Manuals / SMC Networks / Computer Equipment / Switch

SMC Networks SMC6824M manual No permit deny tcp, Extended ACL

Models: SMC6824M

1 608

Download 608 pages 58 Kb

Page 418

ACCESS CONTROL LIST COMMANDS

[no] {permit deny} tcp

{any source address-bitmask host source}

{any destination address-bitmask host destination} [precedence precedence] [tos tos] [dscp dscp]

[source-portsport [bitmask]] [destination-portdport [port-bitmask]][control-flagcontrol-flags flag-bitmask]

•protocol-number– A specific protocol number. (Range: 0-255)

•source – Source IP address.

•destination – Destination IP address.

•address-bitmask– Decimal number representing the address bits to match.

•host – Keyword followed by a specific IP address.

•precedence – IP precedence level. (Range: 0-7)

•tos – Type of Service level. (Range: 0-15)

•dscp – DSCP priority level. (Range: 0-63)

•sport – Protocol25 source port number. (Range: 0-65535)

•dport – Protocol25 destination port number. (Range: 0-65535)

•port-bitmask– Decimal number representing the port bits to match. (Range: 0-65535)

•control-flags– Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63)

•flag-bitmask– Decimal number representing the code bits to match.

Default Setting

None

Command Mode

Extended ACL

Command Usage

•All new rules are appended to the end of the list.

•Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the specified source IP address, and then compared

25.Includes TCP, UDP or other protocol types.

4-126

Image 418

SMC Networks SMC6824M manual No permit deny tcp, Extended ACL

Contents

TigerStack III 10/100 Page TigerStack III 10/100 Management Guide Trademarks Limited Warranty Limited Warranty Table of Contents Table of Contents Table of Contents Table of Contents Command Line Interface ViiViii Table of Contents Table of Contents Table of Contents Xii Xiii Xiv Table of Contents Xvi Glossary Index XviiXviii Tables XixTables Xxi Xxii Figures XxiiiXxiv 37 802.1X Global InformationXxv Xxvi Key Features Key FeaturesFeature Description Description of Software Features LacpDescription of Software Features Introduction Description of Software Features Introduction System Defaults System DefaultsFunction Parameter Default Https Pvid Dhcp Connecting to the Switch Configuration OptionsInitial Configuration Required Connections Remote Connections Stack Operations Recovering from Stack Failure or Topology ChangeSelecting the Stack Master Resilient IP Interface for Management Access Basic ConfigurationConsole Connection Setting Passwords Setting an IP AddressManual Configuration Dynamic Configuration Enabling Snmp Management Access Clients, we recommend that you delete both of the default Community Strings for Snmp version 1 and 2c clientsConfiguring Access for Snmp Version 3 Clients Trap ReceiversSaving Configuration Settings Managing System Files Configuring Power over Ethernet Initial Configuration Configuring the Switch Using the Web InterfaceConfiguring the Switch Navigating the Web Browser Interface HomeButton Web Page Configuration ButtonsAction Front Panel Indicators Panel DisplayMain Menu Switch Main MenuMenu Description Sntp ACL Vlan Mstp 206 Vlan ID Displaying System Information Field AttributesSystem Information Displaying Switch Hardware/Software Versions CLI Specify the hostname, location and contact informationManagement Software Web Click System, Switch Information General Switch InformationDisplaying Bridge Extension Capabilities Field AttributesCLI Enter the following command Setting the IP AddressWeb Click System, Bridge Extension Command Attributes Manual Configuration IP Interface Configuration ManualUsing DHCP/BOOTP IP Interface Configuration DhcpCommand Attributes Managing FirmwareDownloading System Software from a Server Copy FirmwareSetting the Startup Code Saving or Restoring Configuration Settings Command UsageBasic Configuration Downloading Configuration Settings from a Server 11 Downloading Configuration Settings for Start-Up12 Setting the Startup Configuration Settings Console Port Settings Command AttributesCLI only 13 Console Port Settings Telnet Settings Command Attributes14 Configuring the Telnet Interface Configuring Event Logging System Log ConfigurationCommand Attributes Logging LevelsRemote Log Configuration 15 System Logs16 Remote Logs Displaying Log Messages 17 Displaying LogsSending Simple Mail Transfer Protocol Alerts CLI This example shows the event message stored in RAM18 Enabling and Configuring Smtp Alerts Resetting the System 19 Resetting the SwitchConfiguring Sntp Setting the System ClockCLI Use the reload command to reboot the system Setting the Time Zone 20 Sntp Configuration21 Setting the Time Zone Simple Network Management ProtocolConfiguring the Switch SNMPv3 Security Models and Levels Model Level Group Read Write Notify Security ViewCLI The following example enables Snmp on the switch Setting Community Access StringsEnabling the Snmp Agent 23 Configuring Snmp Community Strings Command Usage Specifying Trap Managers and Trap TypesCommand Attributes 24 Configuring Snmp Trap Managers Configuring SNMPv3 Management Access Setting the Local Engine IDSpecifying a Remote Engine ID CLI This example sets an SNMPv3 engine IDConfiguring SNMPv3 Users CLI This example specifies a remote SNMPv3 engine IDConfiguring the Switch 27 Configuring SNMPv3 Users Configuring Remote SNMPv3 Users 169Command Attributes 28 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages Object Label Object ID DescriptionObject Label Object ID Description Rmon Events SwIpFilterRejectTrap 29 Configuring SNMPv3 Groups Setting SNMPv3 Views 16530 Configuring SNMPv3 Views User Authentication 163Configuring User Accounts Command Attributes31 Configuring User Accounts That use software running Configuring Local/Remote Logon AuthenticationOn a central server to Command Attributes Radius SettingsTacacs Settings 32 Authentication Server SettingsConfiguring Https 104Https Support Web Browser Operating SystemReplacing the Default Secure-site Certificate 33 Https SettingsConfiguring the Secure Shell Command Usage Configuring the Switch Generating the Host Key Pair Field Attributes34 SSH Host-Key Settings Configuring the SSH Server SSH server includes basic settings for authentication35 SSH Server Settings Configuring Port Security Command UsageCommand Attributes 36 Enabling Port Security Configuring 802.1X Port Authentication 802.1X System Authentication Control The global setting for Displaying 802.1X Global Settings802.1X protocol provides client authentication Web Click Security, 802.1X, InformationCLI This example shows the default global setting for Configuring 802.1X Global SettingsCLI This example enables 802.1X globally for the switch Configuring Port Settings for 39 802.1X Port Configuration AuthorizedUser Authentication 802.1X Statistics Displaying 802.1X StatisticsParameter Description 40 Displaying 802.1X Statistics CLI This example displays the 802.1X statistics for portFiltering IP Addresses for Management Access Command Usage41 Entering IP Addresses to be Filtered Access Control Lists Configuring Access Control ListsSetting the ACL Name and Type Command Attributes100 Configuring a Standard IP ACL Command AttributesCLI This example creates a standard IP ACL named bill Configuring an Extended IP ACL Command Attributes 101102 44 Configuring Extended IP ACLs 103Configuring a MAC ACL Command Attributes 104Command Usage 10545 Configuring MAC ACLs 106107 Configuring ACL MasksSpecifying the Mask Type 108 Configuring an IP ACL MaskThis mask defines the fields to check in the IP header 47 Configuring an IP based ACL 109110 Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header 48 Configuring an ACL MAC Mask 111Binding a Port to an Access Control List 112113 49 Mapping ACLs to Port Ingress/Egress QueuesDisplaying Connection Status Port ConfigurationCommand Attributes Web 114Field Attributes CLI 115Web Click Port, Port Information or Trunk Information 116 Current status117 Configuring Interface ConnectionsCLI This example shows the connection status for Port 118 51 Configuring Port Attributes 119Creating Trunk Groups 120Statically Configuring a Trunk Command Usage 12152 Static Trunk Configuration 122Enabling Lacp on Selected Ports Command Usage 12353 Lacp Port Configuration 124125 126 54 Lacp Aggregation Port Configuration 127128 You can display statistics for Lacp protocol messages 129Displaying Lacp Port Counters Lacp Port CountersLacp Internal Configuration Information Displaying Lacp Settings and Status for the Local Side130 131 132 56 Displaying Lacp Port Information10 Lacp Neighbor Configuration Information Displaying Lacp Settings and Status for the Remote Side133 134 57 Displaying Remote Lacp Port InformationSetting Broadcast Storm Thresholds 135Configuring Port Mirroring 13659 Configuring a Mirror Port 137Command Attribute Configuring Rate Limits138 Showing Port Statistics 139140 11 Port Statistics141 142 Rmon Statistics143 144 61 Port Statistics145 Power Over Ethernet SettingsCLI This example shows statistics for port Displays the Power over Ethernet parameters for the switch Switch Power Status146 Web Click PoE, Power Status Setting a Switch Power Budget147 Displaying Port Power Status 148Web Click PoE, Power Port Status Configuring Port PoE Power149 65 Configuring Port PoE Power 150Setting Static Addresses Address Table Settings151 Displaying the Address Table 152153 67 Displaying the MAC Dynamic Address Table154 Spanning Tree Algorithm ConfigurationChanging the Aging Time CLI This example sets the aging time to 300 seconds155 Displaying Global Settings 156157 158 159 Web Click Spanning Tree, STA InformationGlobal settings apply to the entire switch Configuring Global Settings160 Basic Configuration of Global Settings 161Root Device Configuration 162Configuration Settings for Rstp 16370 Configuring the Spanning Tree Algorithm 164Displaying Interface Settings 165166 167 AD B168 71 STA Port InformationConfiguring Interface Settings 169170 72 Configuring Spanning Tree Algorithm per Port 171172 Configuring Multiple Spanning TreesCLI This example sets STA attributes for port 73 Mstp Vlan Configuration 173174 Displaying Interface Settings for Mstp 175176 Configuring Interface Settings for Mstp 177178 CLI This example sets the Mstp attributes for portIeee 802.1Q VLANs Vlan Configuration179 180 Assigning Ports to VLANs181 182 Forwarding Tagged/Untagged FramesCLI This example enables Gvrp for the switch Enabling or Disabling Gvrp Global Setting183 Displaying Basic Vlan Information 184Web Click VLAN, 802.1Q VLAN, Basic Information 185 Displaying Current VLANs186 Command Attributes CLICreating VLANs 187 79 Vlan Static List Creating VLANsAdding Static Members to VLANs Vlan Index 188CLI This example creates a new Vlan Command Attributes 189190 Adding Static Members to VLANs Port IndexConfiguring Vlan Behavior for Interfaces 191192 193 Private VLANs 194195 Vlan ID ID of configured VlanDisplaying Current Private VLANs 196 83 Displaying Private Vlan Port InformationConfiguring Private VLANs 197Associating Community VLANs 198Each community Vlan must be associated with a primary Vlan 199 Displaying Private Vlan Interface InformationConfiguring Private Vlan Interfaces 20087 Configuring Private Vlan Ports 201Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings 202CLI This example assigns a default priority of 5 to port 20312 Mapping CoS Values to Egress Queues 204Mapping CoS Values to Egress Queues 13 CoS Priority Levels89 Configuring Traffic Classes 205Selecting the Queue Mode 206Setting the Service Weight for Traffic Classes 207Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority Settings208 Selecting IP Precedence/DSCP PriorityMapping IP Precedence 20914 Mapping IP Precedence 93 Mapping IP Precedence to Class of Service Values 21015 Mapping Dscp Priority 211Mapping Dscp Priority IP Dscp Value CoS Value94 Mapping IP Dscp Priority to Class of Service Values 212213 Mapping IP Port Priority214 95 Globally Enabling the IP Port Priority StatusCopy Settings 215Mapping CoS Values to ACLs CLI This feature not supported through the CLI216 16 CoS to ACL Mapping217 98 Mapping CoS Values to ACLs218 Changing Priorities Based on ACL Rules219 99 Changing Priorities Based on ACL RulesIgmp Protocol Multicast Filtering220 Layer 2 Igmp Snooping and Query 221Configuring Igmp Snooping and Query Parameters 222100 Configuring Internet Group Management Protocol 223224 Displaying Interfaces Attached to a Multicast Router225 Specifying Interfaces Attached to a Multicast RouterDisplaying Port Members of Multicast Services 226103 Displaying Port Members of Multicast Services 227Assigning Ports to Multicast Services 228Configuring General DNS Server Parameters Configuring Domain Name Service229 230 105 Configuring DNS 231Configuring Static DNS Host to Address Entries 232233 106 Mapping IP Addresses to a Host NameDisplaying the DNS Cache 234235 Web Select DNS, Cache236 Accessing the CLI Using the Command Line InterfaceConsole Connection Telnet Connection This section describes how to enter CLI commands Entering CommandsKeywords and Arguments Showing Commands Command CompletionGetting Help on Commands Minimum AbbreviationCommand Line Interface Understanding Command Modes Negating the Effect of CommandsUsing Command History Partial Keyword LookupCommand Modes Exec CommandsClass Mode Configuration Commands Configuration Command Modes Mode Command PromptKeystroke Commands Command Line ProcessingKeystroke Function Command Group Index Command GroupsCommand Group Description Configures DNS services 286 Command Function Mode Line CommandsLine Commands Password-thresh commandLine Login local LoginSyntax Login local no login Line ConfigurationSyntax Password 0 7 password no password PasswordUsername 4-34password No password is specifiedCLI Disabled 0 seconds Telnet 300 seconds Timeout login responseLogin 4-15password-thresh To set the timeout to two minutes, enter this commandSyntax Exec-timeout seconds no exec-timeout Exec-timeoutCLI and Telnet 600 seconds 10 minutes Syntax Password-thresh threshold no password-thresh Password-threshDefault value is three attempts Syntax Silent-time seconds no silent-time Silent-timeDatabits Syntax Databits 7 8 no databitsParity Syntax Parity none even odd no paritySpeed To specify no parity, enter this commandTo specify 57600 bps, enter this command Syntax Speed bps no speedStopbits 1 StopbitsDisconnect Syntax disconnect session-idShow line Syntax Show line console vtyGeneral Commands General CommandsEnable Syntax enable levelDisable Enable password DisableNone Configure Show historyThis command resets the entire system This command restarts the systemReload End This example shows how to reset the switchThis command returns to Privileged Exec mode ExitThis example shows how to quit a CLI session Use this command to exit the configuration programQuit System Management Commands System Management CommandsCommand Group Function Prompt Device Designation CommandsDevice Designation Commands Syntax Prompt string no promptSyntax Hostname name no hostname HostnameLight unit Syntax Light unit unitUser Access Commands User Access CommandsUsername 10 Default Login Settings Username Access-level PasswordEnable password Default is level is level Default password is super11 IP Filter Commands IP Filter CommandsEnable 4-25authentication enable ManagementShow management Web Server Commands 12 Web Server CommandsIp http port Default Setting Command ModeSyntax No ip http server Default Setting Ip http serverSyntax No ip http secure-server Default Setting Ip http secure-serverIp http secure-port4-42 Copy tftp https-certificate Ip http secure-port13 Https System Support Portnumber The UDP port used for HTTPS. RangeIp telnet server Telnet Server Commands14 Telnet Server Commands Ip http secure-server4-41Secure Shell Commands Server Enabled Server Port15 Secure Shell Commands Command Function ModeSystem Management Commands Disabled Syntax No ip ssh server Default SettingIp ssh server Ip ssh crypto host-key generate 4-51 show ssh Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout SecondsIp ssh authentication-retries Exec-timeout4-18 show ip sshDelete public-key Ip ssh server-key sizeSyntax Delete public-key username dsa rsa Dsa DSA Version 2 key type Rsa RSA Version 1 key type Ip ssh crypto host-key generateSyntax Ip ssh crypto host-key generate dsa rsa Generates both the DSA and RSA key pairsSyntax Ip ssh crypto zeroize dsa rsa Ip ssh crypto zeroizeIp ssh save host-key Syntax Ip ssh save host-key dsa rsaShow ssh This command displays the current SSH server connectionsShow ip ssh Saves both the DSA and RSA key16 show ssh display description TerminologyUsername Name of an SSH user. Range 1-8 characters Show public-keySyntax Show public-key user username host Shows all public keysEvent Logging Commands 17 Event Logging CommandsLogging history Syntax No logging on Default SettingLogging on Logging history 4-57clear logging18 Logging Levels Flash errors level 3 RAM informational level 6Level Severity Name Description Syntax No logging host hostipaddress Logging hostLogging facility Hostipaddress The IP address of a syslog serverLogging trap Disabled Level 7Syntax Logging trap level no logging trap Syntax Clear log flash ram Clear logShow logging Syntax Show logging flash ram sendmail trapFollowing example displays settings for the trap function 19 show logging flash/ram display description20 show logging trap display description Show logSyntax Show log flash ram Logging sendmail host Smtp Alert Commands21 Smtp Commands Following example shows the event message stored in RAMLogging sendmail level Syntax Logging sendmail level levelLogging sendmail source-email Syntax Logging sendmail source-email email-addressLogging sendmail Syntax No logging sendmail Default SettingLogging sendmail destination-email Syntax No logging sendmail destination-email email-address22 Time Commands Time CommandsShow logging sendmail Syntax No sntp client Default Setting Sntp clientSntp server 4-70 sntp poll 4-71 show sntp Sntp serverSyntax Sntp server ip1 ip2 ip3 Sntp client 4-69 sntp poll 4-71 show sntp Sntp pollSyntax Sntp poll seconds no sntp poll Show sntp Sntp clientClock timezone NoneShow calendar This command displays the system clockCalendar set SyntaxShow startup-config System Status Commands23 System Status Commands Example Show running-config Related CommandsShow startup-config This command displays system information Show systemShow users Show versionFlash/File Commands 24 Flash/File CommandsCopy Privileged ExecCommand Usage Following example shows how to download a configuration file Command Line Interface Delete This command deletes a file or imageDir Delete public-key Dir This command displays a list of files in flash memorySyntax Dir unit boot-rom config opcode filename 25 File Directory InformationWhichboot Following example shows how to display all file informationSyntax Boot system unit boot-romconfig opcode filename Boot systemDir 4-87whichboot 26 PoE Commands Power over Ethernet CommandsCommand Group Function Mode Syntax Power mainpower maximum allocation watts unit unit Power mainpower maximum allocationPower inline compatible Syntax No power inline compatibleCompatible Mode Enabled Power inline maximum allocation Power inlineSyntax No power inline Default Setting Power inline priority LowEthernet Show power inline statusSyntax Show power inline status interface Unit Stack unit. Range Port Port number. Range28 show power mainpower parameters Show power mainpower27 show power inline status parameters Mainpower maximum allocation on29 Authentication Commands Authentication CommandsAuthentication Sequence 30 Authentication Sequence CommandAuthentication login LocalAuthentication enable Username for setting the local user names and passwords31 Radius Client Commands Radius ClientRetransmit Command Mode Default Setting Auth-portTimeout 5 seconds Radius-server hostSyntax Radius-server port portnumber no radius-server port Radius-server portRadius-server key 1812Radius-server timeout Radius-server retransmitShow radius-server Privileged ExecTacacs-server host 32 TACACS+ Client CommandsTACACS+ Client Hostipaddress IP address of a TACACS+ serverSyntax Tacacs-server port portnumber no tacacs-server port Tacacs-server portTacacs-server key Syntax Tacacs-server key keystring no tacacs-server keyPort Security Commands Show tacacs-serverInterface Configuration Ethernet 33 Port Security CommandsStatus Disabled Action None Maximum Addresses Port security109 802.1X Port Authentication 34 802.1X Port Authentication CommandsDot1x system-auth-control Dot1x defaultSyntax No dot1x system-auth-control Default Setting Dot1x max-reqDot1x port-control Default Command ModeDefault Force-authorizedDot1x operation-mode Single-hostSyntax Dot1x re-authenticate interface Dot1x re-authenticateDot1x re-authentication Syntax No dot1x re-authentication Command ModeDot1x timeout re-authperiod Dot1x timeout quiet-periodSeconds The number of seconds. Range Syntax Show dot1x statistics interface interface Dot1x timeout tx-periodShow dot1x Statistics Displays dot1x status for each port Interface117 Authenticator State Machine State- Current state including initialize, reauthenticateAccess Control List Commands Access Control ListsAccess Control List Commands 35 Access Control List Commands Masks for Access Control ListsCommand Groups Function 36 IP ACL Commands IP ACLsAccess-list ip Syntax No access-list ip standard extended aclnameAccess-list ip extended fragment-auto-mask Permit, deny Standard ACLPermit, deny Extended ACL Standard ACLNo permit deny tcp Extended ACL127 Syntax Show ip access-list standard extended aclname Show ip access-listThis command displays the rules for configured IP ACLs Permit, deny Ip access-group4-134Syntax No access-list ip mask-precedence in out Access-list ip mask-precedenceMask IP ACL 4-130 ip access-group4-134 Syntax No mask protocol IP Mask131 132 Show access-list ip mask-precedence Syntax Show access-list ip mask-precedence in outIp access-group Syntax No ip access-group aclname in outShow ip access-list4-128 Show ip access-groupMap access-list ip This command shows the ports assigned to IP ACLsSyntax Show map access-list ip interface Show map access-list ipQueue cos-map4-257 Show map access-list ip 37 Egress Queue Priority MappingMatch access-list ip Map access-list ipShow marking Match access-list ip38 MAC ACL Commands MAC ACLsAccess-list mac Syntax No access-list mac aclnamePermit, deny MAC ACL Syntax No permit denyMAC ACL Syntax Show mac access-list aclname Show mac access-listThis command displays the rules for configured MAC ACLs Permit, deny Mac access-group4-146Access-list mac mask-precedence Mask MAC ACL 4-144 mac access-group4-146Syntax No mask pktformat MAC Mask145 This example creates an Egress MAC ACLSyntax Show access-list mac mask-precedence in out Show access-list mac mask-precedenceMac access-group Syntax Mac access-group aclname in outShow mac access-list4-142 Show mac access-groupMap access-list mac This command shows the ports assigned to MAC ACLsSyntax Show map access-list mac interface Show map access-list macQueue cos-map4-257 Show map access-list mac 39 Mapping CoS Values to MAC ACL RulesMatch access-list mac Map access-list macACL Information Show access-list40 ACL Information This command shows the port assignments of ACLs Snmp CommandsShow access-group 41 Snmp CommandsSyntax No snmp-server Default Setting Snmp-serverShow snmp NoneSnmp-server contact Snmp-server communitySyntax Snmp-server contact string no snmp-server contact Snmp-server location Syntax Snmp-server location text no snmp-server location156 Snmp-server host157 158 Snmp-server enable traps Issue authentication and link-up-down trapsSnmp-server engine-id Snmp-server hostThis example shows the default engine ID This command shows the Snmp engine IDShow snmp engine-id Snmp-server view Defaultview includes access to the entire MIB tree42 show snmp engine-id display description Examples This command shows information on the Snmp viewsShow snmp view This view includes MIB-2164 Snmp-server groupCommand Usage Show snmp group166 44 show snmp group display descriptionDefault Setting Snmp-server user168 Show snmp user This command shows information on Snmp users45 show snmp user display description Interface Commands 46 Interface CommandsPort-channel channel-idRange InterfaceDescription Syntax Description string no descriptionSpeed-duplex Interface Configuration Ethernet, Port ChannelFollowing example adds a description to port Negotiation Syntax No negotiation Default SettingNegotiation 4-173capabilities Capabilities Following example configures port 11 to use autonegotiationNegotiation 4-173speed-duplex Flowcontrol Syntax No flowcontrol Default SettingFlow control enabled Negotiation 4-173speed-duplex4-172 flowcontrolAll interfaces are enabled Following example enables flow control on portSyntax No shutdown Default Setting ShutdownSwitchport broadcast packet-rate Following example disables portClear counters This command clears statistics on an interfacePort-channel channel-idRange Default Setting Syntax Clear counters interfaceSyntax Show interfaces status interface This command displays the status for an interfaceShow interfaces status Shows the status for all interfacesSyntax Show interfaces counters interface This command displays interface statisticsShow interfaces counters Shows the counters for all interfaces181 This example shows the configuration setting for port Show interfaces switchportSyntax Show interfaces switchport interface Shows all interfaces47 show interfaces switchport display description Field DescriptionInterface Configuration Ethernet, destination port Mirror Port Commands48 Mirror Port Commands Port monitorSyntax Show port monitor interface This command displays mirror informationShow port monitor Shows all sessionsFollowing shows mirroring configured from port 6 to port Rate Limit Commands49 Rate Limit Commands Interface Configuration Ethernet, Port Channel Rate-limitLink Aggregation Commands 50 Link Aggregation CommandsGuidelines for Creating Trunks General GuidelinesLacp Syntax no lacp Default SettingChannel-group Syntax Channel-group channel-idno channel-group191 Lacp system-priority 32768Lacp admin-keyEthernet Interface Lacp admin-key Port Channel Syntax Lacp admin-key key no lacp admin-keyDefault Setting Lacp port-priorityPort Channel all This command displays Lacp informationShow lacp 51 show lacp counters display description197 52 show lacp internal display descriptionPartner 199 53 show lacp neighbors display description55 Address Table Commands Address Table Commands54 show lacp sysid display description Mac-address- MAC address Mac-address-table staticVlan-id- Vlan ID Range Show mac-address-table Clear mac-address-table dynamicMac-address- MAC address Mask Bits to match in the address Mac-address-table aging-time Seconds56 Spanning Tree Commands Spanning Tree CommandsShow mac-address-table aging-time RSTP/MSTP Spanning tree is enabled Syntax No spanning-tree Default SettingSpanning-tree Spanning-tree mode Rstp208 Spanning-tree forward-timeSpanning-tree hello-time Seconds210 Spanning-tree max-ageSpanning-tree priority Spanning-tree default priorityIeee 802.1t format Spanning-tree pathcost method Long methodSpanning-tree transmission-limit This command limits the maximum transmission rate for BPDUsCount -The transmission limit in seconds. Range Spanning-tree mst-configuration Spanning-tree backup-rootSyntax No spanning-tree backup-root Default Setting MST Configuration Mst vlanMst priority Mst instanceid priority priority no mst instanceid prioritySyntax name name Switch’s MAC addressName Name Name of the spanning treeSyntax revision number RevisionMax-hops Number Revision number of the spanning tree. RangeSyntax No spanning-tree spanning-disabled Default Setting Spanning-tree spanning-disabledThis example disables the Spanning Tree Algorithm for port Spanning-tree cost Syntax Spanning-tree cost cost no spanning-tree costPriority The priority for a port. Range 0-240, in steps Spanning-tree port-prioritySpanning-tree edge-port Syntax No spanning-tree edge-portSyntax No spanning-tree portfast Default Setting Spanning-tree portfastSpanning-tree link-type Spanning-treeedge-port4-221Spanning-tree mst cost AutoSpanning-tree mst port-priority Spanning-tree mst port-priority4-225Spanning-tree protocol-migration Port-channel channel-idRange Command ModeSyntax Spanning-tree protocol-migration interface Show spanning-tree Syntax Show spanning-tree interface mst instanceid228 Show spanning-tree mst configuration 229Editing Vlan Groups Vlan Commands57 Vlan Commands Vlan databaseBy default only Vlan 1 exists and is active VlanVlan Database Configuration Configuring Vlan Interfaces59 Configuring Vlan Interfaces Syntax Interface vlan vlan-id Interface vlanShutdown Syntax Switchport mode trunk hybrid no switchport mode Switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types All frame typesSwitchport ingress-filtering Syntax No switchport ingress-filtering Default SettingSwitchport native vlan 237Switchport allowed vlan 238239 Switchport forbidden vlanNo VLANs are included in the forbidden list Show vlan 240Displaying Vlan Information 60 Displaying Vlan Information61 Private Vlan Commands Following example shows how to display information for Vlan241 242 243 Private-vlanPrivate-vlan association 244No private-vlan primary-vlan-idassociation 245 Switchport mode private-vlanNormal Vlan Switchport private-vlan mapping Switchport private-vlan host-association246 Show vlan private-vlan 247Syntax Show vlan private-vlan community primary 62 Gvrp and Bridge Extension Commands Gvrp and Bridge Extension Commands248 Bridge-ext gvrp Syntax No bridge-ext gvrp Default Setting249 Show bridge-extSyntax No switchport gvrp Default Setting Switchport gvrpShow gvrp configuration Syntax Show gvrp configuration interfaceShows both global and interface-specific configuration Garp timer251 Shows all Garp timers Show garp timerSyntax Show garp timer interface 25263 Priority Commands Priority Commands253 64 Priority Commands Layer Priority Commands LayerQueue mode Syntax Queue mode strict wrr no queue mode255 Queue bandwidthSwitchport priority default 256257 Queue cos-map65 Default CoS Priority Levels 258259 Show queue modeThis command shows the current queue mode Show queue bandwidth260 Priority Commands Layer 366 Priority Commands Layer 3 Show queue cos-mapSyntax No map ip port Default Setting 261Syntax No map ip precedence Default Setting 262263 List below shows the default priority mapping67 Mapping IP Precedence to CoS Values Syntax No map ip dscp Default Setting 264265 68 Mapping IP Dscp to CoS ValuesShow map ip port This command shows the IP port priority map266 Syntax Show map ip port interfaceShow map ip precedence This command shows the IP precedence priority map267 Syntax Show map ip precedence interfaceShow map ip dscp This command shows the IP Dscp priority map268 Syntax Show map ip dscp interface69 Multicast Filtering Commands Multicast Filtering CommandsIgmp Snooping Commands 70 Igmp Snooping Commands270 Syntax No ip igmp snooping Default SettingFollowing example enables Igmp snooping Ip igmp snoopingIp igmp snooping version Following configures the switch to use Igmp Version271 Igmp VersionShow ip igmp snooping 272Show mac-address-table multicast 273 Igmp Query Commands Layer71 Igmp Query Commands Layer Ip igmp snooping querierIp igmp snooping query-count 274Times 275 Following shows how to configure the query count toIp igmp snooping query-interval 276 Seconds The report delay advertised in Igmp queries. RangeIp igmp snooping query-max-response-time 277 Switch must use IGMPv2 for this command to take effectIp igmp snooping router-port-expire-time 278 Static Multicast Routing Commands72 Static Multicast Routing Commands Ip igmp snooping vlan mrouterShow ip igmp snooping mrouter Displays multicast router ports for all configured VLANs279 Syntax Show ip igmp snooping mrouter vlan vlan-id280 IP Interface Commands73 IP Interface Command Syntax Ip addressInterface Configuration Vlan 281282 Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Ip dhcp restart283 Show ip interfaceShow ip redirects This command has no default for the host284 Ping285 74 DNS Commands DNS Commands286 No static entries 287Ip host This example maps two address to a host nameIp domain-name 288Clear host Syntax Clear host nameIp domain-list 289Syntax No ip domain-list name Ip name-server 290Ip domain-name4-288 Ip domain-lookup Syntax No ip domain-lookup Default Setting291 Ip domain-name4-288 ip domain-lookup4-291Show hosts 292Ip domain-name4-288 ip name-server4-290 293 This command displays the configuration of the DNS serverThis command displays entries in the DNS cache Show dnsClear dns cache This command clears all entries in the DNS cache294 75 Show DNS Output DescriptionDhcp Client Port Configuration AuthenticationAccess Control Lists PoEPort Trunking Class of ServiceAdditional Features Spanning Tree ProtocolStandards SNMPv3Management Information Bases Table B-1 Troubleshooting Chart Problems Accessing the Management InterfaceSymptom Action Cannot access Using System Logs Troubleshooting Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Virtual LAN Vlan Glossary-8XModem Index Index-1Index-2 IgmpIndex-3 Index-4 Page For Technical SUPPORT, Call