SMC Networks SMC6824M C, L, 4-122

A

CCESS

C

ONTROL

L

IST

C

OMMANDS

4-122

IP ACLs

Table 4-36 IP ACL Commands

Command Function Mode Page

access-list ip Creates an IP ACL and enters

configuration mode

GC 4-123

access-list ip

extended

fragment-auto-mask

Automatically creates extra masks to

support fragmented ACL entries

GC 4-123

permit, deny Filters packets matching a specified source

IP address

STD-A

CL

4-124

permit, deny Filters packets meeting the specified

criteria, including source and destination IP

address, TCP/UDP port number, protocol

type, and TCP control code

EXT-A

CL

4-125

show ip access-list Displays the rules for configured IP ACLs PE 4-128

access-list ip

mask-precedence

Changes to the mode for configuring access

control masks

GC 4-129

mask Sets a precedence mask for the ACL rules IP-Mask 4-130

show access-list ip

mask-precedence

Shows the ingress or egress rule masks for

IP ACLs

PE 4-133

ip access-group Adds a port to an IP ACL IC 4-134

show ip access-group Shows port assignments for IP ACLs PE 4-134

map access-list ip Sets the CoS value and corresponding

output queue for packets matching an ACL

rule

IC 4-135

show map

access-list ip

Shows CoS value mapped to an access list

for an interface

PE 4-136

match access-list ip Changes the 802.1p priority, IP

Precedence, or DSCP Priority of a frame

matching the defined rule (i.e., also called

packet marking)

IC 4-137

show marking Displays the current configuration for

packet marking

PE 4-138

Contents

Main TigerStack III 10/100 Port Fast Ethernet Swi 24- tch Management Guide Page Page Page L W IMITED ARRANTY W IMITED ARRANTY ii ABLE OF iii ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 C iv C v C vi C vii 4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 4-1 C viii C ix C x C xi C xii C xiii C xiv C xv C xvi A Page xix ABLES xx xxi Page F xxiii IGURES xxiv xxv Page 1-1 NTRODUCTION Key Features 1-2 Description of Software Features Table 1-1 Key Features F S 1-3 1-4 F S 1-5 1-6 D 1-7 System Defaults 1-8 D 1-9 1-10 NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 S 2-3 Required Connections C 2-4 Remote Connections O 2-5 Stack Operations Selecting the Stack Master Recovering from Stack Failure or Topology Change C 2-6 Basic Configuration Console Connection C 2-7 Setting Passwords Setting an IP Address C 2-8 C 2-9 C 2-10 Enabling SNMP Management Access C 2-11 C 2-12 C 2-13 Saving Configuration Settings C 2-14 Managing System Files P E 2-15 Configuring Power over Ethernet Page 3-1 CHAPTER 3 CONFIGURING THE SWITCH Using the Web Interface Page Navigating the Web Browser Interface Page Page S 3-6 Main Menu Table 3-2 Switch Main Menu I B W 3-7 S 3-8 I B W 3-9 S 3-10 I B W 3-11 S 3-12 C 3-13 Basic Configuration Displaying System Information Page C ASIC 3-15 CLI Specify the hostname, location and contact information. Displaying Switch Hardware/Software Versions S 3-16 C ASIC 3-17 Web Click System, Switch Information. S 3-18 Displaying Bridge Extension Capabilities C 3-19 Setting the IP Address S 3-20 Page S 3-22 Using DHCP/BOOTP C 3-23 Managing Firmware S 3-24 Downloading System Software from a Server Page S 3-26 Saving or Restoring Configuration Settings C 3-27 Page C 3-29 S 3-30 Console Port Settings C 3-31 S 3-32 C 3-33 Telnet Settings S 3-34 Page S 3-36 C 3-37 Remote Log Configuration S 3-38 C 3-39 Displaying Log Messages S 3-40 Sending Simple Mail Transfer Protocol Alerts Page S 3-42 Resetting the System C 3-43 Setting the System Clock Configuring SNTP S 3-44 Setting the Time Zone N Simple Network Management Protocol S 3-46 N P M 3-47 Table 3-4 SNMPv3 Security Models and Levels Page Page S 3-50 Specifying Trap Managers and Trap Types N P M 3-51 S 3-52 Page S 3-54 Specifying a Remote Engine ID N P M 3-55 Configuring SNMPv3 Users Page Page S 3-58 Configuring Remote SNMPv3 Users N P M 3-59 Page N P M 3-61 Configuring SNMPv3 Groups S 3-62 Notify View The configured view for notifications. (Range: 1-64 characters) Table 3-5 Supported Notification Messages N P M 3-63 S 3-64 N P M 3-65 Page N P M 3-67 Setting SNMPv3 Views Page A 3-69 User Authentication Page Page S 3-72 Configuring Local/Remote Logon Authentication A 3-73 Page A SER UTHENTICATION 3-75 CLI Specify all the required parameters to enable logon authentication. S 3-76 A 3-77 Replacing the Default Secure-site Certificate S 3-78 Configuring the Secure Shell A 3-79 S 3-80 A 3-81 Generating the Host Key Pair Page A 3-83 Configuring the SSH Server S 3-84 A 3-85 Configuring Port Security S 3-86 Page S 3-88 Configuring 802.1X Port Authentication A 3-89 Displaying 802.1X Global Settings Command Attributes S 3-90 Configuring 802.1X Global Settings A 3-91 Configuring Port Settings for 802.1X S 3-92 A SER UTHENTICATION 3-93 S 3-94 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. A 3-95 S 3-96 Filtering IP Addresses for Management Access A 3-97 S 3-98 Access Control Lists Configuring Access Control Lists C L 3-99 Setting the ACL Name and Type S 3-100 Configuring a Standard IP ACL C L 3-101 Configuring an Extended IP ACL S 3-102 Page S 3-104 Configuring a MAC ACL Page Page Page S 3-108 Configuring an IP ACL Mask Page S 3-110 Configuring a MAC ACL Mask Page S 3-112 Binding a Port to an Access Control List Page S 3-114 Port Configuration Displaying Connection Status Command Attributes (Web) C 3-115 Field Attributes (CLI) Basic information: Configuration: S 3-116 Current status: C 3-117 Configuring Interface Connections S 3-118 C 3-119 S 3-120 Creating Trunk Groups C } 3-121 Statically Configuring a Trunk Page C } 3-123 Enabling LACP on Selected Ports } S 3-124 C 3-125 Configuring LACP Parameters Dynamically Creating a Port Channel S 3-126 Page S 3-128 C 3-129 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Figure 3-55 Displaying LACP Port Counters Information S 3-130 CLI The following example displays LACP counters for port channel 1. Displaying LACP Settings and Status for the Local Side C 3-131 Table 3-9 LACP Internal Configuration Information (Continued) S 3-132 C 3-133 Displaying LACP Settings and Status for the Remote Side Table 3-10 LACP Neighbor Configuration Information S 3-134 C 3-135 Setting Broadcast Storm Thresholds S 3-136 Configuring Port Mirroring C 3-137 Page C 3-139 Showing Port Statistics S 3-140 C 3-141 S 3-142 C 3-143 Page O S E 3-145 Power Over Ethernet Settings S 3-146 Switch Power Status Page Page O S E 3-149 Configuring Port PoE Power S 3-150 T S Address Table Settings Setting Static Addresses Page Page Spanning Tree Algorithm Configuration T C A 3-155 x x S 3-156 Displaying Global Settings T C A 3-157 S 3-158 T C LGORITHM A REE S 3-160 Configuring Global Settings T C A 3-161 S 3-162 T C A 3-163 Page T C A 3-165 Displaying Interface Settings S 3-166 T x x C A 3-167 S 3-168 T C A 3-169 Configuring Interface Settings S 3-170 T C A 3-171 S 3-172 Configuring Multiple Spanning Trees Page S 3-174 CLI This displays STA settings for instance 1, followed by settings for each port. Page S 3-176 T C A 3-177 Configuring Interface Settings for MSTP S 3-178 3-179 VLAN Configuration IEEE 802.1Q VLANs S 3-180 Assigning Ports to VLANs 3-181 S 3-182 Forwarding Tagged/Untagged Frames 3-183 Enabling or Disabling GVRP (Global Setting) S 3-184 Displaying Basic VLAN Information 3-185 Displaying Current VLANs Command Attributes (Web) S 3-186 Command Attributes (CLI) Creating VLANs 3-187 S 3-188 Adding Static Members to VLANs (VLAN Index) 3-189 S 3-190 Adding Static Members to VLANs (Port Index) 3-191 Configuring VLAN Behavior for Interfaces S 3-192 3-193 Page 3-195 Displaying Current Private VLANs S 3-196 3-197 Configuring Private VLANs S 3-198 Associating Community VLANs 3-199 Displaying Private VLAN Interface Information S 3-200 Configuring Private VLAN Interfaces 3-201 S 3-202 Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces C ERVICE S OF S 3-204 Mapping CoS Values to Egress Queues C S 3-205 S 3-206 Selecting the Queue Mode Page S 3-208 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values C S 3-209 Mapping IP Precedence S 3-210 C S 3-211 Mapping DSCP Priority Page C S 3-213 Mapping IP Port Priority Page C S 3-215 Copy Settings Page Page S 3-218 Changing Priorities Based on ACL Rules Page S 3-220 Multicast Filtering IGMP Protocol F 3-221 Layer 2 IGMP (Snooping and Query) S 3-222 Configuring IGMP Snooping and Query Parameters F 3-223 S Displaying Interfaces Attached to a Multicast Route 3-224 r F 3-225 Specifying Interfaces Attached to a Multicast Router S 3-226 Displaying Port Members of Multicast Services Command Attribute F 3-227 S 3-228 Assigning Ports to Multicast Services D Configuring Domain Name Service Configuring General DNS Server Parameters S 3-230 Page S 3-232 Configuring Static DNS Host to Address Entries Page S 3-234 Displaying the DNS Cache Page Page 4-1 4 I INE L OMMAND I L C 4-2 Entering Commands Keywords and Arguments C 4-4 Minimum Abbreviation Command Completion Getting Help on Commands L I The command show interfaces ? will display the following information: 4-5 C 4-6 Partial Keyword Lookup Negating the Effect of Commands Using Command History L I 4-7 Exec Commands C 4-8 Configuration Commands L I 4-9 Table 4-2 Configuration Command Modes C 4-10 Command Line Processing L I Command Groups The system commands can be broken down into the functional groups shown below Table 4-4 Command Group Index G 4-12 Table 4-4 Command Group Index (Continued) L I Line Commands Table 4-5 Line Commands C 4-14 line L I 4-15 login C 4-16 password L I 4-17 timeout login response C 4-18 exec-timeout L I 4-19 password-thresh C 4-20 silent-time databits L I 4-21 parity C 4-22 speed L I 4-23 stopbits disconnect C 4-24 show line L I General Commands enable C 4-26 disable L I 4-27 configure show history C 4-28 reload L I 4-29 end exit C 4-30 quit L I System Management Commands Table 4-7 System Management Commands M C 4-32 Device Designation Commands prompt L I 4-33 hostname light unit M C 4-34 User Access Commands username L I 4-35 M C 4-36 enable password L I 4-37 IP Filter Commands management M C 4-38 show management L I Web Server Commands 4-39 Table 4-12 Web Server Commands M C 4-40 ip http port ip http server L I 4-41 ip http secure-server M C 4-42 ip http secure-port L I 4-43 Telnet Server Commands ip telnet server M C 4-44 Secure Shell Commands L I 4-45 Table 4-15 Secure Shell Commands M C 4-46 L I 4-47 ip ssh server M C 4-48 ip ssh timeout L I 4-49 ip ssh authentication-retries M C 4-50 ip ssh server-key size delete public-key L I 4-51 ip ssh crypto host-key generate M C 4-52 ip ssh crypto zeroize ip ssh save host-key L I 4-53 show ip ssh show ssh M C 4-54 Table 4-16 show ssh - display description L I 4-55 show public-key M C Event Logging Commands 4-56 Table 4-17 Event Logging Commands L I 4-57 logging on logging history M C 4-58 L I 4-59 logging host logging facility M C 4-60 logging trap L I 4-61 clear log show logging M C 4-62 L I 4-63 show log M C 4-64 SMTP Alert Commands logging sendmail host L I 4-65 logging sendmail level M C 4-66 logging sendmail source-email L I 4-67 logging sendmail destination-email logging sendmail M C 4-68 show logging sendmail Time Commands L I 4-69 sntp client M C 4-70 sntp server L I 4-71 sntp poll M C 4-72 show sntp L I 4-73 clock timezone M C 4-74 calendar set show calendar L I 4-75 System Status Commands show startup-config M C 4-76 L I 4-77 show running-config M C ANAGEMENT YSTEM 4-78 L I 4-79 show system M C 4-80 show users show version Flash/File Commands Table 4-24 Flash/File Commands C 4-82 copy L I 4-83 C LASH ILE 4-84 The following example shows how to copy the running configuration to a startup file. L I 4-85 C 4-86 delete L I 4-87 dir C 4-88 whichboot L I 4-89 boot system Power over Ethernet Commands L I 4-91 power mainpower maximum allocation power inline compatible C E 4-92 L I 4-93 power inline power inline maximum allocation C E 4-94 power inline priority L I 4-95 show power inline status C E 4-96 show power mainpower Authentication Commands Table 4-29 Authentication Commands Table 4-30 Authentication Sequence Command C 4-98 authentication login L I 4-99 authentication enable C 4-100 RADIUS Client L I 4-101 radius-server host C 4-102 radius-server port radius-server key L I 4-103 radius-server retransmit radius-server timeout C 4-104 show radius-server L I 4-105 TACACS+ Client tacacs-server host C 4-106 tacacs-server port tacacs-server key L I 4-107 show tacacs-server Port Security Commands C 4-108 port security L I 4-109 C 4-110 802.1X Port Authentication Table 4-34 802.1X Port Authentication Commands L I 4-111 dot1x system-auth-control dot1x default C 4-112 dot1x port-control L I 4-113 dot1x operation-mode C 4-114 dot1x re-authenticate dot1x re-authentication L I 4-115 dot1x timeout quiet-period dot1x timeout re-authperiod C 4-116 dot1x timeout tx-period show dot1x L I 4-117 C 4-118 L I 4-119 Access Control List Commands C L 4-120 L I 4-121 C L 4-122 IP ACLs Table 4-36 IP ACL Commands L I 4-123 access-list ip C L 4-124 access-list ip extended fragment-auto-mask permit, deny (Standard ACL) L I 4-125 permit, deny (Extended ACL) C L 4-126 L I 4-127 C L 4-128 show ip access-list L I 4-129 access-list ip mask-precedence C L 4-130 mask (IP ACL) L I 4-131 C IST L ONTROL CCESS L I 4-133 show access-list ip mask-precedence C L 4-134 ip access-group L I 4-135 show ip access-group map access-list ip C L 4-136 show map access-list ip L I 4-137 match access-list ip C MAC ACLs L 4-138 show marking L I 4-139 access-list mac C L 4-140 permit, deny (MAC ACL) L I 4-141 C L 4-142 show mac access-list L I 4-143 access-list mac mask-precedence C L 4-144 mask (MAC ACL) L I This example creates an Egress MAC ACL. 4-145 C L 4-146 show access-list mac mask-precedence mac access-group L I 4-147 show mac access-group map access-list mac C L 4-148 show map access-list mac L I 4-149 match access-list mac C L 4-150 ACL Information show access-list L SNMP Commands 4-152 snmp-server L I 4-153 show snmp 4-154 snmp-server community snmp-server contact L I 4-155 snmp-server location 4-156 snmp-server host L I 4-157 4-158 L I 4-159 snmp-server enable traps 4-160 snmp-server engine-id L I 4-161 show snmp engine-id 4-162 snmp-server view L I 4-163 show snmp view 4-164 snmp-server group L I 4-165 show snmp group 4-166 Table 4-44 show snmp group - display description L I 4-167 snmp-server user 4-168 L I 4-169 show snmp user This command shows information on SNMP users. Command Mode Interface Commands Table 4-46 Interface Commands L I 4-171 interface description C 4-172 speed-duplex L I 4-173 negotiation C 4-174 capabilities L I 4-175 flowcontrol C 4-176 shutdown L I 4-177 switchport broadcast packet-rate C 4-178 clear counters L I 4-179 show interfaces status C 4-180 show interfaces counters L I 4-181 C 4-182 show interfaces switchport L I 4-183 Table 4-47 show interfaces switchport - display description P Mirror Port Commands port monitor L I 4-185 show port monitor R Rate Limit Commands L I 4-187 rate-limit A Link Aggregation Commands L I 4-189 A C 4-190 channel-group lacp L I 4-191 A C 4-192 lacp system-priority L I 4-193 lacp admin-key (Ethernet Interface) A C 4-194 lacp admin-key (Port Channel) L I 4-195 lacp port-priority A C 4-196 show lacp L I 4-197 Table 4-52 show lacp internal - display description Table 4-51 show lacp counters - display description (Continued) A C 4-198 Table 4-52 show lacp internal - display description (Continued) L I 4-199 Table 4-53 show lacp neighbors - display description T Address Table Commands Table 4-54 show lacp sysid - display description Table 4-55 Address Table Commands L I 4-201 mac-address-table static T C 4-202 clear mac-address-table dynamic show mac-address-table L I 4-203 mac-address-table aging-time T Spanning Tree Commands L I 4-205 Table 4-56 Spanning Tree Commands (Continued) T C 4-206 spanning-tree L I 4-207 spanning-tree mode T C 4-208 spanning-tree forward-time L I 4-209 spanning-tree hello-time T C 4-210 spanning-tree max-age L I 4-211 spanning-tree default priority spanning-tree priority T C 4-212 spanning-tree pathcost method L I 4-213 spanning-tree transmission-limit T C 4-214 spanning-tree backup-root spanning-tree mst-configuration L I 4-215 mst vlan T C 4-216 mst priority L I 4-217 name T C 4-218 revision max-hops L I 4-219 spanning-tree spanning-disabled T C 4-220 spanning-tree cost L I 4-221 spanning-tree port-priority spanning-tree edge-port T C 4-222 spanning-tree portfast L I 4-223 spanning-tree link-type T C 4-224 spanning-tree mst cost L I 4-225 spanning-tree mst port-priority T C 4-226 spanning-tree protocol-migration L I 4-227 show spanning-tree T C 4-228 L I 4-229 show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree. Command Mode VLAN Commands Editing VLAN Groups vlan database L I 4-231 vlan 4-232 Configuring VLAN Interfaces L I 4-233 interface vlan 4-234 switchport mode L I 4-235 switchport acceptable-frame-types 4-236 switchport ingress-filtering L I 4-237 switchport native vlan 4-238 switchport allowed vlan L I 4-239 switchport forbidden vlan 4-240 Displaying VLAN Information show vlan L I 4-241 Example The following example shows how to display information for VLAN 1: Configuring Private VLANs 4-242 L I 4-243 private-vlan 4-244 private-vlan association L I 4-245 switchport mode private-vlan 4-246 switchport private-vlan host-association switchport private-vlan mapping L I 4-247 show vlan private-vlan GVRP GVRP and Bridge Extension Commands Table 4-62 GVRP and Bridge Extension Commands L I 4-249 bridge-ext gvrp show bridge-ext GVRP C E B 4-250 L I 4-251 garp timer GVRP C E B 4-252 Priority Commands C 4-254 Priority Commands (Layer 2) queue mode L I 4-255 queue bandwidth C 4-256 switchport priority default L I 4-257 queue cos-map C 4-258 L I 4-259 show queue mode show queue bandwidth C 4-260 show queue cos-map Priority Commands (Layer 3 and 4) L I 4-261 map ip port (Global Configuration) C 4-262 map ip port (Interface Configuration) map ip precedence (Global Configuration) L I 4-263 map ip precedence (Interface Configuration) C 4-264 map ip dscp (Global Configuration) L I 4-265 map ip dscp (Interface Configuration) C 4-266 show map ip port L I 4-267 show map ip precedence C 4-268 show map ip dscp L I Multicast Filtering Commands Table 4-69 Multicast Filtering Commands Table 4-70 IGMP Snooping Commands F C 4-270 ip igmp snooping ip igmp snooping vlan static L I 4-271 ip igmp snooping version F C 4-272 show ip igmp snooping show mac-address-table multicast L I 4-273 IGMP Query Commands (Layer 2) ip igmp snooping querier F C 4-274 ip igmp snooping query-count L I 4-275 ip igmp snooping query-interval F C 4-276 ip igmp snooping query-max-response-time L I 4-277 ip igmp snooping router-port-expire-time F C 4-278 Static Multicast Routing Commands ip igmp snooping vlan mrouter L I 4-279 show ip igmp snooping mrouter C IP Interface Commands ip address L I 4-281 C 4-282 ip default-gateway ip dhcp restart L I 4-283 show ip interface C 4-284 show ip redirects ping L I 4-285 4-286 DNS Commands L I 4-287 ip host 4-288 clear host ip domain-name L I 4-289 ip domain-list 4-290 ip name-server L I 4-291 ip domain-lookup 4-292 show hosts L I 4-293 show dns show dns cache 4-294 clear dns cache PPENDIX A-1 A S S OFTWARE PECIFICATIONS Software Features Management Features S A-3 SNMPv3 RMON Standards S A-4 Management Information Bases PPENDIX B-1 B ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connect using Telnet, web browser, or SNMP software B-2 Table B-1 Troubleshooting Chart S L B-3 Using System Logs Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Page NDEX Numerics A B C H I L M P R S T U V W