SMC Networks SMC8612XL3 F 1.0.1.3 A, 3-57

U

SER

A

UTHENTICATION

3-57

intrusion will be detected and the switch can automatically take action by

disabling the port and sending a trap message.

To use port security, first allow the switch to dynamically learn the <source

MAC address, VLAN> pair for frames received on a port for an initial

training period, and then enable port security to stop address learning. Be

sure you enable the learning function long enough to ensure that all valid

VLAN members have been registered on the selected port. Note that you

can also restrict the maximum number of addresses that can be learned by

a port.

To add new VLAN members at a later time, you can manually add secure

addresses with the Static Address Table (page3-122), or turn off port

security to reenable the learning function long enough for new VLAN

members

to be registered. Learning may then be disabled again, if desired,

for security.

Command Usage

• A secure port has the following restrictions:

- Cannot use port monitoring.

- Cannot be a multi-VLAN port.

- It cannot be used as a member of a static or dynamic trunk .

- It should not be connected to a network interconnection device.

• If a port is disabled (shut down) due to a security violation, it must be

manually re-enabled from the Port/Port Configuration page

(page 3-93).

Command Attributes

•Port – Port number.

•Name – Descriptive text (page 3-2).

•Action – Indicates the action to be taken when a port security violation

is detected:

-None: No action should be taken. (This is the default.)

-Trap: Send an SNMP trap message.

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Management Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi vii ONTENTS Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1 Chapter 2: Initial Configuration . . . . . . . . . . . . . . . . . . . . . 2-1 Chapter 3: Configuring the Switch . . . . . . . . . . . . . . . . . . . 3-1 viii ix x xi xii Chapter 4: Command Line Interface . . . . . . . . . . . . . . . . . . 4-1 xiii xiv xv xvi xvii xviii xix xx xxi xxii xxiii xxiv Page Page 1-1 NTRODUCTION Key Features 1-2 F S 1-3 Description of Software Features 1-4 F S 1-5 1-6 F S 1-7 1-8 Page 1-10 System Defaults D 1-11 1-12 ARP D 1-13 Page NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 S 2-3 Required Connections Page C 2-5 Remote Connections Basic Configuration Console Connection C 2-6 Setting Passwords C 2-7 Setting an IP Address Manual Configuration C 2-8 Dynamic Configuration C 2-9 C 2-10 Enabling SNMP Management Access Community Strings C 2-11 Trap Receivers C 2-12 Saving Configuration Settings S F Managing System Files Page ONFIGURING THE 3-1 WITCH Using the Web Interface Page Navigating the Web Browser Interface Page I B W 3-5 S 3-6 I B W 3-7 S 3-8 I B W 3-9 S 3-10 I B W 3-11 S 3-12 I B W 3-13 Basic Configuration Displaying System Information Page S 3-16 Displaying Switch Hardware/Software Versions Page S 3-18 Displaying Bridge Extension Capabilities C 3-19 S 3-20 Setting the Switchs IP Address C 3-21 Manual Configuration Page C 3-23 S 3-24 Managing Firmware Downloading System Software from a Server Page S 3-26 Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server C 3-27 S 3-28 Configuring Event Logging System Log Configuration C 3-29 S 3-30 Remote Log Configuration Page S 3-32 Displaying Log Messages C 3-33 Resetting the System Setting the System Clock S 3-34 Configuring SNTP C 3-35 Setting the Time Zone S Simple Network Management Protocol Page Page Page Page N P M 3-41 Filtering Addresses for SNMP Client Access User Authentication A 3-43 Configuring the Logon Password S 3-44 Configuring Local/Remote Logon Authentication A 3-45 S 3-46 A SER UTHENTICATION 3-47 CLI Specify all the required parameters to enable logon authenticatio n. S 3-48 Configuring HTTPS A 3-49 Replacing the Default Secure-site Certificate S 3-50 Configuring the Secure Shell A 3-51 S 3-52 A 3-53 Generating the Host Key Pair S 3-54 A 3-55 Configuring the SSH Server S 3-56 Configuring Port Security A 3-57 Page Page S 3-60 Configuring 802.1x Port Authentication A 3-61 Displaying 802.1x Global Settings S 3-62 A SER UTHENTICATION 3-63 S 3-64 Configuring 802.1x Global Settings A 3-65 Configuring Port Authorization Mode Page A 3-67 Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Page A 3-69 Filtering Management Access S 3-70 Page S 3-72 Access Control Lists Configuring Access Control Lists C L 3-73 Setting the ACL Name and Type S 3-74 Configuring a Standard IP ACL C L 3-75 Configuring an Extended IP ACL S 3-76 Page S 3-78 Configuring a MAC ACL Page Page Page S 3-82 Configuring an IP ACL Mask Page Page C L 3-85 Configuring a MAC ACL Mask Page C L 3-87 Binding a Port to an Access Control List Page C 3-89 Port Configuration Displaying Connection Status S 3-90 C 3-91 S 3-92 mode. Flow control type Indicates the type of flow control currently in use. (IEEE 802.3x, Back-Pressure or none) C 3-93 Configuring Interface Connections S 3-94 C ORT 3-95 CLI Select the interface, and then enter the required settings. S 3-96 Creating Trunk Groups C } 3-97 Statically Configuring a Trunk Page C } 3-99 Enabling LACP on Selected Ports } Page C 3-101 Configuring LACP Parameters S 3-102 Page S Counter Information 3-104 Displaying LACP Port Counters C 3-105 CLI The following example displays LACP counters for port channel 1. Page C 3-107 S 3-108 Displaying LACP Settings and Status for the Remote Side C 3-109 S 3-110 C 3-111 Setting Broadcast Storm Thresholds S 3-112 C 3-113 Configuring Port Mirroring Page Page Page C 3-117 S 3-118 C 3-119 S 3-120 Page S 3-122 Address Table Settings Setting Static Addresses Page Page Page S 3-126 Spanning Tree Algorithm Configuration T C A 3-127 x x S 3-128 T C A 3-129 Page T C A 3-131 Configuring Global Settings S 3-132 T C A 3-133 Page Page S 3-136 Displaying Interface Settings T C A 3-137 x S x 3-138 T C A 3-139 S 3-140 Configuring Interface Settings T C A 3-141 S 3-142 Page Page T C LGORITHM A 3-145 Page T C LGORITHM A 3-147 S 3-148 Configuring Interface Settings for MSTP T C A 3-149 VLAN Configuration Overview 3-151 Assigning Ports to VLANs S 3-152 3-153 Forwarding Tagged/Untagged Frames Page 3-155 Displaying Current VLANs Page Page S 3-158 Creating VLANs 3-159 Adding Static Members to VLANs (VLAN Index) S 3-160 3-161 Adding Static Members to VLANs (Port Index) Page 3-163 Configuring VLAN Behavior for Interfaces S 3-164 3-165 Page 3-167 Configuring Private VLANs x Enabling Private VLANs S 3-168 Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs 3-169 Configuring Protocol Groups S 3-170 Mapping Protocols to VLANs 3-171 S 3-172 Class of Service Configuration Setting the Default Priority for Interfaces C ERVICE S OF S 3-174 Mapping CoS Values to Egress Queues C ERVICE S OF Page Page S 3-178 CLI The following example shows how to assign WRR weights to each of the priority queues. Page Page Page S 3-182 C S 3-183 Mapping DSCP Priority S 3-184 Page Page Page S 3-188 Changing Priorities Based on ACL Rules Page S 3-190 Multicast Filtering F 3-191 IGMP Protocol S 3-192 Layer 2 IGMP (Snooping and Query) F 3-193 Configuring IGMP Snooping and Query Parameters S 3-194 F 3-195 Displaying Interfaces Attached to a Multicast Router S 3-196 Specifying Static Interfaces for a Multicast Router F 3-197 Page F 3-199 Assigning Ports to Multicast Services S 3-200 Layer 3 IGMP (Query used with Multicast Routing) F ( 3-201 Configuring IGMP Interface Parameters S 3-202 F 3-203 S 3-204 CLI This example configures the IGMP parameters for VLAN 1. F 3-205 Displaying Multicast Group Information Configuring Domain Name Service D S N 3-207 Page D S N 3-209 Configuring Static DNS Host to Address Entries Page Page Page H P C 3-213 Dynamic Host Configuration Protocol S 3-214 Configuring DHCP Relay Service Page S 3-216 Enabling the Server, Setting Excluded Addresses Page S 3-218 H P C 3-219 Page Page Page H P C 3-223 Displaying Address Bindings Page R 3-225 Configuring Router Redundancy S 3-226 Several virtual master routers using the same set of backup routers. Virtual Router Redundancy Protocol R 3-227 Configuring VRRP Groups S 3-228 Page S 3-230 R 3-231 Page Page S 3-234 Displaying VRRP Global Statistics R 3-235 Displaying VRRP Group Statistics S 3-236 R 3-237 Hot Standby Router Protocol S 3-238 Configuring HSRP Groups R 3-239 S 3-240 R 3-241 S 3-242 Page Page R CLI OUTER EDUNDANCY 3-245 IP Routing Overview Initial Configuration 3-247 IP Switching S 3-248 3-249 Routing Path Management Routing Protocols S 3-250 Basic IP Interface Configuration 3-251 S 3-252 Configuring IP Routing Interfaces Page Page 3-255 Address Resolution Protocol S 3-256 Proxy ARP Basic ARP Configuration 3-257 Configuring Static ARP Addresses S 3-258 Displaying Dynamically Learned ARP Entries 3-259 S 3-260 Displaying Local ARP Entries 3-261 Displaying ARP Statistics S Parameter Description 3-262 Web - Click IP, ARP, Statistics. 3-263 Displaying Statistics for IP Protocols IP Statistics S 3-264 3-265 ICMP Statistics S 3-266 3-267 UDP Statistics S 3-268 TCP Statistics 3-269 Configuring Static Routes Page 3-271 Displaying the Routing Table Page 3-273 Configuring the Routing Information Protocol S 3-274 Configuring General Protocol Settings 3-275 S 3-276 Specifying Network Interfaces for RIP 3-277 Configuring Network Interfaces for RIP S 3-278 3-279 S 3-280 3-281 Displaying RIP Information and Statistics S 3-282 Page S 3-284 3-285 Configuring the Open Shortest Path First Protocol S 3-286 3-287 Configuring General Protocol Settings S 3-288 3-289 Page 3-291 Configuring OSPF Areas S 3-292 3-293 Page 3-295 Configuring Area Ranges (Route Summarization for ABRs) Page 3-297 Configuring OSPF Interfaces S 3-298 3-299 S 3-300 3-301 Page 3-303 Configuring Virtual Links Page 3-305 Configuring Network Area Addresses Page Page S 3-308 Configuring Summary Addresses (for External AS Routes) Page S 3-310 Redistributing External Routes 3-311 Configuring NSSA Settings S 3-312 3-313 Displaying Link State Database Information S 3-314 3-315 Page 3-317 Displaying Information on Neighbor Routers S 3-318 R 3-319 Multicast Routing Configuring Global Settings for Multicast Routing Page R 3-321 Displaying the Multicast Routing Table Page R 3-323 Configuring DVMRP S 3-324 Configuring Global DVMRP Settings Page Page R 3-327 S 3-328 R 3-329 Configuring DVMRP Interface Settings S 3-330 R 3-331 Displaying Neighbor Information S 3-332 R 3-333 Displaying the Routing Table S 3-334 Configuring PIM-DM R 3-335 Configuring Global PIM-DM Settings S 3-336 Configuring PIM-DM Interface Settings R 3-337 Page R 3-339 Displaying Interface Information S 3-340 Displaying Neighbor Information Page Page 4-1 4 I INE L OMMAND L I 4-2 Telnet Connection Page Entering Commands Page L I 4-6 Showing Commands If you enter a ? at the command prompt, the system will display the first level of Page L I 4-8 Understanding Command Modes Exec Commands C 4-9 Configuration Commands L I 4-10 C 4-11 L I 4-12 Command Line Processing G Command Groups The system commands can be broken down into the functional groups shown below L I 4-14 C 4-15 Line Commands L I 4-16 C 4-17 L I 4-18 C 4-19 L I 4-20 C 4-21 L I 4-22 C 4-23 L I 4-24 C 4-25 L I 4-26 C 4-27 General Commands L I 4-28 C 4-29 L I 4-30 C 4-31 L I 4-32 M C System Management Commands L I 4-34 Device Designation Commands prompt M C 4-35 User Access Commands username L I 4-36 M C 4-37 enable password L I 4-38 IP Filter Commands management M C 4-39 show management L I 4-40 M C 4-41 Web Server Commands ip http port L I 4-42 ip http server ip http secure-server M C 4-43 L I 4-44 ip http secure-port M C 4-45 Secure Shell Commands L I 4-46 M C 4-47 L I 4-48 ip ssh server M C 4-49 ip ssh timeout L I 4-50 ip ssh authentication-retries M C 4-51 ip ssh server-key size delete public-key L I 4-52 ip ssh crypto host-key generate M C 4-53 ip ssh crypto zeroize L I 4-54 ip ssh save host-key show ip ssh Page L I 4-56 show public-key M C 4-57 L I 4-58 Event Logging Commands logging on Page L I 4-60 logging host M C 4-61 logging facility L I 4-62 logging trap clear logging M C 4-63 show logging L I 4-64 M C 4-65 The following example displays settings for the trap function. Related Commands show logging sendmail (3-70) L I 4-66 logging sendmail host M C 4-67 logging sendmail level L I 4-68 logging sendmail source-email logging sendmail destination-email M C 4-69 logging sendmail L I 4-70 show logging sendmail Time Commands M C 4-71 sntp client L I 4-72 sntp server M C 4-73 sntp poll L I 4-74 sntp broadcast client M C 4-75 show sntp clock timezone L I 4-76 calendar set Page L I 4-78 System Status Commands show startup-config M C 4-79 show running-config L I 4-80 M C ANAGEMENT YSTEM 4-81 L I 4-82 show system M C 4-83 show users show version L I 4-84 Frame Size Commands jumbo frame Flash/File Commands L I 4-86 C 4-87 L I 4-88 C 4-89 L I 4-90 C 4-91 L I 4-92 Authentication Commands C 4-93 Authentication Sequence authentication login L I 4-94 RADIUS Client C 4-95 radius-server host radius-server port L I 4-96 radius-server key radius-server retransmit C 4-97 radius-server timeout show radius-server L I 4-98 TACACS+ Client tacacs-server host C 4-99 tacacs-server port tacacs-server key L I 4-100 show tacacs-server C 4-101 Port Security Commands port security L I 4-102 Page L I 4-104 802.1x Port Authentication authentication dot1x default C 4-105 dot1x default dot1x max-req L I 4-106 dot1x port-control C 4-107 dot1x operation-mode dot1x re-authenticate L I 4-108 dot1x re-authentication dot1x timeout quiet-period C 4-109 dot1x timeout re-authperiod dot1x timeout tx-period L I 4-110 show dot1x C 4-111 L I 4-112 - State Current state (including initialize, reauthenticate). C Access Control List Commands L I 4-114 C IP ACLs L 4-115 L I 4-116 access-list ip C L 4-117 permit, deny (Standard ACL) L I 4-118 permit, deny (Extended ACL) C L 4-119 L I 4-120 C L 4-121 show ip access-list access-list ip mask-precedence L I 4-122 mask (IP ACL) C L 4-123 L I 4-124 C IST L ONTROL CCESS L I 4-126 show access-list ip mask-precedence C L 4-127 ip access-group L I 4-128 show ip access-group map access-list ip C L 4-129 show map access-list ip L I 4-130 match access-list ip C L 4-131 show marking Page C L 4-133 MAC ACLs access-list mac L I 4-134 permit, deny (MAC ACL) C L 4-135 L I 4-136 show mac access-list C L 4-137 access-list mac mask-precedence L I 4-138 mask (MAC ACL) Page L I 4-140 C L 4-141 show access-list mac mask-precedence L I 4-142 mac access-group C L 4-143 show mac access-group map access-list mac L I 4-144 show map access-list mac C L 4-145 match access-list mac L I 4-146 ACL Information show access-list SNMP Commands L I 4-148 4-149 L I 4-150 4-151 L I 4-152 4-153 L I 4-154 4-155 DHCP Commands DHCP Client ip dhcp client-identifier L I 4-156 ip dhcp restart client 4-157 DHCP Relay ip dhcp restart relay L I 4-158 ip dhcp relay server 4-159 L I 4-160 DHCP Server 4-161 service dhcp ip dhcp excluded-address L I 4-162 ip dhcp pool 4-163 network L I 4-164 default-router 4-165 domain-name dns-server L I 4-166 next-server 4-167 bootfile netbios-name-server L I 4-168 netbios-node-type Page L I 4-170 lease host Page L I 4-172 client-identifier 4-173 hardware-address L I 4-174 clear ip dhcp binding 4-175 show ip dhcp binding L I 4-176 DNS Commands 4-177 ip host L I 4-178 clear host ip domain-name 4-179 ip domain-list L I 4-180 4-181 ip name-server L I 4-182 ip domain-lookup 4-183 show hosts L I 4-184 show dns show dns cache 4-185 clear dns cache Page C -1 Interface Commands -2 C -3 -4 C -5 -6 C -7 -8 C -9 -10 C -11 -12 C -13 -14 C -15 -16 Mirror Port Commands P C -17 -18 Rate Limit Commands L C -19 -20 Link Aggregation Commands A C -21 -22 A C -23 -24 A C -25 -26 A C -27 -28 A C -29 -30 A C -31 -32 T C -33 Address Table Commands -34 T C -35 -36 T C -37 -38 Spanning Tree Commands T C -39 -40 T C -41 -42 T C -43 -44 T C -45 -46 T C -47 -48 T C -49 -50 T C -51 -52 T C -53 -54 VLAN Commands Editing VLAN Groups vlan database -55 vlan -56 -57 Configuring VLAN Interfaces interface vlan -58 switchport mode -59 switchport acceptable-frame-types -60 switchport ingress-filtering -61 switchport native vlan -62 switchport allowed vlan -63 switchport forbidden vlan -64 Displaying VLAN Information show vlan -65 Configuring Protocol-based VLANs -66 protocol-vlan protocol-group (Configuring Groups) -67 protocol-vlan protocol-group (Configuring Interfaces) -68 show protocol-vlan protocol-group -69 show interfaces protocol-vlan protocol-group -70 Configuring Private VLANs pvlan GVRP C GVRP and Bridge Extension Commands -72 bridge-ext gvrp GVRP C E B -73 -74 show gvrp configuration GVRP C E B -75 -76 show garp timer Priority Commands -78 Priority Commands (Layer 2) switchport priority default C -79 -80 queue mode C -81 queue bandwidth queue cos-map -82 C -83 show queue mode -84 show queue bandwidth show queue cos-map C -85 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) -86 C -87 map ip port (Interface Configuration) -88 map ip precedence (Global Configuration) map ip precedence (Interface Configuration) C -89 map ip dscp (Global Configuration) -90 map ip dscp (Interface Configuration) C -91 show map ip port -92 show map ip precedence C -93 show map ip dscp -94 F C -95 Multicast Filtering Commands -96 IGMP Snooping Commands ip igmp snooping ip igmp snooping vlan static F C -97 ip igmp snooping version -98 show ip igmp snooping F C -99 show mac-address-table multicast -100 IGMP Query Commands (Layer 2) ip igmp snooping querier F C -101 ip igmp snooping query-count -102 ip igmp snooping query-interval ip igmp snooping query-max-response-time F C -103 -104 ip igmp snooping router-port-expire-time F C -105 Static Multicast Routing Commands ip igmp snooping vlan mrouter -106 show ip igmp snooping mrouter F C -107 IGMP Commands (Layer 3) ip igmp -108 ip igmp robustval F C -109 ip igmp query-interval -110 ip igmp max-resp-interval F C -111 ip igmp last-memb-query-interval -112 ip igmp version F C -113 show ip igmp interface clear ip igmp group -114 show ip igmp groups F C -115 -116 IP Interface Commands Basic IP Configuration ip address C -117 -118 ip default-gateway C -119 show ip interface -120 show ip redirects ping C -121 -122 Address Resolution Protocol (ARP) arp C -123 arp-timeout -124 clear arp-cache show arp C -125 ip proxy-arp -126 IP Routing Commands C -127 Global Routing Configuration ip routing -128 ip route C -129 clear ip route show ip route -130 show ip traffic C Routing Information Protocol (RIP) -131 -132 router rip C -133 timers basic -134 network C -135 neighbor version -136 C -137 ip rip receive version -138 ip rip send version C -139 ip split-horizon -140 ip rip authentication key C -141 ip rip authentication mode -142 show rip globals C -143 show ip rip -144 Open Shortest Path First (OSPF) C -145 -146 router ospf C -147 router-id -148 compatible rfc1583 C -149 default-information originate -150 timers spf C -151 area range -152 area default-cost C -153 summary-address -154 redistribute C -155 network area -156 area stub C -157 -158 area nssa C -159 -160 area virtual-link C -161 -162 C -163 ip ospf authentication -164 ip ospf authentication-key C -165 ip ospf message-digest-key -166 ip ospf cost ip ospf dead-interval C -167 ip ospf hello-interval -168 ip ospf priority C -169 ip ospf retransmit-interval ip ospf transmit-delay -170 show ip ospf C -171 show ip ospf border-routers -172 show ip ospf database C -173 -174 The following shows output when using the asbr-summary keyword. C -175 The following shows output when using the database-summary keyword. -176 The following shows output when using the external keyword. C The following shows output when using the network keyword. -177 -178 The following shows output when using the router keyword. C -179 -180 The following shows output when using the summary keyword. C -181 show ip ospf interface -182 show ip ospf neighbor C -183 show ip ospf summary-address -184 show ip ospf virtual-links Multicast Routing Commands R C -185 Static Multicast Routing Commands ip igmp snooping vlan mrouter -186 show ip igmp snooping mrouter R C -187 General Multicast Routing Commands ip multicast-routing -188 show ip mroute R C -189 This example shows detailed multicast information for a specified group/ source pair -190 This example lists all entries in the multicast table in summary form: R C -191 DVMRP Multicast Routing Commands router dvmrp -192 probe-interval R C -193 nbr-timeout -194 report-interval flash-update-interval R C -195 prune-lifetime -196 default-gateway R C -197 ip dvmrp -198 ip dvmrp metric clear ip dvmrp route R C -199 show router dvmrp -200 The default settings are shown in the following example: DMVRP routes are shown in the following example: show ip dvmrp route Use this command to display all entries in the DVMRP routing table. Command Mode R C Example -201 show ip dvmrp neighbor -202 show ip dvmrp interface PIM-DM Multicast Routing Commands R C -203 router pim -204 ip pim dense-mode R C -205 ip pim hello-interval -206 ip pim hello-holdtime ip pim trigger-hello-interval R C -207 ip pim join-prune-holdtime -208 ip pim graft-retry-interval R C -209 ip pim max-graft-retries show router pim -210 show ip pim interface show ip pim neighbor R C Router Redundancy Commands -212 Virtual Router Redundancy Protocol Commands vrrp ip R C -213 -214 vrrp authentication R C -215 vrrp priority -216 vrrp timers advertise R C -217 vrrp preempt -218 show vrrp R C -219 This example displays the full listing of status information for all groups. -220 show vrrp interface R C -221 -222 show vrrp router counters show vrrp interface counters R C -223 clear vrrp router counters clear vrrp interface counters Page R C -225 Hot Standby Router Protocol Commands standby ip -226 R C -227 standby priority -228 standby preempt R C -229 -230 standby authentication R C -231 standby timers -232 standby track R C -233 -234 show standby R C -235 -236 This example displays the brief listing of status information for all groups. R C -237 show standby interface -238 This example displays the full listing of status information for VLAN 1. PPENDIX OFTWARE -1 PECIFICATIONS -2 -3 -4 Page Page PPENDIX B-1 B T ROUBLESHOOTING Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 Page Page NDEX Index-1 Symbols Numerics A E F G H I J L M O Index-4 P Q R S Index-5 T U V Index-6 W