Snmp-server group 164Show snmp group Command Usage44 show snmp group display description 166Snmp-server user Default Setting168 45 show snmp user display description This command shows information on Snmp usersShow snmp user 46 Interface Commands Interface CommandsDescription InterfacePort-channel channel-idRange Syntax Description string no descriptionFollowing example adds a description to port Interface Configuration Ethernet, Port ChannelSpeed-duplex Negotiation 4-173capabilities Syntax No negotiation Default SettingNegotiation Negotiation 4-173speed-duplex Following example configures port 11 to use autonegotiationCapabilities Flow control enabled Syntax No flowcontrol Default SettingFlowcontrol Negotiation 4-173speed-duplex4-172 flowcontrolSyntax No shutdown Default Setting Following example enables flow control on portAll interfaces are enabled ShutdownFollowing example disables port Switchport broadcast packet-ratePort-channel channel-idRange Default Setting This command clears statistics on an interfaceClear counters Syntax Clear counters interfaceShow interfaces status This command displays the status for an interfaceSyntax Show interfaces status interface Shows the status for all interfacesShow interfaces counters This command displays interface statisticsSyntax Show interfaces counters interface Shows the counters for all interfaces181 Syntax Show interfaces switchport interface Show interfaces switchportThis example shows the configuration setting for port Shows all interfacesField Description 47 show interfaces switchport display description48 Mirror Port Commands Mirror Port CommandsInterface Configuration Ethernet, destination port Port monitorShow port monitor This command displays mirror informationSyntax Show port monitor interface Shows all sessions49 Rate Limit Commands Rate Limit CommandsFollowing shows mirroring configured from port 6 to port Rate-limit Interface Configuration Ethernet, Port Channel50 Link Aggregation Commands Link Aggregation CommandsGeneral Guidelines Guidelines for Creating TrunksChannel-group Syntax no lacp Default SettingLacp Syntax Channel-group channel-idno channel-group191 32768 Lacp system-priorityLacp admin-keyEthernet Interface Syntax Lacp admin-key key no lacp admin-key Lacp admin-key Port ChannelLacp port-priority Default SettingShow lacp This command displays Lacp informationPort Channel all 51 show lacp counters display description52 show lacp internal display description 197Partner 53 show lacp neighbors display description 19954 show lacp sysid display description Address Table Commands55 Address Table Commands Vlan-id- Vlan ID Range Mac-address-table staticMac-address- MAC address Mac-address- MAC address Mask Bits to match in the address Clear mac-address-table dynamicShow mac-address-table Seconds Mac-address-table aging-timeShow mac-address-table aging-time Spanning Tree Commands56 Spanning Tree Commands RSTP/MSTP Spanning-tree Syntax No spanning-tree Default SettingSpanning tree is enabled Rstp Spanning-tree modeSpanning-tree forward-time 208Seconds Spanning-tree hello-timeSpanning-tree max-age 210Ieee 802.1t format Spanning-tree default prioritySpanning-tree priority Long method Spanning-tree pathcost methodCount -The transmission limit in seconds. Range This command limits the maximum transmission rate for BPDUsSpanning-tree transmission-limit Syntax No spanning-tree backup-root Default Setting Spanning-tree backup-rootSpanning-tree mst-configuration Mst vlan MST ConfigurationMst instanceid priority priority no mst instanceid priority Mst priorityName Switch’s MAC addressSyntax name name Name Name of the spanning treeMax-hops RevisionSyntax revision number Number Revision number of the spanning tree. RangeThis example disables the Spanning Tree Algorithm for port Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree costSpanning-tree edge-port Spanning-tree port-priorityPriority The priority for a port. Range 0-240, in steps Syntax No spanning-tree edge-portSpanning-tree portfast Syntax No spanning-tree portfast Default SettingSpanning-treeedge-port4-221 Spanning-tree link-typeAuto Spanning-tree mst costSpanning-tree mst port-priority4-225 Spanning-tree mst port-prioritySyntax Spanning-tree protocol-migration interface Port-channel channel-idRange Command ModeSpanning-tree protocol-migration Syntax Show spanning-tree interface mst instanceid Show spanning-tree228 229 Show spanning-tree mst configuration57 Vlan Commands Vlan CommandsEditing Vlan Groups Vlan databaseVlan By default only Vlan 1 exists and is active59 Configuring Vlan Interfaces Configuring Vlan InterfacesVlan Database Configuration Shutdown Interface vlanSyntax Interface vlan vlan-id All ports are in hybrid mode with the Pvid set to Vlan Switchport modeSyntax Switchport mode trunk hybrid no switchport mode All frame types Switchport acceptable-frame-typesSyntax No switchport ingress-filtering Default Setting Switchport ingress-filtering237 Switchport native vlan238 Switchport allowed vlanNo VLANs are included in the forbidden list Switchport forbidden vlan239 Displaying Vlan Information 240Show vlan 60 Displaying Vlan Information241 Following example shows how to display information for Vlan61 Private Vlan Commands 242 Private-vlan 243No private-vlan primary-vlan-idassociation 244Private-vlan association Normal Vlan Switchport mode private-vlan245 246 Switchport private-vlan host-associationSwitchport private-vlan mapping Syntax Show vlan private-vlan community primary 247Show vlan private-vlan 248 Gvrp and Bridge Extension Commands62 Gvrp and Bridge Extension Commands 249 Syntax No bridge-ext gvrp Default SettingBridge-ext gvrp Show bridge-extShow gvrp configuration Switchport gvrpSyntax No switchport gvrp Default Setting Syntax Show gvrp configuration interface251 Garp timerShows both global and interface-specific configuration Syntax Show garp timer interface Show garp timerShows all Garp timers 252253 Priority Commands63 Priority Commands Queue mode Priority Commands Layer64 Priority Commands Layer Syntax Queue mode strict wrr no queue modeQueue bandwidth 255256 Switchport priority defaultQueue cos-map 257258 65 Default CoS Priority LevelsThis command shows the current queue mode Show queue mode259 Show queue bandwidth66 Priority Commands Layer 3 Priority Commands Layer 3260 Show queue cos-map261 Syntax No map ip port Default Setting262 Syntax No map ip precedence Default Setting67 Mapping IP Precedence to CoS Values List below shows the default priority mapping263 264 Syntax No map ip dscp Default Setting68 Mapping IP Dscp to CoS Values 265266 This command shows the IP port priority mapShow map ip port Syntax Show map ip port interface267 This command shows the IP precedence priority mapShow map ip precedence Syntax Show map ip precedence interface268 This command shows the IP Dscp priority mapShow map ip dscp Syntax Show map ip dscp interfaceIgmp Snooping Commands Multicast Filtering Commands69 Multicast Filtering Commands 70 Igmp Snooping CommandsFollowing example enables Igmp snooping Syntax No ip igmp snooping Default Setting270 Ip igmp snooping271 Following configures the switch to use Igmp VersionIp igmp snooping version Igmp VersionShow mac-address-table multicast 272Show ip igmp snooping 71 Igmp Query Commands Layer Igmp Query Commands Layer273 Ip igmp snooping querierTimes 274Ip igmp snooping query-count Ip igmp snooping query-interval Following shows how to configure the query count to275 Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. Range276 Ip igmp snooping router-port-expire-time Switch must use IGMPv2 for this command to take effect277 72 Static Multicast Routing Commands Static Multicast Routing Commands278 Ip igmp snooping vlan mrouter279 Displays multicast router ports for all configured VLANsShow ip igmp snooping mrouter Syntax Show ip igmp snooping mrouter vlan vlan-id73 IP Interface Command Syntax IP Interface Commands280 Ip address281 Interface Configuration VlanSyntax Ip default-gateway gateway no ip default-gateway Ip default-gateway282 Ip dhcp restartShow ip interface 283284 This command has no default for the hostShow ip redirects Ping285 286 DNS Commands74 DNS Commands Ip host 287No static entries This example maps two address to a host nameClear host 288Ip domain-name Syntax Clear host nameSyntax No ip domain-list name 289Ip domain-list Ip domain-name4-288 290Ip name-server 291 Syntax No ip domain-lookup Default SettingIp domain-lookup Ip domain-name4-288 ip domain-lookup4-291Ip domain-name4-288 ip name-server4-290 292Show hosts This command displays entries in the DNS cache This command displays the configuration of the DNS server293 Show dns294 This command clears all entries in the DNS cacheClear dns cache 75 Show DNS Output DescriptionAccess Control Lists AuthenticationDhcp Client Port Configuration PoEAdditional Features Class of ServicePort Trunking Spanning Tree ProtocolSNMPv3 StandardsManagement Information Bases Symptom Action Problems Accessing the Management InterfaceTable B-1 Troubleshooting Chart Cannot access Using System Logs Troubleshooting Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 XModem Glossary-8Virtual LAN Vlan Index-1 IndexIgmp Index-2Index-3 Index-4 Page For Technical SUPPORT, Call