Manuals / Brands / Computer Equipment / Switch / SMC Networks / Computer Equipment / Switch

SMC Networks SMC7816M, SMC7816VSW Configuring Port Security

1 962

Download 962 pages, 11.22 Mb

C

LIENT

S

ECURITY

7-2

This switch provides client security using the following options:

• Private VLANs – Provide port-based security and isolation between

ports within the assigned VLAN. (See “Configuring Private VLANs” on

page 13-18.)

• 802.1X – Use IEEE 802.1X port authentication to control access to

specific ports. (See “Configuring 802.1X Port Authentication” on

page 6-19.)

• Port Security – Configure secure addresses for individual ports.

• IP Source Guard – Filters IP traffic on unsecure ports for which the

source address cannot be identified via static source bindings nor DHCP

snooping.

• DHCP Snooping – Filters untrusted DHCP messages on unsecure ports

by building and maintaining a DHCP snooping binding table.

• Packet Filtering – Filters packets with specified IP/MAC addresses,

NetBIOS packets, and DHCP requests or replies.

Note: The priority of execution for the filtering commands is Port

Security, Packet Filtering, IP Source Guard, and then DHCP

Snooping.

Configuring Port Security

Port security is a feature that allows you to configure a switch port with

one or more device MAC addresses that are authorized to access the

network through that port.

When port security is enabled on a port, the switch stops learning new

MAC addresses on the specified port when it has reached a configured

maximum number. Only incoming traffic with source addresses already

stored in the dynamic or static address table will be accepted as authorized

to access the network through that port. If a device with an unauthorized

MAC address attempts to use the switch port, the intrusion will be

detected and the switch can automatically take action by disabling the port

and sending a trap message.

Contents

Main TigerAccess EE 6-Band VDSL2 Switch Management Guide Page Page Trademarks: W IMITED v ARRANTY vi vii ONTENTS 2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 C viii 4 Basic Management Tasks . . . . . . . . . . . . . . . . . . . . . . 4-1 5 Simple Network Management Protocol . . . . . . . . . . . 5-1 C ix 6 User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 7 Client Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Page C xi 13 VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . .13-1 14 Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Page C xiii 19 General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1 20 System Management Commands . . . . . . . . . . . . . . . .20-1 C xiv C xv 21 SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-1 22 User Authentication Commands . . . . . . . . . . . . . . . .22-1 C xvi C xvii 23 Client Security Commands . . . . . . . . . . . . . . . . . . . . .23-1 C xviii 24 Access Control List Commands . . . . . . . . . . . . . . . . . 24-1 25 Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . 25-1 Page C xx C xxi 30 Address Table Commands . . . . . . . . . . . . . . . . . . . . .30-1 C xxii 31 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . 31-1 32 VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-1 C xxiii 33 Class of Service Commands . . . . . . . . . . . . . . . . . . . .33-1 C xxiv 34 Quality of Service Commands . . . . . . . . . . . . . . . . . . 34-1 35 Multicast Filtering Commands . . . . . . . . . . . . . . . . . 35-1 C xxv 36 Domain Name Service Commands . . . . . . . . . . . . . . 36-1 Page Page Page xxix ABLES xxx xxxi xxxii xxxiii IGURES xxxiv xxxv xxxvi Page Page 1-1 NTRODUCTION Key Features K F 1-2 Table 1-1 Key Features (Continued) 1-3 Description of Software Features F S 1-4 1-5 F S 1-6 1-7 Page 1-9 System Defaults Table 1-2 System Defaults D 1-10 Table 1-2 System Defaults (Continued) 1-11 Table 1-2 System Defaults (Continued) Page NITIAL 2-1 Connecting to the Switch Configuration Options S 2-2 Required Connections C 2-3 C 2-4 Remote Connections Basic Configuration Console Connection C 2-5 Setting Passwords C 2-6 Setting an IP Address C 2-7 C 2-8 Manual Configuration C 2-9 Dynamic Configuration C 2-10 C 2-11 Enabling SNMP Management Access Community Strings (for SNMP version 1 and 2c clients) C 2-12 Trap Receivers C 2-13 Configuring Access for SNMP Version 3 Clients S F Managing System Files C 2-15 Saving Configuration Settings Page ECTION II M WITCH Page ONFIGURING THE 3-1 WITCH Using the Web Interface Page Navigating the Web Browser Interface Page I B W 3-5 S 3-6 I B W 3-7 S 3-8 I B W 3-9 S 3-10 I B W 3-11 S 3-12 I B W 3-13 Page 4-1 4 B T M ASIC ASKS Page S I 4-3 CLI Specify the hostname, location and contact information. M Displaying System Health Page M T ASIC ASKS 4-6 Displaying Hardware/Software Versions Page B C E 4-9 Displaying Bridge Extension Capabilities Page IP A S 4-11 Setting the Switchs IP Address Page IP A WITCH S THE M T 4-14 Using DHCP/BOOTP IP A S 4-15 M Configuring Support for Jumbo Frames F 4-17 Managing Firmware Page Page M T 4-20 Saving or Restoring Configuration Settings S C R 4-21 Page Page M T 4-24 Console Port Settings P S 4-25 M T Telnet Settings S 4-27 M T 4-28 E L Configuring Event Logging System Log Configuration M T 4-30 E L 4-31 Remote Log Configuration Page E L 4-33 Displaying Log Messages M T 4-34 Sending Simple Mail Transfer Protocol Alerts Page M T 4-36 Resetting the System C S 4-37 Setting the System Clock Configuring SNTP M T 4-38 Page Page Page N P M 5-2 5-3 Note: The predefined default groups and view can be deleted from the system. You can then define customized groups and views for the SNMP clients that require access. Table 5-1 SNMPv3 Security Models and Levels (Continued) Enabling the SNMP Agent Setting Community Access Strings Page N P M 5-6 Specifying Trap Managers and Trap Types T M 5-7 Page Page Configuring SNMPv3 Management Access SNMP A 5-11 Specifying a Remote Engine ID N P M 5-12 Configuring SNMPv3 Users Page Page SNMP A 5-15 Configuring Remote SNMPv3 Users Page Page N P M 5-18 Configuring SNMPv3 Groups SNMP A 5-19 Notify View The configured view for notifications. (Range: 1-64 characters) Table 5-2 Supported Notification Messages N P M 5-20 SNMP A 5-21 N P M 5-22 Page N P M 5-24 Setting SNMPv3 Views Page N P M ETWORK IMPLE 6 U A SER UTHENTICATION Configuring User Accounts A 6-2 L A L Configuring Local/Remote Logon Authentication A 6-4 L A L /R 6-5 A 6-6 HTTPS 6-7 Configuring HTTPS A 6-8 HTTPS 6-9 Replacing the Default Secure-site Certificate A 6-10 Configuring the Secure Shell S 6-11 A 6-12 S 6-13 Generating the Host Key Pair A 6-14 Page A 6-16 Configuring the SSH Server Page A SER 6-18 802.1X P A Configuring 802.1X Port Authentication A 6-20 802.1X P A 6-21 Displaying 802.1X Global Settings Page 802.1X P A 6-23 Configuring Port Settings for 802.1X A 6-24 802.1X P A 6-25 A 6-26 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Table 6-2 802.1X Statistics 802.1X P A Parameter Description 6-27 Figure 6-9 802.1X Port Statistics CLI This example displays the dot1x statistics for port 4. Filtering IP Addresses for Management Access Page Page LIENT 7-1 ECURITY S 7-2 Configuring Port Security P S 7-3 S 7-4 IP S G 7-5 Configuring IP Source Guard S 7-6 Page S 7-8 Configuring DHCP Snooping DHCP S 7-9 S 7-10 DHCP S 7-11 S 7-12 DHCP S I 7-13 Displaying DHCP Snooping Information Page P F 7-15 Configuring Packet Filtering Filtering Service Packets S 7-16 P F 7-17 S 7-18 Filtering IP/MAC Address Pairs Page Page CCESS ONTROL 8-1 ISTS Configuring Access Control Lists C L 8-2 A L C 8-3 Setting the ACL Name and Type Page Page C L 8-6 Page C L 8-8 Configuring a MAC ACL Page C L 8-10 Configuring ACL Masks Specifying the Mask Type A L C 8-11 Configuring an IP ACL Mask Page Page C L 8-14 Configuring a MAC ACL Mask Page C L 8-16 Binding a Port to an Access Control List Page Page 9-1 9 P C ORT Displaying Connection Status Field Attributes (Web) C 9-2 Field Attributes (CLI) Basic information: Configuration: C S 9-3 Current status: C Configuring Interface Connections I C 9-5 C 9-6 I C 9-7 C 9-8 Creating Trunk Groups T G 9-9 Statically Configuring a Trunk Page T G 9-11 Enabling LACP on Selected Ports C 9-12 T G 9-13 Configuring LACP Parameters Dynamically Creating a Port Channel C 9-14 Page C 9-16 T G 9-17 Displaying LACP Port Counters You can display statistics for LACP protocol messages. C 9-18 CLI The following example displays LACP counters for port channel 1. Displaying LACP Settings and Status for the Local Side Table 9-2 LACP Internal Configuration Information T G 9-19 Table 9-2 LACP Internal Configuration Information (Continued) C 9-20 T G 9-21 Displaying LACP Settings and Status for the Remote Side Table 9-3 LACP Neighbor Configuration Information C 9-22 B T S Setting Broadcast Storm Thresholds C 9-24 P M 9-25 Configuring Port Mirroring C 9-26 Configuring Rate Limits Page C 9-28 P S 9-29 Showing Port Statistics C 9-30 P S 9-31 C 9-32 Page Page P S HOWING TATISTICS 9-35 Page 10-1 10 VDSL C Configuring Global Settings for VDSL Ports 10-2 G VDSL P S 10-3 Page Page 10-6 I VDSL P S Configuring Interface Settings for VDSL Ports 10-8 I VDSL P S 10-9 10-10 I VDSL P S 10-11 Page Page Page Page 10-16 Configuring Line Profiles Page Page Page 10-20 VDSL S I 10-21 Displaying VDSL Status Information LRE Status Communication status of the VDSL line Table 10-1 LRE Status signal bands for the specified interface 10-22 LRE Rate Information Data Rates for the VDSL line Table 10-2 Rate Status Table 10-1 LRE Status (Continued) Page 10-24 CLI This example displays connection status and data rates for the selected VDSL port. VDSL P S Ethernet Receive Performance Counters Displaying VDSL Performance Statistics Error Statistics Table 10-3 Error Statistics Table 10-4 Ethernet Receive Performance Counters 10-26 Ethernet Transmit Performance Counters Table 10-5 Ethernet Transmit Performance Counters Table 10-4 Ethernet Receive Performance Counters (Continued) Page Page VDSL P S ERFORMANCE TATISTICS 10-29 Configuring an Alarm Profile P A 10-31 10-32 P A 10-33 Page Page 10-36 Displaying CPE Information CO Firmware Buffer Information CPE Firmware Versions Table 10-7 CPE Firmware Versions Table 10-8 CO Firmware Buffer Information CPE I 10-37 CPE Performance Counters Table 10-9 CPE Performance Counters Page Page 10-40 CLI This example displays information about the CPE attached to the selected VDSL port. OAM F CPE F U Configuring OAM Functions and Upgrading CPE Firmware 10-42 Page 10-44 DDRESS 11-1 ETTINGS Setting Static Addresses Displaying the Address Table Page T S 11-4 Changing the Aging Time PANNING REE 12-1 LGORITHM T A 12-2 12-3 T A 12-4 Displaying Global Settings G S 12-5 T A 12-6 G S CLI LOBAL 12-7 Configuring Global Settings G S 12-9 T A 12-10 Page Page I S 12-13 Displaying Interface Settings T A 12-14 Page T A 12-16 I S NTERFACE 12-17 CLI This example shows the STA attributes for port 5. Configuring Interface Settings I S 12-19 T A 12-20 Page T A 12-22 Configuring Multiple Spanning Trees Page T A LGORITHM 12-24 CLI This displays STA settings for instance 1, followed by settings for each port. Displaying Interface Settings for MSTP T A LGORITHM 12-26 I Configuring Interface Settings for MSTP T A 12-28 Page Page 13-1 13 VLAN C Selecting the VLAN Operation Mode 13-2 IEEE 802.1Q VLANs 13-3 13-4 13-5 13-6 Enabling or Disabling GVRP (Global Setting) 13-7 Displaying Basic VLAN Information 13-8 Displaying Current VLANs Command Attributes (Web) 13-9 Command Attributes (CLI) 13-10 Creating VLANs 13-11 13-12 Adding Static Members to VLANs (VLAN Index) 13-13 13-14 Adding Static Members to VLANs (Port Index) 13-15 Configuring VLAN Behavior for Interfaces 13-16 13-17 Configuring Private VLANs P VLAN 13-19 Configuring Uplink and Downlink Ports 13-20 Configuring Protocol-Based VLANs Page 13-22 Mapping Protocols to VLANs Page 13-24 Configuring IEEE 802.1Q Tunneling IEEE 802.1Q T 13-25 13-26 IEEE 802.1Q T 13-27 13-28 Page 13-30 Adding an Interface to a QinQ Tunnel Page 13-32 VLAN S 13-33 Configuring VLAN Swapping Page VLAN S WAPPING 13-35 Page LASS 14-1 Layer 2 Queue Settings Setting the Default Priority for Interfaces Page 2 Q S UEUE AYER 14-3 S 14-4 2 Q S UEUE AYER 14-5 S 14-6 Selecting the Queue Mode 2 Q S 14-7 Setting the Service Weight for Traffic Classes Page 3/4 P S 14-9 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Page Page S 14-12 3/4 P S 14-13 Mapping DSCP Priority S 14-14 Page S 14-16 Mapping IP Port Priority 3/4 P S 14-17 Page 15-1 15 Q S UALITY Configuring Quality of Service Parameters Q P S 15-3 S 15-4 Page S 15-6 Creating QoS Policies Q P S 15-7 S 15-8 Page S 15-10 Attaching a Policy Map to Ingress Queues Page Page ULTICAST 16-1 ILTERING F 16-2 Layer 2 IGMP (Snooping and Query) 2 IGMP (S Q 16-3 F 16-4 Configuring IGMP Snooping and Query Parameters 2 IGMP (S Q 16-5 F 16-6 Page F 16-8 Specifying Static Interfaces for a Multicast Router Page F 16-10 Page F 16-12 Page F 16-14 IGMP Filtering and Throttling Page F 16-16 Configuring IGMP Filter Profiles T 16-17 F 16-18 Configuring IGMP Filtering and Throttling for Interfaces T 16-19 F 16-20 Multicast VLAN Registration VLAN R 16-21 Configuring Global MVR Settings F 16-22 Page Page Page F 16-26 Configuring MVR Interfaces VLAN R 16-27 Page VLAN R 16-29 Page Page Page 17-1 17 D S AME N OMAIN N S 17-2 Page N S 17-4 Configuring Static DNS Host to Address Entries Page N S 17-6 Displaying the DNS Cache DNS C THE ACHE 17-7 Page ECTION III I INE L OMMAND Page Page I L C 18-2 Telnet Connection C 18-3 Entering Commands Keywords and Arguments Page C NTERING 18-5 Showing Commands Page C 18-7 Using Command History Understanding Command Modes Page C 18-9 I L C 18-10 Table 18-2 Configuration Command Modes C 18-11 Command Line Processing I Command Groups The system commands can be broken down into the functional groups shown below Table 18-4 Command Group Index Table 18-3 Keystroke Commands (Continued) G 18-13 Table 18-4 Command Group Index (Continued) Page 19-1 19 G C ENERAL Table 19-1 General Commands C 19-2 enable 19-3 disable configure C 19-4 show history 19-5 reload C 19-6 prompt end 19-7 exit quit Page YSTEM 20-1 Table 20-1 System Management Commands M C Device Designation Commands hostname S C 20-3 System Status Commands This section describes commands used to display system information. show startup-config Table 20-3 System Status Commands Page S C 20-5 Example show running-config (20-6) M C 20-6 show running-config S C 20-7 M C 20-8 show system S C 20-9 show users M C 20-10 show version show bme version S C Example 20-11 Example M C Example 20-12 show memory status System Mode Commands system mode M C 20-14 show system mode S Frame Size Commands jumbo frame M C 20-16 File Management Commands M C 20-17 copy M C 20-18 M C 20-19 M C 20-20 The following example shows how to copy the running configuratio n to a startup file. The following example shows how to download a configuration file: M C 20-21 Page M C 20-23 dir M C 20-24 whichboot M C 20-25 boot system M Line Commands Table 20-11 Line Commands C 20-27 line M C 20-28 login C 20-29 password M C 20-30 timeout login response C 20-31 exec-timeout M C 20-32 password-thresh C 20-33 silent-time databits M C 20-34 parity C 20-35 speed Page C 20-37 show line Page L C 20-39 Event Logging Commands logging on M C 20-40 logging history L C 20-41 logging host M C 20-42 logging facility L C 20-43 logging trap Page Page M C The following example displays settings for the trap function. 20-46 Table 20-14 show logging flash/ram - display description L C 20-47 show log M SMTP Alert Commands logging sendmail host SMTP A C 20-49 logging sendmail level M C 20-50 logging sendmail source-email logging sendmail destination-email Page Page C 20-53 Time Commands sntp client M C 20-54 sntp server C 20-55 sntp poll Page C 20-57 clock timezone M C 20-58 calendar set show calendar Page Page 21-1 21 SNMP C 21-2 snmp-server 21-3 show snmp 21-4 snmp-server community 21-5 snmp-server contact snmp-server location 21-6 snmp-server host 21-7 21-8 21-9 snmp-server enable traps 21-10 snmp-server engine-id 21-11 21-12 show snmp engine-id 21-13 snmp-server view 21-14 show snmp view 21-15 snmp-server group 21-16 show snmp group 21-17 Table 21-4 show snmp group - display description 21-18 snmp-server user 21-19 21-20 show snmp user This command shows information on SNMP users. Command Mode Example Table 21-5 show snmp user - display description 22 U A SER UTHENTICATION Table 22-1 Authentication Commands User Account Commands username A C 22-3 A C 22-4 enable password S Authentication Sequence authentication login A C 22-6 S 22-7 authentication enable A C RADIUS Client RADIUS C 22-9 radius-server host A C 22-10 radius-server port radius-server key RADIUS C 22-11 radius-server retransmit radius-server timeout A C 22-12 show radius-server TACACS+ C TACACS+ Client tacacs-server host A C 22-14 tacacs-server port tacacs-server key Web Server Commands Page S C 22-17 ip http secure-server A C 22-18 ip http secure-port Page A C 22-20 Telnet Server Commands ip telnet server S C 22-21 Secure Shell Commands Table 22-10 Secure Shell Commands A C 22-22 S C 22-23 A C 22-24 S C 22-25 ip ssh server A C 22-26 ip ssh timeout S C 22-27 ip ssh authentication-retries ip ssh server-key size Page S C 22-29 ip ssh crypto zeroize A C 22-30 ip ssh save host-key S C 22-31 show ip ssh show ssh A C 22-32 show public-key Table 22-11 show ssh - display description (Continued) S C 22-33 A C 802.1X Port Authentication Table 22-12 802.1X Port Authentication Commands A 22-35 dot1x system-auth-control dot1x default A C 22-36 dot1x max-req dot1x port-control A 22-37 dot1x operation-mode A C 22-38 dot1x re-authenticate A 22-39 dot1x re-authentication dot1x timeout quiet-period A C 22-40 dot1x timeout re-authperiod A 22-41 dot1x timeout tx-period show dot1x A C 22-42 A 22-43 A C SER 22-44 IP F Management IP Filter Commands management A C 22-46 show management IP F C ILTER 22-47 Page LIENT 23-1 ECURITY S C Port Security Commands S C 23-3 port security S C 23-4 F C Packet Filtering Commands filter ipmac S C 23-6 F C 23-7 filter netbios S C 23-8 filter dhcp-request F C 23-9 filter dhcp S C ECURITY LIENT 23-10 IP Source Guard Commands ip source-guard S C 23-12 G C 23-13 S C 23-14 ip source-guard binding G C 23-15 show ip source-guard Page C 23-17 DHCP Snooping Commands Table 23-5 DHCP Snooping Commands S C 23-18 ip dhcp snooping C 23-19 S C 23-20 ip dhcp snooping vlan C 23-21 ip dhcp snooping verify mac-address S C 23-22 ip dhcp snooping database write ip dhcp snooping service-provider-mode C 23-23 ip dhcp snooping client limit S C 23-24 ip dhcp snooping trust C 23-25 show ip dhcp snooping Page Page C L 24-2 IP ACLs Table 24-2 IP ACL Commands 24-3 access-list ip C L 24-4 permit, deny (Standard IP ACL) 24-5 permit, deny (Extended IP ACL) C L 24-6 24-7 show ip access-list C L 24-8 access-list ip mask-precedence 24-9 mask (IP ACL) C L 24-10 24-11 C IST L ONTROL CCESS 24-13 Page 24-15 show ip access-group C L 24-16 MAC ACLs Table 24-3 MAC ACL Commands 24-17 access-list mac C L 24-18 permit, deny (MAC ACL) 24-19 Page 24-21 mask (MAC ACL) Page 24-23 C L 24-24 show access-list mac mask-precedence 24-25 mac access-group Page ACL I 24-27 Example show access-group This command shows the port assignments of IP ACLs. Page 25-1 Table 25-1 Interface Commands C 25-2 interface 25-3 description speed-duplex C 25-4 25-5 negotiation C 25-6 capabilities 25-7 flowcontrol C 25-8 media-type 25-9 switchport mdix C 25-10 shutdown 25-11 switchport packet-rate C 25-12 clear counters Page C 25-14 show interfaces counters INTERFACES SHOW COUNTERS 25-15 C 25-16 show interfaces switchport 25-17 Table 25-2 show interfaces switchport - display description Page INK 26-1 GGREGATION A C 26-2 26-3 channel-group A C 26-4 lacp LACP 26-5 A C 26-6 lacp system-priority I (E 26-7 lacp admin-key (Ethernet Interface) A C 26-8 lacp admin-key (Port Channel) 26-9 lacp port-priority A C 26-10 show lacp 26-11 Table 26-2 show lacp counters - display description Table 26-3 show lacp internal - display description A C 26-12 Table 26-3 show lacp internal - display description (Continued) 26-13 Table 26-4 show lacp neighbors - display description A C GGREGATION INK 26-14 27 C ORT P IRROR P C 27-2 show port monitor 27-3 Page 28-1 28 R C IMIT L ATE L C 28-2 rate-limit 28-3 rate-limit trap-input L C 28-4 show rate-limit vlan 29-1 29 VDSL C Table 29-1 VDSL Commands 29-2 Long-Reach Ethernet Commands Table 29-2 Long-Reach Ethernet Commands E C 29-3 Table 29-2 Long-Reach Ethernet Commands (Continued) 29-4 lre band-plan E C 29-5 This example sets the band plan to 998-640-30000. show lre (29-79) 29-6 lre option-band E C 29-7 lre ham-band 29-8 E C 29-9 lre region-ham-band 29-10 E C 29-11 29-12 lre psd-breakpoints E C 29-13 lre psd-frequencies 29-14 E C 29-15 lre psd-value 29-16 lre psd-mask-level E C 29-17 29-18 lre pbo-config E C 29-19 lre upbo 29-20 E C 29-21 lre tone 29-22 lre max-power E C 29-23 lre min-protection 29-24 lre channel E C 29-25 lre interleave-max-delay 29-26 lre datarate E C 29-27 lre rate-set 29-28 lre noise-mgn target E C 29-29 lre noise-mgn min 29-30 lre shutdown lre reset E C 29-31 lre auto-retraining 29-32 lre retraining E C 29-33 lre rate-adaption 29-34 lre apply P C 29-35 Line Profile Commands Table 29-7 Line Profile Commands 29-36 line-profile P C 29-37 lre line-profile 29-38 band-plan P C 29-39 option-band 29-40 ham-band P C 29-41 region-ham-band 29-42 tone P C 29-43 max-power 29-44 min-protection P C 29-45 channel 29-46 down/up-max-inter-delay P C 29-47 down/up-fast/slow-max/min-datarate 29-48 down/up-target-noise-mgn P C 29-49 down/up-min-noise-mgn 29-50 P C 29-51 Alarm Profile Commands Table 29-8 Alarm Profile Commands 29-52 alarm-profile lre alarm-profile P C 29-53 init-failure 29-54 thresh-15min-ess P C 29-55 thresh-15min-lofs 29-56 thresh-15min-lols P C 29-57 thresh-15min-loss 29-58 thresh-15min-lprs P C 29-59 thresh-15min-sess 29-60 thresh-15min-uass VDSL I 29-61 Displaying VDSL Information Table 29-9 Commands for Displaying VDSL Information 29-62 show lre band-plan This command displays the frequency bands used for VDSL signals. Table 29-9 Commands for Displaying VDSL Information (Continued) VDSL I 29-63 show lre option-band 29-64 show lre ham-band VDSL I 29-65 show lre region-ham-band 29-66 VDSL I 29-67 show lre psd 29-68 show lre psd-mask-level VDSL I 29-69 show lre pbo-config 29-70 show lre upbo VDSL I 29-71 show lre tone 29-72 show lre interleave-max-delay VDSL I 29-73 show lre datarate 29-74 show lre noise-mgn VDSL I 29-75 show lre rate-adaption 29-76 show lre config VDSL I 29-77 show lre line-profile 29-78 show lre alarm-profile VDSL I 29-79 show lre 29-80 show lre phys-info VDSL I 29-81 show lre rate-info 29-82 show lre perf VDSL I 29-83 Table 29-13 show lre phys-info - display description 29-84 Table 29-13 show lre phys-info - display description (Continued) VDSL I 29-85 Table 29-13 show lre phys-info - display description (Continued) 29-86 CPE Configuration oam local clear counter 29-87 efm remote eeprom-write copy tftp firmware 29-88 29-89 29-90 oam remote upgrade firmware oam remote firmware active 29-91 show cpe-info 29-92 Table 29-15 show cpe-info - display description DDRESS 30-1 Table 30-1 Address Table Commands T C 30-2 mac-address-table static Page T C 30-4 show mac-address-table 30-5 mac-address-table aging-time Page PANNING REE 31-1 Table 31-1 Spanning Tree Commands T C 31-2 Table 31-1 Spanning Tree Commands (Continued) 31-3 spanning-tree T C 31-4 spanning-tree mode 31-5 spanning-tree forward-time T C 31-6 spanning-tree hello-time 31-7 spanning-tree max-age T C 31-8 spanning-tree priority 31-9 spanning-tree pathcost method T C 31-10 spanning-tree transmission-limit spanning-tree mst-configuration 31-11 mst vlan T C 31-12 mst priority 31-13 name T C 31-14 revision max-hops 31-15 spanning-tree spanning-disabled T C 31-16 spanning-tree cost 31-17 T C 31-18 spanning-tree port-priority spanning-tree edge-port 31-19 spanning-tree portfast T C 31-20 31-21 spanning-tree link-type T C 31-22 spanning-tree mst cost 31-23 spanning-tree mst port-priority T C 31-24 spanning-tree protocol-migration 31-25 show spanning-tree T C 31-26 Page Page 32-1 32 VLAN C Table 32-1 VLAN Commands 32-2 GVRP and Bridge Extension Commands bridge-ext gvrp GVRP C E B 32-3 32-4 switchport gvrp show gvrp configuration GVRP C E B 32-5 32-6 show garp timer VLAN G 32-7 Editing VLAN Groups vlan database 32-8 VLAN I 32-9 Related Commands show vlan (32-16) Configuring VLAN Interfaces interface vlan 32-10 switchport mode VLAN I 32-11 switchport acceptable-frame-types 32-12 switchport ingress-filtering VLAN I 32-13 switchport native vlan 32-14 switchport allowed vlan VLAN I 32-15 switchport forbidden vlan 32-16 Displaying VLAN Information show vlan P VLAN 32-17 Configuring Private VLANs pvlan 32-18 P VLAN This example shows the information displayed a group is defined. RIVATE 32-19 32-20 Configuring Protocol-based VLANs P VLAN 32-21 protocol-vlan protocol-group (Configuring Groups) 32-22 protocol-vlan protocol-group (Configuring Interfaces) Page 32-24 show interfaces protocol-vlan protocol-group IEEE 802.1Q T 32-25 Configuring IEEE 802.1Q Tunneling 32-26 qinq priority map IEEE 802.1Q T 32-27 switchport mode dot1q-tunnel 32-28 show dot1q-tunnel IEEE 802.1Q T 32-29 switchport dot1q-ethertype 32-30 Configuring VLAN Swapping VLAN S 32-31 switchport vlan swap 32-32 show vlan-swap Page Page LASS 33-1 Priority Commands (Layer 2) C S 33-2 priority bits C (L 2) 33-3 queue mode C S 33-4 show priority Page C S 33-6 C (L 2) 33-7 queue bandwidth C S 33-8 queue cos-map C (L 2) 33-9 show queue bandwidth C S 33-10 show queue cos-map C 3 (L 4) 33-11 Page Page C S 33-14 map ip precedence (Interface Configuration) Page C S 33-16 map ip dscp (Interface Configuration) C 3 (L 4) 33-17 C S 33-18 show map ip port C 3 (L 4) 33-19 C S 33-20 show map ip dscp 34 Q S UALITY Table 34-1 Quality of Service Commands C S 34-2 34-3 class-map C S 34-4 match 34-5 C S 34-6 policy-map 34-7 class C S 34-8 set 34-9 police C S 34-10 service-policy 34-11 show class-map C S 34-12 show policy-map Page Page ULTICAST 35-1 ILTERING Table 35-1 Multicast Filtering Commands F C 35-2 IGMP Snooping Commands ip igmp snooping IGMP S C 35-3 ip igmp snooping vlan static F C 35-4 ip igmp snooping version IGMP S C 35-5 ip igmp snooping immediate-leave F C 35-6 show ip igmp snooping show mac-address-table multicast C 35-7 IGMP Query Commands F C 35-8 ip igmp snooping querier ip igmp snooping query-count C 35-9 ip igmp snooping query-interval F C 35-10 ip igmp snooping query-max-response-time C 35-11 ip igmp snooping router-port-expire-time F C 35-12 Static Multicast Routing Commands ip igmp snooping vlan mrouter Page F C 35-14 IGMP Filtering and Throttling Commands Table 35-5 IGMP Filtering and Throttling Commands Page F C 35-16 ip igmp profile permit, deny C T 35-17 range F C 35-18 ip igmp filter (Interface Configuration) ip igmp max-groups C T 35-19 ip igmp max-groups action F C 35-20 show ip igmp filter C T 35-21 show ip igmp profile F C 35-22 show ip igmp throttle interface VLAN R C 35-23 Multicast VLAN Registration Commands F C 35-24 mvr (Global Configuration) VLAN R C 35-25 F C 35-26 mvr (Interface Configuration) VLAN R C 35-27 F C 35-28 mvr immediate VLAN R C 35-29 show mvr F C 35-30 Example The following shows the global MVR settings: Table 35-7 show mvr - display description VLAN R C 35-31 The following displays information about the interfaces attached to the MVR VLAN: Table 35-8 show mvr interface - display description F C 35-32 Table 35-9 show mvr members - display description 36-1 36 D S AME N OMAIN Page 36-3 clear host N C S 36-4 ip domain-name 36-5 ip domain-list N C S 36-6 ip name-server 36-7 ip domain-lookup N C S 36-8 show hosts 36-9 show dns show dns cache Page 37-1 37 DHCP C DHCP Client ip dhcp restart client 37-2 DHCP Relay 37-3 ip dhcp relay server 37-4 ip dhcp information option 37-5 37-6 ip dhcp information policy 37-7 show ip dhcp relay server Page 38-1 38 IP I C Basic IP Configuration C 38-2 ip address IP C 38-3 ip default-gateway C 38-4 show ip interface show ip redirects IP C 38-5 ping C NTERFACE 38-6 Example Related Commands interface (25-2) Page Page PPENDIX OFTWARE A-1 PECIFICATIONS Software Features S A-2 F A-3 Management Features Standards S A-4 Management Information Bases I B A-5 Page PPENDIX B-1 B ROUBLESHOOTING Problems Accessing the Management Interface B-2 S L B-3 Using System Logs Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 Glossary-9 Glossary-10 NDEX Numerics A B C E F G H I J L M P Q R S T U V W